01 Implementing BGP Routing

External Service Provider Routing
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-1
• Describe BGP terminology
• Describe autonomous systems in BGP networks
• List the basic BGP configuration steps
• Explain how to enable the BGP routing process and enable the address
family under the BGP routing process
• Explain how to configure IBGP peering
• Explain how to configure EBGP peering
• Explain how to temporary disable a BGP peer
• Explain how to configure BGP authentication
• Explain the show command that is used to verify BGP peering
• Describe the network command that is used to announce local
networks to other BGP peers
• Describe the basic concepts of Cisco IOS XR routing policy language
(RPL)
• Explain the show commands that are used to verify BGP routes
• Autonomous system: A collection of networks under a single
administrative domain
• Interdomain routing: Routing between the customer and the service
provider
• Internal routing: Uses IGP protocol (RIP, OSPF, IS-IS, and so on) to
exchange routing information inside the autonomous system
• External routing: Uses EGP protocol (BGP) to exchange routes
between autonomous systems
• Two BGP implementations:
- Internal BGP (IBGP): When BGP is used inside an AS
- External BGP (EBGP): When BGP is used between autonomous systems
IBGP
AS 65001 EBGP 10.1.1.1 10.1.1.2
AS 65002
192.168.1.1 192.168.1.2
• An autonomous system (AS) is a collection of networks under a single
technical administration.
- 16-bit numbers (as of January 2009, 32-bit numbers are available)
- Ranging from 1 to 65535
- Private AS: 64512–65535
• The IANA allocates AS numbers.
• IGPs operate within an AS.
• BGP is used between autonomous systems.
• Access http://www.iana.org or http://bgp.he.net/ to check AS number
AS 65010 AS 65020
BGP
• BGP neighbors are not discovered; they must be configured manually.
• Configuration must be done on both sides of the connection.
• Both routers will attempt to connect to the other with a TCP session on
port number 179.
• EBGP peers are usually reachable through a directly connected link.
• IBGP peers are typically established between loopback interfaces.
- IGP ensures reachability of loopback addresses.
• A TCP-based session has no neighbor presence verification, except
when sending BGP traffic.
• An additional mechanism is needed.
- Keepalive BGP messages provide verification of neighbor existence.
- Keepalive messages are sent every 60 seconds (by default).
• IBGP session inside ASs
- Over IPv4
• IPv4 prefixes
- Over IPv6
• IPv6 prefixes
• EBGP session between ASs
- Over IPv4
• IPv4 prefixes
- Over IPv6
• IPv6 prefixes
AS 2 AS 3
IPv4
EBGP IBGP
IPv6
1. Enable the BGP process.
2. Enable address family for specific protocols.
3. Configure a BGP peer (internal or external).
4. Configure BGP peer authentication (optional).
router(config)#
router bgp as-number
• Starts BGP routing.

• Use private AS numbers (64512–65535) if you run BGP in a private network.
• Only one BGP routing process per router is allowed.
• IOS/IOS XE
- address family IPv4 unicast – by default
- activate or deactivate peer under specific address family
• IOS XR
- address family must be enabled
- define address family per peer
AS 2 AS 3
IPv4
EBGP IBGP
IPv6
router bgp 2 IOS router bgp 3 IOS XR router bgp 3 IOS XR

address-family ipv4 unicast address-family ipv4 unicast
! !
address-family ipv6 unicast address-family ipv6 unicast
! !
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
interface Loopback0 IOS XR

interface Loopback0 IOS ipv4 address 3.0.0.2 255.255.255.255
ip address 2.0.0.1 255.255.255.255 !
! interface GigabitEthernet0/0/0/0
interface Ethernet0/0 ipv4 address 202.0.23.2 255.255.255.252
ip address 202.0.23.1 255.255.255.252 !
interface GigabitEthernet0/0/0/1
ipv4 address 100.0.3.2 255.255.255.252
!
router ospf 1
interface Loopback0 IOS area 0
ip address 3.0.0.1 255.255.255.255
interface Loopback0
!
!
interface Ethernet0/0
ip address 100.0.3.1 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
router bgp 3 router bgp 3

address-family ipv4 unicast
IOS XR bgp log-neighbor-changes
IOS
! neighbor 3.0.0.2 remote-as 3
neighbor 3.0.0.1 neighbor 3.0.0.2 update-source Loopback0
remote-as 3
update-source Loopback0
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Tue May 9 04:07:36.737 UTC
BGP router identifier 3.0.0.2, local AS number 3
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
A number in the state column
BGP main routing table version 2
indicating the number of routes
BGP scan interval 60 secs learned from this neighbor.
BGP is operating in STANDALONE mode.
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

