Configuring BGP
Problem
You want to run BGP in a simple network.
Solution
In its simplest configuration, BGP exchanges routes between a router in one AS and another router in a different AS. The first router is in AS 65500:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface Serial0 Router1(config-if)#ip address 192.168.55.6 255.255.255.252 Router1(config-if)#exit Router1(config)#router bgp 65500 Router1(config-router)#network 192.168.1.0 Router1(config-router)#neighbor 192.168.55.5 remote-as 65501 Router1(config-router)#no synchronization Router1(config-router)#exit Router1(config)#end Router1#
The second router is in AS 65501:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface Serial0 Router2(config-if)#ip address 192.168.55.5 255.255.255.252 Router2(config-if)#exit Router2(config)#router bgp 65501 Router2(config-router)#network 172.25.17.0 mask 255.255.255.0 Router2(config-router)#neighbor 192.168.55.6 remote-as 65500 Router2(config-router)#no synchronization Router2(config-router)#exit Router2(config)#end Router2#
Discussion
This example shows two routers in different Autonomous Systems. Router1 is in AS 65500, and is configured to share routing information only for a single network using the command network 192.168.1.0. Because this is a classful network, we don't need to include a mask. However, you will notice that the syntax of the network command on Router2 is different:
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
This is because the routing information we want to share only includes 172.25.17.0/24, and not the entire classful network, 172.25.0.0/16.
The first thing you should do after configuring two routers for BGP is to ensure that they are able to establish a BGP connection. You can verify this with the command show ip bgp summary:
Router1#show ip bgp summary BGP router identifier 192.168.99.5, local AS number 65500 BGP table version is 7, main routing table version 7 4 network entries and 4 paths using 484 bytes of memory 2 BGP path attribute entries using 196 bytes of memory BGP activity 11/7 prefixes, 11/7 paths Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2 Router1#
Here you can see that Router1 has a BGP neighbor, 192.168.55.5, in AS 65501. The most critical detail here is the last column, State/PfxRcd. In this column, you will see either a word, indicating the state of the peer connection, or a number, indicating the number of routing prefixes (that is, the number of distinct subnets in the routing table) that have been received from this peer.
In this case, the router had a valid BGP session with the neighbor device, 192.168.55.5 for just over 12 minutes. If this session is broken for any reason, you will most likely see either the word "Active" or "Idle" in this field. The following output shows another peer device, 172.25.2.2, which is down:
Router1#show ip bgp summary BGP router identifier 192.168.99.5, local AS number 65500 BGP table version is 7, main routing table version 7 4 network entries and 4 paths using 484 bytes of memory 2 BGP path attribute entries using 196 bytes of memory BGP activity 11/7 prefixes, 11/7 paths Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2 172.25.2.2 4 65531 527 526 0 0 0 21:05:23 Active Router1#
More than one engineer has seen the word "Active" (or "Connect") here and thought that the session was active. But, in fact it means that this peer relationship is currently down. The BGP connection is only up if you see a number in the last column. Note also that the word "Idle" in this column indicates that the router doesn't believe that a session is even possible with this peer device, or that it has not yet attempted to connect (the router will wait several seconds before attempting a connection). If the Idle condition persists, this usually indicates that the remote peer is unreachable. A persistent "Active" state, on the other hand, most likely indicates a configuration problem.
It often takes almost a minute to establish a BGP peer connection, so be patient if you don't see the peers immediately connect. If after this time they still have failed to connect, you should double check your "neighbor" configuration statements. Make sure that you have the right remote IP address and AS number, in particular. If these are correct, and you can ping the remote peer's IP address. Then you should make sure that the routers are using the interfaces that you think they are to reach the destination.
The example in the Solutions section of this recipe shows an eBGP peer relationship because we have configured different ASNs on the two routers:
Router1(config)#router bgp 65500 Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
This shows that Router1 is in AS 65500, while Router2 is in AS 65501. You configure iBGP peers the same way, but the neighbor statement specifies the same ASN value as the router bgp statement. We can add a iBGP peer in AS 65500 as follows:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface Ethernet0 Router1(config-if)#ip address 192.168.1.5 255.255.255.0 Router1(config-if)#exit Router1(config)#router bgp 65500 Router1(config-router)#neighbor 192.168.1.6 remote-as 65500 Router1(config-router)#exit Router1(config)#end Router1#
And we would configure the other iBGP peer router like this:
Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#interface Ethernet0 Router3(config-if)#ip address 192.168.1.6 255.255.255.0 Router3(config-if)#exit Router3(config)#router bgp 65500 Router3(config-router)#neighbor 192.168.1.5 remote-as 65500 Router3(config-router)#exit Router3(config)#end Router3#
There is no need to establish a peer relationship between this new router and the eBGP peer, Router2. Router3 may connect to one or more other, completely different ASs, though. And there is nothing to prevent you from having an iBGP peer that doesn't connect to any eBGP peers. However, it is important to create a full mesh of iBGP relationships among all of the BGP routers inside any given AS.
BGP uses a permanent TCP connection between pairs of peer routers, and every peer relationship must be configured manually. This is actually one of the biggest strengths of BGP because it allows you to configure unique properties, such as unique filtering for each peer. With the various IGPs that we have already discussed, the routing peers generally discover one another dynamically by default.
