7-6 Border Gateway Protocol (BGP) | Cisco Field Manual[c] Router Configuration

BGP is a path vector routing protocol. Routing updates carry a full list of transit networks (autonomous system paths) required to reach a remote network.
Routing loops are detected and prevented by looking for the local autonomous system (AS) number within the AS path.
BGP peers are defined in relation to their local AS number. Peers within the same AS form an Interior BGP (IBGP) relationship, whereas peers in different ASs use Exterior BGP (EBGP).
IBGP peers exchange reachability information with each other and also redistribute BGP information to Interior Gateway Protocols (IGPs) running within the common AS. (IGPs can be other routing protocols such as RIP, IGRP, EIGRP, OSPF, and IS-IS.)
IBGP peers must synchronize BGP information with IGP information to ensure that IGP routes have propagated across the local AS.
The Multi-Exit Discriminator (MED) is a unitless metric that can be modified with a route map.
The local preference is assigned to control the path-selection process. Local preferences are advertised with network prefixes throughout the AS. Therefore, they are significant only within the AS.
The weight attribute is also assigned to control the path-selection process. Weights are significant only to the local router.
BGP selects the best path to a destination in the following order:
1. If the next hop is inaccessible, don't consider it.
2. Prefer the highest weight value.
3. Prefer the highest local preference.
4. Prefer the route that the local router originated.
5. Prefer the shortest AS path if no route was originated.
6. Prefer the lowest origin (igp < egp < incomplete).
7. Prefer the lowest MED (a missing MED is a 0).
8. Prefer an external path over an internal path.
9. If synchronization is disabled and only internal paths remain , prefer the path with the closest IGP neighbor.
10. Prefer the older, more stable path.
11. Prefer the lowest BGP router ID IP address.
NOTE

BGP uses both UDP port 179 and TCP port 179 to form reliable transport connections between peer or neighbor routers.

Configuration

Enable the BGP routing process, and associate the local router with an autonomous system:
```
 (global)  router bgp   as-number  
```
Define all BGP neighbors:
```
 (router)  neighbor  {  ip-address   peer-group  }  remote-as   as-number  
```
Neighbors can be specified by IP address or peer group name . A peer group is a grouping of many neighbors that share a common set of attributes or update policies. Each BGP neighbor is defined with this command. For IBGP neighbors, the AS number is the same as that used in the router bgp command. The IBGP neighbors must be reachable by IGP routing, and they need not be on the same subnet. For EBGP neighbors, the AS number will be different. An optional text description can be added to the neighbor:
```
 (router)  neighbor  {  ip-address   peer-group  }  description   text-string  
```
NOTE

IBGP neighbors do not redistribute or forward received routes to all other IBGP neighbors within an AS. Rather, they forward that information to their EBGP neighbors. It is important to configure IBGP relationships with all other neighbors within an AS as a full mesh of connections. If this is too complex, use either BGP confederations or route reflectors.

EBGP neighbors must be directly connected to each other and must share a subnet. In some cases, this is not possible. An IGP or static route should then be configured so that the two neighbors can reach each other. Then, EBGP multihop can be configured:
```
 (router)  neighbor   ip-address   ebgp-multihop   ttl  
```
The ttl value specifies a time-to-live in the form of a hop count (1 to 255; the default is 255 hops).
(Optional) Configure an interface to use for BGP TCP connections:
```
 (router)  neighbor  {  ip-address   peer-group  }  update-source   interface  
```
Ordinarily, BGP uses a source address from the "best local interface" when communicating with an IBGP neighbor peer. This address might not always be optimal, especially when a loopback interface is desired. To override the default source address, you can specify an interface. Typically, a loopback interface is used for IBGP peers, because it is always up and available. If used, the loopback interface should be reachable from the remote IBGP neighbors.
Define the networks to advertise by BGP as originating from the local AS.
- Specify a list of up to 200 networks:
```
 (router)  network   network-number  [  mask   mask  ] 
```
  Specified networks must be present in the routing table, as directly connected, static routes, or learned from dynamic routing processes. The optional mask allows networks to be supernetted.
  
