BGP (Border Gateway Protocol) is the routing protocol of the Internet,

used to route traffic from one autonomous system (AS) to another. It’s an
important topic to understand if you work at an ISP or at a large company
that is connected to two or more ISPs. Unlike IGPs like OSPF or EIGRP, BGP
uses a set of attributes to determine the best path for each destination.
There are a lot of options you can use to manipulate traffic patterns.
BGP (Border Gateway Protocol) is the routing protocol that glues the Internet
together. I’m going to explain in which situations we need BGP and how it
works.

Before you continue reading I should tell you to “forget” everything you know
about routing protocols like RIP, OSPF and EIGRP so far…Those three routing
protocols have one thing in common: they are all IGPs (Interior Gateway
Protocols). We only use them within our autonomous system but they are not
scalable to use for a network as large as the Internet.

RIP, OSPF and EIGRP are all different but they have one thing in common…
they want to find the shortest path to the destination. When we look at the
Internet we don’t care as much as to find the shortest path, being able to
manipulate traffic paths is far more important. There is only one routing
protocol we currently use on the Internet which is BGP.

Why do we need BGP?

Let’s start by looking at some scenarios so you can understand why and
when we need BGP:

Nowadays almost everything is connected to the Internet. In the picture

above we have a customer network connected to an ISP (Internet Service
Provider). Our ISP is making sure we have Internet access. Our ISP has given
us a single public IP address we can use to access the Internet. To make
sure everyone on our LAN at the customer side can access the Internet we
are using NAT/PAT (Network / Port address translation) to translate our
internal private IP addresses to this single public IP address. This scenario is
excellent when you only have clients that need Internet access. On our
customer LAN we only need a default route pointing to the ISP router and we
are done. For this scenario we don’t need BGP…
Maybe the customer has a couple of servers that need to be reachable from
the Internet…perhaps a mail- or webserver. We could use port forwarding
and forward the correct ports to these servers so we still only need a single IP
address. Another option would be to get more public IP addresses from our
ISP and use these to configure the different servers. For this scenario we still
don’t need BGP…

What if I want a bit more redundancy? Having a single point of failure isn’t a
good idea. We could add another router at the customer side and connect it
to the ISP. You can use the primary link for all traffic and have another link as
the backup. We still don’t require BGP in this situation, it can be solved with
default routing:

 Advertise a default route in your IGP on the primary customer router

with a low metric.
 Advertise a default route in your IGP on the secondary customer router
with a high metric.

This will make sure that your IGP sends all traffic using the primary link. Once
the link fails your IGP will make sure all traffic is sent down the backup link.
Let me ask you something to think about…can we do any load balancing
across those two links? It’ll be difficult right?

Your IGP will send all traffic down the primary link and nothing down the
backup link unless there is a failure. You could advertise a default route with
the same metric but you’d still have something like a 50/50% load share.
What if I wanted to send 80% of the outgoing traffic on the primary link and
20% down the backup link? That’s not going to happen here but with BGP it’s
possible.
This scenario is a bit more interesting. Instead of being connected to a single
ISP we now have two different ISPs. For redundancy reasons it’s important to
have two different ISPs, in case one fails you will always have a backup ISP to
use. What about our Customer network? We still have two servers that need
to be reachable from the Internet.

In my previous examples we got public IP addresses from our ISP. Now I’m
connected to two different ISPs so what public IP addresses should I use?
From ISP1 or ISP2? If we use public IP addresses from ISP1 (or ISP2) then
these servers will be unreachable once the ISP has connectivity issues.

Instead of using public IP addresses from the ISP we will get our own public IP
addresses.The IP address space is maintained by IANA (Internet Assigned
Numbers Authority – http://www.iana.org/ ). IANA is assigning IP address
space to a number of large Regional Internet Registries like RIPE or ARIN.
Each of these assign IP address space to ISPs or large organizations.
When we receive our public IP address space then we will advertise this to
our ISPs. Advertising is done with a routing protocol and that will be BGP.

If you are interested here’s an overview of the IPv4 space that has been
allocated by IANA:

IANA IPv4 address space

Autonomous Systems
Besides getting public IP address space we also have to think about an AS
(Autonomous System):

An AS is a collection of networks under a single administrative domain. The

Internet is nothing more but a bunch of autonomous systems that are
connected to each other. Within an autonomous system we use an IGP like
OSPF or EIGRP.

For routing between the different autonomous systems we use an EGP

(external gateway protocol). The only EGP we use nowadays is BGP.

How do we get an autonomous system number? Just like public IP address

space you’ll need to register one.

Autonomous system numbers are 16-bit which means we have 65535

numbers to choose from. Just like private and public IP addresses, we have a
range of public and private AS numbers.
Range 1 – 64511 are globally unique AS numbers and range 64512 – 65535
are private autonomous system numbers.

