Chapter 15 Connecting to Other Autonomous Systems—The Basics of BGP
Chapter 16 Implementing and Tuning BGP for Use in Large Networks
Part V covers the following Cisco BSCI exam topics:
■ Describe the features and operation of BGP
■ Explain how BGP policy-based routing functions within an autonomous system
■ Describe the scalability problems associated with internal BGP
■ Given a set of network requirements, identify the steps to configure a BGP environment and verify proper operation (within described guidelines) of your
■ Interpret the output of various show and debug commands to determine the cause of route selection errors and configuration problems
This chapter covers the following topics, which you need to understand to pass the CCNP/CCDP/CCIP BSCI exam:
■ Introduction to BGP and communicating with other autonomous systems
■ Overview of the BGP operation
■ Basic conﬁguration commands to connect to another autonomous system
■ Managing and verifying the BGP conﬁguration
■ Alternative methods of connecting to another autonomous system
Connecting to Other Autonomous Systems— The Basics of BGP
This chapter details Border Gateway Protocol version 4 (BGP-4, referred to throughout this book as BGP). The CCNP/CCDP/CCIP BSCI exam barely scratches the surface of the detail available to this protocol. This chapter deals with the basic concepts and conﬁguration commands of BGP, which are covered in greater complexity in the next chapter. This chapter builds on your understanding of routing within large enterprise networks. The introduction to BGP in this chapter will cover external BGP (eBGP) and familiarize you with the necessary terms and concepts.
This chapter is broken into two major areas. The ﬁrst part deals with how BGP works theoretically. Implementing and managing a BGP network is described at the end of the chapter.
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 14-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you to determine how to spend your limited study time.
Table 15-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.
Table 15-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
1. In BGP, what is an attribute?
a. Topology table criteria
b. Characteristics of a path, similar to a metric
c. Links in an update
d. Neighbor table entry
2. Which of the following are key features of BGP?
a. Periodic keepalives
b. Periodic updates
c. Poison reverse
d. Triggered updates
3. What is the routing protocol eBGP used to communicate between?
a. Routers within an autonomous system
b. Routers in different countries
c. Routers in different autonomous systems
d. Routers running different IGPs
4. What is the transport protocol for BGP?
a. BGP runs directly on top of the data-link layer
5. When are full routing updates sent in BGP?
a. At the beginning of each session
b. Whenever a fault is seen on the link
c. Every 30 minutes
d. At the startup of the BGP process
6. Which of the following are BGP message types?
7. What is the purpose of the network command?
a. To advertise the stated network
b. To identify the interfaces to run BGP
c. To forward stated networks
d. To create neighbors with within these networks
8. What is the purpose of the neighbor command?
a. Forces the path to be chosen
b. Identiﬁes the next hop router and sends LSAs and Hellos
c. States the address and autonomous system of the neighbor with whom to peer
d. States the neighbor that might be considered as feasible paths
9. What command enables the BGP process?
a. router bgp remote autonomous-system-number
b. router bgp process-id
c. ip routing bgp
d. router bgp autonomous-system-number
10. Which command is used to show the BGP connections between peers?
a. show ip bgp connections
b. show ip bgp neighbor
c. show ip bgp sessions
d. show ip bgp topology
11. Which command is used to show all BGP connections?
a. show ip bgp connections
b. show ip bgp sessions
c. show ip bgp topology
d. show ip bgp summary
12. What is the purpose of the command clear ip bgp ?
a. To disconnect all sessions
b. To clear the BGP routing table
c. To end an administrative session
d. To clear all IGP entries from the routing table
13. Which of the following are valid alternatives to using BGP when connecting to another autonomous system?
a. Using FTP
b. Default routes
c. Static routes
d. Merging the two autonomous systems into one
14. What is the administrative distance of a static route that has been conﬁgured to point to the outgoing interface?
The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to Chapter ‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:
■ 7 or less overall score —Read the entire chapter. This includes the “Foundation Topics” and “Foundation Summary” sections, the “Q&A” section, and the “Scenarios” at the end of the chapter.
■ 8–10 overall score —Begin with the “Foundation Summary” section, and then go to the “Q&A” section and the “Scenarios” at the end of the chapter. If you have trouble with these exercises, read the appropriate sections in “Foundation Topics.”
■ 11 or more overall score —If you want more review on these topics, skip to the “Foundation Summary” section, and then go to the “Q&A” section and the “Scenarios” at the end of the chapter. Otherwise, move to the next chapter.
