How to Configuring BGP

Recall that an IGP is an Internal Gateway Protocol: whatever your routers speak “at home” — probably RIP, IGRP, EIGRP, or OSPF.

We saw that one of the usual reasons people have for wanting to run BGP is being multi-homed, either to one or two ISP’s. We examined the various “degrees of BGP” that you might wish to use, matching what you do to your needs and your skills. I hope that left you with the idea that there are some finer gradations in between “no BGP” and “full Internet routing with BGP”, sort of a 1-10 scale of increasingly difficult things to attempt.

And don’t assume that high-quality Internet connectivity, with redundancy, requires BGP. BGP just buys you the capability of doing more complex things, more optimal routing. Rarely do we want or need “perfect” routing (in the sense of the absolute best path). We trade off optimality for smaller routing tables, stability, and ease of troubleshooting.

 

To aid in categorizing the various levels of complexity one might tackle with BGP, I introduced some diagrams like the following. We then discussed them, with some caveats as to what they don’t show.

Designs

Diagram 1: one connection to ISP: use default routing!

Diagram 2: one corporate gateway router, two connections to ISP (possibly geographically diverse).

Configuration for Diagram 1

A configuration for Diagram 1 might look something like the following:

 

 

I’ve assumed the ISP has issued 200.30.50.0 /24 for local use, and that they’re taking care of routing traffic to you (possibly via static routing). The example uses a static default route, redistributed, with a distribute list to make sure we don’t accidentally redistribute any other static routes that get added later. This is a bit unnatural for EIGRP, which understands “ip default-network” better. That’s perfectly workable, but you need a good choice of default network (preferably one of your ISP’s Class B’s, or MAE-East or some large aggregate that isn’t too likely to go away). You also need to already have an EIGRP route to it, possibly a redistributed static route — so why not use a static to 0.0.0.0 /0?

For reference; “ip default-gateway” only applies when your router isn’t a router. (That’s a riddle: when is a router not a router?) Answer: when you configure “no ip routing” or when you boot in RXBOOT mode.

Configuration for Diagram 2

Suppose your provider wants to hear about your availability via BGP. Suppose furthermore that you have unequal speed links,
with the bottom link in the diagram being a T1 and the top link being a lower speed backup. Then your configuration might look something like the following:

 

This causes outbound traffic to prefer the link to 200.30.40.1, because of the static default route. We advertise our prefix to the ISP (so the ISP can track link availability dynamically). We tell the ISP via the lower metric (MED: Multiple Exit Discriminator) to use the link from 200.30.40.1 for return traffic, unless it is down. The route map NOROUTES keeps us from learning routes from our ISP: we don’t need to know any.

The static routes to 0.0.0.0 /0 take care of default. We of course redistribute these into our internal protocol, not shown in this example (probably something like in the first example). The floating static route (ending in 70) only applies if and when the other static route fails, i.e. when 200.30.40.1 is unreachable.

There are other possibilities for Diagram 2, such as load balancing across equal speed links. Since space is short, let’s move on and look at a more complicated scenario. (Those who are paying close attention will note that we’ve omitted our prior Diagram 3, for space reasons).

Diagram 4: two corporate gateway routers, geographically diverse on both ends.

Configuration for Diagram 4

I’ve drawn the picture with a serial link between Router A and Router B. This makes iBGP simpler, and means that we don’t have to worry about IGP synchronization, possible routing loops, etc. along a multi-router path between A and B.

Routing policy:

Our corporate network, AS 1000, will only learn routes to destinations in the ISP, AS 1, or its customers. (In our sample configuration, I’ve used 145.1.0.0 /16 for the ISP’s network). We’ll assume for simplicity that the ISP is stripping any AS paths for its customers so that we’ll only see such AS paths advertised as “1”. This might well be the case if the ISP customers are using private AS numbers. Our AS 1000 is to use the 200.30.40.0 (bottom) link, via Router B, for outbound traffic to AS 1. Remaining outbound traffic is to normally use the other (top) link, via Router A. Inbound traffic should use whichever link is closest since the ISP only sees a summary route. This is for stability, they and the Internet don’t need to hear about our internal links going up or down.

Note also that this shuffles traffic between A and B somewhat, depending on connectivity to the rest of our network (not shown). Traffic for 145.1.0.0 /16 that arrives at A gets sent to B. Other traffic (following the default route) that arrives at B gets sent to A. Balancing could be done by “tuning” to allow information about additional AS’s in via B.

Question: do we summarize 145.1 /16?

