PREV NEXT INDEX

Avici Systems Inc.

BGP

This version of Border Gateway Protocol (BGP) is compliant with RFC 1771 (BGP version 4) and RFC 1657 (BGP-4 MIB).

BGP is designed to provide loop-free interdomain routing. BGP functions by establishing and maintaining sessions with neighboring routers, known as peers.

BGP is a Path Vector Protocol. Initially, BGP sends full sets of routing information. Subsequent updates contain only changes to the initial information (unlike other Distance Vector Protocols that exchange the full routing table at each update). For example, if a route becomes unreachable, or if a better path to a destination is learned, BGP withdraws the invalid routes and injects new routing information. BGP distributes the new information to its peers in routing updates.

BGP divides the network world into logical groups called Autonomous Systems (ASs). An AS is a group of routers and their associated networks operating under a single technical administration, and sharing a set of policies. To outside systems, the AS appears as a single entity. Each AS is assigned an identifying number by an Internet Registry or a network provider. When a route update passes through an AS, BGP prepends the AS number on to the route update. The resulting AS path is a list of all the ASs between a route's origin and destination.

A routing update's path through the network depends on various policies configured on each router. BGP avoids loops by never accepting an advertised prefix if the AS path already includes the router's own AS number.

A BGP route update contains:

BGP Neighbors

One of the basic requirements of BGP is to establish relationships with neighboring routers. BGP uses the Transmission Control Protocol (TCP) on port 179 as the transport protocol between neighbors. TCP provides the reliable connection required by BGP. BGP routers become neighbors once they establish a TCP connection with one another, and a BGP peering session is established via the BGP state machine and exchange open messages.

Once a connection is established, it is maintained by periodic keepalive messages. Although BGP is designed as an inter-domain protocol, it can also be used within an AS to connect border routers that are in turn connected to other ASs.

Neighboring routers are referred to as peers. Peers are divided into two types: internal and external. Internal peers are members of the same AS. Internal peers are not required to be directly connected as long as there is IP connectivity between them. External peers are directly connected members of other ASs. An external router that is not directly connected can be configured as a peer using the ebgp-multihop attribute.

When a connection to a peer is lost, routing information learned from that peer is removed from the routing table and the change is propagated to other peers. This prevents the Avici router from trying to forward traffic to routers that are no longer available.

You can organize peers into peer-groups. A peer-group is a group of neighbors that share the same routing policies. You can define a peer-group name, assign neighbors as members of the peer-group, and then apply policies for the group as a whole. Since many routers will share the same policies, peer-groups reduce the task of configuration. If there is a need for peer specific configuration in addition to peer-group configurations, configure the additional policies to supplement the policies defined by the peer-group.

Policies are applied to neighbors and peer-groups using the BGP neighbor commands.

Use the show ip bgp neighbors command to display information about a peer and the number of routes received from that peer. The command displays for the specified neighbor or all neighbors the routes the router has advertised, dampened routes to the neighbor, flap-statistics, and paths received.

Reducing the Number of Peer Relationships

BGP requires that all internal peers must establish a peer relationship with each other. This is called a full mesh. The more line peers (IBGP or EBGP), the greater the number of transport connections and the greater number of entries in the routing table. Fully meshed BGP can strain the capacity of a BGP router. To avoid the difficulties of maintaining a large internal mesh, BGP offers two methods of reducing the full mesh: confederations and route reflectors.

Confederations enable you to divide a large AS into several mini-ASs. These mini-ASs are fully meshed, but require only a single connection to other mini-ASs, thus reducing the number of peering relationships. From the outside, the confederation of mini-ASs looks like a single AS.

Routers configured as reflectors advertise routes learned from clients to other clients. This eliminates the requirement for clients to form peering relationships with one another. You can configure one or a few routers within an AS as reflectors. Other routers in the AS are configured as clients of the reflector(s).

Performing a Neighbor Shutdown

IPriori provides for the shutdown of a BGP peering session without removing the associated peer configuration. A neighbor shutdown terminates any active sessions and removes all associated routing information for the peer or peer group while maintaining all the configuration associated with the peer. The specified peer/peers go into an administratively IDLE state.

Use the neighbor shutdown command in router configuration mode specifying the peer or peer group for which sessions will be terminated and associated routing information removed.

Use the no neighbor shutdown command in router configuration mode specifying the peer or peer group to reactivate sessions that have been shutdown.

Example: The following example enters AS 200 and performs a shutdown on a peer and peer group:

router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

router(config)#router bgp 200

router(config-router)#neighbor techpubs peer-group

router(config-router)#neighbor techpubs remote-as 100

router(config-router)#neighbor techpubs shutdown

router(config-router)#neighbor 10.200.83.190 remote-as 200

router(config-router)#neighbor 10.200.83.190 shutdown

router(config)#end

router#show ip bgp peer-group techpubs



BGP Peer-group: techpubs remote AS 100

BGP version: 4       State:Administratively down

Route-Reflector-client:False

def orignat: False   ebgp multihop: False

send comm: False     soft reconfig: False

router#show ip bgp neighbor 10.200.83.190



BGP neighbor 10.200.83.190 using remote AS 200

router ID: 0.0.0.0 version: 4

state: Idle(Admin)         time: 0:00:00

def orignat: False ebgp multihop: False

n hop self: False route ref client: False

send comm: False soft reconfig: False

hold time: 180 sec keepalive time: 60 sec

advertisement interval: 5 sec

# notf rcvd: 0 # msg rcvd: 0 # updates rcvd: 0

# notf sent: 0 # msg sent: 0 # updates sent: 0

.

