Sunteți pe pagina 1din 19

BGP

-Rahul Kachalia.

(This document will never be final) 1


• BGP Characteristics –
o BGP uses algorithm same as DV – relies on downstream neighbors to pass along routes from their
routing table. Upon receiving router calculates & pass it to other neighbor. Unlike DV protocols that
use hop-count, BGP uses list of AS# through which a packet must pass to reach destination that’s the
reason it is also called Path-Vector Routing protocol.
o Establishes Unicast P2P neighbor relationship, sends complete routing table initially & but incremental
update later on.
o BGP sends keepalive at every 60 seconds & 180 seconds for dead interval.
o Uses TCP (Port 179) for its delivery mechanism that manages ACKs, retransmissions & sequencing.
o BGP does not show details of topologies but sees only high-level tree of AS. Because of such
architecture BGP maintains routes (prefixes) in two separate tables.
o BGP follows splits-horizon rules, routes learned from neighbor wont be sent back to the source.
o BGP power lies in its attributes, used as metrics for best route selection process, filtering etc.
o BGP supports MD5 authentication, powerful route filtering & policing.
• Do I need BGP? – Several scenario available where BGP is required or not required:
o If a customer having single link to single ISP, BGP is not required. Static route works more efficiently.
o If a customer has dual link to single ISP, BGP is required, for redundancy, PBR etc.
o If a customer connects to more than 1 ISP, BGP is required for redundancy, PBR etc. Customer also
needs legal AS# & sub-network that is assigned to it by registry.
o If a customer’s AS is a Transit AS, BGP is required to route traffic between ISPs across Transit AS.
• BGP Neighbors – Before BGP routes are exchanged BGP nodes establishes P2P relationship. It is
established by exchanging BGP messages over TCP protocol. BGP neighbors are identified in two
separate ways which also behaves differently:
o Internal BGP (IBGP) – 2 BGP speakers forms IBGP connection if they share same AS#. Following
are some of the IBGP characteristics:
 IBGP is not necessarily to be directly connected, but requires some IGP to reach each IBGP peers.
 Every router within an AS must establish P2P IBGP neighbor relationship; routes learned from 1
IBGP neighbor wont sent to another if both neighbors are in same AS. Primary reason of having full
meshed BGP relationships is IBGP do not have routing loop protection as EBGP.
 Local AS is not added or changed in AS_PATH till the route is advertised to an EBGP peer.
 Route Dampening is not applicable for IBGP.
o External BGP (EBGP) – 2 BGP speakers forms EBGP connection if they have unique AS#. EBGP
routers are called AS border routers. Following are some of the EBGP characteristics:
 EBGP peers must be directly connected else need software knob to connect over multiple hops.
o With EBGP load balancing can be done, but IBGP can have only single link.
• BGP Messages – BGP uses 4 different messages to maintain relationship with peers, exchanging routing
information, notifying errors etc:
o Open – After TCP sessions is established both BGP neighbors sends Open message. Each neighbor
uses this message to uniquely identify itself & to specify its BGP parameters. Open message includes:
 Version – Default is 4, if different than its rejected.
 AS# – AS# of originating router. Determines whether session is EBGP or IBGP.
 Hold-Time – Max number of seconds before a router must receive either a keepalive or update
message. Min is 3 seconds & default is 180 seconds, configuring 0 will disable sending keepalives &
Hold-Time will never expire. If neighbors have different timer, smaller timer is selected.
 BGP Identifier – RID. Highest IP address of physical / loopback interface or manually assigned RID.
 Optional parameters – Advertises other capabilities like authentication, MPR & route-refresh.
o Keepalive – Sent at every 60 seconds or equal to one-third of hold-time.
o Update – Carries routing updates in following sub-categories:
 NLRI – One or more tuples (length, prefix) For example if 206.193.160.0/19 were advertised, the
Length is /19 & 206.193.160 would be prefix. Multiple prefixes can be carried in this field.
 Path Attributes – The attributes provides the information that allows BGP to choose a shortest path,
detect routing loops, and determine routing policy. Attributes of all categories are carried in Update.
 Withdrawn Routes – These are tuples describes destinations that have become unreachable.
(This document will never be final) 2
o Notification – The notification message is sent whenever error is detected & BGP connection is close.
• BGP Neighbor FSM – Neighbor FSM is divided into 6 different state machines:
o Idle – By manually resetting existing BGP connection or rebooting router, BGP begins with Idle state
by initializing process, resetting timers, initiates TCP connection & start listening for connection
initiated by peer. If any errors, returns to IDLE state & retries after every 60 seconds interval called as
ConnectRetry timer.
o Connect – BGP waits for TCP connection to complete, if its successful BGP clears ConnectRetry
timer, & transition to OpenSent state by sending Open message to neighbor. If TCP connection is
unsuccessful, the BGP continues to listen for a connection to be initiated by neighbor, resets the
ConnectRetry timer, & transitions to Active state. If ConnectRetry timer expires the timer is reset, TCP
connection is re-initiated with the peer. Any other input event causes a transition to Idle.
o Active – BGP is trying to acquire peer by initiating TCP, if its successful BGP will transition to
OpenSent. It will ConnectRetry restart timer if it expires, fallback to Connect state & re-initiate TCP
connection to peer. Any other input event causes a transition to Idle. State flaps between Connect &
Active indicate TCP connection failure.
o OpenSent – In this state BGP peers has formed TCP connection, Open message has sent & router is
waiting to hear Open message from peer. If error exists Notification message is sent & returns back to
Idle, else keepalive is send & reset. Hold time is negotiated, & smaller value is agreed, if its 0 either
Hold or Keepalive timer will not start. Peer identifies either IBGP or EBGP relationship based on
received Open message.
o OpenConfirm –BGP is waiting for keepalive or notification message if keepalive is received than the
state is transition to Established. If notification or a TCP disconnect is received it returns to Idle state.
If Hold-timer expires or an error is detected, notification message is sent & returns back to Idle state.
o Established – In this state BGP peer connection is fully established & the peers can exchange Update,
Keepalive, & Notification message. If Update & Keepalive is received, the Hold timer is reset. Any
problems detected by peer in Update message, Stop Event is received or Hold-timer expires,
notification is sent or received & state transition to Idle.
• Path Attributes – A path attribute is a characteristic of an advertised BGP routes. When a router
receives BGP update, it will analyze the attached attributes & compare them with the attributes learned
from other source for same destination. Based on that router makes decision to choose a path that it
considers as best. An attribute in different category plays separate roles for setting traffic flow, fine tune,
filter, policing, point of aggregation & full control of every single route in BGP. Attributes are carried
on BGP UPDATE ONLY. Attributes are divided into 4 major categories:
o Well-known Mandatory – Attributes list in this category must recognize by all BGP Speaker & must
exist in all BGP Updates:
1. ORIGIN – Specifies the origin of routing update. If BGP has multiple routes, it uses ORIGIN as one
factor to determine best route. Types of origins:
 IGP – NRLI learned from a protocol internal to the originating AS. An IGP origin gets highest
preference of the ORIGIN values. BGP routes are given an origin of IGP if they are learned from
IGP routing table via network statement; they are forwarded only if they appear in routing table.
 EGP – NRLI learned from Exterior Gateway Protocol. EGP is preferred second to IGP.
 Incomplete – NRLI learned via redistribution carries incomplete origin attribute, because there is
no way to determine the original source of route. Incomplete has lowest ORIGIN preferred value.
2. AS_PATH – AS_PATH is empty when route is first originated & AS#is added each time when it
pass AS border. Every AS border router prepend their own AS before passed to their own neighbors,
this way every router understands sequence of AS path starting from recent of particular NLRI. Note
neighbor adds its AS# ONLY when peer is in another AS (EBGP), but not local (IBGP).
AS_PATH attribute is used for 2 another primary reason:
 Routing Loop – If a BGP router receives a route from an external peer whose AS_PATH includes
its own AS#, it concludes looped has occurred & drops such route. 2 types of AS_PATH attributes
are used to prevent routing loops, especially with route summarization:
• AS_SEQUENCE – Carries ordered list of AS numbers.
• AS_SET – This is an unordered list of AS# along the path to the destination sent to downstream
BGP speaker along with summarized route, which helps preventing routing loop. When AS_SET
