Monday, October 19, 2009

BGP Notes

Route Selection Using Policy Controls

Over the last ten years, the size of the Internet grew to an extremely large size. None of the interior protocols used by most companies (such as OSPF, RIP, and EIGRP) could successfully handle a network of this size. BGP was a new Exterior Gateway Protocol (EGP) created to handle routing tables of enormous size. This introductory chapter gives us the overview of BGP and the foundation configuration commands.



* …is a distance vector routing protocol
* …uses TCP as its layer four transport (TCP port 179)
* …does not use triggered updates
* …uses periodic keepalives to verify TCP connectivity
* …is extremely scalable, but is slow to converge

BGP is rarely necessary if your company has a single connection to the Internet. It is most useful when you have multiple or redundant Internet connections since it can then find the service provider with the fastest path to your destination.


Unlike most of the routing protocols you may have configured in the past, BGP does not dynamically discover other neighboring BGP routers. They must be statically configured. This is beneficial since the service provider keeps its BGP connections under tight security. Use the following syntax to configure a BGP neighbor relationship:

Router(config)# router bgp

Router(config-router)# neighbor remote-as

You can only configure a Cisco router for a single BGP autonomous system (AS) (you cannot enter multiple router bgp numbers). However, you can connect to a practically limitless number of neighboring autonomous systems.

Once you have formed your neighbor relationships (neighbors no longer show the idle or active states from the show ip bgp summary output), you are now able to specify which internal networks you would like to advertise into the BGP routing process. Remember, service provider will propagate the networks you advertise to the entire Internet.

There are two ways of advertising internal networks into the BGP routing process: the network or redistribute router configuration commands. The BGP network command operates differently than any other routing protocol. Typically, the network statement tells a routing process the networks on which it should operate. For example, if you typed network when using the RIP routing protocol, RIP would send advertisements out any interface that was using an address from the network. In BGP, the statement network causes BGP to advertise the network to all neighbor relationships it has formed (provided a network is installed on the interior routing table).

The redistribute command, however, works similarly to other routing protocols. The command redistribute eigrp 100 causes all EIGRP routes from autonomous system 100 to enter the BGP routing table.

Route Selection Using Policy Controls

Because BGP is responsible for transmitting the entire Internet routing table, the amount of routes received by your router could be enormous. If your network requires redundant service providers, you would receive multiple copies of this routing table! In order to manage such a large amount of incoming routes, you must implement policy-based filtering techniques. This chapter discusses the following three techniques:

* AS-Path Filtering
* Prefix-List Filtering
* Route-Map Filtering

AS-Path Filtering

AS-Path filters will allow or deny BGP routes based on the autonomous system (AS) string attached to the route advertisement. For example, you could choose to block all incoming routes that originated, passed through, or most recently came from AS 50. You could choose to apply a filter that only permitted routes that have an empty AS-path string. This would effectively block all routes except those which originate from your autonomous system (these routes have an empty AS-path string).

Because AS-Path filters can match any criteria in the AS-path string, it is critical for you to understand regular expressions. Regular expressions allow you to use wildcard characters to provide flexible methods for matching exact AS numbers from the AS-path string. Be sure you understand the following regular expression wildcards:

Wildcard Character


(^) Matches the beginning of a string (i.e. routes originating from a specific autonomous system)

($) Matches the end of a string (i.e. routes coming from a directly attached autonomous system)

(_) Matches the beginning, end, or white space in a string (i.e. routes originating from, passing through, or ending in a specific autonomous system)

(|) Acts as an “or” character (i.e. AS 218 or AS 315)

(\) Removes special meaning from any wildcard character

Prefix-List Filters

Prefix-list filters allow you to filter specific networks from incoming or outgoing BGP advertisements. A prefix-list performs the same role as an access-list, however, Cisco has added many improved features. Individual entries in prefix-lists can be inserted or deleted. Prefix-lists also consume less CPU cycles than an access-list due to tree-structure rather than sequential processing. To create a prefix list, use the following syntax:

Router(config)# ip prefix-list list_name [seq sequence_number] [permit | deny] address/prefix [ge value] [le value]

The ge and le values give you greater flexibility when using prefix lists. They allow you to match ranges of subnets rather than a specific subnet.

For example, if you wanted to permit a specific subnet (, your prefix-list would look like the following:

Router(config)# ip prefix-list Example seq 10 permit

If you wanted to match any non-classful subnets of, you would use the following prefix-list:

Router(config)# ip prefix-list Example seq 10 permit ge 25

The above statement is like saying, “match any address that starts with, but has a subnet mask of 25 bits or greater.” This would effectively match any subnet of the classful address

If you wanted to match a range of subnets, for example, any subnet between 16-bits and 24-bits in length, you would use the following prefix-list:

Router(config)# ip prefix-list Example seq 10 permit le 24

The above statement is like saying, “match any address that starts with, but has a subnet mask between 16-bits and 24-bits in length.”

Route-Map Filtering

Route-maps give you the most administrative flexibility for filtering BGP routes. The route-map you create is comprised of match and set statements. These are analogous to the if and then statements in many programming languages. The route-map will match one or more routes on defined criteria and then set some parameter for those routes. Most administrators prefer to use route-map filtering because they are able to identify (match) routes based on any number of criteria (such as the network number, subnet mask, route origination, AS-path, etc…). Once the route-map matches a route, it can then modify (set) nearly any attribute of that route (such as origin, the next hop address, weight, local preference, etc…). In addition, route-maps can also be combined with prefix-lists to permit or deny routes from entering the local BGP table.

The basic syntax of a route-map is as follows:

Router(config)# route-map name [permit | deny] sequence_number

Router(config-route-map)# match condition

Router(config-route-map)# set parameter