BGP Notes

From Global Knowledge Class


Barry Gursky


BGP Route Selection Criteria

  • Inaccessible next hop
  • Synchronized IBGP
  • Weight (highest) – local only – routemap or neighbor set – default is 0
  • Local pref (highest) – local AS advertise to others – IBGP, IEBGP in rec
  • Rtr Originated
  • AS path (shortest)
  • Origin code (lowest (IGP < EGP < incomplete (?)), network command is IGP, redistrib is ?)
  • MED – MultiExit Discriminator (multi link to same AS) (lowest – Cisco default 0 – make sure you set in mixed environment)
  • EBGP paths over IBGP
  • If IBGP, Closest IGP neighbor path (closest based on IGP metric)
  • If EBGP, prefer Oldest (most stable) path
  • Router-ID (lowest BGP Router-ID)


Mandatory Well-Known Attributes

Origin (IGP, EGP, ?-redistributed)

AS-path (sequence of AS numbers)

Next-hop* (IP addr of rte to which rec rtr should forward packets toward dest)

Discretionary Well-Known Attributes

Local pref (used for consistent routing policy within AS)

Atomic aggregate (informs neighbor AS that originating rtr aggregated routes, you are summarizing your own routes)

Optional Attributes (non transitive)

MED (Multi-exit discriminator – discriminate betw multi entry points to single AS)

Optional Attributes (transitive)

Aggregator (specifies IP addr and AS # of rtr that performed route aggregation

Community (num val attached to routes as they pass a spec point in net)


*Next-Hop – set to IP addr of sending EBGP rtr unless in same (broadcast) subnet




Router BGP 400

neighbor ip-address description

neighbor ip-address shutdown (temporarily disable BGP neighbor, limit re-neighboring, table reloads, etc…less penalty from neighbor router)

neighbor remote-as 100 (AS# makes it an EBGP neighbor) (used to qualify connection)

neighbor remote-as 400 (AS# makes it and IBGP)

neighbor update-source Lo0 (do this to make sure src addr matches up with other neighbor statements, likely use loopback addr, make sure internal routes already exist for loopbacks)

neighbor password cisco (md5 hash password)

neighbor remote-as 400 (IBGP)

neighbor update source Lo0

network mask (moves from routing table into BGP advertising if entries match routing table – make sure in routing table, origin code I (ISP)).

network (uses default (classful) mask) - Remember

no autosummary (if you don’t own all subnets in particular class subnet)

aggregate-address summary only (creates summary address, summary only suppresses specific routes, you can summarize anything in your routing table, even if you didn’t connect, network command(s) have to exist for detail under summary)

no synch – turn off after sure that you’ve fully meshed…allows you to use/advertise route even if you don’t know the route via IGP…leave synch on if you re-distribute into IGPs

neighbor shutdown (get syntax right, temporarily shuts down neighbor without deleting commands)

OR (coming from IGP)

redistribute OSPF 1 (puts all OSPF 1 routes into BGP, origin code ?, ISP origin is taken over this one))


OR (if you have route to null0)

network mask

no autosummary


ip route null0 (static route, higher value in routing table)


neighbor filter-list 1 out (filter AS (routes) being sent to

ip as-path access-list 1 permit ^$ (empty AS path i.e. Networks originating in local AS)

neighbor filter-list 2 in (filter AS (routes) being received from

ip as-path access-list 2 deny


neighbor prefix-list notransit out

ip prefix-list notransit permit ge 24



neighbor route-map blahfilter in


route-map blahfilter permit 10 (route-maps used for complex filtering or setting attribute)

match ip addr prefix-list defonly

match as-path 10

set weight 100

route-map blahfilter permit 20 (or this)

match ip address prefix-list defonly

set weight 100 (and this)


