BGP Case Studies - Cisco

11/2/2015
BGPCaseStudiesCisco
BGPCaseStudies
DocumentID: 26634 Updated: Oct30,2008
Contents
Introduction
Prerequisites
Requirements
ComponentsUsed
Conventions
BGPCaseStudies1
HowDoesBGPWork?
eBGPandiBGP
EnableBGPRouting
FormBGPNeighbors
BGPandLoopbackInterfaces
eBGPMultihop
eBGPMultihop(LoadBalancing)
RouteMaps
matchandsetConfigurationCommands
networkCommand
Redistribution
StaticRoutesandRedistribution
iBGP
TheBGPDecisionAlgorithm
BGPCaseStudies2
AS_PATHAttribute
OriginAttribute
BGPNextHopAttribute
BGPBackdoor
Synchronization
WeightAttribute
LocalPreferenceAttribute
MetricAttribute
http://www.cisco.com/c/en/us/support/docs/ip/bordergatewayprotocolbgp/26634bgptoc.html
1/62
11/2/2015
BGPCaseStudiesCisco
CommunityAttribute
BGPCaseStudies3
BGPFiltering
ASRegularExpression
BGPNeighborsandRouteMaps
BGPCaseStudies4
CIDRandAggregateAddresses
BGPConfederation
RouteReflectors
RouteFlapDampening
HowBGPSelectsaPath
BGPCaseStudies5
PracticalDesignExample
RelatedInformation
RelatedCiscoSupportCommunityDiscussions
Introduction
ThisdocumentcontainsfiveBorderGatewayProtocol(BGP)casestudies.
Prerequisites
Requirements
Therearenospecificrequirementsforthisdocument.
ComponentsUsed
Thisdocumentisnotrestrictedtospecificsoftwareandhardwareversions.
Conventions
RefertoCiscoTechnicalTipsConventionsformoreinformationondocumentconventions.
BGPCaseStudies1
TheBGP,whichRFC1771 defines,allowsyoutocreateloopfreeinterdomainroutingbetweenautonomous
systems(ASs).AnASisasetofroutersunderasingletechnicaladministration.RoutersinanAScanuse
multipleInteriorGatewayProtocols(IGPs)toexchangeroutinginformationinsidetheAS.Therouterscanusean
exteriorgatewayprotocoltoroutepacketsoutsidetheAS.
HowDoesBGPWork?
BGPusesTCPasthetransportprotocol,onport179.TwoBGProutersformaTCPconnectionbetweenone
another.Theseroutersarepeerrouters.Thepeerroutersexchangemessagestoopenandconfirmthe
connectionparameters.
BGProutersexchangenetworkreachabilityinformation.Thisinformationismainlyanindicationofthefullpaths
thataroutemusttakeinordertoreachthedestinationnetwork.ThepathsareBGPASnumbers.This
2/62
11/2/2015
BGPCaseStudiesCisco
informationhelpsintheconstructionofagraphofASsthatareloopfree.Thegraphalsoshowswheretoapply
routingpoliciesinordertoenforcesomerestrictionsontheroutingbehavior.
AnytworoutersthatformaTCPconnectioninordertoexchangeBGProutinginformationare"peers"or
"neighbors".BGPpeersinitiallyexchangethefullBGProutingtables.Afterthisexchange,thepeerssend
incrementalupdatesastheroutingtablechanges.BGPkeepsaversionnumberoftheBGPtable.Theversion
numberisthesameforalltheBGPpeers.TheversionnumberchangeswheneverBGPupdatesthetablewith
routinginformationchanges.ThesendofkeepalivepacketsensuresthattheconnectionbetweentheBGPpeers
isalive.Notificationpacketsgooutinresponsetoerrorsorspecialconditions.
eBGPandiBGP
IfanAShasmultipleBGPspeakers,theAScanserveasatransitserviceforotherASs.Asthediagraminthis
sectionshows,AS200isatransitASforAS100andAS300.
InordertosendtheinformationtoexternalASs,theremustbeanassuranceofthereachabilityfornetworks.In
ordertoassurenetworkreachability,theseprocessestakeplace:
InternalBGP(iBGP)peeringbetweenroutersinsideanAS
RedistributionofBGPinformationtoIGPsthatrunintheAS
WhenBGPrunsbetweenroutersthatbelongtotwodifferentASs,thisiscalledexteriorBGP(eBGP).WhenBGP
runsbetweenroutersinthesameAS,thisiscallediBGP.
EnableBGPRouting
CompletethesestepsinordertoenableandconfigureBGP.
Assumethatyouwanttohavetworouters,RTAandRTB,talkviaBGP.Inthefirstexample,RTAandRTBare
indifferentASs.Inthesecondexample,bothroutersbelongtothesameAS.
1. DefinetherouterprocessandtheASnumbertowhichtheroutersbelong.
IssuethiscommandtoenableBGPonarouter:
routerbgpautonomoussystem
RTA#
routerbgp100
RTB#
routerbgp200
ThesestatementsindicatethatRTArunsBGPandbelongstoAS100.RTBrunsBGPandbelongstoAS200.
3/62
11/2/2015
BGPCaseStudiesCisco
2. DefineBGPneighbors.
TheBGPneighborformationindicatestheroutersthatattempttotalkviaBGP.ThesectionFormBGP
Neighborsexplainsthisprocess.
FormBGPNeighbors
TwoBGProutersbecomeneighborsaftertheroutersestablishaTCPconnectionbetweeneachother.TheTCP
connectionisessentialinorderforthetwopeerrouterstostarttheexchangeofroutingupdates.
AftertheTCPconnectionisup,therouterssendopenmessagesinordertoexchangevalues.Thevaluesthat
theroutersexchangeincludetheASnumber,theBGPversionthattheroutersrun,theBGProuterID,andthe
keepaliveholdtime.Aftertheconfirmationandacceptanceofthesevalues,establishmentoftheneighbor
connectionoccurs.AnystateotherthanEstablishedisanindicationthatthetworoutersdidnotbecome
neighborsandthattherouterscannotexchangeBGPupdates.
IssuethisneighborcommandtoestablishaTCPconnection:
neighboripaddressremoteasnumber
ThenumberinthecommandistheASnumberoftheroutertowhichyouwanttoconnectwithBGP.Theip
addressisthenexthopaddresswithdirectconnectionforeBGP.ForiBGP,ipaddressisanyIPaddressonthe
otherrouter.
ThetwoIPaddressesthatyouuseintheneighborcommandofthepeerroutersmustbeabletoreachone
another.OnewaytoverifyreachabilityisanextendedpingbetweenthetwoIPaddresses.Theextendedping
forcesthepingingroutertouseassourcetheIPaddressthattheneighborcommandspecifies.Theroutermust
usethisaddressratherthantheIPaddressoftheinterfacefromwhichthepacketgoes.
IfthereareanyBGPconfigurationchanges,youmustresettheneighborconnectiontoallowthenewparameters
totakeeffect.
clearipbgpaddress
Note:Theaddressistheneighboraddress.
clearipbgp*
Thiscommandclearsallneighborconnections.
Bydefault,BGPsessionsbeginwiththeuseofBGPversion4andnegotiatedownwardtoearlierversions,if
necessary.YoucanpreventnegotiationsandforcetheBGPversionthattheroutersusetocommunicatewitha
neighbor.Issuethiscommandinrouterconfigurationmode:
neighbor{ipaddress|peergroupname}versionvalue
Hereisanexampleoftheneighborcommandconfiguration:
4/62
11/2/2015
BGPCaseStudiesCisco
RTA#
routerbgp100
neighbor129.213.1.1remoteas200
RTB#
routerbgp200
RTC#
routerbgp200
Inthisexample,RTAandRTBruneBGP.RTBandRTCruniBGP.TheremoteASnumberpointstoeitheran
externaloraninternalAS,whichindicateseithereBGPoriBGP.Also,theeBGPpeershavedirectconnection,
buttheiBGPpeersdonothavedirectconnection.iBGProutersdonotneedtohavedirectconnection.But,there
mustbesomeIGPthatrunsandallowsthetwoneighborstoreachoneanother.
Thissectionprovidesanexampleoftheinformationthattheshowipbgpneighborscommanddisplays.
Note:PayspecialattentiontotheBGPstate.AnythingotherthanthestateEstablishedindicatesthatthepeers
arenotup.
Note:Also,noticetheseitems:
TheBGPversion,whichis4
TheremoterouterID
ThisnumberisthehighestIPaddressontherouterorthehighestloopbackinterface,ifexistent.
Thetableversion
Thetableversionprovidesthestateofthetable.Anytimethatnewinformationcomesin,thetableincreases
theversion.Aversionthatcontinuestoincrementindicatesthatthereissomerouteflapthatcausesthe
continuousupdateofroutes.
#showipbgpneighbors
BGPneighboris129.213.1.1,remoteAS200,externallink
BGPversion4,remoterouterID175.220.12.1
BGPstate=Established,tableversion=3,upfor0:10:59
5/62
11/2/2015
BGPCaseStudiesCisco
Lastread0:00:29,holdtimeis180,keepaliveintervalis60seconds
Minimumtimebetweenadvertisementrunsis30seconds
Received2828messages,0notifications,0inqueue
Sent2826messages,0notifications,0inqueue
Connectionsestablished11dropped10
BGPandLoopbackInterfaces
TheuseofaloopbackinterfacetodefineneighborsiscommonwithiBGP,butisnotcommonwitheBGP.
Normally,youusetheloopbackinterfacetomakesurethattheIPaddressoftheneighborstaysupandis
independentofhardwarethatfunctionsproperly.InthecaseofeBGP,peerroutersfrequentlyhavedirect
connection,andloopbackdoesnotapply.
IfyouusetheIPaddressofaloopbackinterfaceintheneighborcommand,youneedsomeextraconfiguration
ontheneighborrouter.TheneighborrouterneedstoinformBGPoftheuseofaloopbackinterfaceratherthana
physicalinterfacetoinitiatetheBGPneighborTCPconnection.Inordertoindicatealoopbackinterface,issue
thiscommand:
neighboripaddressupdatesourceinterface
Thisexampleillustratestheuseofthiscommand:
RTA#
routerbgp100
neighbor190.225.11.1updatesourceloopback1
RTB#
routerbgp100
Inthisexample,RTAandRTBruniBGPinsideAS100.Intheneighborcommand,RTBusestheloopback
interfaceofRTA,150.212.1.1.Inthiscase,RTAmustforceBGPtousetheloopbackIPaddressasthesource
intheTCPneighborconnection.Inordertoforcethisaction,RTAaddsupdatesourceinterfacetypeinterface
numbersothatthecommandisneighbor190.225.11.1updatesourceloopback1.ThisstatementforcesBGP
tousetheIPaddressoftheloopbackinterfacewhenBGPtalkstoneighbor190.225.11.1.
Note:RTAhasusedthephysicalinterfaceIPaddressofRTB,190.225.11.1,asaneighbor.UseofthisIP
addressiswhyRTBdoesnotneedanyspecialconfiguration.RefertoSampleConfigurationforiBGPandeBGP
WithorWithoutaLoopbackAddressforacompletenetworkscenariosampleconfiguration.
eBGPMultihop
Insomecases,aCiscoroutercanruneBGPwithathirdpartyrouterthatdoesnotallowdirectconnectionofthe
6/62
11/2/2015
BGPCaseStudiesCisco
twoexternalpeers.Toachievetheconnection,youcanuseeBGPmultihop.TheeBGPmultihopallowsa
neighborconnectionbetweentwoexternalpeersthatdonothavedirectconnection.Themultihopisonlyfor
eBGPandnotforiBGP.ThisexampleillustrateseBGPmultihop:
RTA#
routerbgp100
neighbor180.225.11.1ebgpmultihop
RTB#
routerbgp300
RTAindicatesanexternalneighborthatdoesnothavedirectconnection.RTAneedstoindicateitsuseofthe
neighborebgpmultihopcommand.Ontheotherhand,RTBindicatesaneighborthathasdirectconnection,
whichis129.213.1.2.Becauseofthisdirectconnection,RTBdoesnotneedtheneighborebgpmultihop
command.YoushouldalsoconfigureanIGPorstaticroutingtoallowtheneighborswithoutconnectiontoreach
eachother.
TheexampleintheeBGPMultihop(LoadBalancing)sectionshowshowtoachieveloadbalancingwithBGPina
casewhereyouhaveeBGPoverparallellines.
eBGPMultihop(LoadBalancing)
RTA#
intloopback0
ipaddress150.10.1.1255.255.255.0
routerbgp100
network150.10.0.0
iproute160.10.0.0255.255.0.01.1.1.2
iproute160.10.0.0255.255.0.02.2.2.2
RTB#
intloopback0
ipaddress160.10.1.1255.255.255.0
routerbgp200
7/62
11/2/2015
BGPCaseStudiesCisco
network160.10.0.0
iproute150.10.0.0255.255.0.01.1.1.1
iproute150.10.0.0255.255.0.02.2.2.1
Thisexampleillustratestheuseofloopbackinterfaces,updatesource,andebgpmultihop.Theexampleisa
workaroundinordertoachieveloadbalancingbetweentwoeBGPspeakersoverparallelseriallines.Innormal
situations,BGPpicksoneofthelinesonwhichtosendpackets,andloadbalancingdoesnothappen.Withthe
introductionofloopbackinterfaces,thenexthopforeBGPistheloopbackinterface.Youusestaticroutes,oran
IGP,tointroducetwoequalcostpathstoreachthedestination.RTAhastwochoicestoreachnexthop
160.10.1.1:onepathvia1.1.1.2andtheotherpathvia2.2.2.2.RTBhasthesamechoices.
RouteMaps
ThereisheavyuseofroutemapswithBGP.IntheBGPcontext,theroutemapisamethodtocontrolandmodify
routinginformation.Thecontrolandmodificationofroutinginformationoccursthroughthedefinitionofconditions
forrouteredistributionfromoneroutingprotocoltoanother.Orthecontrolofroutinginformationcanoccurat
injectioninandoutofBGP.Theformatoftheroutemapfollows:
routemapmaptag[[permit|deny]|[sequencenumber]]
Themaptagissimplyanamethatyougivetotheroutemap.Youcandefinemultipleinstancesofthesame
routemap,orthesamenametag.Thesequencenumberissimplyanindicationofthepositionthatanewroute
mapistohaveinthelistofroutemapsthatyouhavealreadyconfiguredwiththesamename.
Inthisexample,therearetwoinstancesoftheroutemapdefined,withthenameMYMAP.Thefirstinstancehas
asequencenumberof10,andthesecondhasasequencenumberof20.
routemapMYMAPpermit10(Thefirstsetofconditionsgoeshere.)
routemapMYMAPpermit20(Thesecondsetofconditionsgoeshere.)
WhenyouapplyroutemapMYMAPtoincomingoroutgoingroutes,thefirstsetofconditionsareappliedvia
instance10.Ifthefirstsetofconditionsisnotmet,youproceedtoahigherinstanceoftheroutemap.
matchandsetConfigurationCommands
Eachroutemapconsistsofalistofmatchandsetconfigurationcommands.Thematchspecifiesamatch
criteria,andsetspecifiesasetactionifthecriteriathatthematchcommandenforcesaremet.
