Internal BGP Between Internet-Connected Routers

  • How does the iBGP configuration differs from eBGP?
    • iBGP neighbors use the same ASN in the “neighbor IP remote-as ASN” command
  • What do you need to know when using Loopback interface as source with eBGP? Same question for iBGP.
    • eBGP – by default TTL = 1 for the TCP session so ebgp-multihop need to be used
    • iBGP – not using low TTL so multihop is not required
  • Refer to the exibit!
    When I1-1 advertises the 181.0.0.0/8 subnet to E1 and E1 (eBGP) and E1 advertises this to E2 (iBGP), what will be the next hop (on E2) ?
    next-hop-self.PNG

    • The next hop will be I1-1 (the outgoing interface or the interface specified in neighbor IP update-source interface )
      • E2 must have a route for the next-hop to work properly
    • If neighbor IP next-hop-self is configured on E1, then E1 will be the next-hop

Avoiding Routing Loops When Forwarding Toward the Internet

  • Refer to the exhibit!
    There is a default route on Core1 (IGP) to E1 (BGP) so step 2 and 3 is a loop. What design change is recommended?
    loop.PNG

    • Core1 and Core2 should have BGP so they can choose the best route.
  • What is the name of the above solution design?
    • partial mesh of iBGP (E1 not connected to E2)
      partial-ibgp-mesh.PNG
  • What is the danger of iBGP route advertisement?
    • routes learned from iBGP will not be advertised to another iBGP peer
  • What is the solution for this?
    • create full mesh iBGP
      This way all devices will exchange routes directly so they overcome the restriction.
  • What are the dangers of redistributing BGP into IGP?
    • It is not recommended because IGP was not designed for handing huge number of routes. In some cases IGP might crash.
  • What is BGP synchronization?
    • When routes from BGP are redistributed into IGP, it is  recommended to use BGP synchronization.
    • This means that iBGP learned routes must be in IGP also before they can be used.

Route Filtering and Clearing BGP Peers

  • What routes should an enterprise filter when it has BGP connection to multiple ISPs?
    • the enterprise private ranges
    • the enterprise should not advertise routes learned from another ISP
      enterprise-filtering-bgp.PNG
  • How do you filter BGP routes?
    • you can only filter per neighbor (not per interface)
    • neighbor IP distribute-list standard-ACL
    • neighbor IP distribute-list extended-ACL
    • neighbor IP prefix-list prefix-list
    • neighbor IP filter-list as-path-acl
    • neighbor IP route-map route-map
  • How do you clear BGP neighbors?
    • administratively shutdown neighbors and reenable
    • clear ip bgp  *
    • clear ip bgp neighbor-id – hard reset on neighbor
    • clear ip bgp neighbor-id in – new IOS asking for neighbors full BGP table resend instead of breaking the neighborship/TCP
    • clear ip bgp * soft in/out – soft reset (“refiltering” using cashed routes)
  • What is BGP hard reset and soft reset?
    • Hard Reset: The local router brings down the neighborship, the underlying TCP connection and removes all BGP table entries learned from that neighbor
    • Soft Reset: The neighborship and the underlying TCP connection stays up. The local router rebuilds its BGP table and resends the Updates
  • How can you verify received routes before / after filtering?
    How can you verify sent routes before and after filtering?

    • filtering.PNG
  • Is there any prerequisite any of the above commands?
    • The show ip bgp neighbor received-routes need BGP subcommand:
      neighbor soft-reconfiguration inbound
  • What is a BGP Peer group and why do we need it? How do you configure it?
    • BGP creates updates, by default, on a neighbor-by-neighbor bases.  We can put the neighbors into BGP peer groups and apply some parameters to the peer group, so it will be applied to the group and not one-by-one. this can decrease the CPU usage.
    • neighbor ROUTE-PG peer-group
      neighbor ROUTE-PG prefix-list SOME-PREFIX in
      neighbor 10.0.0.1 remote-as 10
      neighbor 10.0.0.1 peer-group ROUTE-PG
      neighbor 32.1.22.1 remote-as 30
      neighbor 32.1.22.1 peer-group ROUTE-PG

