p o c e | e n g i n e e r i n g

BGP Selection Path Algorithm

The selection path is described by Cisco at:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

Pre-conditions
0 If {NEXT_HOP = inaccessible}, then DROP the path.
0 If {{path rcvd via iBGP} + {synchronization is ON} and {path is NOT in IGP}}, then DROP the path

Standard Path Selection Algorythm
1 Use path with: {Higher WEIGHT}.
2 Use path with: {Higher LOCAL_PREF}.
3 Use path that is “local” {Originated by BGP running on this router}.
4 Use path with: {Shortest AS-PATH}.
5 Use path with: {Lowest ORIGIN Type}: IGP < EGP < incomplete.
6 Use path with: {Lowest MED attribute}. Used towards the same AS.
7 Prefer an eBGP over an iBGP path. (This step is Cisco specific, and is a typical tie breaker).
8 Prefer the path through the closest IGP neighbor. (This step is a tiebreaker described in the RFC).
9 Prefer the path from BGP neighbor with the lowest RID (Also a tiebreaker described in the RFC).
=> See also the “extensions” to the Path Selection Algorythm in Part 10 of this article.

For memorization (sequence, attribute order)
<—– metrics/attributes —-> <– non metrical TB –> <— Other Tiebreakes —>
WE LOve l AS rO Ma eBGP IGP older BGP_id Cluster_id IP_Add

IG CAL o pa RI E << metric

HT PREF c th GIN D iBGP

For memorization (from the Closest to Farest)
+——————+
| +—+ +—+ |
| | D | | E | |
| +—+ +—+ |
| | | <——— MED
| | | <——— Origin
+—–|——-|—-+
| | <——— AS Path
+—–|——-|—-+
| +—+ +—+ |
| | A | | B | |
| +—+ +—+ |
| \ / <——– Local_Pref
| \ +—+ / |
| \| C |/ <——— WEIGHT
| +—+ |
+——————+

Example of attributes and BGP path selection:
bcsw1.asd-tc2.nl#sh ip bgp 195.241.100.100
BGP routing table entry for 195.241.100.100/32, version 388
Paths: (4 available, best #1, table Default-IP-Routing-Table)
Multipath: eBGP
Advertised to update-groups:
1
65031, (received & used)
195.241.57.13 from 195.241.57.13 (172.26.10.7)
Origin incomplete, metric 200, localpref 100, valid, external, multipath, best
65031, (received & used)
195.241.1.83 (metric 61) from 195.241.1.83 (195.241.1.83)
Origin incomplete, metric 200, localpref 100, valid, internal
65031, (received & used)
195.241.57.9 from 195.241.57.9 (172.26.10.70)
Origin incomplete, metric 200, localpref 100, valid, external, multipath
=> Selection: the BGP ID is the tie breaker.
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
> 195.241.57.13 32768 100 (100) incomp 200 external – (172.26.10.7)
195.241.1.83 32768 100 (100) incomp 200 internal 61 (195.241.1.83)
195.241.57.9 32768 100 (100) incomp 200 external – (172.26.10.70)

Modifying the attributes:
bcsw1.asd-tc2.nl(config-router)#route-map LOCPREF
bcsw1.asd-tc2.nl(config-route-map)#set local-preference 500
bcsw1.asd-tc2.nl(config-route-map)#router bgp 5615
bcsw1.asd-tc2.nl(config-router)#neighbor 195.241.1.83 route-map LOCPREF in
bcsw1.asd-tc2.nl#clear ip bgp 195.241.1.83 soft in
bcsw1.asd-tc2.nl#sh ip bgp 195.241.100.100
BGP routing table entry for 195.241.100.100/32, version 416
Paths: (5 available, best #4, table Default-IP-Routing-Table)
Multipath: eBGP
Flag: 0x1940
Not advertised to any peer
65031, (received & used)
195.241.57.13 from 195.241.57.13 (172.26.10.7)
Origin incomplete, metric 200, localpref 100, valid, external
65031, (received & used)
195.241.57.9 from 195.241.57.9 (172.26.10.70)
Origin incomplete, metric 200, localpref 100, valid, external
65031
195.241.1.83 (metric 61) from 195.241.1.83 (195.241.1.83)
Origin incomplete, metric 200, localpref 500, valid, internal, best
=> Selection: The local preference wins.
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
195.241.57.13 32768 100 (100) incomp 200 external – (172.26.10.7)
> 195.241.1.83 32768 500 (100) incomp 200 internal 61 (195.241.1.83)
195.241.57.9 32768 100 (100) incomp 200 external – (172.26.10.70)

Peering Configuration: eBGP, iBGP, Peer groups, Soft restarts, etc.