Forexample,youcandefinearoutemapthatchecksoutgoingupdates.IfthereisamatchforIPaddress
1.1.1.1,themetricforthatupdateissetto5.Thesecommandsillustratetheexample:
matchipaddress1.1.1.1
setmetric5
Now,ifthematchcriteriaaremetandyouhaveapermit,thereisaredistributionorcontroloftheroutes,asthe
setactionspecifies.Youbreakoutofthelist.
Ifthematchcriteriaaremetandyouhaveadeny,thereisnoredistributionorcontroloftheroute.Youbreakout
ofthelist.
Ifthematchcriteriaarenotmetandyouhaveapermitordeny,thenextinstanceoftheroutemapischecked.
Forexample,instance20ischecked.Thisnextinstancecheckcontinuesuntilyoueitherbreakoutorfinishall
theinstancesoftheroutemap.Ifyoufinishthelistwithoutamatch,therouteisnotacceptednorforwarded.
InCiscoIOSSoftwarereleasesearlierthanCiscoIOSSoftwareRelease11.2,whenyouuseroutemapsto
filterBGPupdatesratherthanredistributebetweenprotocols,youcannotfilterontheinboundwhenyouusea
matchcommandontheIPaddress.Afilterontheoutboundisacceptable.CiscoIOSSoftwareRelease11.2and
laterreleasesdonothavethisrestriction.
Therelatedcommandsformatchare:
8/62
11/2/2015
BGPCaseStudiesCisco
matchaspath
matchcommunity
matchclns
matchinterface
matchipaddress
matchipnexthop
matchiproutesource
matchmetric
matchroutetype
matchtag
Therelatedcommandsforsetare:
setaspath
setclns
setautomatictag
setcommunity
setinterface
setdefaultinterface
setipdefaultnexthop
setlevel
setlocalpreference
setmetric
setmetrictype
setnexthop
setorigin
settag
setweight
Lookatsomeroutemapexamples:
9/62
11/2/2015
BGPCaseStudiesCisco
Example1
AssumethatRTAandRTBrunRoutingInformationProtocol(RIP),andRTAandRTCrunBGP.RTAgets
updatesviaBGPandredistributestheupdatestoRIP.SupposethatRTAwantstoredistributetoRTBroutes
about170.10.0.0withametricof2andallotherrouteswithametricof5.Inthiscase,youcanusethis
configuration:
RTA#
routerrip
network3.0.0.0
network2.0.0.0
network150.10.0.0
passiveinterfaceSerial0
redistributebgp100routemapSETMETRIC
routerbgp100
network150.10.0.0
routemapSETMETRICpermit10
matchipaddress1
setmetric2
routemapSETMETRICpermit20
setmetric5
accesslist1permit170.10.0.00.0.255.255
Inthisexample,ifaroutematchestheIPaddress170.10.0.0,theroutehasametricof2.Then,youbreakoutof
theroutemaplist.Ifthereisnomatch,youproceeddowntheroutemaplist,whichindicatessettingeverything
elsetometric5.
Note:Alwaysaskthequestion"Whathappenstoroutesthatdonotmatchanyofthematchstatements?"These
routesdrop,bydefault.
Example2
10/62
11/2/2015
BGPCaseStudiesCisco
Example2
Supposethat,inExample1,youdonotwantAS100toacceptupdatesabout170.10.0.0.Youcannotapplyroute
mapsontheinboundwhenyoumatchwithanIPaddressasthebasis.Therefore,youmustuseanoutbound
routemaponRTC:
RTC#
routerbgp300
network170.10.0.0
neighbor2.2.2.2routemapSTOPUPDATESout
routemapSTOPUPDATESpermit10
matchipaddress1
accesslist1deny170.10.0.00.0.255.255
NowthatyoufeelmorecomfortablewithhowtostartBGPandhowtodefineaneighbor,lookathowtostartthe
exchangeofnetworkinformation.
TherearemultiplewaystosendnetworkinformationwithuseofBGP.Thesesectionsgothroughthemethods
onebyone:
networkCommand
Redistribution
networkCommand
Theformatofthenetworkcommandis:
networknetworknumber[masknetworkmask]
Thenetworkcommandcontrolsthenetworksthatoriginatefromthisbox.Thisconceptisdifferentthanthe
familiarconfigurationwithInteriorGatewayRoutingProtocol(IGRP)andRIP.Withthiscommand,youdonottry
torunBGPonacertaininterface.Instead,youtrytoindicatetoBGPwhatnetworksBGPshouldoriginatefrom
thisbox.ThecommandusesamaskportionbecauseBGPversion4(BGP4)canhandlesubnettingand
supernetting.Amaximumof200entriesofthenetworkcommandareacceptable.
Thenetworkcommandworksiftherouterknowsthenetworkthatyouattempttoadvertise,whetherconnected,
static,orlearneddynamically.
Anexampleofthenetworkcommandis:
RTA#
routerbgp1
network192.213.0.0mask255.255.0.0
iproute192.213.0.0255.255.0.0null0
ThisexampleindicatesthatrouterAgeneratesanetworkentryfor192.213.0.0/16.The/16indicatesthatyouuse
asupernetoftheclassCaddressandyouadvertisethefirsttwooctets,orfirst16bits.
Note:Youneedthestaticroutetogettheroutertogenerate192.213.0.0becausethestaticrouteputsamatching
entryintheroutingtable.
Redistribution
ThenetworkcommandisonewaytoadvertiseyournetworksviaBGP.AnotherwayistoredistributeyourIGP
intoBGP.YourIGPcanbeIGRP,OpenShortestPathFirst(OSPF)protocol,RIP,EnhancedInteriorGateway
RoutingProtocol(EIGRP),oranotherprotocol.Thisredistributioncanseemscarybecausenowyoudumpallyour
internalroutesintoBGPsomeoftheseroutescanhavebeenlearnedviaBGPandyoudonotneedtosendthem
11/62
11/2/2015
BGPCaseStudiesCisco
outagain.ApplycarefulfilteringtomakesurethatyousendtotheInternetonlyroutesthatyouwanttoadvertise
andnottoalltheroutesthatyouhave.Hereisanexample:
RTAannounces129.213.1.0andRTCannounces175.220.0.0.LookattheRTCconfiguration:
Ifyouissuethenetworkcommand,youhave:
RTC#
routereigrp10
network175.220.0.0
redistributebgp200
defaultmetric10001002501001500
routerbgp200
network175.220.0.0mask255.255.0.0
!ThislimitsthenetworksthatyourASoriginatesto175.220.0.0.
Ifyouuseredistributioninstead,youhave:
RTC#
routereigrp10
network175.220.0.0
redistributebgp200
routerbgp200
redistributeeigrp10
!EIGRPinjects129.213.1.0againintoBGP.
Thisredistributioncausestheoriginationof129.213.1.0byyourAS.Youarenotthesourceof129.213.1.0
AS100isthesource.SoyouhavetousefilterstopreventthesourceoutofthatnetworkbyyourAS.Thecorrect
configurationis:
RTC#
12/62
11/2/2015
BGPCaseStudiesCisco
routereigrp10
network175.220.0.0
redistributebgp200
routerbgp200
neighbor1.1.1.1distributelist1out
redistributeeigrp10
YouusetheaccesslistcommandtocontrolthenetworksthatoriginatefromAS200.
RedistributionofOSPFintoBGPisslightlydifferentthanredistributionforotherIGPs.Thesimpleissueof
redistributeospf1underrouterbgpdoesnotwork.Specifickeywordssuchasinternal,external,andnssa
externalarenecessarytoredistributerespectiveroutes.RefertoUnderstandingRedistributionofOSPFRoutes
intoBGPformoredetails.
Youcanalwaysusestaticroutestooriginateanetworkorasubnet.TheonlydifferenceisthatBGPconsiders
theseroutestohaveanoriginthatisincomplete,orunknown.Youcanaccomplishthesameresultthatthe
exampleintheRedistributionsectionaccomplishedwiththis:
RTC#
routereigrp10
network175.220.0.0
redistributebgp200
routerbgp200
redistributestatic
...
iproute175.220.0.0255.255.255.0null0
....
Thenull0interfacemeansdisregardthepacket.Soifyougetthepacketandthereisamorespecificmatchthan
175.220.0.0,whichexists,theroutersendsthepackettothespecificmatch.Otherwise,therouterdisregardsthe
packet.Thismethodisanicewaytoadvertiseasupernet.
ThisdocumenthasdiscussedhowyoucanusedifferentmethodstooriginateroutesoutofyourAS.Remember
thattheseroutesaregeneratedinadditiontootherBGProutesthatBGPhaslearnedvianeighbors,eitherinternal
orexternal.BGPpassesoninformationthatBGPlearnsfromonepeertootherpeers.Thedifferenceisthat
routesthatgeneratefromthenetworkcommand,redistribution,orstaticindicateyourASastheoriginofthese
networks.
RedistributionisalwaysthemethodforinjectionofBGPintoIGP.
Hereisanexample:
13/62
11/2/2015
BGPCaseStudiesCisco
RTA#
routerbgp100
network150.10.0.0
RTB#
routerbgp200
network160.10.0.0
RTC#
routerbgp300
network170.10.00
Note:Youdonotneednetwork150.10.0.0ornetwork160.10.0.0inRTCunlessyouwantRTCtogeneratethese
networksaswellaspassonthesenetworksastheycomeinfromAS100andAS200.Again,thedifferenceis
thatthenetworkcommandaddsanextraadvertisementforthesesamenetworks,whichindicatesthatAS300is
alsoanoriginfortheseroutes.
Note:RememberthatBGPdoesnotacceptupdatesthathaveoriginatedfromitsownAS.Thisrefusalensuresa
loopfreeinterdomaintopology.
Forexample,assumethatAS200,fromtheexampleinthissection,hasadirectBGPconnectionintoAS100.
RTAgeneratesaroute150.10.0.0andsendstheroutetoAS300.Then,RTCpassesthisroutetoAS200and
keepstheoriginasAS100.RTBpasses150.10.0.0toAS100withtheoriginstillAS100.RTAnoticesthatthe
updatehasoriginatedfromitsownASandignorestheupdate.
iBGP
YouuseiBGPifanASwantstoactasatransitsystemtootherASs.Isittruethatyoucandothesamethingby
learningviaeBGP,redistributingintoIGP,andthenredistributingagainintoanotherAS?Yes,butiBGPoffers
moreflexibilityandmoreefficientwaystoexchangeinformationwithinanAS.Forexample,iBGPprovidesways
tocontrolthebestexitpointoutoftheASwithuseoflocalpreference.ThesectionLocalPreferenceAttribute
providesmoreinformationaboutlocalpreference.
14/62
11/2/2015
BGPCaseStudiesCisco
RTA#
routerbgp100
network150.10.0.0
RTB#
routerbgp100
network190.10.50.0
RTC#
routerbgp400
network175.10.0.0
Note:RememberthatwhenaBGPspeakerreceivesanupdatefromotherBGPspeakersinitsownAS(iBGP),
theBGPspeakerthatreceivestheupdatedoesnotredistributethatinformationtootherBGPspeakersinitsown
AS.TheBGPspeakerthatreceivestheupdateredistributestheinformationtootherBGPspeakersoutsideofits
AS.Therefore,sustainafullmeshbetweentheiBGPspeakerswithinanAS.
Inthediagraminthissection,RTAandRTBruniBGP.RTAandRTDalsoruniBGP.TheBGPupdatesthat
comefromRTBtoRTAtransmittoRTE,whichisoutsidetheAS.TheupdatesdonottransmittoRTD,whichis
insidetheAS.Therefore,makeaniBGPpeeringbetweenRTBandRTDinordertonotbreaktheflowofthe
updates.
TheBGPDecisionAlgorithm
AfterBGPreceivesupdatesaboutdifferentdestinationsfromdifferentautonomoussystems,theprotocolmust
choosepathstoreachaspecificdestination.BGPchoosesonlyasinglepathtoreachaspecificdestination.
BGPbasesthedecisionondifferentattributes,suchasnexthop,administrativeweights,localpreference,route
origin,pathlength,origincode,metric,andotherattributes.
BGPalwayspropagatesthebestpathtotheneighbors.RefertoBGPBestPathSelectionAlgorithmformore
15/62
11/2/2015
BGPCaseStudiesCisco
information.
ThesectionBGPCaseStudies2explainstheseattributesandtheiruse.
BGPCaseStudies2
AS_PATHAttribute
WheneverarouteupdatepassesthroughanAS,theASnumberisprependedtothatupdate.TheAS_PATH
attributeisactuallythelistofASnumbersthataroutehastraversedinordertoreachadestination.AnAS_SET
isanorderedmathematicalset{}ofalltheASsthathavebeentraversed.TheCIDRExample2(asset)section
ofthisdocumentprovidesanexampleofAS_SET.
Intheexampleinthissection,RTBadvertisesnetwork190.10.0.0inAS200.WhenthatroutetraversesAS300,
RTCappendsitsownASnumbertothenetwork.Sowhen190.10.0.0reachesRTA,thenetworkhastwoAS
numbersattached:first200,then300.ForRTA,thepathtoreach190.10.0.0is(300,200).
Thesameprocessappliesto170.10.0.0and180.10.0.0.RTBhastotakepath(300,100)RTBtraversesAS300
andthenAS100inordertoreach170.10.0.0.RTChastotraversepath(200)inordertoreach190.10.0.0andpath
(100)inordertoreach170.10.0.0.
OriginAttribute
Theoriginisamandatoryattributethatdefinestheoriginofthepathinformation.Theoriginattributecanassume
threevalues:
IGPNetworkLayerReachabilityInformation(NLRI)isinteriortotheASoforigination.Thisnormallyhappens
whenyouissuethebgpnetworkcommand.AniintheBGPtableindicatesIGP.
EGPNLRIislearnedviaexteriorgatewayprotocol(EGP).AneintheBGPtableindicatesEGP.
INCOMPLETENLRIisunknownorlearnedviasomeothermeans.INCOMPLETEusuallyoccurswhenyou
redistributeroutesfromotherroutingprotocolsintoBGPandtheoriginoftherouteisincomplete.An?inthe
BGPtableindicatesINCOMPLETE.
16/62
11/2/2015
BGPCaseStudiesCisco
RTA#
routerbgp100
network150.10.0.0
redistributestatic
iproute190.10.0.0255.255.0.0null0
RTB#
routerbgp100
network190.10.50.0
RTE#
routerbgp300
network170.10.0.0
RTAreaches170.10.0.0via300i.The"300i"meansthatthenextASpathis300andtheoriginoftherouteis
IGP.RTAalsoreaches190.10.50.0viai.This"i"meansthattheentryisinthesameASandtheoriginisIGP.
RTEreaches150.10.0.0via100i.The"100i"meansthatthenextASis100andtheoriginisIGP.RTEalso
reaches190.10.0.0via100?.The"100?"meansthatthenextASis100andthattheoriginisincompleteand
comesfromastaticroute.
BGPNextHopAttribute
17/62
11/2/2015
BGPCaseStudiesCisco
TheBGPnexthopattributeisthenexthopIPaddresstouseinordertoreachacertaindestination.
