BGP prefix injection: Network Command
A prefix can be advertised in BGP if it is present in the RIB by using the network command, by redistribution, summarization (routes b=must be present in BGP table too) and by default route origination (no requirement). Using the network command the injecting peer sets the following attributes:
– Weight as 32768 (making it locally always preferred, unless otherwise configured);
– Local Pref unchanged;
– AS Path as usual;
– Origin as IGP;
– MED as the IGP metric (so that if multiple IGP injections are done, the best is chosen based on IGP metric)
– Sets the next hop as the IGP next hop itself.
It is not required to locally originate (directly connect) the prefix, but just to have it in the RIB. Once the BGP router has the prefix in the RIB, this is suffiecient to be sure of its good reacheability (what if BGP is distributed in IGP?!). A route map can be set on the network command (as on the redistribution, aggregation or default origination…) to set the attributes according to explicit required policy. Note: in some cases different IOS have different behaviours regarding MED settings (and the use of the “bgp bestpath med missing-as-worst” may be required).
network <network-number> [mask <network-mask>] [route-map <route-map-name>]
2610b(config)#int lo400
2610b(config-if)#ip address 10.40.0.1 255.255.0.0
2610b(config-if)#router bgp 400
2610b(config-router)#network 10.40.0.0 mask 255.255.0.0 ?
backdoor Specify a BGP backdoor route
route-map Route-map to modify the attributes
<cr>
2610b(config-router)#network 10.40.0.0 mask 255.255.0.0
2610b#sh ip bgp
BGP table version is 2, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
> 10.40.0.0/16 0.0.0.0 0 32768 i
2610b#sh ip bgp 10.40.0.0
BGP routing table entry for 10.40.0.0/16, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to non peer-group peers:
192.168.0.2 192.168.107.2
Local
0.0.0.0 from 0.0.0.0 (192.168.0.1)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
> 10.40.0.0/16 32768 100 – igp 0 local – (192.168.0.1)
On iBGP neighbor: path is not returned from eBGP (loop avoidance), only best iBGP path is left to choose:
1720a#sh ip bgp
BGP table version is 2, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
>i10.40.0.0/16 192.168.0.1 0 100 0 i
1720a#sh ip bgp 10.40.0.0
BGP routing table entry for 10.40.0.0/16, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.102.2 192.168.103.2 192.168.104.254
Local
192.168.0.1 (metric 51) from 192.168.0.1 (192.168.0.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
> 10.40.0.0/16 0 100 – igp 0 intern 51 (192.168.0.1)
1720a#sh ip route
10.0.0.0/16 is subnetted, 2 subnets
B 10.40.0.0 [200/0] via 192.168.0.1, 00:03:21
C 10.41.0.0 is directly connected, Loopback400
From an eBGP neighbor. No modification is made to Weight, LocalPref, AS-PATH, Origin or MED so a tie breaker must occurr. Anyway neighbor 192.168.0.2 did not insert MED, and this was considered a best MED value (+++).
Therefore the best path was considered based on MED!
If MED was set correctly, two paths would be external and two internal. External are left over.
From the two external there is no IGP metric available, so a BGP ID should be chosen.
(+++): The Internet Engineering Task Force (IETF) decision regarding BGP MED assigns a value of infinity to the missing MED, making the route lacking the MED variable the least preferred. The default behavior of BGP routers running Cisco IOS software is to treat routes without the MED attribute as having a MED of 0, making the route lacking the MED variable the most preferred.
