BGP
N WLLA OMNI - Answer N - Next hop reachable?
W - Weight
L - Local pref
L - Locally injected routes
A - AS_Path
O - Origin (I, E or ?)
M - MED
N - Neighbor type (eBGP over iBGP)
I - IGP metric to next-hop
Minimum eBGP configuration? - Answer router bgp <ASN>
neighbor <IP> remote-as <REMOTE_ASN>
Requirements for eBGP neighbors? - Answer * Local ASN must match the remote-as
configured on the neighbor.
* BGP router IDs must not be the same
* MD5 authentication must pass if configured
* The routers must form a TCP connection (port 179) between the IPs used in the
respective neighbor statements.
How is the BGP router ID chosen? - Answer * Configured using the bgp router-id
command
* Highest loopback interface
* Highest other interface
How would you configure BGP to use a loopback address on each end? - Answer
neighbor <IP> update-source <SOURCE_INT>
neighbor <IP> ebgp multihop <HOP_COUNT>
Where IP is the neighbor's loopback IP, SOURCE_INT is our loopback interface and
HOP_COUNT is 2.
What is multihop? - Answer The TTL for the TCP connection defaults to one so it will
only cross one segment by default.
neighbor <IP> ebgp multihop <TTL> will set the TTL to a higher value. For instance,
multihop 2 would allow you to reach a loopback interface on a neighboring router.
How do you authenticate a BGP connection? - Answer Configure each router with a
pre-shared key for it's neighbor.
,neighbor <IP> password <PSK>
List the BGP neighbor states. - Answer Idle - admin down or awaiting the next retry
Connect - waiting for TCP connection to complete
Active - TCP connection complete but no BGP messages sent
Opensent - TCP connection exists and BGP Open message sent but no matching Open
received from peer
Openconfirm - Open message sent and matching
Open received. Keepalives (all params match) or Notification (param mismatch) are
next.
Established - All params match, peers will now send Updates
How can you verify eBGP neighbor status? - Answer show ip bg neighbors [neighbor-id]
Neighbors and status are listed at the bottom. The State/PfxRcd is either text listing the
state or the number of prefixes received from the neighbor.
How can you verify the TCP connection for BGP? - Answer show tcp brief
Shows the local and remote (foreign) IP and port for each TCP connection.
How can you administratively disable a neighbor? - Answer neighbor <IP> shutdown
Re-enable with:
no neighbor <IP> shutdown
How do you debug BGP? - Answer debug ip bgp
List the BGP mesage types. - Answer Open - Establish a neighbor connection and
exchange basic params.
Keepalive - Sent periodically to maintain the neighbor relationship. Failure to receive a
Keepalive before the Hold timer expires will bring down the neighbor-ship.
Update - Used to exchange PAs and associated prefix/length (NLRI) used by those
PAs.
Notification - Signals a BGP error, usually results in a reset to the connection.
What is a PA? - Answer Path Attribute
,... allow BGP to make determinations of what is the best path.
What is an NLRI? - Answer Network Layer Reachability Information
... is exchanged between BGP routers using UPDATE messages. An NLRI is composed
of a LENGTH and a PREFIX. The length is a network mask in CIDR notation (eg. /25)
specifying the number of network bits, and the prefix is the Network address for that
subnet.
The NLRI is unique to BGP version 4 and allows BGP to carry supernetting information,
as well as perform aggregation.
The NLRI would look something like one of these:
/25, 204.149.16.128
/23, 206.134.32
/8, 10
Only one NLRI is included in an UPDATE Message, though there may be multiple AS-
paths and AS-path attributes.
Describe output of "show ip bgp". - Answer Shows a list of all routes learned from BGP
with the best route marked with >, and including the Metric (MED), Local Preference,
Weight and AS_Path for each. iBGP routes are marked with i in the third column.
What are the PA categories? - Answer Well-known, mandatory - Must appear in every
UPDATE message, must be supported by every BGP implementation.
Well-known, discretionary - May or may not appear in an UPDATE message, but it
MUST be supported by any BGP software implmentation.
Optional, Transitive - May or may not be supported in all BGP implementations. If sent
in an UPDATE message, but not recognized by the receiver, it should be passed on to
the next AS.
