BGP (Border Gateway Protocol) - IOS

OS: 
CISCO:IOS-12.3
Function: 
BGP
Routing
Summary

The interdomain Border Gateway Protocol determines paths between autonomous systems on the Internet.

WARNING: to be sure changes to the BGP configuration are put into effect be sure to read the section "Propagating BGP policy changes" at the bottom of this page for an explanation of the "clear ip bgp *" command.

Configuration
Router Configuration:
network Netaddr
network Netaddr mask  netmask
Specifies a network address that will be advertised by the local BGP process. A network mask may be added to denote the length of the network prefix.
neighbor IPaddress remote-as ASnumber
Adds a neighbor to the BGP neighbor table. IPaddress is the IP address and ASnumber is the AS number of the neighbor.
timers bgp keepalive holdtime
Sets the values of the keepalive and holdtime timers of the BGP process. BGP routers exchange periodic messages to confirm that the connection between the routers is maintained. The interval between these messages is keepalive seconds (default: 60 seconds). The number of seconds that a BGP router waits for any BGP message before it decides that a connection is down is specified by the holdtime (default: 180 seconds).
Commands
Global Configuration:  
router bgp [ASnumber] -Enables the BGP routing protocol and sets the autonomous system number to ASnumber.
no router bgp ASnumber -Disables the BGP routing process.
Privileged EXEC:

 
show ip bgp summary Provides information about all peers.
show ip bgp [IP address] Displays the BGP routing table. If an IP address is included it shows routing information for just this destination.
show ip bgp neighbors [IP address] Displays the details on the status of a BGP neighbors, also called peers, of this BGP router. If an IP address is included only the status of this peer is displayed.
show ip bgp paths -Displays the BGP path information in the local database.
clear ip bgp * -Resets the BGP connection using BGP soft reconfiguration.
Example
  • Below is the configuration for Cisco Router for BGP. Router2 is defined as AS 200, and has neighbors in AS 100 and AS 300.

Router2> enable

Password: <enable secret>

Router2# configure terminal

Router2(config)# no ip routing

Router2(config)# ip routing

Router2(config)# interface FastEthernet0/0

Router2(config-if)# no shutdown

Router2(config-if)# ip address 10.0.2.2 255.255.255.0

Router2(config-if)# interface FastEthernet0/1

Router2(config-if)# no shutdown

Router2(config-if)# ip address 10.0.1.2 255.255.255.240

Router2(config-if)# router bgp 200

Router2(config-router)# neighbor 10.0.1.1 remote-as 100

Router2(config-router)# neighbor 10.0.4.3 renote-as 300

Router2(config-router)# network 10.0.2.0 mask 255.255.255.0

Router2(config-router)# end

Router2# clear ip bgp *

Implementing Policies

Route Maps are the primary method used to implement BGP filters.

route-map MAP-TAG [permit | deny] [sequence-number]

match [ip address #|as-path # | community NAME| prefix-list NAME]

set [community aa:nn | ip NEXT-HOP| local-preference # | as-path prepend AS-LIST]

  • Each route-map is given a name to distinguish it.
  • Route maps consist of one or more steps performed in sequence, where the sequence is specified by the sequence number.
    • If a route map contains multiple steps, each step is performed until a match is found (or the default set action is performed).
    • Once a match is found and the set action performed, the route map stops.
    • If none of the route map steps finds a match, there is an implicit deny at the end of the route map.
    • Each step is either a permit or deny followed by the sequence number.  Sequences are generally in multiples of 10 to allow for additional steps added in between as needed at a later date.
  • Each step is defined by zero or more match commands and zero or more set commands.
    • If there are no match commands, then everything matches.
    • If there are no set commands, nothing is done (other than the match).
  • Match statements
    • In the match statement the ip address refers to an ip access-list, as-path to an as-path access-list.
    • The match condition compares the route being updated against an access-list, community, or other list.  If the condition is met, the action in the set  statement is performed.
  • Set statements
    • If no set statement is given, all routes that match the condition are accepted without modification.
    • The set statement performs the desired action on the route – setting the local preference, the as-path length, etc.
  • Match statements
    • In the match statement the ip address refers to an ip access-list, as-path to an as-path access-list.
    • The match condition compares the route being updated against an access-list, community, or other list. If the condition is met, the action in the set  statement is performed.
  • Set statements
    • If no set statement is given, all routes that match the condition are accepted without modification.
    • The set statement performs the desired action on the route – setting the local preference, the as-path length, etc.
  • References
Applying a route-map to a neighbor.
  • To apply a route map to incoming or outgoing routes, use the "neighbor route-map" command.

router bgp 300

neighbor IP-ADDRESS route-map MAP-NAME [in | out]

Match conditions can be based on IP addresses or prefixes, the AS_PATH attribute, or community strings.
  • IP addresses or prefixes - match statements that look at a subnet use standard ACLs

ip access-list 1 permit IP

route-map MAP-NAME permit 10

match ip address 1

ip as-path access-list 2 permit ^[AS#]_

route-map MAP-NAME permit 10

match as-path 2

  • Prefix list - match statements can also look at a prefix-list

ip prefix-list PEER seq 5 permit 192.0.2.0/24

route-map MAP-NAME permit 10

match prefix-list PEER

  • Community string - routes from peers can be ‘tagged’ with a community as they are received.

route-map MAP-NAME permit 10

set community aa:nn

    • Where the community format aa:nn represents the local AS number (aa) and an assigned number (nn) separated by a colon.
    • Another method for creating communities is to define a name for a particular community.

ip community-list standard COMMUNITY-NAME aa:nn

    • When referenced in route maps as part of a match condition, named community lists are used as opposed to the numerical equivalent.
    • Once routes are tagged with a community, further route manipulation can be formed by referencing the community

route-map MAP-NAME permit 10

match community COMMUNITY-NAME

set local-preference 200

ip access-list 1 permit IP

Manipulating routes with set statements.
  • Outbound traffic - MED and LOCAL_PREF
    • MEDs are used when there are two exit points to the same upstream provider.
    • Local Preference is used to set a higher (or lower) preference value on routes received from the upstream providers.
      • Local Preference is set via a route map on inbound routes.
      • Local Preference can be applied to all routes, or a subset of the routes based on the match criteria.

route-map R2-PROVIDER-IN permit 10

set local-pref 70

route-map R2-PEER-IN permit 10

set local-pref 80

router bgp 200

neighbor 10.6.0.2 route-map R2-PROVIDER-IN in

neighbor 10.5.0.1 route-map R2-PEER-IN in

clear bgp *

  • In order to influence traffic inbound to your network, so must influence how the rest of the Internet sees your route announcements. The easiest global way to do this is with AS-PATH prepends.
    • Prepending extra copies of your local AS onto route announcements make the number of AS hops longer.
    • Default is a single copy of the AS in all announcements.
    • Best practice is to prepend in multiples of 2 – primary preferred path gets zero prepends, the secondary path gets 2 prepends, and so on.

route-map R4-PEER-OUT permit 10

set as-path prepend 400 400

router bgp 400

neighbor 10.8.0.2 route-map R4-PEER-OUT out

Propagating BGP policy changes
  • Because BGP does not send the full routing table at every update interval, some changes may not take effect without intervention.
  • After making changes to your routing policy, you should make sure the changes propagate by clearing the BGP session.
  • A soft clear refers to the command which triggers a router to resend all of the routing information, without tearing down the BGP session:

clear ip bgp * soft

  • A hard clear refers to the command which closes the BGP session.

clear ip bgp *

Links

Cisco BGP documentation (PDF)

PacketLife Cheat Sheets: BGP