Local Pref

bgp default local-preference 60 (only iBGP rtrs not EBGP, normal default is 100)


ip as-path access-list 10 permit _387$

ip prefix-list defonly seq 10 permit


neighbor route-map L2M in


route-map L2M permit 10

set local-preference 2000


route-map name permit sequence match condition

neighbor address route-map name out


MED (Multi-Exit Discriminator)

default-metric number (lower is preferred if from same AS, cisco default is 0, MEDs get passed throughout neighbor AS that you send it to)

route-map MED

set metric 100

neighbor ip-addr route-map name in | out


maybe …

bgp always-compare-med (put this everywhere in AS if you use, ignore AS src)

bgp bestpath med missing-as-worst (push to 65336

bgp deterministic-med (re-sorts routes by AS, and will choose (one of) best sent))

can be set going out, or get’s stripped going out.

shows up as metric in ‘show…’ commands


route-map name

match condition

set community value [value … ] [additive]

neighbor ip-address route-map map in | out

redistribute protocol route-map map


router bgp 213

neightbor remote-as 387

neighbor route-map setcomm out

neighbor send-community


route-map setcomm permit 10

set community 387:17


Don’t forget special communities for how do distribution within neighbor AS



neighbor ip-address default-originate Which way is this?

neighbor ip-address remove-private-as


maximum-paths number (default, up to 6, …2 or higher, EBGP load balancing, stop processing once you get to EBGP in path selection process (EBGP over IBGP)


if peering with loopback of EBGP

neighbor ip-address ebgp-multihop (TTL ] (default is 255, but DON’T USE, make sure to set directly, if didn’t set default would be 1 , i.e. neighbors must all be directly connected and don’t use loopback


neighbor ip-address local-as private-as (translates to a separate AS, i.e. if you’re waiting for real AS going to a 2nd ISP



bgp cluster-id cluster-id

neighbor ip-address route-reflector-client (configs an IBGP neighbor to be a client of this reflector)


neighbor group-name peer-group

neighbor ip-address any-BGP-parameter


Good enterprise settings to do

Limit # of prefixes received from internet routers (do you really need 160,000, do you have memory or CPU do deal with them, just get default route, and maybe their local stuff from their AS)


3 different ways to get routes into IBGP



route to null0 & redistribute


clear ip bgp {* | ip-address | peer-group-name} (hard bounce of neighbor connection – don’t do unless you have to)

neighbor ip-address soft-reconfiguration inbound (stores all routes received from neighbor as extra copy in memory (before any filtering is applied))

clear ip bgp ip-address soft in (resend saved copy of the received routing info through new filters)

clear ip bgp ip-address soft out (sets table version # of neighbor to 0 and when next update interval for neighbor arrives, the local router will ‘discover’ that all routes need to be sent to neighbor because they all have a table version number higher than 0

clear ip bgp {* | ip-address | peer-group-name} in (sends a route refresh message to neighbors – this requests that all routes be resent – both routers need to support this capability – needs to be negotiated between routers when bgp session is first established)


in route-refresh

out – soft out


QOS can be based on routes



Stuck in states


- no route – IGP not configured correctly

- TCP SYN answered with RST – far side doesn’t want to do BGP


- AS number mismatch between BGP neighbors


3 way TCP port 179 handshake being sent

make sure neighbor statements

- FW blocking TCP port 179

- FW blocking all traffic

- access list blocking

- no return route


BGP Open msg being sent (BGP Ver, rtr AS, Holdtime, rtr ID, optional params)

Peer rtr accepts params, replies with Open msg

- has to accept IP # as neighbor, and AS

- no neighbor statement in other router

- update src command missing (i.e. loopbacks not on)

negotiate holdtime vs keepalive timer (keepalive timer = lowest holdtime / 3)


Rtr recieves (2nd TCP connection/Open msg) response from peer


Rtr accepts params, sends keepalive

Lower rtr ID drops TCP connection

- synchronization not turned off




sh ip bgp

BGP table version is 4, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, I – internal

Origin codes: I – IGP, e – EGP, ? – incomplete


Network Next Hop Metric LocPrf Weight Path

*> 0 32768 i

*> 0 0 456 20 i

*> 0 0 456 i


(no AS path from me (IGP)…)


sh ip bgp summary

BGP table version is 8, main routing table version 8

4 network entries (8/12) using 832 bytes of memory

(Best routes/Total routes – this is a typo)

