Border Gateway Protocol (BGP)

BGP Overview

Purpose of BGP

Border Gateway Protocol (BGP) is the standard protocol for inter-domain routing, enabling the exchange of routing information between autonomous systems (ASes). An AS is a collection of IP networks under a single administrative entity, such as an ISP or large enterprise. BGP ensures global reachability across the internet by determining optimal paths between ASes.

Path-Vector Protocol

BGP is a path-vector protocol, maintaining a table of paths (or AS paths) to each destination. Each route includes a list of ASes that the packet must traverse, preventing loops and providing policy-based routing decisions based on attributes like AS path length.

BGP vs IGP

Unlike Interior Gateway Protocols (IGPs) like OSPF or EIGRP, which operate within a single AS and optimize for speed and bandwidth, BGP focuses on scalability and policy control across ASes. IGPs use metrics like cost or bandwidth, while BGP uses attributes like AS path and local preference for path selection. BGP handles larger routing tables and supports complex policies but converges slower than IGPs.

BGP Message Types

• Open: Initiates a BGP session, exchanging AS numbers, router IDs, and capabilities.
• Update: Advertises new routes or withdraws unreachable ones, including path attributes and NLRI (Network Layer Reachability Information).
• Keepalive: Sent periodically (default 60 seconds) to maintain neighbor sessions.
• Notification: Sent when an error occurs, closing the session (e.g., invalid AS number).

BGP Neighbor Relationships

iBGP vs eBGP

• iBGP: Runs between routers in the same AS. iBGP peers share routes learned from eBGP but require a full mesh or solutions like route reflectors.
• eBGP: Runs between routers in different ASes, typically across organizational boundaries. eBGP peers directly exchange routes between ASes.

BGP Neighbor States

BGP neighbors progress through these states:

1. Idle: No connection initiated.
2. Connect: TCP connection attempt in progress.
3. Active: TCP connection failed, retrying.
4. OpenSent: Open message sent, awaiting reply.
5. OpenConfirm: Open message received, awaiting Keepalive.
6. Established: Session active, routes can be exchanged.

Requirements for Neighbor Relationships

• Matching AS numbers (for iBGP) or different AS numbers (for eBGP).
• TCP port 179 connectivity.
• Correctly configured neighbor IP addresses.
• Consistent timers (optional but recommended).

BGP Configuration

eBGP Neighbor Setup

Router> enable
Router# configure terminal
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 remote-as 65002
Router(config-router)# neighbor 192.168.1.2 activate
Router(config-router)# network 10.0.0.0 mask 255.255.255.0
Router(config-router)# exit
            

This configures eBGP with AS 65001, peering with a neighbor in AS 65002, and advertises the 10.0.0.0/24 network.

iBGP Neighbor Setup with Loopback

Router(config)# router bgp 65001
Router(config-router)# neighbor 1.1.1.1 remote-as 65001
Router(config-router)# neighbor 1.1.1.1 update-source Loopback0
Router(config-router)# neighbor 1.1.1.1 next-hop-self
Router(config-router)# exit
            

Uses a loopback interface for iBGP stability. next-hop-self ensures the router advertises itself as the next hop for routes.

eBGP Multihop

Router(config)# router bgp 65001
Router(config-router)# neighbor 2.2.2.2 remote-as 65002
Router(config-router)# neighbor 2.2.2.2 ebgp-multihop 2
Router(config-router)# neighbor 2.2.2.2 update-source Loopback0
Router(config-router)# exit
            

Allows eBGP peering over multiple hops, useful when neighbors aren't directly connected.

BGP Path Attributes

• Next-hop: IP address of the next router to reach the destination.
• AS-path: Sequence of ASes a route traverses, used to prevent loops.
• Origin: Source of the route (IGP, EGP, or incomplete).
• MED: Suggests preferred entry point to an AS (lower is better).
• Local Preference: Influences outbound path selection within an AS (higher is better).
• Weight: Cisco-specific, local to a router (higher is better).
• Community: Tags routes for policy application (e.g., no-export).

Route Selection Process

BGP selects the best path using these criteria, in order:

1. Highest Weight (Cisco proprietary).
2. Highest Local Preference.
3. Locally originated routes.
4. Shortest AS-path.
5. Lowest Origin (IGP < EGP < incomplete).
6. Lowest MED.
7. eBGP over iBGP.
8. Lowest IGP metric to next-hop.
9. Lowest Router ID (if no other tiebreakers).

BGP Route Advertisement

Network Command

Router(config)# router bgp 65001
Router(config-router)# network 10.1.1.0 mask 255.255.255.0
            

Advertises a specific network into BGP, requiring an exact match in the routing table.

Route Redistribution

Router(config)# router bgp 65001
Router(config-router)# redistribute ospf 1 match internal external
            

Redistributes OSPF routes into BGP, with filters to control which routes are advertised.

