BGP 4 configuration options

The BGP routing protocol is very rich and offers many options. In this paragraph we will study the most used and useful BGP options.

We describe these options in the IPv4 context, however they are not specific to an address family, and most of them are available with IPv6 too.

Aggregation

The main goal of aggregation is to summarize the number of network prefixes that are announced into the Internet. In fact, aggregation is a requirement when the mask length is greater to 24 because your peers or the peers of your peers will filter some of them.

However, the route aggregation can introduce some network loops or some black holes when it is not set properly.

Note

  • A BGP router can advertise an aggregated network only if one route of the aggregate network is in the BGP table. For example if we consider four networks 192.168.0.0/24 through 192.168.3.0/24, the BGP router can advertise the aggregate network 192.168.0.0/22 only if at least one network (192.168.1.0/24 through 192.168.3.0/24) is in the BGP table. (Otherwise we can see one of this network when typing the command show routing ip bgp).
  • If all the sub-networks of an aggregated network go down, this aggregated network will not be advertised.
  • It is recommended to check that the aggregated network is not stopped by an access list.
../../../../../_images/bgp-4-aggregation.png

BGP 4 aggregation

The aggregation of the IPv4 network prefixes within the BGP 4 tables can be done with the following command:

rt2{myconfig-rtg-bgp}aggregate-address PREFIX/M [summary-only] [as-set]

The aggregate command originates a new prefix. However, how to summarize the different AS-PATH ? There are two solutions:

  • The AS-PATH is suppressed, although some network loops could be introduced.
  • The AS-PATH is summarized within an unordered set (AS-SET), although some black hole could be created.

Moreover, the ID of the router is set within the new BGP 4 vector to help traffic engineering.

No aggregation flags

When neither the summary-only flag nor the as-set flag are set, a route with the aggregated PREFIX/M is originated from the BGP router. However the sub-prefixes are still advertised.

Example

rt2{myconfig-rtg}display
  router bgp 65520
    neighbor 10.1.1.6 remote-as 65530
    neighbor 10.1.1.1 remote-as 65510
    aggregate-address 192.168.0.0/22
    network 192.168.2.0/24
    network 192.168.3.0/24
rt1{}show routing ip bgp
BGP table version is 0, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  10.1.1.2                       0 65520 i
*> 192.168.0.0     10.1.1.2                       0 65520 65530 i
*> 192.168.1.0     10.1.1.2                       0 65520 65530 i
*> 192.168.2.0     10.1.1.2       0               0 65520 i
*> 192.168.3.0     10.1.1.2       0               0 65520 i

Total number of prefixes 5
rt1{}show routing ip bgp 192.168.0.0/22

BGP routing table entry for 192.168.0.0/22
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  65520, (aggregated by 65520 192.168.3.1)
    10.1.1.2 from 10.1.1.2 (192.168.3.1)
      Origin IGP, localpref 100, valid, external, atomic-aggregate, best
      Last update: Fri Sep 1 03:55:33 2000

Note

  • The aggregated prefix has the attribute atomic-aggregate, which means that the AS information is lost for the aggregate prefix (192.168.0.0/22).
  • Not to advertise the aggregated prefix, the flag summary-only can be set. Or a prefix-list or a distribute-list can be defined.

Moreover this aggregated prefix is received by rt3 too:

rt3{}show routing ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       B - BGP, D - DEP, > - selected route, * - FIB route

C>* 10.1.1.4/30 is directly connected, eth1_0
C>* 127.0.0.0/8 is directly connected, lo0
B>* 192.168.0.0/22 [20/0] via 10.1.1.5, eth1_0, 00:04:07
C>* 192.168.0.0/24 is directly connected, eth0_0
C>* 192.168.1.0/24 is directly connected, eth0_0
B>* 192.168.2.0/24 [20/0] via 10.1.1.5, eth1_0, 00:04:07
B>* 192.168.3.0/24 [20/0] via 10.1.1.5, eth1_0, 00:04:07

Summary-only aggregation flag

When the summary-only flag is set and the as-set flag is not set, only the route with the aggregated PREFIX/M is originated from the BGP router. The sub-prefixes are not advertised. Moreover the ID of the router is set within the AS-PATH to help traffic engineering.

