BGP Sherif Summary

CONFIGURING
BGP ON CISCO ROUTERS
BGP Summary

Prepared by: Sherif Mokhtar
CCIE# 26013

Version Control:
Version 1: Created February 2010
Version 2: Edited April 2012
BGP Summary

Prepared by: Sherif Mokhtar – CCIE# 26013
Email: sherifmokhtar@hotmail.com
Introducing BGP, Why BGP
Routing protocols could be categorized as:
1- Interior Gateway Protocol (IGP)
2- Exterior Gateway Protocol (EGP)
 IGP routing protocols don’t advertise routing tables, they advertise link states. The
distribution list affects the routing table not the link state data base.
 The Border Gateway Protocol (BGP) allows you to create loop free interdomain routing
between autonomous systems [An autonomous system is a set of routers under a single
technical administration]
 Routers in an AS can use multiple interior gateway protocols (IGP) to exchange routing
information inside the AS and an exterior gateway protocol to route packets outside the
AS.
 BGP is a distance vector protocol with enhancements (Path vector):

o Reliable updates  Use TCP (port 179) as a transport protocol
o Triggered updates only (Batched)
o Rich metric (Attributes)
 The main function of BGP is to export the internal learned routes to the internet or to
import the outside learned routes to the AS. So, IGP protocol should be configured in
the autonomous system because the BGP works on top of the IGP.
 IGP is used in any BGP environment for the following purposes:

o To learn the internal networks.
o To reach the BGP neighbor.
o To reach the next hop of the BGP routes.
Why BGP?
 Scalable: Can carry routes of huge networks and internet
 Batched updates.
 Slow convergence: Neighbor is considered down after a hold down interval of 180
seconds (3 minutes).
 Rich Metric: We can use any of BGP attributes to determine which path/link we can use,
not only the cost.
 Security:
o Neighbors are manually configured on both routers
[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013
o MD5 authentication
o Send unicast traffic.
o The source IP address of incoming connection attempts is verified against a list of
configured neighbors.
 Reliable protocol: Use TCP to build neighborship between peers.
When to use BGP? Who should use BGP?

 Multi-homed customer: Customer connected to more than one SP (Multi-homed
customer must use 1)Public AS no. and 2)A provider independent IP address space)
 Service provider networks (Transit AS)
 SP’s exchanging traffic at an exchange point (Internet)
 Customer need full internet routing table or partial update from certain prefixes
 Network cores of large enterprise
Business Requirements for Multihomed BGP Networks:

1. Some customers need redundant Internet access for their mission-critical applications.
2. Full redundancy is achieved only by connecting to two independent service providers.
Note 1: Single-homed customer can use BGP with the SP in the below cases:
1. Customer multi-homed to the same provider.
2. Customer needs a dynamic routing protocol with the SP to detect failures.
In all other cases, use static routes.
Note 2:
 AS number can be any number between 1–65535. This is the full range of AS numbers
that can be used in BGP
 This AS range is divided into Private AS range and Public AS range (Like IP addresses):
o Private AS numbers: From 64512 to 65535. Any number of private AS range
can be used in private networks. Private AS numbers are never propagated onto
the public Internet.
o Public AS numbers: From 1 to 64511. This is used in routing Autonomous
systems in the Internet (Like public IP addresses)
 Public AS number is assigned by an Internet registry (American Registry for Internet

Numbers [ARIN]: www.arin.net or Réseaux IP Européens [RIPE]: www.ripe.net),

 Only one BGP routing process per router is allowed.
 Router that is running BGP is only allowed to be assigned to only one AS.
BGP characteristics:
o Designed to route IP traffic through AS
o Designed to scale to huge Internetworks
o Currently in version 4
o By default, BGP finds the best path to a network using the best AS-path
o Routing policies are configure using BGP attributes
o It converges slowly. Batch (triggered) updates send once every 5 seconds for
iBGP peers and one every 30 seconds for eBGP peers.
o Uses TCP as its transport protocol (port 179)
How Does BGP Work? (Establishing BGP session between 2 neighbors)

1- Configure BGP neighbor manually on each router.
2- BGP Establishing TCP session on port 179. Each neighbor builds his own TCP session
but then one of them is terminated and keeps only one session with the higher router ID.
3- Exchanging open message. The open message contains the following information:
 Router ID
 BGP Version
 AS Number
 Timers (Hold Time Interval)
 Optional Parameters:
o Capabilities
o Authentication (Message Digest 5):
To produce MD5 message you have to configure password on both BGP

neighbors using neighbor IP Address password string. When any BGP
message sent to the BGP neighbor, this message processed together with the
configured password in a hashing process. The result of the hashing is MD5
message. Both the MD5 (hash) and the BGP message sent to the neighbor.

Since the neighbor has the same password, it makes a reverse hashing
process to the MD5 message using the same password. If the result of the
reverse hashing is the same as the sent BGP message, then the message
accepted.
4- Establishing the BGP session.

5- BGP tables exchanged (best routes only).
6- BGP session maintained by keep alive messages.
7- Patched incremented updates will be exchanged only when there is a change in the BGP
table. These patched updates are exchanged at least every 5 seconds for IBGP session and
every 30 seconds for EBGP sessions.
BGP neighbor relationship (BGP states):

 Neighbors are manually configured
 Neighbors starts in IDLE state ( If the state remains idle, this means that no route to
destination)
 1st stage: Active (if the state remains active, this means that there is no route back to my
route OR there is AS mismatch between peers OR there is filters applies OR BGP is not
configured in one of the routers)
 2nd stage: Open sent
 3rd stage: Open confirmed
 4th stage: Established
Commands to watch the states: debug ip tcp transactions
debug ip bgp events
BGP packet Types:

1. Open message  To exchange the parameters between BGP neighbors
2. Updates  EBGP every 30 seconds
IBGP every 5 seconds
3. Notification  In response to errors

 TCP session between neighbors will be terminated
4. Keepalive (Hello messages)  sent every 60 seconds and used to maintain the TCP
session between peers.

Note: Hello messages (Keepalive packets) are sent once every 60 seconds and hold down every
180 seconds (If BGP neighbor is down, its neighbor will know that it is down after 3 minutes)
BGP Tables:
 BGP neighbor table ( show ip bgp summary)  Contains list of all neighbors
 BGP table ( show ip bgp)  Contains all updates received from neighbors
 Routing table ( show ip route)  Contains the best path
Processing BGP routes:
 After a BGP session is established, routing updates start to arrive. All inbound
updates are placed into the BGP table (debug ip bgp update).
 When there is more than one way to reach a particular network, the local router
selects one of those as the best based on BGP selection criteria (Discussed later)
 A local router propagates only the route that it selected as best to the neighbors.
However, the router never sends a route back on the same BGP session upon which it
was received.
 The best BGP routes are copied into the IP routing table based on administrative
distance.

