BGP

Port 179 Private AS Numbers: 64512-65535

toc

=Attributes=
 * ===__Categories__===
 * **Mandatory** - in every update
 * **Discretionary** - not required in every update
 * **Transitive** - silently forward attribute to routers without considering its value
 * **Non-transitive** - router will remove; to not propagate to peers
 * **Non-transitive** - router will remove; to not propagate to peers


 * ===__Well Known__===
 * ====**Origin** (M)====
 * =====Codes=====
 * IGP - **i** - network, aggregate-address, neighbor default-originate
 * EGP - **e**
 * Incomplete - **?** - redistribute, aggregate-address, default-information originate
 * =====Aggregate-Address=====
 * **i** - as-set not used or as-set used and all component subnets have origin "i"
 * **?** - as-set used, as least one "?"
 * ====**AS-Path** (M)====
 * =====AS_SEQ=====
 * ordered list
 * space delimiter
 * no enclosing characters
 * =====AS_SET=====
 * unordered list of ASNs of component subnets
 * coma delimiter
 * enclosed in brackets { }
 * =====AS_CONFED_SEQ=====
 * space delimiter
 * enclosed in parenthesis
 * =====AS_CONFED_SET=====
 * coma delimiter
 * enclosed in brackets { }
 * ====**Next-Hop** (M)====
 * ip address
 * ====**Local-Dereference** (D)====
 * ====**Atomic Aggregate** (D)====
 * tags NRLI as summary


 * ===__Optional (trans/no-trans)__===
 * ====**Aggregator** (T)====
 * lists RID and ASN of router that created the summary
 * ====**Community** (T)====
 * identifier to group routes by
 * ====**Multi-Exit Descriminator** (N)====
 * ====**Originator ID**====
 * used by RR to denote RID of iBGP neighbor that injected into the AS
 * ====**Cluster List**====
 * lists RR cluster IDs to prevent loops

=Policies=

Exclude inaccessible next-hop, highest weight, highest local preference, originated routes, shortest AS path, lowest origin code, lowest MED, EBGP over IBGP, IBGP with closest IGP Neighbor, EBGP with oldest path, lowest BGP router-id
 * ===Step 0 - __NEXT_HOP Reachable__===
 * config-router# neighbor 2.2.2.2 next-hop-self (eBGP default)
 * config-router# neighbor 2.2.2.2 next-hop-unchanged (iBGP default)
 * ===Step 1 - __Larger Administrative Weight__===
 * Cisco proprietary
 * identifies a single router's best route
 * **scope** - single router
 * 0 for learned; 32768 for locally injected; 0-65525 (2^16 - 1)
 * config-route-map# set weight
 * config-router# neighbor 2.2.2.2 weight
 * ===Step 2 - __Highest LOCAL_PREF__===
 * identifies best exit point from AS to reach NLRI
 * **scope** - throughout AS including confederation sub-as
 * **default** - 100
 * config-router# bgp default local-preference <0-4,294,967,695>
 * config-route-map# set local-preference
 * config-router# neighbor 2.2.2.2 router-map ("in" param for eBGP peer)
 * ===Step 3 - __Locally Injected__===
 * BGP assigns weight of 32768 for locally injected; decision is made in step 1
 * Possibility
 * "network 2.2.2.2" and "redistribute connected" commands
 * both have weight of 32768
 * default to same LOCAL_PREF
 * ORIGIN code used for this step
 * ===Step 4 - __Shortest AS_PATH__===
 * AS_SET only counts as 1
 * AS_CONFED_SEQ & AS_CONFED_SET do not count
 * config-router# neighbor 2.2.2.2 remove-private-as (64512 - 65535)
 * config-router# neighbor 2.2.2.2 local-as no-prepend
 * config-router# bgp bestpath as-path ignore (skips this entire step)
 * config-route-map# set as-path prepend
 * ===Step 5 - __Best ORIGIN__===
 * EGP(e) should not occur today
 * only one IGP(i) and rest unknown(?); IGP will be best
 * config-route-map# set origin
 * ===Step 6 - __Smallest MED__===
 * tell a neighbor how good this route is
 * **scope** - advertised from 1 AS to another; no other AS's
 * **default** - 0
 * config-router# bgp bestpath med missing-as-worst (makes default value the highest possible; 2^32 - 1)
 * config-route-map# set metric
 * config-router# bgp always-compare-med
 * config-router# bgp deterministic-med (processes routes per adjacent AS picking best from each neighboring AS)
 * ===Step 7 - __Neighbor Type__===
 * eBGP > iBGP
 * ===Step 8 - __Smallest IGP Metric__===
 * metric to reach NEXT_HOP
 * router looks for route in table
 * ===Step 9 - __Lowest RID__===
 * examin eBGP routes only, pick lowest RID advertiser
 * if only iBGP routes exist, pick lowest RID advertiser
 * exception to above rules
 * when already has best route to NLRI
 * new route to known prefix is advertised
 * decision process is applied
 * if no decision and existing is eBGP; then do not replace
 * config-router# bgp bestpath compare-routerid (always use lowest RID)
 * ===Step 10 - __Lowest Neighbor ID__===
 * lowest RID of all current neighbors advertising the NLRI