.

.

router#

Redistributing Between Routing Domains

Many networks include more than one routing protocol. Route redistribution takes routing information from one routing domain, translates the metrics so they can be understood by another IP protocol, and injects the translated routes into another routing domain.

The redistribution process can use route maps to control which route updates are advertised to other routing protocols, and to modify route metrics.

Filtering Routes

There are many instances when you do not want to advertise or accept all route updates to or from your neighbors. Route filtering enables you to selectively block some updates while accepting and advertising other updates. Route filtering and the manipulation of the contents of route updates are the basic tools for defining BGP policies. These tasks are performed using access lists and route-maps.

Access lists are filters that enable you to choose which updates are permitted (accepted from or advertised to peers) or denied. Access lists enable you to filter route updates based on:

Access lists are applied to route updates using route maps or neighbor commands.

Route-maps consist of sets of match criteria (that identify one or more attributes in a route update) and set options (that define what actions to take if the match criteria are met). Route maps can refer to access lists to provide all or part of the match criteria.

Route maps are applied to updates using neighbor commands.

Aggregate Routes

BGP routing tables will grow to include thousands of entries. Maintaining and updating a large BGP routing table can become processor intensive. BGP enables specific networks to be consolidated into aggregate routes, thus reducing the size of the BGP routing table.

BGP Path Selection

The BGP Path selection process changed in Release 5.0 as follows:

BGP chooses the most preferable path to a destination based on configured policies and the following rules of path selection:

BGP chooses the best single AS path to a destination, installs the path in the IP routing table, and propagates the path to its peers.

Related Information

Administrators should be familiar with BGP operation and theory before configuring the Avici router to run BGP. The following texts are recommended as further reading:

Overview of BGP Configuration Tasks

This section is a brief overview of the steps to enable and configure BGP.

Required Tasks

PROCEDURE: The following steps are required to activate BGP routing and to start the exchange of routing updates between peers:

Step 1 Use the router bgp command to enable BGP routing and to associate the BGP process with an AS. Refer to "Enabling BGP Routing."

Step 2 Use the neighbor remote-as command to identify all other BGP systems in this AS (internal neighbors) and directly connected BGP speakers in other ASs (external neighbors). Refer to "Configuring BGP Neighbors."

Additional Tasks

The remaining tasks configure BGP "soft-landing", control BGP path selection, create BGP peer-groups and communities, configure route filtering, reduce the number of peer connections, reduce the number of entries in the BGP routing table, and display BGP statistics.

Configuring Soft-Landing

Like all routers, the Avici router is equipped with a server that has a given amount of memory. Network mis-configurations can cause peers to send more than the anticipated number of routes to the Avici router, resulting in reset sessions or poor performance. You can configure the Avici router to check for the number of route instances, unique routes and the amount of available memory before accepting a route.

Refer to Configuring "Soft-Landing".

Controlling Path Selection

Each route update includes a set of attributes that describe the characteristics of the route. BGP uses these attributes to select the best path. These tasks configure the most widely used BGP attributes. Refer to "Configuring BGP Path Selection."

Configuring Additional Neighbor Options

BGP includes a variety of commands to modify and control the relationships between neighbors. These tasks modify the interval for sending updates, force the choice of next-hop, redistribute network 0.0.0.0, configure soft reconfiguration, and define loopback interfaces to improve the reliability of neighbor connections. Refer to "Additional Neighbor Options."

Grouping Neighbors

Many routers in your AS will have identical or similar configurations. To reduce the work to configure each router, you can group them into peer-groups and apply routing policies to the group as a whole. Another way to group routers to reduce work of configuration is BGP communities.

Refer to "Grouping Neighbors for Easier Configuration."

Filtering Route Updates

There are many instances when you must control which route updates are advertised to or accepted from other routers.

Access lists identify routes for filtering. Route maps define the conditions under which routes are permitted or denied.

Refer to "Route-based Access Lists" and "Route Maps."

Reducing the Internal Mesh

Confederations divide the AS into multiple mini-ASs that are fully meshed internally, but require only a single connection to other mini-AS. Route reflectors enable a BGP speaker to pass (reflect) learned routes to internal neighbors - without the normal full mesh. A BGP peer-group can also be configured as a route-reflector client.

Refer to "Confederations" and "Route Reflectors."

Configuring Redistribution

BGP is widely used to redistribute routes from one routing protocol domain to another. Use these tasks to configure redistribution. Refer to "Redistributing Routes Between Routing Domains."