5 BGP path attribute entries using 576 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

2 received paths for inbound soft reconfig


Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 4 213 80 81 8 0 0 01:15:51 2 4 387 79 81 0 0 0 00:00:15 Active 4 213 82 82 0 0 0 02:15:23 Idle


show ip bgp neighbors

show ip bgp <prefix> (prefix is route)



Security bulletin from Cisco – USE MD5

Security bulletin from Cisco – no BGP log-neigbor changes (look up on Internet…)




Designed for Policy and Scalability


Dual Homed Internet connection


Transit selling our services





- only one way to go

- like spanning tree

- no loadshare

- 12 if-then choices


BGP is external Gateway Protocol

designed to run between ASes i.e. between companies


EIGRP uses AS just to build neighbors

routing updates actually don’t use AS # in EIGRP…


BGP AS # part of routing update

If you see ASes in routing update not from your domain drop it


1-64511 public assigned by ARIN, RIPE, etc…

64512-65535 private


InterNIC – APNIC, RIPE, ARIN, sub-divisions…


NAPs – 7

Private peering points…


Masks have no class




IBGP – Internal – doesn’t replace IGP – used to share external information internally – running BGP internally between routers to share what’s learned external information internally. Uses Metric to evaluate best path.

EBGP – External



BGP provides routing table with best external routes

BGP calculates separately, doesn’t respond instantly


BGP doesn’t have to be physically connected…


ASPath – Looked at as hop counts…1st thing BGP looks at as how to get there…

Origin – 2nd thing BGP looks at as how to get there…

BGP doesn’t always get best path

BGP never knows bandwidth

Policy based routing protocol

Can be over-ridden


I-dump-it-on-you policy

push your bandwidth to other carriers…


BGP never fully converges

Only cares about itself – internalized per router convergence


Use more then default route advertised via BGP if you want to get to other addresses on the internet

Can accept partial updates (for only user networks I’m interested in)

Big providers need to get full updates (larger routers 128M min for 160,000, 256M recommended)


RIP spoof source dest

OSPF authentication but must be processed to see if we should pay attention

BGP unicast


Routing protocol is an application L7

TCP port 179

reliable / connection-oriented


Ignore anything that’s not from a neighbor

TCP so depends an seq #s and acks

authentication – MD5 –


Can also filter what accept and what don’t


BGP uses 3 tables

- routing

- topology/BGP/FIB (holds all of table)

- neighbors


BGP only sends updates


Reliable updates

- use TCP as transport protocol port 179

- no periodic updates

- periodic keepalives to verify TCP connectivity

- Triggered updates are buatched and rate limited

- every 5 seconds for internal peer (IBGP)

- every 30 seconds for external peer (EBGP)


ISPs cannot have default route…


Chap – Est BGP Sessions


BGP neighbors are configured manually


IBGP and EBGP – same protocol but different policies



Neighbor establishment State

IDLE – do I have a route to my neighbor,
ACTIVE – 3way hand-shake (tcp establishing)



BGP version

AS # of local rtr


BGP router identifier

Optional parameters

(note no IP addr, look to L3)



(now we can exchange BGP routes)


Use loopback for peering addresses. That way when new neighbor connection is changed you don’t dump the entire address table)


sh ip bgp summary

Table Version – what version of my table have I sent them.

- if yours and the one you sent are same, you’re converged…


debug ip tcp transactions

debug ip bgp events



Note that holdtime is in BGP OPEN msg, agree to lower hold time.

holdtime is agreed to be 3 missed keepalives (i.e. lower holdtime/3)

this only gets done at neighbor establishment


Prefix is routing entry i.e.


network entries – routes

path entries – potential routes


don’t forget send updates in batches, not instantaneously…


MD5 Authentication (Hash)



Make sure you peer with IBGP neighbors also

Anything you learn from IBGP neighbor can repeat to other IBGP neigbors

Anything learned from EBGP neighbor can repeat to everyone else but one learned from (split horizon)



well-known attributes must be supported by all routers


BGP network command tells what we want to take from routing table and originate in BGP world…classful by nature…if you don’t want, make sure to type mask


