BGP quick ref

Transport: TCP port 179

Keepalive: 60 seconds (19 byte packet)

Table version number: increments each time the table changes. Rapid increase could indicate network instability, though this depends on the network size and carrying a full-routing table.

Authentication

  • Indicated by a 16 byte field (Marker)
  • OPEN msg does not have auth

Finite State Machine (FSM)
Can move up or remain in it’s current state (for example: from 3 to 3) by default & down or further up only to indicated state #. !# means that state # can’t remain in state 4, it’s limited by a timeout (Ack or Hello timeout).

  1. Idle
  2. Connect – 4
  3. Active – 1
  4. OpenSent – 1, !4
  5. OpenConfirm – 1
  6. Established – 1, !5

Message type
Used to establish a TCP session, FSM state 1 doesn’t generate any messages

  • OPEN: (2|3)-4
  • UPDATE: 6-6
  • NOTIFICATION: (4|5|6)-1
  • KEEPALIVE: (5|6)-6

FSM events

  • 1-2: Start
  • 2-3: TCP transport connection unsuccesful
  • (2|3)-4: TCP transport connection succesful
  • 4-5: OPEN msg received from peer and is checked for correctness, start sending KEEPALIVE
  • 5-6: KEEPALIVE received
  • 2-1: Error
  • 3-1: Stop (by operator cmd)
  • 3-2: ConnectRetry timer expired
  • 4-1: Stop | Error (in OPEN msg, hold timer exp, Stop event)
  • 4-3: TCP transport disconnect
  • 5-1: NOTIFICATION received | Stop
  • 6-1: NOTIFICATION received | Stop

Oscillating between Connect (2) and Active (3) means that something is wrong with the TCP transport connection, either retransmits or reachability.

(i|e)BGP neighborship is determined in the OpenSent state (4)

When errors are found in an UPDATE packet, a NOTIFICATION msg is sent to the peer and status goes back to Idle (1)

Attribute & type (learn these by heart!)

  1. ORIGIN: well known, mandatory
  2. AS_PATH: well known, mandatory
  3. NEXT_HOP: well known, mandatory
  4. MULTI_EXIT_DISC: optional, nontransitive (MED)
  5. LOCAL_PREF: well known, discretionary
  6. ATOMIC_AGGREGATE: well known, discretionary
  7. AGGREGATOR: optional, transitive
  8. COMMUNITY: optional, transitive
  9. ORIGINATOR_ID: optional, nontransitive
  10. Cluster List: optional, nontransitive
  11. DPA: Destination Point Attribute for BGP (expired inet draft)
  12. Advertiser: BGP/IDRP Route Server (rfc1863)
  13. RCID_PATH/CLUSTER_ID: BGP/IDRP Route Server (rfc1863)
  14. MP_REACH_NLRI: optional, nontransitive (rfc2283)
  15. MP_UNREACH_NLRI: optional, nontransitive (rfc2283)
  16. Extended Communities: see rfc4360

MP_REACH_NLRI: Multiprotocol Reachable NLRI
MP_UNREACH_NLRI: Multiprotocol Unreachable NLRI

ORIGIN (in order of preference)

  • i: IGP (iBGP)
  • e: EGP (eBGP)
  • ?: incomplete (learned from redistribution)

WEIGHT

  • 0 – 65.535
  • directly-connected = 32.768
  • locally significant (not exchanged)

Communities (some well known ones, this does mean there are more…)

  • internet: advertise this route to the internet community (everyone)
  • no-export: do not advertise to eBGP peers
  • no-advertise: do not advertise to any peer
  • local-as: do advertise within the confederation (to other sub-AS’s) but not to other AS’s

Synchronisation

  • Theory: a BGP router should not advertise via eBGP, destinations learned via iBGP, unless the destinations are also known via an IGP
  • Practically: if the AS is passing traffic from another AS to a third AS, BGP shouldn’t advertise a route before all routers in the AS have learned about the route via an IGP
  • Black hole prevention (makes BGP convergence equal or slower than the IGP)

Multi-hop

  • Only useful for EBGP peers

Network backdoor: Make the IGP the preferred route by setting the (adm) distance of the specific route to 200.
Cisco about backdoor: You can indicate which networks are reachable by using a backdoor route that the border router should use. A backdoor network is treated as a local network, except that it is not advertised.

Administrative distance

  • external: 20
  • internal: 200
  • (local: 200)

Deterministic-med vs. always-compare-med

  • Deterministic: compare med when choosing routes from iBGP peers
  • Always-compare-med: compare med when choosing routes from eBGP peers (reorder routing entries by neighbor AS)

NLRI: lenght,prefix
CIDR: prefix/length

Regular expressions (Path filters)

. Any single character
^ Matches beginning of any input string
$ Matches the end of any input string
_ Matches a comma(,), braces ({|}), parenthesis ((|)), the beginning or end of the input string, or a space
* Matches 0 or any sequence in a pattern

.* All (any AS path)
^$ empty string (no path info), indicates a local route

Best path selection precess

  1. If next hop is inaccessible then drop
  2. If the path is internal and synchronisation enabled. Is the path in the IGP? No: drop
  3. Prefer largest weight (Cisco specific, weight is not an attribute!)
  4. Prefer largest LOCAL_PREF
  5. Prefer local routes (network, redistribution then aggregate-address) (Cisco specific)
  6. (if eBGP) Prefer shortest AS_PATH
  7. Prefer lowest ORIGIN type (IGP, EGP then incomplete)
  8. Prefer lowest MED (tiebreaker)
  9. Prefer eBGP over iBGP (by means of administrative distance) (Cisco specific)
  10. Prefer closest IGP neighbor (tiebreaker)
  11. Prefer lowest RID neighbor

#6 intricacies

  • Ignored if “bgp bestpath as-path ignore” is configured
  • An as_set counts as 1
  • as_confed_sequence is not included in the AS_PATH length

Peer group

  • Cisco advice: based on identical outbound announcement policies

Confederation

  • Uses iBGP inside the confed / sub-AS
  • Uses eBGP outside the confed / sub-AS
  • The only exception to the rule of eBGP only to another AS