Notes:
 Only the best BGP routes are installed in the BGP routing table.
 Only the best BGP routes are advertised to other BGP neighbors.
 If the next hop for a BGP route unreachable, then the BGP route will be excluded from
the BGP route selection process.
 Keepalive interval value is not communicated in the BGP Open message.
The Golden Rule of BGP:

BGP does not enable one AS to send traffic to a neighbor AS intending that the traffic
take a different route from that taken by traffic originating in the neighbor AS (My
neighbor AS will not tell my AS how to route my traffic)
BGP route injection:

1. Using Network command
2. Using redistribution
3. Using conditional route injection
1. Network Command:
 The format of the network command follows:

network network-number [mask network-mask]
 The network command controls what networks are originated by this box. This is a
different concept from what you are used to configuring with IGRP and RIP. With this
command we are not trying to run BGP on a certain interface, rather we are trying to
indicate to BGP what networks it should originate from this box. The mask portion is
used because BGP4 can handle subnetting and supernetting. A maximum of 200 entries
of the network command are accepted.
 The network command will work if the network you are trying to advertise is
known to the router, whether connected, static or learned dynamically.
Example:
router bgp 1
network 192.213.0.0 mask 255.255.0.0
ip route 192.213.0.0 255.255.0.0 null 0
Note that we need the static route to get the router to generate 192.213.0.0 because the static
route will put a matching entry in the routing table. This is because network 192.213.0.0 is not
existing in the routing table, so we add a static route pointing to null in order to put this network
in routing table, then we can advertise it using BGP network command.

2. Redistribution:
The network command is one way to advertise your networks via BGP. Another way is to
redistribute your IGP (IGRP, OSPF, RIP, EIGRP, etc.) into BGP. This sounds scary because now
you are dumping all of your internal routes into BGP, some of these routes might have been
learned via BGP and you do not need to send them out again. Careful filtering should be applied
to make sure you are sending to the internet only routes that you want to advertise and not
everything you have.
Redistributed routes carry origin attribute ‘incomplete’
BGP summarization
1. BGP auto summarization
 Automatic summarization is enabled by default.

 Enable automatic summarization when:
– Summarization of IGP-to-BGP redistributed routes to major network boundary
required
– Using classful network command to summarize subnets to a major network
boundary
 Disable automatic summarization when:
– Summarization on IGP-to-BGP redistribution not desired
– Using classless variant of the network command
2. BGP manual summarization (Aggregation)
When using the aggregate-address command without the summary-only statement, both the
summarized network and the specific routes will be advertised. To only advertise the
summarized routes, use the summary-only statement. (Example: aggregate-address 10.16.0.0
255.255.0.0 summary-only)
Note: When automatic or manual summarization takes place, the routing protocol automatically
adds a static route with null 0 interface pointing to the summarized network in the routing table.
Benefits of sending only the aggregate address without the specific subnets:
• Smaller BGP routing tables
• More stable internetworks (less route flapping)
Drawback of sending only the aggregate address without the specific subnets:
• Problems with multihomed customers

Configuring, monitoring and Troubleshooting BGP:
Configuration:
R1
router bgp 1  Enables BGP process globally (R1 is in AS#1)

no auto-summary  Disabling auto-summarizatin
no sync  Disabling synchronization
bgp router-id X.X.X.X  Configuring BGP router ID
neighbor Y.Y.Y.Y remote-as 1  Configuring IBGP neighbor using loopback
(same AS). Note: Loopback must be reachable
through IGP.
neighbor Y.Y.Y.Y update source loopback0  Used to to tell BGP neighbor that it is using a
loopback
neighbor Y.Y.Y.Y remote-as 2  Configuring EBGP neighbor
neighbor Y.Y.Y.Y ebgp-multihop  Used if eBGP neighbor is not directly
connected, or neighborship is built on loopback
not directly connected interface.
neighbor Y.Y.Y.Y password Cisco  Enables MD5 authentication on a specific
BGP session.
neighbor Y.Y.Y.Y shutdown  Disables communication with a BGP
neighbor
neighbor Y.Y.Y.Y timers keepalive holdtime  Changes the default value of BGP timers to
certain neighbor
timers bgp keepalive holdtime  Changes the default values of BGP timers
per BGP process.
Network X.X.X.X mask Z.Z.Z.Z  Used in advertising networks in BGP.
Network should be learned via IGP in order
BGP advertise it. Mask is normal mask not wild
card.

Monitoring:
Show ip bgp summary  Displays BGP neighbors and the
state of communication with them and if prefixes is received
from them or not
Show ip bgp neighbors  Displays the neighbor table

Show ip bgp neighbors 10.1.1.1  Displays detailed neighbor information
Show ip bgp  Displays the bgp table
Show ip bgp 10.1.1.1  Displays detailed information about all paths for a single
prefix

Debugging:
debug ip tcp transactions  Displays all TCP transactions (start of session, session errors,
etc.)
debug ip bgp events  Displays significant BGP events (neighbor state transitions,
update runs)
debug ip bgp keepalives Debugs BGP keepalive packets
debug ip bgp updates Displays all incoming or outgoing BGP updates (Use with
caution)

Transit AS
IBGP is used if an AS wants to act as a transit system to other ASs. You might ask, why can’t we
do the same thing by learning via EBGP redistributing into IGP and then redistributing again into
another AS? We can, but IBGP offers more flexibility and more efficient ways to exchange
information within an AS; for example IBGP provides us with ways to control what is the best
exit point out of the AS by using local preference.
So we will build and IBGP session between router A and router D and send the updates through
this IBGP session
BGP Split Horizon Rule
 IBGP split horizon rule states that any IBGP received update should not be sent to
any other IBGP peer.
 IBGP split horizon is enabled and can’t be disabled.
 IBGP split horizon is a routing loop prevention mechanism for IBGP sessions.
 To overcome the BGP discontinuity problem which results from IBGP split horizon,
one of the following solutions should be used:
 Full mesh BGP setup with border routers.
 Route Reflectors.
 Confederations

IBGP Full mesh
 Full mesh of IBGP sessions has to be established between all BGP-speaking routers in
the AS for proper IBGP route propagation.
 The IBGP full mesh is a logical mesh of TCP sessions only; physical full mesh is not
required.
BGP & Loopbacks

Using a loopback interface to define neighbors is commonly used with IBGP rather than EBGP.
Normally the loopback interface is used to make sure that the IP address of the neighbor stays up
and is independent of an interface that might be flaky.
If the IP address of a loopback interface is used in the neighbor command, some extra
configuration needs to be done on the neighbor router. The neighbor router needs to tell BGP
that it is using a loopback interface rather than a physical interface to initiate the BGP neighbor
TCP connection. The command used to indicate a loopback interface is:
neighbor X.X.X.X update-source interface
EBGP multi-hop
In some special cases, there could be a requirement for EBGP speakers to be not directly
connected (OR EBGP is built using loopback interfaces instead of directly connected interfaces).
In this case EBGP multi-hop is used to allow the neighbor connection to be established between
two non directly connected external peers. The multi-hop is used only for external BGP and not
for internal BGP.
neighbor X.X.X.X ebgp-multihop

IBGP next hop processing & Next-hop Self
The next-hop attribute is not changed on IBGP updates, meaning that when the border router
forwards the BGP update on IBGP sessions, the next-hop address is still set to the IP address of
the far end of the EBGP session. Therefore, the receiver of IBGP updates will see the next-hop
information indicating a destination that is not directly connected. To resolve this problem, the
router will check its routing table and see if and how it can reach the next-hop address. But the
next-hop is not reachable in the transit AS routers, So it will drop the traffic.
To solve the next hop unreachability problem for EBGP routes:

 Advertise the network of the external links of the border routers in the used IGP
protocol inside the As. And use the passive interface command on the external
links.
 Redistribute the external links’ networks of the border routers into the local AS
IGP protocol (use route maps).
 Use next-hop-self with IBGP neighbors. So that router A will set it self as the
next hop.

