BGP is a path vector routing protocol. Routing updates carry a full list of transit networks (autonomous system paths) required to reach a remote network.
Routing loops are detected and prevented by looking for the local autonomous system (AS) number within the AS path.
BGP peers are defined in relation to their local AS number. Peers within the same AS form an Interior BGP (IBGP) relationship, whereas peers in different ASs use Exterior BGP (EBGP).
IBGP peers exchange reachability information with each other and also redistribute BGP information to Interior Gateway Protocols (IGPs) running within the common AS. (IGPs can be other routing protocols such as RIP, IGRP, EIGRP, OSPF, and IS-IS.)
IBGP peers must synchronize BGP information with IGP information to ensure that IGP routes have propagated across the local AS.
The Multi-Exit Discriminator (MED) is a unitless metric that can be modified with a route map.
The local preference is assigned to control the path-selection process. Local preferences are advertised with network prefixes throughout the AS. Therefore, they are significant only within the AS.
The weight attribute is also assigned to control the path-selection process. Weights are significant only to the local router.
BGP selects the best path to a destination in the following order:
If the next hop is inaccessible, don't consider it.
Prefer the highest weight value.
Prefer the highest local preference.
Prefer the route that the local router originated.
Prefer the shortest AS path if no route was originated.
Prefer the lowest origin (igp < egp < incomplete).
Prefer the lowest MED (a missing MED is a 0).
Prefer an external path over an internal path.
If synchronization is disabled and only internal paths remain , prefer the path with the closest IGP neighbor.
Prefer the older, more stable path.
Prefer the lowest BGP router ID IP address.
NOTE
BGP uses both UDP port 179 and TCP port 179 to form reliable transport connections between peer or neighbor routers.
Enable the BGP routing process, and associate the local router with an autonomous system:
(global) router bgp as-number
Define all BGP neighbors:
(router) neighbor { ip-address peer-group } remote-as as-number
Neighbors can be specified by IP address or peer group name . A peer group is a grouping of many neighbors that share a common set of attributes or update policies. Each BGP neighbor is defined with this command. For IBGP neighbors, the AS number is the same as that used in the router bgp command. The IBGP neighbors must be reachable by IGP routing, and they need not be on the same subnet. For EBGP neighbors, the AS number will be different. An optional text description can be added to the neighbor:
(router) neighbor { ip-address peer-group } description text-string
NOTE
IBGP neighbors do not redistribute or forward received routes to all other IBGP neighbors within an AS. Rather, they forward that information to their EBGP neighbors. It is important to configure IBGP relationships with all other neighbors within an AS as a full mesh of connections. If this is too complex, use either BGP confederations or route reflectors.
EBGP neighbors must be directly connected to each other and must share a subnet. In some cases, this is not possible. An IGP or static route should then be configured so that the two neighbors can reach each other. Then, EBGP multihop can be configured:
(router) neighbor ip-address ebgp-multihop ttl
The ttl value specifies a time-to-live in the form of a hop count (1 to 255; the default is 255 hops).
(Optional) Configure an interface to use for BGP TCP connections:
(router) neighbor { ip-address peer-group } update-source interface
Ordinarily, BGP uses a source address from the "best local interface" when communicating with an IBGP neighbor peer. This address might not always be optimal, especially when a loopback interface is desired. To override the default source address, you can specify an interface. Typically, a loopback interface is used for IBGP peers, because it is always up and available. If used, the loopback interface should be reachable from the remote IBGP neighbors.
Define the networks to advertise by BGP as originating from the local AS.
Specify a list of up to 200 networks:
(router) network network-number [ mask mask ]
Specified networks must be present in the routing table, as directly connected, static routes, or learned from dynamic routing processes. The optional mask allows networks to be supernetted.
-OR-
Redistribute routes from an IGP:
(router) redistribute protocol [ process-id ] ... [ route-map map ]
Normally, local networks (within the local AS) should be specified with the network command. However, IGP routes can be redistributed into BGP if necessary. A route map should be used to filter the IGP routes that are redistributed.
(Optional) Propagate aggregate or supernet addresses to reduce the routing table size :
(router) aggregate-address address mask [ as-set ] [ summary-only ] [ suppress-map map ] [ advertise-map map ] [ attribute-map map ]
The aggregate address specified is generated if there is at least one more-specific entry in the BGP table. Both the aggregate address and more-specific addresses are advertised unless you use the summary-only keyword. If an aggregate is composed of more-specific routes from several ASs, using as-set causes the set of originating AS numbers to be advertised too.
Route maps can be used to suppress more-specific routes ( suppress-map ) or to generate a certain aggregate address to advertise ( advertise-map ). If needed, you can modify BGP attributes of the aggregate ( attribute-map ). For each, you can use a route map with match ip address or match as-path to select routes. You modify attributes using set commands in the route map.