Example

rt2{myconfig-rtg-bgp}aggregate-address 192.168.0.0/22 summary-only

If the flag summary-only is set, the router will only advertise the aggregate prefix. We can notice that on the router which is advertising the aggregate prefix, the sub-prefixes have been suppressed, the remote peers will only see the aggregate prefix,

rt2{}show routing ip bgp
BGP table version is 0, local router ID is 192.168.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

    Network         Next Hop   Metric  LocPrf  Weight  Path
*>  192.168.0.0/22  0.0.0.0                     32768  i
s>  192.168.0.0     10.1.1.6        0               0  65530 i
s>  192.168.1.0     10.1.1.6        0               0  65530 i
s>  192.168.2.0     0.0.0.0         0           32768 i
s>  192.168.3.0     0.0.0.0         0           32768 i

    Total number of prefixes 5

The sub-prefixes which have been suppressed are labeled s.

On the remote peer, only the route to 192.168.0.0/22 is received by the BGP RIB:

rt1{}show routing ip bgp
BGP table version is 0, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  10.1.1.2                       0  65520 i

Total number of prefixes 1

However, rt3 is still getting the aggregated route:

rt3{}show routing ip bgp
BGP table version is 0, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  10.1.1.5                       0  65520 i
*> 192.168.0.0     0.0.0.0        0          32768   i
*> 192.168.1.0     0.0.0.0        0          32768   i

Total number of prefixes 3

As-set aggregation flag

When the summary-only flag is not set and the as-set flag is set, a route with the aggregated PREFIX/M is originated from the BGP router. Moreover the information of the previous AS-PATHs is collected into an unordered list called an AS-SET. This AS-SET, that is included within the new AS-PATH originated by the router, can help to avoid some networks loops. However the sub-prefixes are still advertised.

rt2{myconfig-rtg-bgp}aggregate-address 192.168.0.0/22 as-set

The AS information appears between brackets { }. It is an unordered list of the ASes.

In our example we will have:

rt2{}show running-config
  router bgp 65520
    neighbor 10.1.1.6 remote-as 65530
    neighbor 10.1.1.1 remote-as 65510
    aggregate-address 192.168.0.0/22 as-set
    network 192.168.2.0/24
    network 192.168.3.0/24

As said before, rt2 can advertise an aggregate prefix because it knows at least one of its sub-networks.

Now by checking the rt2 BGP RIB we will see:

rt2{}show routing ip bgp
BGP table version is 0, local router ID is 192.168.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  0.0.0.0                    32768  {65530} i
*> 192.168.0.0     10.1.1.6       0               0  65530 i
*> 192.168.1.0     10.1.1.6       0               0  65530 i
*> 192.168.2.0     0.0.0.0        0           32768  i
*> 192.168.3.0     0.0.0.0        0           32768  i

Total number of prefixes 5

The route to 192.168.0.0/22 is not announced with the atomic-aggregate flag anymore. It just has the aggregated flag:

rt2{}show routing ip bgp 192.168.0.0/22
BGP routing table entry for 192.168.0.0/22
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to non peer-group peers:
  10.1.1.1 10.1.1.6
  {65530}, (aggregated by 65520 192.168.3.1)
    0.0.0.0 from 0.0.0.0 (192.168.3.1)
      Origin IGP, localpref 100, weight 32768, valid, aggregated, local, best
      Last update: Fri Sep 1 04:13:23 2000

Combined summary-only and as-set aggregation flags

When both the summary-only and the as-set flags are set, a route with the aggregated PREFIX/M is originated from the BGP router. Moreover the information of the previous AS-PATHs is collected into an unordered list called an AS-SET. This AS-SET, that is included within the new AS-PATH originated by the router, can help to avoid some networks loops. The sub-prefixes are no longer advertised.