BGP Synchronization
Before we discuss synchronization let us look at the following scenario. RTC in AS300 is
sending updates about 170.10.0.0. RTA and RTB are running IBGP, so RTB will get the update
and will be able to reach 170.10.0.0 via next hop 2.2.2.1 (remember that the next hop is carried
via IBGP). In order to reach the next hop, RTB will have to send the traffic to RTE. Assume that
RTA has not redistributed network 170.10.0.0 into IGP, so at
this point RTE has no idea that 170.10.0.0 even exists. If RTB starts advertising to AS400 that he
can reach 170.10.0.0 then traffic coming from RTD to RTB with destination 170.10.0.0 will flow
in and get dropped at RTE.
Synchronization states: If your autonomous system is passing traffic from another AS to a third
AS, BGP should not advertise a route before all routers in your AS have learned about the route
via IGP. BGP will wait until IGP has propagated the route within the AS and then will advertise
it to external peers. This is called synchronization.
In some cases you do not need synchronization. If you will not be passing traffic from a different
autonomous system through your AS, or if all routers in your AS will be running BGP, you can
disable synchronization. Disabling this feature can allow you to carry fewer routes in your IGP
and allow BGP to converge more quickly.
Disabling synchronization is not automatic, if you have all your routers in the AS running BGP
and you are not running any IGP, the router has no way of knowing that, and your router will be
waiting forever for an IGP update about a certain route before sending it to external peers. You
have to disable synchronization manually in this case for routing to work correctly.
Notes:
 Network designers used to use synchronization in older transit AS designs that relied on
BGP route redistribution into the IGP.
 Modern AS designs don’t rely on synchronization anymore because the number of routes
carried in the internet exceeds the scalability range of any known IGP. So, redistribution
BGP into IGP is no longer applicable and the synchronization should be disabled.

Packet Forwarding in a Transit AS
 Routes learned via BGP do not have an outgoing interface associated with them in the
routing table.
 Recursive lookup is performed to forward IP packets toward external destinations.
 A BGP route is installed in the IP routing table of a router only if the IP address in the
next-hop attribute is reachable according to the information already in the routing table
 Traditional Cisco IOS software switching mechanisms perform recursive lookup when
forwarding the first packet.
o Fast switching, optimum switching.
 CEF precomputes the routing table.
o All recursive lookups are performed while the routing table is built

Notes (Again):
 The main function of BGP is to export the internal learned routes to the internet or to
import the outside learned routes to the AS. So, IGP protocol should be configured in
the autonomous system because the BGP works on top of the IGP.
 IGP is used in any BGP environment for the following purposes:

o To learn the internal networks.
o To reach the BGP neighbor.
o To reach the next hop of the BGP routes.
 BGP carries external and customer routes.

 The IGP carries only core subnets.
 The IGP is not affected by external route flaps.
 BGP is not affected by failures internal to the network as long as the BGP next hop
remains reachable.
 The only link between BGP and the IGP should be the recursive lookup
Common IBGP Problems

Symptom  IBGP session does not start.
Diagnosis IBGP session is run between loopbacks and update-source keyword is missing.
Verification  Use debug ip tcp transactions. You should see BGP sessions coming from
unexpected IP addresses.

Diagnosis  Loopback interfaces are not reachable.
Verification  Do extended ping between loopback addresses to verify reachability.

Diagnosis  Packet filters prevent establishment of BGP sessions.
Verification  Use debug ip tcp transactions and debug ip icmp to see whether the initial TCP SYN
packets are rejected.
Symptom An IBGP route is in the BGP table but is never selected as the best route.
Diagnosis  The BGP next hop is not reachable.
Verification  Use show ip bgp prefix to find the BGP next hop.
Use show ip route to verify next-hop reachability.
Symptom  An IBGP route is selected as the best route but not entered into the IP
routing table.
Diagnosis  BGP synchronization is not disabled.
Verification  Disable BGP synchronization, clear the BGP sessions, and re-examine the IP
routing table after the BGP table becomes stable.

Note:
Command: distance bgp external internal local
 This command sets the AD for EBGP, IBGP, and local routes.
 This change applies only to routes received after the command has been entered (similar
to filters).
 Defaults: EBGP routes have a distance of 20; IBGP and local routes have a distance of
200.
IBGP EBGP
Neighbors in the same Neighbors in different

AS AS’s
Neighbors Directly As default, neighbor Neighbors should be
connected? must not be directly directly connected
connected
How neighborship is Neighborship (peering) Neighborship (peering)
built? is built using loopbacks is built using physical
with update source directly connected
(Loopbacks should be interfaces address.
reachable through IGP) (If needed to be be built
using loopback, then
required:
 Routing protocol
between
neighbors for
loopback
reachability.
 Ebgp multi-hop
command as the
EBGP neighbors
are now not
directly
connected)
AD AD = 200 AD = 20
Next-Hop changed? If sending updates to If sending updates to

IBGP neighbor, next hop EBGP neighbor, next
is not changed hop is changed to the
local router.
Attributes changed? No BGP attributes are BGP attributes might be
changed changed

Multipath BGP Load Sharing
IBGP:
The router chooses one IBGP path as the best path. The best path is then installed in the IP
routing table of the router.
The IBGP multipath load-sharing feature enables the BGP-speaking router to select multiple
IBGP paths as the best paths to a destination. The best paths, or multipaths, are then installed in
the IP routing table of the router.
For multiple paths to the same destination to be considered as multipaths, the following criteria
must be met:
 All attributes must be the same. The attributes include weight, local preference, AS path
(entire attribute and not just length), origin code, multi-exit discriminator (MED), and
IGP distance.
 The next hop router for each multipath must be different.
On router2 configure: maximum-paths ibgp maximum-number(from 1-6)
EBGP:
RTA#
int loopback 0

ip address 150.10.1.1 255.255.255.0
router bgp 100
neighbor 160.10.1.1 remote-as 200
neighbor 160.10.1.1 ebgp-multihop
neighbor 160.10.1.1 update-source loopback 0
network 150.10.0.0
ip route 160.10.0.0 255.255.0.0 1.1.1.2  Load sharing is done using static
routes
ip route 160.10.0.0 255.255.0.0 2.2.2.2
RTB#
int loopback 0
ip address 160.10.1.1 255.255.255.0
router bgp 200
neighbor 150.10.1.1 update-source loopback 0
neighbor 150.10.1.1 ebgp-multihop
network 160.10.0.0
ip route 150.10.0.0 255.255.0.0 1.1.1.1
ip route 150.10.0.0 255.255.0.0 2.2.2.1
The above example illustrates the use of loopback interfaces, update-source and ebgp-multihop.
This is a workaround in order to achieve load balancing between two EBGP speakers over
parallel serial lines. In normal situations, BGP will pick one of the lines to send packets on and
load balancing would not take place. By introducing loopback interfaces, the next hop for EBGP
will be the loopback interface. Static routes (it could be some IGP also) are used to introduce two
equal cost paths to reach the destination. RTA will have two choices to reach next hop
160.10.1.1: one via 1.1.1.2 and the other one via 2.2.2.2 and the same for RTB.
We can also load share the traffic in EBGP using command:

maximum-paths maximum-number(from 1-6)
Good Troubleshooting commands:
Show ip bgp neighbor X.X.X.X advertised-routes  Displays all the routes that the router has
advertised to the neighbor
Show ip bgp neighbor X.X.X.X received-routes  Displays all the received routes (Both
accepted and rejected) from the specified
neighbor
Show ip bgp neighbor X.X.X.X routes  Displays all the router that are received and
accepted.