3.0.0.1 0 3 9 8 2 0 0 00:05:14 0
RP/0/0/CPU0:ASBR2#
BGP neighbor states:
• Idle state
Established
- Start BGP process
- Initiates TCP connection with
configured peers
OpenConfirm
- Changes to Connected call state
• Active state OpenSent
- Router tries to establish another TCP
session
• If successful, changes to OpenSent
Connected Active
state
• If unsuccessful, changes to idle state
• Established state
- Peer sends update messages Idle
- On error, changes to idle state

When establishing a BGP session, BGP goes through
the following states:
1. Idle: The router is searching the routing table to see whether a route
exists to reach the neighbor.
2. Connect: The router found a route to the neighbor and has completed
the three-way TCP handshake.
3. Open sent: The open message is sent, with the parameters for the
BGP session.
4. Open confirm: The router received an agreement on the parameters for
establishing a session.
- Alternatively, the router goes into the active state if there is no response to
the open message.
5. Established: Peering is established; routing begins.
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
router bgp 2 IOS router bgp 3 IOS XR

bgp log-neighbor-changes address-family ipv4 unicast
neighbor 202.0.23.2 remote-as 3 !
neighbor 202.0.23.1
remote-as 2
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

Tue May 9 04:07:36.737 UTC
BGP scan interval 60 secs
Some configured eBGP neighbors (under default or non-default vrfs)

do not have both inbound and outbound policies configured for IPv4 Unicast
address family. These neighbors will default to sending and/or
receiving no routes and are marked with '!' in the output below.
Use the 'show bgp neighbor <nbr_address>' command for details.

3.0.0.1 0 3 43 39 2 0 0 00:10:12 0
202.0.23.1 0 2 7 5 2 0 0 00:03:02 0!
RP/0/0/CPU0:ASBR2#
• IOS XR only
• Usually use for EBGP peer
• Powerful tool for route manipulation
- Prepend AS to AS path
- Set origin
- Set weight
- Set local-preference
- And so on…
• Easy to configure
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
route-policy pass
pass
IOS XR
end-policy
!
router bgp 3
!
neighbor 202.0.23.1
remote-as 2
route-policy pass in
route-policy pass out
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

Tue May 9 04:07:36.737 UTC

3.0.0.1 0 3 43 39 2 0 0 00:10:12 0
202.0.23.1 0 2 7 5 2 0 0 00:05:02 0
RP/0/0/CPU0:ASBR2#
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2::1/128 2002:3::2/128 2002:3::1/128
interface Loopback0 IOS XR

interface Loopback0 IOS ipv6 address 2002:3::2/128
ipv6 address 2000:2::1/128 !
! interface GigabitEthernet0/0/0/0
interface Ethernet0/0 ipv6 address 2001:202:12:23::2/64
ipv6 address 2001:202:12:23::1/64 !
ipv6 address 2002:100:10:3::2/64
!
interface Loopback0 IOS router ospfv3 1
ipv6 address 2002:3::1/128 area 0
ospfv3 1 ipv6 area 0 interface Loopback0
! !
interface Ethernet0/0 interface GigabitEthernet0/0/0/1
ipv6 address 2002:100:10:3::1/64
ospfv3 1 ipv6 area 0
!
router ospfv3 1
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2:0:0::1 2002:3:0:0::2 2002:3:0:0::1
router bgp 3 IOS XR ipv6 unicast-routing

address-family ipv6 unicast !
IOS
! router bgp 3
neighbor 2002:3::1 bgp log-neighbor-changes
remote-as 3 neighbor 2002:3::2 remote-as 3
update-source Loopback0 neighbor 2002:3::2 update-source Loopback0
address-family ipv6 unicast !
address-family ipv6
neighbor 2002:3::2 activate
exit-address-family
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
ipv6 unicast-routing IOS router bgp 3 IOS XR

! address-family ipv6 unicast
router bgp 2 !
neighbor 2001:202:12:23::2 remote-as 3 neighbor 2001:202:12:23::1
! remote-as 2
address-family ipv6 address-family ipv6 unicast
neighbor 2001:202:12:23::2 activate route-policy pass in
exit-address-family route-policy pass out
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2:0:0::1 2002:3:0:0::2 2002:3:0:0::1