Reducing Entries in the Routing Table

Aggregation is the process of combining more specific routes into less specific advertisements by combining the characteristics of several different routes in such a way that a single route is advertised. These tasks enable you to reduce the size of the routing table. Refer to "Reducing Entries in the Routing Table Using Route Aggregation."

Tuning Network Connections and Path Selection

Use this group of tasks to fine tune network connections and path selection. Refer to "Tuning the Network."

Displaying BGP Statistics and Status Information

You can display BGP statistics and operational status information. These tasks enable you to identify network problems and to monitor the performance of specific components of BGP. Refer to "Monitoring BGP."

Configuring BGP

This section describes the steps required to activate BGP routing and to start the exchange of routing updates between peers.

Enabling BGP Routing

Use the router bgp command to enable BGP and to associate the router with an AS.

Example: In the following example, the router bgp command turns on the BGP process and associates the router with autonomous system 100:

router(config)#router bgp 100

router(config-router)#

Notice that the prompt changes to alert you that the command mode has changed to router configuration mode. One BGP process per router is supported.

Identifying Networks

There are many ways to advertise routes with BGP. The safest (least likely to result in unwanted route advertisements) is to configure your network connections statically using the network command.

Use the network command to identify networks to be included in BGP advertisements.

Example: In the following example, the network commands define 4 networks that this router will advertise in routing updates:

router(config)#router bgp 100

router(config-router)#network 170.100.0.0. mask 255.255.0.0

router(config-router)#network 192.204.44.0 mask 255.255.255.0

router(config-router)#network 206.8.128.0 mask 255.255.128.0

router(config-router)#network 207.126.0.0 mask 255.255.192.0

NOTE You can also use the redistribute command to advertise networks. In most cases, you will not want to redistribute your IGP into BGP, and the network command enables you to advertise your networks with less risk.

Configuring BGP Neighbors

BGP functions by maintaining peering sessions with neighboring routers. There are two types of BGP neighbors: internal neighbors are members of the same AS; external neighbors are members of other ASs. The rules for advertising routes to neighbors are different for internal neighbors than external neighbors. Initially, full sets of route information are sent to peers. Subsequent updates contain only changes to the initial information.

Connections to neighbors are defined using the neighbor commands. The neighbor remote-as command identifies a router as a neighbor and associates the neighbor with an AS. The IP address of a neighbor is the IP address of the interface at the neighbor's end of the connection.

This command adds an entry in the BGP neighbor table.

Example: In the following example, the neighbor remote-as commands identify four neighbors.

router#router bgp 100

router(config-router)#network 170.100.0.0. mask 255.255.0.0

router(config-router)#network 192.204.44.0 mask 255.255.255.0

router(config-router)#network 206.8.128.0 mask 255.255.128.0

router(config-router)#network 207.126.0.0 mask 255.255.192.0

router(config-router)#neighbor 192.204.234.2 remote-as 100

router(config-router)#neighbor 170.100.200.1 remote-as 165

router(config-router)#neighbor 170.100.205.5 remote-as 107

router(config-router)#neighbor 150.136.65.20 remote-as 99

Notice that the first neighbor is associated with the same AS (100) as the router being configured. This neighbor is an internal neighbor. Neighbors in different ASs (165, 107, 99) are external neighbors.

Configuring a BGP Neighbor Description

The description option has been added to the bgp neighbor command. This option allows for a descriptive text of up to 255 characters to be associated with a BGP neighbor.

Example: In the following example,

router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

router(config)#router bgp 100

router(config-router)#neighbor 3.3.3.3 description Internet feed from ISP12#
router(config-router)#do show ip bgp neighbors 3.3.3.3



BGP neighbor 3.3.3.3 using remote AS 100

Description: Internet feed from ISP12#

router ID: 3.3.3.3 version: 4

state: Connect time: 0:07:42

def orignat: False ebgp multihop: False

n hop self: False route ref client: False

send comm: False soft reconfig: False

update src: loopback 0

hold time: 0 sec keepalive time: 0 sec

configured hold time/keepalive time: 180/60 sec

advertisement interval: 5 sec

# notf rcvd: 1 # msg rcvd: 0 # updates rcvd: 0

# notf sent: 4 # msg sent: 0 # updates sent: 0

number of prefixes received: 0

Route refresh capability: advertised

Address Family IPv4 Unicast: activated advertised

Routes Dropped : 0

Time Since First Dropped : 0:00:00

Reason for dropping first Route : No Routes Dropped

Last Reset 0:07:42 , due to BGP Hold Timer Expired Error sent to peer

router(config-router)#

Configuring Passwords for BGP Neighbors

Password authentication can be configured between BGP peers or all members of a peer-group. Authentication between two BGP peers causes each segment sent on the TCP connection to be verified.

This feature must be configured with the same password on both BGP peers; otherwise, the connection between them will not be made. The authentication feature uses the MD5 algorithm. Invoking authentication causes software to generate and check the MD5 digest of every segment sent on the TCP connection. If authentication is invoked and a segment fails authentication, then a message appears on the console. MD5 authentication is disabled by default.