1600a#sh
Mar 1 01:23:31: %SYS-5-CONFIG_I: Configured from console by consoleip bgp
BGP table version is 2, local router ID is 192.168.0.6
Status codes: s suppressed, d damped, h history, valid, > best, i – internal
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
i10.40.0.0/16 192.168.104.1 100 0 400 i
192.168.107.1 0 0 400 i
i 192.168.102.1 0 100 0 400 i
> 192.168.103.1 0 400 i
1600a#sh ip bgp 10.40.0.0
BGP routing table entry for 10.40.0.0/16, version 2
Paths: (4 available, best #4)
Advertised to peer-groups:
eBGP_to_AS400 iBGP_peers
400
192.168.104.1 (metric 10) from 192.168.0.5 (192.168.0.5)
Origin IGP, localpref 100, valid, internal, not synchronized
400
192.168.107.1 from 192.168.107.1 (192.168.0.1)
Origin IGP, metric 0, localpref 100, valid, external
400
192.168.102.1 (metric 11) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, not synchronized
400
192.168.103.1 from 192.168.103.1 (192.168.0.2)
Origin IGP, localpref 100, valid, external, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
10.40.0.0/16 0 100 400 igp ? intern 10 (192.168.0.5)
10.40.0.0/16 0 100 400 igp 0 extern – (192.168.0.1)
10.40.0.0/16 0 100 400 igp 0 intern 11 (192.168.0.3)
> 10.40.0.0/16 0 100 400 igp ? extern – (192.168.0.2)
Setting the router to consider a missing MED as worst:
1600a(config-router)#bgp bestpath med missing-as-worst
1600a#clear ip bgp soft in
1600a#sh ip bgp 10.40.0.0
BGP routing table entry for 10.40.0.0/16, version 3
Paths: (4 available, best #2)
Flag: 0x840
Advertised to peer-groups:
eBGP_to_AS400 iBGP_peers
400
192.168.104.1 (metric 10) from 192.168.0.5 (192.168.0.5)
Origin IGP, metric 4294967294, localpref 100, valid, internal, not synchronized
400
192.168.107.1 from 192.168.107.1 (192.168.0.1)
Origin IGP, metric 0, localpref 100, valid, external, best
400
192.168.102.1 (metric 11) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, not synchronized
400
192.168.103.1 from 192.168.103.1 (192.168.0.2)
Origin IGP, metric 4294967294, localpref 100, valid, external
Now the missing MED is the worst, and the MED decision is now different.
To make it significant, it is explicitely policed to be overall zero and the choice is not made on MED anymore:
1720a(config)#route-map set_MED
1720a(config-route-map)#set metric 0
1720a(config)#router bgp 400
1720a(config-router)#no synchronization
1720a(config-router)#bgp router-id 192.168.0.2
1720a(config-router)#bgp log-neighbor-changes
1720a(config-router)#timers bgp 30 90
1720a(config-router)#neighbor 192.168.0.1 remote-as 400
1720a(config-router)#neighbor 192.168.0.1 update-source Loopback999
1720a(config-router)#neighbor eBGP_to_AS100 peer-group
1720a(config-router)#neighbor eBGP_to_AS100 remote-as 100
1720a(config-router)#neighbor 192.168.102.2 peer-group eBGP_to_AS100
1720a(config-router)#neighbor 192.168.103.2 peer-group eBGP_to_AS100
1720a(config-router)#neighbor 192.168.104.254 peer-group eBGP_to_AS100
1720a(config-router)#neighbor eBGP_to_AS100 route-map set_MED out
1720a#clear ip bgp soft out
1600a#sh ip bgp 10.40.0.0
BGP routing table entry for 10.40.0.0/16, version 3
Paths: (4 available, best #4)
Advertised to peer-groups:
eBGP_to_AS400 iBGP_peers
400
192.168.104.1 (metric 10) from 192.168.0.5 (192.168.0.5)
Origin IGP, metric 0, localpref 100, valid, internal, not synchronized
400
192.168.102.1 (metric 11) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, not synchronized
400
192.168.103.1 from 192.168.103.1 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, external
400
192.168.107.1 from 192.168.107.1 (192.168.0.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
10.40.0.0/16 0 100 400 igp 0 intern 10 (192.168.0.5)
> 10.40.0.0/16 0 100 400 igp 0 extern – (192.168.0.1)
10.40.0.0/16 0 100 400 igp 0 intern 11 (192.168.0.3)
10.40.0.0/16 0 100 400 igp 0 extern – (192.168.0.2)
Via the network command the only important thing is that the prefix exists in the RIB.
It does not matter if it is locally inserted or not.
Switch02 injects now a prefix present in RIB, but not directly connected
Note that metric and next hop are set as the IGP values.
switch02#sh ip route
10.0.0.0/16 is subnetted, 3 subnets
D 10.22.0.0 [90/130816] via 192.168.110.2, 00:00:39, Vlan103
C 10.20.0.0 is directly connected, Loopback400
B 10.40.0.0 [20/0] via 192.168.109.1, 00:07:27
switch02(config)#router bgp 200
switch02(config-router)#network 10.22.0.0 mask 255.255.0.0
switch02#sh ip bgp
BGP table version is 6, local router ID is 192.168.0.9
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
> 10.40.0.0/16 192.168.109.1 0 100 400 i
switch02#clear ip bgp soft in
switch02#sh ip bgp
BGP table version is 7, local router ID is 192.168.0.9
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
> 10.22.0.0/16 192.168.110.2 130816 32768 i
> 10.40.0.0/16 192.168.109.1 0 100 400 i
switch02#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local
192.168.110.2 from 0.0.0.0 (192.168.0.9)
Origin IGP, metric 130816, localpref 100, weight 32768, valid, sourced, local, best
On another BGP speaker, in another AS.