BGP autosummarizes automatically…summarizes to class…



next-hop attribute – best path

IBGP – don’t change next hop – to get to next hop

redistribute connected



recursive route lookup


OR break rool


neighbor next-hop-self



local-preference – used for consistent routing policy within AS defaults to 100

get’s entire AS to flow to system one way…


Atomic aggregate


debug ip bgp update (never use in prod rtr (too many updates – will take down router))

sh ip bgp (probably never type in prod router, too many routes)




Am I next hop

Shortest Path


sh ip bgp (parse table using prefix)


sh ip bgp


admin distance 20 ([20/0] in route)

lower is better

EBGP is 20

IGP is 90->170

compare if exactly same

metric 0 ([20/0] in route)

BGP is always 0 because multiple BGP route selection


debug ip routing

shows any changes to routing table



route table BGP/FIB neighbors


debug ip bgp update


OK to oversummarize if you own more than 50% of subnet…


(EBGP) route dampening – add points and shutdown – 3 times and you’re out ‘till you’re up for a while…


Day 2

Transit Network can’t have default routes…creates loops

In EBGP set next-hop to ourselves, if neighbor not in same subnet

in IBGP pass next-hop


IBGP sharing border/external routes,

IGP only does internal router


BGP core rtr – any router that may be involved in forwarding between routers…


BGP split-horizon

EBGP – don’t advertise back to neighbor you learned it from

IBGP – anything you learn via IBGP neighbor, don’t advertise to other EBGP neighbor


don’t forget about recursive lookup

BGP route neighbor lookup in


Synchronization Rule

  • Anything learned via IBGP cannot use or re-advertise unless you already new about in your IGP.
  • SAFETY RULE – Take off carefully
  • no synch – already done in 12.3 (default)



Typically not desired. Too much lost in translation.

Recommended to maintain in iBGP and necessary stuff in IGP


Alwasys run IBGP sessions between loopback interfaces


QUEST: Research next-hop self


Edge routers usually use next-hop self

Don’t use if more then 1 hop away…


IBGP doesn’t change attributes, EBGP change it

IBGP doesn’t synch, EBGP synchs

MEDs, can’t send local pref

BATCH updates 5 secons IBGP, 30 seconds EBGP neighbor

EBGP perfered over IBGP in routes


CEF (BGP Style)– do recursive lookup before we see data and put in switch cache…

turn CEF on if it’s not on by default (Switches it is, Rtrs it isn’t)

Route once/Switch Many – Cache only holds permitted…


route-dampening – point system


Never accept routes on your own network (subnets)!

don’t change admin value on IBGP and IBGP



Filtering techniques get rid of transit network


Multihomed Cust Routing Policies

- one provider is primary; the other is backup

- traffic to direct customers of the ISPs goes direct; all other traffic goes through primary provider

- All traffic to a particular part of world goes through one ISP

- Traffic toward a specific destination goes through only on eof the ISPs.


2 types of route policy – Filtering & Route Selection

uses regular expressions

ip as-path access-list 1 permit 31

implicit deny (at the end of the access path)



Regular Expressions

| or

[ … ] ranges [1-4] [1234]

. matches any single character

^ matches begiinning of string

$ matches end of string

_ matches any delimiter (beginning, end, white space, tab, comma ‘(‘, ‘)’ )

( ) grouping smaller expressions into larger expressions

\ single-character patterns, remove pecial meaning by preceding each character with a \

* matches 0 or more characters or sets

+ matches 1 or more characters of sets

? matches 0 or 1 character or sets


23 followed by 79 or or 1 times




_100_ Going through AS 100, i.e. 100 is somewhere in AS list

^100$ Directly connected to AS 100, i.e. only thing in list

_100$ Originated in AS 100, i.e. something with 100 all the way on the right

^100_. Networks behind AS100, i.e. 100 is on the left and there’s something behind it

^[0-9]+$ AS paths one AS long

^([0-9]+)(_\1)*$ Supposed to be prepending performed in neighboring originating AS but doesn’t work

