Border Gateway Protocol

BGP is an exterior routing protocol used widely on the Internet. It is commonly referred to as BGP4 (version 4).

BGP4, defined in RFC 1771, allows you to create an IP network free of routing loops between different autonomous systems. (As defined in Table 11-1, an autonomous system is a set of routers under the same administrative control.)

BGP is called a path vector protocol because it carries a sequence of autonomous system numbers that indicates the path taken to a remote network. This information is stored so that routing loops can be avoided.

BGP uses TCP as its Layer 4 protocol (TCP port 179). No other routing protocol in use today relies on TCP. This allows BGP to make sure that updates are sent reliably, leaving the routing protocol to concentrate on gathering information about remote networks and ensuring a loop-free topology.

Routers configured for BGP are typically called BGP speakers, and any two BGP routers that form a BGP TCP session are called BGP peers or BGP neighbors.

BGP peers initially exchange full BGP routing tables. After the exchange, only BGP updates are sent between peers, ensuring that only useful data is sent unless a change occurs.

Four message types are used in BGP4 to ensure that peers are active and updates are sent:

■ Open messages—Used when establishing BGP peers

■ Keepalives—Sent periodically to ensure connections are still active or established

■ Update messages—Sent as a result of any changes that occur, such as a loss of network availability

■ Notification—Used only to notify BGP peers of any receiving errors Key BGP characteristics include the following:

■ BGP is a path vector protocol.

■ BGP uses TCP as the transport layer protocol.

■ A full routing table is exchanged only during the initial BGP session.

■ Updates are sent over TCP port 179.

■ BGP sessions are maintained by keepalive messages.

■ Any network changes result in update messages.

■ BGP has its own BGP table. Any network entry must reside in the BGP table first.

■ BGP has a complex array of metrics, such as next-hop address and origin, which are called attributes.

■ BGP supports VLSM and summarization (sometimes called classless interdomain routing [CIDR]).

BGP4's ability to guarantee routing delivery (and the complexity of the routing decision process) is the reason that BGP is widely used in large IP routing environments, such as the Internet. The Internet consists of over 100,000 BGP network entries, and BGP is the only routing protocol available today that can handle and manage such a large routing table. The Internet (120,000+ routes) would not be functional today if BGP were not the routing protocol in use.

Before covering some simple examples, the next section describes BGP attributes.

OSPF also provides an authentication mechanism, a clear-text form, and an MD5 authentication type. MD5 authentication provides higher security than plain-text authentication. Like plain-text authentication, passwords don't have to be the same throughout an area, but they do need to be the same between neighbors. MD5 authentication uses a key ID that allows the router to reference multiple passwords, making password migration easier and more secure. For more details, search the keywords "OSPF authentication" at Cisco.com.

BGP Attributes

BGP has a number of complex attributes that determine a path to a remote network. The BGP attributes allow a greater flexibility and complex routing decision process that ensures the path to a remote network is taken , which is turn can be manipulated by the BGP designer.

The network designer can also manipulate these attributes. BGP, when supplied with multiple paths to a remote network, always chooses a single path to a specific destination. (Load balancing is possible with static routes.) BGP always propagates the best path to any peer.

BGP attributes are carried in update packets.

Table 1-14 describes the well-known and optional attributes used in BGP4.

Table 1-14 Well-Known and Optional Attributes

Attribute

Description

Origin

Mandatory attribute that defines the source of the path, and can be any of three different values:

IGP—Originating from interior of the AS.

EGP—Learned through an External Gateway Protocol.

Incomplete—The BGP route was discovered using redistribution or static routers.

AS_Path

Describes the sequences of AS that the route has traversed to the destination IP network.

Next Hop

Describes the next-hop address taken to a remote path, typically the EBGP peer.

Local Preference

Indicates the preferred path to exit the AS. A higher Local Preference is always preferred. This is local to the AS and exchanged between IBGP peers only.

Multi-Exit Discriminator (MED)

Informs BGP peers in other autonomous systems about which path to take into the AS when multiple autonomous systems are connected. A lower MED is always preferred.