is included in AS_PATH then ATOMIC_AGGREGATE attribute is not included with the
aggregate. AS_SET notifies downstream BGP speaker that aggregation has occurred & more
(This document will never be final) 3
information than ATOMIC_AGGREGATE. Failure of any network is notified from different AS
up to the aggregation AS, but if any AS from AS_SET flaps it will be notified to downstream
router, which brings instability in network.
 Incoming Route Preference – If BGP speakers is connected multihome-multiple AS topology, a
router has full control to select traffic for outgoing path but not for incoming because peer will
decide better path. If BGP speaker advertises route originated AS + “multiple fake-AS” will force
peer to take other path to reach destination. Other vendors may not support AS-PATH attribute to
consider best path out of multiple to use same algorithm, IOS uses “bgp bestpath as-path ignore”
command. For ex. Fig1.200.0.0/18 prefix is advertise to AS200 & AS400 by AS100, traffic
originated from AS100 to AS300 will take AS100-AS200-AS300 path & same for return traffic, if
AS100 prefers another path for return traffic, AS100 advertise multiple instances of its own AS# to
AS200 & AS400, which forces AS300 to take AS600-AS500-AS400 path to reach AS100:
FIG.1 --200.0.0/18(AS100)—AS200—AS300-|
|--AS400—AS500—AS600
FIG.2 --200.0.0/18(AS100, AS100, AS100, AS100)—AS200—AS300-|
|--AS400—AS500—AS600----------------------------|
3. NEXT_HOP – Specifies interface IP address of next hop router on the path used for packet
forwarding. In broadcast network, if current Next-Hop IP is on same subnet as receiving router than
NEXT-HOP address is not modified. In partial-mesh NBMA network where same subnet is used but
without physical can break BGP. 2 possible solution, use P2P connection & use unique subnet now
NEXT-HOP will be changed by Hub router & second is disable NEXT-HOP processing which is not
recommended. 3 rules applies to NEXT_HOP attribute:
 If router receives EBGP Update & forwards to another EBGP neighbor who is different subnet
than received, then AS_PATH is prepended & NEXT_HOP is replaced with its own IP address.
 If router receives EBGP Update & forwards to another EBGP neighbor who is on same subnet
than received, then AS_PATH is prepended but NEXT_HOP remains unchanged.
 If IBGP peers exchange their own networks, the NEXT_HOP address is of originating IBGP peer.
 If IBGP peer advertise Update with prefix in different AS, the NEXT_HOP address is of external
peer from which route has learned. EBGP peer should be reachable via IGP else advertised
NEXT-HOP will be unreachable & it wont install in routing table. 2 possible solution, first BGP
speaker connecting to other AS will redistribute EBGP route into IGP & second is BGP speaker
connecting to other AS will send its own interface IP address by manipulating NEXT_HOP
address to IBGP peer.
o Well-known Discretionary – Every BGP speaker must recognize all attributes in these categories but
not compulsory to include in Update message. Attributes in these categories are used for route policy:
1. LOCAL_PREF – Primarily used to select best route for outbound traffic for other AS &
COMMUNICATED WITHIN SAME AS. Route received from another AS is tagged with value 100
(default), path with highest LOCAL_PREF will be selected.
2. ATOMIC_AGGREGATE – When BGP speaker does route summarization for EBGP routes, it will
advertise summarized route & ONLY by adding its own AS number. In such case this attribute is
used to alert downstream peers that lost of path information had occurred. Any downstream BGP
speakers receives a route with this attribute cannot make any NLRI information of that route more
specific, & when advertising the route to other peers, this attribute remain attached.
o Optional transitive – When BGP receives Update & recognizes attributes in this category then it must
handle it for further propagation. If router doesn’t recognizes it, then it will set an additional bit in
attribute header called partial bit to indicate it didn’t recognize attributes & pass it to neighbor.
1. AGGREGATOR (Optional transitive) – When ATOMIC_AGGREGATE attribute is set; BGP
speaker has the option of attaching AGGREGATOR attribute that includes RID & AS# of BGP
speaker where aggregation has occurred. By default all aggregated prefix has following values:
NEXT-HOP = local (100) Weight = 32768 LOCAL-PREF = best
AS-PATH = AS-SET or empty Origin = worst MED = none
2. COMMUNITY (Optional transitive) – COMMUNITY attribute is designed to simplify routing
policies. Identifies a destination as a member of some community of destination that shares one or
more common properties. The COMMUNITY attribute is a set of four octets, first 2 octets are AS
number & last 2 are administratively defined identifier, the format is “NN:AA”. IOS represents this
format in decimal format, for example if attribute is 625:70 convert it to hex (625=0271 & 70=0046)
(This document will never be final) 4
which is 02710046, finally convert hex to decimal, which will be 40960070. COMMUNITY values
range from 0 to 65535 & 4294901760 to 4294967295 are reserved. Out of this reserved range,
several well-known communities are defined:
 INTERNET – The INTERNET Community does not have a value; all routes belong to this
community by default. Received routes belong to this community are advertised freely.
 NO_EXPORT (4294967041) – Routes carrying this value cannot be advertised to EBGP peers or,
if confederation is configured the routes cannot be advertised outside of confederation AS.
 NO_ADVERTISE (4294967042) – Routes carrying this value cannot be advertised at all to either
IBGP or EBGP neighbors.
 LOCAL_AS (4294967043) – Routes carrying this value cannot be advertised to EBGP peers,
including peers in other AS within a confederation.
o Optional non-transitive – BGP process that does not recognize the attribute in these categories can
quietly ignore the Update in which it is included & do not pass it other peers.
1. MULTI-EXEC_DISC (Optional non-transitive) – MED is apposite of LOCAL_PREF. MED are
used only to influence traffic between two directly connected AS, to influence route preference
beyond the neighboring AS, the AS_PATH must be manipulated. By including MED value AS tries
to tell neighbor AS to prefer another route for specific destination & path with lowest MED is
selected, default is 0. MED is carried in EBGP update; also it’s not compared if 2 routes with same
destination are received from 2 different AS. Upon receiving EBGP update with MED it can be sent
to IBGP peer but not to other EBGP peers.
2. ORIGINATOR_ID (Optional non-transitive) – This attribute used by Route-Reflector to prevent
routing loop by using RID. A router considers routing loop when it receives a route with
ORIGINATOR_ID same as its own RID & the route is ignored.
3. CLUSTER_LIST (Optional non-transitive) – Is sequences of RR cluster Ids through which the
route has passed, if RR sees its local cluster ID in CLUSTER_LIST of received route, it consider as
route loop & ignores the route.
• Administrative Weight – Cisco proprietary BGP parameter that applies only to routes within an
individual router & not communicated to other routers. Weight is the first metric in BGP decision process
to match for selecting best route if there are multiples. Weight value ranges from 0 to 65535, route with
higher weight value is preferred route, default Weight value for route learned from peer is 0 & default
Weight value for routes originated by local router have weight of 32768. Weight can be assigned to
individual route or on to specific neighbor.
• BGP Database – BGP Routing Information Database (RIB) consist of 3 parts:
o Adj-RIBs-In – Stores unprocessed routing information that has been learned from updates received
from peers. The routes contained in Adj-RIBs-In are considered feasible routes. BGP calculates
metrics for each route that has received from peer, whenever BGP receives an new route, changed
route or withdrawn route it runs calculation process over it. Adj-RIBs-In routes are installed in BGP
table, BGP keeps a table version number to track instance of BGP routing table. Table version number
incrementing rapidly indicates instability in network.
o Loc-RIB – Installs particular route that has best metrics out of all available in Adj-RIB-In table.
o Adj-RIBs-Out – Contains the routes that the BGP speaker advertises to its peers. Installs route in
global routing table, route aggregation occurs in this table. If NEXT_HOP attribute is unreachable
route wont be selected
• BGP Decision Process (Check updated one)– Also called as BGP route selection process, a sequence &
rules for considering all attributes, especially when there are multiple paths for same destinations. BGP
uses following criteria:
1. If NEXT-HOP is inaccessible route wont be installed.
2. Route with highest administrative weight, else no.3.
3. Route with highest LOCAL_PREF value, else no.4.
4. Locally originated route with either network/aggregate command or routes redistributed from
IGP into BGP. Local paths sourced by network/redistribute command are preferred over aggregate-
address, else no.5.
5. Shortest AS_PATH to reach destination network (only length is compared), else no.6.
6. Lowest ORIGIN code. Preference IGP->EGP->Incomplete, else no.7.
7. Lowest MED value, see following notes. Else no.8:

