CCIE: BGP
Unlink IGP’s, BGP does not use metrics to select best path. Instead, BGP is vector based. This path is determined with Path Attributes (PA’s). The default PA, if no others are set is AS-PATH. Shortest path to destination prefix is the best path.
Building the neighbor relationship:
TCP Port 179 (established based on neighbor address), Open, Established, and finally Updates (contains the prefix information). If there is a problem/error a “notification” message is sent.
Keepalive is 60 and hold time is 3 times or 180sec. Sent in Open message and they DO NOT have to match. Lower of the two is used mutually.
Authentication: MD5 only
Loopbacks require extra TTL hop, so multihop may be necessary for eBGP neighbors. (iBGP TTL is 255, eBGP TTL is 1). Overcome eBGP with “ebgp-multihop 255”
Two components to the BGP Table
1) NRLI: Prefix and mask
2) PA’s (NRLI’s that share the same PA’s)
Redistribution: When redistributing INTO BGP, if the metric is set it will alter the MED PA.
Auto-summary only affects network injection locally either through redistribution or the “network” command.
Use “aggregate-address” to preform manual summarization. AS-SET will hold a list of the unordered ASN’s in the component subnets. Without this option the AS_PATH is set to NULL. Could be good to hide originating path, bad because it can create a route loop.
A summayr can also be made with a local static route to null0 and injected with the “network” command. This will NOT suppress component subnets.
BGP Sync: Not really used today because the BGP table (full) is too big to redistribute into IGP. Use RR’s or Confeds. It was designed to prevent black-holing but in reality, is not used anymore because in order for a BGP route to be considered best an IGP has to have the route. If concerned about the number of devices that have to run BGP, you could use MPLS.
Redistribution solves the routing to black-hole and sync solves the problem of advertising a black-hole route to another AS. USE WITH CAUTION WHEN REDISTRIBUTING BGP INTO IGP.
Without RR or Confederations, a full mesh of iBGP peers is required. If you have more than 3 BGP nodes, this would be a royal pain in the tush. Full Mesh formula is n(n-1)/2.
(8) Node Example: 8*(8-1)/2 = 28 TCP connections! That’s too many.
BGP: Server/Client (Use update source to force the “client”). Only necessary on one side, but it should be one both to ensure clarity.
eBGP neighbors must be directly connected. So, if your using loopbacks to peer the “disable-connected-check” command is required without modifying “eBGP-multihop”. The other option is just to modify the eBgp multihop.
Route Reflector:
Route reflector violates the ability to learn routes from another iBGP neighbor. A new loop prevention mechanism must be used.
Originator ID: Originator of the prefix sent by the RR (used to prevent loops between the clients)
Cluster List/ID: Route reflector ID (used to prevent loops between RR’s)
Confederations:
An alternative to Route Reflectors, accomplishes the same functionality (no need for a full mesh), but is more intricate. Used for LARGE scale BGP deployments.
AS to be presented outside the Confederation (eBGP) is configured with the “bgp confederation id xxxxx”
For example my private ASN in the confed is 64512 and my public ASN is 75
router bgp 64512
bgp confederation id 75
SUB AS’s count as a single AS no matter how many sub AS’s are included in path. Lowest router-id wins metric tie.
If recursion cannot occur for the “next-hop-ip” and “next-hop-self” is not enabled. The prefix will show in the BGP database but not in the route table because it’s not a “best” path “>”.
Another way to change the next-hop IP is using a route-map on the neighbor and “set ip next-hop x.x.x.x”. If you leave the match empty it will match all prefixes coming from the specified neighbor. This can be used in a TE use case, where the next-hop is not even the originating router.
Redistributing BGP into IGP: USE WITH CAUTION! If necessary, make sure to use AS-PATH access-list to limit the routes to the prefixes originating on the peer router. IGP’s can be overwhelmed by a full BGP Internet route table. On a side note: RIB failures in BGP are advertised to neighbors, to prevent this default behavior issue the following command under the BGP process. “BGP suppress-inactive”
iBGP into IGP redistribution is NOT recommended because of the potential of loops to occur. Remember with iBGP the as_path is NOT preserved. If you MUST do so with caution… You have been warned.
Override default behavior (not allowed to redistribute into IGP): BGP> “BGP redistribute-internal”
BGP “auto-summary” works with 1) Redistribution of routes into BGP or 2) using the network command to advertise a classful address.
BGP Best Path Selection:
1) Weight – (non-transitive/local only) Can be set per neighbor or per an inbound route-map
2) Local Preference (transitive within a single AS)- Can be set per an inbound route-map
Un-suppress on a per neighbor basis and use route-map to un-suppress/suppress globally. IN the route-map use deny on the prefix to be allowed and permit to suppress.
Local-AS: Use this is allow a peer to use a different ASN from the global. Could be used for an AS migration. “no-prepend” will remove oldAS from the sting for INCOMING prefixes. This does NOT work for advertised prefixes. “replace-as” will remove newAS from string. Finally, “dual-AS” allows for a peer to use either ASN for peering.
“Remove-private-AS” on external peers only.
BGP Timers:
BGP Scanner: Default of 60 seconds, Conditional route advertisements, next-hop check, imports routes, route dampening. Change with “bgp scan-time”
Route Refresh/Soft Reconfiguration: RR replaced Soft Reconfiguration.
Batch routing updates: Updates and keepalives change with “neighbor x.x.x.x advertisement-interval <seconds)”.
Timers Hello/Hold: Default of 60 hello and 180 sec. hold.
BGP Fast Failover: By default, if an interface goes down the peer session will go down. This feature is good for PTP links but not so good for shared links. Disable it with “no bgp fast-external-fallover”
Fast peering: Use “neighbor x.x.x.x fall-over” iBGP or eBGP based on route availability to the peer.
BGP Nexthop trigger: Event drived and enabled by default. Change with “bgp nexthop trigger delay xx”.