=Communities=


 * group routes together so routing policies can be applied
 * COMMUNITY attribute; transitive; downstream routers will receive
 * ===New Format - AA:NN===
 * AA is 16-bit number, potentially represent ASN
 * NN is a value set by that ASN
 * config# ip bgp-community new-format
 * ===Community Lists===
 * ====Standard====
 * matches multiple communities with one command
 * limited to 16 lines per list
 * ====Extended====
 * supports matching with regular expressions
 * more than 16 lines per list
 * config# ip community-list [standard|extended] WORD
 * config-route-map# set comm-list WORD delete (deletes ones that match)
 * ===Special Values===
 * NO_EXPORT
 * FFFF:FF01 - do not advertise outside the AS; can advertise to confederations
 * NO_ADVERT
 * FFFF:FF02 - do not advertise to any peer
 * LOCAL_AS
 * FFFF:FF03 - do not advertise outside the local confederation sub-AS
 * config-route-map# match community
 * config-route-map# set community none
 * config-router# neighbor 2.2.2.2 send-community [both|standard|extended] (needs to be set on receiver of community attribute)

=Router ID=
 * config-router# bgp router-id
 * highest up/up loopback
 * highest up/up non-loopback

=Multi-Hop & Loopback=


 * even if router is 1 hop away, the route from the in-interface to the loopback still counts as one, to 2 hops will be needed

=Neighbor Checks=


 * TCP connection request's source address needs to be in "network" command
 * ASN must match neighbors referenced in "neighbor remote-as" command
 * RID of two routers must not be the same
 * MD5 authentication must pass if configured

=Neighbor States=


 * **Idle**
 * **Connect** - listen for TCP
 * **Active** - initiate TCP
 * **Open Sent** - TCP up; open message sent
 * **Open Confirm** - open message received
 * **Established** - neighbors up

=Message Types=


 * **Open** - establish neighbor relationship
 * **Keep-alive** - maintain neighbor relationship
 * **Update** - exchange routing information
 * **Notification** - when error occurs; neighbor relationship reset

=BGP Table=


 * ===__Routing Information Base (RIB)__===
 * holds Network Layer Reachability Information (NLRI)
 * IP Prefix
 * Prefix Length
 * ===__Injecting Routes/Prefixes__===
 * ====IGP, Static and Connected====
 * if metric is assigned, stored in MultiExit Discriminator (MED)
 * config-router# redistribute [static|connected] metric 9
 * config-router# redistribute eigrp 1
 * ====Impact of Auto-Summary====
 * only routes injected due to distribution
 * does not look for classful network boundaries
 * does not look at routes already in BGP table
 * ====Manual Summaries====
 * aggregate-address
 * sets AS_SEQ to null, could cause routing loops
 * set NEXT_HOP of summary in local BGP table to 0.0.0.0
 * if component subnets have same AS_SEQ, then summary will use the same AS_SEQ
 * if components have different AS_SEQ, set summary AS_SEQ to null
 * when "as-set" option, if AS_SEQ is null, router creates AS_SET
 * if advertised to EBGP, append ASN to AS_SEQ
 * ====Default Routes====
 * via redistribution
 * default-information originate
 * redistribute static
 * config-router# neighbor 3.3.3.3 default-originate route-map WORD
 * checks for default route before using self