(This document will never be final) 5


o Compares only if first AS # in AS-SEQUENCE is same for 2 paths, any confederation member-as
are ignored. Prefix with AS_CONFED_SEQUENCE will be ignored.
o If bgp always-compare-med is configured then all prefix from different AS will be verified.
Enable this option on entire AS, else routing loop can occur.
o If bgp bestpath med-confed is configured then MED are compared for all paths that consist only
AS_CONFED_SEQUENCE (paths originated within local confederation).
o Prefix received with MED of 4294967295 will change it MED value of existing prefix before
entering into BGP table.
o Paths received without MED value is 0 by default, unless bgp bestpath missing-as-path is enabled
which sets 4294967295 MED to prefix which do not have MED.
o Bgp deterministic med
8. Prefer EBGP routes over Confederation-EBGP routes & prefer Confederation-EBGP routes
over IBGP routes else no.9.
9. Shortest path to NEXT-HOP, route with lowest IGP metric to next-hop router, else no.10.
10. If IBGP connection & BGP multipath is enabled, install all equal-cost routes in Loc-RIB else
no.11.
11. If both paths are external, then prefer that was received first. This step will be skipped if, else
no.12:
o Bgp bestpath compare-router-id is enabled.
o RID is same for multiple paths, since routes were received from same router.
o There is no current best path.
12. Lowest RID will be selected, else no.13.
13. If RID is same for multiple paths & then compare minimum cluster_id length which applies to
RR only. Else no. 14.
14. Prefer the path coming from lowest neighbor ip address, same as used with neighbor statement.
• IBGP & IGP Synchronization – Synchronization issue between IBGP & IGP arise when your AS is a
Transit AS. The rule of synchronization states, “Before a route learned from an IBGP neighbor is entered
into IGP routing table or is advertised to a BGP peer, the route must first be known via IGP”. IOS
provides 2 possible solution for this problem:
o Redistribute external routes into IGP RP to ensure that the IGP can synchronize with BGP. Drawback
huge routing table is redistributed.
o Make all IBGP routers fully meshed & disable synchronization. With this every router has full
knowledge of external routes via BGP & disabling synchronization allows the routes to be entered into
the routing table without informing IGP, drawback full meshed BGP. Disable synchronization if all
routers in Transit AS are BGP router but don’t disable synchronization if it’s not Transit AS.
• Managing Large-Scale BGP Peering – 4 solution are available to resolve large number of BGP peer:
o Peer Groups – Peer groups simplifies configuration & management by adding BGP peer routers that
shares common routing policies. Set of rules can be applied to particular peer-group & all peers will
follow same rule instead applying rule to individual BGP peers. Any changes made to group apply to
all associated BGP peers. Peer can be member of 1 peer group at a time.
o Communities – Unlike peer-groups applies policies to Routers, Communities applies policies to a
group of routes. A router adds a route to a pre-configured community by setting its COMMUNITY
attribute to some value that identifies it as a member of the community. Neighboring routers can then
apply their policies, such as filtering or redistribution policies to the routes based on value of
COMMUNITY attribute. More than one COMMUNITY attribute can be applied to single route, a
router receiving route with multiple COMMUNITY attributes has the option of setting policies based
on all those attributes or subset of the attributes. When routes containing COMMUNITY attributes are
aggregated, the aggregate inherits all the COMMUNITY attributes of all routes.
o Route-Reflectors (RR) – RR provides alternative to large number of fully meshed IBGP peers
Particular router in AS becomes RR who’s primary job is to reflect routes between peers & peers
connecting to RR is called RR-client, a group of RR & client forms a cluster. RR uses unique cluster
ID in AS to identify specific group of BGP speakers. RR provides multiple following benefits over
fully meshed IBGP connections:
 Client router forms IBGP connection directly with RR that reduces P2P IBGP connection.

(This document will never be final) 6


 Unlike P2P IBGP connection, RR will advertise routes learned from 1 IBGP peer to other without
having client-to-client BGP connections.
 Only RR requires cluster ID configuration & standard IBGP configuration on clients.
 Multiple RR’s can co-exist in single cluster to provide redundancy.
RR still uses same BGP decision process if it receives multiple paths for same destination. RR also has
some of its own route-forwarding rule & neighbor relationship between inside & outside of cluster:
 RR itself can be ONLY a client for RR in another cluster.
 RR can form EBGP with external peer & IBGP with clients in cluster, non-RR-client &/or other RR.
 Client router can form EBGP with external peer, but IBGP only with RR & clients in same cluster.
 Routes learned by RR from non-RR-client (IBGP) will be reflected to EBGP & RR-clients ONLY.
 Routes learned by RR from client reflects to clients & non-RR-clients, except to originating client.
 Routes learned by RR from EBGP will be reflected to clients & non-RR-clients.
 RR cannot change attributes of routes it received from clients.

Routing loop occurs between redundant RR in cluster, 2 attributes used to prevent it:
 ORIGINATING_ID is a route originator’s RID within the local-AS. RR doesn’t advertise route back
to the originator of the route & if originator receives an Update with its own RID, then it’s ignored.
 CLUSTER_LIST tracks cluster Ids the same was as AS_PATH tracks AS numbers. When RR
reflects route from client to non-RR-client or another RR it appends its cluster ID to
CLUSTER_LIST. Upon receiving IBGP Update RR checks CLUSTER_LIST if its sees its own
cluster ID in list, RR understand routing loop has occurred & Update is ignored.

