As a seasoned networking administrator with extensive experience in BGP implementations, I recognize that even foundational protocols like BGP demand regular review to navigate complex peering arrangements and policy-driven routing. This guide provides a concise reference for BGP key concepts, tailored for quick reference during design, troubleshooting, or certification efforts. It emphasizes core elements including fundamentals, attributes, neighbor relationships, route selection, and practical considerations, informed by RFC standards and prevalent deployment practices.
BGP Fundamentals
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) utilizing a path-vector algorithm to exchange routing information between autonomous systems (ASes). It operates over TCP port 179 for reliable transport and supports both IPv4 (BGP-4) and IPv6 (MP-BGP).
- Primary Objectives: Facilitate inter-domain routing, enforce policy control, and prevent loops via AS_PATH.
- AS Types:
- Public: Globally unique (IANA-assigned).
- Private: 64512–65535 (internal use) or 4200000000–4294967295 (documentation).
- Session Types:
- eBGP: Between different ASes (TTL default: 1; multi-hop configurable).
- iBGP: Within the same AS (TTL default: 255; full-mesh or route reflectors required).
- Key Timers:
- Keepalive: 60 seconds (default).
- Hold time: 180 seconds (3x keepalive; detects session failure).
- Message Types: OPEN (negotiation), UPDATE (routes/withdrawals), KEEPALIVE (liveness), NOTIFICATION (errors).
BGP lacks built-in convergence timers, relying on policy for stability.
Neighbor Configuration and States
BGP neighbors are manually configured (neighbor <IP> remote-as <AS>). Sessions establish via TCP, progressing through finite state machine stages:
- Idle: Administrative disable or connection rejection.
- Connect: TCP SYN sent; awaiting SYN-ACK.
- Active: TCP connection retry after failure.
- OpenSent: OPEN message sent; awaiting response.
- OpenConfirm: OPEN acknowledged; keepalives exchanged.
- Established: Routes exchanged; stable peering.
- Prerequisites: Matching AS (eBGP), loopback reachability (iBGP), authentication (MD5 optional).
- Monitoring: Use
show ip bgp summaryfor states and prefixes;show ip bgp neighborsfor details.
Mismatched capabilities (e.g., route refresh) may prevent full establishment.
BGP Attributes: The Policy Engine
Attributes influence route selection and propagation. They are categorized by origin and usage:
| Attribute Type | Name | Category | Well-Known? | Transitive? | Purpose |
|---|---|---|---|---|---|
| Mandatory | AS_PATH | Path | Yes | Yes | Loop prevention; prepend for influence. |
| Mandatory | NEXT_HOP | Next-Hop | Yes | No | Forwarding IP (eBGP: peer IP; iBGP: unchanged). |
| Mandatory | ORIGIN | Origin | Yes | Yes | Route source (IGP < EGP < Incomplete). |
| Optional | LOCAL_PREF | Preference | No | No | iBGP path preference (higher better; default 100). |
| Optional | MED | Metric | No | No | eBGP influence on inbound paths (lower better). |
| Optional | COMMUNITY | Community | No | Yes | Tagging for policy (e.g., no-export). |
- Propagation: Well-known mandatory attributes must be recognized; optional transitive pass through AS boundaries.
- Conditional: ATOMIC_AGGREGATE (summarization marker), AGGREGATOR (originator).
Apply via route-maps (set local-preference 200, set community 65000:100).
Route Selection Process
BGP selects the best path per prefix using a deterministic algorithm, evaluated sequentially:
- Highest LOCAL_PREF.
- Shortest AS_PATH.
- Lowest ORIGIN (IGP preferred).
- Lowest MED (if from same AS).
- eBGP over iBGP.
- Lowest IGP metric to NEXT_HOP.
- Lowest router ID (or oldest route for stability).
- Lowest neighbor IP.
Ties break with additional criteria like cluster list for route reflectors. Best paths install in the Loc-RIB and advertise to eligible neighbors.
Scaling Mechanisms: Beyond Full Mesh
iBGP full-mesh scales poorly (n(n-1)/2 sessions); mitigate with:
- Route Reflectors (RR): Designated routers reflect iBGP routes (RFC 4456); clients peer only with RR. Avoids loops via ORIGINATOR_ID and CLUSTER_LIST.
