How to configure EBGP (External BGP)

Hello Shashank

In general, it is usually best to use a looback interface for all BGP peerings. The benefits of this are shown clearly in the eBGP multihop lesson.

For the scenario shown in the eBGP multihop lesson, static routes between the two routers to achieve routing between the loopbacks are fine. However, there are scenarios where you may want to implement a dynamic routing protocol (in the event that there are additional hops between the eBGP peers) to ensure redundancy and reconvergence in the event of a failure.

I hope this has been helpful!

Laz

Thanks for that laz.

In terms of using another dynamic routing protocol, ebgp is usually used over the wan is my understanding. So in this case will it still be an idea to use a dynamic routing protocol?

Hello Shashank

Each situation is different, so I can’t answer this question definitively. However, the following explanation may help in making such a determination.

eBGP is used to allow different AS’es to share their routes between them. In most cases, you would have these AS’es share routes via eBGP peer routers that are directly connected. This is also the desired state. The following diagram shows two directly connected routers between AS1 and AS2 that are sharing eBGP routes.

There are cases, where eBGP peerings may take place between not-directly-connected eBGP routers. The following diagram describes this:

Here we see some network between the eBGP routers of AS1 and AS2. Now how should you enable this connectivity? Well, remember that in order for two BGP routers to become neighbours, there must be connectivity (routing) between the BGP interfaces of those routers. Now, this can be achieved using static or dynamic routing. What you will use depends upon what access/jurisdiction you have in the “some network” infrastructure. (Typically dynamic routing is preferable, since it can provide redundancy in the event of a failure, but static routing can also be acceptable.)

If you have control over this network, i.e. it belongs to you, then you can implement whatever routing you like, static or dynamic, EIGRP, OSPF, or whatever else you like. BUT, if it is not under your administration, you must rely on the reliability of the owner of that network, and you must confer with them in order to achieve the best possible result.

So all of these factors play a role, and must be considered before you make your decision.

I hope this has been helpful!

Laz

Awesome response Laz, thank you for that. It definitely cleared it up for me, essentially dynamic routing is preferred, however if you do not own the network or it is not capable of it… use static routing. In the case of a WAN edge, I guess here it is more than likely going to be static routing, where as within your own datacenter you more than likely should be able to do dynamic routing.

Hello Shashank

Great to hear that it was helpful for you!! In the case of a WAN edge, yes, if it is in your own network and there aren’t any alternative route choices where dynamic routing may have been useful, then yes, static routing is more likely going to be used.

Laz

Hi Rene,

Why do we need IBGP? Why cant we deal all the networks in an organization with EBGP?

Thanks,
Nihar

Hello Nihar

Take a look at this post.

If you have any further questions, let us know!

I hope this has been helpful!

Laz

Hi team

How to configure EBGP neighbor as passive session? I have this unusual task.
Thanks

Hello Boris

When a BGP peering takes place between two routers, one router takes the active role while the other takes the passive role. The router with the highest BGP router identifier will be the active peer, and will actively search for, and establish the connection to the remote peer via TCP port 179. In this sense, the router with the highest identifier will play the active role, while the other router will play the passive role.

You can change this behaviour by using the neighbor transport command with the appropriate keywords under the BGP configuration mode. For example, the following command will cause the local router to be the passive router in its BGP peering with neighbor 150.1.1.1:

neighbor 150.1.1.1 transport connection-mode passive

More information about this command can be found here:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book/bgp-m1.html#wp2116780248

I hope this has been helpful!

Laz

Thanks for clearing it up for me.

Hi,

I understand the fact that we need IBGP for Internal routing. My question is that why cant we use EBGP between core routers ( internal routers ) to carry the same information to edge routers?

Thanks,
Nihar

Hello Nihar

By definition, iBGP advertises prefixes between BGP routers within an AS. Similarly, by definition, eBGP advertises prefixes between BGP routers on different AS’es.

So iBGP is responsible for learning the routes within the local AS and delivering them to iBGP routers that are on the edge of the AS. Those edge routers, also have peerings with BGP routers in other AS’es using eBGP. They learn all of the prefixes inside the AS, and will advertise them using eBGP to other AS’es.

So why is eBGP used only for communication between AS’es? Well, it’s simply a matter of design. This is done by definition.

I hope this has been helpful!