Router Type Updates coming from Forwarded To


Standard EBGP peer Both IBGP & EBGP peer.
IBGP peer EBGP peer.
Route Reflector EBGP peer Both IBGP & EBGP peer.
Non-RR-Client peer EBGP & RR-Clients peer.
RR-Client peer All peers but not to originator.
RR-Client EBGP peer Both IBGP & EBGP peers.
IBGP peer EBGP peer.

o Confederations – An AS that has been subdivided into multiple sub-AS called member-AS. BGP
speakers within member-AS forms standard IBGP connection & EBGP (confederation-EBGP)
between member-AS. Confederation-EBGP modifies AS_PATH attribute when Update is sent to other
member-AS but while sending to non-confederation AS it removes all confederation-AS numbers &
prepends original external AS. The confederation is assigned a confederation Id, which is represented
to peers outside of confederation as the AS number of the entire confederation. All the routers in
confederation MUST support & configure confederation functionality else relationship will be
terminated. Both RR & Confederation can be coexist in sub-AS. With Confederation route
summarization again becomes issue to could lead to routing loop problem, with 2 type of AS_PATH
attributes it can be prevented:
 AS_CONFED_SEQUENCE – Ordered list of sub-AS numbers along the path to a destination.
Used same as AS_SEQUENCE attribute, but when Update is sent to peer outside the confederation
AS_CONFED_SEQUENCE attribute is stripped off.
 AS_CONFED_SET – In-ordered list of sub-AS along a path to a destination. Used same as
AS_SET attribute, but when Update is sent to peer outside the confederation AS_CONFED_SET
attribute is stripped off.
Confederation AS v/s standard AS:
 BGP decision process for confederation is same as standard AS type, especially specified in Rule#7.
BGP decision process chooses normal EBGP routes over Confederation-EBGP routes &
Confederation-EBGP routes over IBGP routes. And member-AS length will not be considered for
best AS-path calculations.
 IGP can be the same in entire confederation-AS or running different in each member-AS.
 When Confederation-EBGP sessions are opened between loopback interfaces, the “ebgp-multihop”
command must be used; else it always remains in IDLE state.
(This document will never be final) 7
 NEXT-HOP, LOCAL_PREF & MED can be advertised unchanged to EBGP peers to another sub-
AS within confederation.
• BGP Stability – Every time BGP neighbor establishes relationship exchanges configured attributes,
routing policies, timers etc, If any of such parameters are modified requires reset of TCP connection
which includes routing instabilities. Similarly when a route flaps on network frequent updates causes
core network instable. Possible solution are mentioned below:
o Link Failure Detection – By default when link between peer is down BGP wont reset peer connection
immediately, but with bgp fast-external-failure command it will tear down connection immediately.
o Soft Reconfiguration – When BGP routing policies have modified it requires connection reset to
make new policies effective. With Soft-Reconfiguration new policies is applied for specific direction
without resetting established TCP connection, which prevents route cache to get clear. If outbound
policy is applied on prefix than BGP router automatically applies new policies & re-sends entire BGP
table to all peers. If inbound policies applied on prefix after learning from peers will not make new
policies affective, hence the solution is BGP router will apply new inbound policies to prefix in
memory till connection is reset & a router applies inbound policies on prefix.
o Route Dampening – Method to track & unstable routes & prevent sending Update into core, which
helps to bring stability. Unstable routes are penalized whenever the penalty reaches a predefined
threshold the route is suppressed. Decay algorithm is used to reduce penalty after a route remains for
certain period in suppress mode. Only EBGP routes can be dampened, IBGP is not applicable. Router
assigns dynamic metrics to each flapping route & if a route stops flapping after dynamic timer route
start re-advertising. BGP uses multiple variables to manage route flapping:
 Penalty is assigned to a route whenever it flaps; penalty value per flap is 1000.
 Suppress limit if penalty crosses suppress limit value then the route is suppressed. Default is 2000.
 Half-Time configurable timer that router waits to reduce the penalty by half. Default is 15 min.
 Reuse limit configurable timer that is compared with penalty. If current penalty is less than re-use
limit than a suppressed route will be unsuppressed & advertised to peer. Default is 750.
 Routes cannot be suppressed beyond Maximum Suppress Time default is 60 minutes.
In example if a prefix flapped thrice 3000 penalty is assigned which higher than default suppress limit,
hence route will be not be advertised to peer. After Half-Time meaning after 15 min penalty will be
reduced half to 1500 but still route is suppressed, after one more Half-Time if current penalty is 1500
than it further cuts to 750 which is equivalent to Reuse-limit meaning prefix will be unsuppressed &
now it will be advertised. Up to 60 minutes if penalty value of prefix failed to match or lower than
Reuse-limit than it will be flush from BGP table.
• Configuring Basic BGP – This section of configuration will include BGP configuration, peering with
neighbors, managing IBGP routes & connection in AS, EBGP connection, aggregation routes etc.
o Peering BGP – First step to enable BGP process in router:
 Router(config)router bgp <as #> - Enables BGP process on router by providing local AS #. Only
single BGP routing process can be configure on router.
 Router(config-router)#bgp router-id <ip_addr> - Overrides legacy method of RID selection
process. Requires BGP reset if applied after establishing connections or by changing RID value.
 Router(config-router)neighbor <intf_ipaddr> remote-as <as#> - If neighbor AS # is same as local,
BGP considers as IBGP, else EBGP if its different. Neighbor IP address & remote as must match
else relationship wont get established. Multiple neighbor statement with same & different AS # can
be specified.
 Router(config-router)#timers bgp <keepalive> <hold-time> - Modifies default BGP timers.
 Router#show ip bgp neighbors <ip_addr> - Displays all or specific neighbor with detail info.
o Injecting IGP into BGP – Injecting IGP routes into BGP has advantages & disadvantages:
 Advantages –
1. Simple Configuration – By redistribution all IGP routes are automatically known by BGP peers.
2. Automatic Convergence - Any IGP route becomes unavailable will get converge automatically by
sending withdrawn between BGP peers.
 Disadvantages –
1. Illegal networks – AS border wont advertise illegal IGP networks & need additional configuration.
2. Subset advertisement – With redistribution all routes in IGP table will be redistributed even if
subset of routes required. Routing policy configuration requires to achieve such goals.
(This document will never be final) 8
3. Instability – Frequent unstable IGP routes will make core routers unstable.
4. Loosing control – With redistributing BGP loose precise control over IGP routes, which may
require additional configurations to prevent any type of failure in local or remote AS. Alternative
is to use network command that advertise IGP routes only if they are available in routing table.
When network command used with IGP it specifies the address of interface/s on which routing to
be enabled, but when used with BGP it specifies prefix to be advertised by looking into routing
table. Regardless if its locally configured on interface or learned via IGP.
 Configuration – Redistribution of OSPF/IS-IS into BGP behaves different than EIGRP/IGRP/RIP:
 Router(config-router)#network <local or EBGP net_addr> mask <net_mask> route-map
<map_name> backdoor – Prefix could be local network address on BGP router, learned via
IGP or via backdoor, this prefix must exist in RIB before its advertised. Announcing prefix with