Use the neighbor password command in router configuration mode to enable authentication. The password string may be up to 80 characters and may contain any alphanumeric characters, including spaces. Do not specify a password with a space immediately following a number.

All the members of the BGP peer group specified by peer-group-name will inherit the password attribute configured with this command.

Use the no neighbor password command to disable MD5 authentication.

Example: In the following example, the neighbor ip-address password commands configure neighbors 121.80.100.4 and 121.80.100.5 to share the password techpubspassword2

router#router bgp 100

router(config-router)#neigbor 121.80.100.4 remote-as 101

router(config-router)#neighbor 121.80.100.4 password techpubspassword2

router(config-router)#neighbor 121.80.100.5 remote-as 101

router(config-router)#neighbor 121.80.100.5 password techpubspassword2

Encryption of MD5 Neighbor Password

Neighbor passwords can be encrypted by entering a 7 before the keyword password in the neighbor password command. By default encryption is enabled. Entering a 0 provides for a plain-text password with encryption disabled.

Example: In the following example,

router#router bgp 101

router(config-router)#neighbor 121.80.100.4 remote-as 101

router(config-router)#neighbor 121.80.100.4 password 7 techpubspassword2

router(config-router)#neighbor 121.80.100.5 remote-as 101

router(config-router)#neighbor 121.80.100.5 password 7 techpubspassword2

router(config-router)#end

router#show ip bgp neighbor 121.80.100.4

BGP neighbor 121.80.100.4 using remote AS 101

router ID: 0.0.0.0 version: 4

state: Active time: 0:00:00

def orignat: False ebgp multihop: False

n hop self: False route ref client: False

send comm: False soft reconfig: False

hold time: 180 sec keepalive time: 60 sec

advertisement interval: 5 sec

# notf rcvd: 0 # msg rcvd: 0 # updates rcvd: 0

# notf sent: 0 # msg sent: 0 # updates sent: 0

number of prefixes received: 0

authentication password: BFCALACIEDCCFNPN

.

.

.

Resetting BGP Connections

When you have completed the configuration of your connections to neighbors, you must reset the BGP sessions to activate the changes. Resetting has a large negative impact on network performance. To avoid this problem, you can configure your neighbors to use soft reconfiguration.

Soft reconfiguration enables you to generate inbound updates from a neighbor, and change and activate BGP policies without taking down the BGP session.

The following provides a hard and soft way of resetting BGP connections:

Example: In the following example, the clear ip bgp command resets the connection to the specified neighbor without clearing the BGP session (soft reconfiguration):

router#clear ip bgp 121.180.1.4 soft in

Configuring "Soft-Landing"

The Avici router supports a limited number of unique routes and route instances due to the amount of system memory that is available when a new route is received.

Soft landing permits you to configure thresholds to control the following factors before accepting routes from peers:

When these thresholds are exceeded, additional routes are gracefully discarded without resetting the BGP sessions.

Use the steps described in this section to configure and display soft-landing thresholds.

Configuring Maximum Number of Route Instances

Large numbers of BGP routes instances and can strain the resources of the Avici router server. The max-route-instances command enables limit checking on the number of route instances on the Avici router. If the limit is reached:

Use the max-route-instances value command to enable limit checking and set the maximum number of route instances to the specified number. Valid values are 0 - 4,294,967,296.

NOTE The current number of routes instances on the Avici router must be LESS than the specified number.

Use the max-route-instances no-limit command to disable limit checking.

NOTE When limit checking is disabled, the Avici router will accept routes until the processing limits of the server are reached. Additional routes cause the Avici router to reset.

Configuring Maximum Number of Unique Routes

Large numbers of BGP unique routes can strain the resources of the Avici router server. The max-unique-prefixes command enables limit checking on the number of unique routes in the BGP routing table. If the limit is reached, additional routes are gracefully discarded without resetting the BGP sessions.

Use the max-unique-prefixes value command to enable limit checking and set the maximum number of unique routes to the specified number. Valid values are 0 - 4,294,967,296.

NOTE The number of prefixes currently in the routing table must be LESS than the specified number.

Use the max-unique-prefixes no-limit command to disable limit checking.

NOTE When limit checking is disabled, the Avici router will accept routes until the processing limits of the server are reached.

Configuring Minimum Available Memory

Large numbers of BGP routes instances and unique routes can strain the resources of the Avici router server. The min-memory-threshold command enables limit checking on the amount of memory available before adding a route to the routing table. If the limit is reached, additional routes are gracefully discarded without resetting the BGP sessions.

Use the min-memory-threshold value command to enable limit checking and to set the minimum amount of memory that must be available before a route is added to the routing table to the specified number of bytes.

Use the min-memory-threshold no-limit command to disable limit checking.

