Chapter 31: BGP Fundamentals and Configuration
Learning Objectives
By the end of this chapter, you will be able to: - Understand BGP concepts and operation principles - Configure eBGP and iBGP peering relationships - Implement BGP path selection and attribute manipulation - Configure BGP route filtering and policy implementation - Troubleshoot BGP connectivity and routing issues
BGP Fundamentals
What is BGP?
Border Gateway Protocol (BGP) is the routing protocol that makes the Internet work. It’s a path-vector protocol designed to exchange routing information between autonomous systems (AS). BGP is used both between different organizations (eBGP) and within large organizations (iBGP).
Key BGP Characteristics
- Path Vector Protocol: Maintains path information to prevent loops
- Policy-Based: Extensive policy control and manipulation
- Scalable: Handles hundreds of thousands of routes
- Reliable: Uses TCP for reliable transport
- Flexible: Rich set of attributes for path selection
BGP vs IGP Comparison
| Aspect | BGP | IGP (OSPF/EIGRP) |
|---|---|---|
| Purpose | Inter-AS routing | Intra-AS routing |
| Metric | Path attributes | Cost/Metric |
| Convergence | Slow, stable | Fast convergence |
| Scalability | Very high | Limited |
| Policy Control | Extensive | Limited |
| Loop Prevention | AS-Path | SPF/DUAL |
BGP Message Types
| Type | Name | Purpose |
|---|---|---|
| 1 | OPEN | Establish BGP session |
| 2 | UPDATE | Exchange routing information |
| 3 | NOTIFICATION | Error reporting |
| 4 | KEEPALIVE | Maintain session |
BGP Session Establishment
BGP Neighbor States
BGP neighbors go through several states during session establishment:
- Idle: Initial state, no BGP process
- Connect: TCP connection attempt
- Active: TCP connection failed, retrying
- OpenSent: TCP established, OPEN message sent
- OpenConfirm: OPEN message received and processed
- Established: BGP session fully established
Basic BGP Lab Setup
# BGP fundamentals lab
name: bgp-fundamentals
prefix: bgp
topology:
nodes:
# ISP A (AS 100)
isp-a-r1:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.10
startup-config: |
hostname ISP-A-R1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-ISP-B
ip address 10.1.12.1 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description To-Customer-A
ip address 10.1.13.1 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/2
description ISP-A-Internal
ip address 192.168.100.1 255.255.255.252
no shutdown
!
! BGP Configuration
router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
! eBGP to ISP-B
neighbor 10.1.12.2 remote-as 200
neighbor 10.1.12.2 description ISP-B-R1
! eBGP to Customer A
neighbor 10.1.13.2 remote-as 300
neighbor 10.1.13.2 description Customer-A
! iBGP to internal router
neighbor 192.168.100.2 remote-as 100
neighbor 192.168.100.2 description ISP-A-R2
neighbor 192.168.100.2 update-source GigabitEthernet0/0/2
!
! Network advertisements
network 1.1.1.1 mask 255.255.255.255
network 192.168.100.0 mask 255.255.255.252
!
! Static route for demonstration
ip route 203.0.113.0 255.255.255.0 Null0
!
# ISP A Internal Router
isp-a-r2:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.11
startup-config: |
hostname ISP-A-R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0/0
description ISP-A-Internal
ip address 192.168.100.2 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description To-Customer-B
ip address 10.1.24.2 255.255.255.252
no shutdown
!
! BGP Configuration
router bgp 100
bgp router-id 2.2.2.2
bgp log-neighbor-changes
! iBGP to ISP-A-R1
neighbor 192.168.100.1 remote-as 100
neighbor 192.168.100.1 description ISP-A-R1
neighbor 192.168.100.1 update-source GigabitEthernet0/0/0
! eBGP to Customer B
neighbor 10.1.24.4 remote-as 400
neighbor 10.1.24.4 description Customer-B
!
network 2.2.2.2 mask 255.255.255.255
!
# ISP B (AS 200)
isp-b-r1:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.12
startup-config: |
hostname ISP-B-R1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-ISP-A
ip address 10.1.12.2 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description To-Internet
ip address 203.0.113.1 255.255.255.252
no shutdown
!
! BGP Configuration
router bgp 200
bgp router-id 3.3.3.3
bgp log-neighbor-changes
! eBGP to ISP-A
neighbor 10.1.12.1 remote-as 100
neighbor 10.1.12.1 description ISP-A-R1
!
network 3.3.3.3 mask 255.255.255.255
network 203.0.113.0 mask 255.255.255.252
!
