CCNP (Cisco Certified Network Professional) Route Certification Exam Cram Notes

3. Layer3 Technologies

3.15 BGP

The border gateway protocol is the standardized exterior gateway protocol proposed to exchange routing and the reachability information between the autonomous systems on the internet. The BGP neighbors are called as peers. This peer is established by the manual configuration between the routers to create the TCP session on the port.

There are three ways to advertise networks into BGP:

1.Using network command

2.Redistributing static routes to null 0 into BGP

3.Redistributing dynamic IGP routes into BGP

However, redistributing dynamic IGP routes into BGP may result in instability, and therefore not recommended.

BGP version 4 supports CIDR (Classless InterDomain Routing). Important features are:

1. BGP update messages include both the prefix and prefix length.

2. Addresses can be aggregated when advertised by a BGP Router.

3. The AS path attributes can include a combined list of all AS numbers that all of the aggregated routes have passed through and should be considered to ensure that the route is loop free.

images/pin-icon.png

To distribute Border Gateway Protocol (BGP) neighbor information use the neighbor distribute-list command in address family or router configuration mode

When the aggregate-address command is used within BGP routing, the aggregated address is advertised, along with the more specific routes. The "summary-only" keyword suppresses the more specific routes and announces only the summarized route.

External BGP (eBGP) is used to establish session and exchange route information between two or more autonomous systems. Internal BGP (iBGP) is used by routers that belong to the same Autonomous System (AS).

Routers running BGP in an AS use network Policy to choose the best path. Metrics are not used in BGP. Remember that Internet is made of autonomous systems (AS) that are connected together based on Policies specific to each AS. Also, AS numbers (ASN) are assigned by AINA and are unique over the Internet. In an internet (not big I) the ASNs can be assigned by the corporation itself that is implementing internet.

1. A stub AS is a single-homed network with only one entry and exit point. This type of AS can be connected to the external world through the use of a statically configured route.

2. Transit AS: Data from one AS need to reach a remote AS, then it has to travel through intermediate AS. The AS or Autonomous Systems which carry the data from one AS to another AS is (are) called Transit AS (es).

3. eBGP: External BGP is used between two or more Autonomous Systems.

4. iBGP: Internal BGP is used within an AS.

The following are the four possible message types in a BGP header:

  • Type 1: OPEN message - This is the first message sent after TCP session is established.
  • Type 2: UPDATE message - An UPDATE message contains a new route or a route to be withdrawn or both. Note that only one new route can be advertised with one UPDATE message.
  • Type 3: NOTIFICATION message - this message is sent if an error occurs during a BGP session. This message can be used to troubleshoot the problem.
  • Type 4: KEEPALIVE message - KEEPALIVE message is used to confirm that the connection between the neighboring routers is still active.

BGP Configuration command Example:

RouterA(config)#router bgp 1340

The above command sets the RouterA to autonomous system number 1340. where 1340 is the AS number which can have a value between 1 and 65535 in an internetwork.

The command: clear ip bgp *

clears all the entries from the BGP routing table and reset BGP sessions. This command is used after every configuration change to ensure that the change is activated and that peer routers are informed.

Another command,

clear ip bgp <address>

ex: clear ip bgp 172.31.0.0 removes the specified network from the BGP table.

Example: Consider the example, RouterA and RouterB are running eBGP as shown in the fig.

images/642801qid34.jpg

RouterA to establish neighbor relationship with RouterB command syntax is

router bgp 100
neighbor 175.23.1.2 remote-as 200

Also, it is important to know that the eBGP peers are directly connected while the iBGP peers are not. iBGP routers don't have to be directly connected, as long as there is some IGP running that allows the two neighbors to reach one another. If two routers belong to the same AS, then they run iBGP, whereas, if they belong to different ASs, they need to run eBGP.

iBGP routers don't have to be directly connected, as long as there is some IGP running that allows the two neighbors to reach one another. If two routers belong to the same AS, then they run iBGP, whereas, if they belong to different ASs, they need to run eBGP

The following router configuration mode example sets the weight of all routes learned via 165.22.10.1 to 50:

router bgp 110
neighbor 165.22.10.1 weight 50

To assign a weight to a neighbor connection, use the neighbor weight command.