ForeBGP,thenexthopisalwaystheIPaddressoftheneighborthattheneighborcommandspecifies.Inthe
exampleinthissection,RTCadvertises170.10.0.0toRTAwithanexthopof170.10.20.2.RTAadvertises
150.10.0.0toRTCwithanexthopof170.10.20.1.ForiBGP,theprotocolstatesthatthenexthopthateBGP
advertisesshouldbecarriedintoiBGP.Becauseofthisrule,RTAadvertises170.10.0.0toitsiBGPpeerRTB
withanexthopof170.10.20.2.So,accordingtoRTB,thenexthoptoreach170.10.0.0is170.10.20.2andnot
150.10.30.1.
MakesurethatRTBcanreach170.10.20.2viaIGP.Otherwise,RTBdropspacketswiththedestinationof
170.10.0.0becausethenexthopaddressisinaccessible.Forexample,ifRTBrunsiGRP,youcanalsoruniGRP
onRTAnetwork170.10.0.0.YouwanttomakeiGRPpassiveonthelinktoRTCsothatBGPisonlyexchanged.
RTA#
routerbgp100
network150.10.0.0
RTB#
routerbgp100
RTC#
routerbgp300
network170.10.0.0
Note:RTCadvertises170.10.0.0toRTAwithanexthopequalto170.10.20.2.
Note:RTAadvertises170.10.0.0toRTBwithanexthopequalto170.10.20.2.TheeBGPnexthopiscarriedin
iBGP.
Takespecialcarewhenyoudealwithmultiaccessandnonbroadcastmultiaccess(NBMA)networks.The
18/62
11/2/2015
BGPCaseStudiesCisco
sectionsBGPNextHop(MultiaccessNetworks)andBGPNextHop(NBMA)providemoredetails.
BGPNextHop(MultiaccessNetworks)
ThisexampleshowshowthenexthopbehavesonamultiaccessnetworksuchasEthernet.
AssumethatRTCandRTDinAS300runOSPF.RTCrunsBGPwithRTA.RTCcanreachnetwork180.20.0.0via
170.10.20.3.WhenRTCsendsaBGPupdatetoRTAwithregardto180.20.0.0,RTCusesasnexthop
170.10.20.3.RTCdoesnotuseitsownIPaddress,170.10.20.2.RTCusesthisaddressbecausethenetwork
betweenRTA,RTC,andRTDisamultiaccessnetwork.TheRTAuseofRTDasanexthoptoreach180.20.0.0
ismoresensiblethantheextrahopviaRTC.
Note:RTCadvertises180.20.0.0toRTAwithanexthop170.10.20.3.
IfthecommonmediumtoRTA,RTC,andRTDisnotmultiaccess,butNBMA,furthercomplicationsoccur.
BGPNextHop(NBMA)
19/62
11/2/2015
BGPCaseStudiesCisco
Thecommonmediumappearsasacloudinthediagram.IfthecommonmediumisaframerelayoranyNBMA
cloud,theexactbehaviorisasifyouhaveconnectionviaEthernet.RTCadvertises180.20.0.0toRTAwitha
nexthopof170.10.20.3.
TheproblemisthatRTAdoesnothaveadirectpermanentvirtualcircuit(PVC)toRTDandcannotreachthenext
hop.Inthiscase,routingfails.
Thenexthopselfcommandremediesthissituation.
nexthopselfCommand
Forsituationswiththenexthop,asintheBGPNextHop(NBMA)example,youcanusethenexthopself
command.Thesyntaxis:
neighbor{ipaddress|peergroupname}nexthopself
ThenexthopselfcommandallowsyoutoforceBGPtouseaspecificIPaddressasthenexthop.
FortheBGPNextHop(NBMA)example,thisconfigurationsolvestheproblem:
RTC#
routerbgp300
neighbor170.10.20.1nexthopself
RTCadvertises180.20.0.0withanexthopequalto170.10.20.2.
BGPBackdoor
20/62
11/2/2015
BGPCaseStudiesCisco
Inthisdiagram,RTAandRTCruneBGP.RTBandRTCruneBGP.RTAandRTBrunsomekindofIGP,either
RIP,IGRP,oranotherprotocol.Bydefinition,eBGPupdateshaveadistanceof20,whichislessthantheIGP
distances.Thedefaultdistancesare:
120forRIP
100forIGRP
90forEIGRP
110forOSPF
RTAreceivesupdatesabout160.10.0.0viatworoutingprotocols:
eBGPwithadistanceof20
IGPwithadistancethatisgreaterthan20
Bydefault,BGPhasthesedistances:
Externaldistance20
Internaldistance200
Localdistance200
Butyoucanusethedistancecommandtochangethedefaultdistances:
distancebgpexternaldistanceinternaldistancelocaldistance
RTApickseBGPviaRTCbecauseoftheshorterdistance.
IfyouwantRTAtolearnabout160.10.0.0viaRTB(IGP),thenyouhavetwooptions:
ChangetheexternaldistanceofeBGPortheIGPdistance.
Note:Thischangeisnotrecommended.
UseBGPbackdoor.
BGPbackdoormakestheIGProutethepreferredroute.
Issuethenetworkaddressbackdoorcommand.
TheconfigurednetworkisthenetworkthatyouwanttoreachviaIGP.ForBGP,thisnetworkgetsthesame
21/62
11/2/2015
BGPCaseStudiesCisco
treatmentasalocallyassignednetwork,exceptBGPupdatesdonotadvertisethisnetwork.
RTA#
routereigrp10
network150.10.0.0
routerbgp100
network160.10.0.0backdoor
Network160.10.0.0istreatedasalocalentry,butisnotadvertisedasanormalnetworkentry.
RTAlearns160.10.0.0fromRTBviaEIGRPwithdistance90.RTAalsolearnstheaddressfromRTCviaeBGP
withdistance20.NormallyeBGPisthepreference,butbecauseofthenetworkbackdoorcommand,EIGRPis
thepreference.
Synchronization
Beforethediscussionofsynchronization,lookatthisscenario.RTCinAS300sendsupdatesabout170.10.0.0.
RTAandRTBruniBGP,soRTBgetstheupdateandisabletoreach170.10.0.0vianexthop2.2.2.1.Remember
thatthenexthopiscarriedviaiBGP.Inordertoreachthenexthop,RTBmustsendthetraffictoRTE.
AssumethatRTAhasnotredistributednetwork170.10.0.0intoIGP.Atthispoint,RTEhasnoideathat
170.10.0.0evenexists.
IfRTBstartstoadvertisetoAS400thatRTBcanreach170.10.0.0,trafficthatcomesfromRTDtoRTBwith
destination170.10.0.0flowsinanddropsatRTE.
Synchronizationstatesthat,ifyourASpassestrafficfromanotherAStoathirdAS,BGPshouldnotadvertisea
routebeforealltheroutersinyourAShavelearnedabouttherouteviaIGP.BGPwaitsuntilIGPhaspropagated
theroutewithintheAS.Then,BGPadvertisestheroutetoexternalpeers.
22/62
11/2/2015
BGPCaseStudiesCisco
Intheexampleinthissection,RTBwaitstohearabout170.10.0.0viaIGP.Then,RTBstartstosendtheupdate
toRTD.YoucanmakeRTBthinkthatIGPhaspropagatedtheinformationifyouaddastaticrouteinRTBthat
pointsto170.10.0.0.Makesurethatotherrouterscanreach170.10.0.0.
DisableSynchronization
Insomecases,youdonotneedsynchronization.IfyoudonotpasstrafficfromadifferentASthroughyourAS,
youcandisablesynchronization.YoucanalsodisablesynchronizationifallroutersinyourASrunBGP.The
disablementofthisfeaturecanallowyoutocarryfewerroutesinyourIGPandallowBGPtoconvergemore
quickly.
Thedisablementofsynchronizationisnotautomatic.IfallyourroutersintheASrunBGPandyoudonotrunIGP
atall,therouterhasnowaytoknow.YourrouterwaitsindefinitelyforanIGPupdateaboutacertainroutebefore
theroutersendstheroutetoexternalpeers.Youhavetodisablesynchronizationmanuallyinthiscasesothat
routingcanworkcorrectly:
routerbgp100
nosynchronization
Note:Makesurethatyouissuetheclearipbgpaddresscommandtoresetthesession.
RTB#
routerbgp100
network150.10.0.0
nosynchronization
!RTBputs170.10.0.0initsIProutingtableandadvertisesthenetwork
!toRTD,evenifRTBdoesnothaveanIGPpathto170.10.0.0.
23/62
11/2/2015
BGPCaseStudiesCisco
RTD#
routerbgp400
network175.10.0.0
RTA#
routerbgp100
network150.10.0.0
WeightAttribute
TheweightattributeisaCiscodefinedattribute.Thisattributeusesweighttoselectabestpath.Theweightis
assignedlocallytotherouter.Thevalueonlymakessensetothespecificrouter.Thevalueisnotpropagatedor
carriedthroughanyoftherouteupdates.Aweightcanbeanumberfrom0to65,535.Pathsthattherouter
originateshaveaweightof32,768bydefault,andotherpathshaveaweightof0.
Routeswithahigherweightvaluehavepreferencewhenmultipleroutestothesamedestinationexist.Lookatthe
exampleinthissection.RTAhaslearnedaboutnetwork175.10.0.0fromAS4.RTApropagatestheupdateto
RTC.RTBhasalsolearnedaboutnetwork175.10.0.0fromAS4.RTBpropagatestheupdatetoRTC.RTCnow
hastwowaystoreach175.10.0.0andhastodecidewhichwaytogo.IfyousettheweightoftheupdatesonRTC
thatcomefromRTAsothattheweightisgreaterthantheweightofupdatesthatcomefromRTB,youforceRTC
touseRTAasanexthoptoreach175.10.0.0.Multiplemethodsachievethisweightset:
Usetheneighborcommand.
neighbor{ipaddress|peergroup}weightweight
UseAS_PATHaccesslists.
ipaspathaccesslistaccesslistnumber{permit|deny}asregularexpressionneighboripaddressfilter
listaccesslistnumberweightweight
Useroutemaps.
RTC#
routerbgp300
neighbor1.1.1.1weight200
!Therouteto175.10.0.0fromRTAhasa200weight.
24/62
11/2/2015
BGPCaseStudiesCisco
neighbor2.2.2.2weight100
!Therouteto175.10.0.0fromRTBhasa100weight.
RTA,whichhasahigherweightvalue,haspreferenceasthenexthop.
YoucanachievethesameoutcomewithIPAS_PATHandfilterlists.
RTC#
routerbgp300
neighbor1.1.1.1filterlist5weight200
neighbor2.2.2.2filterlist6weight100
...
ipaspathaccesslist5permit^100$
!Thisonlypermitspath100.
...
Youalsocanachievethesameoutcomewiththeuseofroutemaps.
RTC#
routerbgp300
neighbor1.1.1.1routemapsetweightinin
neighbor2.2.2.2routemapsetweightinin
...
...
routemapsetweightinpermit10
matchaspath5
setweight200
!Anythingthatappliestoaccesslist5,suchaspacketsfromAS100,hasweight200.
routemapsetweightinpermit20
setweight100
!Anythingelsehasweight100.
Note:YoucanmodifyweighttopreferMPLSVPNBGPpathwithIGPpathasaBackup.
Note:Formoreinformation,refertothisCiscoSupportCommunitydocumentthatdescribeshowtoconfigurethe
routertohaveapreferredpathonbothprimaryandfailureconditionsandtorerouteonprimarypathrecovery:
PreferringMPLSVPNBGPPathwithIGPBackup
LocalPreferenceAttribute
25/62
11/2/2015
BGPCaseStudiesCisco
LocalpreferenceisanindicationtotheASaboutwhichpathhaspreferencetoexittheASinordertoreacha
certainnetwork.Apathwithahigherlocalpreferenceispreferredmore.Thedefaultvalueforlocalpreferenceis
100.
Unliketheweightattribute,whichisonlyrelevanttothelocalrouter,localpreferenceisanattributethatrouters
exchangeinthesameAS.
Yousetlocalpreferencewiththeissueofthebgpdefaultlocalpreferencevaluecommand.Youcanalsoset
localpreferencewithroutemaps,astheexampleinthissectiondemonstrates:
Note:Itisnecessarytoperformasoftreset(thatis,clearthebgpprocessontherouter)inorderforchangesto
betakenintoconsideration.Inordertoclearthebgpprocess,usetheclearipbgp[soft][in/out]command
wheresoftindicatesasoftresetwithouttearingthesessionand[in/out]specifiesinboundoroutbound
configuration.Ifin/outisnotspecifiedbothinboundandoutboundsessionsarereset.
Thebgpdefaultlocalpreferencecommandsetsthelocalpreferenceontheupdatesoutoftherouterthatgoto
peersinthesameAS.Inthediagraminthissection,AS256receivesupdatesabout170.10.0.0fromtwodifferent
sidesoftheorganization.LocalpreferencehelpsyoudeterminewhichwaytoexitAS256inordertoreachthat
network.AssumethatRTDistheexitpointpreference.Thisconfigurationsetsthelocalpreferenceforupdates
thatcomefromAS300to200andforupdatesthatcomefromAS100to150:
RTC#
routerbgp256
bgpdefaultlocalpreference150
RTD#
routerbgp256
bgpdefaultlocalpreference200
Inthisconfiguration,RTCsetsthelocalpreferenceofallupdatesto150.ThesameRTDsetsthelocalpreference
26/62
11/2/2015
BGPCaseStudiesCisco
ofallupdatesto200.ThereisanexchangeoflocalpreferencewithinAS256.Therefore,bothRTCandRTD
realizethatnetwork170.10.0.0hasahigherlocalpreferencewhenupdatescomefromAS300ratherthanfrom
AS100.AlltrafficinAS256thathasthatnetworkasadestinationtransmitswithRTDasanexitpoint.
Theuseofroutemapsprovidesmoreflexibility.Intheexampleinthissection,allupdatesthatRTDreceivesare
taggedwithlocalpreference200whentheupdatesreachRTD.UpdatesthatcomefromAS34alsoaretagged
withthelocalpreferenceof200.Thistagcanbeunnecessary.Forthisreason,youcanuseroutemapsto
specifythespecificupdatesthatneedtobetaggedwithaspecificlocalpreference.Hereisanexample:
RTD#
routerbgp256
neighbor3.3.3.4routemapsetlocalinin
....
...
routemapsetlocalinpermit10
matchaspath7
setlocalpreference200
routemapsetlocalinpermit20
Withthisconfiguration,anyupdatethatcomesfromAS300hasalocalpreferenceof200.Anyotherupdates,
suchasupdatesthatcomefromAS34,haveavalueof150.
MetricAttribute
27/62
11/2/2015
BGPCaseStudiesCisco
ThemetricattributealsohasthenameMULTI_EXIT_DISCRIMINATOR,MED(BGP4),orINTER_AS(BGP3).
TheattributeisahinttoexternalneighborsaboutthepathpreferenceintoanAS.Theattributeprovidesa
dynamicwaytoinfluenceanotherASinthewaytoreachacertainroutewhentherearemultipleentrypointsinto
thatAS.Alowermetricvalueispreferredmore.