  -OR-
- Redistribute routes from an IGP:
```
 (router)  redistribute   protocol  [  process-id  ] ... [  route-map   map  ] 
```
  Normally, local networks (within the local AS) should be specified with the network command. However, IGP routes can be redistributed into BGP if necessary. A route map should be used to filter the IGP routes that are redistributed.
(Optional) Propagate aggregate or supernet addresses to reduce the routing table size :
```
 (router)  aggregate-address   address mask  [  as-set  ] [  summary-only  ]   [  suppress-map   map  ] [  advertise-map   map  ] [  attribute-map   map  ] 
```
The aggregate address specified is generated if there is at least one more-specific entry in the BGP table. Both the aggregate address and more-specific addresses are advertised unless you use the summary-only keyword. If an aggregate is composed of more-specific routes from several ASs, using as-set causes the set of originating AS numbers to be advertised too.

Route maps can be used to suppress more-specific routes ( suppress-map ) or to generate a certain aggregate address to advertise ( advertise-map ). If needed, you can modify BGP attributes of the aggregate ( attribute-map ). For each, you can use a route map with match ip address or match as-path to select routes. You modify attributes using set commands in the route map.
(Optional) Disable synchronization between BGP and an IGP:
```
 (router)  no synchronization  
```
By default, BGP waits until a local IGP propagates routing information across the AS. BGP synchronization is enabled, and routes to be advertised by BGP are tested for inclusion in the IGP tables. If synchronization is not needed, you can disable it.
(Optional) Configure attributes and metrics for best path selection.
1. Network weight is locally significant; it is not advertised or propagated.
  - Set the weight attribute according to the BGP neighbor:
```
 (router)  neighbor  {  ip-address   peer-group  }  weight   weight  
```
    The weight ranges from 0 to 65535. If the router originates a path, the weight defaults to 32768, and nonoriginated paths default to a weight of 0. A path with a higher weight value is preferred.
  -OR-
  - Set the weight attribute using a route map:
```
 (route-map)  set weight   weight  
```
    (See Step 12 for more information on route map usage.)
2. Local preference is propagated within the local AS.
  - Set the default local preference value for updates within the AS:
```
 (router)  bgp default local-preference   value  
```
    Local preference ranges from 0 to 4294967295 and defaults to 100. A path with a higher local preference is preferred.
  -OR-
  - Set the local preference using a route map:
```
 (route-map)  set local-preference   value  
```
    (See Step 12 for more information on route map usage.)
3. The metric or MED is exchanged between ASs. The value is received but is reset to 0 when it is passed along to another AS.
  - Set the default MED of routes redistributed into BGP:
```
 (router)  default-metric   med  
```
    The MED value ranges from 1 to 4294967295. A path with a lower MED value is preferred.
  -OR-
  - Set the MED using a route map:
```
 (route-map)  set metric   metric  
```
    (See Step 12 for more information on route map usage.)
  NOTE
  
  Normally, a router only compares metrics from neighbors in a common AS. To compare metrics for paths advertised by all neighbors, regardless of AS, use this command:
```
 (router)  bgp always-compare-med  
```
(Optional) Configure the community attribute of advertised routes.
1. Use a route map to set the community value:
```
 (route-map)  set community   community  [  additive  ] 
```
  (See Step 12 for more information about route map usage.) A route map is used to match routes and set the community attribute so that routes are grouped into common communities. A community value is a number from 0 to 4294967200, arbitrarily chosen , and the community attribute is a collection of these values. A route can be a member of more than one community. The additive keyword adds the new value to the list of existing values. Predefined values are internet (advertise the route to the Internet community, or all peers), no-export (don't advertise the route to EBGP peers), and no-advertise (don't advertise the route to any peer).
2. Send the community attribute to BGP neighbors:
```
 (router)  neighbor  {  ip-address   peer-group  }  send-community  
```
  By default, the community attribute is not passed to neighbors in BGP updates. This command allows the attribute to be sent to BGP peers.
(Optional) Use community filtering to match incoming path advertisements.
1. Configure a community list to perform the matching:
```
 (global)  ip community-list   community-list-number  {  permit   deny  }  community-value  
```
  One or more community list statements with a common list number (1 to 99) are used in sequential order to match a community value. The value can be a single value or a string of values separated by spaces. Values range from 0 to 4294967200 and can include the predefined internet, no-export, and no-advertise values. An implicit deny all statement exists at the end of the community list.
2. Configure a route map to apply the community list:
```
 (route-map)  match community-list   community-list-number  [  exact  ] 
```
  The route map uses the community-list-number argument, a value from 1 to 99, to match community values. The exact keyword is used to exactly match the list of community values.
(Optional) Use route filtering of network numbers to restrict routing information that is learned or advertised.
1. Use a prefix list to perform filtering:
```
 (router)  neighbor  {  ip-address   peer-group  }  prefix-list   prefix-list-name  {  in   out  } 
```
  The prefix list named prefix-list-name is used to permit or deny networks based on a number of leading bits (prefixes) in the network numbers. Refer to Section 14-1 for more information on prefix lists.
2. Create a numbered standard access list to perform the filtering:
```
 (global)  access-list   list-number  {  deny   permit  }  network wildcard  
```
  The access list, numbered 1 to 99, either denies or permits the network number specified (with the wildcard applied). 0 matches exactly, and 1 matches anything).
  NOTE
  