(Optional) Disable synchronization between BGP and an IGP:
(router) no synchronization
By default, BGP waits until a local IGP propagates routing information across the AS. BGP synchronization is enabled, and routes to be advertised by BGP are tested for inclusion in the IGP tables. If synchronization is not needed, you can disable it.
(Optional) Configure attributes and metrics for best path selection.
Network weight is locally significant; it is not advertised or propagated.
Set the weight attribute according to the BGP neighbor:
(router) neighbor { ip-address peer-group } weight weight
The weight ranges from 0 to 65535. If the router originates a path, the weight defaults to 32768, and nonoriginated paths default to a weight of 0. A path with a higher weight value is preferred.
-OR-
Set the weight attribute using a route map:
(route-map) set weight weight
(See Step 12 for more information on route map usage.)
Local preference is propagated within the local AS.
Set the default local preference value for updates within the AS:
(router) bgp default local-preference value
Local preference ranges from 0 to 4294967295 and defaults to 100. A path with a higher local preference is preferred.
-OR-
Set the local preference using a route map:
(route-map) set local-preference value
(See Step 12 for more information on route map usage.)
The metric or MED is exchanged between ASs. The value is received but is reset to 0 when it is passed along to another AS.
Set the default MED of routes redistributed into BGP:
(router) default-metric med
The MED value ranges from 1 to 4294967295. A path with a lower MED value is preferred.
-OR-
Set the MED using a route map:
(route-map) set metric metric
(See Step 12 for more information on route map usage.)
NOTE
Normally, a router only compares metrics from neighbors in a common AS. To compare metrics for paths advertised by all neighbors, regardless of AS, use this command:
(router) bgp always-compare-med
(Optional) Configure the community attribute of advertised routes.
Use a route map to set the community value:
(route-map) set community community [ additive ]
(See Step 12 for more information about route map usage.) A route map is used to match routes and set the community attribute so that routes are grouped into common communities. A community value is a number from 0 to 4294967200, arbitrarily chosen , and the community attribute is a collection of these values. A route can be a member of more than one community. The additive keyword adds the new value to the list of existing values. Predefined values are internet (advertise the route to the Internet community, or all peers), no-export (don't advertise the route to EBGP peers), and no-advertise (don't advertise the route to any peer).
Send the community attribute to BGP neighbors:
(router) neighbor { ip-address peer-group } send-community
By default, the community attribute is not passed to neighbors in BGP updates. This command allows the attribute to be sent to BGP peers.
(Optional) Use community filtering to match incoming path advertisements.
Configure a community list to perform the matching:
(global) ip community-list community-list-number { permit deny } community-value
One or more community list statements with a common list number (1 to 99) are used in sequential order to match a community value. The value can be a single value or a string of values separated by spaces. Values range from 0 to 4294967200 and can include the predefined internet, no-export, and no-advertise values. An implicit deny all statement exists at the end of the community list.
Configure a route map to apply the community list:
(route-map) match community-list community-list-number [ exact ]
The route map uses the community-list-number argument, a value from 1 to 99, to match community values. The exact keyword is used to exactly match the list of community values.
(Optional) Use route filtering of network numbers to restrict routing information that is learned or advertised.
Use a prefix list to perform filtering:
(router) neighbor { ip-address peer-group } prefix-list prefix-list-name { in out }
The prefix list named prefix-list-name is used to permit or deny networks based on a number of leading bits (prefixes) in the network numbers. Refer to Section 14-1 for more information on prefix lists.
Create a numbered standard access list to perform the filtering:
(global) access-list list-number { deny permit } network wildcard
The access list, numbered 1 to 99, either denies or permits the network number specified (with the wildcard applied). 0 matches exactly, and 1 matches anything).
NOTE
In the case of filtering a supernet network number, an extended access list must be used to match both network number and subnet mask:
(global) access-list list-number { deny permit } ip network net-wildcard subnet-mask mask-wildcard
Create a named standard access list to perform filtering:
(global) ip access-list standard name (access-list) { permit deny } network [ wildcard ]
Use a distribute list to apply the standard or extended IP access list for filtering:
(router) neighbor { ip-address peer-group } distribute-list access-list { in out }
The access list (either numbered or named) is used to filter the network numbers in routing updates to or from a specific neighbor. The in and out keywords specify the filter direction.
(Optional) Use path filtering of AS paths to control inbound and outbound BGP updates.
Create an AS path access list to perform AS path filtering:
(global) ip as-path access-list as-path-list-number { permit deny } as-regular-expression
The as-path-list-number argument (with values ranging from 1 to 199) either permits or denies BGP updates based on matching the as-regular-expression against the AS path contents. Refer to Section 14-5, "Regular Expressions," for complete instructions on creating an AS regular expression. For the purposes of BGP AS path matching, refer to Table 7-1, which lists common regular expressions.