=Multiple Routing Entries=


 * eBGP
 * steps 9 & 10 as tiebreakers
 * only routes with adjacent ASN that are the same ASN as the best route
 * if more candidates than configured for; step 9 & 10 tiebreaker
 * config-router# maximum-paths
 * iBGP
 * steps 9 & 10 as tiebreakers
 * only routes with different NEXT_HOP are considered
 * if more candidates than configured for; steps 9 & 10 tiebreaker
 * config-router# maximum-paths ibgp (# of possible IP routes)
 * MPLS
 * config-router# maximum-paths eibgp

=Origin Path Attribute=


 * ===__Codes__===
 * IGP - i - network, aggregate-address, neighbor default-originate
 * EGP - e
 * Incomplete - ? - redistribute, aggregate-address, default-information originate
 * ===__Aggregate-Address__===
 * i -as-set not used or as-set used and all component subnets have origin "i"
 * ? as-set used, as least one "?"

=Advertising Routes to Neighbors=


 * ===__Not Included__===
 * Routes that are not considered "best" - ibgp, ebgp
 * best out of multiple routes
 * choose shortest AS_PATH route
 * prefer single eBGP over one or more iBGP routes
 * choose lowest IGP metric to the NEXT_HOP
 * choose iBGP route with lowest BGP RID of advertising router
 * never best because of NEXT_HOP attribute
 * 0.0.0.0 as a result of being injected by local router
 * value thats not in the routing table
 * Routes that match Deny clause in outbound filter - ibgp, ebgp
 * iBGP-learned routes (unless route reflectors or confederations) - ibgp
 * ===__Changing NEXT_HOP__===
 * **iBGP** - do not change unless "neighbor ... next-hop-self" command
 * **eBGP** - change value to "update source" ip address unless "neighbor next-hop-unchanged" command
 * cannot change with route map

=Redistributing Routes=


 * ===__Sync__===
 * controls if route can be "best"
 * do not consider best unless its from IGP and in routing table
 * ===__Confederations__===
 * AS_CONFED_SEQ, AS_CONFED_SET
 * inside sub-as, full mesh required
 * confederation eBGP connections act like iBGP
 * except for TTL
 * confederations ASN not considered part of AS_PATH length
 * confederation routers remove confederation ASN from AS_PATH in updates to outside of the confederation
 * ===__Reflections__===
 * non-clients wont advertise to other non-clients
 * prevent lops
 * CLUSTER_LIST attribute - just like AS_PATH
 * ORIGINATOR_ID attribute - first peer to advertise into the AS, checks for self
 * reflects only best route

**Basic Configuration**

config# router bgp 1 config-router# neighbor 172.16.12.1 remote-as 1 (IBGP since 1=1)

config# router bgp 777 config-router# neighbor 2.2.2.2 remote-as 605 (EBGP since 777!=605) config-router# neighbor 2.2.2.2 ebgp-multihop 1...255 (hops) config-router# neighbor 2.2.2.2 update-source loopback 0

=Resetting Peer Connections=

config-router# neighbor 10.1.1.2 shutdown config# clear ip bgp *

=Timers=

config-router# bgp timers   config-router# neighbor .... timers  

=Advertisements=

config-router# network 10.5.1.0 mask 255.255.255.0 (needs to be specific) config-router# no synchronization (don't worry about having two routing protocols) config-router# neighbor 172.16.12.1 next-hop-self (tell router that you are the next hop)