neighbor {ip-address | peer-group-name} weight <weight>

To remove a weight assignment, use the no form of this command:

no neighbor {ip-address | peer-group-name} weight <weight>


To specify the networks to be advertised by the Border Gateway Protocol (BGP) use the network command -"network <network-number> [mask network-mask]"

To remove an entry, use the no form of this command

no network <network-number> [mask network-mask]

To configure a fixed router ID for a BGP-speaking router, use the bgp router-id router configuration command.

bgp router-id {ip-address}

By default, The router ID is set to the IP address of a loop back interface if one is configured. If no virtual interfaces are configured, the highest IP address is configured for a physical interface on that router. Note that peering sessions will be reset if the router ID is changed

It is true that, if Prefix lists are applied for filtering BGP updates, a route is advertised when prefix is permitted. A route is not advertised when the prefix is not permitted.

To distribute Border Gateway Protocol (BGP) neighbor information as specified in an access list, use the neighbor distribute-list command in address family or router configuration mode

You can delete a prefix list that was configured earlier on a BGP speaking routed by using the command "no ip prefix-list" followed by the list name.

The following are a few examples of how a prefix list can be used (while configuring BGP policies to filter route updates):

To deny the default route 0.0.0.0/0:

ip prefix-list mylist1 deny 0.0.0.0/0

To permit the prefix 20.0.0.0/8:

ip prefix-list mylist1 permit 20.0.0.0/8

The following examples show how to specify a group of prefixes.

To accept a mask length of up to 24 bits in routes with the prefix 192/8:

ip prefix-list mylist1 permit 192.0.0.0/8 le 24

To deny mask lengths greater than 25 bits in routes with a prefix of 192/8:

ip prefix-list mylist1 deny 192.0.0.0/8 ge 25

Do not apply both a neighbor distribute-list and a neighbor prefix-list command to a neighbor in any given direction (inbound or outbound) on a BGP router. Please note that these two commands are mutually exclusive, and only one command (neighbor prefix-list or neighbor distribute-list) can be applied to each inbound or outbound direction.

When route map is configured in BGP, there is an implicit "deny any" at the end of a route map. When a route map is configured in BGP, after checking all the route map statements, there is an automatic denial of route if no match is found. This is same as in ACLs.

  • A BGP peer group is useful to decrease the overhead of configuring policies on all individual BGP neighbors in an AS. When a peer group is created, policies are assigned to the peer group name and not to the individual neighbors.
  • Update policies are normally set by route maps, distribution lists, and filter lists.
  • Members of the peer group can be configured to override the configuration options for incoming updates, but not to the outgoing updates.

When a route reflector in a BGP AS receives an update, it takes the following actions, depending on the type of peer that sent the update:

  • If the update is from a non-client peer : It sends the update to all clients in the cluster.
  • If the update is from a client peer: It sends the update to all nonclient peers and to all client peers.
  • If the update is from eBGP peer: It sends the update to all nonclient peers and to all client peers.

Communities are basically labels that are attached to BGP routes. A few of these labels have pre-defined meanings. The well-known communities are:

  • NO_EXPORT: The NO_EXPORT community tells a router it should only propagate any prefixes this community is attached to over iBGP, and not propagate it over eBGP to external autonomous systems.
  • NO_ADVERTISE: NO_ADVERTISE Tells the router to not advertise the prefix over BGP at all. Most, if not all, routers automatically honor these communities when they're present. So if you want to overrule this behavior, you need to filter them out.
  • NO_EXPORT_SUBCONFED: NO_EXPORT_SUBCONFED does something similar to NO_EXPORT in networks using confederations to limit the number of iBGP sessions.
  • NOPEER: NOPEER was defined later and indicates that a prefix "need not" be advertised over peering relationships.

Many routers don't automatically propagate communities. On a Cisco router, you'll have to enable this explicitly for a BGP neighbor with the "send-community" keyword:

The following are well known communities in BGP:

  • Internet: All routers belong to this community by default. Advertises the route to internet community.
  • No-export: This indicates not to advertise a route to eBGP
  • No-advertise: This indicates not to advertise a router to peers.
images/pin-icon.png

The community attribute in BGP can contain a value in the range 0 to 4294967200.

1. Prefer the path with the highest WEIGHT. Note that WEIGHT is a Cisco-specific parameter. It is local to the router on which it is configured.

