Most of the network professionals whom I know are very good at configuring and fine-tuning the internal routing protocols, and when I ask them about configuring BGP, they are like, ‘you know what, I am not so confident with it maybe I think I have to read a bit more about it before I spin up in the production.
So if you are thinking the same way, then you are not alone 🙂
Is BGP tough to comprehend for those who are new to networking, I would say not really, and it all depends.
As the saying goes, “practice makes anyone perfect.”
The more you work on BGP, the better it gets, I know there are many BGP attributes and stuff comes to play but if you take one step at a time, then it would more comfortable, rather than trying to learn everything in a day.
So what is BGP?
The BGP (Border Gateway Protocol) is an exterior gateway protocol that lets you route between different Autonomous systems, since BGP route between multiple ASN’s, it’s also called path-vector protocol. Let’s look at that in more detail.
If you wanted to know more about Autonomous System Number in BGP, you might check out the blog that I wrote here
To understand BGP. First, you must need to know the difference between the IGP (Interior Gateway Protocol), and the EGP (Exterior Gateway Protocol).
In this blog, let’s go over some of IGP’s (Interior Gateway Protocol), and we can go more detail on EGP (Exterior Gateway Protocol), so let’s get started.
What is the Interior Gateway protocol?
The interior gateway protocols route the IP network between gateways/ routers within an Autonomous System (AS), which is managed by one or more network administrators in an organization. There are two types of interior gateway protocols, Link-state routing protocol, and distance vector routing protocols.
An Enterprise network is an example of running the interior gateway routing protocol, as within the Enterprise the network administrators would be using interior gateway routing protocols.
Below is an example of OSPF running in an AS. And you can further add more routers to this single AS.
The interior gateway protocols are in use today
Apart from the static route, which we have to configure it manually, below are the interior gateway protocols in use today.
OSPF – Which is the most popular link-state routing protocol among them all and little complex too when you go more advanced. It doesn’t matter whether you are on a single vendor or a multivendor environment. The OSPF works excellent on all of them.
EIGRP – This is a distance-vector protocol, and it was Cisco’s proprietary protocol used to work only with CISCO’s devices. I loved its fast convergence time compared to OSPF, and Cisco opened up this EIGRP protocol back in 2013 so that all other network vendors could implement them on their devices.
Though Cisco made it open for other vendors to use, I haven’t seen much EIGRP implemented on any other non-Cisco devices.
ISIS – Its similar to OSPF as both are link-state protocols. We can see ISIS widely adopted in datacenter networking today.
RIPv2 – And last but not least is our older brother RIPv2. It is getting less and less popular these days, as other dynamic routing protocols work great compared to RIP hop count configuration, you can also say it’s a little outdated too.
You see, those interior gateway protocols cannot handle so many routes, it starts to show its weaknesses after a specific limit. Hence we use them internally in an organization, and it’s suitable for that very purpose.
Now I hope you got pretty much clear on what are the interior gateway protocols are.
Why BGP (Border Gateway Protocol)
BGP is a very stable and robust exterior routing protocol in use today. Moreover, it is the routing protocols that we use today on the internet to route traffic. Now you can imagine how much it can handle.
The BGP can handles tons or even thousands of prefixes or NRLI (network Layer reachability information) in a router as compared to IGP. Since the BGP route among the ASN’s, it is called path-vector protocol.
Note: NLRI is the same routes information that you have in the interior gateway protocol. You can see the same network prefixes and next hope and so on, and even more information.
Back in those days when the internet was small, we used to have a routing protocol called GGP (Gateway-to-Gateway Protocol). Then in 1980, EGP was developed, which was the first TCP/IP exterior routing protocol. The EGP used to work well, and no-one had expected the internet to grow so big and fast, but as in when the routing table grew we had to move to the new exterior routing protocol, Even though EGP-2 was released later, it replaced with BGP. After multiple versions of BGP, as of today, we are using BGP version 4 on the network.
Note: when someone tells you about EGP today, it is nothing but BGP as BGP replaces it.
Today BGP is the only EGP available to route traffic, and it works differently than the interior Gateway Protocols.