- Confederations: Sub-AS partitioning (private ASNs internally); eBGP-like peering between sub-ASes, with AS_CONFED_SEQUENCE for external visibility.
- Next-Hop-Self: On route reflectors (
neighbor <IP> next-hop-self) to resolve iBGP next-hop issues.
Route filtering via prefix-lists, AS_PATH regex, and distribute-lists prevents table bloat.
Route Advertisement and Policy
- Advertisement Rules: Advertise only best paths; no-split horizon in eBGP (full paths to all peers).
- Summarization: On ASBRs (
aggregate-address <network> <mask> summary-only); suppresses specifics. - Redistribution: From IGP via
redistribute <protocol>with metric/origin set; usedefault-information originatefor defaults. - Dampening: Suppress flapping routes (penalty-based; configurable half-life/max-suppress).
Soft reconfiguration (neighbor <IP> soft-reconfiguration inbound) enables policy changes without session reset.
Advanced Features
- MP-BGP: Multi-protocol extensions for VPNv4, IPv6 (AFI/SAFI encoding).
- Graceful Restart: Maintains forwarding during restarts (capability negotiation).
- BGP FlowSpec: Dynamic DDoS mitigation via UPDATE messages.
- Authentication: TCP MD5 (
neighbor <IP> password <key>); TCP-AO for enhanced security.
Common Cisco IOS BGP Configurations
For practical application, here are concise examples focusing on neighbor setup, inbound/outbound filtering, and traffic control. Assume AS 65000; peer at 192.168.1.2 (eBGP, AS 65001).
Basic Neighbor Setup
router bgp 65000
neighbor 192.168.1.2 remote-as 65001
neighbor 192.168.1.2 ebgp-multihop 2 ! For multi-hop eBGP
neighbor 192.168.1.2 password cisco123 ! MD5 auth
neighbor 192.168.1.2 maximum-prefix 1000 ! Limit prefixesRoute Filter In (Inbound: Block Specific Prefixes)
Use prefix-list to filter received routes:
ip prefix-list IN-FILTER deny 203.0.113.0/24
ip prefix-list IN-FILTER permit 0.0.0.0/0 le 32
!
route-map IN-POLICY permit 10
match ip address prefix-list IN-FILTER
!
router bgp 65000
neighbor 192.168.1.2 route-map IN-POLICY inRoute Filter Out (Outbound: Advertise Selectively)
Filter advertised routes with distribute-list or prefix-list:
ip prefix-list OUT-FILTER permit 198.51.100.0/24
ip prefix-list OUT-FILTER deny 0.0.0.0/0
!
router bgp 65000
neighbor 192.168.1.2 distribute-list prefix OUT-FILTER out
! Or via route-map for setsControl Traffic In (Inbound: Influence with LOCAL_PREF/MED)
Prefer inbound paths via attributes:
route-map IN-TRAFFIC permit 10
set local-preference 200 ! Higher for preferred paths
set metric 50 ! Lower MED for inbound preference
!
router bgp 65000
neighbor 192.168.1.2 route-map IN-TRAFFIC inControl Traffic Out (Outbound: AS Prepend/COMMUNITIES)
Shape outbound via AS_PATH or communities:
route-map OUT-TRAFFIC permit 10
set as-path prepend 65000 65000 ! Lengthen for less preference
set community 65000:100 no-export ! Tag for no further export
!
router bgp 65000
neighbor 192.168.1.2 route-map OUT-TRAFFIC outCommon Controls: Redistribution and Default Origination
Redistribute OSPF with metric; originate default:
router bgp 65000
redistribute ospf 1 metric 1 metric-type 1 ! E1 external
default-information originate metric 1 ! Advertise default
! Dampening for stability
bgp dampening 15 750 2000 60 ! Half-life/reuse/suppress/max-timeThese snippets integrate with route-maps for granular control. Always verify with show ip bgp neighbors <IP> received-routes.
Troubleshooting Essentials
show ip bgp: Best paths and attributes.show ip bgp regexp <AS>: AS_PATH matches.show ip bgp neighbors <IP> advertised-routes: Outbound view.debug ip bgp updates: Policy application.- Common Issues: Next-hop unreachability, AS_PATH loops, inconsistent MED handling.