Note MED is not transitive and next hop changed by eBGP speakers:
2610b#sh ip bgp
BGP table version is 5, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
>i10.22.0.0/16 192.168.102.2 0 100 0 100 200 i
> 10.40.0.0/16 0.0.0.0 0 32768 i
2610b#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.107.2
100 200
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
Note: there is only one route, while more paths are available….
This happens because hops in AS100 are not iBGP synchronized:
1600a#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 0
Paths: (1 available, no best path)
Not advertised to any peer
200
192.168.109.2 (metric 100) from 192.168.0.5 (192.168.0.5)
Origin IGP, metric 130816, localpref 100, valid, internal, not synchronized
Synchronization turned off along the way:
1600a(config)#router bgp 100
1600a(config-router)#no synchronization
1600a#clear ip bgp soft out
2610b#sh ip bgp
BGP table version is 6, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
> 10.22.0.0/16 192.168.107.2 0 100 200 i
i 192.168.102.2 0 100 0 100 200 i
> 10.40.0.0/16 0.0.0.0 0 32768 i
2610b#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 6
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.0.2
100 200
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, localpref 100, valid, external, best
100 200
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
> 10.22.0.0/16 0 100 100,200 igp ? extern 10 (192.168.0.6)
10.22.0.0/16 0 100 100,200 igp 0 intern 10 (192.168.0.2)
Once again either a peer did not set MED explicitely.
The “bgp bestpath med missing-as-worst” command can be used or MED set properly.
2610b(config)#router bgp 400
2610b(config-router)#bgp bestpath med missing-as-worst
2610b#clear ip bgp soft in
2610b#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 7
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x940
Advertised to non peer-group peers:
192.168.107.2
100 200
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external
100 200
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
10.22.0.0/16 0 100 100,200 igp MAX extern – (192.168.0.6)
> 10.22.0.0/16 0 100 100,200 igp 0 intern 51 (192.168.0.2)
When also the peer where the prefix is locally available announces it, there is now a multiple injection point. Anyway swithc02 still keeps its own initiated path (autosetting the weight as well!!):
switch02#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 7
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local
192.168.0.8 (metric 130816) from 192.168.0.8 (192.168.0.8)
Origin IGP, metric 0, localpref 100, valid, internal
Local
192.168.110.2 from 0.0.0.0 (192.168.0.9)
Origin IGP, metric 130816, localpref 100, weight 32768, valid, sourced, local, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
10.22.0.0/16 0 100 – igp 0 extern 13..(192.168.0.6)
> 10.22.0.0/16 32768 100 – igp 130816 intern – (192.168.0.2)
on a router in AS 100: in this case it is really a BGPID tie breaker.
1720a#sh ip bgp
BGP table version is 3, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
10.22.0.0/16 192.168.103.2 0 100 200 i
192.168.104.254 0 100 200 i
> 192.168.102.2 0 100 200 i
1720a#sh ip bgp 10.22.0.0
BGP routing table entry for 10.22.0.0/16, version 3
Paths: (3 available, best #3, table Default-IP-Routing-Table)
Advertised to peer-groups:
eBGP_to_AS100
Advertised to non peer-group peers:
192.168.0.1
100 200
192.168.103.2 from 192.168.103.2 (192.168.0.6)
Origin IGP, localpref 100, valid, external
100 200
192.168.104.254 from 192.168.104.254 (192.168.0.5)
Origin IGP, localpref 100, valid, external
100 200
192.168.102.2 from 192.168.102.2 (192.168.0.3)
Origin IGP, localpref 100, valid, external, best
Prefix W LcPref AS Origin MED iB/eB igp BGP ID
— ————- —— —— —– —— — ——– — ————-
10.22.0.0/16 0 100 100,200 igp – extern – (192.168.0.6)
> 10.22.0.0/16 0 100 100,200 igp – extern – (192.168.0.5)
> 10.22.0.0/16 0 100 100,200 igp – extern – (192.168.0.3)
1720a#traceroute 10.22.0.1
Type escape sequence to abort.