Unlikelocalpreference,metricisexchangedbetweenASs.AmetriciscarriedintoanASbutdoesnotleavethe
AS.WhenanupdateenterstheASwithacertainmetric,thatmetricisusedtomakedecisionsinsidetheAS.
WhenthesameupdatepassesontoathirdAS,thatmetricreturnsto0.Thediagraminthissectionshowsthe
setofmetric.Themetricdefaultvalueis0.
Unlessarouterreceivesotherdirections,theroutercomparesmetricsforpathsfromneighborsinthesameAS.
InorderfortheroutertocomparemetricsfromneighborsthatcomefromdifferentASs,youneedtoissuethe
specialconfigurationcommandbgpalwayscomparemedontherouter.
Note:TherearetwoBGPconfigurationcommandsthatcaninfluencethemultiexitdiscriminator(MED)based
pathselection.Thecommandsarethebgpdeterministicmedcommandandthebgpalwayscomparemed
command.AnissueofthebgpdeterministicmedcommandensuresthecomparisonoftheMEDvariableat
routechoicewhendifferentpeersadvertiseinthesameAS.Anissueofthebgpalwayscomparemed
commandensuresthecomparisonoftheMEDforpathsfromneighborsindifferentASs.Thebgpalways
comparemedcommandisusefulwhenmultipleserviceprovidersorenterprisesagreeonauniformpolicyfor
howtosetMED.RefertoHowthebgpdeterministicmedCommandDiffersfromthebgpalwayscomparemed
CommandtounderstandhowthesecommandsinfluenceBGPpathselection.
Inthediagraminthissection,AS100getsinformationaboutnetwork180.10.0.0viathreedifferentrouters:RTC,
RTD,andRTB.RTCandRTDareinAS300,andRTBisinAS400.
Inthisexample,theASPathcomparisononRTAbycommandbgpbestpathaspathignoreisignored.Itis
configuredtoforceBGPtofallontothenextattributeforroutecomparison(inthiscasemetricorMED).Ifthe
28/62
11/2/2015
BGPCaseStudiesCisco
commandisomitted,theBGPwillinstallroute180.10.0.0fromrouterRTCasthathastheshortestASPath.
AssumethatyouhavesetthemetricthatcomesfromRTCto120,themetricthatcomesfromRTDto200,and
themetricthatcomesfromRTBto50.Bydefault,aroutercomparesmetricsthatcomefromneighborsinthe
sameAS.Therefore,RTAcanonlycomparethemetricthatcomesfromRTCtothemetricthatcomesfromRTD.
RTAchoosesRTCasthebestnexthopbecause120islessthan200.WhenRTAgetsanupdatefromRTBwith
metric50,RTAcannotcomparethemetricto120becauseRTCandRTBareindifferentASs.RTAmustchoose
basedonsomeotherattributes.
InordertoforceRTAtocomparethemetrics,youmustissuethebgpalwayscomparemedcommandonRTA.
Theseconfigurationsillustratethisprocess:
RTA#
routerbgp100
bgpbestpathaspathignore
....
RTC#
routerbgp300
neighbor2.2.2.2routemapsetmetricoutout
routemapsetmetricoutpermit10
setmetric120
RTD#
routerbgp300
setmetric200
RTB#
routerbgp400
setmetric50
Withtheseconfigurations,RTApicksRTCasnexthop,withconsiderationofthefactthatallotherattributesare
thesame.InordertoincludeRTBinthemetriccomparison,youmustconfigureRTAinthisway:
RTA#
routerbgp100
neighbor2.2.21remoteas300
bgpalwayscomparemed
Inthiscase,RTApicksRTBasthebestnexthopinordertoreachnetwork180.10.0.0.
YoucanalsosetmetricduringtheredistributionofroutesintoBGPifyouissuethedefaultmetricnumber
command.
Assumethat,intheexampleinthissection,RTBinjectsanetworkviastaticintoAS100.Hereisthe
configuration:
RTB#
routerbgp400
29/62
11/2/2015
BGPCaseStudiesCisco
redistributestatic
defaultmetric50
iproute180.10.0.0255.255.0.0null0
!ThiscausesRTBtosendout180.10.0.0withametricof50.
CommunityAttribute
Thecommunityattributeisatransitive,optionalattributeintherangeof0to4,294,967,200.Thecommunity
attributeisawaytogroupdestinationsinacertaincommunityandapplyroutingdecisionsaccordingtothose
communities.Theroutingdecisionsareaccept,prefer,andredistribute,amongothers.
Youcanuseroutemapstosetthecommunityattributes.Theroutemapsetcommandhasthissyntax:
setcommunitycommunitynumber[additive][wellknowncommunity]
Afewpredefined,wellknowncommunitiesforuseinthiscommandare:
noexportDonotadvertisetoeBGPpeers.KeepthisroutewithinanAS.
noadvertiseDonotadvertisethisroutetoanypeer,internalorexternal.
internetAdvertisethisroutetotheInternetcommunity.Anyrouterbelongstothiscommunity.
localasUseinconfederationscenariostopreventthetransmitofpacketsoutsidethelocalAS.
Herearetwoexamplesofroutemapsthatsetthecommunity:
routemapcommunitymap
matchipaddress1
setcommunitynoadvertise
or
routemapsetcommunity
matchaspath1
setcommunity200additive
Ifyoudonotsettheadditivekeyword,200replacesanyoldcommunitythatalreadyexits.Ifyouusethe
keywordadditive,anadditionof200tothecommunityoccurs.Evenifyousetthecommunityattribute,this
attributedoesnottransmittoneighborsbydefault.Inordertosendtheattributetoaneighbor,youmustusethis
command:
neighbor{ipaddress|peergroupname}sendcommunity
Hereisanexample:
RTA#
routerbgp100
neighbor3.3.3.3sendcommunity
neighbor3.3.3.3routemapsetcommunityout
InCiscoIOSSoftwareRelease12.0andlater,youcanconfigurecommunitiesinthreedifferentformats:decimal,
hexadecimal,andAA:NN.Bydefault,CiscoIOSSoftwareusestheolderdecimalformat.Inordertoconfigure
anddisplayinAA:NN,issuetheipbgpcommunitynewformatglobalconfigurationcommand.Thefirstpartof
AA:NNrepresentstheASnumber,andthesecondpartrepresentsa2bytenumber.
Hereisanexample:
Withouttheipbgpcommunitynewformatcommandinglobalconfiguration,anissueoftheshowipbgp
6.0.0.0commanddisplaysthecommunityattributevalueindecimalformat.Inthisexample,thecommunity
attributevalueappearsas6553620.
30/62
11/2/2015
BGPCaseStudiesCisco
Router#showipbgp6.0.0.0
BGProutingtableentryfor6.0.0.0/8,version7
Paths:(1available,best#1,tableDefaultIPRoutingTable)
Notadvertisedtoanypeer
1
10.10.10.1from10.10.10.1(200.200.200.1)
OriginIGP,metric0,localpref100,valid,external,best
Community:6553620
Now,issuetheipbgpcommunitynewformatcommandgloballyonthisrouter.
Router#configureterminal
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#ipbgpcommunitynewformat
Router(config)#exit
Withtheipbgpcommunitynewformatglobalconfigurationcommand,thecommunityvaluedisplaysinAA:NN
format.Thevalueappearsas100:20intheoutputoftheshowipbgp6.0.0.0commandinthisexample:
Router#showipbgp6.0.0.0
BGProutingtableentryfor6.0.0.0/8,version9
Paths:(1available,best#1,tableDefaultIPRoutingTable)
Notadvertisedtoanypeer
1
10.10.10.1from10.10.10.1(200.200.200.1)
OriginIGP,metric0,localpref100,valid,external,best
Community:100:20
BGPCaseStudies3
BGPFiltering
AnumberofdifferentfiltermethodsallowyoutocontrolthesendandreceiveofBGPupdates.YoucanfilterBGP
updateswithrouteinformationasabasis,orwithpathinformationorcommunitiesasabasis.Allmethods
achievethesameresults.Thechoiceofonemethodoveranothermethoddependsonthespecificnetwork
configuration.
RouteFiltering
31/62
11/2/2015
BGPCaseStudiesCisco
Inordertorestricttheroutinginformationthattherouterlearnsoradvertises,youcanfilterBGPwiththeuseof
routingupdatestoorfromaparticularneighbor.Youdefineanaccesslistandapplytheaccesslisttothe
updatestoorfromaneighbor.Issuethiscommandintherouterconfigurationmode:
neighbor{ipaddress|peergroupname}distributelistaccesslistnumber{in|out}
Inthisexample,RTBoriginatesnetwork160.10.0.0andsendstheupdatetoRTC.IfRTCwantstostopthe
propagationoftheupdatestoAS100,youmustdefineanaccesslisttofilterthoseupdatesandapplytheaccess
listduringcommunicationwithRTA:
RTC#
routerbgp300
network170.10.0.0
accesslist1deny160.10.0.00.0.255.255
!Filteroutallroutingupdatesabout160.10.x.x.
Theuseofaccesslistsisabittrickywhenyoudealwithsupernetsthatcancausesomeconflicts.
Assumethat,intheexampleinthissection,RTBhasdifferentsubnetsof160.10.x.x.Yourgoalistofilter
updatesandadvertiseonly160.0.0.0/8.
Note:The/8notationmeansthatyouuse8bitsofsubnetmask,whichstartfromthefarleftoftheIPaddress.
Thisaddressisequivalentto160.0.0.0255.0.0.0.
Thecommandaccesslist1permit160.0.0.00.255.255.255permits160.0.0.0/8,160.0.0.0/9,andsoon.Inorder
torestricttheupdatetoonly160.0.0.0/8,youmustuseanextendedaccesslistofthisformat:
accesslist101permitip160.0.0.00.255.255.255255.0.0.00.0.0.0.
Thislistpermits160.0.0.0/8only.
RefertoHowtoBlockOneorMoreNetworksFromaBGPPeerforsampleconfigurationsonhowtofilter
networksfromBGPpeers.Themethodusesthedistributelistcommandwithstandardandextendedaccess
32/62
11/2/2015
BGPCaseStudiesCisco
controllists(ACLs),aswellasprefixlistfiltering.
PathFiltering
Anothertypeoffilteringispathfiltering.
YoucanspecifyanaccesslistonbothincomingandoutgoingupdateswithuseoftheBGPASpaths
information.Inthediagraminthissection,youcanblockupdatesabout160.10.0.0sothattheydonotgoto
AS100.Toblocktheupdates,defineanaccesslistonRTCthatpreventsthetransmittoAS100ofanyupdates
thathaveoriginatedfromAS200.Issuethesecommands:
ipaspathaccesslistaccesslistnumber{permit|deny}asregularexpression
neighbor{ipaddress|peergroupname}filterlistaccesslistnumber{in|out}
ThisexamplestopstheRTCsendofupdatesabout160.10.0.0toRTA:
RTC#
routerbgp300
neighbor2.2.2.2filterlist1out
!The1istheaccesslistnumberbelow.
ipaspathaccesslist1deny^200$
ipaspathaccesslist1permit.*
Theaccesslist1commandinthisexampleforcesthedenialofanyupdateswithpathinformationthatstartswith
200andendswith200.The^200$inthecommandisa"regularexpression",inwhich^means"startswith"and$
means"endswith".SinceRTBsendsupdatesabout160.10.0.0withpathinformationthatstartswith200and
endswith200,theupdatesmatchtheaccesslist.Theaccesslistdeniestheseupdates.
The.*isanotherregularexpressioninwhichthe.means"anycharacter"andthe*means"therepetitionofthat
character".So.*representsanypathinformation,whichisnecessarytopermitthetransmissionofallother
updates.
Whathappensif,insteadoftheuseof^200$,youuse^200?WithanAS400,asinthediagraminthissection,
updatesthatAS400originateshavepathinformationoftheform(200,400).Inthispathinformation,200isfirst
and400islast.Theseupdatesmatchtheaccesslist^200becausethepathinformationstartswith200.The
accesslistpreventsthetransmissionoftheseupdatestoRTA,whichisnottherequirement.
Inordertocheckifyouhaveimplementedthecorrectregularexpression,issuetheshowipbgpregexpregular
expressioncommand.Thiscommandshowsallthepathsthathavematchedtheregularexpressionconfiguration.
ASRegularExpression
Thissectionexplainsthecreationofaregularexpression.
Aregularexpressionisapatterntomatchagainstaninputstring.Whenyoubuildaregularexpression,you
specifyastringthatinputmustmatch.InthecaseofBGP,youspecifyastringthatconsistsofpathinformation
thataninputmustmatch.
IntheexampleinthesectionPathFiltering,youspecifiedthestring^200$.Youwantedpathinformationthat
comesinsideupdatestomatchthestringinordertomakeadecision.
Aregularexpressioncomprises:
Range
Arangeisasequenceofcharacterswithinleftandrightsquarebrackets.Anexampleis[abcd].
Atom
33/62
11/2/2015
BGPCaseStudiesCisco
Anatomisasinglecharacter.Herearesomeexamples:
.
The.matchesanysinglecharacter.
^
The^matchesthestartoftheinputstring.
$
The$matchestheendoftheinputstring.
\
The\matchesthecharacter.
The_matchesacomma(,),leftbrace({),rightbrace(}),thestartoftheinputstring,theendoftheinput
string,oraspace.
Piece
Apieceisoneofthesesymbols,whichfollowsanatom:
*
The*matches0ormoresequencesoftheatom.
+
The+matches1ormoresequencesoftheatom.
?
The?matchestheatomorthenullstring.
Branch
Abranchis0ormoreconcatenatedpieces.
Herearesomeexamplesofregularexpressions:
a*
Thisexpressionindicatesanyoccurrenceoftheletter"a",whichincludesnone.
a+
Thisexpressionindicatesthatatleastoneoccurrenceoftheletter"a"mustbepresent.
ab?a
Thisexpressionmatches"aa"or"aba".
_100_
ThisexpressionmeansviaAS100.
_100$
ThisexpressionindicatesanoriginofAS100.
^100.*
34/62
11/2/2015
BGPCaseStudiesCisco
ThisexpressionindicatestransmissionfromAS100.
^$
ThisexpressionindicatesoriginationfromthisAS.
RefertoUsingRegularExpressionsinBGPforsampleconfigurationsofregularexpressionfiltering.
BGPCommunityFiltering
ThisdocumenthascoveredroutefilteringandASpathfiltering.Anothermethodiscommunityfiltering.The
sectionCommunityAttributediscussescommunity,andthissectionprovidesafewexamplesofhowtouse
community.
Inthisexample,youwantRTBtosetthecommunityattributetotheBGProutesthatRTBadvertisessuchthat
RTCdoesnotpropagatetheseroutestotheexternalpeers.Usethenoexportcommunityattribute.
RTB#
routerbgp200
network160.10.0.0
matchipaddress1
setcommunitynoexport
Note:Thisexampleusestheroutemapsetcommunitycommandinordertosetthecommunitytonoexport.
Note:TheneighborsendcommunitycommandisnecessaryinordertosendthisattributetoRTC.
WhenRTCgetstheupdateswiththeattributeNO_EXPORT,RTCdoesnotpropagatetheupdatestoexternal
peerRTA.