BGP Policies (Filtering BGP Updates)
Implementing routing policy means changing the default behavior of the routing.
1. AS Path Filter (Filter List)
 Cisco IOS deals with the AS-Path as a string. For the IOS to know the beginning,
the end and other specification of the string, the string should have delimiters
(markers).
 IOS uses Regular Expression as a tool to mach the AS-Path.
 The following are some common used delimiters:
 ^ : Start of the string
 $ : End of the string
 . : Any single character
 _ : Space
 * : Repeated zero or more times
 ? : Repeated zero or one times
 + : Repeated once or more times
 [] : Range of characters
 - : Used to specify range (i.e. [0-9] )
 ( ) : Logical grouping
Example:
o BGP routes which pass through (via) AS# 23 are represented by reg-exp _23_
o BGP routes which are generated in AS# 100 are represented by reg-exp _100$

o BGP routes which are received from AS# 23 are represented by reg-exp ^23_
o BGP routes which are originated in and received from AS# 100 are reg-exp ^100$
How to configure Filter List?

1) Create the AS-Path access list:
ip as-path access-list <1- 99> permit/deny -100$
2) Apply the filter list on BGP neighbor:

neighbor <ip address> filter-list 40 in/out
3) Activate the filter list on a BGP session:

clear ip bgp <ip address> soft in/out
Some commonly used regular expressions include:
Expression Meaning
.* Anything
^$ Locally originated routes (Generated in
local AS)
^100_ Learned from AS 100
_100$ Originated in AS 100
^[0-9]+$ Directly connected ASes
Exercises:
1- Create a filter to prevent AS from acting as a transit AS.
ip as-path access-list 5 permit ^$
neighbor <ip address> filter-list 5 out
-------------------------------------------------------------------------------------------------------------------
2- Accept only BGP routes originated in your directly connected autonomous system.
ip as-path access-list 7 permit ^([0-9]+)(_\1)*$
neighbor <ip address> filter-list 7 in
-------------------------------------------------------------------------------------------------------------------
3- Accept all BGP routes.
ip as-path access-list 10 permit .*

4- Accept BGP routes originated in autonomous systems that are directly connected to AS#
64000 (You are directly connected to AS# 64000)
ip as-path access-list 15 permit ^64000_[0-9]+$
-------------------------------------------------------------------------------------------------------------------
5-
block updates about 160.10.0.0 from going to AS100
RTC#
router bgp 300
neighbor 2.2.2.2 filter-list 1 out
ip as-path access-list 1 deny ^200$
ip as-path access-list 1 permit .*  permit any
Monitoring AS-Path Filters
Monitoring AS Path filters
show ip as-path-access-list [filter list]  Displays one or all filter-lists

show ip bgp filter-list access-list-number  Displays all routes in the BGP table permitted by the
specified AS-path access-list
show ip bgp filter-list access-list-number  Displays all routes in the BGP table matching
regularexpression in one or all filter-lists
show ip bgp regexp  will show us all the path that has matched the
configured regular expression.

2. Prefix List
 Prefix list filters the routes based on:

 Prefix (Network ID)
 Prefix Length (Subnet Mask)
 Greater flexibility; can match on subnet masks.
 More user-friendly CLI.
 You can have more than one statement for the same prefix list.
 You can add or delete any statement in the previously configured prefix list.
 Prefix list statements have sequence numbers.
 Prefix list statements sequenced, by default, in step of 5.
 Key access-list features are preserved.

– Filtering using “permit” or “deny”
– Order dependency (first match wins)
– Security-focused: no match means “deny”
 The matching mechanism has changed.
 Matches routes in a part of address space with subnet mask longer or shorter than
a set number
 Configuration:
ip prefix-list list-name [seq seq] {permit|deny} network/len [ge value] [le value]
Examples:
 ip prefix-list MyList permit 172.16.0.0/16

o All the 32 bits should be matched.
o The prefix length should be 16
o 172.16.1.0/24 will be denied.
 ip prefix-list MyList permit 172.16.0.0/16 le 32

o Only the first 16 bits should be matched.
o The prefix length could be any number less than or equal 32.
o 172.16.0.0/16 will be permitted.

 ip prefix-list MyList permit 172.16.0.0/16 ge 24
o Only the first 16 bits should be matched.
o The prefix length could be any number grater than or equal 24.
o 172.16.0.0/16 will be denied.
 ip prefix-list A permit 0.0.0.0/0 ge 32  All host routes (Host means /32 subnets)
 ip prefix-list B permit 128.0.0.0/2 ge 17  Any subnet in Class B address space
 ip prefix-list C permit 0.0.0.0/0 le 32  All routes (permit any)
 ip prefix-list D permit 0.0.0.0/0  Default route
 ip prefix-list E permit 0.0.0.0/1 le 24  Any prefix in class A address space
covering at least 256 addresses
0.0.0.0/1  Class A
128.0.0.0/2  Class B
192.0.0.0/3  Class C
 Private range:
10.0.0.0  10.255.255.255  10.0.0.0/8 le 32
172.16.0.0  172.31.255.255  172.16.0.0/12 le 32
192.168.0.0  192.168.255.255  192.168.0.0/16 le 32
 Network Classes:
o Class A: 0.0.0.0  127.255.255.255
 Classful class A: 0.0.0.0/1 ge 8 le 8
 Classless class A: 0.0.0.0/1 le 32
o Class B: 128.0.0.0  191.255.255.255
 Classful class B: 128.0.0.0/2 ge 16 le 16
 Classless class B: 128.0.0.0/2 ge 17
o Class C: 192.0.0.0  223.255.255.255
 Classful class C: 192.0.0.0/3 ge 24 le 24
 Classless class C: 192.0.0.0/3 le 32
 Multicast range:
224.0.0.0  239.255.255.255  224.0.0.0/4 le 32
Configuration:
ip prefix-list list-name [seq seq] {permit|deny} network/len [ge value] [le value]
neighbor {ip-address|peer-group-name} prefix-list prefix-listname {in|out}

3. Route maps
The route maps could be used as:
 Filters
 Set (change) attributes for all users.
 Set (change) attributes for selected users.
Why Use Route-Maps as BGP Filters?

