BGP
Overview
BGP uses TCP port 179.
States
A BGP peer goes through six states:
| State | Function | Packet Sent |
|---|---|---|
| Idle | refuses connections (the initial state) | Create TCP Connection |
| Connect | waits for the connection to be completed | TCP |
| Active | listens for and accepts connections | TCP |
| OpenSent | waits for an OPEN message | OPEN |
| OpenConfirm | waits for a KEEPALIVE or NOTIFICATION message | KEEPALIVE and NOTIFICATION |
| Established | UPDATE, NOTIFICATION, and KEEPALIVE messages are exchanged with peers | UPDATE, NOTIFICATION, and KEEPALIVE |
Note
Established means a BGP session is fully formed between two peers.
Active means the peers have not yet established a BGP session.
Packet Type
| Type | Function |
|---|---|
| OPEN | Exchange information. Example: Version, AS, capability... |
| UPDATE | Route change update |
| NOTIFICATION | Inform the other side when errors are detected |
| KEEPALIVE | Confirms the capabilities that are sent in the OPEN message. Also Keep TCP connection alive |
| ROUTE-REFRESH | Request update from neighbors when policy changed |
Open Message
Hold Time(default: 180) is negotiated in the OPEN message. The smaller value wins.
Keep alive time is 1/3 of hold time. If keep alive time is set explicitly, the smaller value between the value set and 1/3 of hold time wins.
BGP Peer
IBGP
EBGP
TTL default is 1. This makes the TTL becomes 0 if the EBGP peer is not directly connected. It can be change by the following command.
(config-router)# neighbor 5.5.5.5 ebgp-multihop 3
Route-map
(config-router)# network 1.1.1.0 mask 255.255.255.0 route-map RM
(config-router)# neighbor 10.1.12.2 route-map RP out
(config-router)# redistribute ospf 1 route-map RP [match [internal] [external [1 | 2]] [nssa-external]]
redistributing OSPF only redistribute internal route by default.
Policy-list
!matches both as-path and community-list
ip policy-list as100 permit
match as-path 1
match community 1
route-map RP permit 10
match policy-list as100
match ip address prefix-list 100
set local-preference 300
Synchroinzation
If enabled, when a router receives routes from its IBGP peer, it will not send them to its EBGP peer if it does not have them in it IGP routing table. This ensure there is no router in that AS that does not know about that subnet and makes a route hole.
Synchroination is disabled by default.
Split Horizon
A router will not relay the routes that come from its IBGP router to its another IBGP router. This ensure no loop in an AS.
Show Command
IOU4#show ip bgp neighbor 10.0.24.2 received-routes
BGP table version is 9, local router ID is 10.0.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 10.0.24.2 0 100 0 100 i
Total number of prefixes 1
IOU4#show ip bgp neighbor 10.0.24.2 routes
BGP table version is 9, local router ID is 10.0.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 10.0.24.2 0 100 0 100 i
Total number of prefixes 1
IOU4#show ip bgp neighbor 10.0.24.2 advertised-routes
BGP table version is 9, local router ID is 10.0.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 10.0.24.2 0 100 0 100 i
*>i 5.0.0.0 10.0.45.5 0 100 0 i
*>i 5.5.5.0/24 10.0.45.5 0 100 0 ?
r>i 10.0.12.0/24 10.0.45.5 30 100 0 ?
r>i 10.0.24.0/24 10.0.45.5 20 100 0 ?
r>i 10.0.34.0/24 10.0.45.5 20 100 0 ?
r>i 10.0.45.0/24 10.0.45.5 0 100 0 ?
r>i 10.0.46.0/24 10.0.45.5 20 100 0 ?