Inthisexample,RTBhassetthecommunityattributeto100200additive.Thisactionaddsthevalue100200to
anyexistingcommunityvaluebeforetransmissiontoRTC.
RTB#
routerbgp200
network160.10.0.0
matchipaddress2
setcommunity100200additive
Acommunitylistisagroupofcommunitiesthatyouuseinamatchclauseofaroutemap.Thecommunitylist
allowsyoutofilterorsetattributeswithdifferentlistsofcommunitynumbersasabasis.
ipcommunitylistcommunitylistnumber{permit|deny}communitynumber
Forexample,youcandefinethisroutemap,matchoncommunity:
routemapmatchoncommunity
matchcommunity10
!Thecommunitylistnumberis10.
35/62
11/2/2015
BGPCaseStudiesCisco
setweight20
ipcommunitylist10permit200300
!Thecommunitynumberis200300.
Youcanusethecommunitylistinordertofilterorsetcertainparameters,likeweightandmetric,incertain
updateswiththecommunityvalueasabasis.Inthesecondexampleinthissection,RTBsentupdatestoRTC
withacommunityof100200.IfRTCwantstosettheweightwiththosevaluesasabasis,youcandothis:
RTC#
routerbgp300
neighbor3.3.3.3routemapcheckcommunityin
routemapcheckcommunitypermit10
matchcommunity1
setweight20
matchcommunity2exact
setweight10
matchcommunity3
ipcommunitylist3permitinternet
Inthisexample,anyroutethathas100inthecommunityattributematcheslist1.Theweightofthisrouteisset
to20.Anyroutethathasonly200ascommunitymatcheslist2andhasaweightof20.Thekeywordexact
statesthatthecommunityconsistsof200onlyandnothingelse.Thelastcommunitylistisheretomakesure
thatotherupdatesdonotdrop.Rememberthatanythingthatdoesnotmatchdrops,bydefault.Thekeyword
internetindicatesallroutesbecauseallroutesaremembersoftheInternetcommunity.
RefertoUsingBGPCommunityValuestoControlRoutingPolicyinanUpstreamProviderNetworkformore
information.
BGPNeighborsandRouteMaps
Youcanusetheneighborcommandinconjunctionwithroutemapstoeitherfilterorsetparametersonincoming
andoutgoingupdates.
Routemapsassociatedwiththeneighborstatementhavenoeffectonincomingupdateswhenyoumatchbased
ontheIPaddress:
neighboripaddressroutemaproutemapname
Assumethat,inthediagraminthissection,youwantRTCtolearnfromAS200aboutnetworksthatarelocalto
AS200andnothingelse.Also,youwanttosettheweightontheacceptedroutesto20.Useacombinationof
neighborandaspathaccesslists:
RTC#
routerbgp300
network170.10.0.0
neighbor3.3.3.3routemapstampin
routemapstamp
36/62
11/2/2015
BGPCaseStudiesCisco
matchaspath1
setweight20
AnyupdatesthatoriginatefromAS200havepathinformationthatstartswith200andendswith200.These
updatesarepermitted.Anyotherupdatesdrop.
Assumethatyouwant:
AnacceptanceofupdatesthatoriginatefromAS200andhaveaweightof20
ThedropofupdatesthatoriginatefromAS400
Aweightof10forotherupdates
RTC#
routerbgp300
network170.10.0.0
neighbor3.3.3.3routemapstampin
routemapstamppermit10
matchaspath1
setweight20
routemapstamppermit20
matchaspath2
setweight10
ipaspathaccesslist2permit^200600.*
Thisstatementsetsaweightof20forupdatesthatarelocaltoAS200.Thestatementalsosetsaweightof10
forupdatesthatarebehindAS400,anddropsupdatesthatcomefromAS400.
UseofsetaspathprependCommand
Insomesituations,youmustmanipulatethepathinformationinordertomanipulatetheBGPdecisionprocess.
Thecommandthatyouusewitharoutemapis:
setaspathprependaspath#aspath#
Supposethat,inthediagraminthesectionBGPNeighborsandRouteMaps,RTCadvertisesitsownnetwork
170.10.0.0totwodifferentASs,AS100andAS200.WhentheinformationispropagatedtoAS600,theroutersin
AS600havenetworkreachabilityinformationabout170.10.0.0viatwodifferentroutes.Thefirstrouteisvia
AS100withpath(100,300),andthesecondoneisviaAS400withpath(400,200,300).Ifallotherattributesare
thesame,AS600pickstheshortestpathandchoosestherouteviaAS100.
AS300getsalltrafficviaAS100.IfyouwanttoinfluencethisdecisionfromtheAS300end,youcanmakethe
paththroughAS100appeartobelongerthanthepaththatgoesthroughAS400.Youcandothisifyouprepend
ASnumberstotheexistingpathinformationthatisadvertisedtoAS100.Acommonpracticeistorepeatyour
ownASnumberinthisway:
RTC#
routerbgp300
network170.10.0.0
neighbor2.2.2.2routemapSETPATHout
routemapSETPATH
setaspathprepend300300
37/62
11/2/2015
BGPCaseStudiesCisco
Becauseofthisconfiguration,AS600receivesupdatesabout170.10.0.0viaAS100withpathinformationof:(100,
300,300,300).Thispathinformationislongerthanthe(400,200,300)thatAS600receivedfromAS400.
BGPPeerGroups
ABGPpeergroupisagroupofBGPneighborswiththesameupdatepolicies.Routemaps,distributelists,and
filterliststypicallysetupdatepolicies.Youdonotdefinethesamepoliciesforeachseparateneighborinstead,
youdefineapeergroupnameandassignthesepoliciestothepeergroup.
Membersofthepeergroupinheritalltheconfigurationoptionsofthepeergroup.Youcanalsoconfiguremembers
tooverridetheseoptionsiftheoptionsdonotaffectoutboundupdates.Youcanonlyoverrideoptionsthatareset
ontheinbound.
Inordertodefineapeergroup,issuethiscommand:
neighborpeergroupnamepeergroup
ThisexampleappliespeergroupstointernalandexternalBGPneighbors:
RTC#
routerbgp300
neighborinternalmappeergroup
neighborinternalmapremoteas300
neighborinternalmaproutemapSETMETRICout
neighborinternalmapfilterlist1out
neighborinternalmapfilterlist2in
neighbor5.5.5.2peergroupinternalmap
neighbor3.3.3.2filterlist3in
Thisconfigurationdefinesapeergroupwiththenameinternalmap.Theconfigurationdefinessomepoliciesfor
thegroup,suchasaroutemapSETMETRICtosetthemetricto5andtwodifferentfilterlists,1and2.The
configurationappliesthepeergrouptoallinternalneighbors,RTE,RTF,andRTG.Also,theconfigurationdefines
aseparatefilterlist3forneighborRTE.Thisfilterlistoverridesfilterlist2insidethepeergroup.
Note:Youcanonlyoverrideoptionsthataffectinboundupdates.
Now,lookathowyoucanusepeergroupswithexternalneighbors.Withthesamediagraminthissection,you
configureRTCwithapeergroupexternalmapandapplythepeergrouptoexternalneighbors.
RTC#
routerbgp300
neighborexternalmappeergroup
neighborexternalmaproutemapSETMETRIC
neighborexternalmapfilterlist1out
neighborexternalmapfilterlist2in
neighbor2.2.2.2peergroupexternalmap
neighbor1.1.1.2filterlist3in
Note:Intheseconfigurations,youdefinetheremoteasstatementsoutsideofthepeergroupbecauseyoumust
definedifferentexternalASs.Also,youoverridetheinboundupdatesofneighbor1.1.1.2withtheassignmentof
filterlist3.
Formoreinformationonpeergroups,refertoBGPPeerGroups.
Note:InCiscoIOSSoftwareRelease12.0(24)S,CiscointroducedtheBGPDynamicUpdatePeerGroups
feature.ThefeatureisavailableinlaterCiscoIOSSoftwarereleasesaswell.Thefeatureintroducesanew
algorithmthatdynamicallycalculatesandoptimizesupdategroupsofneighborsthatsharethesameoutbound
38/62
11/2/2015
BGPCaseStudiesCisco
policies.Theseneighborscansharethesameupdatemessages.InearlierreleasesofCiscoIOSSoftware,the
groupofBGPupdatemessageswasonthebasisofpeergroupconfigurations.Thismethodtogroupupdates
limitedoutboundpoliciesandspecificsessionconfigurations.TheBGPDynamicUpdatePeerGroupfeature
separatesupdategroupreplicationfrompeergroupconfiguration.Thisseparationimprovestheconvergencetime
andtheflexibilityofneighborconfiguration.RefertoBGPDynamicUpdatePeerGroupsformoredetails.
BGPCaseStudies4
CIDRandAggregateAddresses
OneofthemainenhancementsofBGP4overBGP3isclasslessinterdomainrouting(CIDR).CIDRor
supernettingisanewwaytolookatIPaddresses.WithCIDR,thereisnonotionofclasses,suchasclassA,B,
orC.Forexample,network192.213.0.0wasonceanillegalclassCnetwork.Now,thenetworkisalegal
supernet,192.213.0.0/16.The"16"representsthenumberofbitsinthesubnetmask,whenyoucountfromthe
farleftoftheIPaddress.Thisrepresentationissimilarto192.213.0.0255.255.0.0.
Youuseaggregatesinordertominimizethesizeofroutingtables.Aggregationistheprocessthatcombinesthe
characteristicsofseveraldifferentroutesinsuchawaythatadvertisementofasinglerouteispossible.Inthis
example,RTBgeneratesnetwork160.10.0.0.YouconfigureRTCtopropagateasupernetofthatroute160.0.0.0
toRTA:
RTB#
routerbgp200
network160.10.0.0
#RTC
routerbgp300
network170.10.0.0
aggregateaddress160.0.0.0255.0.0.0
RTCpropagatestheaggregateaddress160.0.0.0toRTA.
AggregateCommands
Thereisawiderangeofaggregatecommands.Youmustunderstandhoweachoneworksinordertohavethe
aggregationbehaviorthatyoudesire.
ThefirstcommandistheonefromtheexampleinthesectionCIDRandAggregateAddresses:
aggregateaddressaddressmask
Thiscommandadvertisestheprefixrouteandallthemorespecificroutes.Thecommandaggregateaddress
160.0.0.0propagatesanadditionalnetwork160.0.0.0butdoesnotpreventthepropagationof160.10.0.0toRTA.
Theoutcomeisthepropagationofbothnetworks160.0.0.0and160.10.0.0toRTA,whichistheadvertisementof
boththeprefixandthemorespecificroute.
Note:YoucannotaggregateanaddressifyoudonothaveamorespecificrouteofthataddressintheBGP
routingtable.
Forexample,RTBcannotgenerateanaggregatefor160.0.0.0ifRTBdoesnothaveamorespecificentryof
160.0.0.0intheBGPtable.AninjectionofthemorespecificrouteintotheBGPtableispossible.Theroute
injectioncanoccurvia:
IncomingupdatesfromotherASs
RedistributionofanIGPorstaticintoBGP
39/62
11/2/2015
BGPCaseStudiesCisco
Thenetworkcommand,forexample,network160.10.0.0
IfyouwantRTCtopropagatenetwork160.0.0.0onlyandnotthemorespecificroute,issuethiscommand:
aggregateaddressaddressmasksummaryonly
Thiscommandadvertisestheprefixonly.Thecommandsuppressesallthemorespecificroutes.
Thecommandaggregate160.0.0.0255.0.0.0summaryonlypropagatesnetwork160.0.0.0andsuppressesthe
morespecificroute160.10.0.0.
Note:IfyouaggregateanetworkthatinjectedintoyourBGPviathenetworkstatement,thenetworkentry
alwaysinjectsintoBGPupdates.Thisinjectionoccurseventhoughyouusetheaggregatesummaryonly
command.TheexampleinthesectionCIDRExample1discussesthissituation.
aggregateaddressaddressmaskasset
Thiscommandadvertisestheprefixandthemorespecificroutes.Butthecommandincludesassetinformation
inthepathinformationoftheroutingupdates.
aggregate129.0.0.0255.0.0.0asset
ThesectionCIDRExample2(asset)discussesthiscommand.
Ifyouwanttosuppressmorespecificrouteswhenyoudotheaggregation,definearoutemapandapplytheroute
maptotheaggregates.Theactionallowsyoutobeselectiveaboutwhichmorespecificroutestosuppress.
aggregateaddressaddressmasksuppressmapmapname
Thiscommandadvertisestheprefixandthemorespecificroutes.Butthecommandsuppressesadvertisement
witharoutemapbasis.Supposethat,withthediagraminthesectionCIDRandAggregateAddresses,youwant
toaggregate160.0.0.0,suppressthemorespecificroute160.20.0.0,andallowthepropagationof160.10.0.0.Use
thisroutemap:
routemapCHECKpermit10
matchipaddress1
accesslist1deny0.0.0.0255.255.255.255
Bydefinitionofthesuppressmap,thereisasuppressionfromtheupdatesofanypacketsthattheaccesslist
permits.
Then,applytheroutemaptotheaggregatestatement.
RTC#
routerbgp300
network170.10.0.0
aggregateaddress160.0.0.0255.0.0.0suppressmapCHECK
Hereisanothervariation:
aggregateaddressaddressmaskattributemapmapname
Thiscommandallowsyoutosettheattributes,suchasmetric,atthetimeofthesendofaggregates.Inorderto
settheoriginoftheaggregatestoIGP,applythisroutemaptotheaggregateattributemapcommand:
routemapSETMETRIC
setoriginigp
aggregateaddress160.0.0.0255.0.0.0attributemapSETORIGIN
40/62
11/2/2015
BGPCaseStudiesCisco
Formoreinformation,refertoUnderstandingRouteAggregationinBGP.
CIDRExample1
Request:AllowRTBtoadvertisetheprefix160.0.0.0andsuppressallthemorespecificroutes.Theproblemwith
thisrequestisthatnetwork160.10.0.0islocaltoAS200,whichmeansthatAS200istheoriginatorof160.10.0.0.
YoucannothaveRTBgenerateaprefixfor160.0.0.0withoutthegenerationofanentryfor160.10.0.0,evenifyou
usetheaggregatesummaryonlycommand.RTBgeneratesbothnetworksbecauseRTBistheoriginatorof
160.10.0.0.Therearetwosolutionstothisproblem.
ThefirstsolutionistouseastaticrouteandredistributeintoBGP.TheoutcomeisthatRTBadvertisesthe
aggregatewithanoriginofincomplete(?).
RTB#
routerbgp200
redistributestatic
!Thisgeneratesanupdatefor160.0.0.0
!withtheoriginpathas"incomplete".
iproute160.0.0.0255.0.0.0null0
Inthesecondsolution,inadditiontothestaticroute,youaddanentryforthenetworkcommand.Thisentryhas
thesameeffect,exceptthattheentrysetstheoriginoftheupdatetoIGP.