However, the above examples only specify the destination IP address, not the source address. In this particular case, there is only one way to reach the destination, so there is no need to specify the source address, as the routers will simply use the IP address of the nearest interface. There are some cases where you do need to specify the source address, though.
For example, you might have two iBGP routers in your network, with several different possible paths between them. In this case, it would be better to configure the two routers to use their loopback addresses for the peer configuration, rather than the physical interfaces, which could go down. If you have redundant paths, you may as well use them. You could configure the router to use its loopback address for BGP as follows:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface Ethernet0 Router1(config-if)#ip address 192.168.55.6 255.255.255.0 Router1(config-if)#exit Router1(config)#interface Ethernet1 Router1(config-if)#ip address 192.168.56.10 255.255.255.0 Router1(config-if)#exit Router1(config)#interface Loopback0 Router1(config-if)#ip address 172.21.19.1 255.255.255.255 Router1(config-if)#exit Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.55.1 Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.56.1 Router1(config)#router bgp 65500 Router1(config-router)#neighbor 172.20.1.2 remote-as 65500 Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0 Router1(config-router)#exit Router1(config)#end Router1#
Then, on the other router, you would have:
Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#interface Ethernet0 Router3(config-if)#ip address 192.168.55.1 255.255.255.0 Router3(config-if)#exit Router3(config)#interface Ethernet1 Router3(config-if)#ip address 192.168.56.1 255.255.255.0 Router3(config-if)#exit Router3(config)#interface Loopback0 Router3(config-if)#ip address 172.20.1.2 255.255.255.255 Router3(config-if)#exit Router3(config)#ip route 172.21.19.1 255.255.255.255 192.168.55.6 Router3(config)#ip route 172.21.19.1 255.255.255.255 192.168.56.10 Router3(config)#router bgp 65500 Router3(config-router)#neighbor 172.21.19.1 remote-as 65500 Router3(config-router)#neighbor 172.21.19.1 update-source Loopback0 Router3(config-router)#exit Router3(config)#end Router3#
Each of these routers uses the other's loopback IP address for its BGP neighbor statement. But to create a TCP session, you need the source address from one end to match the destination address of the other. So we have included commands to force each router to use their loopback interfaces for these source addresses:
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
We strongly recommend using the update-source option, specifying a loopback interface on both routers, whenever you have redundant paths between iBGP peers.
So far, everything that we have discussed has to do with establishing the iBGP and eBGP peer relationships. We haven't exchanged any actual routing information yet. This brings us to the network commands in the example configuration files. On the first router, we used the classful version of the command to advertise an entire Class C network, 192.168.1.0/24:
Router1(config)#router bgp 65500 Router1(config-router)#network 192.168.1.0
The second router, however, uses the more general classless version of the network command:
Router2(config)#router bgp 65501 Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
These commands allow the router to pick up routes out of its routing table and pass them along using BGP. BGP will not advertise anything that it doesn't have in its routing table. The first command will advertise the prefix 192.168.1.0/24 if it is in the routing table, while the second one will advertise 172.25.17.0/24. It is important to realize that these are literally the prefixes that BGP will advertise. If you have a route for 192. 168.1.4/32, then the first network statement we mentioned will not cover it. Instead, you would have to explicitly include a network command for this prefix:
Router1(config)#router bgp 65500 Router1(config-router)#network 192.168.1.4 mask 255.255.255.255
You can also use redistribution to inject routes into BGP from either static routes or foreign routing protocols. As we discuss in Recipe 9.14, however, redistribution is messy and complicated. We strongly recommend against redistribution to introduce routes into BGP if it can be avoided.
Note that because BGP will only advertise a prefix if it is in the routing table, an unstable IGP route could introduce instability into BGP. You can ensure the route is always available, though, by using a floating static route pointing to the null interface:
Router1(config)#ip route 192.168.1.0 255.255.255.0 null0 250
Here we have specified an Administrative Distance of 250 for this route. This value is deliberately very high to ensure that it is worse than any IGP, as well as iBGP. Now when the dynamic route drops out of the IGP routing table, the router replaces it with this floating static route, and BGP continues to advertise the prefix. This is not always desirable, of course. You may want this BGP router to stop advertising routes that it cannot reach. But in most cases, stability is more important. See Recipe 5.5 for more information about floating static routes.
Looking back at the example in the Solutions section of this recipe, you will see that we disabled synchronization on both routers:
Router1(config)#router bgp 65500 Router1(config-router)#no synchronization
Synchronization is enabled by default. This feature is intended for situations in which your AS acts as a transit for packets from one AS to another, but where some of the routers in your AS do not run BGP. In this case, the routers that only run the IGP need to have the same routing table as the BGP routers, or the AS could become a black hole for the unsynchronized routes. If synchronization is enabled in this situation, BGP will only advertise routes that are present in both the IGP and BGP route tables.
In this example, we had no intention of carrying the BGP routing table through the IGP. We generally recommend disabling synchronization, unless you are running an IGP and redistributing routes between BGP and the IGP.
Take a close look at the examples in this recipe because they show how Cisco's BGP configuration syntax works. When you want to change the parameters for a particular peer, you must first define the neighbor and the AS that this peer resides in. Then you can start to define any nondefault behavior for this peer with further neighbor commands that specify the same peer IP address. There are literally dozens of different options you can adjust this way. We mention several of these options in this chapter.
See Also
Recipe 5.5; Recipe 9.2; Recipe 9.14