network command varies depending whether auto-summarization is enabled or not. Prefix will be
entered into BGP table ONLY if following 3 conditions are met:
1. Auto-summarization is enabled. It will automatically summarize to major net & advertise prefix.
2. Exact matching network entry in routing table as specified using network statement.
3. Classful or classless mask specified with matching network in statement.
When auto-summary is disabled, the routes introduced locally into BGP table will not summarized
to their classful boundaries. With network 0.0.0.0 default-route is send to all peers. Only selective
prefix is advertised instead all by redistribution CLI. Origin is IGP (“i”). See Backdoor
Configuration.
 Router(config-router)#redistribute <RP> <pid> - Redistributes all routes learned by specified
RP & PID. If metrics is specified than default is 0 for local networks & same metrics as entered in
IGP table. Metrics in BGP is considered as MED value. Origin type is Incomplete (“?”). Use route
filter to advertise subset of routes.
 Router(config-router)#no auto-summary – BGP auto-summarize networks at boundaries, this
CLI will turn off auto-summarization. Also disable on EIGRP/RIPv2 it they are redistribution RP.
o Injecting BGP into IGP – EBGP routes can be redistributed into any type of IGP in 2 ways, with
redistribution command into RP & second way is to creating & redistributing static route pointing to
EBGP neighbor into RP. Redistributing BGP into IGP will lost BGP path attributes. Similarly default
route can be injected on per neighbor basis or to all peers:
 Router(config-router)#redistribute bgp <as#> - Redistributes BGP routes installed in global routing
table to other routing process. Associate metric else use default-metric command.
 Router(config-router)#neighbor <ip_addr> default-originate – Advertises default-route to single
neighbor only.
 Router(config)ip route 0.0.0.0 0.0.0.0 Null0 – Create a static route pointing to null interface & then
advertise default network with network 0.0.0.0 command.
o IBGP without IGP – Every IBGP peer must establish either full-mesh relationship or directly connect
to RR. No special configuration is required, basic BGP configuration is used to establish peer
connection. Points to remember, when designing AS without IGP:
 No Synchronization – Because no IGP configured there is no need to synchronize with routing table
to forward routes to EBGP peers. Requires resetting BGP connection to make it effective.
 Full-mesh IBGP peers – Requires all IBGP peer to establish full mesh connectivity or configure RR
in AS. This way all IBGP can exchange learn route & have perfect picture of internal & external
network.
 All networks & subnets connecting IBGP peers must be known – It requires for establishing logical
BGP connection when there is no physical connectivity between IBGP peers. IBGP peers do not
change NEXT-HOP attributes in IBGP peers, if NEXT-HOP is unreachable then prefix will not get
install in routing table.
o Route Aggregation – IGP or BGP routes can be aggregated or summarized in 2 different ways, first is
to create summarized static route & other is with aggregate command. Aggregate command provides
much better way to control summary network:
 Router(config)#ip route <summary_net> <summary_mask> Null0 – Create summarized network
static route pointing to Null interface & than advertise same network with network statement.
 Router(config)#aggregate-address <summary_net> <summary_mask>
 advertise-map <route_map_name> – By default aggregator router inherits all attributes attached
to each prefix which can create problem, for example if one of the route has COMMUNITY
(This document will never be final) 9
attribute of NO_EXPORT then aggregator will inherit such attribute which stops sending
aggregated route to peer. Such prefixes can be blocked by this parameter used with route-map. It
also used for conditional aggregate address advertisement by matching prefix using route-map.
 as-set – Includes AS-SET attribute with list of unordered AS# to specified aggregated prefix
which prevents routing loop.
 attribute-map <route_map_name>– Modifies / applies attribute to aggregated prefix.
Redistributed route has ORIGIN type “?” but when they are aggregated, BGP creates new prefix
& it has ORIGIN type “i”. Any new attribute can be applied or existing can be modified with this
command & associating with route-map.
 route-map <route_map_name>– Associate route-map to police summary network.
 summary-only <route_map_name>–By default both non-summarized & summarized prefix is
advertise. With this parameter only summary route will be advertised to peer & others will be
suppressed. Verify with “sh ip bgp” command, status code with “s” means its suppressed.
 suppress-map<route_map_name> – Useful only when summary-only option is not used. Router
advertises aggregated + non-summarized prefixes but filtering certain non-summarized prefix that
matches ACL.
o Neighbor statement – Unlike other routing protocols, BGP configuration is different since it
establishes peer connection in different way. In major all BGP features are configured based on per
neighbor, except some configuration is for router itself. Following are list of possible parameter used
for per neighbor basis configuration:
 Advertisement-interval – Certain period of gap between updates is introduced. Convergence could
affect if gap or delay high. Default Updates gap is 5 sec for IBGP & 30 sec for EBGP peers.
 Advertise-map – See Configuring Conditional Routing.
 Allowas-in <1-10> – BGP accepts Update with its own AS# from specified peer.
 Default-originate <route-map-name> – Sends default-route only to single neighbor.
 Description – Description to each neighbor can be applied with up to 80 characters.
 Distribute-list <acl#> <in | out> - Use it to filter prefix from peers for in or outbound direction.
 Ebgp-multihop <1-255> – Use when EBGP peer is not directly connected when away from no. of
hop count. Always use when remote-ip-address is loopback interface.
 Filter-list <acl#> <in | out> - Filters ALL routes based on AS # included in AS-PATH, AS-PATH
ACL is used filter prefixes. Always check AS-PATH in BGP table before creating AS-PATH list.
 Maximum-prefix <prefix#> <%> warning-only – Restricts to receive specified number of prefix
from peer, router disables BGP connection with peer if it receives higher number than its configured
which requires to be manually cleared. By specifying warning-only parameter router will not disable
BGP connection, rather generates warning message when it receives prefix of 75% & above
configured value. By specifying percent value default 75% will be changed.
 Next-hop-self – Router swaps NEXT-HOP attribute for EBGP prefix to its own before advertised to
IBGP peers. Alternative is to sync with IGP, primarily used in NBMA partial-meshed network. See
Configuring Route-Map using other way to modify NEXT-HOP attribute.
 Next-hop-unchanged –
 Password – Configure identical MD5 password between peer or peer-group.
 Peer-group <group-name> – See Configuring peer group
 Prefix-list <list_name> <in | out> – Same as distribution-list but more powerful to match exact
tuple information from Update. Both cannot co-exist for same neighbor & filtering direction.
 Remote-as <1-65535> – Range from 64512-65535 is used private-as & should not be forwarded
into Internet. If remote-as is same as local as # then IBGP connection is established else EBGP.
 Remove-private-as – Private-AS are used in single-homed ISP network. With this parameter ISP
removes private AS #, prepend its own AS # & sends prefix to peers. Rules of remove-private-as#:
1. Only be used with EBGP peers.
2. If Update has private AS# in AS-PATH, it will be removed.
3. If Update has private & public AS# in AS-PATH then private AS# will not be removed.
4. If AS-PATH contains AS# of EBGP peer, then private AS# will not be removed.
5. In confederation, it works as long as private AS# are after confederation portion of AS-PATH.