^$ (empty AS path i.e. Networks originating in local AS)

.* matches everhting.



show ip as-path-access-list [filter-list]

show ip bgp filter-list access-list-number

show ip bgp regexp regular-expression



IEBGEP – intra-confederation BGP

( internal – confederation lists )

(65001 65002) – gets replaced with real AS on way out to eBGP

no router bgp as-number

router bgp member-as-number

bgp confederation identifier external-as-number

bgp confederation peers list-of-intra-confederation-as


show ip bgp neighbor { prefix }

show ip bgp prefix

as-set at end of path

{400,190,8224} these are some of the ASes that were summarized…


Influence return path


Prepend multiple of same AS path (400 400 400 400)


PRACTICE show regexpressions an ASes et. al.



Lose IGP parameters



named access lists can be have numbered lists


distribute list

access list 100 deny ip

anything network 10.x.x.x subnet 255.x.x.x


ip prefix-list list-name

neighbor prefix-list notransit out

ip prefix-list notransit permit ge 24


IOS – t train becomes next major revision production…


Clear IP BGP tears down list and rebuilds it…




QUESTION: Can we use prefix lists with other things than BGP filter lists?

minimally to OSPF, but basically no.


prefix list is newer version of distribute list – both supported

standard – filter 1918 addresses in from external neighbor




AS-Path Filters

ip as-path access-list 1 permit ^$

Prefix filters (IP Addresses)

neighbor prefix-list notransit out

ip prefix-list notransit permit ge 24

ORF – O Route Filter

route-maps – combine as-path filter and prefix filters OR BGP attributes


route-map policy permit 10

match ip address 1 2 (on same line 1 OR 2)

match origin IGP

set local-pref 200


route-map policy permit (default is 10 so add to 10)

match ip address prefix-list net 3 (multi lines in a row are ANDed)

match ip address prefix-list net 4


route-map policy permit 200 (no match condition means any)


access-list 1 permit

access-list 2 permit

ip prefix-list net 3 permit


neighbor route-map newpolicy out


ip prefix-list net1 permit

ip prefix-list net1 deny le 32

ip as-path access-list 2 permit _100_

ip as-path access-list 2 deny .*


route-map newpolicy deny 10

match ip address prefix-list net1

match as-path 2


route-map newpolicy deny 20

match ip address prefix-list rfe1928


route-map newpolicy permit 30

match as-path 1

set metric 100 (MED)


asdf asdf

permit permit permit

deny permit deny

permit deny no match

deny deny no match


Log statement on end of access list bypasses cacheing


Soft Outbound Reconfiguration

Soft inbound – stores dupl copy of entire table and filters off of that bad idea memory intensive

Soft In

Route Refresh – Please resend routes without tearing down neighbor connection




PBR – Policy Based Routing


Question: i in begin of ‘sh ip bgp’?


Question: loopback not in external links?

igp focused…


If you have a direct connection between IBGP routers use serial connections IP addresses for neighbor commands,

If you don’t have a direct connection, either re-distribute routes into IGP or don’t run

IBGP between internal routers.





Tag on routes

32 bit field number


make high order 16 bits of 32 bits into AS

1732:256 – (AS:Tag or high16bits:low16bits)


by default BGP drops tags but can be configured.


Tag numbers pre-defined by standards

- no-advertise: do not advertise routes to any peer

- local-as: do not advertise routes to any EBGP peers

- no-export : do not advertise routes to real EBGP peers (i.e. confederations)

- Internet: advertise route to Internet community


Apply tag to route directly




default route will be tagged no-export (so won’t forward default route through us)


routemaps can reference tags


Originated redistributed IGP routes into iBGP get max weight (32768)



Influence inbound from internet


community with ISPs setting local preference on their side

AS-PATH prepend


default max IGP paths

maximum-paths number (default, up to 6, …2 or higher, EBGP load balancing, stop processing once you get to EBGP in path selection process (EBGP over IBGP)


(NxN-1)/2 number of BGP neighbor links




Route Reflectors

Modifies split horizon – Reflector can repeat routes to clients and other route-reflectors

cut down on duplicate replications across same physical wire.