  In the case of filtering a supernet network number, an extended access list must be used to match both network number and subnet mask:
```
 (global)  access-list   list-number  {  deny   permit  }  ip   network net-wildcard   subnet-mask mask-wildcard  
```
3. Create a named standard access list to perform filtering:
```
 (global)  ip access-list standard   name  (access-list) {  permit   deny  }  network  [  wildcard  ] 
```
4. Use a distribute list to apply the standard or extended IP access list for filtering:
```
 (router)  neighbor  {  ip-address   peer-group  }  distribute-list   access-list  {  in   out  } 
```
  The access list (either numbered or named) is used to filter the network numbers in routing updates to or from a specific neighbor. The in and out keywords specify the filter direction.
(Optional) Use path filtering of AS paths to control inbound and outbound BGP updates.
1. Create an AS path access list to perform AS path filtering:
```
 (global)  ip as-path access-list   as-path-list-number  {  permit   deny  }  as-regular-expression  
```
  The as-path-list-number argument (with values ranging from 1 to 199) either permits or denies BGP updates based on matching the as-regular-expression against the AS path contents. Refer to Section 14-5, "Regular Expressions," for complete instructions on creating an AS regular expression. For the purposes of BGP AS path matching, refer to Table 7-1, which lists common regular expressions.
  
  NOTE
  
  Recall that as each BGP peer sends an update, it prepends its own AS number onto the AS path. This means that the AS path builds from right to left, such that the originating AS is on the rightmost end of the AS path string. The last peer to send an update has its AS on the leftmost end of the path. To test the results of a regular expression prior to using it in an AS path access list, use the show ip bgp regexp regular-expression command.
2. Use a filter list to apply the AS path access list for filtering:
```
 (router)  neighbor  {  ip-address   peer-group  }  filter-list   as-path-list-num  {  in   out  } 
```
  The AS path access list filters the AS paths in routing updates to or from a specific neighbor. You can use the in and out keywords to specify the filter direction. Only one in and one out AS path filter can be configured.

Table 7-1. Common Regular Expressions

Regular Expression	Example	Result
.*	.*	Matches any path information.
^n$	^400$	Matches paths that start with AS n and end with AS n. (AS n is the only one in the path.)
^$	^$	Matches paths that originate from the local AS.
^n_ ^n_.*	^400_ ^400_.*	Matches paths that start with AS n. An update came from AS n. An alternative expression has the same results.
_n$ .*_n$	_400$ .*_400$	Matches paths that end with AS n. An update originated in AS n. An alternative expression has the same results.
_n_	_400_	Matches paths that pass through AS n.
_n m_	_400 300_	Matches paths that pass through exactly AS n and then AS m.

(Optional) Use route maps to control or modify inbound and outbound BGP updates.
1. Create a route map to match and modify BGP attributes:
```
 (global)  route-map   map-name  [  permit   deny  ] [  sequence-num  ] 
```
  The route map can be made up of one or more statements evaluated in sequential order, according to the optional sequence number. The permit keyword (the default) causes the route-map statement to be evaluated and an action taken.
  