Customizing BGP peering involves peering configuration (non-advertising, policing or selection activities) and includes:
– Basic global BGP parameters (router-id, timers)
– Basic peering parameters (neighborship, as number)
– BGP Soft reconfiguration type
– MD5 authentication
– Peer Groups, Update groups, Templates

———- Basic global BGP parameters (router-id, timers) ———
router bgp <autonomous-system-number>
bgp router-id <ip-address>
bgp bestpath med missing-as-worst <<<<< how to treat prefixes when med is absent
bgp fast-external-fallover <<<<< reset in case link up/down
timers bgp <keepalive> <holdtime>
!
end
Defaults since 12.3:
router bgp <autonomous-system-number>
no synchronization
no auto-summary
bgp log-neighbor-changes
!
end

———- Basic peering parameters (neighborship, as number) ———
router bgp <autonomous-system-number>
neighbor ip-address remote-as autonomous-system-number
neighbor ip-address update-source <interface>
neighbor ip-address next-hop-self
neighbor ip-address send-community
!
end

———– BGP Soft reconfiguration types ———–
Whenever there is a change of policy in a BGP network, the BGP session between peers must be soft or hard reset, for the new policy to take effect. Performing inbound reset enables the new inbound policy configured on the local router to take effect. Performing outbound reset causes the new local outbound policy configured on the local router to take effect on announcements. Depending on software version soft reset can be enabled differently: on newer version is non memory intensive and is configured by default. On older (prior to 12.1) can be enabled manually but is memory intensive. On hybrid links can newer IOS routers can recognize and act conseqwuntly. The show ip bgp neighbors command shows information about Neighbor capabilities.
Outbound soft reset:
No configuration required, updates announcements from the local router but does not reset inbound routing table updates (on remote and local routers).
Dynamic inbound soft reset:
No configuration required, does not require local storing of routing table updates for neighbors, has no memory overhead. Cisco IOS Release 12.1 and later releases support soft reset without any prior configuration by default. Not available on Cisco IOS prior to 12.1. Does not reset outbound routing table updates.
Manullay configured neighbor inbound soft reset:
Older mode (prior to 12.1), requires configuration of the “neighbor soft-reconfiguration” router configuration command and stores per neighbor updates locally (memory-intensive). Can be used when BOTH BGP routers do not support the automatic route refresh capability. In Cisco IOS Release 12.3(14)T, in case one peer supports dynamic soft inbound reset and the other not, the “bgp soft-reconfig-backup” command was introduced to automatically support, on the dynamic soft reset capable peer, inbound soft reconfiguration for peers that do not support the route refresh capability. Does not reset outbound routing table updates.

———— MD5 authentication ————
BGP uses TCP as communication transport layer and therefore is subject to all TCP mechanism, including the use of the RST bit. In order to protect BGP from spoofed TCP segments and, particularly, TCP resets a MD5 Signature, using MD5’s message digest algorithm, can be applied and is reccomended.
router bgp 65001
neighbor 162.108.21.8 password S3cr3T

————- Peer Groups ————
Often, in a BGP network, many neighbors are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into BGP peer groups to simplify configuration and, more importantly, to make configuration updates more efficient. The BGP proces is made more efficient by calculating routes to be filtered and advertised only once per peer group. Specific per neighbor parameters anyway can be set to override peer group configuration. Useful: “show ip bgp peer-group <name>”
1. Assign the peer-group a name: neighbor <name> peer-group
2. Define peer-group’s policy: neighbor <name> <any-BGP-neighbor-cmd>
3. Assign a neighbor to a peer-grpup: neighbor 1.1.1.1 peer-group <name>
4. Modify per neighbor properties: neighbor 1.1.1.1 <any-BGP-neighbor-cmd>

RTC#
router bgp 300
neighbor eBGP-Peer-Group peer-group
neighbor eBGP-Peer-Group route-map SETMETRIC
neighbor eBGP-Peer-Group filter-list 1 out
neighbor eBGP-Peer-Group filter-list 2 in
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 peer-group eBGP-Peer-Group
neighbor 4.4.4.2 remote-as 600
neighbor 4.4.4.2 peer-group eBGP-Peer-Group
neighbor 1.1.1.2 remote-as 200
neighbor 1.1.1.2 peer-group eBGP-Peer-Group
neighbor 1.1.1.2 filter-list 3 in

————– Peer and Policy Templates ————-
Peer and Policy Templates are an enhancement to the peer group concept, decoupling session and policy parameters and allowing neighbors to share session without the peer group limits of being memeber of the same address family and have the same outbound policy.
Both Peer and Policy Templates allow for a hierarchy of inheritance. For instance peer A, B and C need a given policy, while D and E need the same but with some added configuration. Template inheritance allows efficient configuration of a template for A, B and C and a Template for D and E which is inheritates the first Template but adds some extra processing.
Peer Templates allowed options:
– description
– disable-connected-check
– ebgp-multihop
– exit inherit peer-session
– inherit inherit peer-session
– local-as
– password
– remote-as
– shutdown
– timers
– translate-update
– update-source
– version