 Some scenarios require complex filters.
– Filters on IP prefixes coming from specific AS number
– Filters on other BGP attributes
 In some cases, network administrators even need to modify BGP attributes.
 Route-maps provide a solution to both requirements.
Route Map Content Application

Match + Set Change (set) BGP attributes for selected routes (the
matched routes).
No Match + Set Change (set) BGP attributes for all routes.
Match + No Set Filter the routes (permit or deny)
Route-map name permit | deny sequence

match condition
match condition  Logical AND for the match conditions
set action
 A route not matched by any statement is dropped.

 “Permit all” is achieved by specifying “permit” without a “match” clause.
 Match conditions in one statement (One line) are ORed together.
 Match conditions in two statements (two lines) in the same sequence, ANDed together.
 Route-maps can match on:

– Network number and subnet mask matched with an IP prefix-list
– Route originator
– BGP next-hop address
– BGP origin
– Tag attached to IGP route
– AS-path
– BGP community attached to BGP route
– IGP route type (internal/external …)
 Route-maps can set:

– Origin
– BGP next-hop
– Weight
– BGP community
– Local preference
– MED

 Route-maps continue option
Route-map BGP permit 1
Match ip address 100
Set tag 5
Continue 30
Route-map BGP permit 30
Match communit-list X
Set origin IGP
Examples:
Mach + Set:
1) Create the route map.

ip prefixlist MyList permit 172.16.1.0/24 le 32
!
route-map LP permit 10
match ip address prefix-list MyList
set local-preference 200
route-map LP permit 200 (This statement is needed to permit all other routes because
there is an implicit deny statement at the end of the route map)
2) Apply the route map to a neighbor:

neighbor 192.168.12.1 route-map LP in
3) Activate the route map:

clear ip bgp * soft in (To clear the BGP session with all BGP neighbors)
clear ip bgp 192.168.12.2 soft in (To clear the BGP session with the selected neighbor only)
4) Verify the route map configuration:

show route-map
show ip prefix-list
show ip bgp route-map LP
show ip bgp prefix-list
No Mach + Set:

!
route-map LP permit 10
* No need for an additional statement to permit all routes since the first statement will do this.



show route-map
show ip prefix-list
Mach + No Set:

!
route-map LP 10
match ip address prefix-list MyList
* No need for an additional statement to permit all routes because we need to filter out the routes that
don’t match the prefix list.



show route-map
show ip prefix-list
Note: The best way to set any BGP attribute is through the rout-map.
BGP Filters

Implementing changes in BGP Policies
Introduction:
When using hard reconfiguration (clear ip bgp *) :
 The bgp session will be terminated for a period of time. This period can be few minutes
in the big ISPs.
 All BGP routes are lost after the session is torn down; connectivity through the BGP
neighbor is lost.
Soft reconfiguration is used to refresh the routes without terminating the BGP session.
Outbound Soft Reconfiguration:

 clear ip bgp * soft out: This command instructs the local router to resend all BGP routes
(except the denied routes) to all neighbors.
 clear ip bgp ip address soft out: This command instructs the local router to resend all
BGP routes (except the denied routes) to the determined neighbor.
Cisco Proprietary Inbound Soft Reconfiguration (Old Route Refresh):

 This feature is disabled by default because it consumes memory.
 To enable the Cisco proprietary inbound soft reconfiguration use the following
command:
neighbor ip address soft-reconfig inbound
To activate the inbound soft reconfiguration use the following commands:
clear ip bgp * soft in
clear ip bgp ip address soft in
 When the Cisco proprietary soft reconfiguration feature is enabled for a certain neighbor
or peer group, the receiving router keeps a copy of all received routes (before applying
the inbound filters) in the memory. Whenever the inbound soft reconfiguration feature is
activated, using the clear ip bgp ip address soft in command, the receiving router applies
the inbound policy to the received routes table and the resulting routes are installed in the
bgp table.
The content of the received routes table can be displayed using show ip bgp ip address
received command.

Standard Inbound Soft Reconfiguration (New Route Refresh):
 Using the standard inbound soft reconfiguration, the receiving router is not required to
keep all received routes in its memory.
 When a new inbound policy is applied on the receiving router, the router asks its
neighbor (if both neighbors support the standard inbound soft reconfiguration feature) to
resend its bgp table to apply the new policy on all incoming routes.
 To use the standard inbound soft reconfiguration, both routes should support this feature
on their IOS.
 No command is required to enable the feature.
 If both peers support the standard inbound soft reconfiguration, then the
clear ip bgp ip address soft in  will activate the feature.
Q.1) How does the router knows if its neighbor supports the standard inbound soft
reconfiguration?
One of the optional parameters that sent with the open message is the capabilities of each
router. If the standard inbound soft reconfiguration is supported by the router, it will be
mentioned in the capabilities parameter.
Clear ip bgp *  BGP hard reset

Clear ip bgp * soft out  BGP outbound soft reset
Clear ip bgp * soft in  BGP inbound soft reset

BGP Metrics (Attributes)
Note: For Transitive attributes, a partial bit is set to indicate that the attribute was not recognized.
Origin:
 The Origin attribute is Mandatory, well-known attribute.
 The Origin attribute means how the BGP route was generated (The origin of the path
information). There are two ways to generate the BGP route:
 If the route generated using the Network statement, then route will be marked by
i-IGP.
 If the route generated using redistribution, then route will be marked as unknown
(?).
AS-Path:
 The AS-Path attribute is Mandatory, well-known attribute.
 The AS-path attribute is empty when a local route is inserted in the BGP table.
 The AS number of the sender is prepended to the AS-Path attribute when the routing
update crosses AS boundary.
 The receiver of BGP routing information can use the AS-path attribute to determine
through which AS the information has passed.
 There are 3 main reasons to configure the AS number under the BGP routing process:
 To determine if the neighbor is IBGP or EBGP.
 To prepend the local AS to the AS-Path for EBGP neighbors.

 To prevent routing loops: When the AS border router receives an EBGP route; it
checks the AS-Path. If it finds its AS number in the AS-Path, it will silently
ignore the route.
AS-Path Prepending:
 AS-Path prepending is used to affect the returned back traffic policy.

 The AS path is extended with multiple copies of the AS number of the sender.
 In the above figure, R2 prepended its AS# on the EBGP outgoing updates to force the
returned back traffic coming from AS# 23 to use the 2Mbps link as it’s primary link.
 To apply the AS-Path prepending on the outgoing EBGP updates from R2 to R4 use the
following command:
neighbor <ip address of R4> as-path-prepend 2
 Also can be configure using route-maps
route-map name permit sequence
match condition
set as-path prepend as-number [ as-number … ]
show ip bgp regexp ^100_100_
Next Hop:
 Indicates the next-hop IP address used for packet forwarding

 Usually set to the IP address of the sending External Border Gateway Protocol (EBGP)
router.
 Can be set to a third-party IP address to optimize routing
Take care that router-C must know how to reach the next hop 10.1.0.5 into its IGP, so we have 2
solutions,
 Using next hop self on router-A
 Redistribute connected network into router-A IGB
BGP Next-Hop (Multi-access networks):
If the receiving BGP router is in the same subnet as the current next-hop address, the next-hop
address remains unchanged to optimize packet forwarding.
BGP Next-Hop (NBMA):
BGP next-hop processing can break connectivity with improper network designs over partially
meshed WAN networks.