Sample Configuration of Soft-Landing

In the following example:

router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

router(config)#router bgp 101

router(config-router)#max-route-instance 1500000

router(config-router)#max-unique-prefixes 290000

router(config-router)#min-memory-threshold 15

router(config-router)#end

router#show ip bgp route-dropped-sessions


           Bgp Soft Landing Global Statistics



Reason for dropping first Route : No Routes Dropped

Time Since First Dropped : 0:00:00

Maximum Bgp Prefix Check : Enabled

Current Number of Bgp Prefixes : 102970

Configured Maximum Bgp Prefixes : 290000



Minimum System Memory Check : Enabled

Current Free System Memory : 80

Configured Minimum System Memory : 15



Maximum Bgp Route Instances Check : Enabled

Current Number of Bgp Routes Instances : 102970

Configured Maximum Bgp Route Instances : 1500000

Configuring BGP Path Selection

A BGP router receives many routes to the same destination. BGP selects the single best path to that destination, and advertises that path to its neighbors. BGP uses a variety of attributes to control or influence the selection of the best path. The most widely used attributes are:

The steps to configure these attributes are described in the following sections.

Configuring Next-Hop

The next-hop attribute is the next IP address BGP uses to reach a destination. BGP rules state that the next hop attribute is carried from external BGP into internal BGP.

In networks where BGP neighbors may not have direct access to all other neighbors on the same subunit, BGP's automatic next hop selection can result in broken routing. To prevent this problem, you can force BGP to use a specified IP address as the next hop.

Use the neighbor next-hop-self command to disable automatic next-hop selection. Updates meant for the specified system or peer group are forced to advertise this router as the next hop.

NOTE When AS border routers use the neighbor next-hop-self command, make sure that routers running the IGP have a route to the network beyond the border router.

Use the ip-address parameter to configure a neighbor to specify this router as its next hop.

Use the peer-group-name parameter to configure all the members of a peer group to specify this router as their next hop.

Example: In the following example, the neighbor next-hop-self command forces the router to advertise all updates to neighbor 121.80.100.4 with itself as the next-hop.

router(config)#router bgp 101

router(config-router)#neighbor 121.80.100.4 remote-as 200

router(config-router)#neighbor 121.80.100.4 next-hop-self

Configuring BGP Weights

The weight attribute is local to this router. It does not get passed to other routers or included in route updates. Routes with higher weights are preferred.

Weight is any integer from 0 to 65535. By default, paths that originate in this router have a weight of 32768 and all other paths have a weight of 0.

Figure 4-1. BGP Weight

In Figure 4-1, Router D in AS 300 learns about network 120.10.0.0 in AS 400 from both Router B and Router C. Router D must decide which of the two routes to use to reach network 120.10.0.0. If the weight of the route advertised by Router B is set higher than the weight of the route advertised by Router C, Router D will prefer the route from Router B.

Weight is configured using the following methods:

Configuring Weight Using the Neighbor Weight Command

Use the neighbor weight command to assign a weight to all routes learned from that neighbor.

Use the ip-address parameter to configure the weight for all paths to a specified neighbor.

In the following example, the neighbor weight command sets the weights for all routes learned from neighbor 121.80.100.4 to 30:

router(config)#router bgp 101

router(config-router)#neighbor 121.80.100.4 weight 30

Use the peer-group parameter to configure all the members of a peer group to use the neighbor weight configured by this command.

In the following example, the neighbor weight command sets the weight for all routes learned from peer group techpubs to 200.

router(config)#router bgp 101

router(config-router)#neighbor techpubs peer-group

router(config-router)#neighbor techpubs weight 200

NOTE Values defined by the neighbor weight command are overridden by weights assigned by the set weight route map configuration command.

Configuring Weight Using Access Lists

Access lists are filters that enable you to restrict the routing information a router learns from, or advertises to, a neighbor. Access lists are applied to routes using the neighbor filter-list (for applying as-path access lists) or neighbor distribute-list (for applying address-based access lists) commands.

Each route update is passed through the access-list. BGP applies each rule in the access list in the order it appears in the list. When a route matches any rule, the decision to permit the route through the filter or deny is made, and no further rules are processed.

For more detailed information, refer to the chapter entitled "Filtering Lists and Netflow Configuration."

PROCEDURE: Use the following steps to configure weight using access lists:

Step 1 Use the ip as-path access list command to create an access list based on AS path.

Step 2 Add entries to the access list by repeating the command for different AS paths.

Step 3 Use the neighbor filter-list command with the weight option to apply the access list to routes updates that match entries in the access list.

Example: In the following example:

router(config)#ip as-path access-list ISP3_234_345 permit _234_

router(config)#ip as-path access-list ISP3_234_345 permit _345_

router(config)#ip as-path access-list ISP3_234_345 deny any

router(config)#router bgp 100

router(config-router)#network 170.100.0.0.

router(config-router)#neighbor 125.181.1.5 remote-as 171

router(config-router)#neighbor 125.181.1.5 filter-list ISP3_234_345 weight 30

Configuring Weight Using Route Maps

Route maps are used to control and modify routing information that is exchanged between routing domains. Route maps consist of a list of match and set configuration commands. The match commands specify match criteria and the set commands specify the action taken if the match criteria are met.

Match commands may be entered into a route map in any order. During route processing, if a match is found, the route is redistributed according to the conditions defined by the set commands.

If the match criteria are met, and permit is on, then the route is redistributed or controlled as defined by the set commands and route-map processing is complete.