Weight

Cisco-defined attribute that is used in local router selection. Weight is not sent to other BGP peers, and a higher Weight value is always preferred. Weight is locally significant to the router and specifies a preferred path when more than one path exists. Cisco-only attribute.

Atomic Aggregate

Advises BGP routers that route aggregation has taken place. Not used in route selection process.

Aggregator

The router ID responsible for aggregation; not used in the route selection process.

Community

A transitive, optional attribute in the range 0 to 4,294,967,200 that provides a way to group destinations in a certain community and apply routing decisions (accept, prefer, redistribute, etc.) according to those communities.

Originator ID

Prevents routing loops. This information is not used for route selection. The Originator ID is generated by a route reflector, and the route reflector must never send routing information back to the router specified in the Originator ID.

Cluster-List

Used in a route-reflector's environment. This information is not used for route selection.

There are two types of BGP sessions: internal BGP (IBGP) and external BGP (EBGP). IBGP is a connection between two BGP speakers in the same autonomous system. EBGP is a connection between two BGP speakers in different autonomous systems.

IBGP peers also make sure that routing loops cannot occur, by ensuring that any routes sent to another autonomous system must be known via an interior routing protocol, such as OSPF, before sending that information. That is, the routers must be synchronized. The benefit of this added rule in IBGP TCP sessions is that information is not sent unless it is reachable, which reduces any unnecessary traffic and saves bandwidth. Route reflectors in IBGP ensure that large, internal BGP networks do not require a fully meshed topology. Route reflectors are not used in EBGP connections. A BGP route reflector disseminates routing information to all route-reflector clients, and ensures that BGP tables are sent and that a fully meshed IBGP need not be configured.

The BGP routing decision is quite complex and takes several attributes into account. The attributes and process taken by a Cisco router running BGP4 are as follows:

1. If the next-hop address is reachable, consider it; if it is unreachable, ignore it.

2. Prefer the route with the highest weight (Cisco IOS routers only).

3. If the weight is the same, prefer the largest Local Preference attribute.

4. If the local preference is the same, prefer the route originated by this local router (routes generated by network or redistribute commands).

5. Then, prefer the route with the shortest AS_Path.

6. If the AS_Path length is the same, prefer the route with the lowest origin type.

7. If the origin codes are the same, prefer the route with the lowest MED.

8. If the MED is the same, prefer EBGP over IBGP.

9. Then, prefer the path with the lowest IGP metric.

10. Finally, if all else is equal, prefer the path with the lowest BGP router ID.

Configuring BGP

To start the BGP process on a Cisco router requires the following command:

router bgp autonomous-system-number

To define networks to be advertised, apply the following command:

network network-number mask network-mask

You must be aware that the network commands is not used in the same way that you apply network commands in OSPF or EIGRP. With BGP, the network command advertises networks that are originated from the router and should be advertised via BGP. For more Cisco IOS examples of BGP, see Chapter 8, "CCIE Security Self-Study Lab." The BGP network command does not affect for which interfaces BGP is enabled. Also, BGP routes that originate from a BGP-enabled device can include connected routes, static routes, and routes learned from a dynamic routing protocol.

To identify peer routers, apply the following command:

neighbor {ip-address | peer-group name} remote-as autonomous-system-number

NOTE Route redistribution allows routing information discovered through one routing protocol to be distributed in the update messages of another routing protocol. Whenever redistribution is configured on Cisco routers, the routing metric must also be converted. For example, with redistribution from a RIP domain into OSPF, the RIP network inserted into OSPF requires an OSPF cost metric.

BGP neighbor authentication can be configured whenever routing updates are exchanged between neighbor routers. This authentication ensures that a router receives reliable routing information from a trusted source. BGP supports MD5 authentication only. If a firewall exists between two neighboring BGP routers, the firewall cannot NAT the BGP router addresses because it breaks the MD5 hash. It is important to remember that BGP runs over TCP, with the well-known TCP port number 179.

Was this article helpful?

0 0

Post a comment