Introduction to BGP and Communicating with Other Autonomous Systems
BGP is an extremely complex protocol used throughout the Internet and within multinational organizations. Its main purpose is to connect very large networks or autonomous systems. Large companies can use BGP as the glue between countries in which they operate; for example, a government might use BGP among the divisions of its administration, and the military might use it among the Army, the Navy, and the Air Force.
The goal of an exterior routing protocol such as BGP is not to ﬁnd a speciﬁc network, but to provide you with information that allows you to ﬁnd the autonomous system wherein the network lies. The interior routing protocol, such as EIGRP, RIP, OSPF, and IS-IS, will ﬁnd the speciﬁc network that you seek.
This section presents the basics of BGP, introduces the terminology used in BGP, and explains the role of BGP as a routing protocol in the IP community. It is important to understand when to use BGP and when to use other solutions, such as static and default routes. Within this introductory section, the main characteristics of BGP are explained, laying the foundation for the more complex explanation in the rest of the chapter.
Characteristics of BGP
The main characteristics of BGP can be distilled into a few short points. These characteristics demonstrate why this protocol is best suited to exterior routing. The interaction of these components and their relative importance to the operation or design of a BGP network is discussed in the rest of the chapter.
The key features of BGP include:
■ It is a path vector routing protocol.
■ BGP supports variable-length subnet mask (VLSM), classless interdomain routing (CIDR), and summarization.
■ Full routing updates are sent at the start of the session; triggered updates are sent subsequently.
■ It creates and maintains connections between peers, using TCP port 179.
■ The connection is maintained by periodic keepalives.
■ The failure to see a keepalive, an update, or receipt of a notiﬁcation is the means by which destination networks and paths to those destinations are tracked. Any change in the network results in a triggered update.
■ The metrics used in BGP are intricate and are the source of its complexity and its strength. The metric, referred to as attributes, allows great granularity in path selection.
■ The use of hierarchical addressing and the capability to manipulate trafﬁc ﬂow results in a network that is designed to grow.
■ It has its own routing table, although it is capable of both sharing and inquiring about the interior IP routing table.
■ It is possible to manipulate the trafﬁc ﬂow by using attributes. Despite the complexity offered in path selection using policy-based routing, the trafﬁc is still forwarded using the hop-by-hop paradigm. This means that no router can send trafﬁc on a route that the next-hop router would not choose for itself.
One of the most distinctive characteristics of BGP is its routing updates. When you look at the BGP updates, you can see why BGP is excellent for communicating between autonomous systems. BGP works as an exterior routing protocol because the routing updates are extremely concise. BGP is not interested in communicating a full knowledge of every subnet within the organization, but only in conveying enough information to ﬁnd another autonomous system. The BGP routing update takes summarization to the extreme by communicating only a list of autonomous system numbers, aggregated preﬁx addresses, and some policy-based routing information.
However, the small amount of information that the BGP update carries is extremely important. BGP ensures the reliability of the transport carrying the updates and that the databases are synchronized.
BGP can be implemented in several ways, including between autonomous systems or across an autonomous system. When you use BGP to connect autonomous systems, it acts as an Exterior Gateway Protocol (EGP) and is referred to as External BGP, or eBGP. The routing protocol can also carry this external information between eBGP speakers that are resident in the same autonomous system. This is called Interior BGP (iBGP).
Figure 15-1 illustrates how BGP can be used to connect autonomous systems.
Many terms are used in BGP. You need to understand the naming of the parts in order to comprehend the working of the protocol as a whole.
Introduction to BGP and Communicating with Other Autonomous Systems 515
Figure 15-1 Using BGP to Connect Autonomous Systems
BGP is a very different routing protocol from the interior routing protocols that you have studied so far. This protocol is designed to connect autonomous systems, not connect subnets within an autonomous system. BGP, therefore, comes with its own terms and concepts. As with other routing protocols, understanding the jargon of the technology is halfway to understanding the protocol itself.
Table 15-2 provides deﬁnitions for keywords and terms introduced in this chapter. A complete listing, including all of the chapter terms and additional terms, can be found in the Glossary toward the end of this book.