Total number of prefixes 8
Authentication
R4(config)#router bgp 64477
R4(config-router)# neighbor 198.51.100.2 remote-as 65550
R4(config-router)# neighbor 198.51.100.2 password cisco
Route Filtering
Prefix-list
ip prefix-list 12 deny 12.12.12.0/24
ip prefix-list permit 0.0.0.0/0 le 32
router bgp 12
neighbor 10.1.23.3 prefix-list 12 out
Distribute-list
access-list 1 deny 12.12.12.0
access-list 1 permit any
router bgp 12
neighbor 10.1.23.3 distribute-list 1 out
ip prefix-list 12 deny 12.12.12.0/24
ip prefix-list 12 permit 0.0.0.0/0 le 32
router bgp 12
distribute-list prefix 12 out
Advertise-map
ip prefix-list 1 permit 11.11.11.0/24
ip prefix-list 2 permit 12.12.12.0/24
route-map RP1 permit 10
match ip address prefix-list 1
route-m-map RP2 permit 10
match ip address prefix-list 2
router bgp 100
!advertise RP1 if RP2 does not exist
neighbor 10.1.12.2 advertise-map RP1 non-exist-map RP2
ORF
An extended capability that let a router informs its incoming distribute list to its BGP neighbor using route-refresh message so that the peer can do the filter in its outgoing policy, which can reduce the bandwidth usage of the link.
!ORF Sender
router bgp 12
address-family ipv4 unicast
neighbor 10.1.12.1 capability orf prefix-list send
neighbor 10.1.12.1 prefix-list FILTER in
ip prefix-list FILTER deny 1.1.1.0/24
ip prefix-list FILTER permit
!ORF Receiver
router bgp 12
address-family ipv4 unicast
neighbor 10.1.12.2 capability orf prefix-list receive
Confederation
(config)# router bgp 64512
(config-router)# bgp confederation identifier 345
(config-router)# bgp confederation peers 64513
Between the confederations within an AS, the next-hop, MED, local preference attribute remains.
Path Attributes
BGP uses path attributes to provide the ability of path control.
Path attributes can be divided into 4 types.
| Type | Each router must support | Each router must forward |
|---|---|---|
| Well-known mandatory | Yes | Yes |
| Well-known discretionary | Yes | No |
| Optional transitive | No | Yes |
| Optional non-transitive | No | No |
Weight
Weight is an optional non-transitive attribute and is Cisco proprietary. BGP will use the path with highest weight as its best path.
Default is 32768 for local originated routes and 0 for the routes received from BGP peer.
Configuration
R1# configure terminal
R1(config)# route-map NET3 permit 10
R1(config-route-map)# match ip address 3
R1(config-route-map)# set weight 100
R1(config-route-map)# route-map NET3 permit 20
Local Preference
Local preference is a well-known discretionary attribute. It is transmitted only within an AS. BGP will use the path with highest LP as its best path.
Default is 100.
Configuration
Change the default value
Router(config-router)# bgp default local-preference value
Set it through route-map
AS-Path
AS-Path is a well-known mandatory attribute. BGP uses the path with a shortest AS-Path as its best path.
There are four segment types in AS-Path.
- AS_SET
- AS_SEQUENCE
- AS_CONFED_SET
- AS_CONFED_SEQUENCE
ip prefix-list 1 permit 10.0.0.0/8
ip as-path access-list 1 permit ^100_
ip as-path access-list 2 permit ^200_
ip community-list 1 permit 300:105
ip policy-list as100 permit
match as-path 1
match community 1
ip policy-list as200 permit
match as-path 2
match community 1
Origin
Origin is a well-known mandatory attribute.
Origin has 3 values:
- i - IGP
- e - EGP
- ? - Incomplete(for example redistributed route)
BGP prefers i, than e and the last ?.
MED
Multi-exit Discriminator is an optional non-transitive attribute. BGP uses a path with lowest MED as its best path if they are from the same AS.
Default is 0. When the path is redistributed from other IGP, MED is set to the metric of the that IGP.
If MED is received from an IBGP peer, the value will not be carried when it is advertised to an EBGP peer. MED is always carried when it is advertised to an IBGP peer.
Next Hop
Well-known mandatory attribute.
Tell the router where the next AS router locates. It is the update source of the EBGP peer by default. We can change the next hop to the relay router by the following command.
(config-router)# neighbor 1.1.1.1 next-hop-self
When a hub and spoke structure is used in MA, the next hop attribute will remain.