(This document will never be final) 10


 Route-map <route_map_name> <in | out> - Route map is more powerful than distribution-list
command, it can be used for NLRI/Prefix filtering, AS-PATH filtering, modifying attributes etc.
ACL, AS-PATH list & Prefix-list can be used in with of route-map. See “Configuring Route-Map”.
 Route-reflector-client – See “Configuring Route-Reflector”.
 Send-community <both | extended | standard> – See “Configuring Community”.
 Shutdown – Closes TCP & BGP session with peer.
 Soft-reconfiguration inbound – Applies new policies on prefix in memory that has received from
specific neighbor without resetting TCP & BGP session to make it affective. Requires soft reset with
clear ip bgp <* | ipaddr> soft <in| out > to apply new policies on specified direction without tearing
TCP or BGP session.
 Timers <keepalive> <hold-down> – Sets BGP timer based on per neighbor instead common for all.
 Unsupress-map <route-map-name> – Use it when aggregated prefix is sent to peer. With this
command aggregated prefix + prefix matching route-map will sent as non-summarized prefix.
 Update-source <intf> – Identifies interface IP address from which IBGP Update are to be sourced.
Always provide interface name when RID is different than interface connecting to peer.
 Version – Modifies default version from 4.
 Weight <0-65535> – Cisco proprietary best route selection method out of multiple for same
destination. Weight value influence link for outbound traffic. Prefix with highest weight more
preference; prefix originated locally has default 32768 weight & 0 for all learned from peer. 3 ways
to assign Weight on prefix:
 All prefix learned via specific peer will have modified weight with neighbor weight command.
 Prefix that has specific AS-PATH can be used to modify weight value. Helpful when 2 paths
arriving different from AS & only 1 needs to be selected over other. AS-PATH ACL is used to filter AS-
PATH in attribute & ACL is used to filter prefix. Then filter-list as specified above it used with neighbor
command, filter-list is not used to filter route but used to select prefix. If neighbor weight & neighbor
filter-list weight is configured, than neighbor filter-list weight takes precedence. SUPPORTED BY 12.1?
 Route-maps with AS-PATH ACL can be used to assign weight value to some &/or all prefix
learned via specific AS-PATH only. See Configuring Route-Map.
• Configuring Admin. Distance – BGP uses 3 different admin distances: External (via EBGP/20),
Internal (via IBGP/200) & Local (originated locally/200). Type following to modify default:
o Router(config-router)distance <ad.dist> <neighbor_Id> <wildcard_mask> <ACL#> - Modifies
admin. distance of all prefixes learned from specified peer if ACL is not specified. Else modifies
distance for prefixes that matches standard ACL. Always use mask as 0.0.0.0.
o Router(config-router)distance bgp <external> <internal> <local> - Modifies admin. Distance
• Configuring Backdoor-Route –
• Configuring Route-Map – Used to filter in & outbound BGP Updates based on various conditions &
combinations. It can also be used to manipulate attributes of incoming BGP Update, & prefix with
modified attribute will be entered in BGP table or change outbound attribute, which is modified when
Update is sent to peer. Following is the list of matching criteria that can modify one or more prefixes:
 AS-PATH – Prefix that matches standard/extended ACL & via AS path can be used as matching
criteria. AS-PATH ACL is used to match AS-PATH attribute. Syntax is “match as-path”.
 COMMUNITY – See Configuring Community.
 Interface – Prefix learned via router’s interface could be used for matching criteria. Syntax is “match
interface <intf>”.
 IP – Prefix, NEXT-HOP or Route-source that matches standard ACL or prefix-list used for matching
criteria. Syntax is “match ip <address | next-hop | route-source> <1-99> <prefix-list-name>”.
 Length – Prefix that matches range of packet length can be used for matching criteria. Syntax is
“match length <min-length> <max-length>”.
 Metric – Prefix that matches specific MED value can be used for matching criteria. Syntax is “match
metric <0-4294967295>”.
 Route-type – Prefix that matches routes like locally generated route, learned via OSPF-Internal (Type
1 or 2), ISIS (L1/L2) NSSA (N1/N2) or External (BGP, EIGRP & OSPF). Syntax is “match route-
type <external | internal | level-1 | level-2 | local | nssa-external>”.
 Tag – Prefix matches TAG can be used for matching criteria. Syntax is “match tag <0-4294967295>”
o Setting Rule – Only Route-map can be used to modify following attributes types:
(This document will never be final) 11
 AS-PATH – MED attribute can influence the incoming traffic from neighboring AS, but it cannot
influence the routing decisions for more remote AS or beyond directly connected AS. AS-PATH
attribute is manipulated which will force BGP decision process in every AS to take path with lowest
AS-PATH. If 2 routers generating route with same destination than modify or increase AS-PATH
attribute for such prefix that they are not willing to receive traffic, in example if Router A is
generating prefix-X & Router B is generating prefix-Y for same destination but Router A wants
prefer Router-B for incoming traffic from different AS. Then Router A will manipulate AS-PATH
value of prefix-X, type following configure:
 Router(config-route-map)#set as-path prepend <as#> - Since prefix are used to influence “IP”
matching criteria with ACL or prefix-list can be used. Use same AS # as prepending router’s AS.
Applies for eBGP peers only.
 COMMUNITY – See “Configuring Community”.
 DAMPENING – With route-map dampening can be done based on prefix matching ACL or prefix-
list instead applying on all prefix based with bgp dampening command. Applies for eBGP peers
only.:
 Router(config-route-map)set damp <half-time> <reuse-limit> <supp-limit> <max-supp-limit>
 INTERFACE – Add info.
 IP – Multiple choices available but following rules applies for BGP:
 Default NEXT-HOP – Add info.
 Router(config-route-map)#set ip default next-hop <ip_addr>
 NEXT-HOP <ip_address> – NEXT-HOP address can be changed by matching any criteria that
are listed above. With inbound route-map, prefix received from peer will override NEXT-HOP
attribute advertised by peer & set specified address. With outbound route-map advertised NEXT-
HOP will be replaced with specified address. Add Peer-group info.
 Router(config-route-map)#set ip next-hop <ip_addr | peer-address>
 LOCAL-PREF – Attribute is used to set preference among multiple routes to same destination. It is
not limited to single router; rather it is communicated within an AS between IBGP peers. Route with
higher the value has more preference over others default is 100. LOCAL-PREF can changed based
on multiple matching parameters as show above that uses different filtering mechanism:
 Router(config-route-map)#set local-preference <0-4294967295> - Modify default value.
 MED – Used to influence the routing decision in neighboring AS. Upon receiving EBGP update
with MED from peer will be forwarded to all IBGP peers but not other EBGP. Prefix with lowest
MED is preferred default is 0 for locally generated or same as IGP metric if redistributed. Mostly
IP matching criteria mentioned above can be used to modify default. Type following:
 Router(config-route-map)#set metric <1-4294967295> – With route-map prefix originated locally
or redistributed will have specified MED is advertised to peer if no matching criteria is used.
 Router(config-router)#default-metric <1-4294967295> - Sets & advertised specified MED value
on redistributed routes into BGP. Set metric has higher precedence over this command.
 Router(config-route-map)#set metric-type internal – With Route-Map sub-command BGP
inherits IGP metric of prefix to MED automatically. This is useful when multiple routes are
received by an AS & required to select prefix based on IGP metric, instead entered by admin.
 Router(config)#bgp always-compare-med – Configure it when a router receives multiple path for
same destination from different AS & needs to choose prefix with lowest MED.
 Router(config)#bgp bestpath missing-as-worst – Considers a path with a missing MED attribute
having infinity value or as worst path.
 ORIGIN – Default origin type can be modified by any matching criteria mentioned above.
 Router(config-route-map)#set origin <egp | igp | incomplete> - Modify default origin value.
 TAG – Tags are useful when a route is redistributed between RP. By default when BGP is
redistributed into IGP, redistributed BGP AS number is automatically assigned to IGP tags. But
requires manual configuration when IGP is redistributed in BGP, type following:
 Router(config-route-map)#set as-path tag – Sets AS-PATH in tag field of IGP RP without
matching any criteria. Used when IGP routes are redistributed into BGP process.
 Router(config-route-map)#set automatic-tag – Along with AS-PATH with this command
ORIGIN code can also be set automatically in IGP tag field. It requires to match AS-PATH
attribute as matching criteria on set information in it, is also requires following command.