516 Chapter 15: Connecting to Other Autonomous Systems—The Basics of BGP
Table 15-2 BGP Terms
Introduction to BGP and Communicating with Other Autonomous Systems 517
Table 15-2 BGP Terms (Continued)
When to Use BGP
BGP is particularly complex when determining the path that should be taken or when used in conjunction with route maps to implement policy-based routing. Its complexity is its very strength. BGP is not a protocol for all occasions; its brevity and path determination make it a specialized routing protocol. There are speciﬁc situations where using BGP is important, including the following:
■ Your organization is connecting to multiple ISPs or autonomous systems and is actively using those links. Many organizations use multiple links for redundancy purposes, justifying the additional cost by using all the links and reducing bottlenecks and congestion. In this case, policy-based routing decisions might need to be made on a link-by-link basis.
■ The routing policy of the ISP and your company differ. The cost of the link depends on usage in addition to other factors that might need to be programmed into the BGP conﬁguration to make the best use of the connection by manipulating the trafﬁc.
■ The trafﬁc in your organization needs to be distinguished from that of the ISP. The two organizations cannot logically appear as one autonomous system.
■ Your organization is an ISP and, therefore, conforms to criteria in the preceding bullets. The nature of your business requires the trafﬁc from other autonomous systems to travel across your autonomous system, treating it as a transit domain.
When Not to Use BGP
A simple network is a network that is easier to manage and maintain, which is the main reason to avoid BGP conﬁguration in the network. Therefore, if your network has the following characteristics, use other methods, such as static and default routing, to achieve connectivity to the ISP or to another autonomous system network:
■ The ISP and your organization have the same routing policy.
■ Although your company has multiple links to the ISP, these links are redundant and there are no plans to activate more than one link to the Internet.
■ There are limited network resources, such as memory and CPU, on the routers.
■ The bandwidth between the autonomous systems is low, and the additional routing overhead would detract from routing data.
How BGP works and an explanation of some of its characteristics are given in the following section.
Overview of the BGP Operation
BGP is connection-oriented. When a neighbor is seen, a TCP peering session is established and maintained. BGP probes are sent out periodically to sustain the link and maintain the session. These probes, otherwise known as keepalives, are simply the 19-byte header used in the BGP updates.
Having established the session, the routing tables are exchanged and synchronized. The routers then send incremental updates only when changes occur. The update refers to a single path and the networks that can be reached via that path. Having corrected the routing table, the BGP process propagates the change to all neighbors, with a few exceptions, based on an algorithm to ensure a loop-free network.
The operation of BGP is very straightforward. Indeed, all the complexity of the protocol is delivered in only a few different message types.
Four different message types are used in BGP:
■ Open messages —Used to establish connections with peers.
■ Keepalives —Sent periodically between peers to maintain connections and verify paths held by the router sending the keepalive. These packets are sent unreliably. If the periodic timer is set to a value of 0, this equates to inﬁnity, and no keepalives are sent.
■ Update messages —Contain paths to destination networks and the path attributes. Updates include routes that are no longer available or are withdrawn. There is one path per update, requiring many updates for many paths. The information contained in the update includes the path attributes such as origin, autonomous system path, neighbor, and interautonomous system metric.
■ Notification—Used to inform the receiving router of errors that cause the connection to be closed.
The establishment of a BGP peer is shown in Figure 15-2.
The following sections discuss in greater detail how BGP summarizes routes, manipulates the path selection process using policy-based routing, and selects a route.
CIDR and Route Aggregation
BGP needs to communicate some information between the autonomous systems, but perhaps not all of the information is needed. If the network is designed to support summarization, the amount of network resources required could be reduced, because fewer memory, bandwidth, and CPU resources would be consumed when updating the routing tables. In fact, by summarizing the IANA classful addresses, the Internet becomes a quicker and more reliable environment.
CIDR is one of the main solutions implemented in recent years. This is a method of consolidating addresses into a few summary addresses. Instead of an address having a mask to identify the network portion of the address, it has a preﬁx mask, which is simply a number that indicates the number of bits that have been allocated to the network. Summarization reduces the number of preﬁx bits and thus incorporates other networks that share those preﬁx bits into one address. Preﬁx masks are now
used with subnets as well as IANA classful addresses. If an autonomous system has been allocated eight consecutive Class C addresses, it can be advertised as one network, which is an example of summarization at its best.
BGP will propagate the preﬁx and the preﬁx mask together, allowing not only for the design of a truly hierarchical network, but also for the streamlining of the network resources. A router can pass on the aggregated routes, although it is capable of aggregating routes itself. Therefore, a router can send aggregated routes, routes that have not been summarized, or a mixture of both.
The process of how BGP aggregates routes in compliance with CIDR is shown in Figure 15-3. In the ﬁgure, the update sends 1 network, instead of 16 networks, to the router in autonomous system 200.