Tue May 9 04:07:36.737 UTC
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Speaker 2 2 2 2 2 2

2001:202:12:23::1
0 2 4 3 2 0 0 00:00:59 0
2002:3::1 0 3 4 3 2 0 0 00:00:37 0
RP/0/0/CPU0:ASBR2#
1. Two Method to advertise local routes.
- Use the network command.
 network and subnet mask must be exact same as local route
- Redistribute routes from other routing protocols.
2. Route policy for EBGP peers is mandatory.
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128
interface Loopback2 IPv4 interface Loopback22 IPv6

ip address 2.2.2.2 255.255.255.255 ipv6 address 2001:2:2:2::2/128
no shutdown no shutdown
! !
router bgp 2 router bgp 2
! !
address-family ipv4 address-family ipv6 unicast
network 2.2.2.2 mask 255.255.255.255 network 2001:2:2:2::2/128
exit-address-family !
!
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128
RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast summary

3.0.0.1 0 3 81 74 3 0 0 00:44:37 0
202.0.23.1 0 2 47 45 3 0 0 00:22:53 1
RP/0/0/CPU0:ASBR2#
RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
Processed 1 prefixes, 1 paths

RP/0/0/CPU0:ASBR2#
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128
RP/0/0/CPU0:ASBR2#sh bgp ipv6 unicast summary

2001:202:12:23::1
0 2 28 24 3 0 0 00:21:12 1
2002:3::1 0 3 54 50 3 0 0 00:46:00 0
RP/0/0/CPU0:ASBR2#
RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast

*> 2001:2:2:2::2/128 2001:202:12:23::1
0 0 2 i
RP/0/0/CPU0:ASBR2#
AS 2 ASBR2 AS 3
ASBR1
EBGP
22.22.22.22/32
interface Loopback222 IOS

ip address 22.22.22.22 255.255.255.255
no shutdown
!
route-map RM_Con permit 10
match interface Loopback222
!
router bgp 2
!
address-family ipv4
redistribute connected route-map RM_Con
exit-address-family
!
AS 2 ASBR2 AS 3
ASBR1
EBGP
22.22.22.22/32
RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast
Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discard
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?

RP/0/0/CPU0:ASBR2#
RP/0/0/CPU0:ASBR2#show route bgp
Tue May 9 05:19:09.743 UTC
B 2.2.2.2/32 [20/0] via 202.0.23.1, 00:09:08

B 22.22.22.22/32 [20/0] via 202.0.23.1, 00:02:40
RP/0/0/CPU0:ASBR2#
RP/0/0/CPU0:ASBR2#show route ipv6 bgp

Tue May 9 05:19:38.651 UTC
B 2001:2:2:2::2/128
[20/0] via fe80::a8bb:ccff:fe00:1000, 00:09:28, GigabitEthernet0/0/0/0
RP/0/0/CPU0:ASBR2#
Summarization is called “aggregation” in BGP.
1. Aggregation creates summary routes (called “aggregates”) from
networks already in BGP table.
2. Individual networks can be announced or suppressed.
router(config-router)#
aggregate-address address-prefix mask
• Specify aggregation range in BGP routing process.

• The aggregate will be announced if there is at least one network in
the specified range in the BGP table.
• Individual networks will still be announced in outgoing BGP updates.
An alternative method to configure aggregation:
aggregate-address address-prefix mask summary-only
• Configure aggregation of BGP routes.

• Advertise only the aggregate and not the individual networks.
Benefits:
• Smaller BGP routing tables
• More stable internetworks (less route flapping)
AS 2 ASBR2 AS 3
200.1.1.0/24 ASBR1
200.1.2.0/24 EBGP
200.1.3.0/24
200.1.4.0/24
200.1.0.0/16
interface Loopback200
ip address 200.1.1.1 255.255.255.0
ip address 200.1.2.1 255.255.255.0 secondary
!
router bgp 2
!
address-family ipv4
network 200.1.1.0 mask 255.255.255.0
network 200.1.2.0 mask 255.255.255.0
network 200.1.3.0 mask 255.255.255.0
network 200.1.4.0 mask 255.255.255.0
aggregate-address 200.1.0.0 255.255.0.0 summary-only
exit-address-family
!
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?
*> 200.1.0.0/16 202.0.23.1 0 0 2 i
*> 200.1.1.0/24 202.0.23.1 0 0 2 i
*> 200.1.2.0/24 202.0.23.1 0 0 2 i
*> 200.1.3.0/24 202.0.23.1 0 0 2 i
*> 200.1.4.0/24 202.0.23.1 0 0 2 i