RTB#
routerbgp200
network160.0.0.0mask255.0.0.0
!ThisentrymarkstheupdatewithoriginIGP.
redistributestatic
iproute160.0.0.0255.0.0.0null0
CIDRExample2(asset)
Youusethestatementassetinaggregationtoreducethesizeofthepathinformation.Withasset,theAS
numberislistedonlyonce,regardlessofhowmanytimestheASnumberappearedinmultiplepathsthatwere
aggregated.Youusetheaggregateassetcommandinsituationsinwhichtheaggregationofinformationcauses
lossofinformationwithregardtothepathattribute.Inthisexample,RTCgetsupdatesabout160.20.0.0from
RTAandupdatesabout160.10.0.0fromRTB.SupposethatRTCwantstoaggregatenetwork160.0.0.0/8and
sendthenetworktoRTD.RTDdoesnotknowtheoriginofthatroute.Ifyouaddtheaggregateassetstatement,
youforceRTCtogeneratepathinformationintheformofaset{}.Thatsetincludesallthepathinformation,
irrespectiveofwhichpathcamefirst.
RTB#
routerbgp200
network160.10.0.0
RTA#
routerbgp100
network160.20.0.0
Case1:
RTCdoesnothaveanassetstatement.RTCsendsanupdate160.0.0.0/8toRTDwithpathinformation(300),as
41/62
11/2/2015
BGPCaseStudiesCisco
iftherouteoriginatedfromAS300.
RTC#
routerbgp300
aggregate160.0.0.0255.0.0.0summaryonly
!ThiscommandcausesRTCtosendRTDupdatesabout160.0.0.0/8
!withnoindicationthat160.0.0.0actuallycomesfromtwodifferentASs.
!ThismaycreateloopsifRTDhasanentrybackintoAS100orAS200.
Case2:
RTC#
routerbgp300
aggregate160.0.0.0255.0.0.0summaryonly
aggregate160.0.0.0255.0.0.0asset
!ThiscommandcausesRTCtosendRTDupdatesabout160.0.0.0/8
!withanindicationthat160.0.0.0belongstoaset{100200}.
Thenexttwosubjects,BGPConfederationandRouteReflectors,areforInternetserviceproviders(ISPs)that
wantfurthercontroloftheexplosionofiBGPpeeringinsidetheirASs.
BGPConfederation
TheimplementationofBGPconfederationreducestheiBGPmeshinsideanAS.ThetrickistodivideanASinto
multipleASsandassignthewholegrouptoasingleconfederation.EachASalonehasiBGPfullymeshedand
hasconnectionstootherASsinsidetheconfederation.EventhoughtheseASshaveeBGPpeerstoASswithin
theconfederation,theASsexchangeroutingasiftheyusediBGP.Inthisway,theconfederationpreservesnext
hop,metric,andlocalpreferenceinformation.Totheoutsideworld,theconfederationappearstobeasingleAS.
InordertoconfigureaBGPconfederation,issuethiscommand:
bgpconfederationidentifierautonomoussystem
TheconfederationidentifieristheASnumberoftheconfederationgroup.
TheissueofthiscommandperformspeeringbetweenmultipleASswithintheconfederation:
bgpconfederationpeersautonomoussystem[autonomoussystem]
Hereisanexampleofconfederation:
AssumethatyouhaveanAS500thatconsistsofnineBGPspeakers.OthernonBGPspeakersexistalso,but
youonlyhaveinterestintheBGPspeakersthathaveeBGPconnectionstootherASs.Ifyouwanttomakeafull
iBGPmeshinsideAS500,youneedninepeerconnectionsforeachrouter.YouneedeightiBGPpeersandone
eBGPpeertoexternalASs.
Ifyouuseconfederation,youcandivideAS500intomultipleASs:AS50,AS60,andAS70.YougivetheASa
confederationidentifierof500.TheoutsideworldseesonlyoneAS,AS500.ForeachofAS50,AS60,andAS70,
youdefineafullmeshofiBGPpeers,andyoudefinethelistofconfederationpeerswiththebgpconfederation
peerscommand.
HereisasampleconfigurationofroutersRTC,RTD,andRTA:
42/62
11/2/2015
BGPCaseStudiesCisco
Note:RTAhasnoknowledgeofAS50,AS60,orAS70.RTAhasonlyknowledgeofAS500.
RTC#
routerbgp50
bgpconfederationidentifier500
bgpconfederationpeers6070
neighbor128.213.10.1remoteas50(IBGPconnectionwithinAS50)
neighbor129.210.11.1remoteas60(BGPconnectionwithconfederationpeer60)
neighbor5.5.5.5remoteas100(EBGPconnectiontoexternalAS100)
RTD#
routerbgp60
bgpconfederationidentifier500
bgpconfederationpeers5070
neighbor6.6.6.6remoteas600(EBGPconnectiontoexternalAS600)
RTA#
routerbgp100
neighbor5.5.5.4remoteas500(EBGPconnectiontoconfederation500)
RouteReflectors
AnothersolutionfortheexplosionofiBGPpeeringwithinanASisRouteReflectors(RRs).AstheiBGPsection
demonstrates,aBGPspeakerdoesnotadvertisearoutethattheBGPspeakerlearnedviaanotheriBGPspeaker
toathirdiBGPspeaker.Youcanrelaxthisrestrictionabitandprovideadditionalcontrol,whichallowsarouterto
advertise,orreflect,iBGPlearnedroutestootheriBGPspeakers.Thisroutereflectionreducesthenumberof
iBGPpeerswithinanAS.
Innormalcases,maintainafulliBGPmeshbetweenRTA,RTB,andRTCwithinAS100.IfyouutilizetheRR
concept,RTCcanbeelectedasanRR.Inthisway,RTChasapartialiBGPpeeringwithRTAandRTB.Peering
betweenRTAandRTBisnotnecessarybecauseRTCisanRRfortheupdatesthatcomefromRTAandRTB.
neighborroutereflectorclient
TherouterwiththiscommandistheRR,andtheneighborsatwhichthecommandpointsaretheclientsofthat
RR.Intheexample,theRTCconfigurationhastheneighborroutereflectorclientcommandthatpointsatthe
RTAandRTBIPaddresses.ThecombinationoftheRRandtheclientsisa"cluster".Inthisexample,RTA,
RTB,andRTCformaclusterwithasingleRRwithinAS100.
OtheriBGPpeersoftheRRthatarenotclientsare"nonclients".
AnAScanhavemorethanoneRR.Inthissituation,anRRtreatsotherRRsjustlikeanyotheriBGPspeaker.
OtherRRscanbelongtothesamecluster(clientgroup)ortootherclusters.Inasimpleconfiguration,youcan
dividetheASintomultipleclusters.YouconfigureeachRRwithotherRRsasnonclientpeersinafullymeshed
topology.ClientsshouldnotpeerwithiBGPspeakersoutsidetheclientcluster.
Considerthisdiagram.RTA,RTB,andRTCformasinglecluster.RTCistheRR.ForRTC,RTAandRTBare
clientsandanythingelseisanonclient.Rememberthattheneighborroutereflectorclientcommandpointsat
clientsofanRR.ThesameRTDistheRRforclientsRTEandRTF.RTGisanRRinathirdcluster.
Note:RTD,RTC,andRTGarefullymeshed,butrouterswithinaclusterarenot.WhenanRRreceivesaroute,
theRRroutesasthislistshows.However,thisactivitydependsonthepeertype:
1. RoutesfromanonclientpeerReflectstoalltheclientswithinthecluster.
43/62
11/2/2015
BGPCaseStudiesCisco
2. RoutesfromaclientpeerReflectstoallthenonclientpeersandalsototheclientpeers.
3. RoutesfromaneBGPpeerSendstheupdatetoallclientandnonclientpeers.
HereistherelativeBGPconfigurationofroutersRTC,RTD,andRTB:
RTC#
routerbgp100
neighbor2.2.2.2routereflectorclient
RTB#
routerbgp100
RTD#
routerbgp100
BecausethereisareflectionoftheiBGPlearnedroutes,therecanbearoutinginformationloop.TheRRscheme
hasafewmethodstoavoidthisloop:
originatoridThisisanoptional,nontransitiveBGPattributethatis4byteslong.AnRRcreatesthis
attribute.TheattributecarriestherouterID(RID)oftheoriginatoroftherouteinthelocalAS.If,duetopoor
configuration,theroutinginformationcomesbacktotheoriginator,theinformationisignored.
clusterlistThesectionMultipleRRswithinaClustercoversclusterlist.
MultipleRRswithinaCluster
Usually,aclusterofclientshasasingleRR.Inthiscase,therouterIDoftheRRidentifiesthecluster.Inorderto
increaseredundancyandavoidsinglepointsoffailure,aclustercanhavemorethanoneRR.Youneedto
configureallRRsinthesameclusterwitha4byteclusterIDsothatanRRcanrecognizeupdatesfromRRsin
thesamecluster.
AclusterlistisasequenceofclusterIDsthattheroutehaspassed.WhenanRRreflectsaroutefromtheRR
clientstononclientsoutsideofthecluster,theRRappendsthelocalclusterIDtotheclusterlist.Ifthisupdate
hasanemptyclusterlist,theRRcreatesone.Withthisattribute,anRRcanidentifyiftheroutinginformationhas
loopedbacktothesameclusterduetopoorconfiguration.IfthelocalclusterIDisfoundintheclusterlist,the
advertisementisignored.
Inthediagraminthissection,RTD,RTE,RTF,andRTHbelongtoonecluster.BothRTDandRTHareRRsfor
thesamecluster.
Note:ThereisredundancybecauseRTHhasfullymeshedpeeringwithalltheRRs.IfRTDgoesdown,RTH
takestheplaceofRTD.
HereistheconfigurationofRTH,RTD,RTF,andRTC:
44/62
11/2/2015
BGPCaseStudiesCisco
RTH#
routerbgp100
bgpclusterid10
RTD#
routerbgp100
bgpclusterid10
RTF#
routerbgp100
RTC#
routerbgp100
Note:YoudonotneedthebgpclusteridcommandforRTCbecauseonlyoneRRexistsinthatcluster.
ImportantNote:Thisconfigurationdoesnotusepeergroups.Donotusepeergroupsiftheclientsinsidea
clusterdonothavedirectiBGPpeersamongoneanotherandtheclientsexchangeupdatesthroughtheRR.If
youconfigurepeergroups,apotentialwithdrawaltothesourceofarouteontheRRtransmitstoallclientsinside
thecluster.Thistransmissioncancauseproblems.
TheroutersubcommandbgpclienttoclientreflectionisenabledbydefaultontheRR.IfyouturnoffBGP
clienttoclientreflectionontheRRandyoumakeredundantBGPpeeringbetweentheclients,youcansafelyuse
peergroups.RefertoLimitationsofPeerGroupsformoreinformation.
RRandConventionalBGPSpeakers
AnAScanhaveBGPspeakersthatdonotunderstandtheconceptofRRs.Thisdocumentcallstheserouters
conventionalBGPspeakers.TheRRschemeallowssuchconventionalBGPspeakerstocoexist.Theserouters
canbeeithermembersofaclientgrouporanonclientgroup.Theexistenceoftheseroutersallowseasyand
gradualmigrationfromthecurrentiBGPmodeltotheRRmodel.Youcanstarttocreateclustersifyouconfigure
45/62
11/2/2015
BGPCaseStudiesCisco
asinglerouterasanRRandmakeotherRRsandRRclientsnormaliBGPpeers.Then,youcancreatemore
clustersgradually.
Inthisdiagram,RTD,RTE,andRTFhavetheconceptofroutereflection.RTC,RTA,andRTBare"conventional"
routers.YoucannotconfiguretheseroutersasRRs.YoucandonormaliBGPmeshbetweentheseroutersand
RTD.Lateron,whenyouarereadytoupgrade,youcanmakeRTCanRRwithclientsRTAandRTB.Clientsdo
nothavetounderstandtheroutereflectionschemeonlytheRRsrequiretheupgrade.
HereistheconfigurationofRTDandRTC:
RTD#
routerbgp100
RTC#
routerbgp100
WhenyouarereadytoupgradeRTCandmakeRTCanRR,removetheiBGPfullmeshandhaveRTAandRTB
becomeclientsofRTC.
AvoidLoopofRoutingInformation
Sofar,thisdocumenthasmentionedtwoattributesthatyoucanusetopreventpotentialinformationlooping:
originatoridandclusterlist.
Anothermeanstocontrolloopsistoputmorerestrictionsonthesetclauseofoutboundroutemaps.Theset
clauseforoutboundroutemapsdoesnotaffectroutesthatreflecttoiBGPpeers.
Youcanalsoputmorerestrictionsonnexthopself,whichisaperneighborconfigurationoption.Whenyouuse
nexthopselfonRRs,theclauseonlyaffectsthenexthopofeBGPlearnedroutesbecausethenexthopof
reflectedroutesshouldnotbechanged.
RouteFlapDampening
CiscoIOSSoftwareRelease11.0introducedroutedampening.Routedampeningisamechanismtominimizethe
instabilitythatrouteflappingcauses.Routedampeningalsoreducesoscillationoverthenetwork.Youdefine
criteriatoidentifypoorlybehavedroutes.Aroutethatflapsgetsapenaltyof1000foreachflap.Assoonasthe
cumulativepenaltyreachesapredefined"suppresslimit",suppressionoftherouteadvertisementoccurs.The
penaltydecaysexponentiallybasedonapreconfigured"halflifetime".Oncethepenaltydecreasesbelowa
predefined"reuselimit",unsuppressionoftherouteadvertisementoccurs.
RoutedampeningdoesnotapplytoroutesthatareexternaltoanASandlearnedviaiBGP.Inthisway,route
dampeningavoidsahigherpenaltyfortheiBGPpeersforroutesexternaltotheAS.
Thepenaltydecaysatagranularityof5seconds.Unsuppressionoftheroutesisatagranularityof10seconds.
Therouterkeepsthedampeninginformationuntilthepenaltybecomeslessthanhalfofthe"reuselimit".Atthat
point,therouterpurgestheinformation.
Initially,dampeningisoffbydefault.Ifthereisaneed,thisfeaturemaybegivendefaultenablementinthefuture.
46/62
11/2/2015
BGPCaseStudiesCisco
Thesecommandscontrolroutedampening:
bgpdampeningTurnsondampening.
nobgpdampeningTurnsoffdampening.
bgpdampeninghalflifetimeChangesthehalflifetime.
Acommandthatsetsallparametersatthesametimeis:
bgpdampeninghalflifetimereusesuppressmaximumsuppresstime
Thislistdetailsthesyntax:
halflifetimeTherangeis145minutes,andthecurrentdefaultis15minutes.
reusevalueTherangeis120,000,andthedefaultis750.
suppressvalueTherangeis120,000,andthedefaultis2000.
maxsuppresstimeThisisthemaximumdurationforthesuppressionofaroute.Therangeis1255
minutes,andthedefaultis4timesthehalflifetime.