Laz

Hey Rene, i am running IBGP between R2 and R4 ping successful
R3 is not running BGP, i am running OSPF between R2, R3, R4 Ping successful.
I have created loopback on R3, and am not able to ping down to AS1 or AS 2
I have given the command
network 201.1.1.0 mask 255.255.255.0 on R2, still not able to ping network down.

I do not get route 201.1.1.0 on any router besides routers R2 and R4 as they are running OSPF.

R2#sh run | sec bgp
router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.1.1.0
network 192.2.1.0
network 201.1.1.0
neighbor 4.4.4.4 remote-as 2
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 192.1.1.1 remote-as 1
no auto-summary

Show IP route on R1

17.0.0.0/24 is subnetted, 1 subnets
B 17.0.0.0 [20/0] via 200.168.33.2, 00:36:56
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
5.0.0.0/24 is subnetted, 1 subnets
B 5.5.5.0 [20/0] via 192.1.1.2, 04:05:39
C 200.168.33.0/24 is directly connected, FastEthernet0/1
8.0.0.0/24 is subnetted, 1 subnets
B 8.0.0.0 [20/0] via 200.168.33.2, 00:36:56
C 192.1.1.0/24 is directly connected, FastEthernet0/0
B 192.2.1.0/24 [20/0] via 192.1.1.2, 03:34:22
B 200.168.43.0/24 [20/0] via 192.1.1.2, 00:36:53

Show run | sec bgp on ( R1)

Router#show run | sec bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 192.1.1.0
network 200.168.33.0
neighbor 192.1.1.2 remote-as 2
neighbor 192.1.1.2 default-originate
neighbor 200.168.33.2 remote-as 4
no auto-summary

The point is i dont want to run BGP on R3 !

Hello Salman

What you describe makes perfect sense. Remember BGP is responsible for ensuring routing between ASes, while the IGP is responsible for routing within the AS. Since R3 is not running BGP at all, it is not learning about routes that have been advertised by routers in other ASes. Thus it can only reach R2 and R4 because it learns about their routes via OSPF.

If you take a look at R3’s routing table, you will see that no routes from other ASes are in the routing table, thus, packets with such destinations will simply be dropped.

Now if you want to avoid running BGP on R3 and you want it to communicate with the other ASes, then you must achieve two things:

1. Share the BGP routes learned by AS2 with the OSPF routing protocol
2. Share the 201.1.1.0/24 network with BGP via OSPF

Both of these can be achieved using redistribution. You can redistribute routes between BGP and OSPF at R2 and R4 such that the appropriate routes are learned. More about redistribution can be found at this lesson:

But beware of how you redistribute. If you redistribute BGP into OSPF, it could be potentially overwhelming for the OSPF routers, as OSPF is not designed to handle the vast sizes of the BGP routing tables. For this topology, you’re OK of course, but in a real situation, it is not considered best practice.

I hope this has been helpful!

Laz

Hey Lazaros, Thanks for the brief explaination. It actually worked when i ran internal BGP, and also redistribute routes.
I will keep this in mind for the future, always a pleasure discussing with you!

Hi Rene,
Amazing lesson, but I have a question, what is the difference or the relationship between network and neighbor command, I mean each network that is advertised in BGP is advertised just to the neighbors adjacencies?

Hello Michael

The neighbor command is used to create BGP peerings between BGP routers.

The network command is used to indicate which networks or prefixes will be advertised to the defined BGP peers.

If no additional configurations are implemented, then by default, all of the prefixes defined by the network command are advertised to all of the configured BGP neighbors.

I hope this has been helpful!

Laz

Hi Laz,
I understood perfectly, thank you so much

In the above image, i have configured EBGP neighbor adj between R1/R2 and R2/R3.
When i try to ping R3 from R1 it didn’t work and visa-versa.
Then i added all the networks using the network command.
Then it was all working.
Is it a good way to establish connectivity between different AS using the networks that have already been used to establish adjacency using neighbor command. Please suggest.
Thanks.

Hello Aamir

When you create eBGP neighbor adjacencies, you are essentially creating BGP peerings between routers. Once a peering is created, if no additional configurations are set, then no routing information is exchanged. You must inform BGP which networks you want to advertise.

There are two ways to tell BGP to advertise a route. One is the network command. The other is redistribution. If you do neither, then no networks will be advertised. And yes, it is expected behavior then that R1 will not be able to ping R3.

For more information about advertising networks in BGP using the network command as well as redistribution, take a look at this lesson:

I hope this has been helpful!

Laz