If the match criteria are met, and deny is on, then the route is not redistributed or controlled and route-map processing is complete.

PROCEDURE: Use the following steps to configure weight using route maps:

Step 1 Use the route-map command to create a route map.

Step 2 Use the match commands to define the match criteria for route updates.

Step 3 Use the set weight command to configure weight when a match is made.

Step 4 Use the neighbor route-map command to apply the route map to updates to and/or from a neighbor or peer group.

Example: In the following example:

router(config)#route-map set-weight permit 10

router(config-route-map)#match as-path ISP3_234_345

router(config-route-map)#set weight 120

router(config)#router bgp 100

router(config-router)#network 170.100.0.0.

router(config-router)#neighbor 125.181.1.5 remote-as 171

router(config-router)#neighbor 125.181.1.5 route-map set-weight in

Configuring Local Preference

When configured, local preference is part of the route update and is carried throughout the local AS, but is not exchanged with other ASs. Local preference determines the order in which routes to the same destination are installed in the routing table.

Paths with higher local preferences are preferred. The most common use for local preference is to help BGP select an exit from the local AS. The default value for local preference is 100.

Figure 4-2. Local Preference

In Figure 4-2, routers in AS 200 receive route updates about network 120.10.0.0 in AS 400 from both AS 100 and AS 300.

To force BGP to route all traffic to AS 400 through AS 100, set the local preference for the route from Router B to higher than the local preference for Router C.

Both Router B and Router C determine that updates about network 120.10.0.0 in AS 400 have a higher preference when the update comes from AS 100 than from AS 300. This causes traffic in AS 200 to use Router B for all traffic to AS 400 destined for the 120.10.0.0 network.

Local preference is configured in two ways:

Configuring Preference Using the Default Local-Preference Command

To configure BGP to prefer the path through AS 100 in Figure 4-2, perform the following:

Use the bgp default local-preference command to change the default local preference.

In the following example, the bgp default local-preference command in the configuration for Router B sets the local preference for all updates that Router B learns from Router C (130.221.10.2) to 250.

In the configuration for Router C, the bgp default-local preference command sets the local preference for all updates that Router C learns from Router B (130.221.10.1) to 150:

Configuration for Router B:

router(config)#router bgp 200

router(config-router)#neighbor 130.10.1.1 remote-as 100

router(config-router)#neighbor 130.221.10.2 remote-as 200

router(config-router)#bgp default local-preference 250

Configuration for Router C:

router(config)#router bgp 200

router(config-router)#neighbor 130.45.20.2 remote-as 300

router(config-router)#neighbor 130.221.10.1 remote-as 200

router(config-router)#bgp default local-preference 150

Configuring Preference Using Route Maps

Route maps enable you to have greater control over which routes will have their local preference attribute modified. For example, if the configurations from the example above are applied to the figure below, routes originating in AS 500 will have their local preference attribute set to 150 when they are passed from Router C to Router B.

Figure 4-3. Configuring Preference With Route Maps

To avoid this problem, use route maps to modify only specific updates.

For example, to set the local preference for updates received by Router C from AS 300 without modifying updates from AS 500:

Configuration for Router C:

The ip as-path access list command creates an as-path access list named ISP3_300 that permits only routes from AS 300:

router(config)#ip as-path access-list ISP3_300 permit ^300$

The route-map, match as-path and set local-preference commands create a route map named set_preference that sets the local preference for all updates from AS 300 to 200 (instance 10 of the route map) and does not modify updates from other ASs (instance 20 of the route map):

router(config)#route-map set_preference permit 10

router(config-route-map)#match as-path ISP3_300

router(config-route-map)#set local-preference 200

router(config-route-map)#end



router(config)#route-map set_preference permit 20

The neighbor route-map command applies the route map to inbound updates from as 300:

router(config)#router bgp 200

router(config-router)#neighbor 130.45.20.2 remote-as 300

router(config-router)#neighbor 130.45.20.2 route-map set_preference in

Configuring MED

The Multi-Exit Discriminator (MED) metric is an attribute that BGP uses to provide hints to external neighbors about the preferred path into an AS. Exchanging MED helps providers with multiple connections to allow customers to balance traffic across those connections.

When updates from multiple external neighbors in the same AS enter an AS with the MED attribute set to a value, that value is used for selecting a path within the AS. Since MED is an optional attribute, a missing one is treated as zero.

If the updates are forwarded to another AS, the outbound MED is set to a specific value or it is reset to zero. Lower MEDs are preferred.

Figure 4-4. Configuring MED

Router C in AS 100 receives updates about network 140.10.10.0 from Routers A and B in AS 200 and Router D in AS 300. Router C compares the MED from Routers A and B and selects the route with the lowest MED (through Router A) to reach network 140.10.10.0. By default, BGP does not compare the MED coming from AS 200 with the MED from AS 300 - even though the MED from AS 300 is most preferred.

Use the bgp always-compare-med command to configure BGP to compare the MED attribute when selecting routes.