2. Prefer the path with the highest LOCAL_PREF. Note that a path without LOCAL_PREF is considered to have had the value set with the bgp default value of 100.

3. Prefer the path that was locally originated via a network or aggregate BGP subcommand or through redistribution from an IGP.

4. Local paths that are sourced by the network or redistribute commands are preferred over local aggregates that are sourced by the aggregate-address command.

5. Prefer the path with the shortest AS_PATH.

6. Prefer the path with the lowest origin type. Among the paths, note that, IGP is lower than Exterior Gateway Protocol (EGP), and EGP is lower than INCOMPLETE.

7. Prefer the path with the lowest multi-exit discriminator (MED).

8. Prefer eBGP over iBGP paths.

The correct syntax to configure a router as a BGP route reflector is:

RouterA(config-router)#neighbor <ip-address> route-reflector-client 

Here, it is:

RouterA(config-router)#neighbor 144.44.44.1 route-reflector-client 

The above command will configure RouterA as a route reflector with the specified neighbor 144.44.44.1 as the route reflector's client.

Router(config-router)#neighbor 10.10.10.1 weight 55

The above command assigns a weight of 55 to a BGP neighbor connection at 10.10.10.1,that is routes received from neighbor router with ip address 10.10.10.1 will be assigned a weight of 55.

IBGP works a little different from EBGP. There are a set of rules that apply to IBGP implementation which make IBGP different from EBGP.

  • Routes learnt from One IBGP Peer cannot be advertised to another IBGP Peer.
  • Rule of Synchronization: For A Route to be learnt from an IBGP neighbor, it must first be known via an IGP. Any route learnt from IBGP is entered into the routing table only if that route is first learnt by an IGP

In iBGP, the routes learnt from one iBGP neighbor are not advertised to another iBGP neighbor due to the BGP Split Horizon Rule. To overcome the issues generated by this rule, one option is to have a full mesh of iBGP routers, where each iBGP router is peering directly with all other iBGP routers in the AS. The solution is feasible if you have a small number of iBGP routers, but it will not scale if you need a large number of iBGP speaking routers in the AS.

The number of iBGP Sessions needed in an AS for Full mesh IBGP are calculated with the formula N(N-1)/2.

So assuming you have 10 iBGP routers then the number of iBGP peering sessions would be 10(10-1)/2 = 45 iBGP Sessions to manage within the AS. Thats a lot of configuration and a lot of room for errors and may become difficult to troubleshoot.

Route Reflectors and and Confiderations are used as alternative mechanisms to address this problem: Route Reflectors and Confederations

The assignable BGP autonomous system numbers are from 1 to 65,535 (I.e. 65,535 in total). Autonomous system numbers are of 16 bit length. This 2 ^ 16 = 65536 -1 possible ASNs, since ASN of all 0s is not assigned. Out of this,

The Internet Assigned Numbers Authority (IANA) has reserved the following block of AS numbers for private use (not to be advertised on the global Internet) :

64512 through 65535

images/pin-icon.png

Before any route information is exchanged between any two routers running BGP, a TCP connection need to be established. Route information is exchanged between the BGP routers only after the TCP connection is established.

Port number 179 is used to establish a session between two routers running BGP.

Well-Known mandatory attributes must appear in all BGP update messages. The well-known mandatory messages are:

  • AS_PATH : BGP messages carry the sequence of AS numbers indicating the complete path a message has traversed.
  • NEXT_HOP : This attribute indicates the IP address of the next-hop destination router.
  • ORIGIN : This attribute tells the receiving BGP router, the BGP type of the original source of the NLRI information.

Any two routers that have formed a TCP connection in order to exchange BGP routing information are called peers, or neighbors. BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent as the routing table changes. BGP keeps a version number of the BGP table, which should be the same for all of its BGP peers. The version number changes whenever BGP updates the table due to routing information changes. Keep alive packets are sent to ensure that the connection is alive between the BGP peers and notification packets are sent in response to errors or special conditions.

To disable automatic summarization of subnet routes into network level routes use the command :

no auto-summary

To enable automatic summarization of subnet routes into network level routes use the command

auto-summary

Note that by default, auto-summary is enabled.