If you are interested, see if you can find the AS number of your ISP:

UltraTools AS Information Lookup

BGP has two flavors:

 External BGP: used between autonomous systems

 Internal BGP: used within the autonomous system.

External BGP is to exchange routing information between the different

autonomous systems. In this lesson I explain why we need internal BGP. I
would recommend to read it after finishing this lesson and learning
about external BGP first.

BGP Advertisements
You now have an idea of why we require BGP and what autonomous systems
are. The Internet is a big place, as I am writing this there are more than
500.000 prefixes in a complete Internet routing table. If you are curious, you
can find the size of the Internet routing table here:

CIDR Report

On the internet there are a number of looking glass servers. These are
routers that have public view access and you can use them to look at the
Internet routing table. If you want to see what it looks like check out:

Looking glass servers

Scroll down all the way to “Category 2 – IPv4 and IPv6 BGP Route Servers by
region (TELNET access)”. You can telnet to these devices and use show ip
route and show ip bgp to check the BGP or routing table.

When we run BGP, does this mean we have to learn more than 500.000
prefixes? It depends…let’s look at some examples:
Above in our picture our customer network has an autonomous system
number (AS 1) and some IP address space (10.0.0.0 /8), let’s pretend that
these are public IP addresses. We are connected to two different ISPs and you
can see their AS number (AS2 and AS3) and IP address space (20.0.0.0/8 and
30.0.0.0/8). We can reach the rest of the internet through both ISPs.

We can use BGP to advertise our address space to the ISPs but what are the
ISPS going to advertise to our customer through BGP? There are a number of
options:

 They advertise only a default route.

 They advertise a default route and a partial routing table.
 They advertise the full Internet routing table.

Single Homed
The single homed design means you have a single connection to a single ISP.
With this design, you don’t need BGP since there is only one exit path in your
network. You might as well just use a static default route that points to the
ISP.

The advantage of a single-homed link is that it’s cost effective, the

disadvantage is that you don’t have any redundancy. Your link is a single
point of failure but so is using a single ISP.
Dual Homed
The dual homed connection adds some redundancy. You are still only
connected to a single ISP, but you use two links instead of one. There are
some variations for this design. Here’s the first one:

With this design, we use a single router on both ends, but we do have
redundant links.

To increase redundancy, we can add a second router:

In the example above, the ISP has a second router. We also could have used
a second router at the customer’s side and a single router at the ISP. For
even more redundancy, add a second router at both sides:
The example above offers the most redundancy when you are connected to a
single ISP. We have two links and two routers on both ends. One
disadvantage of this design is that we are still using a single ISP.

Single Multi-homed
Multihomed means we are connected to at least two different ISPs. The most
simple design looks like this:

Above you see that we have a single router at the customer, connected to
two different ISPs. The single point of failure in this design is that you only
have one router at the customer. When it fails, you won’t be able to connect
to any ISP. We can improve this by adding a second router:
This is a pretty good design, we only use single links, but we are connected
to two different ISPs using different routers.

Dual Multihomed
The dual multihomed designs means we are connected to two different ISPs,
and we use redundant links. There are some variations, here’s the first one:

Above you can see that we are connected to two different ISPs, using one
router and two links to each ISP. We have redundant ISPs and links, but the
router is still a single point of failure. We can improve this by adding a second
router:
The design above is better; it has two customer routers. One disadvantage,
however, is that once one of your router fails, you will lose the connection to
one of the ISPs. Using the same number of routers and links, the following
design might be better:

This design has redundant ISPs, routers, and links. Both customer routers are
connected to both ISPs. This design does offer the highest redundancy but
it’s also an expensive option.

Conclusion
You have now learned what the different (BGP) connection options to an ISP
are:

 Single homed: you are connected to a single ISP using a single link.
  Dual homed: you are connected to a single ISP using dual links.
 Single multi-homed: you are connected to two ISPs using single links.
 Dual multi-homed: you are connected to two ISPs using dual links.

How to configure EBGP (External BGP)

In this lesson I will show you how to configure EBGP (External BGP) and how
to advertise networks. I will be using the following topology:

Let’s start with a simple topology. Just two routers and two autonomous
systems. Each router has a network on a loopback interface which we are
going to advertise in BGP.

R1(config)#router bgp 1

R1(config-router)#neighbor 192.168.12.2 remote-as 2

R2(config)#router bgp 2

R2(config-router)#neighbor 192.168.12.1 remote-as 1

Use the router bgp command with the AS number to start BGP. Neighbors
are not configured automatically this is something you’ll have to do yourself
with the neighbor x.x.x.x remote-as command. This is how we
configure external BGP.