520 Chapter 15: Connecting to Other Autonomous Systems—The Basics of BGP
Figure 15-2 Establishing a BGP Peer
Overview of the BGP Operation 521
Figure 15-3 BGP and CIDR
BGP and Policy-Based Routing
Policy-based routing is a separate administrative function from BGP, and they do not rely upon each other to work. Policy-based routing gives the administrator the ability to deﬁne how trafﬁc will be routed at the autonomous system level. Policy-based routing is a form of static routing enforced by access lists, including route maps, distribute lists, preﬁx lists, and ﬁlter lists, because they impact the inbound or outbound routing table updates. This is a level of control above the dynamic routing protocol. Given that many variables, or attributes, in BGP can inﬂuence dynamic routing, the administrator is provided with a very high level of control. This dimension distinguishes BGP from other routing protocols. You will learn more about BGP attributes later in this section.
One of the most sophisticated forms of policy-based routing is implemented with route maps, which are the topic of Chapter 18, “Controlling Network Trafﬁc with Route Maps and Policy-Based Routing.” BGP’s capability to choose the routing path via conditional programming was used for policy routing in other situations before it became an option in the Cisco IOS software. BGP was deployed in some situations to use the policy routing-based options; for example, BGP was used by the two early deployments of tag routing as the only means of programming policy-based routing. This is a powerful tool and can be used in many situations, such as forcing trafﬁc entering your
routing domain to pass through a ﬁrewall or load balancing among multiple connections to the Internet. Refer to Figure 15-4 for an example of how policy-based routing could be implemented.
In Router A in Figure 15-4, the trafﬁc from 184.108.40.206 is from the graphic design department. It is high-volume, sensitive trafﬁc. Therefore, you should send it on a path dedicated to such trafﬁc, so this trafﬁc should be directed to Router C.
Figure 15-4 Example of Policy-Based Routing Using BGP
Policy-based routing is discussed in the following sections. You will be introduced to the rules that govern policy-based routing, the disadvantages that you should be aware of before implementing this technology, and the concept of attributes and how attributes are used in policy-based routing to select a path across a nonbroadcast cloud.
Rules of Policy-Based Routing
BGP can implement any of the following rules associated with the hop-by-hop paradigm. This paradigm is the capability to inﬂuence which router will be the next-hop router, potentially dictating it at every router and thus inﬂuencing the entire path of the trafﬁc, hop by hop. The following rules associated with policy-based routing seem repetitive, but, in fact, each point raises a subtly different nuance:
■ Trafﬁc can be directed on either the source address or both the source and destination addresses. These are only some of the criteria that can be used.
■ Policy-based routing affects only the next hop in the path to the destination.
■ Policy-based routing does not affect the destination of the packet. It affects the path used to get to the destination.
■ Policy-based routing does not allow trafﬁc sent into another autonomous system to take a different path from the one that would have been chosen by that autonomous system.
■ It is possible to inﬂuence only how trafﬁc will get to a neighboring autonomous system, not how it will be routed within that autonomous system.
■ As policy-based routing examines the source address, it is conﬁgured on the inbound interface.
NOTE Some things should be considered before arbitrarily deciding to implement policy-based routing. Understand that any additional conﬁguration requires additional CPU, particularly when every packet characteristic must be examined. It is also wise to have a backup path in place in case the deﬁned next-hop router goes down. If there is no alternative deﬁned, policy-based routing will default to dynamic routing decisions. Of course, whenever extra conﬁguration is required, there is the possibility of misconﬁguration or of disrupting other trafﬁc. Refer to Chapter 18 for more information about the disadvantages of policy-based routing.
The key to BGP is the capability to divert trafﬁc into different directions based on criteria determined by the network architects. BGP is concerned with providing the capability to manipulate the trafﬁc ﬂow through the network. This is the key difference between the routing protocols you have seen in previous chapters and BGP.
BGP directs the trafﬁc ﬂow by using attributes. This is different from policy-based routing, which is a sophisticated method of forcing trafﬁc down a particular path in spite of the dynamic routing decisions. The use of attributes refers to the use of variables in the selection of the best path for the dynamic routing protocol BGP.
BGP uses attributes to select the best path. In essence, attributes are the metric for BGP. However, they are more than a list of variables by which a route is selected. They also carry information on which decisions are based, hence the name attributes. The variables describe characteristics or attributes of the path to the destination. These characteristics can be used to distinguish the paths, which is policy-based routing. So, policy-based routing uses the attributes in BGP to make sophisticated decisions in path selection.