Given below is the list of BGP attributes and their significance:

1. AS path - An ordered list of all the autonomous systems through which this update has passed. Well-known, mandatory.

2. Origin - How BGP learned of this network. i = by network command, e = from EGP, ? = redistributed from other source. Well-known, mandatory.

3. Local Preference - A value telling IBGP peers which path to select for traffic leaving the AS. Default value is 100. Well-known, discretionary.

4. Multi-Exit Discriminator (MED) - MED (Multi_EXIT_DESCRIMINATOR) attribute is an optional non-transitive attribute that is used by BGP to inform the neighboring AS which link to use to receive traffic. Lowest MED is preferred. Optional, non-transitive.

5. Weight - Cisco proprietary, to tell a router which of multiple local paths to select for traffic leaving the AS. Highest weight is preferred. Only has local significance.

Various debug commands useful in troubleshooting bgp are:

  • Debug ip bgp events: Displays all bgp events as they occur.
  • Debug ip bgp dampening: Displays bgp dampening events as they occur.
  • Debug ip bgp keepalives: Displays all events related to bgp keepalive packets.
  • Debug ip bgp updates: Displays information on all bgp update packets.

Methods available for filtering BGP updates

  • Distribute lists: To restrict the routing information that the router learns or advertises, you can filter based on routing updates to or from a particular neighbor. The filter consists of an access list that is applied to updates to or from a neighbor.
  • AS_Path filtering: Here, you specify an access list on both incoming and outgoing updates based on the value of the AS_path attribute.
  • Route Map Filtering: Here, the "neighbor route-map" router configuration command is used to apply a route map to incoming and outgoing routes.
  • Community Filtering: You can filter by setting the community attribute on router updates.
  • Distribute lists: are standard or extended access lists applied to a BGP router's session that permit or deny advertised routes on the network based on the applicable criteria.

In a router running BGP, when you are configuring prefix lists, the sequence numbers automatically assigned are :5, 10,15,20 etc.

when no sequence numbers are used while configuring prefix lists. As can be seen, the first number assigned is 5 and the increment value is also 5.

Prefix lists (filtering) are available only in Cisco IOS versions 12.0 and later. The following are important characteristics of Prefix lists

  • These are used for filtering BGP routing updates, so that certain path policy is applied.
  • Prefix lists doesn't put as much load on the processor as that of Access lists.
  • Prefix lists are easier to configure and implement.
  • These are read one line at a time as that of Access lists.
  • There is an implicit deny all at the bottom of the Prefix list. One exception is that, if the prefix list is empty, there will be an implicit permit any.
  • The statement with smallest sequence numbers are read first.

The following are a few examples of how a prefix list can be used (while configuring BGP policies to filter route updates):

To deny the default route 0.0.0.0/0:

ip prefix-list mylist1 deny 0.0.0.0/0

To permit the prefix 20.0.0.0/8

ip prefix-list mylist1 permit 20.0.0.0/8

The following examples show how to specify a group of prefixes.

To accept a mask length of up to 24 bits in routes with the prefix 192/8

ip prefix-list mylist1 permit 192.0.0.0/8 le 24

To deny mask lengths greater than 25 bits in routes with a prefix of 192/8:

ip prefix-list mylist1 deny 192.0.0.0/8 ge 25

To distribute Border Gateway Protocol (BGP) neighbor information as specified in a prefix list, use the neighbor prefix-list command in address family or router configuration mode.

The following router configuration mode example applies the prefix list named mylist1 to incoming advertisements to neighbor 192.10.0.0:

router bgp 100
network 120.101.0.0
neighbor 192.10.0.0 prefix-list mylist1 in

To enable the synchronization between Border Gateway Protocol(BGP) and Interior Gateway Protocol (IGP) system, we use the synchronization command. To enable the Cisco IOS software to advertise a network route without waiting for the IGP, use the no synchronization command. By default, synchronization is enabled.

The following router configuration mode is an example that enables a router to advertise a network route without waiting for the IGP:

router bgp 160
no synchronization

Given are :

AS number : 100
Peer group name : mygroup
The basic commands required are :
!
router bgp 100
neighbor mygroup peer-group

In BGP, when a route reflector is configured in a cluster, clients belonging to that cluster should not establish peer relationship with iBGP speakers outside of their cluster.