R1# %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up

R2# %BGP-5-ADJCHANGE: neighbor 192.168.12.1 Up

If everything goes ok you should see a message that we have a new BGP
neighbor adjacency.
R1(config)#router bgp 1

R1(config-router)#neighbor 192.168.12.2 password MYPASS

R2(config)#router bgp 2

R2(config-router)#neighbor 192.168.12.1 password MYPASS

If you like you can enable MD5 authentication by using the neighbor
password command. Your router will calculate a MD5 digest of every TCP
segment that is being sent.

R1#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 1

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd

192.168.12.2 4 2 10 10 1 0 0 00:07:12 0

R2#show ip bgp summary

BGP router identifier 2.2.2.2, local AS number 2

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd

192.168.12.1 4 1 11 11 1 0 0 00:08:33 0

Show ip bgp summary is an excellent command to check if you have BGP

neighbors. You also see how many prefixes you received from each neighbor.
3.6 Configure and verify single-homed branch
connectivity using eBGP IPv4 (limited to peering and
route advertisement using Network command only)

‘BGP is the routing protocol of The Internet’. First thing you

learn about the Internet when you start reading about it is
that it is a ‘network of networks. Each of these smaller
networks is usually under one organisations control – usually
an ISP. In BGP these networks are called ‘autonomous
systems’, which can have a group of IP addresses assigned to
them.
We don’t usually run BGP in our personal networks, but once
we break out of our own managed networks, we will link into
a network that IS running BGP. Networks running BGP try and
find the best route to an IP address by finding out the fastest
way to its Autonomous system that has the IP included in it.

The metric for what makes the best route is much more
complicated than any of the routing protocols we have
looked at. It is also the only exterior gateway protocol in use
today. It’s much slower than IGP protocols, but also needs
less processing power – which is a good trade off seeing as
there are millions of routers that make up the Internet.

BGP Routers do not form neighbours by themselves, they

have to be set manually. That said if all the Routers are
managed by the same organisation (they are all in the same
autonomous system) an ISP might decide to set them all up
with an IGP in the interest in speed.

BGP relies on batch updates to push out routes, if you use

eBGP (external BGP – routes exchanged outside the
autonomous system) then the interval is 30 seconds, if you’re
using iBGP (internal BGP – routes exchanged inside the
autonomous system) then the interval is just 5 seconds.

eBGP configuration
This is the connection that we are going to be establishing
BGP on.
So, the first thing you will do when configuring a Router to
use BGP is set it up to use BGP along with its autonomous
system number. The autonomous system number you need
to have assigned to you and it will be a number between 0
and 65535. In this example we will use 24601. Each router
can only be in one autonomous system.

Then you set up a neighbor. – most of the commands in BGP

config start with neighbor [IP ADDRESS] [OTHER COMMAND],
and there are pages and pages of config options. The
command we’ll be putting in first is neighbor [IP ADDRESS]
[REMOTE-AS] – so we will be defining the AS that IP is
associated with. In this case it’s an evil remote network so its
AS number will be 666.
Note – this is also how the Router knows it’s running
eBGP. If the AS number was the same on both ends it
would be iBGP.

It can take a scary amount of time for that neighbour

relationship to come up. But once it’s up yay – that’s all there
is to a very basic eBGP setup.

Advertising out using the network command

BGP doesn’t form neighbor relationships using the network
command, they are input manually. The network command in
BGP world takes a route from the routers internal Routing
table, and then advertises it to the outside world. And it has
to be exact.

To demonstrate this, I am going to add a loopback address to

Router1 of 50.10.0.0 255.255.0.0 so a /16 network (interface
Loopback 1 -> ip address 50.10.0.1 255.255.0.0). And add it
to the Routing table (ip route 50.10.0.0. 255.255.0.0
Loopback 1) and then advertise it out with the neighbor
command network [IP ADDRESS] mask [SUBNET MASK]

We can confirm that this has been sent out by jumping onto
Router2 and running show ip bgp:

And we can also see it in the Routing table:

Verifying eBGP
The first command to verify this is the show ip bgp
summary command.
There is also a show ip bgp neighbor command which shows
you a whole bunch of information, most of which you don’t
care about at this level.
There is also a show ip bgp command – which is essentially
show ip route – but BGP flavoured.

 BGP is a path vector protocol

 It makes routing decisions based on the Best Path Algorithm
 BGP exchanges routing information with a neighbor (peer) router
 BGP uses Autonomous Systems. BGP routers in other ASs are
typically under the control of another company. For example, your
company has a BGP router that peers with the ISPs BGP router.
Your BGP router will be in a different AS than the ISP router. Those
routers participate in eBGP.
 If you had two BGP routers in your AS than they would talk to each
other via iBGP.
 BGP uses TCP port 179
 BGP assigns the first valid path as the current best path
 BGP then compares the best path with the next path in the list, until
it reaches the end of the list of valid paths
 There are 15 rules determining the best path. You don’t need to
know these for the CCNA. Just understand that it goes through a
process from 1 to 15 to figure out the best path.