Weight:
 The weight attribute is optional non-transitive attribute (Cisco proprietary).
 The weight is a router significant metric locally used to affect the routing traffic policy
on the same router, and does not affect routing policy of other routers.
(Weight gives control of routes on the same router).
 The weight is never sent with any BGP updates (Neither IBGP nor EBGP updates).
 The weight value represented by 16 bits (0 – 65535).
 The default weight (32768) is applied to routes that generated locally in the router, and
other paths have a weight of zero.
 BGP routes with higher weight are preferred.
 The weight can be set for incoming updates (both EBGP & IBGP) using:
 Route Maps. (recommended)
 neighbor ip address weight value command. (not recommended)

 All routes from the BGP neighbor get the specified weight.
 Weight is applied only to new incoming updates. To enforce new weights, reestablish
BGP sessions with your neighbors by using the clear ip bgp command.
 The weight is the strongest BGP metric as far as Cisco implementation is connected.
 The weigh is displayed in the BGP table using show ip bgp & show ip bgp prefix
commands.
 Wight is used to influence outgoing traffic (Tunes incoming updates).
Local Preference (LP):

 LP is a well-known discretionary attribute.
 LP is removed from any outgoing EBGP updates. It is local to the AS.
 The default local preference is applied to the locally generated routes & the EBGP
received routes.
 The default value or LP is 100. This value can be modified.
 The LP can be modified using an incoming route map for both EBGP & IBGP
updates.

 The LP can be modified using an outgoing route map for IBGP updates only. This is
because the LP is not sent outside the local AS.
 The LP can be set using:
 Bgp default local-preference value (not recommended)
 This command changes the default local preference value.
 The specified value is applied to all routes that do not have local preference set
(EBGP routes).
 The default local preference is not displayed in the BGP table.
 The default local preference is the one that applied by default to the locally generated
routes and the EBGP received routes as well.
 The LP is used to implement an AS wide policy for the outgoing traffic.
 LP is used to influence outgoing traffic (Tunes incoming updates).
Multi Exit Discriminator (MED):

 MED (metric) is an optional non-transitive attribute.
 MED is used to suggest an entry point to the AS.
 You can use the MED to influence path selection in neighbor autonomous systems.
 MED also called the “metric” in Cisco IOS software.
 The lower MED value is more preferred.
 An AS can specify its preferred entry point using the MED in outgoing EBGP updates.
 The MED is not propagated outside of a receiving AS.
 The default value of the MED attribute is 0.
 A lower MED value means more preferred.
 When IGP route redistributed into BGP, the MED value for the route is taken from the
IGP metric.
 MED is a weak metric since it is used when other BGP attributes (weight, LP, AS-Path,
origin) for alternative routes are equivalents.
 The MED is sent only to the directly connected AS (stripped of the outgoing EBGP
updates for non local AS routes).

 By default, the MED is considered only during selection of routes from the same AS.
With “bgp always-compare-med”, the MED is also considered for routes coming from a
different AS’s.
 By default, the MED is considered only during selection of routes from the same AS,
which does not include intraconfederation autonomous systems. Use this command to
allow routers to compare paths learned: “bgp bestpath med confed”
 from confederation peers.
 As per RFC (standard) implementation, No MED = Highest MED.
 As per Cisco implementation, No MED = Zero MED. This behavior can be changed
using (BGP best path missing-med-worst).
 The MED can be set using:
 Default-metric value (not recommended)
 MED is used to influence incoming traffic (Tunes outgoing updates).
Atomic aggregate
 Informs the neighbor AS that the originating router aggregated routes ( Informs the
neighbor AS the routes are aggregated)
 Has no effect on route selection criteria.
Aggregator
 Specifies IP address and AS number of the router that performed route aggregation.
BGP Community:
 The BGP community is an optional transitive attribute.
 BGP communities are a means of tagging routes to ensure consistent filtering or route
selection policy.
 Routers that do not support communities pass them along unchanged.
 Any BGP router can filter routes in incoming or outgoing updates or select preferred
routes based on communities.
 The community is represented by 32 bits (range 0 to 4,294,967,200)
 Values of all zeroes and all ones in high-order 16 bits are reserved.

 Each network in a BGP routing table can be tagged with a set of communities.
 The 16 higher order bits indicate the AS number of the router configuring the
community.
 The 16 lower order bits indicate the action to be taken by the receiver router on the
receiving BGP route that carries the community (local significance).
 Cisco IOS parser allows you to specify a 32-bit community value as:
[AS-number]:[low-order-16-bits]
 By default, the community stripped of outgoing updates unless the “send-community”
command is set for the neighbor.
 The community is set changes on the incoming traffic (outgoing updates) using an
outbound route map.
 The receiving router matches the community using a community list, and takes the right
action based on the inbound route map.
 There are well known communities don’t need an inbound route map to be configured
on the receiving router to interpret them:
 no-export: Don’t send to real EBGP neighbors (Send to IBGP and
intraconfederation neighbors only).
 no-advertise: Don’t send to any neighbor.
 local-as: Don’t send routes to any EBGP neighbors (Send to IBGP neighbor only)
 The BGP community can be shown on the receiving router using
show ip bgp <prefix> command.
 The BGP community can be shown on the sending router by:
debug ip bgp command
show ip bgp <neighbor ip address> advertised-routes
 The community is displayed in a digital format. Use the following global configuration
command to display the community as how you type it.
ip bgp community new-format
Example:
R1 Configuration:
1) Create the policy:
route-map Set-Community 10
set community 100:200 [additive]  Additive key word make the
community to be added to any previous community.
2) Apply the policy to a neighbor:
neighbor <R2> route-map Set-Community out
neighbor <R2> send-community

3) Activate the new policy to all routes:
clear ip bgb <R2> soft out
4) Verify your configuration:
Show ip bgp <R2> advertised-routes
debug ip bgp
R2 Configuration:
1) Create the policy:
ip community-list 5 permit 100:200
route-map Set-LP 10
match community 5
route-map Set-LP 15
2) Apply the policy to the neighbor:
neighbor <R1> route-map Set-LP in
3) Activate the policy:
clear ip bgp <R1> soft in
4) Verification
show ip bgp <R1>
----------------------------------------------------------------------------------------------------------------
BGP Route Selection and Filtering Tools Summary
----------------------------------------------------------------------------------------------------------------

BGP Route Selection Criteria

Influencing BGP route selection
 There are 2 methods to affect the outgoing traffic (Tune incoming updates):
 Weight
 Local Preference
 There are three methods to affect the returned back (incoming) traffic (Tune outgoing updated):
 MED
 AS-Path Prepending
 BGP Community
Tool Affected Traffic Comments

Affects the local router only (Router Locally
Weight Outgoing
Significant)
Affects the local AS only (AS Locally
Local Preference Outgoing
Significant)
MED Incoming Affects the directly connected AS.
AS-Path Prepending Incoming Requires traffic analysis & link monitoring.
Community Incoming Needs configuration for both peers.