RTB#
hostnameRTB
interfaceSerial0
ipaddress203.250.15.2255.255.255.252
interfaceSerial1
ipaddress192.208.10.6255.255.255.252
routerbgp100
bgpdampening
network203.250.15.0
RTD#
hostnameRTD
interfaceLoopback0
ipaddress192.208.10.174255.255.255.192
interfaceSerial0/0
ipaddress192.208.10.5255.255.255.252
routerbgp300
network192.208.10.0
TheconfigurationofRTBisforroutedampeningwithdefaultparameters.IfyouassumethattheeBGPlinkto
RTDisstable,theRTBBGPtablelookslikethis:
RTB#showipbgp
BGPtableversionis24,localrouterIDis203.250.15.2Statuscodes:s
suppressed,ddamped,hhistory,*valid,>best,iinternalOrigin
codes:iIGP,eEGP,?incomplete
NetworkNextHopMetricLocPrfWeightPath
*>192.208.10.0192.208.10.500300i
*>203.250.15.00.0.0.0032768i
Inordertosimulatearouteflap,issuetheclearipbgp192.208.10.6commandonRTD.TheRTBBGPtable
lookslikethis:
47/62
11/2/2015
BGPCaseStudiesCisco
RTB#showipbgp
BGPtableversionis24,localrouterIDis203.250.15.2Statuscodes:s
suppressed,ddamped,hhistory,*valid,>best,iinternalOrigin
codes:iIGP,eEGP,?incomplete
h192.208.10.0192.208.10.500300i
*>203.250.15.00.0.0.0032768i
TheBGPentryfor192.208.10.0isinahistorystate.Thisplacementmeansthatyoudonothaveabestpathto
theroute,butinformationabouttherouteflappingstillexists.
RTB#showipbgp192.208.10.0
BGProutingtableentryfor192.208.10.0255.255.255.0,version25
Paths:(1available,nobestpath)
300(historyentry)
192.208.10.5from192.208.10.5(192.208.10.174)
OriginIGP,metric0,external
Dampinfo:penalty910,flapped1timesin0:02:03
Theroutehasreceivedapenaltyforflapping,butthepenaltyisstillbelowthe"suppresslimit".Thedefaultis
2000.Routesuppressionhasnotyetoccurred.Iftherouteflapsafewmoretimes,yousee:
RTB#showipbgp
BGPtableversionis32,localrouterIDis203.250.15.2Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,iinternalOrigincodes:
iIGP,eEGP,?incomplete
*d192.208.10.0192.208.10.500300i
*>203.250.15.00.0.0.0032768i
RTB#showipbgp192.208.10.0
BGProutingtableentryfor192.208.10.0255.255.255.0,version32
Paths:(1available,nobestpath)
300,(suppressedduetodampening)
192.208.10.5from192.208.10.5(192.208.10.174)
OriginIGP,metric0,valid,external
Dampinfo:penalty2615,flapped3timesin0:05:18,reusein0:27:00
Theroutehasbeendampened,orsuppressed.Therouteisreusedwhenthepenaltyreachesthe"reusevalue".In
thiscase,thereusevalueisthedefault,750.Thedampeninginformationispurgedwhenthepenaltybecomes
lessthanhalfofthereuselimit.Inthiscase,thepurgeoccurswhenthepenaltybecomes375(750/2=375).
Thesecommandsshowandclearflapstatisticsinformation:
showipbgpflapstatisticsDisplaysflapstatisticsforallthepaths.
showipbgpflapstatisticsregexpregularexpressionDisplaysflapstatisticsforallpathsthatmatchthe
regularexpression.
showipbgpflapstatisticsfilterlistlistDisplaysflapstatisticsforallpathsthatpassthefilter.
showipbgpflapstatisticsA.B.C.Dm.m.m.mDisplaysflapstatisticsforasingleentry.
showipbgpflapstatisticsA.B.C.Dm.m.m.mlongerprefixDisplaysflapstatisticsformorespecific
entries.
showipbgpneighbor[dampenedroutes]|[flapstatistics]Displaysflapstatisticsforallpathsfroma
neighbor.
clearipbgpflapstatisticsClearsflapstatisticsforallroutes.
clearipbgpflapstatisticsregexpregularexpressionClearsflapstatisticsforallthepathsthatmatchthe
regularexpression.
clearipbgpflapstatisticsfilterlistlistClearsflapstatisticsforallthepathsthatpassthefilter.
48/62
11/2/2015
BGPCaseStudiesCisco
clearipbgpflapstatisticsA.B.C.Dm.m.m.mClearsflapstatisticsforasingleentry.
clearipbgpA.B.C.DflapstatisticsClearsflapstatisticsforallpathsfromaneighbor.
HowBGPSelectsaPath
NowthatyouarefamiliarwiththeBGPattributesandterminology,refertoBGPBestPathSelectionAlgorithm.
BGPCaseStudies5
PracticalDesignExample
Thissectioncontainsadesignexamplethatshowstheconfigurationandroutingtablesasthetablesactually
appearonCiscorouters.
Thissectionshowshowtobuildthisconfigurationstepbystepandwhatcangowrongalongtheway.Whenever
youhaveanASthatconnectstotwoISPsviaeBGP,alwaysruniBGPwithinyourASinordertohavebetter
controlofyourroutes.Inthisexample,iBGPrunsinsideAS100betweenRTAandRTB,andOSPFrunsasan
IGP.AssumethatyouconnecttotwoISPs,AS200andAS300.Thisisthefirstrunoftheconfigurationsforall
therouters:
Note:Theseconfigurationsarenotthefinalconfigurations.
RTA#
hostnameRTA
ipsubnetzero
interfaceLoopback0
ipaddress203.250.13.41255.255.255.0
interfaceEthernet0
ipaddress203.250.14.1255.255.255.0
interfaceSerial0
ipaddress128.213.63.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
routerbgp100
network203.250.13.0
network203.250.14.0
neighbor203.250.15.2updatesourceLoopback0
RTF#
hostnameRTF
ipsubnetzero
interfaceEthernet0
ipaddress203.250.14.2255.255.255.0
interfaceSerial1
ipaddress203.250.15.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
RTB#
49/62
11/2/2015
BGPCaseStudiesCisco
hostnameRTB
ipsubnetzero
interfaceSerial0
ipaddress203.250.15.2255.255.255.252
interfaceSerial1
ipaddress192.208.10.6255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
routerbgp100
network203.250.15.0
RTC#
hostnameRTC
ipsubnetzero
interfaceLoopback0
ipaddress128.213.63.130255.255.255.192
interfaceSerial2/0
ipaddress128.213.63.5255.255.255.252
!
interfaceSerial2/1
ipaddress128.213.63.2255.255.255.252
routerbgp200
network128.213.0.0
RTD#
hostnameRTD
ipsubnetzero
interfaceLoopback0
ipaddress192.208.10.174255.255.255.192
interfaceSerial0/0
ipaddress192.208.10.5255.255.255.252
!
interfaceSerial0/1
ipaddress192.208.10.2255.255.255.252
routerbgp300
network192.208.10.0
RTE#
hostnameRTE
ipsubnetzero
interfaceLoopback0
ipaddress200.200.10.1255.255.255.0
interfaceSerial0
50/62
11/2/2015
BGPCaseStudiesCisco
ipaddress195.211.10.2255.255.255.252
interfaceSerial1
ipaddress128.213.63.6255.255.255.252
clockrate1000000
routerbgp400
network200.200.10.0
RTG#
hostnameRTG
ipsubnetzero
interfaceLoopback0
ipaddress195.211.10.174255.255.255.192
interfaceSerial0
ipaddress192.208.10.1255.255.255.252
interfaceSerial1
ipaddress195.211.10.1255.255.255.252
routerbgp500
network195.211.10.0
AlwaysusethenetworkcommandorredistributestaticentriesintoBGPtoadvertisenetworks.Thismethodis
betterthanaredistributionofIGPintoBGP.Thisexampleusesthenetworkcommandtoinjectnetworksinto
BGP.
Here,youstartwiththes1interfaceonRTBshutdown,asifthelinkbetweenRTBandRTDdoesnotexist.This
istheRTBBGPtable:
RTB#showipbgpBGP
tableversionis4,localrouterIDis203.250.15.2Status
codes:ssuppressed,ddamped,hhistory,*valid,>best,iinternal
Origincodes:iIGP,eEGP,?incomplete
*i128.213.0.0128.213.63.201000200i
*i192.208.10.0128.213.63.21000200400500
300i
*i195.211.10.0128.213.63.21000200400500i
*i200.200.10.0128.213.63.21000200400i
*>i203.250.13.0203.250.13.4101000i
*>i203.250.14.0203.250.13.4101000i
*>203.250.15.00.0.0.0032768i
Inthistable,thesenotationsappear:
AniatthebeginningIndicatesthattheentrywaslearnedviaaniBGPpeer.
AniattheendIndicatesthattheoriginofthepathinformationisIGP.
PathinformationThisinformationisintuitive.Forexample,network128.213.0.0islearnedviapath200witha
nexthopof128.213.63.2.
Note:Anylocallygeneratedentry,suchas203.250.15.0,hasanexthop0.0.0.0.
An>symbolIndicatesthatBGPhaschosenthebestroute.BGPusesthedecisionstepsthatthedocument
BGPBestPathSelectionAlgorithmoutlines.BGPpicksonebestpathtoreachadestination,installsthepath
intheIProutingtable,andadvertisesthepathtootherBGPpeers.
Note:NoticetheNextHopattribute.RTBknowsabout128.213.0.0viaanexthopof128.213.63.2,whichisthe
51/62
11/2/2015
BGPCaseStudiesCisco
eBGPnexthopcarriedintoiBGP.
LookattheIProutingtable:
RTB#showiproute
Codes:Cconnected,Sstatic,IIGRP,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
E1OSPFexternaltype1,E2OSPFexternaltype2,EEGP
iISIS,L1ISISlevel1,L2ISISlevel2,*candidate
default
Gatewayoflastresortisnotset
203.250.13.0255.255.255.255issubnetted,1subnets
O203.250.13.41[110/75]via203.250.15.1,02:50:45,Serial0
C203.250.15.0isdirectlyconnected,Serial0
O203.250.14.0[110/74]via203.250.15.1,02:50:46,Serial0
Apparently,noneoftheBGPentrieshasreachedtheroutingtable.Twoproblemsexisthere.
Thefirstproblemisthatthenexthopfortheseentries,128.213.63.2,isunreachable.Thereisnowaytoreach
thatnexthopviathisIGP,whichisOSPF.RTBhasnotlearnedabout128.213.63.0viaOSPF.Youcanrun
OSPFontheRTAs0interfaceandmakeitpassiveinthisway,RTBknowshowtoreachthenexthop
128.213.63.2.ThisRTAconfigurationappearshere:
RTA#
hostnameRTA
ipsubnetzero
interfaceLoopback0
ipaddress203.250.13.41255.255.255.0
interfaceEthernet0
ipaddress203.250.14.1255.255.255.0
interfaceSerial0
ipaddress128.213.63.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
network128.213.0.00.0.255.255area0
routerbgp100
network203.250.0.0mask255.255.0.0
Note:YoucanissuethebgpnexthopselfcommandbetweenRTAandRTBinordertochangethenexthop.
ThenewBGPtableonRTBlookslikethis:
RTB#showipbgp
BGPtableversionis10,localrouterIDis203.250.15.2
Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,
iinternalOrigincodes:iIGP,eEGP,?incomplete
*>i128.213.0.0128.213.63.201000200i
*>i192.208.10.0128.213.63.21000200400500
300i
*>i195.211.10.0128.213.63.21000200400500i
*>i200.200.10.0128.213.63.21000200400i
52/62
11/2/2015
BGPCaseStudiesCisco
*>i203.250.13.0203.250.13.4101000i
*>i203.250.14.0203.250.13.4101000i
*>203.250.15.00.0.0.0032768i
Note:Alltheentrieshave>,whichmeansthatBGPcanreachthenexthop.
Lookattheroutingtable:
RTB#showiproute
iISIS,L1ISISlevel1,L2ISISlevel2,*
candidatedefault
O203.250.13.41[110/75]via203.250.15.1,00:04:46,Serial0
O203.250.14.0[110/74]via203.250.15.1,00:04:46,Serial0
O128.213.63.0[110/138]via203.250.15.1,00:04:47,Serial0
ThesecondproblemisthatyoustilldonotseetheBGPentriesintheroutingtable.Theonlydifferenceisthat
128.213.63.0isnowreachableviaOSPF.Thisproblemisasynchronizationissue.BGPdoesnotputthese
entriesintheroutingtableanddoesnotsendtheentriesinBGPupdatesbecauseofalackofsynchronization
withtheIGP.
Note:RTFhasnonotionofnetworks192.208.10.0and195.211.10.0becauseyouhavenotredistributedBGP
intoOSPFyet.
Inthisscenario,ifyouturnsynchronizationoff,theentriesappearintheroutingtable.Butconnectivityisstill
broken.
IfyouturnoffsynchronizationonRTB,thisiswhathappens:
RTB#showiproute
candidatedefault
B200.200.10.0[200/0]via128.213.63.2,00:01:07
B195.211.10.0[200/0]via128.213.63.2,00:01:07
B192.208.10.0[200/0]via128.213.63.2,00:01:07
203.250.13.0isvariablysubnetted,2subnets,2masks
O203.250.13.41255.255.255.255
[110/75]via203.250.15.1,00:12:37,Serial0
B203.250.13.0255.255.255.0[200/0]via203.250.13.41,00:01:08
O203.250.14.0[110/74]via203.250.15.1,00:12:37,Serial0
B128.213.0.0255.255.0.0[200/0]via128.213.63.2,00:01:08
O128.213.63.0255.255.255.252
[110/138]via203.250.15.1,00:12:37,Serial0
Theroutingtablelooksfine,butthereisnowaytoreachthosenetworks.RTFinthemiddledoesnotknowhowto
reachthenetworks:
RTF#showiproute
53/62
11/2/2015
BGPCaseStudiesCisco
candidatedefault
O203.250.13.41[110/11]via203.250.14.1,00:14:15,Ethernet0
C203.250.14.0isdirectlyconnected,Ethernet0
O128.213.63.0[110/74]via203.250.14.1,00:14:15,Ethernet0
Whenyouturnoffsynchronizationinthissituation,theproblemstillexists.Butyouneedsynchronizationlaterfor
otherissues.RedistributeBGPintoOSPFonRTA,withametricof2000:
RTA#
hostnameRTA
ipsubnetzero
interfaceLoopback0
ipaddress203.250.13.41255.255.255.0
interfaceEthernet0
ipaddress203.250.14.1255.255.255.0
interfaceSerial0
ipaddress128.213.63.1255.255.255.252
routerospf10
redistributebgp100metric2000subnets
network203.250.0.00.0.255.255area0
network128.213.0.00.0.255.255area0
routerbgp100
network203.250.0.0mask255.255.0.0
Theroutingtablelookslikethis:
RTB#showiproute
candidatedefault
OE2200.200.10.0[110/2000]via203.250.15.1,00:00:14,Serial0
OE2195.211.10.0[110/2000]via203.250.15.1,00:00:14,Serial0
OE2192.208.10.0[110/2000]via203.250.15.1,00:00:14,Serial0
O203.250.13.41255.255.255.255
[110/75]via203.250.15.1,00:00:15,Serial0
OE2203.250.13.0255.255.255.0
[110/2000]via203.250.15.1,00:00:15,Serial0
54/62
11/2/2015
BGPCaseStudiesCisco
C203.250.15.8isdirectlyconnected,Loopback1
O203.250.14.0[110/74]via203.250.15.1,00:00:15,Serial0
OE2128.213.0.0255.255.0.0[110/2000]via203.250.15.1,
00:00:15,Serial0
O128.213.63.0255.255.255.252
[110/138]via203.250.15.1,00:00:16,Serial0
TheBGPentrieshavedisappearedbecauseOSPFhasabetterdistancethaniBGP.TheOSPFdistanceis110,
whiletheiBGPdistanceis200.