Example:
template peer-session SESSION-TEMPLATE-PARENT
description peers type 1
update-source Loopback0
exit peer-session
!
template peer-session SESSION-TEMPLATE-CHILD
description peers type 2
timers 30 90
inherit peer-session SESSION-TEMPLATE-PARENT
exit peer-session
!
router bgp 200
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.3 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.4 remote-as 100
neighbor 192.168.1.4 inherit peer-session SESSION-TEMPLATE-CHILD
neighbor 192.168.1.5 remote-as 100
neighbor 192.168.1.5 inherit peer-session SESSION-TEMPLATE-CHILD
!
end

Policy Templates allowed options:
– advertisement-interval
– allowas-in
– as-override
– capability
– default-originate
– distribute-list
– dmzlink-bw
– exit-peer-policy
– filter-list
– inherit peer-policy
– maximum-prefix
– next-hop-self
– next-hop-unchanged
– prefix-list
– remove-private-as
– route-map
– route-reflector-client
– send-community
– send-label
– soft-reconfiguration
– unsuppress-map
– weight

Example:
template peer-policy POLICY-TEMPLATE-PARENT
send-community both
maximum-prefix 1000 warning-only
!
template peer-policy POLICY-TEMPLATE-CHILD
inherit peer-policy POLICY-TEMPLATE-PARENT
maximum-prefix 500 warning-only
remove-private-as
!
router bgp autonomous-system-number
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.1 inherit peer-policy POLICY-TEMPLATE-PARENT
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.2 inherit peer-policy POLICY-TEMPLATE-PARENT
neighbor 192.168.1.3 remote-as 100
neighbor 192.168.1.1 inherit peer-session SESSION-TEMPLATE-PARENT
neighbor 192.168.1.3 inherit peer-policy POLICY-TEMPLATE-PARENT
neighbor 192.168.1.4 remote-as 100
neighbor 192.168.1.4 inherit peer-session SESSION-TEMPLATE-CHILD
neighbor 192.168.1.4 inherit peer-policy POLICY-TEMPLATE-CHILD
neighbor 192.168.1.5 remote-as 100
neighbor 192.168.1.5 inherit peer-session SESSION-TEMPLATE-CHILD
neighbor 192.168.1.5 inherit peer-policy POLICY-TEMPLATE-CHILD
!
End

Examples of Peering activities

Router IF Bw IP Address
2610b E0/0 10M 192.168.1.119/24
2610b L0 10M 172.17.0.119/24
2610b S0/1 2M 192.168.101.1/24
2610b S0/0 64K 192.168.107.1/24
1720a S1 2M 192.168.101.2/24
1720a E0 10M 192.168.103.1/24
1720a F0 10M 192.168.102.1/24
1720a S0 64K 192.168.104.1/24
1720b F0 10M 192.168.102.2/24
1720b E0 10M 192.168.106.1/24
1720b S0.3 128K 192.168.104.2/24
1600a E0 10M 192.168.103.2/24
1600a S0.1 128K 192.168.105.1/24
1600a S0.2 64K 192.168.107.2/24
1600b S0.1 128K 192.168.105.2/24
1600b S0.2 128K 192.168.104.254/24
1600b E0 10M 192.168.109.1/32
2610a E0/0.33 10M 192.168.106.2/24
2610a E0/0.32 10M 172.16.0.2/24
2610a S1/1 1M 192.168.108.1/32
2514b S0 1M 192.168.108.2/32
2514b E0 10M 192.168.111.1/32
2514a E0 10M 192.168.111.2/32
2514a E1 10M 192.168.110.2/32
c3550 F0/13 10M 192.168.109.2/32
c3550 Vlan105 10M 192.168.110.1/32
Linux Eth1 10M 172.16.0.1/24

