© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Configuring Basic BGP
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Outline Overview BGP Routing Process Configuring External Neighbors Configuring BGP Timers Configuring MD5 Authentication Announcing Networks in BGP Redistributing Routes into BGP Configuring Classless BGP Aggregating BGP Networks BGP Conditional Route Injection BGP Support for TTL Security Check Multihomed Customer Problem Summary
© 2005 Cisco Systems, Inc. All rights reserved. BGP v router(config)# BGP Routing Process router bgp as-number Starts BGP routing. Get your AS number from American Registry for Internet Numbers ( or Réseaux IP Européens ( Use private AS numbers (64512–65535) if you run BGP in a private network. Only one BGP routing process per router is allowed.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring External Neighbors neighbor ip-address remote-as as-number router(config-router)# neighbor ip-address description neighbor description router(config-router)# Defines an external neighbor. External neighbor has to be reachable over directly connected subnet. Assigns a description to an external neighbor.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring External Neighbors (Cont.) neighbor ip-address shutdown router(config-router)# To temporarily disable a BGP neighbor: Disables communication with a BGP neighbor Use scenarios: –Debugging and troubleshooting –Shutdown of the neighbor during extensive modification of routing policies to prevent inconsistent routing data
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring BGP Timers timers bgp keepalive holdtime router(config-router)# neighbor [ ip-address|peer group name ] timers keepalive holdtime router(config-router)# Changes the default values of BGP timers per specific neighbor or peer group. Overrides the bgp settings of the timers. Changes the default values of BGP timers per BGP process. Only the holdtime value is communicated in the BGP Open message. Smallest configured holdtime value on BGP peers is used by both peers.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring MD5 Authentication neighbor ip-address password string router(config-router)# Enables MD5 authentication on a specific BGP session. Password string on both routers must match.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Announcing Networks in BGP Only administratively defined networks are announced in BGP. Manually configure networks to be announced. Use redistribution from IGP. Use aggregation to announce summary prefixes.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Announcing Networks in BGP (Cont.) (no) auto-summary router(config-router)# Enables or disables summarization of networks prior to insertion into the BGP table: –Locally inserted networks (using the network command) –Redistributed routes Enabled by default
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Announcing Networks in BGP (Cont.) network major-network-number router(config-router)# To manually define a major network: Allows advertising of major networks into BGP. At least one of the subnets must be present in the routing table. Behavior is dependent on the presence of the auto-summary command. The meaning of the network command in BGP is completely different from any other routing protocol.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Announcing Networks in BGP (Cont.) network major-network-number route-map route-map-name router(config-router)# The addition of the route-map option allows network parameters to be modified before you enter them into the BGP table. The route-map option can be used for the following: –Changing the weight value of a locally sourced route –Tagging sourced routes with BGP communities –Setting the local preference for a specific network –Changing the value of the MED for a specific network
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Redistributing Routes into BGP Easier than listing networks in BGP process in large networks. Redistributed routes carry origin attribute incomplete. Always filter redistributed routes to prevent route leaking. Avoid in service provider environments.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Redistributing Routes into BGP (Cont.) Simple IGP-to-BGP redistribution Configure redistribution in BGP process. Configure route-filter using distribute-list. Caveat: –BGP routes originated through redistribution have incomplete origin.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Redistributing Routes into BGP (Cont.) Redistribution using route-maps Origin can be set to IGP with a route-map. Other BGP path attributes can also be set: –Metric –Next-hop –Community
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring Classless BGP BGP4 supports CIDR. Any BGP router can advertise individual networks or supernets (prefixes). Prefix notation is used with BGP instead of subnet masks. – /16 =
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring Classless BGP (Cont.) network ip-prefix-address mask subnet-mask router(config-router)# To manually announce a classless prefix in BGP: Configures a classless prefix to be advertised into BGP. The prefix must exactly match an entry in the IP routing table. Use a static route to null 0 to create a matching prefix in the IP routing table.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Configuring Classless BGP (Cont.) To advertise a supernet prefix: Advertise prefix /16 assigned to the Internet service provider.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Aggregating BGP Networks Summarization is called aggregation in BGP. Aggregation creates summary routes (called aggregates) from networks already in BGP table. Individual networks can be announced or suppressed.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Aggregating BGP Networks (Cont.) aggregate-address address-prefix mask router(config-router)# Specify aggregation range in BGP routing process. The aggregate will be announced if there is at least one network in the specified range in the BGP table. Individual networks will still be announced in outgoing BGP updates.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Aggregating BGP Networks (Cont.) aggregate-address address-prefix mask summary-only router(config-router)# An alternative method to configure aggregation: Configure aggregation of BGP routes. Advertise only the aggregate and not the individual networks. Benefits: Smaller BGP routing tables More stable internetworks (less route flapping) Drawback: Problems with multihomed customers