rt2{myconfig-rtg-bgp}aggregate-address 192.168.0.0/22 summary-only as-set

Example

For example, rt2’s BGP RIB is:

rt2{}show routing ip bgp
BGP table version is 0, local router ID is 192.168.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  0.0.0.0                    32768  {65530} i
s> 192.168.0.0     10.1.1.6       0               0  65530 i
s> 192.168.1.0     10.1.1.6       0               0  65530 i
s> 192.168.2.0     0.0.0.0        0           32768 i
s> 192.168.3.0     0.0.0.0        0           32768 i

Total number of prefixes 5

on the remote peer, only the aggregated prefix with the AS-SET is received:

rt1{}show routing ip bgp
BGP table version is 0, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i -IGP, e - EGP, ? - incomplete

   Network         Next Hop  Metric  LocPrf  Weight  Path
*> 192.168.0.0/22  10.1.1.2                       0  65520
                                                     {65530} i

Total number of prefixes 1

Confederation

A confederation is a set of many private ASes that are joined to be advertised as a single AS. A confederated AS is a confederation of many ASes that are joined by eBGP and that are themselves running an IGP.

The use cases are:

  1. Join independent ASes into a single AS.
  2. support multi-homed customers with a same ISP.
  3. Avoid the scaling issues of the full-mesh eBGP routers.
  • Configure a BGP 4 confederation:

    router{conf:myconfig-rtg-bgp}bgp confederation identifier ASN
    
    ASN

    Confederation identifier

  • Join private ASes that belong to the same confederation:

    router{conf:myconfig-rtg-bgp}bgp confederation peers ASN1 ... ASNn
    
    ASNi

    Private ASNs that should be joined.

Example

Let’s configure the following confederation:

../../../../../_images/bgp-4-confederation.png

BGP 4 confederation

Where the following configurations are set:

rt1

eth0_0
  ipaddress 10.1.1.9/29
eth1_0
  ipaddress 172.16.255.254/30
    router bgp 65521
      neighbor 10.1.1.11 remote-as 65522
      neighbor 10.1.1.10 remote-as 65521
      neighbor 172.16.255.253 remote-as 65500
      bgp confederation identifier 65520
      bgp confederation peers 65522

rt2

eth0_0
  ipaddress 10.1.1.10/29
eth1_0
  ipaddress 192.168.2.1/24
    router bgp 65521
      neighbor 10.1.1.9 remote-as 65521
      bgp confederation identifier 65520
      network 192.168.2.0/24

rt3

eth0_0
  ipaddress 10.1.1.11/29
eth1_0
  ipaddress 10.1.1.1/29
loopback
  loop 1 192.168.3.1/24

    router bgp 65522
      neighbor 10.1.1.9 remote-as 65521
               neighbor 10.1.1.2 remote-as 65522
               bgp confederation identifier 65520
               bgp confederation peers 65521
               network 192.168.3.0/24

rt4

eth0_0
  ipaddress 192.168.4.1/24
eth1_0
  ipaddress 10.1.1.2/29
rtg
  router bgp 65522
    neighbor 10.1.1.1 remote-as 65522
    bgp confederation identifier 65520
    network 192.168.4.1/24

rt5

However, when rt5 peers with rt1, it peers to the AS 65520 that is rt1’s BGP confederation identifier. It does not peer to the AS 65521 that is internal to the AS 65520:

eth0_0
  ipaddress 172.16.0.1/16
eth1_0
  ipaddress 172.16.255.253/30

rtg
  router bgp 65500
      neighbor 172.16.255.254 remote-as 65520
      network 172.16.0.0/16
  • Check this configuration on rt3 that displays the confederation path between parenthesis:

    rt3{}show routing ip bgp
    BGP table version is 0, local router ID is 192.168.3.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
    Origin codes: i -IGP, e - EGP, ? - incomplete
    