Another approach is to reason that you only care to take “the best exit” to destinations in AS 1 (or customer AS’s). The idea would be to redistribute information about the ISP network 145.1.0.0 /16 carefully at A and B, into our IGP. The question here is, since we redistribute with a default metric, we really are only picking the closest exit point, which we could do much more simply with default routing. If we want the redistributed routes to contain more information, we need to fiddle with route maps to influence the metrics.

As part of this alternative strategy, both A and B could then also advertise default into the IGP. This allows traffic to fail over to the other link in case of a failure.

However, this alternative isn’t what I’ve built and tested.

By the way, I’ve also used the Serial 0 addresses on routers A and B for iBGP neighbors, for simplicity, whereas loopback addresses might be somewhat preferable. You’ll also notice I tried this on 2500s, not on 7×00’s (didn’t happen to have any with me this week). Just imagine that “Serial 0” is “Serial 0/0”, and “Serial 1” is “Serial 1/0”. Since back-to-back serial links were used, the configurations also show “clock rate” commands for the DCE-cabled serial port. And I realize I’ve never really written about route maps — but space is tight, so that will have to wait for another article (sometimes).

Configurations:

RouterA

 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
       U - per-user static route, o - ODR

Gateway of last resort is 200.50.80.2 to network 0.0.0.0

B    145.1.0.0/16 [20/0] via 200.30.30.1, 00:09:07 
     200.50.80.0/24 is variably subnetted, 4 subnets, 2 masks 
D       200.50.80.128/27 [90/46251776] via 200.50.80.66, 01:07:07, Ethernet0 
C       200.50.80.0/30 is directly connected, Serial1 
D       200.50.80.96/27 [90/46277376] via 200.50.80.66, 01:06:59, Ethernet0 
C       200.50.80.64/27 is directly connected, Ethernet0 
     200.30.30.0/24 is variably subnetted, 2 subnets, 2 masks 
D       200.30.30.0/24 is a summary, 00:09:30, Null0 
C       200.30.30.0/30 is directly connected, Serial0 
B    200.30.40.0/24 [20/0] via 200.30.30.1, 00:09:07 
D*EX 0.0.0.0/0 [170/257024000] via 200.50.80.2, 00:11:00, Serial1 
S    200.50.80.0/20 is directly connected, Null0 

BGP table version is 24, local router ID is 200.50.80.65 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop          Metric LocPrf Weight Path 
*> 145.1.0.0        200.30.30.1            0    300      0 1 i 
*> 200.30.30.0      200.30.30.1     46226176    300      0 1 i 
*> 200.30.40.0      200.30.30.1                 300      0 1 i 
* i200.50.80.0/20   200.50.80.2            0    100      0 i 
*>                  0.0.0.0                0         32768 i

 RouterB

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
       U - per-user static route, o - ODR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

B    145.1.0.0/16 [200/0] via 200.50.80.1, 00:08:47 
     200.50.80.0/24 is variably subnetted, 4 subnets, 2 masks 
D       200.50.80.128/27 [90/46251776] via 200.50.80.98, 01:06:46, Ethernet0 
C       200.50.80.0/30 is directly connected, Serial1 
C       200.50.80.96/27 is directly connected, Ethernet0 
D       200.50.80.64/27 [90/46277376] via 200.50.80.98, 01:06:39, Ethernet0 
B    200.30.30.0/24 [200/46226176] via 200.50.80.1, 00:08:47 
     200.30.40.0/24 is variably subnetted, 2 subnets, 2 masks 
D       200.30.40.0/24 is a summary, 00:10:41, Null0 
C       200.30.40.0/30 is directly connected, Serial0 
S*   0.0.0.0/0 is directly connected, Serial0 
S    200.50.80.0/20 is directly connected, Null0 

BGP table version is 15, local router ID is 200.50.80.97 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop          Metric LocPrf Weight Path 
*>i145.1.0.0        200.50.80.1            0    300      0 1 i 
*>i200.30.30.0      200.50.80.1     46226176    300      0 1 i 
*>i200.30.40.0      200.50.80.1            0    300      0 1 i 
*> 200.50.80.0/20   0.0.0.0                0         32768 i 
* i                 200.50.80.1            0    100      0 i


RouterC

  •  Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
         D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •    N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •    E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •    i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •    U – per-user static route, o – ODR

Gateway of last resort is not set

  • C    145.1.0.0/16 is directly connected, Ethernet0 
         200.30.30.0/24 is variably subnetted, 2 subnets, 2 masks 
    D    200.30.30.0/24 is a summary, 00:00:48, Null0 
    C    200.30.30.0/30 is directly connected, Serial0 
    D    200.30.40.0/24 [90/46251776] via 145.1.0.200, 00:00:44, Ethernet0 
    B    200.50.80.0/20 [20/0] via 200.30.30.2, 00:08:07 