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Aggregation Example Classless BGP sample configuration Advertise prefix /20. Aggregate networks in /20 and announce individual networks. Aggregate networks in /20 and suppress individual network announcements.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Aggregation Example (Cont.) Viewing the BGP table
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Debugging BGP updates Aggregation Example (Cont.)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Conditional Route Injection Provides means to originate a prefix into a BGP routing table without the corresponding match Allows more specific routes to be generated based on administrative policy or traffic engineering information to provide more specific control over the forwarding of packets to these more specific routes, which are injected into the BGP routing table only if the configured conditions are met Improves accuracy of common route aggregation by conditionally injecting or replacing less specific prefixes with more specific prefixes
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Support for TTL Security Check Lightweight security mechanism to protect EBGP peering sessions from CPU utilization-based attacks Protects the EBGP peering session by comparing the value in the TTL field of received IP packets against a hop count that is configured locally for each EBGP peering session Supports both directly connected peering sessions and multihop EBGP peering sessions
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Multihomed Customer Problem Customer prefers primary provider, using alternate only as backup. Primary provider advertises the aggregate. Alternate provider advertises individual network.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Multihomed Customer Problem (Cont.) Customer prefers primary provider, using alternate only as backup. Primary provider advertises the aggregate. Alternate provider advertises individual network.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Multihomed Customer Problem (Cont.) Remote autonomous systems prefer longest-match prefix; traffic toward the customer flows through alternate provider. Solution: Do not use aggregation.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Multihomed Customer Problem (Cont.) Remote autonomous systems prefer longest-match prefix; traffic toward the customer flows through alternate provider. Solution: Do not use aggregation.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary The BGP process in a Cisco router is started with the router bgp command. The neighbor remote-as router configuration command adds an entry to the BGP neighbor table, the neighbor description router configuration command associates a description with a neighbor, and the neighbor shutdown router configuration command disables a neighbor. The BGP keepalive and holdtime timers can be changed for the BGP process (using the timers bgp router configuration command) or on a per-neighbor basis (using the neighbor timers router configuration command). MD5 authentication can be used to secure a connection between two BGP neighbors. The neighbor password router configuration command enables MD5 authentication on a TCP connection between two BGP peers.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary (Cont.) Local networks are announced in BGP by listing them with the network command or by redistributing them with the redistribute command. The network command can be used to announce any IP prefix. If you use the classless version of the network command, a matching route has to reside in the IP routing table. If there are a lot of networks to be advertised, and BGP is used primarily to achieve scalability, it may be easier to let the local IGP find the routes and then redistribute them into BGP. To redistribute routes from one routing process into another routing process, use the redistribute router configuration command. BGP4 supports CIDR, and any BGP router can advertise individual networks or supernets (prefixes). To specify the networks to be advertised by the BGP routing process, use the network router configuration command.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary (Cont.) There are cases where routes that are already in the BGP table have to be summarized. This process is called aggregation in BGP and is configured with the aggregate-address command. The BGP conditional route injection feature provides a means to originate a prefix into a BGP routing table without the corresponding match, allowing more specific routes to be generated based on administrative policy or traffic engineering information to provide more specific control over the forwarding of packets to these more specific routes. The BGP Support for TTL Security Check feature introduces a lightweight security mechanism to protect EBGP peering sessions from CPU utilization-based attacks; a host cannot attack a BGP session if the host is not a member of the local or remote BGP network or if the host is not directly connected to a network segment between the local and remote BGP networks. BGP route aggregation is not appropriate in multihomed topologies.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v