  You can use one or more optional match statements, along with optional set commands. If you configure more than one match statement, all of the conditions must be met before the set action is taken. If all route map statements are evaluated and no match is found, the update is not sent or received.
  1. Configure a match condition.
    - Match an AS path in the update:
```
 (route-map)  match as-path   as-path-list  
```
      An as-path-list (numbered from 1 to 199) is used to match an AS regular expression, as in Step 11a.
    - Match a network number in the update:
```
 (route-map)  match ip address   access-list  [...  access-list  ] 
```
      Network numbers in the update are matched against the numbered or named IP access list (either standard or extended). Refer to Step 10a or 10b.
    - Match a community in the update:
```
 (route-map)  match community-list   community-list  [  exact  ] 
```
      A community list (1 to 99) is used to match community values. The exact keyword is used to match the list of community values exactly. Refer to Step 9a.
  2. Configure a set command to modify an attribute.
    - Modify the AS path:
```
 (route-map)  set as-path prepend   as-path-string  
```
      The as-path-string is prepended to the AS path attribute. By prepending the local AS multiple times, you can modify the path length to influence the path-selection process on a distant peer.
    - Modify the BGP origin:
```
 (route-map)  set origin  {  igp   egp   as   incomplete  } 
```
      Set the origin to igp (the origin is inside the local AS; it is normally seen if the BGP network command is used or if IGP routes are redistributed into BGP), egp (learned from Exterior Gateway Protocol from AS number as ), or incomplete (the origin is unknown, or a static route is redistributed into BGP).
    - Modify the community attribute:
```
 (route-map)  set community  {  community  [  additive  ]  none  } 
```
      The community attribute is set to one of these community values: a 32-bit number (1 to 4294967200), an AS number and a 2-byte community number in the form as: nn, local-AS (don't advertise the route outside the local AS), no-export (don't advertise to the next AS), or no-advertise (don't advertise to any peer). If the additive keyword is used, the community value specified is added to the existing community attribute. The none keyword removes all community values.
    - Modify the BGP dampening :
```
 (route-map)  set dampening   halflife reuse suppress max-suppress-time  
```
      The BGP route dampening factors are set. (See Step 15 for further details.) The halflife ranges from 1 to 45 minutes (the default is 15 minutes), the reuse penalty threshold ranges from 1 to 20000 (the default is 750), the suppress penalty threshold ranges from 1 to 20000 (the default is 2000), and the max-suppress-time ranges from 1 to 20000 minutes (the default is 60 minutes). Dampening can be set only with route maps that are referenced by the bgp dampening command.
    - Modify the local preference value:
```
 (route-map)  set local-preference   value  
```
      Local preference ranges from 0 to 4294967295 (the default is 100). Higher local preference values are preferred.
    - Modify the weight value (for the incoming route map only):
```
 (route-map)  set weight   weight  
```
      The BGP weight value ranges from 0 to 65535 (the default is not changed). Weights set with a route map override weights set with BGP neighbor commands. Routes with a higher weight are preferred.
    - Modify the MED:
```
 (route-map)  set metric  [  +   -  ]  metric  
```
      metric ranges from 0 to 4294967295. If the plus or minus signs are used with a value, the metric is adjusted by that value. Lower metric values are preferred.
2. Apply the route map to inbound or outbound updates on a per-neighbor basis:
```
 (router)  neighbor  {  ip-address   peer-group  }  route-map   map-name  {  in   out  } 
```
The route map named map-name is used to modify updates to or from this BGP neighbor.
(Optional) Reduce internal peering by using BGP confederations.
1. Create a confederation identifier:
```
 (router)  bgp confederation identifier   autonomous-system  
```
  The confederation has an identifier, autonomous-system, so that it will appear to the outside world to be a single AS.
2. Specify the ASs that belong to the confederation:
```
 (router)  bgp confederation peers   autonomous-system  [  autonomous system  ] 
```
  EBGP neighbors within the confederation will exchange updates as if they are IBGP peers.
  