Optional, Non-transitive - May or may not be supported, if received, it is not required
that the router pass it on.
List well-known, mandatory PAs. - Answer * AS_path
* ORIGIN
* NEXT_HOP
List well-known, discretionary PAs. - Answer * LOCAL_PREF
* ATOMIC_AGGREGATE
List optional, transitive PAs. - Answer * AGGREGATOR
, * COMMUNITY
List optional, non-transitive PAs. - Answer * MULTI_EXIT_DISC
* ORIGINATOR_ID
* Cluster List
List some BGP verification commands. - Answer show ip bgp /prefix/ [mask]
0.0.0.0 0.0.0.0 will list all default routes
show ip bgp neighbors /ip-address/ received-routes
shows routes from a particular neighbor before filters are applied.
show ip neighbors /ip-address/ routes
shows routes from a particular neighbor after filters are applied.
show ip neighbors /ip-address/ advertised-routes
shows routes sent to a particular neighbor after filters are applied.
show ip bgp summary
lists the number of prefixes learned from each neighbor.
How do you inject a route into BGP? - Answer * BGP network command
* redistribute from an IGP
Syntax for the BGP network command? - Answer network /prefix/ mask /mask/
If the mask is omitted BGP will assume a classful mask.
Note: BGP will only advertise a route if there is an exact IGP match in the routing table.
What does auto-summary do? - Answer If auto-summary is enabled (default is disabled)
and the mask is omitted from the network statement the classful prefix will be advertised
if...
* there is an exact match for the classful route in the routing table
* any route in the routing table matches a subnet of the classful network
e.g. if "network 2.0.0.0" and "auto-summary" were configured and there was a route for
2.2.2.2/32 in the routing table then BGP would advertise a route for 2.0.0.0/8.
Commands to redistribute OSPF to BGP? - Answer router bgp /ASN/
redistribute ospf /process_id/ route-map /rm_name/
!
route-map /rm_name/
match ip address prefix /prefix_list_name/
!
ip prefix-list /prefix_list_name/ permit /subnet/mask/ le /longest_mask/
N WLLA OMNI - Answer N - Next hop reachable?
W - Weight
L - Local pref
L - Locally injected routes
A - AS_Path
O - Origin (I, E or ?)
M - MED
N - Neighbor type (eBGP over iBGP)
I - IGP metric to next-hop
Minimum eBGP configuration? - Answer router bgp <ASN>
neighbor <IP> remote-as <REMOTE_ASN>
Requirements for eBGP neighbors? - Answer * Local ASN must match the remote-as
configured on the neighbor.
* BGP router IDs must not be the same
* MD5 authentication must pass if configured
* The routers must form a TCP connection (port 179) between the IPs used in the
respective neighbor statements.
How is the BGP router ID chosen? - Answer * Configured using the bgp router-id
command
* Highest loopback interface
* Highest other interface
How would you configure BGP to use a loopback address on each end? - Answer
neighbor <IP> update-source <SOURCE_INT>
neighbor <IP> ebgp multihop <HOP_COUNT>
Where IP is the neighbor's loopback IP, SOURCE_INT is our loopback interface and
HOP_COUNT is 2.
What is multihop? - Answer The TTL for the TCP connection defaults to one so it will
only cross one segment by default.
neighbor <IP> ebgp multihop <TTL> will set the TTL to a higher value. For instance,
multihop 2 would allow you to reach a loopback interface on a neighboring router.
How do you authenticate a BGP connection? - Answer Configure each router with a
pre-shared key for it's neighbor.
,neighbor <IP> password <PSK>
List the BGP neighbor states. - Answer Idle - admin down or awaiting the next retry
Connect - waiting for TCP connection to complete
Active - TCP connection complete but no BGP messages sent
Opensent - TCP connection exists and BGP Open message sent but no matching Open
received from peer
Openconfirm - Open message sent and matching
Open received. Keepalives (all params match) or Notification (param mismatch) are
next.
Established - All params match, peers will now send Updates
How can you verify eBGP neighbor status? - Answer show ip bg neighbors [neighbor-id]
Neighbors and status are listed at the bottom. The State/PfxRcd is either text listing the
state or the number of prefixes received from the neighbor.
How can you verify the TCP connection for BGP? - Answer show tcp brief
Shows the local and remote (foreign) IP and port for each TCP connection.
How can you administratively disable a neighbor? - Answer neighbor <IP> shutdown
Re-enable with:
no neighbor <IP> shutdown
How do you debug BGP? - Answer debug ip bgp
List the BGP mesage types. - Answer Open - Establish a neighbor connection and
exchange basic params.
Keepalive - Sent periodically to maintain the neighbor relationship. Failure to receive a
Keepalive before the Hold timer expires will bring down the neighbor-ship.
Update - Used to exchange PAs and associated prefix/length (NLRI) used by those
PAs.
Notification - Signals a BGP error, usually results in a reset to the connection.
What is a PA? - Answer Path Attribute
,... allow BGP to make determinations of what is the best path.
What is an NLRI? - Answer Network Layer Reachability Information
... is exchanged between BGP routers using UPDATE messages. An NLRI is composed
of a LENGTH and a PREFIX. The length is a network mask in CIDR notation (eg. /25)
specifying the number of network bits, and the prefix is the Network address for that
subnet.
The NLRI is unique to BGP version 4 and allows BGP to carry supernetting information,
as well as perform aggregation.
The NLRI would look something like one of these:
/25, 204.149.16.128
/23, 206.134.32
/8, 10
Only one NLRI is included in an UPDATE Message, though there may be multiple AS-
paths and AS-path attributes.
Describe output of "show ip bgp". - Answer Shows a list of all routes learned from BGP
with the best route marked with >, and including the Metric (MED), Local Preference,
Weight and AS_Path for each. iBGP routes are marked with i in the third column.
What are the PA categories? - Answer Well-known, mandatory - Must appear in every
UPDATE message, must be supported by every BGP implementation.
Well-known, discretionary - May or may not appear in an UPDATE message, but it
MUST be supported by any BGP software implmentation.
Optional, Transitive - May or may not be supported in all BGP implementations. If sent
in an UPDATE message, but not recognized by the receiver, it should be passed on to
the next AS.
Optional, Non-transitive - May or may not be supported, if received, it is not required
that the router pass it on.
List well-known, mandatory PAs. - Answer * AS_path
* ORIGIN
* NEXT_HOP
List well-known, discretionary PAs. - Answer * LOCAL_PREF
* ATOMIC_AGGREGATE
List optional, transitive PAs. - Answer * AGGREGATOR
, * COMMUNITY
List optional, non-transitive PAs. - Answer * MULTI_EXIT_DISC
* ORIGINATOR_ID
* Cluster List
List some BGP verification commands. - Answer show ip bgp /prefix/ [mask]
0.0.0.0 0.0.0.0 will list all default routes
show ip bgp neighbors /ip-address/ received-routes
shows routes from a particular neighbor before filters are applied.
show ip neighbors /ip-address/ routes
shows routes from a particular neighbor after filters are applied.
show ip neighbors /ip-address/ advertised-routes
shows routes sent to a particular neighbor after filters are applied.
show ip bgp summary
lists the number of prefixes learned from each neighbor.
How do you inject a route into BGP? - Answer * BGP network command
* redistribute from an IGP
Syntax for the BGP network command? - Answer network /prefix/ mask /mask/
If the mask is omitted BGP will assume a classful mask.
Note: BGP will only advertise a route if there is an exact IGP match in the routing table.
What does auto-summary do? - Answer If auto-summary is enabled (default is disabled)
and the mask is omitted from the network statement the classful prefix will be advertised
if...
* there is an exact match for the classful route in the routing table
* any route in the routing table matches a subnet of the classful network
e.g. if "network 2.0.0.0" and "auto-summary" were configured and there was a route for
2.2.2.2/32 in the routing table then BGP would advertise a route for 2.0.0.0/8.
Commands to redistribute OSPF to BGP? - Answer router bgp /ASN/
redistribute ospf /process_id/ route-map /rm_name/
!
route-map /rm_name/
match ip address prefix /prefix_list_name/
!
ip prefix-list /prefix_list_name/ permit /subnet/mask/ le /longest_mask/