While you can configure the interior gateway protocol under an AS (autonomous system number) meaning within a single routing domain or group of routers within an AS. the BGP (Border Gateway Protocol) works opposite, BGP lets you route between ASN.
BGP routing table size over the years.
See the table below chart which shows the growth of the BGP routing table, from 1994 to present, you can see how fast it has grown, and it’s still growing with not only IPV4 routes but IPv6 as well.
Where can you check BGP routes?
You just saw the size of the BGP routing table over the years, what if you don’t have access to BGP router, or you are not running BGP in your network or you are running BGP and wanted to see from outside how your network routed.
Is it possible to see BGP routing information for the public? The answer is, YES! You can use something called BGP Looking Glass, with which you can see public BGP route information.
What is BGP Looking Glass?
You could get into BGP Looking Glass here to see the BGP routing information.
BGP Looking Glass is a server where you could see the BGP network prefix information and its next-hop along with other BGP attributes just like how you would see with any regular BGP router, this is useful when you are sending BGP routes to the ASN, and you wanted to see how the BGP routes looks like from external ASN or internet.
Does network outage happen on the internet?
Though the network outages do happen on the internet even at this very second while you are reading this, the outages not like what you see on enterprise networks as the BGP has multiple backup paths to a given network destination, therefore, when primary path is down it takes the secondary, so we don’t really get to notice much of network outages
How to use BGP looking Glass
You could open BGP looking Glass here and check the BGP public route information.
On the first column information Category, I selected the BGP route lookup, source site (you can select a location near to you or farther away). On the Destination Details, I wanted to see the routes for Google’s public DNS’s IP=18.104.22.168, so I typed in its summarised 24 mask, which is 22.214.171.124/24 and clicked submit.
I could see there are around 11 routes for the subnet 126.96.36.199/24. Below is the output at the time of this writing. You may want to take a look a that and compare it to the output that you had got when you ran the BGP route command.
How does BGP work
BGP works completely different than IGP. In BGP, the neighbor has to configure manually, and There is no Multicast in BGP to find its neighbors automatically.
Once we configure the BGP, The BGP speaker has to go through different states and create TCP sessions with its peer on port number 179, once the session establishes, both BGP speakers start sending its network prefixes to its peer using TCP port 179.
When you have multiple paths to a given network, BGP uses its attributes to find out the best path. You can also use the same attributes to manipulates routes sending and receiving in a BGP.
And there are different types of BGP.
BGP Flavors – EBGP and IBGP
There are two flavors of BGP, One is EBGP (External BGP) which is used for interconnecting different AS’s.
The administrative distance of EBGP is 20.
Configuration of EBGP
router bgp AS Number neighbor ip-address remote AS number
router bgp 100 neighbor 192.168.1.2 remote 200
Another one is IBGP which is used to route within/same ASN.
IBGP has an administrative distance of 200.
Configuration of IBGP
The configuration of IBGP is similar to EBGP. Since it routes within an AS we have to specify the local AS as the remote AS in the IBGP session.
router bgp 200 neighbor 192.168.1.2 remote 200
Do you see it? The local ASN and remote ASN are the same.
Where do we use IBGP?
Internet service providers use IBGP to serve their customers. The IBGP session act as a big cloud of ASN and can connect to the customer AS (Different AS) using EBGP.
IBGP can act as a transit AS ‘AS200’ in the example above and connect other EBGP neighbors ‘AS100’ and ‘AS300’ in our case.
Even the enterprise border routers do use IBGP’s as well.
EGBP loop avoidance mechanism.
The EBGP Routers are in different AS’s and BGP avoids routing loop by not accepting routes learned by neighbors from its own ASN’s.
For example below, let’s suppose we have ASN100 connected ASN200 and ASN400. The ASN100 is advertising network prefix 188.8.131.52/32 to ASN200
Now if you were to look at the BGP table on AS 200 router, you can see that route 184.108.40.206/32 has AS-PATH 200 and 100. That way you know this prefix is coming from ASN100.
The same route forwards to the AS300. When you check the BGP routes in AS 300 routers now, you can see the route 220.127.116.11/32 has passed the AS-PATH 100,200and 300.