TurnoffsynchronizationonRTAsothatRTAcanadvertise203.250.15.0.ThisactionisnecessarybecauseRTA
doesnotsynchronizewithOSPFbecauseofthedifferenceinmasks.KeepsynchronizationoffonRTBsothat
RTBcanadvertise203.250.13.0.ThisactionisnecessaryonRTBforthesamereason.
Now,bringuptheRTBs1interfacetoseewhattherouteslooklike.Also,enableOSPFonserial1ofRTBto
makeitpassive.ThisstepallowsRTAtoknowaboutthenexthop192.208.10.5viaIGP.Ifyoudonottakethis
step,routingloopsoccurbecause,inordertoreachnexthop192.208.10.5,youneedtogotheotherwayvia
eBGP.ThesearethenewconfigurationsofRTAandRTB:
RTA#
hostnameRTA
ipsubnetzero
interfaceLoopback0
ipaddress203.250.13.41255.255.255.0
interfaceEthernet0
ipaddress203.250.14.1255.255.255.0
interfaceSerial0
ipaddress128.213.63.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
network128.213.0.00.0.255.255area0
routerbgp100
nosynchronization
network203.250.13.0
network203.250.14.0
RTB#
hostnameRTB
ipsubnetzero
interfaceSerial0
ipaddress203.250.15.2255.255.255.252
interfaceSerial1
ipaddress192.208.10.6255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
network192.208.0.00.0.255.255area0
55/62
11/2/2015
BGPCaseStudiesCisco
routerbgp100
nosynchronization
network203.250.15.0
TheBGPtableslooklikethis:
RTA#showipbgp
*>128.213.0.0128.213.63.200200i
*>i192.208.10.0192.208.10.501000300i
*>i195.211.10.0192.208.10.51000300500i
*128.213.63.20200400500i
*>200.200.10.0128.213.63.20200400i
*>203.250.13.00.0.0.0032768i
*>203.250.14.00.0.0.0032768i
*>i203.250.15.0203.250.15.201000i
RTB#showipbgp
*>i128.213.0.0128.213.63.201000200i
*192.208.10.50300500400
200i
*>192.208.10.0192.208.10.500300i
*>195.211.10.0192.208.10.50300500i
*>i200.200.10.0128.213.63.21000200400i
*192.208.10.50300500400i
*>i203.250.13.0203.250.13.4101000i
*>i203.250.14.0203.250.13.4101000i
*>203.250.15.00.0.0.0032768i
TherearemultiplewaystodesignyournetworktotalktothetwodifferentISPs,AS200andAS300.Onewayis
tohaveaprimaryISPandabackupISP.YoucanlearnpartialroutesfromoneoftheISPsanddefaultroutesto
bothISPs.Inthisexample,youreceivepartialroutesfromAS200andonlylocalroutesfromAS300.BothRTA
andRTBgeneratedefaultroutesintoOSPF,withRTBasthepreferencebecauseofthelowermetric.Inthisway,
youcanbalanceoutgoingtrafficbetweenthetwoISPs.
PotentialasymmetrycanoccuriftrafficthatleavesRTAcomesbackviaRTB.Thissituationcanoccurifyou
usethesamepoolofIPaddresses,thesamemajornet,whenyoutalktothetwoISPs.Becauseofaggregation,
yourwholeAScanlooklikeonewholeentitytotheoutsideworld.EntrypointstoyournetworkcanoccurviaRTA
orRTB.YoucandiscoverthatallincomingtraffictoyourASarrivesviaonesinglepoint,eventhoughyouhave
multiplepointstotheInternet.Intheexample,youhavetwodifferentmajornetswhenyoutalktothetwoISPs.
AnotherpotentialreasonforasymmetryisthedifferentadvertisedpathlengthtoreachyourAS.Perhapsone
serviceproviderisclosertoacertaindestinationthananother.Intheexample,trafficfromAS400thathasyour
networkasthedestinationalwayscomesinviaRTAbecauseoftheshorterpath.Youcantrytoeffectthat
decision.Youcanusethesetaspathprependcommandinordertoprependpathnumberstoyourupdatesand
makethepathlengthlooklonger.But,withattributessuchaslocalpreference,metric,orweight,AS400canhave
settheexitpointtobeAS200.Inthiscase,thereisnothingthatyoucando.
Thisconfigurationisthefinalconfigurationforalltherouters:
RTA#
hostnameRTA
56/62
11/2/2015
BGPCaseStudiesCisco
ipsubnetzero
interfaceLoopback0
ipaddress203.250.13.41255.255.255.0
interfaceEthernet0
ipaddress203.250.14.1255.255.255.0
interfaceSerial0
ipaddress128.213.63.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
network128.213.0.00.0.255.255area0
defaultinformationoriginatemetric2000
routerbgp100
nosynchronization
network203.250.13.0
network203.250.14.0
neighbor128.213.63.2routemapsetlocalprefin
ipclassless
ipdefaultnetwork200.200.0.0
routemapsetlocalprefpermit10
OnRTA,thelocalpreferenceforroutesthatcomefromAS200issetto200.Also,network200.200.0.0isthe
choiceforthecandidatedefault.Theipdefaultnetworkcommandenablesyoutochoosethedefault.
Alsointhisexample,useofthedefaultinformationoriginatecommandwithOSPFinjectsthedefaultroute
insidetheOSPFdomain.ThisexamplealsousesthiscommandwithIntermediateSystemtoIntermediate
SystemProtocol(ISISProtocol)andBGP.ForRIP,thereisanautomaticredistributionintoRIPof0.0.0.0,
withoutadditionalconfiguration.ForIGRPandEIGRP,injectionofthedefaultinformationintotheIGPdomain
occursafterredistributionofBGPintoIGRPandEIGRP.Also,withIGRPandEIGRP,youcanredistributea
staticrouteto0.0.0.0intotheIGPdomain.
RTF#
hostnameRTF
ipsubnetzero
interfaceEthernet0
ipaddress203.250.14.2255.255.255.0
interfaceSerial1
ipaddress203.250.15.1255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
ipclassless
RTB#
hostnameRTB
ipsubnetzero
57/62
11/2/2015
BGPCaseStudiesCisco
interfaceLoopback1
ipaddress203.250.15.10255.255.255.252
interfaceSerial0
ipaddress203.250.15.2255.255.255.252
!
interfaceSerial1
ipaddress192.208.10.6255.255.255.252
routerospf10
network203.250.0.00.0.255.255area0
network192.208.10.60.0.0.0area0
defaultinformationoriginatemetric1000
!
routerbgp100
nosynchronization
network203.250.15.0
neighbor192.208.10.5routemaplocalonlyin
!
ipclassless
ipdefaultnetwork192.208.10.0
routemaplocalonlypermit10
matchaspath1
ForRTB,thelocalpreferenceforupdatesthatcomefromAS300issetto300.Thisvalueishigherthanthelocal
preferencevalueofiBGPupdatesthatcomefromRTA.Inthisway,AS100picksRTBforthelocalroutesof
AS300.AnyotherroutesonRTB,ifotherroutesexist,transmitinternallywithalocalpreferenceof100.This
valueislowerthanthelocalpreferenceof200,whichcomesfromRTA.SoRTAisthepreference.
Note:YouonlyadvertisedtheAS300localroutes.Anypathinformationthatdoesnotmatch^300$drops.Ifyou
wanttoadvertisethelocalroutesandtheneighborroutes,whicharethecustomersoftheISP,use^300_[09]*.
HereistheoutputoftheregularexpressionthatindicatestheAS300localroutes:
RTB#showipbgpregexp^300$
Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i
internal
*>192.208.10.0192.208.10.503000300
RTC#
hostnameRTC
ipsubnetzero
interfaceLoopback0
ipaddress128.213.63.130255.255.255.192
interfaceSerial2/0
ipaddress128.213.63.5255.255.255.252
!
interfaceSerial2/1
ipaddress128.213.63.2255.255.255.252
routerbgp200
58/62
11/2/2015
BGPCaseStudiesCisco
network128.213.0.0
ipclassless
accesslist1deny195.211.0.00.0.255.255
accesslist1permitany
OnRTC,youaggregate128.213.0.0/16andindicatethespecificroutesforinjectionintoAS100.IftheISP
refusestodothistask,youmustfilterontheincomingendofAS100.
RTD#
hostnameRTD
ipsubnetzero
interfaceLoopback0
ipaddress192.208.10.174255.255.255.192
!
interfaceSerial0/0
ipaddress192.208.10.5255.255.255.252
!
interfaceSerial0/1
ipaddress192.208.10.2255.255.255.252
routerbgp300
network192.208.10.0
RTG#
hostnameRTG
ipsubnetzero
interfaceLoopback0
ipaddress195.211.10.174255.255.255.192
interfaceSerial0
ipaddress192.208.10.1255.255.255.252
interfaceSerial1
ipaddress195.211.10.1255.255.255.252
routerbgp500
network195.211.10.0
aggregateaddress195.211.0.0255.255.0.0summaryonly
!
ipclassless
accesslist2permitany
routemapsetcommunitypermit20
matchipaddress2
!
routemapsetcommunitypermit10
matchipaddress1
setcommunitynoexport
AdemonstrationoftheuseofcommunityfilteringisonRTG.Youaddanoexportcommunityto195.211.0.0
updatestowardRTD.Inthisway,RTDdoesnotexportthatroutetoRTB.However,inthiscase,RTBdoesnot
59/62
11/2/2015
BGPCaseStudiesCisco
accepttheseroutesanyway.
RTE#
hostnameRTE
ipsubnetzero
interfaceLoopback0
ipaddress200.200.10.1255.255.255.0
interfaceSerial0
ipaddress195.211.10.2255.255.255.252
interfaceSerial1
ipaddress128.213.63.6255.255.255.252
routerbgp400
network200.200.10.0
aggregateaddress200.200.0.0255.255.0.0summaryonly
ipclassless
RTEaggregates200.200.0.0/16.HerearethefinalBGPandroutingtablesforRTA,RTF,andRTB:
RTA#showipbgp
internal
*>128.213.0.0128.213.63.202000200i
*>i192.208.10.0192.208.10.503000300i
*>200.200.0.0/16128.213.63.22000200400i
*>203.250.13.00.0.0.0032768i
*>203.250.14.00.0.0.0032768i
*>i203.250.15.0203.250.15.201000i
RTA#showiproute
candidatedefault
Gatewayoflastresortis128.213.63.2tonetwork200.200.0.0
OE2192.208.10.0255.255.255.0
[110/1000]via203.250.14.2,00:41:25,Ethernet0
O192.208.10.4255.255.255.252
[110/138]via203.250.14.2,00:41:25,Ethernet0
O203.250.15.10255.255.255.255
[110/75]via203.250.14.2,00:41:25,Ethernet0
O203.250.15.0255.255.255.252
[110/74]via203.250.14.2,00:41:25,Ethernet0
B203.250.15.0255.255.255.0[200/0]via203.250.15.2,00:41:25
B128.213.0.0255.255.0.0[20/0]via128.213.63.2,00:41:26
C128.213.63.0255.255.255.252isdirectlyconnected,Serial0
60/62
11/2/2015
BGPCaseStudiesCisco
O*E20.0.0.0/0[110/1000]via203.250.14.2,Ethernet0/0
B*200.200.0.0255.255.0.0[20/0]via128.213.63.2,00:02:38
RTF#showiproute
candidatedefault
OE2192.208.10.0255.255.255.0
[110/1000]via203.250.15.2,00:48:50,Serial1
O192.208.10.4255.255.255.252
[110/128]via203.250.15.2,01:12:09,Serial1
O203.250.13.41255.255.255.255
[110/11]via203.250.14.1,01:12:09,Ethernet0
OE2203.250.13.0255.255.255.0
[110/2000]via203.250.14.1,01:12:09,Ethernet0
O203.250.15.10255.255.255.255
[110/65]via203.250.15.2,01:12:09,Serial1
OE2128.213.0.0255.255.0.0
[110/2000]via203.250.14.1,00:45:01,Ethernet0
O128.213.63.0255.255.255.252
[110/74]via203.250.14.1,01:12:11,Ethernet0
OE2200.200.0.0255.255.0.0[110/2000]via203.250.14.1,00:03:47,
Ethernet0
O*E20.0.0.00.0.0.0[110/1000]via203.250.15.2,00:03:33,Serial1
Note:TheRTFroutingtableindicatesthatthewaytoreachnetworkslocaltoAS300,suchas192.208.10.0,is
throughRTB.Thewaytoreachotherknownnetworks,suchas200.200.0.0,isthroughRTA.Thegatewayoflast
resortissettoRTB.IfsomethinghappenstotheconnectionbetweenRTBandRTD,thedefaultthatRTA
advertiseskicksinwithametricof2000.
RTB#showipbgp
internal
*>i128.213.0.0128.213.63.202000200i
*>192.208.10.0192.208.10.503000300i
*>i200.200.0.0/16128.213.63.22000200400i
*>i203.250.13.0203.250.13.4101000i
*>i203.250.14.0203.250.13.4101000i
*>203.250.15.00.0.0.0032768i
RTB#showiproute
candidatedefault
61/62
11/2/2015
BGPCaseStudiesCisco
*192.208.10.0isvariablysubnetted,2subnets,2masks
B*192.208.10.0255.255.255.0[20/0]via192.208.10.5,00:50:46
O203.250.13.41255.255.255.255
[110/75]via203.250.15.1,01:20:33,Serial0
OE2203.250.13.0255.255.255.0
[110/2000]via203.250.15.1,01:15:40,Serial0
O203.250.14.0[110/74]via203.250.15.1,01:20:33,Serial0
OE2128.213.0.0255.255.0.0[110/2000]via203.250.15.1,00:46:55,Serial0
O128.213.63.0255.255.255.252
[110/138]via203.250.15.1,01:20:34,Serial0
O*E20.0.0.0/0[110/2000]via203.250.15.1,00:08:33,Serial0
OE2200.200.0.0255.255.0.0[110/2000]via203.250.15.1,00:05:42,Serial0
RelatedInformation
BGP:FrequentlyAskedQuestions
SampleConfigurationsofBGPAcrossaPIXFirewall
HowtoUseHSRPtoProvideRedundancyinaMultihomedBGPNetwork
ConfiguringSingleRouterModeRedundancyandBGPonaCat6000MSFC
AchieveOptimalRoutingandReduceBGPMemoryConsumption
TroubleshootingBGP
TroubleshootingHighCPUCausedbytheBGPScannerorBGPRouterProcess
LoadSharingwithBGPinSingleandMultihomedEnvironments:SampleConfigurations
BGPSupportPage
TechnicalSupport&DocumentationCiscoSystems
2015Ciscoand/oritsaffiliates.Allrightsreserved.
62/62

BGP Case Studies - Cisco

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

BGP Case Studies - Cisco

Caricato da

Copyright:

Formati disponibili

11/2/2015

Potrebbero piacerti anche