Below is a review of various terms associated with route reflectors:

Some of the terms used commonly with route reflectors are:

  • Route reflector: It is a router that is configured to advertise the routes learned from iBGP neighbors.
  • Client: A router that will share information with the router configured as route reflector.
  • Cluster: The set of all routers configured as route reflectors and clients.
  • Cluster ID: There can be more than one route reflector in a cluster. Then, cluster ID is used to identify the route reflectors uniquely in the specified cluster.

Range of numbers that can be assigned to BGP distribution list:

Note that distribute lists are created using IP standard access lists and IP extended access lists. The range of numbers for standard access list is 1 to 99 and extended access list is 100 to 199. Therefore, the allowed range of numbers is 1 to 199.

The BGP split horizon rule says that routes learned via an IBGP are never propagated to other IBGP peers. However, in the case of BGP route reflectors, there is an exception. A route reflector propagates the routes learned by IBGP to other IBGP peers.

A BGP speaking router will have two tables: one for IP routing information, and the other for BGP information. It is possible to share the information between the two tables.

Few recommended scenarios, where you use BGP are:

  • Connect two or more ISPs
  • The traffic flow out of your network need to be managed to suit the requirements of your organization.
  • The traffic need to be sent through one AS to get to another AS.

TCP is the protocol used to establish session, when two BGP routers are exchanging route information.

BGP Show commmands:

Show ip bgp: Displays entries in the BGP routing table for one network prefix or the entire BGP routing table

Syntax: show ip bgp [prefix-length]

prefix-length: Display BGP information for a single network prefix.

Description: Use the show ip bgp command to display entries in the BGP routing table. It will also displays the Metric, LocPrf, Weight, and Path attribute values for each route.

Use the prefix-length keyword to display information for a single network prefix.

The following is the sample output of "show ip BGP" command-line

images/showipbgp.jpg

Show ip bgp summary: To display the status of all Border Gateway Protocol (BGP) connections use the command show ip bgp summary. It displays BGP path, prefix, and attribute information for all connections to BGP neighbors. 

A prefix is an IP address and network mask. It can represent an entire network, a subset of a network, or a single host route. A path is a route to a given destination. By default, BGP will install only a single path for each destination. If multipath routes are configured, BGP will install a path entry for each multipath route, and only one multipath route will be marked as the bestpath.

images/showipbgpsummary.jpg

"State/PfxRcd" column, which shows the BGP states. Below is the list of BGP states in order, from startup to peering:

  • Idle: the initial state of a BGP connection. In this state, the BGP speaker is waiting for a BGP start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state.
  • Connect: In this state, BGP is waiting for the TCP connection to be formed. If the TCP connection completes, BGP will move to the OpenSent stage; if the connection can not complete, BGP goes to Active
  • Active: In the Active state, the BGP speaker is attempting to initiate a TCP session with the BGP speaker it wants to peer with. If this can be done, the BGP state goes to OpenSent state.
  • OpenSent: the BGP speaker is waiting to receive an OPEN message from the remote BGP speaker
  • OpenConfirm: Once the BGP speaker receives the OPEN message and no error is detected, the BGP speaker sends a KEEPALIVE message to the remote BGP speaker
  • Established: All of the neighbor negotiations are complete. You will see a number (2 in this case), which tells us the number of prefixes the router has received from a neighbor or peer group.

Show ip route bgp: Typical output of this command is given below:

R1# show ip route bgp

128.13.0.0/24 is subnetted, 1 subnets
B 128.13.16.0 [20/0] via 10.10.10.2, 00:09:32
B 130.130.0.0/16 [20/0] via 10.10.10.2, 02:48:46

The administrative distance (20) is shown in the command output along with the route information and the up-time

The command "show ip bgp routes" shows the BGP routes.

Your enterprise need to use BGP to connect to an ISP if it has different policy requirements than the ISP.

Show ip bgp neighbor: The show ip bgp neighbors command is used to display BGP and TCP connection information for neighbor sessions. For BGP, this includes detailed neighbor attribute, capability, path, and prefix information. For TCP, this includes statistics related to BGP neighbor session establishment and maintenance. This command displays information only about IPv4 address-family sessions unless the all keyword is entered.

images/642801qid127.jpg

Previous   Contents   Next


CCNP Route Cram Notes Contents certexams.com ad