NOTE
Recall that as each BGP peer sends an update, it prepends its own AS number onto the AS path. This means that the AS path builds from right to left, such that the originating AS is on the rightmost end of the AS path string. The last peer to send an update has its AS on the leftmost end of the path. To test the results of a regular expression prior to using it in an AS path access list, use the show ip bgp regexp regular-expression command.
Use a filter list to apply the AS path access list for filtering:
(router) neighbor { ip-address peer-group } filter-list as-path-list-num { in out }
The AS path access list filters the AS paths in routing updates to or from a specific neighbor. You can use the in and out keywords to specify the filter direction. Only one in and one out AS path filter can be configured.
Regular Expression | Example | Result |
---|---|---|
.* | .* | Matches any path information. |
^n$ | ^400$ | Matches paths that start with AS n and end with AS n. (AS n is the only one in the path.) |
^$ | ^$ | Matches paths that originate from the local AS. |
^n_ ^n_.* | ^400_ ^400_.* | Matches paths that start with AS n. An update came from AS n. An alternative expression has the same results. |
_n$ .*_n$ | _400$ .*_400$ | Matches paths that end with AS n. An update originated in AS n. An alternative expression has the same results. |
_n_ | _400_ | Matches paths that pass through AS n. |
_n m_ | _400 300_ | Matches paths that pass through exactly AS n and then AS m. |
(Optional) Use route maps to control or modify inbound and outbound BGP updates.
Create a route map to match and modify BGP attributes:
(global) route-map map-name [ permit deny ] [ sequence-num ]
The route map can be made up of one or more statements evaluated in sequential order, according to the optional sequence number. The permit keyword (the default) causes the route-map statement to be evaluated and an action taken.
You can use one or more optional match statements, along with optional set commands. If you configure more than one match statement, all of the conditions must be met before the set action is taken. If all route map statements are evaluated and no match is found, the update is not sent or received.
Configure a match condition.
Match an AS path in the update:
(route-map) match as-path as-path-list
An as-path-list (numbered from 1 to 199) is used to match an AS regular expression, as in Step 11a.
Match a network number in the update:
(route-map) match ip address access-list [... access-list ]
Network numbers in the update are matched against the numbered or named IP access list (either standard or extended). Refer to Step 10a or 10b.
Match a community in the update:
(route-map) match community-list community-list [ exact ]
A community list (1 to 99) is used to match community values. The exact keyword is used to match the list of community values exactly. Refer to Step 9a.
Configure a set command to modify an attribute.
Modify the AS path:
(route-map) set as-path prepend as-path-string
The as-path-string is prepended to the AS path attribute. By prepending the local AS multiple times, you can modify the path length to influence the path-selection process on a distant peer.
Modify the BGP origin:
(route-map) set origin { igp egp as incomplete }
Set the origin to igp (the origin is inside the local AS; it is normally seen if the BGP network command is used or if IGP routes are redistributed into BGP), egp (learned from Exterior Gateway Protocol from AS number as ), or incomplete (the origin is unknown, or a static route is redistributed into BGP).
Modify the community attribute:
(route-map) set community { community [ additive ] none }
The community attribute is set to one of these community values: a 32-bit number (1 to 4294967200), an AS number and a 2-byte community number in the form as: nn, local-AS (don't advertise the route outside the local AS), no-export (don't advertise to the next AS), or no-advertise (don't advertise to any peer). If the additive keyword is used, the community value specified is added to the existing community attribute. The none keyword removes all community values.
Modify the BGP dampening :
(route-map) set dampening halflife reuse suppress max-suppress-time
The BGP route dampening factors are set. (See Step 15 for further details.) The halflife ranges from 1 to 45 minutes (the default is 15 minutes), the reuse penalty threshold ranges from 1 to 20000 (the default is 750), the suppress penalty threshold ranges from 1 to 20000 (the default is 2000), and the max-suppress-time ranges from 1 to 20000 minutes (the default is 60 minutes). Dampening can be set only with route maps that are referenced by the bgp dampening command.
Modify the local preference value:
(route-map) set local-preference value
Local preference ranges from 0 to 4294967295 (the default is 100). Higher local preference values are preferred.
Modify the weight value (for the incoming route map only):
(route-map) set weight weight
The BGP weight value ranges from 0 to 65535 (the default is not changed). Weights set with a route map override weights set with BGP neighbor commands. Routes with a higher weight are preferred.
Modify the MED:
(route-map) set metric [ + - ] metric
metric ranges from 0 to 4294967295. If the plus or minus signs are used with a value, the metric is adjusted by that value. Lower metric values are preferred.
Apply the route map to inbound or outbound updates on a per-neighbor basis:
(router) neighbor { ip-address peer-group } route-map map-name { in out }
The route map named map-name is used to modify updates to or from this BGP neighbor.