       Network      Next Hop       Metric  LocPrf  Weight  Path
    *  172.16.0.0   172.16.255.253      0     100       0  (65521)
                                                            65500 i
    *> 192.168.2.0  10.1.1.10           0     100       0  (65521) i
    *> 192.168.3.0  0.0.0.0             0           32768  i
    *>i192.168.4.0  10.1.1.2            0     100       0  i
    
    Total number of prefixes 4
    
    rt3{}show routing ip bgp 172.16.0.0
    BGP routing table entry for 172.16.0.0/16
    Paths: (1 available, no best path)
      Not advertised to any peer
      (65521) 65500
        172.16.255.253 (inaccessible) from 10.1.1.9 (172.16.255.254)
          Origin IGP, metric 0, localpref 100, valid, confed-external
          Last update: Sat Sep 2 17:53:57 2000
    

    Whereas the FIB of rt3 is:

    rt3{}show routing ip route
    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
           B - BGP, D - DEP, > - selected route, * - FIB route
    
    C>* 10.1.1.0/29 is directly connected, eth1_0
    C>* 10.1.1.8/29 is directly connected, eth0_0
    C>* 127.0.0.0/8 is directly connected, lo0
    B>* 192.168.2.0/24 [200/0] via 10.1.1.10, eth0_0, 00:51:28
    C>* 192.168.3.0/24 is directly connected, loop1
    B>* 192.168.4.0/24 [200/0] via 10.1.1.2, eth1_0, 00:51:27
    

Note

rt3 cannot route to 172.16.0.0/16 because it has no route to 172.16.255.253. It is a feature of BGP that requires to work with an IGP to resolve the recursives routes that do not have a directly connected gateway. Moreover, it means that the eBGP sessions between the confederation sub-ASes do not change the next hop attribute.

For example, you could add RIP or OSPF v2 on rt1, rt2, rt3 and rt4 that will be the IGP of all the AS65520.

Timers

The BGP timers can be global to the context or specific to the neighbors.

  • Set global timers:

    router{conf:myconfig-rtg-bgp}timers bgp <0-65535> <0-65535>
    
    First <0-65535> argument

    Keepalive interval in seconds. The default value is 60 seconds.

    Second <0-65535> argument

    Holdtime (in seconds) of the routes that are learnt from the neighbor A.B.C.D once the keepalive has been missed. The default value is 3 times the keepalive interval, i.e. 180 seconds.

  • Set neighbor specific timers:

    router{conf:myconfig-rtg-bgp}neighbor A.B.C.D timers <0-65535> <0-65535>
    

Tip

A good practice is to configure the same value on both sides of the TCP connection. Generally, these values should not be changed; however when the processing time of the BGP table is too long for the CPU to fire the keepalive timer, the later could be increased.

router{conf:myconfig-rtg}display
  router bgp 2
    neighbor 10.1.1.1 remote-as 2
    neighbor 10.1.1.1 timers 50 150
  • Check both values:
router{}show routing ip bgp neighbors
BGP neighbor is 10.1.1.2, remote AS 65510, local AS 65500, external link
  BGP version 4, remote router ID 192.168.2.1
  BGP state = Established, up for 00:01:24
  Last read 00:00:24, hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 150, keepalive interval is 50 seconds
  Neighbor capabilities:
    Route refresh: advertised and received (old and new)
    Address family IPv4 Unicast: advertised and received
  Received 7 messages, 0 notifications, 0 in queue
  Sent 9 messages, 0 notifications, 0 in queue
  Route refresh request: received 0, sent 0
  Minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  Community attribute sent to this neighbor (both)
  6 accepted prefixes

  Connections established 1; dropped 0
Local host: 10.1.1.1, Local port: 3913
Foreign host: 10.1.1.2, Foreign port: 179
Nexthop: 10.1.1.1
Nexthop global: ::
Nexthop local: ::
BGP connection: shared network