The reason for choosing different paths is determined by the nature of the trafﬁc. Policy-based routing allows you to select reliable and slow links for packets that need to be propagated.
Some of the information carried in the update messages is more important than others. Indeed, some of this information is crucial to the successful operation of BGP, so it must be carried through the network to every router running BGP. The path selection is based on the attributes and their values.
Because the BGP information in the updates varies in signiﬁcance to the BGP network, it has been categorized by importance. The attributes are divided into two types, well-known and optional. The well-known attributes are those attributes whose implementation is mandatory, whereas the optional ones are just that—optional. Both of these are subdivided into two further categories, allowing considerable granularity (see Table 15-3).
Table 15-3 The Four Categories of Attributes
The attributes are appropriately carried in the updates that inform the routers of the routes.
Although there are other attributes, the following list includes the ones supported by Cisco. The attributes and a description of their characteristics are listed in Table 15-4 for quick reference and comparison.
Table 15-4 The BGP Attributes
526 Chapter 15: Connecting to Other Autonomous Systems—The Basics of BGP
Table 15-4 The BGP Attributes (Continued)
Table 15-4 The BGP Attributes (Continued)
The Next-Hop Attribute and a Broadcast Multiaccess Network
It is worth mentioning a potential problem with one of the attributes, namely the next-hop attribute. In eBGP, the next hop is the IP address of a router from outside the autonomous system advertising into the autonomous system. The IP address is that speciﬁed in the neighbor command. However, on a multiaccess network, if a route came from one router, it would be unwise for another router to readvertise the route with its own address as the source address. This might lead to packets being sent to several routers on the multiaccess network before ﬁnding the true originator, which is obviously inefﬁcient. The rule, therefore, is that the address of the router that originally sent the update onto the multiaccess network should remain as the source address.
Figure 15-5 shows the next-hop router in a multiaccess network.
Figure 15-5 The Next-Hop Router in a Multiaccess Network
As shown in Figure 15-5, the source address is not changed, so the next-hop address is always the source (in this case, Router A). When this rule is applied to nonbroadcast multiaccess (NBMA), problems arise because although Router B might correctly point to Router A, Router B cannot see Router A in this NBMA cloud. Extra conﬁguration is needed, as described in the next section.
The Next-Hop Attribute and a Nonbroadcast Multiaccess Network
As a multiaccess network, an NBMA network plays by the same rules of maintaining the source address of the router that originated the route on the network. However, there is a potential problem because the other routers are not going to be communicating directly with the source router if the NBMA cloud has a hub-and-spoke conﬁguration (see Figure 15-6). If this is the case, the problem can be solved with a command that forces the router to advertise itself as the source. The commands
for conﬁguring BGP are dealt with later in the chapter in the section “Deﬁning the Networks to Be Advertised.”
Figure 15-6 The Next-Hop Router in an NBMA Network
Route Selection Process
As you have seen, BGP has many options by which to select one route over another using attributes. Now that you understand how attributes work in BGP, this section outlines the overall process of route selection.
The following process illustrates the logic of the selection process:
1. If the router has a valid route to the destination, use that route.
2. If there is more than one valid route to the destination, take the route with the highest weight (Cisco proprietary).
3. If the weights are the same, select the route with the highest local preference.
4. If the routes have the same local preference, prefer the route that originated on that router.
5. If there are no routes that originated on the router, examine the AS_Path and select the shortest path (through the fewest autonomous systems).
6. If the AS_Path is the same, examine and choose the lowest origin code, where an internal path has a lower value than an external path, which in turn is lower than an incomplete path.
7. If the origin codes are the same and the routes originate from a common autonomous system, select the path with the lowest MED.
8. If the MED values are the same, choose an external BGP route over an internal BGP route.
9. If there is no external route, choose the path with the lowest IGP metric or cost to the next-hop router for iBGP.
10. Is one of the routes older? If so, choose the most recent route.
11. If all else fails, choose the router with the lowest BGP router ID.
NOTE The preceding is a simpliﬁcation of the selection process. For more detailed information on how the routing decisions are made, refer to RFC 1771, “A Border Gateway Protocol 4 (BGP).” This document, together with its companion document, RFC 1772, “Application of the Border Gateway Protocol in the Internet,” deﬁnes an interautonomous system routing protocol for the Internet.