The same goes for ASN400.
What would happen when the same routes advertised by AS-400 back to AS-100, it would simply discard this route, Because it has its own local AS in them. That’s how EBGP avoids loop in a network.
IBGP loop avoidance mechanism.
However, the EBGP loop avoiding mechanism is irrelevant for IBGP, as all the routers connected within the same AS, there are three essential rules for IBGP which are to avoid loops. those are…
1. IBGP speakers can forward routes learned from EBGP neighbors to IBGP neighbors.
2. Forward routes learned from IBGP neighbors to EBGP neighbors.
3. However, Cannot forward routes learned from IBGP neighbors to IBGP neighbors.
What are the BGP message types?
I just mentioned BGP has to go through different states to become peers, during those times, the BGP neighbors keep sending messages to each other. And there are 4 types of BGP messages, as a network engineer, you need to know what each message type represents.
Once the TCP session established, This message has to be sent by the BGP speaker to its neighbors to open the BGP session. This Open message contains specific parameters that both BGP neighbors should be agreed upon to become peers. This message should have, Origniator’s BGP version number, Local AS number, Hold timer, BGP identifier, Optional parameters.
Periodically sent after BGP session is open, the default timer in cisco IOS in 60seconds
The BGP update message is where the actual BGP prefixes exchanges. It includes Network Layer Reachability Information (NLRI), BGP path attributes, Withdrawn Routes- when the BGP routes are no longer available.
If you add new prefixes using the command ‘network’ you can see BGP sending an update message.
This message sends when there is an error detected. The BGP session gets closed immediately after the notification sent.
What are the BGP states?
Now let’s look at the different BGP states. This part is essential as this is very crucial for troubleshooting BGP connection issues.
I still remember, I used work as NOC engineer and when I see BGP flaps occur, I used to run the command “show BGP summary” in Cisco IOS, and figure out what state the BGP is in, and take appropriate action.
The Idle state is the initial state when the BGP configured. In this state, it listens for any new connection from the peer router. If any notification message received due to an error occurs on any other states, that changes the existing state to Idle state again.
R1#show ip bgp summary BGP router identifier 18.104.22.168, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 22.214.171.124 4 400 0 0 1 0 0 never Idle R1#
The BGP start the TCP session when the 3-way handshake completed.
It is common for someone new to BGP to interpret this as the BGP session is up and running but its not, the active state means is that the BGP speaker is Actively trying to establish a TCP session with the neighbor.
*Sep 26 08:05:38.839: BGP: 126.96.36.199 active went from Idle to Active
R1#show ip bgp summary BGP router identifier 188.8.131.52, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 184.108.40.206 4 400 0 0 1 0 0 00:00:46 Active R1#
OpenSent is the first open message that sent to the neighbor and its waiting for a response in open, from neighbors.
*Sep 26 08:05:38.907: BGP: 220.127.116.11 active went from Active to OpenSent
*Sep 26 08:05:38.955: BGP: 18.104.22.168 active went from OpenSent to OpenConfirm
In this state, we received a response from the neighbor for OpenSent, now waiting for a keepalive or notification message to decide the neighborship can establish or not. If the message is notification, then the state would change it back to Idle state and start the whole process again.
*Sep 26 08:05:38.955: BGP: 22.214.171.124 active went from OpenConfirm to Established *Sep 26 08:05:38.955: BGP: ses global 126.96.36.199 (0x6757D588:1) act Assigned ID *Sep 26 08:05:38.955: BGP: ses global 188.8.131.52 (0x6757D588:1) Up *Sep 26 08:05:38.955: %BGP-5-ADJCHANGE: neighbor 184.108.40.206 Up *Sep 26 08:05:38.955: BGP: ses global 192.
Established is the final state that indicates that the BGP is up and running. In this state, BGP peers can start sending updates, keepalive, and notifications.
When you look at BGP neighbor summary now, you won’t be able to see the state is in established, instead, it would show the time since the BGP is in the established state
R1#show ip bgp summary BGP router identifier 220.127.116.11, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 18.104.22.168 4 400 13 13 1 0 0 00:10:27 0 R1#