Minimal iBGP and eBGP configuration:
2610b(config)#router bgp 400
2610b(config-router)#bgp router-id 192.168.0.1
2610b(config-router)#timers bgp 30 90
2610b(config-router)#neighbor 192.168.0.2 remote-as 400
2610b(config-router)#neighbor 192.168.0.2 update-source Loopback 999
2610b(config-router)#neighbor 192.168.107.2 remote-as 100
2610b#
Nov 4 21:11:57: TCB83831BF0 created
Nov 4 21:11:57: TCB83831BF0 setting property TCP_WINDOW_SIZE (0) 83830BBC
Nov 4 21:11:57: TCB83831BF0 setting property TCP_MD5KEY (5) 0
Nov 4 21:11:57: TCB83831BF0 setting property TCP_TOS (11) 83830BA8
Nov 4 21:11:57: TCB83831BF0 bound to 192.168.0.1.11001
Nov 4 21:11:57: TCP: sending SYN, seq 933993674, ack 0
Nov 4 21:11:57: TCP0: Connection to 192.168.0.2:179, advertising MSS 536
Nov 4 21:11:57: TCP0: state was CLOSED -> SYNSENT [11001 -> 192.168.0.2(179)]
Nov 4 21:11:57: TCP0: state was SYNSENT -> ESTAB [11001 -> 192.168.0.2(179)]
Nov 4 21:11:57: TCP0: Connection to 192.168.0.2:179, received MSS 536, MSS is 536
Nov 4 21:11:57: TCB83831BF0 connected to 192.168.0.2.179
Nov 4 21:11:57: %BGP-5-ADJCHANGE: neighbor 192.168.0.2 Up
2610b#sh ip bgp sum
BGP router identifier 192.168.0.1, local AS number 400
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.2 4 400 93 93 1 0 0 00:44:45 0
192.168.107.2 4 100 89 88 1 0 0 00:03:28 0
2610b#sh ip bgp neighbors
BGP neighbor is 192.168.0.2, remote AS 400, internal link
BGP version 4, remote router ID 192.168.0.2
BGP state = Established, up for 00:29:37
Last read 00:00:07, hold time is 90, keepalive interval is 30 seconds
Configured hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 0 0
Keepalives: 62 62
Route Refresh: 0 0
Total: 63 63
Default minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Sent Rcvd
Prefix activity: —- —-
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: ——– ——-
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Connections established 1; dropped 0
Last reset never
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 192.168.0.1, Local port: 11001
Foreign host: 192.168.0.2, Foreign port: 179
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x3886F5):
Timer Starts Wakeups Next
Retrans 63 0 0x0
TimeWait 0 0 0x0
AckHold 63 39 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 933993674 snduna: 933994898 sndnxt: 933994898 sndwnd: 16251
irs: 1240386238 rcvnxt: 1240387462 rcvwnd: 16251 delrcvwnd: 133
SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 4 ms, maxRTT: 300 ms, ACK hold: 200 ms
Flags: higher precedence, nagle
Datagrams (max data segment is 536 bytes):
Rcvd: 87 (out of order: 0), with data: 63, total data bytes: 1223
Sent: 106 (retransmit: 0, fastretransmit: 0), with data: 63, total data bytes: 1223

Example of using Peer Groups:
hostname 1600a
!
router bgp 100
bgp router-id 192.168.0.6
bgp cluster-id 3232262914
bgp log-neighbor-changes
timers bgp 30 90
neighbor eBGP_to_AS400 peer-group
neighbor eBGP_to_AS400 remote-as 400
neighbor iBGP_peers peer-group
neighbor iBGP_peers remote-as 100
neighbor iBGP_peers update-source Loopback999
neighbor 192.168.0.3 peer-group iBGP_peers
neighbor 192.168.0.5 peer-group iBGP_peers
neighbor 192.168.103.1 peer-group eBGP_to_AS400
neighbor 192.168.107.1 peer-group eBGP_to_AS400
!
end

Setting a password:
1600a(config-router)# neighbor iBGP_peers password test_pswd
Mar 1 02:48:12: %BGP-5-ADJCHANGE: neighbor 192.168.0.3 Down Password change
Mar 1 02:48:12: %BGP-5-ADJCHANGE: neighbor 192.168.0.5 Down Password change
Mar 1 02:48:38: %BGP-5-ADJCHANGE: neighbor 192.168.0.3 Up
Mar 1 02:48:42: %BGP-5-ADJCHANGE: neighbor 192.168.0.5 Up
hostname 1600a
!
router bgp 100
bgp router-id 192.168.0.6
timers bgp 30 90
neighbor eBGP_to_AS400 peer-group
neighbor eBGP_to_AS400 remote-as 400
neighbor iBGP_peers peer-group
neighbor iBGP_peers remote-as 100
neighbor iBGP_peers password 7 0010161510641B151825
neighbor iBGP_peers update-source Loopback999
neighbor 192.168.0.3 peer-group iBGP_peers
neighbor 192.168.0.5 peer-group iBGP_peers
neighbor 192.168.103.1 peer-group eBGP_to_AS400
neighbor 192.168.107.1 peer-group eBGP_to_AS400
!
end

P O C E | E N G I N E E R I N G

BGP - Border Gateway Protocol (Part 2)

BGP Selection Path Algorithm

Peering Configuration: eBGP, iBGP, Peer groups, Soft restarts, etc.

P O C E | E N G I N E E R I N G