BGP Path Attributes and Best-Path Algorithm

  • What are the BGP Path Attributes that affect the best-path algorithm?
    • Next_Hop
    • Weight – not advertised to any BGP peers, Cisco proprietary
    • Local_Pref
    • AS_Path
    • Origin – IGP / EGP / ? (incomplete information)
    • Multi-Exit Discriminator (MED) – Set and advertised by routers in one AS, impacting the BGP decision of routers in the other AS. Smaller better.
  • What PA settings can you see in the following sho ip bgp output?
    sho-ip-bgp-empty.PNG

    • sho-ip-bgp.PNG
  • What are the tiebreakers of BGP best path selection?
    • 1 – Weight (bigger, only Cisco, range=local)
    • 2 – Local Pref (bigger, default=100, range=AS)
    • 3 – Locally injected routes (routes locally injected to BGP table is better than routes from BGP neighbors)
    • 4 – AS_Path length (shorter)
    • 5 – Origin (IGP > EGP > ?)
    • 6 – MED (smaller)
    • 7 – Neighbor type (eBGP > iBGP)
    • 8 – IGP metric to Next-Hop (smaller, wach it! IGP route! EIGRP/RIP/OSPF/iBGP)
    • 9 – Oldest eBGP route (sho ip bgp lists the older path last in the list)
    • 10 – Lowest neighbor BGP RID
    • 11 – Lowest neighbor IP address

Influencing an Enterprise’s Outbound Routes

  • How can an engineer manipulate the BGP best path algorithm?
    • setting weight (enterprise outbound, local)
    • setting local_pref (enterprise outbound, AS)
    • setting AS_Path (enterprise outbound, global)
    • setting MED (enterprise inbound)
  • How do you configure a route’s weight?
    • using route-map on a neighbor
    • ip prefix-list match-181 permit 181.0.0.0/8
      !
      route-map set-weight-50 permit 10
         match ip address prefix-list match-181
         set weight 50
      route-map set-weight-50 permit 20
      !
      router bgp 11
      neighbor 192.168.1.2 route-map set-weight-50 in
    • It is recommended to use clear ip bgp 192.168.1.2 soft 
  • How can you configure weight for all routes received from a specific neighbor?
    • neighbor weight value
  • What do you know about Local Preference?
    • This PA gives the routers inside an AS a value that can be set per route and it can be advertised within the AS.
    • It is not advertised to eBGP peers
    • It identifies the best exit point from the AS to reach a given prefix
  • What happens when a route has been declared as the best route in BGP table? Where does it go?
    • Instead of the routing table it will get into the Routing Table Manager which chooses the best route between multiple routing protocols
      routing-table-manager.PNG
  • What is a RIB Failure?
    • There might be routes where BGP has choosen the best route but RTM function has not placed the route into RIB (Routing Information Base) a.k.a. IP routing table.
      rib-failure.PNG
  • What is the rule of BGP maximum-paths?
    • If the BGP best-path algorythm does not choose before Step 8, the routes which still tie can get into the routing table up to the number defined in:
      maximum-paths number
  • What is AS Path Prepend?
    • The engineer can add plus ASN to the AS_Path PA. This will not distrub the loop prevention mechanism but will affect the best-path algorythm.
  • How do you configure AS Path Prepend?
    • as-path-prepend.PNG
    • route-map add-two-asns permit 10
         set as-path prepend 3 3
      router bgp 11
         neighbor 192.168.1.6 route-map add-two-asns in

Influencing an Enterprise’s Inbound Routes with MED

  • What is MED?
    • Multi Exit Discriminator: BGP send the MED PA to it’s neighbor (eBGP). It’s usually used in multi-homed designs. With MED the engineer can configure where should the traffic enter into the enterprise. Smaller MED value the better.
      med.PNG
      If the enterprise want MED to work properly, they need to communicate with the ISP to rely on MED. Else the other BGP tie breakers will win before MED.
  • How do you configure MED?
    • route-map set-med-to-I1-1 permit 10
         match ip address prefix-list only-public
         set metric 10
      route-map set-med-to-I1-4 permit 10
         match ip address prefix-list only-public
         set metric 20
      !
      ip prefix-list only-public permit 128.107.0.0/19
      !
      router bgp 11
         neighbor 1.1.1.1 route-map set-med-I1-1 out
         neighbor 192.168.1.2 route-map set-med-I1-4 out
  • Refer to the exhibit! What value is visible in the brackets? 
    sho-ip-route-bgp

    • That’s metric =  MED.
Advertisements