Tracing the route to 10.22.0.1
1 192.168.102.2 4 msec 0 msec 0 msec
2 192.168.104.254 40 msec 20 msec 20 msec
3 192.168.109.2 36 msec 20 msec 20 msec
4 192.168.110.2 16 msec 16 msec <<<< last Hop is IGP
hostname 2610b
!
interface Loopback400
ip address 10.40.0.1 255.255.0.0
!
interface Loopback999
ip address 192.168.0.1 255.255.255.255
!
interface Serial0/0
description to 1720B – remote port s1 – cable n.2
ip address 192.168.107.1 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
clockrate 64000
no arp frame-relay
frame-relay map ip 192.168.107.2 501 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
description to 1720a S1
bandwidth 2000
ip address 192.168.101.1 255.255.255.0
load-interval 30
no cdp enable
!
router ospf 1
router-id 192.168.0.1
log-adjacency-changes
passive-interface Loopback0
passive-interface Loopback999
network 172.17.0.119 0.0.0.0 area 100
network 192.168.0.1 0.0.0.0 area 0
network 192.168.101.1 0.0.0.0 area 0
network 192.168.107.1 0.0.0.0 area 0
!
router bgp 400
bgp router-id 192.168.0.1
bgp log-neighbor-changes
bgp bestpath med missing-as-worst
timers bgp 30 90
neighbor 192.168.0.2 remote-as 400
neighbor 192.168.0.2 update-source Loopback999
neighbor 192.168.107.2 remote-as 100
!
address-family ipv4
neighbor 192.168.0.2 activate
neighbor 192.168.107.2 activate
no auto-summary
no synchronization
network 10.40.0.0 mask 255.255.0.0 route-map set_MED
exit-address-family
!
route-map set_MED permit 500
set metric 0
!
end
IMPORTANT: use of iBGP “next-hop-self” keyword for iBGP next hop processing and IGP topologies. by default iBGP does not modify the next hop. In case synchronization is turned off (as it is now by default) there is s risk that, due to IGP choices or to NBMA hub’n’spoke topologies, the next hop points to non reacheable hop or to a “backdoor” which should not be the path followed to the BGP destination. In case of NBMA the hub site should be set to modify the next hop. Further this should be done on iBGP peers which also have iBGP peering. Finally, discrepancies in iBGP and IGP (the next-hop is known, reacheable but IGP points it to another direction) the next-hop keyword should be used to pass through the iBGP neighbor where the correct is. Summarizing use the next-hop self:
– On eBGP/iBGP peers towards the iBGP network;
– On iBGP peers hub of a NBMA network;
– On iBGP peers to workaround IGP to iBGP topology discrepancies;
2514a#sh ip route
D EX 192.168.109.0 [170/20563200] via 192.168.111.1, 03:30:27, Ethernet0
B 10.32.11.0/24 [200/0] via 192.168.109.1, 00:27:14
2514a#sh ip bgp 10.32.11.0
BGP routing table entry for 10.32.11.0/24, version 35
Paths: (1 available, best #1, table Default-IP-Routing-Table)
192.168.0.9 (metric 409600) from 192.168.109.1 (192.168.0.9)
Origin IGP, metric 0, localpref 100, valid, internal, best
Thus the path is received from iBGP neighbor 192.168.0.9, from interface E1, but the nex hop, due to IGP metric, is set as E0. When traffic is sent along E0, there is a blackhole (the BGP policy made the prefix not visible on this path).
2514a#ping 10.32.11.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.11.1, timeout is 2 seconds:
…..
To force the path though the righ way, the ingress point for such prefix (the EBGP and iBGP peer 192.168.0.9) is configured to pass its own address as next hop, solving the IGP/BGP problem:
switch02(config)#router bgp 200
switch02(config-router)#neighbor 192.168.0.8 next-hop-self
2514a#ping 10.32.11.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.11.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/36 ms
2514a#sh ip bgp 10.32.11.0
BGP routing table entry for 10.32.11.0/24, version 35
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.0.9 (metric 409600) from 192.168.0.9 (192.168.0.9)
Origin IGP, metric 0, localpref 100, valid, internal, best