BGP table version is 38, local router ID is 200.30.30.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop          Metric LocPrf Weight Path 
* i145.1.0.0        145.1.0.200            0    100       0 i 
*>                  0.0.0.0                0          32768 i 
*>  200.30.30.0      0.0.0.0         46226176         32768 i 
*>i200.30.40.0      145.1.0.200     46226176    100       0 i 
*>  200.50.80.0/20   200.30.30.2            0             0 1000 i 
* i                  200.30.40.2            0   100       0 1000 i 
 

 

RouterD

 

    •  Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
    •  D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •  N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •  E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •  i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •  U – per-user static route, o – ODR

Gateway of last resort is not set

  • C    145.1.0.0/16 is directly connected, Ethernet0 
    D    200.30.30.0/24 [90/46251776] via 145.1.0.199, 00:01:06, Ethernet0 
         200.30.40.0/24 is variably subnetted, 2 subnets, 2 masks 
    D    200.30.40.0/24 is a summary, 00:01:01, Null0 
    C    200.30.40.0/30 is directly connected, Serial0 
    B    200.50.80.0/20 [20/0] via 200.30.40.2, 00:09:46 

BGP table version is 59, local router ID is 200.30.40.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop          Metric LocPrf Weight Path 
* i145.1.0.0        145.1.0.199            0    100      0 i 
*>                  0.0.0.0                0         32768 i 
*>i200.30.30.0      145.1.0.199     46226176    100      0 i 
*> 200.30.40.0      0.0.0.0         46226176         32768 i 
* i200.50.80.0/20   200.30.30.2            0    100      0 1000 i 
*>                  200.30.40.2            0             0 1000 i 

 

RouterG

 

  •  Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
    •     D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •     N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •    E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •    i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •    U – per-user static route, o – ODR

Gateway of last resort is 200.50.80.65 to network 0.0.0.0

        200.50.80.0/27 is subnetted, 3 subnets 
C       200.50.80.128 is directly connected, Serial1 
D       200.50.80.96 [90/46251776] via 200.50.80.130, 01:07:36, Serial1 
C       200.50.80.64 is directly connected, Ethernet0 
D*EX 0.0.0.0/0 [170/257049600] via 200.50.80.65, 00:11:37, Ethernet0 
               [170/257049600] via 200.50.80.130, 00:11:37, Serial1 
 

% BGP not active

RouterH

  •  Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
    •    D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •    N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •    E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •    i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •    U – per-user static route, o – ODR

Gateway of last resort is 200.50.80.97 to network 0.0.0.0

        200.50.80.0/27 is subnetted, 3 subnets 
C       200.50.80.128 is directly connected, Serial1 
C       200.50.80.96 is directly connected, Ethernet0 
D       200.50.80.64 [90/46251776] via 200.50.80.129, 01:07:58, Serial1 
D*EX 0.0.0.0/0 [170/256537600] via 200.50.80.97, 00:11:58, Ethernet0 
 

% BGP not active

RouterE

  •  Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
    •     D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •     N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •     E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •     i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •     U – per-user static route, o – ODR

Gateway of last resort is not set

C    145.1.0.0/16 is directly connected, Ethernet0 
D    200.30.30.0/24 [90/46251776] via 145.1.0.199, 00:03:03, Ethernet0 
D    200.30.40.0/24 [90/46251776] via 145.1.0.200, 00:03:01, Ethernet0 
D EX 200.50.80.0/20 [170/2636800] via 145.1.0.199, 00:03:03, Ethernet0 
                    [170/2636800] via 145.1.0.200, 00:03:03, Ethernet0 

% BGP not active

 

RouterF

    Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP

    •       D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
    •       N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
    •       E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
    •       i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, * – candidate default
    •       U – per-user static route, o – ODR

Gateway of last resort is not set

C    145.1.0.0/16 is directly connected, Ethernet0 
D    200.30.30.0/24 [90/46251776] via 145.1.0.199, 00:03:20, Ethernet0 
D    200.30.40.0/24 [90/46251776] via 145.1.0.200, 00:03:14, Ethernet0 
D EX 200.50.80.0/20 [170/2636800] via 145.1.0.199, 00:03:14, Ethernet0 
                    [170/2636800] via 145.1.0.200, 00:03:14, Ethernet0 
 

% BGP not active