  NOTE
  
  Each AS within the confederation must have a full mesh of IBGP peers defined, through the use of BGP neighbor commands. Although a confederation reduces the total IBGP mesh inside the overall confederation AS, the full-mesh requirement must be kept within the smaller internal ASs.
(Optional) Reduce peering by using route reflectors.
1. Configure a route reflector and its clients :
```
 (router)  neighbor   ip-address   route-reflector-client  
```
  The local router is configured as a BGP route reflector and relays BGP updates to all IBGP clients. The peer ip-address is configured as a client. The route reflector and its clients form a cluster. Clients do not need to be fully meshed. Route reflectors must be fully meshed with each other between clusters.
2. For redundant route reflectors within a cluster, assign a specific cluster ID:
```
 (router)  bgp cluster-id  {  cluster-id   ip-address  } 
```
  This command is used on each route reflector to assign a common 4-byte cluster ID number (1 to 4294967295, or 4 bytes in IP address format). The cluster ID is passed along with updates to other route reflectors. It is used to detect loops.
(Optional) Minimize route flapping with route dampening.
1. Enable BGP route dampening:
```
 (global)  bgp dampening  
```
  The effects of route flapping are minimized as follows :
  - If a route to an AS flaps, the dampening router assigns a cumulative penalty value. The route is flagged with a problem, in "history" state, but it is still advertised.
  - Further flapping incurs further penalties. If the cumulative penalty is greater than the suppress limit, the route moves into "damp" state and is not advertised.
  - The penalty is lowered by half after a half-life period passes without flapping. Penalty reduction is examined every 5 seconds.
  - As soon as the penalty falls below the reuse limit, the route is unsuppressed and advertised again. Suppressed routes are examined every 10 seconds for this condition.
  - Routes are suppressed for only the max-suppress limit of time.
2. Tune route-dampening factors:
```
 (global)  bgp dampening   half-life reuse suppress max-suppress  [  route-map   map  ] 
```
  The half-life ranges from 1 to 45 minutes (the default is 15 minutes), the reuse penalty threshold ranges from 1 to 20000 (the default is 750), the suppress penalty threshold ranges from 1 to 20000 (the default is 2000), and the max-suppress-time ranges from 1 to 20000 minutes (the default is 60 minutes).

Example

Figure 7-6 shows a network diagram. A router is configured for BGP in autonomous system 10000. Two IBGP peers (within AS 10000) have IP addresses 190.67.17.254 and 190.67.41.3. The local router is a BGP route reflector, and each of the IBGP peers is a BGP route reflector client. Another router, an EBGP peer (not in AS 10000), has IP address 217.6.15.1.

Figure 7-6. Network Diagram for the BGP Example

graphics/07fig06.gif

The EBGP peer receives BGP community information. Route map ispcommunity causes route advertisement to be suppressed for routes to 190.67.18.0. However, for routes to 190.67.0.0, an additional community value of 10000:1 (AS 10000 and community 1) is added to the community string.

For incoming BGP updates from the EBGP peer, route map ispfilter references AS path access list 1. Updates containing a path consisting of AS 1001 only or a path passing through AS 1002 have their local-preference values set to 40.

BGP routes (including subnets) from AS 10000 are redistributed into OSPF with a metric of 500.

  interface serial 0   ip address 217.6.15.2 255.255.255.252   interface serial 1   ip address 190.67.31.26 255.255.255.252   router bgp 10000   network 217.6.15.0   neighbor 217.6.15.1 description ISP peer   neighbor 217.6.15.1 remote-as 210   neighbor 217.6.15.1 route-map ispfilter in   neighbor 217.6.15.1 send-community   neighbor 217.6.15.1 route-map ispcommunity out   neighbor 190.67.17.254 remote-as 10000   neighbor 190.67.17.254 route-reflector-client   neighbor 190.67.41.3 remote-as 10000   neighbor 190.67.41.3 route-reflector-client   router ospf 101   redistribute bgp 10000 metric 500 subnets   passive-interface serial 0   network 217.6.15.0 0.0.0.255 area 0   network 190.67.31.0 0.0.0.255 area 0   route-map ispfilter permit 10   match as-path 1   set local-preference 40   route-map ispfilter permit 20   ip as-path access-list 1 permit ^1001$   ip as-path access-list 1 permit _1002_   route-map ispcommunity permit 10   match ip address 2   set community no-advertise   route-map ispcommunity permit 20   match ip address 1   set community 10000:1 additive   route-map ispcommunity permit 30   access-list 1 permit 190.67.0.0 0.0.255.255   access-list 2 permit 190.67.18.0 0.0.0.255