# Customer A (AS 300)
customer-a:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.13
startup-config: |
hostname Customer-A
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-ISP-A
ip address 10.1.13.2 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description Customer-A-LAN
ip address 192.168.10.1 255.255.255.0
no shutdown
!
! BGP Configuration
router bgp 300
bgp router-id 4.4.4.4
bgp log-neighbor-changes
! eBGP to ISP-A
neighbor 10.1.13.1 remote-as 100
neighbor 10.1.13.1 description ISP-A-R1
!
network 4.4.4.4 mask 255.255.255.255
network 192.168.10.0 mask 255.255.255.0
!
# Customer B (AS 400)
customer-b:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.14
startup-config: |
hostname Customer-B
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-ISP-A
ip address 10.1.24.4 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description Customer-B-LAN
ip address 192.168.20.1 255.255.255.0
no shutdown
!
! BGP Configuration
router bgp 400
bgp router-id 5.5.5.5
bgp log-neighbor-changes
! eBGP to ISP-A
neighbor 10.1.24.2 remote-as 100
neighbor 10.1.24.2 description ISP-A-R2
!
network 5.5.5.5 mask 255.255.255.255
network 192.168.20.0 mask 255.255.255.0
!
# Internet simulation
internet-sim:
kind: linux
image: alpine:latest
mgmt-ipv4: 172.20.20.100
exec:
- ip addr add 203.0.113.2/30 dev eth1
- ip route add default via 203.0.113.1
# Customer LANs
customer-a-pc:
kind: linux
image: alpine:latest
exec:
- ip addr add 192.168.10.10/24 dev eth1
- ip route add default via 192.168.10.1
customer-b-pc:
kind: linux
image: alpine:latest
exec:
- ip addr add 192.168.20.10/24 dev eth1
- ip route add default via 192.168.20.1
links:
# ISP interconnections
- endpoints: ["isp-a-r1:eth1", "isp-b-r1:eth1"]
- endpoints: ["isp-a-r1:eth3", "isp-a-r2:eth1"]
# Customer connections
- endpoints: ["isp-a-r1:eth2", "customer-a:eth1"]
- endpoints: ["isp-a-r2:eth2", "customer-b:eth1"]
# Internet connection
- endpoints: ["isp-b-r1:eth2", "internet-sim:eth1"]
# Customer LANs
- endpoints: ["customer-a:eth2", "customer-a-pc:eth1"]
- endpoints: ["customer-b:eth2", "customer-b-pc:eth1"]Basic BGP Configuration
eBGP Configuration
# Deploy the BGP lab
containerlab deploy -t bgp-fundamentals.yml
# Connect to ISP-A-R1 and verify BGP
docker exec -it clab-bgp-isp-a-r1 cli
# Basic eBGP configuration
configure terminal
router bgp 100
bgp router-id 1.1.1.1
neighbor 10.1.12.2 remote-as 200
neighbor 10.1.12.2 description ISP-B-R1
network 1.1.1.1 mask 255.255.255.255
exit
# Verify BGP neighbors
show ip bgp summary
show ip bgp neighborsiBGP Configuration
# iBGP configuration
router bgp 100
neighbor 192.168.100.2 remote-as 100
neighbor 192.168.100.2 update-source Loopback0
neighbor 192.168.100.2 next-hop-self
# Verify iBGP session
show ip bgp summary
show ip bgp neighbors 192.168.100.2BGP Attributes and Path Selection
BGP Path Attributes
BGP uses various attributes to determine the best path to a destination:
Well-Known Mandatory Attributes
- ORIGIN: How the route was originated (IGP, EGP, Incomplete)
- AS_PATH: List of AS numbers the route has traversed
- NEXT_HOP: Next-hop IP address for the route
Well-Known Discretionary Attributes
- LOCAL_PREF: Local preference within an AS
- ATOMIC_AGGREGATE: Route summarization indicator
Optional Transitive Attributes
- AGGREGATOR: Router that performed aggregation
- COMMUNITY: Route tagging for policy application
Optional Non-Transitive Attributes
- MED (Multi-Exit Discriminator): Metric to influence inbound traffic
- ORIGINATOR_ID: Route reflector loop prevention
- CLUSTER_LIST: Route reflector cluster information
BGP Path Selection Algorithm
BGP uses the following criteria in order:
- Highest Weight (Cisco proprietary)
- Highest Local Preference
- Locally originated routes
- Shortest AS Path
- Lowest Origin code (IGP < EGP < Incomplete)
- Lowest MED
- eBGP over iBGP
- Lowest IGP metric to next-hop
- Oldest route
- Lowest Router ID
- Shortest cluster list
- Lowest neighbor address
Attribute Manipulation Lab
# BGP attribute manipulation
startup-config: |
! Configure route-maps for attribute manipulation
route-map SET-LOCAL-PREF permit 10
match ip address prefix-list CUSTOMER-ROUTES
set local-preference 200
!
route-map SET-LOCAL-PREF permit 20
set local-preference 100
!
route-map SET-MED permit 10
match ip address prefix-list PREFERRED-ROUTES
set metric 50
!
route-map SET-MED permit 20
set metric 100
!