Example: In the following example, the bgp always-compare-med command enables Router C to compare MEDs from neighbors:

router(config)#router bgp 100

router(config-router)#neighbor 130.10.10.4 remote-as 300

router(config-router)#neighbor 130.10.10.1 remote-as 200

router(config-router)#neighbor 140.10.10.5 remote-as 200

router(config-router)#bgp always-compare-med

MED is configured using route maps or using the default-metric command.

Configuring MED Using the Default-Metric Command

Use the default-metric command in conjunction with the redistribute router configuration command to cause BGP to use the same metric for all redistributed routes.

In the following example, the default-metric command sets the MED for the router to 20 and the redistribute command causes a router in AS 250 running both OSPF (process ID 10) and BGP to inject OSPF-derived routes into the BGP protocol with that metric:

router(config)#router bgp 250

router(config-router)#default-metric 20

router(config-router)#redistribute ospf 10

Configuring MED Using Route Maps

PROCEDURE: Use the following steps to configure MED using route maps:

Step 1 Use the route-map command to create a route map.

Step 2 Use the set metric route map configuration command to configure the MED metric when a match is made.

Step 3 Apply the route map to updates to or from a neighbor or peer group.

In the following example:

router(config)#route-map set-metric permit 10

router(config-route-map)#set metric 120

router(config)#router bgp 200

router(config-router)#neighbor 130.45.20.2 remote-as 300

router(config-router)#neighbor 130.45.20.2 route-map set-metric out

All route updates sent to that neighbor will have their metric set to 120.

Configuring BGP Bestpath MED Missing As Worst

Multi-Exit-Discriminator (MED) is considered when selecting the best path among many paths. Paths with lower MED are preferred. By default, if a MED is missing, its value is set to 0, or most preferred. All routers in an AS should be configured the same way to ensure a consistent decision process throughout the AS.

Use the bgp bestpath med missing-as-worst command to consider a missing MED value of a path as having the worst MED value, i.e. 4294967294.

Use the no bgp bestpath med missing-as-worst command to reset the value of a missing MED value to the default value of 0.

NOTE Setting MED behavior using the bgp bestpath med missing-as-worst command takes affect immediately for all new routing decisions. To ensure that it affects all routes, use the clear ip bgp * command to reset all routes.

Example: The following example configures a BGP speaker to consider a missing MED attribute in a path as having the worst value:

router(config)#router bgp 101

router(config-router)#bgp best path med missing-as-worst

router(config-router)#end

router#

Configuring Administrative Distance

BGP can learn about the same routes from multiple protocols. Administrative distance is the tool BGP uses to prefer a route learned from one protocol over the same route learned from another protocol.

Administrative distance precedes path selection. The route with the lowest administrative distance is installed in the IP routing table and propagated to neighbors.

Routes learned from different sources have different default administrative distances:

Table 4-1. Default Administrative Distance 
Source of Route Distance

Directly connected routes

0

Static routes

1

Routes learned from external BGP

20

Routes learned from OSPF

110

Routes learned from IS-IS

115

Routes learned from internal BGP

200

Routes learned from local BGP (originated by the router)

200

Unknown source

255

Routes with distance values of 255 are not installed in the routing table.

When two ASs have both a backdoor (IGP) and a EBGP route, you may want to configure distance so the IGP route is preferred over the EBGP route:

Figure 4-5. Administrative Distance

In Figure 4-5, Routers A and C are running EBGP. Routers B and C are running EBGP. Routers A and B are running OSPF, an IGP. Router A learns about network 140.10.0.0 from both Router B and Router C. The default distance for OSPF (110) is higher than the default distance for EBGP(20). Therefore Router A will install the route learned from Router C in the routing table.

Configuring Distance Using the BGP Distance Command

To configure Router A so that it installs the path to network 140.10.0.0 that Router A learned from Router B, use the bgp distance command to modify the distance of EBGP.

Assume that you want to raise the administrative distance of the EBGP-learned route from Router A to Router B (via Router C).

Configuration for Router A:

router(config)#router bgp 100

router(config-router)#network 128.100.0.0

router(config-router)#neighbor 150.300.10.2 remote-as 200

router(config-router)#distance bgp 120 200 200

In the example above, the distance bgp command sets the administrative distance for routes learned from Router C to 120.

Since 120 is higher than the default administrative distance for OSPF (110), the OSPF-learned route from Router B is installed in Router A's routing table.

Additional Neighbor Options

This section describes the steps to modify the interval for sending updates, force the choice of next-hop, redistribute network 0.0.0.0, configure soft reconfiguration, and define loopback interfaces to improve the reliability of neighbor connections.

Configuring Advertisement Interval

BGP neighbors initially exchange their full routing table. After the initial exchange, only changes to the routing table are distributed. By default, routing updates are exchanged with internal neighbors every 5 seconds, and with external neighbors every 30 seconds.

To change these defaults:

Use the neighbor advertisement-interval command to set the minimum time between the sending of routing updates to specific neighbors or to a peer group.