Route Reflector –


Cluster – relationship of clients to route reflector

Cluster ID

non client

bgp cluster-id cluster-id

neighbor ip-address route-reflector-client (configs an IBGP neighbor to be a client of this reflector)

don’t route-reflect to redundant route reflectors

show ip bgp neighbors

show ip bgp ipnetwork



when reflfector recieves route directly, route reflectors mesh with other route reflctors and non clients no in another cluster

when reflector doesn’t receive route directly non-reflector only allowed to reflect to clients




QUESTION: Why does PxR4 have BGP going on? Because it’s

Look up next-hop self




Improving BGP performance

Ref manual

Queuing to TCP peer connections

Deploying BGP peer groups

Enabling path MTU feature (RFC 1911 – TCP feature)

Increaseing interface input queues

Configure a smaller interval for the BGP scanner process (scan time) – not a great idea for internet (160,000 routes)

configureing a smaller advertisiment interval between BGP neighhbors – again not a great idea for Internet, also may push flapping routes

ip tcp path-mtu-discovery [age-timer {minutes | infinite}]

show ip bgp neighbors | include max data


hold-queue length in

default size is 75 packets

look at

example show interfaces hssi 0/0/0 to confirm


neighbor {ip-address | peer-group-name} advertisement-interval seconds

show ip bgp neighbors ip-addr includes batch advertisement minimum time between advertisement runs is 30 seconds


neighbor ip-address maximum-prefix maximum [threshold] [warning-only] [restart restart-interval] (if you don’t set a restart-interval you have to reset neighbor connection (clear…)

show ip bgp neighbors ip-addr (shows max AS thresholds


route reflectors – Peer Group s

CPU only has to build one update per peer group no neighbor

IBGP EBGP can’t be combined

neighbor group-name peer-group

neighbor ip-address any-BGP-parameter

individual settings override peer group seetingsoverrides individual settings

neighbor Customres peer-group

neighbor Customers route-map Cust_IN in

neighbor Customers route-map Cu

show ip bgp peer-group [peer-


BGP route dampening


1000 points per flap, by default > 2000 points will cut out routes associated…

half life

once over high-water mark, have to get under 750 (default)

max penalty 1 hours (12000 points)

probably wouldn’t use in enterprise…

if after you go below 750 until you hit 375, then clear slate…




flap is a route flap



Example Config

router bgp 65004

no synchronization

bgp cluster-id 143

bgp log-neighbor-changes

network mask

network mask

network mask

network mask

aggregate-address summary-only

neighbor remote-as 65004

neighbor update-source Loopback0

neighbor route-reflector-client

neighbor remote-as 65004

neighbor update-source Loopback0

neighbor route-reflector-client

neighbor remote-as 64999

no auto-summary




router bgp 65004

no synchronization

bgp log-neighbor-changes

neighbor remote-as 65004

neighbor update-source Loopback0

no auto-summary




router advertising loopback1

PREPEND to see extra ASes

when you send out loopback prepend AS number during redistribution

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers


hostname P4R4



ip subnet-zero

ip tcp synwait-time 5

no ip domain-lookup





interface Loopback0

ip address


interface Loopback1

ip address


interface Ethernet0

ip address

no ip route-cache

no ip mroute-cache


interface Serial0

ip address

no ip route-cache

no ip mroute-cache

no fair-queue


interface Serial1

no ip address

no ip route-cache

no ip mroute-cache



router rip

version 2



router bgp 65044

no synchronization

bgp log-neighbor-changes

network mask

neighbor remote-as 65004

neighbor ebgp-multihop 5

neighbor update-source Loopback0

neighbor remote-as 65004

neighbor ebgp-multihop 5

neighbor update-source Loopback0

no auto-summary


ip classless

ip http server




line con 0

exec-timeout 60 0

privilege level 15

logging synchronous

line aux 0

transport input all

line vty 0 4

privilege level 15

no login