BGP



Best BGP Practices:

  • Establish EBGP session on physical link and not via loopback unless there are more links between two EBGP peers.
  • Establish IBGP via loopback, so that any link failure makes IGP to choose another route to loopback quickly.
  • To control out-going traffic, tweak inbound policy:
    • Using weight attribute (local to a single router)
    • Using Local preference (local to single AS)
  • To control incoming traffic, tweak outbound policy:
    • Using MED attribute(when dealing with single neighbor AS)
    • Using AS path prepending ( when dealing with different AS )
  • Not recommended to redistribute eBGP routes to IGP, even in transit AS scenario. Always use iBGP and by default, iBGP routes cannot be redistributed to any IGP.

BGP States;

IDLE:

  • When “router bgp xx” is configured, router allocates BGP resources and its state will be IDLE.

CONNECT:

  • Once “neighbor x.y.z” is configured, router tries to establish TCP to the destination IP. It initializes the TCP connection and (re)set the ConnectRetry(CR) timer to 0.

1)      If successful, router sent an OPEN message and transit to “Opensent” state.

2)      If unsuccessful, state changes to “Active”

3)      If CR expires, state changed to “Connect”, reset the CR timer and initialize the TCP connection. If success point 1 happens, if fails point 2 happens

CONNECT: We are initializing a TCP Connection.

ACTIVE: we are ready to accept a TCP connection.

OPENSENT:

  • We sent an OPEN message and we are waiting for neighbors OPEN message.

1)      Once we receive OPEN message, check AS is same as configured neighbor AS.

2)      Consider whether we are establishing IBGP or EBGP.

3)      Negotiate on hold down timer (minimum of two).

4)      Sent a keepalive and change to “OPEN CONFIRM” state.

OPENCONFIRM:

  • We are expecting for a Keepalive from neighbor.

1)      If keepalive received, change to “Established”.

2)      Any other event, change to “Idle”

BGP Basics:

  • TCP port: 179
  • Default Parameters;
    1. Keepalive = 60 sec
    2. Hold time = 180 sec
    3. Weight = 32768 for local BGP routes, 0 for others.
    4. Local Preference value = 100
    5. MED = 0
    6. Dampening:
      • Penalty: 1000 per flap
      • Suppress-limit: 2000
      • Reuse time: 750
      • Half-life period: 15 mins
      • Maximum Suppress time: 60 mins.
  • Attributes:
    1. Well-known Mandatory – Origin, AS_PATH, Next-Hop
    2. Well-known Discretionary – Local Preference, ATOMIC-AGGREGATE
    3. Optional Transitive – Community, AGGREGATOR, Extended Community
    4. Optional Nontransitive – MED, Originator ID, Cluster ID, MP_(UN)REACH_NLRI and many.

BGP Decision Process: (Chronology order)

1)      Highest weight (if tie, then).

2)      Highest LP.

3)      Local BGP routes. (via IGP)

4)      Shortest AS_PATH

5)      Lowest Origin codes.

6)      Lowest MED (metric)

7)      EBGP >  Confed EBGP > IBGP routes.

8)      Shortest Path to Next-Hop.

9)      ECMP when “maximum-path” is configured.

Else, Lowest BGP router ID.

OBSERVATIONS:

  • Minimum of hold time is negotiated. Both peers should use same hold time. (KA time need not to be same).
  • KA is selected as below:

1)      KA= hold time/3.

2)      If user configured KA value is less than (hold time/3), configured value is selected as KA.

3)      Else, if configured KA value is greater than (hold time/3), latter is chosen as the KA.

  • While doing hard reset, FIN (finish) bit is set in TCP message, which makes TCP session to tear down.
  • While doing soft reset, Route Refresh message (type 5), is sent and which makes other end to send full BGP routes again. There is no change in TCP connection/Port number
  • Next-Hop attribute will not change when the BGP updates are sent from Border router to IBGP peers. Use, “next hop-self” option at border router, or run IGP as passive mode in the outgoing link to another AS.
  • BGP updates from an IBGP peer is never sent to another IBGP peer (exception in “route-reflector” scenario where RR reflects the route from a client to other client without any attribute change).
  • “NO_EXPORT” community routes are advertised to other member-AS inside a confederation but not outside the confederation boundary.  “LOCAL_AS” community routes are NOT advertised to any external peers. “NO_ADVERTISE” community routes are not advertised to any peer (iBGP or eBGP). All BGP routes, by default, belongs to “Internet” community.
  • “network <prefix>” will install the prefix in BGP table only when there is an active entry for that network in routing table.
  • “aggregate address” will aggregate only when there is atleast one more-specific route in BGP table.
  • BGP neighbor ship cannot be established using a default route.
  • TTL value for IBGP=255 and EBGP packets=1 (by default).
  • If there are more than one links between EBGP peers, then establish neighborship via loopback with “multi-hop” option.
  • If there is only match statement and there is no set statement: matched routes alone advertised with no change in attribute.
  • If there is only set statement and not match statement, all routes are matched and the set command is applied to all routes.
  • We cannot filter the default route (with “default originate” command) using an outbound policy.
  • To filter based on IP address – use access list — with “neighbor distribute list” command.
  • To filter based on AS path — Use as-path access list – with “neighbor filter list” command.
  • “neighbor prefix-list”  == extended access list in “neighbor distribute ”
  • Once a Keepalive/update is sent, reset the “KA” timer (set it to zero). Once we receive keepalive/update, reset the Hold time
  • Private AS Numbers: 64512 to 65535
  • Advertisements

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s