In the following example, the neighbor advertisement-interval command sets the minimum time between sending BGP routing updates to internal neighbor 121.80.100.4 to 10 seconds:

router(config)#router bgp 101

router(config-router)#neighbor 121.80.100.4 remote-as 101

router(config-router)#neighbor 121.80.100.4 advertisement-interval 10

Configuring EBGP-Multihop

In some cases an external neighbor is not directly connected to a BGP speaker. To allow BGP to establish a peer relationship, use the neighbor ebgp-multihop command to identify the non-directly connected neighbor.

Use the ttl argument to set the time-to-live counter. This counter indicates the maximum number of hops the BGP session may traverse to reach the specified neighbor. Valid values are integers from 1 to 255

.

Figure 4-6. EBGP Multi-hop

In Figure 4-6, Router A in AS 100 is not directly connected to network 140.10.0.0 in AS 200.

In the following configuration for Router A, the neighbor ebgp-multihop command enables Router A to peer with 140.10.11.1:

router(config)#router bgp 100

router(config-router)#network 140.10.11.0

router(config-router)#neighbor 140.10.11.1 remote-as 200

router(config-router)#neighbor 140.10.11.1 ebgp-multihop

No special configuration for Router B is required.

NOTE Multihop is used only for EBGP connections, not IBGP.

Configuring EBGP Multipath

EBGP multipath provides forwarding diversity for BGP prefixes across AS borders that provide redundant forwarding paths and load sharing capabilities. This is accomplished by allowing multiple EBGP paths to the same destination to be installed in the IP routing table together with the best path for load sharing. BGP multipath does not affect best path selection. A router designates one of the paths as the best path and advertises this best path to its neighbors.

For a route to be eligible for the multipath set, the following values must agree with the current BGP best route: must be an EBGP path, weight, local-preference, AS-Path length, origin, Multi-Exit-Discriminator (MED), The IGP metric to the BGP next hop must be equal to the best path's IGP metric, Path must be learnt from the SAME neighboring AS.

NOTE It is recommended that BGP maximum-paths configuration be part of the startup configuration. Changes to the configuration of maximum-paths should be avoided once BGP sessions are established and routes are learned. Should a change to maximum-paths be required in an operational environment, it is recommended that a hard clear of all BGP sessions occur after the configuration change using the clear ip bgp * command.

BGP best path selection is based upon:

  1. Prefer the path with highest weight

  2. Prefer the path with highest local-preference

  3. Prefer the path with shortest AS-Path length

  4. Prefer the path with the lowest origin type:

    where IGP < EGP < INCOMPLETE

  5. Prefer the path with the lowest Multi-Exit-Discriminator (MED)

  6. Prefer external (ebgp) to internal (ibgp) paths.

  7. Prefer the path with lowest IGP metric to the BGP next hop

  8. If all of the above are the same and BGP max-paths is enabled - the competing path is tagged as multipath_eligible:

    • Best must be an ebgp path

    • Competing paths also must be an ebgp path

    • BGP nexthop for both the paths must be resolved through connected interface route.

    • Both paths are learnt from same external AS.

  9. Prefer the path from a router with lowest router-id

  10. Prefer the path with lowest peer-id.

Use the maximum-paths command to enable EBGP multipath and configure the maximum paths allowed.

Use the no maximum-paths command to disable EBGP multipath.

Redistributing Network 0.0.0.0

The network address 0.0.0.0 is used when no other routes are available. By default, you are not allowed to redistribute network 0.0.0.0. The neighbor default-originate command enables the local router to send the default route 0.0.0.0 to a neighbor. The neighbor can then use this route to reach the router if all other routes are not available.

It is not necessary to configure network 0.0.0.0 on the router using the network command.

When used in conjunction with a route map, the default route 0.0.0.0 is injected if two condition are met:

Use the default-information originate command to permit the redistribution of 0.0.0.0.

In the following example:

The access-list commands create an access list named 4 that permits only routes to 120.12.3.0.

router(config)#access-list 4 permit 120.12.3.0

router(config)#access-list 4 deny any

router(config)#route-map DEFAULT permit 10

router(config-route-map)#match ip address 4
router#router bgp 110

router(config-router)#network 10.5.0.0

router(config-router)#neighbor 10.5.1.190 remote-as 120

router(config-router)#neighbor 10.5.1.190 default-originate route-map DEFAULT

The router injects the default route to neighbor 10.5.1.121 only if there is a route to 120.12.3.0.

Configuring BGP Soft Configuration

It it necessary to clear BGP sessions to activate changes in BGP policies. Clearing has a large negative impact on network operations. Soft reconfiguration enables you to change and activate BGP policies without clearing the BGP session.

Normally, BGP discards routes that are not valid. In order to perform inbound soft reconfiguration, the BGP speaker must store all received route updates. This enables BGP to apply the new policy to every route it has learned. When inbound soft reconfiguration is enabled, the stored updates are processed by the new policy configuration.

Use the neighbor soft-reconfiguration inbound command to enable the storage of updates received from the specified neighbor.

Example: In the following example, the neighbor soft-reconfiguration-inbound command enables inbound soft reconfiguration from neighbor 121.180.1.4.