IBGP Scalability Issues in a Transit AS
IBGP requires a full mesh between all BGP-speaking routers.
• Large number of TCP sessions (n*(n-1)/2)
• Unnecessary duplicate routing traffic
Solutions
• Route reflectors modify IBGP split-horizon rules.
• BGP confederations modify IBGP AS-path processing.
Route Reflectors:
 Route Reflector disables BGP split horizon. Can cause disaster to the network if configured
incorrectly because it may cause routing loops.
 Route reflectors modify the classical IBGP split horizon rules and allow a particular router to
forward incoming IBGP updates to outgoing IBGP sessions under certain conditions. This
router becomes a concentration router, or a rout reflector.
 When you implement a route-reflector-based IBGP network, the BGP routers are divided
into; route reflectors and clients.
 Choose the router which has a direct link to most of the other routers to be a route reflector
and it’s connected routers will be route reflector clients.
 All route reflectors in an AS should be fully meshed.
 Route reflector clients are excluded from the full mesh.
 A client may have IBGP sessions to more than one route reflector to avoid a single point of
failure.
 In huge BGP environments, dedicated route reflectors are recommended.
 Each route reflector client can have any number of EBGP sessions but must have IBGP
session(s) with its route reflectors only.
 When a route is reflected, the route reflector will set the originator-ID BGP attribute
(optional non-transitive BGP attribute) to the router-ID of the peer from which it received the

route. Any router receiving a route with its own router-ID in the originator-ID attribute will
ignore that route.
 A group of redundant route reflectors and their clients form a cluster.
 Each cluster must have a unique cluster-ID.
 Each time a route is reflected, the cluster-ID is added to the cluster-list BGP attribute.
 The route that already contains the local cluster-ID in the cluster-list attribute is not reflected.
 The cluster-ID number must be configured in the route reflectors. The clients should not be
configured with this information.
Configuring route Reflectors:

 Configure cluster-ID on route reflectors (default value is router-ID):
bgp cluster-id <number>
 Configure BGP neighbors as route reflector clients on the route reflector:

neighbor <ip address> route-reflector-client
 No configuration is needed on the route reflector clients.

BGP Confederation:
 BGP confederation introduces the concept of dividing the AS to a number of smaller

autonomous systems. The smaller autonomous systems exchange BGP updates between
them using intraconfederation BGP sessions. These smaller autonomous systems are cal
member autonomous systems.
 In a BGP confederation environment the BGP neighbors are classified to three types:
 Real EBGP Peer
 Intraconfederation EBGP Peer.
 IBGP Peer
 For IBGP session

 The AS path is not changed.
 Intra-confederation EBGP session
 The intra-confederation AS number is prepended to the AS path.
 EBGP session with external peer
 Intra-confederation AS numbers are removed from the AS path.
 The external AS number is prepended to the AS path.

 EBGP sessions rely on AS-Path attribute for loop prevention.
 IBGP split horizon is used as a routing loop prevention mechanism for IBGP sessions
since the AS-Path attribute does not change over IBGP sessions.
 Inside a confederation, the AS-Path attribute routing loop prevention is used between
member autonomous systems.
 Each member-as is assigned with a private AS#.
 The original AS# is used as a confederation identifier.
 AS-Path attribute is changed over intraconfederation EBGP sessions same as EBGP
sessions. But the member-as numbers are displayed within parentheses to distinguish
them from the original AS number.
 When confederation is used, the following actions are taken when sending EBGP updates
to a real EBGP neighbor:
 Removing all member-as numbers (That are displayed within parentheses).
 Prepend the confederation ID (The original AS number) to the AS-Path attribute.
Configuring BGP confederation Example:
 Start the BGP process with the member-AS number.

 Specify an external AS number.
 Must be defined in all routers within confederation
 List all member-AS numbers in the confederation.
 Must be defined in all routers with an EBGP session
R1:
no router bgp 64000
router bgp 64512
bgp confederation identifier 64000
bgp confederation peers 64513 64514 64515
Note: The bgp confederation peers command is used to inform the local BGP router about the
member autonomous systems that it is going to peer with, so that it follows the
intraconfederation BGP session rules when sending updates to them.

BGP Peer Groups:
 Peer groups are fundamental BGP scalability tool and should be used in all environments
where a router has a large number of BGP neighbors.
 BGP peer groups helps to reduce the amount of redundant BGP configurations.
 BGP peer groups names are locally significant on the router, the name of the group is not
passed to other routers.
 Don’t put IBGP and EBGP peers in the same peer group.
 Some peer group parameters can be overridden by neighbor configurations only if the
individual configurations apply on incoming updates.
 Cisco IOS software assigns a peer group leader. Outgoing updates to the peer group
members are always prepared for the peer group leader and then replicated to the other
members of the peer group.
Peer Groups configuration:
1. Create the peer group.

neighbor < peer-group-name > peer-group
Example:
neighbor IBGP-Peers peer-group
2. Set all common parameters for the peer group.

neighbor <peer-group-name> <parameter>
Examples:
neighbor IBGP-Peers remote-as 64515
neighbor IBGP-Peers password cisco
3. Add neighbors with the same parameters to the same peer group.
neighbor <ip address> peer-group <peer-group-name>
Example:
neighbor 10.1.1.1 peer-group IBGP-Peers

More about BGP:
 BGP Route Dampening:

 Designed to reduce router processing load caused by unstable routes
 Prevents sustained routing oscillations without affecting other well-behaved routes
 A tool designed to help minimize the number of BGP updates
 Other update reduction tools:
o Batching of BGP updates
o Per-neighbor update timers
 Minimizes the amount of BGP update processing in the Internet by suppressing unstable
(flapping) routes
 Does not suppress routes that occasionally flap
 Suppresses routes that are likely to flap in the future based on the history of their
behavior
o Flap = Remove route
o Suppress = Do not use a route after it reappears
Route-Dampening Operation:
 Each time an EBGP route flaps, it gets 1000 penalty points (IGBP routes are not
dampened).
 The penalty placed on a route decays according to the exponential decay algorithm.
 When the penalty exceeds the suppress limit, the route is dampened (no longer used or
propagated to other neighbors).
 A dampened route is propagated when the penalty drops below the reuse limit.
 The flap history is forgotten when the penalty drops below half of the reuse limit.
 A route is never dampened for more time than the maximum suppress limit.
 An unreachable route with a flap history is put in the history state—it stays in the BGP
table but only to maintain the flap history.
 A penalty is applied on the individual path in the BGP table, not on the IP prefix.
Route Dampening Configuration:
bgp dampening [half-life reuse suppress maxsuppress- time] [route-map map-name]

set dampening half-life reuse suppress max-suppresstime
BGP dampening parameters:

 half-life: Decay time in which the penalty is halved
 suppress: Value when the route starts dampening
 reuse: Value when the dampened route is reused
 max-suppress-time: Maximum time to suppress the route
 route-map: Name of route-map controlling dampening
Most Internet service providers use default values:

 A flapping route is dampened after three successive flaps.
 A route stays suppressed for approximately 30 minutes.