(This document will never be final) 12


 Router(config-router)#table-map <route-map-name> - BGP process requires this command to
assign attribute information in metric & tag field. Used when BGP is redistributed into IGP.
 WEIGHT – Weight value can be modified by matching any criteria mentioned above.
 Router(config-route-map)#set weight <0-4294967295> - Modify default value.
o Configuring Peer-groups – Peer groups can be used when large number of peers has similar routing
policies & configuration options. Peer group is local specific only & does not carry any information
between peers. Incoming routing policies that are defined for a single peer group member takes
precedence over incoming routing policies defined for the peer group, meaning if policy applied to
entire peer-group will be overridden if other policy is applied to peer-member. Type following to
configure, assign & verify peer group configuration:
 Router(config-router)#neighbor <peer-group-name> peer-group – This statement under BGP
routing process creates peer group.
 Router(config-router)#neighbor <remote_ip_addr> peer-group <peer-group> - Adds neighbor to
peer-group list who will share common routing policies & configuration options.
 Router(config-router)#neighbor <peer-group> <options> - Peer-groups inherits remote-as, version,
update-source, out-route-map, out-filter-list, out-dist-list, min-advertisement-interval & next-hop.
 Router#show ip bgp peer-group <peer-group> - Displays detail information of specified peer-
group name if associated else it displays same information for all configured peer-groups.
o Configuring Route-Reflector – RR is another way to reduce the number of IBGP connections. RR
uses ORIGINATOR_ID & CLUSTER_ID attributes to prevent routing loop. Type following to
configure RR on only RR & normal configuration client will form RR cluster:
 Router(config-router)neighbor <ipaddr> route-reflector-client – Enables client as RRC but do not
sends any information to client. RR will automatically add ORIGINATOR_ID (RID) in prefix
learned from RRC.
 Router(config-router)bgp cluster-id <1- 4294967295> - If there are multiple RR in single cluster
than cluster id is required to configure on every RR which prevents routing loop between RR. Only
RR can exchange CLUSTER_ID attribute between them.
 Router(config-router)#no bgp client-to-client reflection – Routes are communicated between fully
meshed RRC under normal IBGP rules, & RR will stop reflecting routes between RRC. It continues
to reflect routes between clients to peers outside the cluster.
 Router(config)#show ip bgp <prefix> – Verify this command from RR that shows detail
information about client with their originator id & cluster id.
o Configuring Communities – Whereas peer groups enable you to apply common policies to a group of
neighbors, communities enable you to apply policies to a group of routes. Single prefix can have more
than 1 community & max is 255. 3 basic step to configure community:
 Router(config)#ip bgp community new-format – Standards have defined new AA:NN format, with
this command router will use new format instead old decimal. AS# : Admin. Defined #.
 Router(config-router)#neighbor <ipaddr> send-community – Enables community attribute
forwarding to peer, receiving peer will not forward this attribute to other peers unless this command
is configured.
 Router(config-router)#network <net_ipaddr> route-map <route_map_name> - Advertise
network with community. Required to set community value using route-map command.
 Router(config-route-map)#match ip address <ACL | prefix-list> - ACL or prefix-list can be used
to match prefix where community is required to set. Only IP will be used as matching criteria.
OR
 Router(config-route-map)#match community <1-199> - Specify Community-list to match prefix
that contains specific communities#.
 Router(config-route-map)set community <attribute> - After match command, set command will
set community attribute. Community attribute type is discussed on page4.
 NO-EXPORT – Prefix with this attribute will not be advertised to EBGP peer.
 NO-ADVERTISE – Same as NO-EXPORT, difference it is sent only to IBGP peers. Since it has
to match AS numbers, AS-PATH list is used.
 LOCAL-AS – Hybrid of NO-EXPORT & NO-ADVERTISE, used in conjunction of
confederation member-AS. Prefix with LOCAL-AS attribute in member-AS can be advertised to
other member-AS within the AS but not outside the AS.

(This document will never be final) 13


 NONE – With none parameter set community command will ignore all community attributes
received from specific BGP peer. Route-map & ACL or prefix list is used to match specific peer.
Which also does not requires neighbor send-community command to send attribute.
 <1-4294967200> - Default is in decimal format but can be used in AA:NN format, where AA is
AS # & NN is admin defined number ranging from 1-65540. Community number value is
assigned in attribute field of specific prefix that matches ACL or prefix-list. Rules can be set on
admin defined value instead common community attributes.
 Router(config-route-map)#set comm.-list – Removes advertised communities from prefix received
from peer by matching community-list.
 Router#show ip bgp community <commu#> <exact> - Displays prefix to specified communities.
• Configuring BGP Load-Balancing – Pending.

o Configuring BGP Confederation – Confederation reduces large number of IBGP connection in an


AS by creating sub-AS known as member-AS. Member-AS still follows IBGP rules but forms
Confederation EBGP connection between member-AS, AS outside the confederation still sees
confederation AS as single AS. Same or different IGP can be used in different member-AS, all BGP
routers in entire confederation AS must support this feature. Type following to configure:
 Router(config-router)#router bgp <member-AS> - Configure member-AS as local-AS even though
router has EBGP connection outside the confederation AS.
 Router(config-router)#bgp confederation identifier <local-AS> - Specify local-AS# which is
advertised outside confed-AS, type on router that has normal EBGP peer connection in outside
confed-AS.
 Router(config-router)#bgp confederation peer <member-AS> <member-AS> - Router will form
Confed-EBGP connection to other member-AS#, specify each member-AS# for each Confed-EBGP
peers. Type only on router running Confed-EBGP.
 Router(config-router)#bgp deterministic-med – Enables BGP process to compare MED when
choosing best path of prefix to confederation-AS destination.
 Router(config-router)#bgp bestpath med confed – Same effect as bgp deterministic-med command.
If a prefix has an external AS# in its AS-PATH & other routes to same destination have only
Confederation AS# in their AS-PATH, the router choose the confederation internal path with lowest
MED & ignores the path with the external AS#.
• Configuring Route-Filtering –
o Distribute-list – Using standard & extended ACL prefix filtering can be applied on per neighbor basis
with distribute command. Type following to configure it:
 Router(config-router)#neighbor <ip_addr> distribute-list <1-199> <in | out> - Prefix filtering can
be done based on per neighbor basis with this command.
o Prefix-list – Can be used as an alternative to ACL in many BGP route filtering. The indicated number
of bits in prefix is compared with number of bits in the network number in Update. If the prefix
matches, further subnet mask bits are verified. The prefix-list line can indicate a range of subnet mask
bit to permit or deny, if range is not provided than it will match exact tuple. Prefix-list uses sequence
number for each entry in list this number is automatically generated; if it’s disabled then manually
sequence number must be provided. Advantages of prefix-list are shown below:
 Improves performance in loading route lookup for large filtering list, user-friendly CLI & flexibility.
 Supports incremental update with standard ACL but not with Extended.
Filtering by prefix list involves matching of routes with those listed in prefix-list. When there is a
match, the route is used. Based on following prefix they are permitted or denied, like ACL:
 An empty prefix-list permits all prefixes.
 An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
 When a prefix matches multiple entries in a list, then sequence number of a prefix list entry
identifies the entry with the lowest sequence number, which is considered to be the real match.