Community
4 bytes attribute that marks the routes. A path can contain 1 or more community values. The format is AA:NN, but Cisco uses an integer to display while we can change it to the original format using the following command.
(config)# ip bgp-community new-format
The router will not advertise a route with community by default, the following command is needed.
(config-router)# neighbor 2.2.2.2 send-community
There are some well known value of community.
| Community | Description |
|---|---|
| internet | Internet matches all routes |
| local-AS | Do not send outside local AS |
| no-advertise | Do not advertise to any peer |
| no-export | Do not export to next AS |
Community-list
There are 2 types of command-list: standard(1-99) and extended(100-199).
ip community-list {1-99} {permit | deny} value [value...]
ip community-list {100-199} {permit | deny} regexp
Matches a route contains community 100:11
ip community-list 11 permit 100:11
Matches a route contains both community 100:11 and no-advertise
ip community-list 11 permit 100:11 no-advertise
Matches a route contains 100:11 or no-advertise
ip community-list 11 permit 100:11
ip commnuity-list 11 permit no-advertise
Delete all the community within a community-list
ip community-list standard del permit no-export
ip community-list standard del permit 100:11
route-map test permit 10
set comm-list del delete
Excat-Match
ip commnuity-list 11 permit no-export
route-map test permit 10
match community 11 exact-match
Atomic_Aggregate
Informs the peer that this is a summary route.
Aggregator
Informs the peer who summarize this route.
Route Summary
Auto Summary
(router-bgp)# auto-summary
When using network command to introduce a route, the route keeps the prefix that are entered.
Manual Summary
(router-bgp)# aggregate-address 172.16.0.0 255.255.0.0 [summary-only]
AS Set
(router-bgp)# aggregate-address 172.16.0.0 255.255.0.0 [as-set]
The summary route will copy as_path, max MED, the least origin, all the communities.
Advertise Map
Because as-set enabled summary route keeps the communities, if there is a route that contains no-advertise community, the following command ensures the route will be advertised.
aggregate-address 172.16.0.0 255.255.0.0 summary-only as-set advertise-map adv
Suppress Map
A route that is suppressed will not advertise to the peers.
(router-bgp)# aggregate-address 172.16.0.0 255.255.0.0 [suppress-map route-map]
A unsuppress-map can overwrite this behavior can summar only.
access-list 1 permit 172.16.1.0
route-map unsupp permit 10
match ip address 11
router bgp 300
neighbor 10.1.35.5 unsuppress-map unsupp
aggregate-address 172.16.0.0 255.255.0.0 as-set summary-only
Attribute Map
route-map attr permit 10
set ?
aggregate-address 172.16.0.0 255.255.0.0 summary-only as-set attribute-map attr
Regular Express
ip as-path access-list 1 deny _600$
ip as-path access-list 1 permit .*
router bgp 300
neighbor 10.1.23.2 filter-list 1 in
ip as-path access-list 1 permit _600$
route-map setCommu permit 10
match as-path 1
set community no-advertise
route-map setCommu permit 10
router bgp 300
neighbor 10.1.23.2 route-map setCommu in
(config)# ip as-path access-list num {permit | deny} regexp
(config-router)# neighbor x.x.x.x filter-list as-path-filter {in | out}
show ip as-path-access-list
show ip bgp regexp xx
show ip bgp filter-list access-list-num
Route Reflector
| Source | Action |
|---|---|
| EBGP | Advertise to all neighbors |
| Non Client | Reflect to all clients, advertise to all EBGP neighbors |
| Client | Reflect to all clients and all non client IBGP neighbors, advertise to all EBGP neighbors |
Route reflector uses 2 extra path attributes to prevent loop:
- ORIGINATOR_ID - the source router id
- CLUSTER_LIST - list of cluster id
(config-router)# neighbor 10.0.24.2 route-reflector-client
Path Selection
There are 16 rules that BGP uses to determine which path to use.
- Weight
- Local Preference
- Local or Remote
- AS-Path
- Origin
- MED
- EBGP or IBGP
- Metric of NextHop
- Cost Community
In the following sections we will discuss the different rules in more detail.