Filtering Routes

Router(config)# ip prefix-list PERMIT_10 deny 10.2.0.0/16
Router(config)# ip prefix-list PERMIT_10 permit 10.0.0.0/8 le 24
Router(config)# route-map FILTER_10 permit 10
Router(config-route-map)# match ip address prefix-list PERMIT_10
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 route-map FILTER_10 out
            

Filters outbound advertisements to allow only specific prefixes.

BGP Route Filtering

Filter-List, Prefix-List, Route-Map

Router(config)# ip as-path access-list 1 permit _65002_
Router(config)# route-map AS_FILTER permit 10
Router(config-route-map)# match as-path 1
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 filter-list 1 in
            

Filters routes based on AS path, allowing only routes from AS 65002.

AS-Path Filtering with Regular Expressions

Router(config)# ip as-path access-list 2 permit ^65002_65003$
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 filter-list 2 in
            

Permits routes originating from AS 65002 and passing through AS 65003.

BGP Attributes Manipulation

Local Preference

Router(config)# route-map SET_LOCAL_PREF permit 10
Router(config-route-map)# set local-preference 200
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 route-map SET_LOCAL_PREF in
            

MED

Router(config)# route-map SET_MED permit 10
Router(config-route-map)# set metric 50
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 route-map SET_MED out
            

Weight

Router(config)# route-map SET_WEIGHT permit 10
Router(config-route-map)# set weight 1000
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 route-map SET_WEIGHT in
            

AS-Path Prepending

Router(config)# route-map AS_PREPEND permit 10
Router(config-route-map)# set as-path prepend 65001 65001
Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 route-map AS_PREPEND out
            

BGP Troubleshooting

Key Commands

• show ip bgp: Displays BGP table with attributes.
• show ip bgp summary: Shows neighbor status and prefixes received.
• show ip bgp neighbors: Details neighbor configuration and state.
• debug ip bgp: Logs BGP events (use cautiously).

Common Issues

• Stuck in Active: Check TCP connectivity (port 179).
• Missing routes: Verify network statements, filters, or next-hop reachability.
• Incorrect AS: Ensure neighbor AS matches configuration.

BGP Peering Authentication

Router(config)# router bgp 65001
Router(config-router)# neighbor 192.168.1.2 password MySecretPass
            

Enables TCP MD5 authentication to secure BGP sessions.

Route Reflectors

iBGP requires a full mesh, which scales poorly. Route reflectors (RRs) reduce this by allowing a router to reflect routes to other iBGP peers.

Router(config)# router bgp 65001
Router(config-router)# neighbor 1.1.1.1 remote-as 65001
Router(config-router)# neighbor 1.1.1.1 route-reflector-client
Router(config-router)# bgp cluster-id 1.1.1.1
            

Configures the router as a route reflector for the specified client.

Confederations

Confederations divide an AS into sub-ASes to reduce iBGP full-mesh requirements while appearing as a single AS externally.

Router(config)# router bgp 65010
Router(config-router)# bgp confederation identifier 65001
Router(config-router)# bgp confederation peers 65020
Router(config-router)# neighbor 192.168.1.2 remote-as 65020
            

Configures a sub-AS (65010) within confederation AS 65001.

BGP Route Dampening

Route dampening suppresses unstable routes to prevent flapping from affecting the network.

Router(config)# bgp dampening 15 750 2000 60
            

Sets penalty timers: half-life 15 minutes, reuse 750, suppress 2000, max-suppress 60 minutes.

BGP for IPv6

IPv6 Peering

Router(config)# router bgp 65001
Router(config-router)# neighbor 2001:db8::2 remote-as 65002
Router(config-router)# address-family ipv6
Router(config-router-af)# neighbor 2001:db8::2 activate
Router(config-router-af)# network 2001:db8:1::/64
            

BGP-LU (Label Unicast)

Used in MPLS networks to advertise labeled IPv4/IPv6 routes.

AFI/SAFI Concepts

Address Family Identifier (AFI) and Subsequent AFI (SAFI) define the type of routing information (e.g., IPv4 Unicast, IPv6 Unicast, VPNv4).

BGP with MPLS VPNs

MP-BGP

Multi-Protocol BGP extends BGP to support multiple address families, like VPNv4 for MPLS VPNs.

VPNv4 and Route Distinguishers

Route Distinguishers (RDs) make overlapping customer prefixes unique in MPLS VPNs.

Router(config)# router bgp 65001
Router(config-router)# address-family vpnv4
Router(config-router-af)# neighbor 1.1.1.1 activate
Router(config-router-af)# exit
            

Conclusion

BGP is a robust, policy-driven protocol essential for inter-domain routing. Its flexibility supports complex scenarios like MPLS VPNs, IPv6, and large-scale networks, but it requires careful configuration to optimize performance and stability. Mastery of BGP is critical for CCNP ENARSI, covering neighbor relationships, path attributes, filtering, and troubleshooting.