RP/0/0/CPU0:ASBR2#

summary-only
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?
*> 200.1.0.0/16 202.0.23.1 0 0 2 i

RP/0/0/CPU0:ASBR2#
• Neighbor authentication
- Using MD5 authentication (password)
- Using key chains
• BGP peers can be authenticated by using a password.
- MD5 hashing function is used on the password.
- Hash is sent to the BGP peer in open message.
- Password is not sent to peer.
• Both routers must be configured with the same password.
• Authenticating BGP peers prevents denial of service (DoS) attacks.
• MD5 authentication is used mostly for EBGP peers.
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32
router bgp 2 IOS router bgp 3 IOS XR

neighbor 2001:202:12:23::2 remote-as 3 address-family ipv4 unicast
neighbor 2001:202:12:23::2 password cisco address-family ipv6 unicast
neighbor 202.0.23.2 remote-as 3 !
neighbor 202.0.23.2 password cisco neighbor 202.0.23.1
! remote-as 2
password clear cisco
!
!
neighbor 2001:202:12:23::1
remote-as 2
password clear cisco
!
!
!
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

3.0.0.1 0 3 118 117 27 0 0 01:18:51 0
202.0.23.1 0 2 103 88 27 0 0 00:07:00 7
RP/0/0/CPU0:ASBR2#

2001:202:12:23::1
0 2 64 59 5 0 0 00:03:16 1
2002:3::1 0 3 89 83 5 0 0 01:17:56 0
RP/0/0/CPU0:ASBR2#
• To temporarily disable a BGP neighbor, use these commands:
router(config-router)# neighbor <ip-address> shutdown
• Disables communication with a BGP neighbor

• Use scenarios:
- Debugging and troubleshooting
- During extensive modification of routing policies
• When policies change, the change takes effect immediately.
• The next time that a prefix or path is advertised or received,
the new policy is used. This can take a long time for all networks.
• You must trigger an update for immediate action.
Hard reset
clear bgp *
Soft reset
clear bgp ipv4 unicast 202.0.23.1 soft out
EBGP
RP/0/RSP0/CPU0:PE1#show bgp neighbor 202.0.23.1 | include Route refresh

Route refresh: advertised and received
Route refresh request: received 2, sent 1

01 Implementing BGP Routing

Uploaded by

Copyright:

Available Formats

01 Implementing BGP Routing

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01 Implementing BGP Routing

Uploaded by

Copyright:

Available Formats

External Service Provider Routing

• Starts BGP routing.

router bgp 2 IOS router bgp 3 IOS XR router bgp 3 IOS XR

interface Loopback0 IOS XR

router bgp 3 router bgp 3

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

- On error, changes to idle state

router bgp 2 IOS router bgp 3 IOS XR

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Some configured eBGP neighbors (under default or non-default vrfs)

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

interface Loopback0 IOS XR

router bgp 3 IOS XR ipv6 unicast-routing

ipv6 unicast-routing IOS router bgp 3 IOS XR

RP/0/0/CPU0:ASBR2#show bgp ipv6 unicast summary

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

interface Loopback2 IPv4 interface Loopback22 IPv6

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast

Origin codes: i - IGP, e - EGP, ? - incomplete

Processed 1 prefixes, 1 paths

RP/0/0/CPU0:ASBR2#sh bgp ipv6 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast

Origin codes: i - IGP, e - EGP, ? - incomplete

interface Loopback222 IOS

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast

Status codes: s suppressed, d damped, h history, * valid, > best

Processed 2 prefixes, 2 paths

B 2.2.2.2/32 [20/0] via 202.0.23.1, 00:09:08

RP/0/0/CPU0:ASBR2#show route ipv6 bgp

• Specify aggregation range in BGP routing process.

• Configure aggregation of BGP routes.

Processed 7 prefixes, 7 paths

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast

Processed 3 prefixes, 3 paths

router bgp 2 IOS router bgp 3 IOS XR

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

RP/0/0/CPU0:ASBR2#show bgp ipv6 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

• Disables communication with a BGP neighbor

RP/0/RSP0/CPU0:PE1#show bgp neighbor 202.0.23.1 | include Route refresh

You might also like