CCIE R&S Written Overview: BGP

BGP Overview

• Border Gateway Protocol

– Standards based Exterior Gateway Protocol (EGP)

– RFC 4271 A Border Gateway Protocol 4 (BGP-4)

• Path Vector Protocol

– Uses multiple “attributes” for inter-domain routing between Autonomous Systems

BGP Features

• “Classless” Protocol

– Supports VLSM and summarization

• Highly Scalable

– IGPs can scale to thousands of routes

– BGP can scale to hundreds of thousands of routes

– Current Global (Internet) BGP table ~ 400,000 routes

• Highly Stable

– Internet routing table never converges

– BGP stable enough to handle routing and decision making at the same time

• Used to Enforce Routing Policy

– IGP uses link cost for routing decision

• Effective traffic engineering nearly impossible with IGP

– BGP uses attributes of the route itself

• Traffic engineering feasible and simple to implement

• Uses Autonomous System Number (ASN) to identify process

– BGP ASNs originally 2-byte field

• Values 0-65535

– RFC 4893 defines 4-byte ASNs

• 65535.65535 “AS Dot” notation

• 0.[0-65535] denote original 2-byte ASNs

• Doesn’t use its own transport

– Uses unicast TCP at port 179

• BGP peers are not discovered

– Manually configured via neighbor statement

• BGP neighbors do not have to be connected

– IGP is always on a link-by-link basis

– BGP is a logical peering over TCP

– Implies that BGP always needs IGP underneath

• BGP has different types of neighbors

– External BGP vs. Internal BGP

• Path vector attributes

– Choose BGP bestpaths to build routing table

• Control Plane Security

– Supports TCP MD5 Signature Option

• Extensible

– Multiprotocol BGP extensions beyond normal IPv4 Unicast routing

Establishing BGP Peerings

• Like IGP, first step in BGP is to find neighbors to exchange information with

• Peering establishment and maintenance uses four types of packets

– OPEN

– KEEPALIVE

– UPDATE

– NOTIFICATION

BGP OPEN Message

• Used to negotiate parameters for peering

• Includes…

– BGP version

• Should be 4

– Local ASN

– Local Router-ID

– Hold time

• Negotiated to lowest requested value

– Options

• AKA “capabilities”

BGP KEEPALIVE Message

• Used for dead neighbor detection

• If hold time = 0, keepalives disabled

BGP UPDATE Message

• Used to advertise or withdraw a prefix

• Includes..

– Withdrawn routes

• List of routes that should be discarded

– NLRI

• Route being advertised

– Path vector attributes

• Attributes of route being advertised

• Used for bestpath selection

BGP NOTIFICATION Message

• Used to convey error messages

• After notification sent, BGP session closed

• Examples

– Unsupported Version Number

– Unsupported Optional Parameter

– Unacceptable Hold Time

– Hold Timer Expired

BGP Peering Types

• External BGP (EBGP) Peers

– Neighbors outside my Autonomous System

• Internal BGP (iBGP) Peers

– Neighbors inside my Autonomous System

• Update and path selection rules change depending on what type of peer a route is being sent to/received from

EBGP Peerings

• Peers in different ASes

• Usually directly connected neighbors

– e.g. DS3 Frame Relay link to ISP

• Can be “multihop”, but TTL defaults to 1

• Uses AS-Path attribute for loop prevention

– If I receive an update from an EBGP peer with my own ASN in the AS-Path, discard it

iBGP Peerings

• Peers in the same AS

• Many times not directly connected

– Implies IGP needed to provide TCP transport

• Loop prevention via route suppression

– Routes learned from an iBGP peer cannot be advertised on to another iBGP peer

– Implies that all routers running BGP within the AS must peer with each other

• i.e. “iBGP full mesh” of n*(n-1)/2 peerings

iBGP Full Mesh

• Can be fixed with two exceptions

– Route Reflectors

• Same logic as OSPF DR/IS-IS DIS

– Confederation

• Split the AS into smaller Sub-ASes

BGP Peering Redundancy

• BGP peering is based on TCP reachability to peer address

• If peer address is unreachable, peering goes down – e.g. if IP address of Serial link is used for peering and Serial link is down, peer goes down

• Using Loopback addresses for peerings allows rerouting around link failures and adds redundancy – e.g. as long as any link is up, Loopback can be reached

• Can also be used for load balancing

Building the BGP Table

• Once peerings are established, UPDATE messages are exchanged to advertise NLRI and build the BGP table

• NLRI can be originated by…

– Network statement

– Redistribution

– Aggregation

– Conditional Route Injection

• Unlike IGP, networks do not have to be directly connected to be advertised, they only have to be in the routing table – e.g. prefixes in local routing table learned via OSPF can be advertised with BGP network statement

BGP Path Vector Attributes

• UPDATE includes path vector attributes for a route

• Attributes fall into different categories…

– Well-known vs. optional

• Well-known must be implemented

• Optional may or may not be implemented

– Mandatory vs. discretionary

• Mandatory must be present in update

• Discretionary may or may not be present

– Transitive vs. non-transitive

• Transitive passes between EBGP and iBGP neighbors

• Non-transitive passes only between iBGP neighbors

• Well-known mandatory

– Next-hop

– AS-Path

– Origin

• Well-known discretionary

– Local Preference

– Atomic Aggregate

• Optional transitive

– Aggregator

• Optional non-transitive

– MED

BGP Bestpath Selection

• Once updates are exchanged, path selection begins

– Bestpath selection algorithm compares path vector attributes and elects one route as “best” for each prefix

– Only best route is sent to the routing table

– Only best route can be advertised to other BGP peers

– Multipath can occur, but in very strict circumstances

BGP Bestpath Selection Order

• Algorithm runs top down until a deciding match occurs

• Cisco IOS selection order is…

– Weight (highest)

– Locally significant Cisco proprietary attribute

– Local Preference (highest)

– Locally originated routes

– AS-Path (shortest)

– Origin (lowest)

– MED (lowest)

– EBGP learned routes over iBGP learned routes

– Smallest IGP metric to next-hop value

• Other tie-breaking checks occur if no bestpath

– Oldest route, lowest Router-ID, lowest interface IP address, etc.

Manipulating BGP Bestpath Selection

• Vector attributes can be manually modified to define different routing policy for different routes

– E.g. control inbound/outbound traffic flow on a per-prefix basis

• Attributes typically modified are…

– Weight

– Local-Preference

– AS-Path

– MED

• Inbound routing policy affects outbound traffic

– Change weight or local-pref in to affect traffic out

• Outbound routing policy affects incoming traffic

– Change AS-Path or MED to affect traffic in