(Optional) Reduce internal peering by using BGP confederations.
Create a confederation identifier:
(router) bgp confederation identifier autonomous-system
The confederation has an identifier, autonomous-system, so that it will appear to the outside world to be a single AS.
Specify the ASs that belong to the confederation:
(router) bgp confederation peers autonomous-system [ autonomous system ]
EBGP neighbors within the confederation will exchange updates as if they are IBGP peers.
NOTE
Each AS within the confederation must have a full mesh of IBGP peers defined, through the use of BGP neighbor commands. Although a confederation reduces the total IBGP mesh inside the overall confederation AS, the full-mesh requirement must be kept within the smaller internal ASs.
(Optional) Reduce peering by using route reflectors.
Configure a route reflector and its clients :
(router) neighbor ip-address route-reflector-client
The local router is configured as a BGP route reflector and relays BGP updates to all IBGP clients. The peer ip-address is configured as a client. The route reflector and its clients form a cluster. Clients do not need to be fully meshed. Route reflectors must be fully meshed with each other between clusters.
For redundant route reflectors within a cluster, assign a specific cluster ID:
(router) bgp cluster-id { cluster-id ip-address }
This command is used on each route reflector to assign a common 4-byte cluster ID number (1 to 4294967295, or 4 bytes in IP address format). The cluster ID is passed along with updates to other route reflectors. It is used to detect loops.
(Optional) Minimize route flapping with route dampening.
Enable BGP route dampening:
(global) bgp dampening
The effects of route flapping are minimized as follows :
If a route to an AS flaps, the dampening router assigns a cumulative penalty value. The route is flagged with a problem, in "history" state, but it is still advertised.
Further flapping incurs further penalties. If the cumulative penalty is greater than the suppress limit, the route moves into "damp" state and is not advertised.
The penalty is lowered by half after a half-life period passes without flapping. Penalty reduction is examined every 5 seconds.
As soon as the penalty falls below the reuse limit, the route is unsuppressed and advertised again. Suppressed routes are examined every 10 seconds for this condition.
Routes are suppressed for only the max-suppress limit of time.
Tune route-dampening factors:
(global) bgp dampening half-life reuse suppress max-suppress [ route-map map ]
The half-life ranges from 1 to 45 minutes (the default is 15 minutes), the reuse penalty threshold ranges from 1 to 20000 (the default is 750), the suppress penalty threshold ranges from 1 to 20000 (the default is 2000), and the max-suppress-time ranges from 1 to 20000 minutes (the default is 60 minutes).
Figure 7-6 shows a network diagram. A router is configured for BGP in autonomous system 10000. Two IBGP peers (within AS 10000) have IP addresses 190.67.17.254 and 190.67.41.3. The local router is a BGP route reflector, and each of the IBGP peers is a BGP route reflector client. Another router, an EBGP peer (not in AS 10000), has IP address 217.6.15.1.
The EBGP peer receives BGP community information. Route map ispcommunity causes route advertisement to be suppressed for routes to 190.67.18.0. However, for routes to 190.67.0.0, an additional community value of 10000:1 (AS 10000 and community 1) is added to the community string.
For incoming BGP updates from the EBGP peer, route map ispfilter references AS path access list 1. Updates containing a path consisting of AS 1001 only or a path passing through AS 1002 have their local-preference values set to 40.
BGP routes (including subnets) from AS 10000 are redistributed into OSPF with a metric of 500.
interface serial 0 ip address 217.6.15.2 255.255.255.252 interface serial 1 ip address 190.67.31.26 255.255.255.252 router bgp 10000 network 217.6.15.0 neighbor 217.6.15.1 description ISP peer neighbor 217.6.15.1 remote-as 210 neighbor 217.6.15.1 route-map ispfilter in neighbor 217.6.15.1 send-community neighbor 217.6.15.1 route-map ispcommunity out neighbor 190.67.17.254 remote-as 10000 neighbor 190.67.17.254 route-reflector-client neighbor 190.67.41.3 remote-as 10000 neighbor 190.67.41.3 route-reflector-client router ospf 101 redistribute bgp 10000 metric 500 subnets passive-interface serial 0 network 217.6.15.0 0.0.0.255 area 0 network 190.67.31.0 0.0.0.255 area 0 route-map ispfilter permit 10 match as-path 1 set local-preference 40 route-map ispfilter permit 20 ip as-path access-list 1 permit ^1001$ ip as-path access-list 1 permit _1002_ route-map ispcommunity permit 10 match ip address 2 set community no-advertise route-map ispcommunity permit 20 match ip address 1 set community 10000:1 additive route-map ispcommunity permit 30 access-list 1 permit 190.67.0.0 0.0.255.255 access-list 2 permit 190.67.18.0 0.0.0.255