 Net result: The route is lost for 30 minutes if a BGP session with a neighbor is cleared
three times in succession.
Default dampening parameter values are:

 half-life 15 minutes
 suppress 2000
 reuse 750
 max-suppress-time 60 minutes (4x half-life)
 per-flap penalty 1000 (nonconfigurable)
Releasing Dampened Routes
clear ip bgp ip-address flap-statistics [{regexp regexp} | {filter-list list-name} | {ip-address

network-mask}]  Clears the flap statistics but does not release dampened routes
clear ip bgp dampening [ip-address network-mask]  Releases all the dampened routes or just
the specified network
Monitoring Route Dampening:
show ip bgp dampened-paths

show ip bgp flap-statistics [{regexp regexp} | {filterlist access-list} | {ip-address mask [longer-
prefix]}]
Dampening Example:
 Neighbor flapped for the first time:
 After the third flap, the penalty of the route exceeds the suppress limit, and the route could
be suppressed.
When the route exceeds the suppress limit, one of two things could happen:

o The router will put the route in the history state if the route is currently
unreachable.
o The router will suppress the route if the route is currently reachable
The penalty of the route is decreased following an exponential curve. After a while, the penalty drops below the
suppress limit, but the route is not yet released—the route is released only after the penalty drops further below the
reuse limit.

 BGP behavior with Default Routes:
 By default, the default route (0.0.0.0/0) is not advertised in outgoing BGP updates, even
if we make redistribution for the static route into BGP
 We need extra configuration in order to allow BGP to send a default route to neighbor.
“neighbor ip-address default-originate”
 The “neighbor default-originate” command advertises the default route to a BGP
neighbor even if the default route is not present in the BGP table
Note: The default route is not sent through the outbound BGP filters (prefix-list, filter-list, or
route-map).
 Removing Private AS Numbers

 Private AS numbers should not be advertised into the Internet.
 The private AS numbers must be removed from the AS path before the customer BGP
routes are advertised to other service providers.
 neighbor ip-address remove-private-as

 The command modifies AS-path processing on outgoing updates sent to specified
neighbor.
 Private AS numbers are removed from the tail of the AS path before the update is
sent.
 Private AS numbers followed by a public AS number are not removed.
 The AS number of the sender is prepended to the AS path after this operation.

 BGP Support for Dual AS Configuration for Network AS migration
 Allows you to merge a secondary AS under a primary AS without disrupting customer

peering sessions
 Allows a router to appear, to external peers, as a member of secondary AS during the AS
migration
 Allows a network operator to merge the autonomous systems and then later migrate
customers to new configurations during normal service windows without disrupting
existing peering arrangements
 If misconfigured, increases the possibility that routing loops can be created
neighbor ip-address local-as [as-number [no-prepend [replace-as [dual-as]]]]
BGP Hide Local-Autonomous System Feature

 Allows you to transparently change the AS number for the entire BGP network
 Ensures that routes can be propagated throughout the AS
 Neighbor ip-address local-as command in address family or router configuration mode
allows customization of the AS number for EBGP peer groupings
 Configuration:
neighbor {ip-address | peer-group-name} local-as as-number [no-prepend]
The neighbor local-as command is used initially to configure BGP peers to support two local AS
numbers to maintain peering between two separate BGP networks.
This configuration allows the ISP to immediately make the transition without any impact on
existing customer configurations.
When the customer configurations have been updated, the next step is to complete the transition
from the old AS number to the new AS number.
The key work no-prepend Configures the router to not prepend the local AS number to any
routes received from an external peer.
replace-as: Optional keyword allows the router to prepend only the local AS number to the AS-
path attribute.
The AS number from the local BGP routing process is not prepended.
dual-as: Optional keyword allows the router to configure the EBGP neighbor to establish a
peering session using the real AS number (from the local BGP routing process) or by using the
AS number configured with the ipaddress
argument (local-as)

BGP Backdoor:
Consider the above diagram, RTA and RTC are running EBGP and RTB and RTC are running
EBGP. RTA and RTB are running some kind of IGP (RIP, IGRP, etc.) By definition, EBGP
updates have a distance of 20 which is lower than the IGP distances. Default distance is 120 for
RIP, 100 for IGRP, 90 for EIGRP and 110 for OSPF.
RTA will receive updates about 160.10.0.0 via two routing protocols: EBGP with a distance of
20 and IGP with a distance higher than 20.
By default, BGP has the following distances, but that could be changed by the distance
command:
distance bgp external-distance internal-distance local-distance
external-distance:20
internal-distance:200
local-distance:200
RTA will pick EBGP via RTC because of the lower distance. If we want RTA to learn about
160.10.0.0 via RTB (IGP), then we have two options:
1. Change EBGP’s external distance or IGP’s distance which is NOT recommended.
2. Use BGP backdoor
BGP backdoor will make the IGP route, the preferred route. Use the following command:
network address backdoor.
The configured network is the network that we would like to reach via IGP. For BGP this
network will be treated as a locally assigned network except it will not be advertised in bgp
updates.
At Router A:
network 160.10.0.0 backdoor
Now, RTA will learn 160.10.0.0 from RTB via EIGRP with distance 90, and will also learn it
from RTC via EBGP with distance 20. Normally EBGP will be preferred, but because of the
backdoor command EIGRP will be preferred.

Recommended Reading:
 Read Chapter 5 from BGP student guide to have a deeper look on best practices and BGP
design considerations and also the different ways for customer and provider connectivity.


BGP Sherif Summary

Uploaded by

Copyright:

Available Formats

BGP Sherif Summary

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BGP Sherif Summary

Uploaded by

Copyright:

Available Formats

CONFIGURING

 BGP is a distance vector protocol with enhancements (Path vector):

 IGP is used in any BGP environment for the following purposes:

When to use BGP? Who should use BGP?

Business Requirements for Multihomed BGP Networks:

 Public AS number is assigned by an Internet registry (American Registry for Internet

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

How Does BGP Work? (Establishing BGP session between 2 neighbors)

To produce MD5 message you have to configure password on both BGP

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

4- Establishing the BGP session.

BGP neighbor relationship (BGP states):

BGP packet Types:

3. Notification  In response to errors

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

 Routing table ( show ip route)  Contains the best path

Processing BGP routes:

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

The Golden Rule of BGP:

BGP route injection:

 The format of the network command follows:

ip route 192.213.0.0 255.255.0.0 null 0

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

 Automatic summarization is enabled by default.

2. BGP manual summarization (Aggregation)

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

router bgp 1  Enables BGP process globally (R1 is in AS#1)

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

Show ip bgp neighbors  Displays the neighbor table

Show ip bgp  Displays the bgp table

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

debug ip bgp keepalives Debugs BGP keepalive packets

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

BGP Split Horizon Rule

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

BGP & Loopbacks

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

To solve the next hop unreachability problem for EBGP routes:

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

 IGP is used in any BGP environment for the following purposes:

 BGP carries external and customer routes.

Common IBGP Problems

Symptom  IBGP session does not start.

Symptom  IBGP session does not start.

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

Neighbors in the same Neighbors in different

Next-Hop changed? If sending updates to If sending updates to

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

On router2 configure: maximum-paths ibgp maximum-number(from 1-6)

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

We can also load share the traffic in EBGP using command:

Good Troubleshooting commands:

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

1. AS Path Filter (Filter List)

[BGP Summary] Prepared by: Sherif Mokhtar – CCIE# 26013

How to configure Filter List?

2) Apply the filter list on BGP neighbor:

3) Activate the filter list on a BGP session: