BGP

For detailed theoretical information see BGP/Theory.

For detailed iBGP information see iBGP.

For IPv6 BGP specific information see BGP/IPv6.

BGP is a path-vector routing protocol. Nowadays the global Internet routing relies on this procotol, and will probably rely on it in the future.

BGP has been designed for large scale networks. It uses a complex best path decision algorithm instead of numerical metrics and operated with autonomous systems (AS) instead of separate subnets.

= Term definitions =

Autonomous system (commonly shortened to AS) is a group of networks with the same routing policy. Technically it is a group of routers using the same AS number (ASN) for communication with other routers.

Autonomous System Number (ASN) is a 32-bit number (before 2007 it used to be 16-bit) used for AS identification. They are used for both administrative and technical purposes.

ASNs allocation is centralized and made by IANA and RIRs (Regional Internet Registries). However, there are numbers from 64511 to 65534 allocated for internal usage and examples. You can use these numbers inside your network (or for experiments/learning), but for global routing you should have a RIR allocated number.

eBGP (exterior BGP) is BGP running between autonomous systems (technically: between routers with different ASNs).

iBGP (interior BGP) is BGP running inside an autonomous system (between routers with the same ASN).

Path (also AS-path) is a set of ASNs traffic will go through to reach some destination.

Neighbors are routers a BGP session is established between. = Protocol information =

BGP uses port TCP/179 to establish connections.

BGP can be used either as exterior (inter-AS) or interior (inter-AS) routing protocol, it is called eBGP or iBGP respectively. One router can run both, type is defined per neighbor. If there is some connection between routers with different ASN it will be considered as eBGP, otherwise it is iBGP. Technical difference is a set of attributes used for best path selection. [edit] Router configuration flow

BGP configuration on a router typically includes the following steps:
 * 1) Choose the ASN.
 * 2) Enable BGP
 * 3) Define what prefixes will be advertised.
 * 4) Define routing policy.
 * 5) Add neighbors.
 * 6) Make sure it works properly or debug if it does not.

ASN choice
If you are going to use BGP for global Internet routing, you should obtain it from your RIR (ARIN, RIPE NCC etc.). If you are going to use it internally, choose any of range 64511-65534.

After you got a prefix, you can enable BGP:

set protocols bgp 

Note that you can not enable BGP without an ASN, and you can not have multiple ASNs on the same router. A router can belong one and only one AS (even though some implementations may allow the opposite).

Define advertised prefixes
Then you need to configure what to advertise to your neighbors. There are two ways: specifying a network and redistributing routes from another routing protocol.

To specify a network, use the following command:

set protocols bgp  network /

e.g.

set protocols bgp 65534 network 192.168.0.0/16

Note that your router is required to know the explicit route to that subnet by default (otherwise BGP routing process will not advertise it). If you advertise a subnet you will not have exact route to it (this is common, since BGP routers usually advertise prefixes for the whole AS, e.g. you have 192.168.0.0/24 configured on the router itself, but it routes traffic for 192.168.0.0/16), there are two ways to work around:
 * Configure a blackhole route (recommended)
 * Set option "disable network check".

First way: use the command

set protocols static route / blackhole

Even though blackhole routes are often used to administratively make some destination unreachable, it is normal in this case since routers use the most specific route (i.e. with the longest prefix length) and specific routes are known from other sources (connected routes, static routes or interior gateway protocol like OSPF).

Second way:

set protocols bgp  parameters disable-network-import-check

Redistributing routes
You also may readvertise routes known from another protocols. Vyatta supports the following redistribution sources (see route types for details):
 * static
 * connected
 * kernel
 * ospf
 * rip

You may specify one or several of them with command:

set protocols bgp  redistribute

e.g.

set protocols bgp 65534 redistribute ospf

Also you may specify a route-map for routes filtering with optional "route-map " part, like:

set protocol bgp  redistribute static route-map MyRouteMap

Defining routing policy
For better control of routing updates BGP supports various types of routing policy. In Vyatta policies are defined by access-lists, prefix-lists, as-path-lists and route-maps. See routing policy for configuration details.

After your policy is ready, there're the following points to apply it in BGP:
 * network (set protocols bgp  network x.x.x.x/y route-map
 * redistribute statement (set protocols bgp  redistribute route-map )
 * neighbor
 * prefix-list for filtering ingoing/outgoing updates (set protocols bgp  neighbor prefix-list )
 * import route-map for ingoing updates (set protocols bgp  neighbor route-map import )
 * export route-map for outgoing updates (set protocols bgp  neighbor route-map export )

Adding neighbors
BGP requires to explicitly specify what other routers you want to communicate to. Such routers are called neighbors. To add neighbor, use the following command:

set protocols bgp  neighbor

Address may be either IPv4 or IPv6. The other mandatory option for a neighbor is its ASN (committing your changes without these options will cause an error).

set protocols bgp  neighbor remote-as 

There are lot of optional parameters you may set for neighbor. Some of them are:
 * advertisement-interval <0-600>) — time interval between sending updates to neighbor.
 * default-originate — whether the router should advertise default route to neighbor. Has optional "route-map " part.
 * ebgp-multihop <0-255> — allows neighbor to be connected not directly (argument is hop limit).
 * maximum-prefix — maximum number of prefixes to accept from neighbor. Used for security reasons (e.g. to prevent a neighbor which must send only one prefix from sending its full table to you),
 * passive — not to initiate the session to neighbor but wait for it to initiate.
 * password — password for BGP session, used for security reason. Obviously must be the same for both neighbors.
 * shutdown — administratively shut down the neighbor.
 * soft-reconfiguration inbound — allow "soft reconfiguration". A copy of routes received from such neighbor is stored, so you can see what exactly it advertises to you. Warning: memory usage increases, so be careful with neighbors sending numerous routes.
 * update-course  — specifies update source interface or address explicitly.

All options are set with commands like:

set protocols bgp  neighbor

= Viewing BGP information =

All commands in this section are considered operational if the opposite is not explicitly specified.

When your neighbor is configured, you may view its status with command:

show ip bgp neighbors

Or, to see information about all neighbors:

show ip bgp neighbors

If you see a string like "BGP state = Established" in the output, your BGP session is running. If your neighbor does not get into "established" state it will mean there is a trouble. See BGP/Troubleshooting for information about typical errors and debugging techniques.

You can see routes received from all neighbors with command:

show ip bgp

Or view information about specific address or network with:

show ip bgp show ip bgp /

To see information about a prefix and all its subnets use:

show ip bgp / longer-prefixes

Note that these commands show information about routes known by BGP routing process. Even if they are marked as "best", it does not necessarily mean they are used for traffic routing. To view FIB (Forwarding Internet Database) routes use:

show ip route bgp show ip route bgp

You also may see them in "show ip route" command output marked with "B".

You always may see what prefixes you advertise to some neighbor:

show ip bgp neighbors advertised-routes

If a neighbor is configured with "soft-reconfiguration inbound" option, you also can view routes advertised by it:

show ip bgp neighbors received-routes