! Apply route-maps to neighbors
router bgp 100
neighbor 10.1.12.2 route-map SET-MED out
neighbor 192.168.100.2 route-map SET-LOCAL-PREF in
!
! Define prefix lists
ip prefix-list CUSTOMER-ROUTES seq 10 permit 192.168.10.0/24
ip prefix-list PREFERRED-ROUTES seq 10 permit 1.1.1.1/32BGP Route Filtering
Prefix Lists
# Configure prefix lists for filtering
ip prefix-list ALLOW-CUSTOMER seq 10 permit 192.168.10.0/24
ip prefix-list ALLOW-CUSTOMER seq 20 permit 192.168.20.0/24
ip prefix-list DENY-PRIVATE seq 10 deny 10.0.0.0/8 le 32
ip prefix-list DENY-PRIVATE seq 20 deny 172.16.0.0/12 le 32
ip prefix-list DENY-PRIVATE seq 30 deny 192.168.0.0/16 le 32
ip prefix-list DENY-PRIVATE seq 40 permit 0.0.0.0/0 le 32
# Apply to BGP neighbors
router bgp 100
neighbor 10.1.12.2 prefix-list ALLOW-CUSTOMER out
neighbor 10.1.12.2 prefix-list DENY-PRIVATE inAS-Path Filtering
# Configure AS-path access lists
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
ip as-path access-list 2 permit ^100_
ip as-path access-list 3 deny _300_
ip as-path access-list 3 permit .*
# Apply AS-path filtering
router bgp 100
neighbor 10.1.12.2 filter-list 1 out
neighbor 10.1.13.2 filter-list 2 inCommunity-Based Filtering
# Configure community lists
ip community-list standard CUSTOMER permit 100:100
ip community-list standard NO-EXPORT permit no-export
ip community-list expanded BACKUP-PATH permit _200:.*
# Route-map with community matching
route-map COMMUNITY-FILTER permit 10
match community CUSTOMER
set local-preference 200
!
route-map COMMUNITY-FILTER permit 20
match community NO-EXPORT
set community no-advertise
!
route-map COMMUNITY-FILTER permit 30
# Apply community-based filtering
router bgp 100
neighbor 192.168.100.2 route-map COMMUNITY-FILTER inAdvanced BGP Configuration
BGP Timers
# Configure BGP timers
router bgp 100
timers bgp 30 90
# Keepalive: 30 seconds, Hold time: 90 seconds
# Per-neighbor timers
router bgp 100
neighbor 10.1.12.2 timers 10 30BGP Authentication
# Configure BGP authentication
router bgp 100
neighbor 10.1.12.2 password BGPSecretKey123
# Verify authentication
show ip bgp neighbors 10.1.12.2 | include AuthenticationBGP Soft Reconfiguration
# Enable soft reconfiguration
router bgp 100
neighbor 10.1.12.2 soft-reconfiguration inbound
# Perform soft reset
clear ip bgp 10.1.12.2 soft in
clear ip bgp 10.1.12.2 soft outBGP Troubleshooting
Common BGP Issues
Neighbor Adjacency Problems
# Check BGP neighbor status
show ip bgp summary
show ip bgp neighbors
# Common issues and solutions:
# 1. TCP connectivity
telnet 10.1.12.2 179
# 2. AS number mismatch
router bgp 100
neighbor 10.1.12.2 remote-as 200
# 3. Authentication failure
router bgp 100
neighbor 10.1.12.2 password CorrectPassword
# 4. Update source mismatch
router bgp 100
neighbor 192.168.100.2 update-source Loopback0Route Advertisement Issues
# Check route advertisement
show ip bgp
show ip bgp neighbors 10.1.12.2 advertised-routes
show ip bgp neighbors 10.1.12.2 received-routes
# Debug BGP updates (use carefully)
debug ip bgp updates
debug ip bgp keepalivesPath Selection Problems
# Analyze path selection
show ip bgp 192.168.10.0/24
show ip bgp regexp ^300$
show ip route bgp
# Check BGP attributes
show ip bgp 192.168.10.0/24 bestpath
show ip bgp attribute-mapBGP Monitoring Commands
# Essential BGP show commands
show ip bgp summary
show ip bgp neighbors
show ip bgp
show ip bgp regexp
show ip bgp community
show ip bgp dampening dampened-paths
# BGP statistics
show ip bgp statistics
show ip bgp peer-group
show ip bgp update-groupBGP Security Considerations
BGP Security Best Practices
# BGP security configuration
router bgp 100
! Authentication
neighbor 10.1.12.2 password SecureBGPKey123
! Maximum prefixes
neighbor 10.1.12.2 maximum-prefix 1000 75 warning-only
! Route filtering
neighbor 10.1.12.2 prefix-list CUSTOMER-ROUTES out
neighbor 10.1.12.2 prefix-list PROVIDER-ROUTES in
! Disable unnecessary features
no bgp default ipv4-unicast
no synchronization
! BGP dampening
bgp dampening 15 750 2000 60Route Hijacking Prevention
# Implement route origin validation
ip prefix-list VALID-ORIGINS seq 10 permit 192.168.10.0/24
ip prefix-list VALID-ORIGINS seq 20 permit 192.168.20.0/24
route-map ORIGIN-VALIDATION permit 10
match ip address prefix-list VALID-ORIGINS
!