=Authentication=

config-router# neighbor ... password WORD (md5)

=Route Reflector=

config-router# bgp cluster-id 1 config-router# neighbor 10.12.1.2 route-reflector-client (disable split-horizon to client)

=Confederations=

config# router bgp  config-router# bgp confederation identifier  config-router# bgp confederation peers 

=Minimize=

config-router# neighbor WORD peer-group config-router# neighbor WORD remote-as 65500 config-router# neighbor WORD route-reflector-client config-router# 10.12.1.2 peer-group WORD

=Redistribution=

config# router bgp 7500 config-router# neighbor 10.12.1.1 remote-ad 7500 config-router# redistribute ospf 1 config-router# neighbor 10.12.1.1 next-hop-self config-router# neighbor 10.46.1.6 route-reflector-client config-router# no synchronization

=Summarization=

config-router# aggregate-address 172.0.0.0 255.0.0.0 summary-only (only send summary to everyone)

config# access-list 30 permit 172.0.0 0.255.255.255 (match all 172.x.x.x routes) config# route-map WORD config-route-map# match ip address 30 config-router# aggregate-address 172.0.0.0 255.0.0.0 suppress-map WORD (dont send any routes that match the route map) config-router# neighbor 10.14.1.2 unsuppress-map WORD (invert the route map for this network)

=Route Filtering=

config# access-list 25 deny 172.0.0.0 0.0.0.0 permit any (match specific subnet) config-router# distribute-list 25 out (filter from all routers) config-router# neighbor 10.14.1.2 distribute-list 25 out (filter for specific neighbor) config# ip prefix-list WORD deny 172.0.0.0/8 config# ip prefix-list WORD permit 0.0.0.0/0 le 32 (less then equal to 32) config-router# neighbor 10.12.1.1 prefix-list WORD out

config# route-map WORD config-route-map# match ip address 25 config-router# neighbor 10.14.1.2 route-map WORD out

=Influencing Routing with Attributes=

config# access-list 61 permit 192.168.0.0 0.0.255.255 config# route-map WORD config-route-map# match ip address 61 config-route-map# set origin igp (igp > egp > unknown) config-router# neighbor 10.13.1.2 route-map WORD out

config# route-map WORD permit 20 (creates a permit any statement at sequence 20) config-route-map# set as-path prepend 7500 7500 7500 (use your own as number so you dont confuse any other routers)

config-route-map# set ip next-hop 10.1.1.1

config-route-mat# set metric 1000 (lower is better) config-router# bgp bestmatch med confed config-router# bgp bestmatch med missing-as-worst (is no metric then set as worst metric possible)

config-route-map# set local-preference 1000 config-route-map# set weight 8000 (set for neighbor an In direction)

=Filtering Using Regular Expressions=

config# ip as-path access-list 1 permit ^500$ config-route-map# match as-path 1

=Communities=


 * Internet - default
 * Local-AS - doesnt leave AS
 * No-Advertisement - send to router but do not forward after that
 * No-Export - dont send to egp peer except for confederations
 * None

0-65535 is IANA reserved

config-route-map# set community no-export config-router# neighbor 10.12.1.1 send-community

config# ip bgp-community new-format (to use colon)

config-route-map# match community 1 config# ip community-list 1 permit no-export config# ip community-list 103 permit

=Backdoor=

config-router# network 172.0.0.0 mask 255.0.0.0 backdoor (set admin distance to 200)

=AS Translations=

config-router# neighbor 172.0.0.0 local-as 65502

=View/Debug Commands=

show ip bgp summary show ip bgp neighbor show ip bgp neighbor ... advertised-routes show ip bgp neighbor ... received-routes (requires "neighbor .... soft-reconfiguration inbound" command) show tcp brief all show ip bgp community [no-export | local-as | no-advert | WORD] clear ip bgp * clear ip bgp * [soft [in|out]] (soft reconfiguration) debug ip bgp updates debug ip bgp events