(This document will never be final) 14


Type following to configure & verify prefix-list, which in turn can be used with route-map:
 Router(config)#<no> ip prefix-list <list-name> <seq [seq-value]> deny | permit <net/len> ge
<ge-value> le <le-value> - Creates prefix-list by following associated parameters & their values:
 List-name – Name of prefix-list should be same to follow set of rules, same as ACL.
 Seq-value – Only required if automatic sequence generating is disabled. If automatic than it starts
from 5 & incremented by 5 for next prefix entries.
 Net/len – Tuple with network & mask in bits. For ex. 0.0.0.0/0 indicates default route.
 Ge-value – Specifies range of prefix length to be matched for prefixes that are more specific than
network/len. Without this value it is assumed an exact tuple to be match & filtered. For ex. Prefix
192.168.0.0/16, 192.168.0.0/17 & 192.168.0.0/18 with ge-value 18, only 192.168/18 is allowed.
 Le-value – Specifies range of prefix length to be matched for prefixes that are more specific than
network/len. Without this value it is assumed an exact tuple to be match. For ex. Prefix
192.168.0.0/16, 192.168.0.0/17 & 192.168.0.0/18 with le-value 18, all prefixes will be allowed.
 Router#show ip prefix-list <detail | summary> name <network/len> seq <seq-name> -
Displays detail or summary list of prefix-list based on name, network/len or sequence numbers.
 Router(config)#neighbor <remote_ipaddr> prefix-list <prefix-list-name> <in | out> - Filters
BGP routing from neighbor based on direction it is specified.
 Router(config)#distribute-list prefix-list <prefix-list-name> out <RP> - Prefix can be filtered
based on routes redistributed from other RP.
o More prefix examples:
 Ip prefix-list 1 permit 0.0.0.0/0 ge 32 – All host routes will be matched.
 Ip prefix-list 2 permit 128.0.0.0/2 ge 17 – Any prefix with Class-B subnets. Started from 128
since Class-B subnets always has binary sequence 10 in first octet.
 Ip prefix-list 3 permit 0.0.0.0/0 le 32 – All prefixes.
 Ip prefix-list 4 permit 0.0.0.0/0 – Only default route is permitted.
 Ip prefix-list 5 permit 0.0.0.0/1 le 24 – Any prefix in Class-A covering at least 256 host address.
o AS-PATH list – Use when filtering path between AS’s. Used to filter or modify attributes of prefix
based on matching prefix & AS-PATH by using AS-PATH ACL/prefix-list attribute. Prefix originated
in AS will have AS-PATH attribute empty & added only at border router when prefix leaves AS. So
filtering prefix with empty AS-PATH will not achieve its goal. AS-PATH functions similarly like
ACL, first match indicates permit or deny as specified at the end without any match will be explicitly
denied. Always verify exact AS_PATH with prefix in BGP table before creating. AS-PATH filtering
can be done on per neighbor basis with filter-list, type following to configure AS-PATH:
 Router(config)#ip as-path access-list <1-199> <permit | deny> <regexp> - Configures AS-PATH
statement, both standard & extended ACL can be used to filter prefix.
 Router(config)#neighbor <remote_ipaddr> filter-list <1-99> <in | out> - Configures AS-PATH
filtering based on per neighbor.
 Router#show ip as-path-access-list <1-99> – Displays specific or all AS-PATH list.
 Router#show ip bgp regexp <exp> - Displays all routes in BGP table matching regexp. It also tests
all or single (when expression is provided) regexp to check if configuration is typed correctly.
 Router#show ip bgp filter-list <1-99> – Displays & test the entire as-path ACL of all prefix
currently in BGP table which had an AS-PATH attribute permitted by ACL.
o Route-Map – See Configuring Route-MAP
o Configuring community list – Used to create groups of communities to use in a match clause of
route-map. Created like ACL, each statements are checked till its found. Type following to configure:
 Router(config)#ip community-list <1-199> <permit | deny > <community#> - Both standard &
extended ACL can be used to match prefix. To set, advertise or modify communities on prefix use
this list with route-map as specified in Configuring Communities on page 12.
 Router#show ip bgp community-list <1-199> - Displays community-list information.
• Configuring Conditional routing – BGP Cond-Adv provides additional control of route advertisement
depending on existence of other prefixes in table. BGP Cond-Adv feature uses non-exist-map &
advertise-map to track prefix. If prefix is not present in non-exist-map, then prefix specified by advertise-
map is announced. The announced route is installed in table as locally originated route. The announced
route will be originated by BGP only if the corresponding IGP route exists. After the prefix is locally
originated by BGP, BGP will advertise prefix to IBGP & EBGP peers. If the route prefix is present, the
route in the advertise-map is not announced. Type following to configure conditional routing:
(This document will never be final) 15
o Router(config-router)#net <addr>-Advertise network that matches advertise-map & non-exist-map.
o Router(config-router)#neighbor <ip_addr> advertise-map <route_map1> non-exist-map <route-
map2> - Use 2 separate route-maps for this case, if prefixes specified in non-exist-map is missing then
router starts advertising prefix specified in advertise-map. Both ACL & prefix-list can be used, no
other attribute can be used for Cond-Adv to filter specific prefix with specific attributes.
o Router#show ip bgp neighbor <ip_addr> - Will display route-map name & current status.
o Configuring Route Dampening – As discussed earlier Route Dampening feature brings stability in
BGP network that can cause by unstable networks. Route dampening applies for eBGP peers only, to
configure & verify type following:
 Router(config-router)#bgp dampening <route-map-name>– Enables Route Dampening feature on
router with default timer values. Route map can be used to match with different matching criteria.
 Router(config-router)#bgp dampening <Half-time> <Reuse-limit> <suppress-limit> <Max-
suppress-limit> - Modifies default value, each timers are mentioned below:
 Half-Time <1 | 45> – Reduces current penalty value to half, default is 15 min. Reducing value
will unsuppress route quicker, but reducing too low can cause unstable route to advertise & that
makes network unstable.
 Reuse-limit <1 | 20000> - If current penalty value is same or low as reuse-limit value than route is
unsuppress & starts re-advertising. Default is 750.
 Suppress-limit <1 | 20000> - If current penalty value is same or higher than suppress-limit value
than route will not get advertise. Reducing this timer very low can bring instability default is 2000.
 Max-suppress-limit <1 | 255> - Max time that a dampened route is suppressed. Range is 1-255
default is 60 minutes, which is 4 times of Half-Time.
 Router#show ip bgp – Show prefixes unstable prefixes with status code “d” & “h”. Suppressed
routes will have “d” & unsuppressed but with penalty prefix will have “h” status code.
 Router#show ip bgp <prefix> - Shows detail timer info. & current dampening values of prefix.
 Router#show ip bgp flap-statistics – Shows only prefix with “d” & “h” status code.
 Router#show ip bgp dampened-path – Shows only routes that are dampened or suppressed.
 Router#clear ip bgp flap-statistics <regexp (mchar)> – Clears suppressed & non-suppressed prefix
from dampening state & starts advertising. Specific prefix can be advertised when used with regexp.
 Router#clear ip bgp dampening-paths – Clears only suppressed prefix from dampening state &
starts advertising to peers.
• Following table shows definition with examples of regexp & metacharacters used in BGP:
Metacha What it Matches
ra
ct
er
^ Start of a line. Use carat to match AS where prefix is originated. For ex. prefix X has AS-
PATH of 100,200,300 & prefix Y has 111, 222, 333 then specifying ^100 will match
prefix X. However if there is prefix Z with AS-PATH 1000,2000, 3000 then specifying
^100 will match both prefix X & prefix Z.
$ End of a line. If $ is not specified than specified literal + any ending character will be
matched. For ex. if AS-PATH for prefix X is (100,200,300) & prefix Y has
(1000,2000,3000), in this case both prefix (100 & 1000) will be selected if only 100 is
specified.
_ (Underscore) A comma, the beginning of the line, the end of the line or a space. Use this
metacharacter to match exact AS-PATH. For example if AS-PATH (100,200,300) needs
to be match than ^100_200_300$ will be used if ^ & $ is not applied than any other AS #
in beginning or ending can be matched but still literal should be matched with sequence.
. Any single character, including white space. For example if AS-PATH 100, 101, 102,
1000 needs to matched then with _10._ it will match 1, 10, 101, 102 except 1000. With
this character $ is not required. With .* it will match all AS #.
[] Any character listed between brackets. Bracket enables to specify range of single
character, useful if they are in sequence. For example if AS-PATH 700,701,702,703,704,
705 needs to be filtered than ^70[0-5]$ will statically match first 2 character but range of
last character. Requires other statement it its AS-PATH of sequence.

(This document will never be final) 16


[^] Any character except those listed between the brackets. Caret is placed before the
sequence of literals. If ^ is used inside the bracket than except range, all other character
will be matched. For example if AS-PATH is 700,701,702,703,704,705,706,777 then with
70[^0-5]_ only 706 & 777 will be matched & range from 0-5 will be filtered.
- Any character in the range between the two literals. For example all AS-PATH between
100 to 200 will be match if [100 - 200] is specified.
? Zero or one instances of the character or pattern. For ex. if AS-PATH of prefix X is
100,200,300 & 1000,2000,3000 for prefix Y, then by specifying 30? will match both 300
& 3000 but specifying 30?._ will only match prefix X.
* Matches specified repeating literals in AS-PATH. For example if ^(100)*$ is specified
than it will match AS-PATH with (100) or (100,100) & so on. .* will match all AS #.
+ Matches at least one or more literal in AS-PATH. For example if AS-PATH of prefix X
contains 110,220,330 & 1200,2400,3600 for prefix Y then specifying 2+ will match both
prefixes however specifying 11+ will only match prefix X.
| Used to specify OR operation. For example any prefixes contains either AS 100 or AS101
can be filtered with (100 | 101).
\ Sometime literals may include special character like “(“ which requires this metacharacter
to match exact AS #. For example ^\(64700_ will match AS starting from (64700, for AS-
PATH (64700) 100 200 used in Confederation-AS.

• Troubleshooting flow-chart for BGP:

(This document will never be final) 17


(This document will never be final) 18
• Troubleshooting Missing BGP routes in table.

(This document will never be final) 19

S-ar putea să vă placă și