route-map ORIGIN-VALIDATION deny 20
router bgp 100
neighbor 10.1.12.2 route-map ORIGIN-VALIDATION inBGP Optimization
BGP Performance Tuning
# Optimize BGP performance
router bgp 100
! Reduce convergence time
bgp fast-external-fallover
bgp bestpath as-path multipath-relax
! Memory optimization
bgp scan-time 60
bgp update-delay 120
! CPU optimization
bgp dampening
maximum-paths 4BGP Route Aggregation
# Configure route aggregation
router bgp 100
aggregate-address 192.168.0.0 255.255.252.0
aggregate-address 192.168.0.0 255.255.252.0 summary-only
aggregate-address 192.168.0.0 255.255.252.0 as-set
aggregate-address 192.168.0.0 255.255.252.0 suppress-map SUPPRESS-SPECIFIC
route-map SUPPRESS-SPECIFIC permit 10
match ip address prefix-list SPECIFIC-ROUTES
ip prefix-list SPECIFIC-ROUTES seq 10 permit 192.168.1.0/24
ip prefix-list SPECIFIC-ROUTES seq 20 permit 192.168.2.0/24BGP Design Patterns
Hub-and-Spoke BGP Design
# Hub router configuration
router bgp 100
neighbor 10.1.1.2 remote-as 200
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.2.2 remote-as 200
neighbor 10.1.2.2 route-reflector-client
neighbor 10.1.3.2 remote-as 200
neighbor 10.1.3.2 route-reflector-clientMulti-Homed BGP Design
# Multi-homed customer configuration
router bgp 300
! Primary ISP
neighbor 10.1.13.1 remote-as 100
neighbor 10.1.13.1 route-map PRIMARY-ISP out
! Backup ISP
neighbor 10.2.13.1 remote-as 200
neighbor 10.2.13.1 route-map BACKUP-ISP out
route-map PRIMARY-ISP permit 10
set as-path prepend 300
route-map BACKUP-ISP permit 10
set as-path prepend 300 300 300Summary
BGP is the foundation of Internet routing and a critical protocol for enterprise networks connecting to multiple ISPs. Understanding BGP fundamentals, path selection, attribute manipulation, and security considerations is essential for CCNP-level network design and operation.
Key concepts covered: - BGP session establishment and neighbor states - eBGP and iBGP configuration differences - BGP attributes and path selection algorithm - Route filtering using prefix lists and AS-path filters - BGP security and optimization techniques - Common troubleshooting scenarios
In the next chapter, we’ll explore advanced BGP features including route reflectors, confederations, and complex policy implementations.
Review Questions
- What are the differences between eBGP and iBGP?
- How does BGP path selection algorithm work?
- What are the main BGP attributes and their purposes?
- How do you implement BGP route filtering?
- What are common BGP security considerations?
Hands-on Exercises
Exercise 1: Basic BGP Configuration
- Deploy the BGP fundamentals lab
- Configure eBGP and iBGP peering
- Verify BGP neighbor establishment
- Test route advertisement and path selection
Exercise 2: BGP Attribute Manipulation
- Configure route-maps to modify BGP attributes
- Test LOCAL_PREF and MED manipulation
- Implement AS-path prepending
- Verify path selection changes
Exercise 3: BGP Route Filtering
- Configure prefix lists for route filtering
- Implement AS-path filtering
- Use community attributes for policy
- Test filtering effectiveness
Exercise 4: BGP Troubleshooting
- Create various BGP problems (neighbor issues, route filtering)
- Practice diagnostic commands and procedures
- Develop systematic troubleshooting approaches
- Document solutions and prevention strategies