Internal BGP (Border Gateway Protocol) explained

(Lazaros Agapides) #105

Hello sims

AS2 requires the use of a routing protocol INTERNALLY in order to be able to share the routes it learns from other autonomous systems among all of its internal routers (R2, R3 and R4). Technically it is possible to do so, and the scenario described here would have no problem in running EIGRP for example within AS2. However, on the real Internet, an AS may contain hundreds of thousands of prefixes in order to accommodate the routing table of whole sections of the Internet. This would mean that EIGRP running within AS2 would have to advertise hundreds of thousands of routes. EIGRP and all other IGMPs are not designed to deal with such large numbers of prefixes and would very quickly malfunction. BGP however is designed specifically for such circumstances, and thus can handle such large numbers of prefixes/routes.

I hope this has been helpful!

Laz

#106

Team,

I think there should be a diagram after this paragraph
"ibgp

In our scenario AS1 has a loopback interface with network 1.1.1.0 /24 and AS3 wants to reach this network. This means we’ll have to advertise this network through BGP. Here’s what it looks like:"

(Lazaros Agapides) #107

Hello anon84396266

Yes, it looks like a broken link to the image. I’ll let @ReneMolenaar know. Thanks!

Laz

(Rene Molenaar) #108

Thanks! I just fixed it.

1 Like
(Minh D) #109

Hi Rene,

I have questions related to the ISP network:
From my point of view:
• Most modern ISPs are using MPLS in the core (between PEs will be BGP, between PE & P will be OSPF or IS-IS). Is that correct?
• Do they use only one VRF (for example: Iet_Leased_Line_Cus_VRF) for all Internet customers or multiple VRF like North_Iet_Leased_Line_Cus_VRF, South_Iet_Leased_Line_Cus_VRF, etc? I still confused on this :pensive: . The ISP will use only one VRF or they will devide into multiple VRFs and do the routing leaking between the VRFs ? Please help to make it sense.
• The connection between PE and Access switch is trunk and be bonded likes Etherchannel, LACP, etc. (PE is router on the stick). Each customer will be in a VLAN and the respective sub-interface on PE will be in the VRF. Is that correct?

Please correct me if I’m wrong and also provide more value information about ISP network design :slight_smile:

Thank you,
Minh

(Rene Molenaar) #111

Hello Minh,

It sounds like you have a good understanding of these concepts :slight_smile:

ISPs / service providers often use MPLS in their core networks yes. One of the advantages is that you don’t have to run iBGP on each and every core router. I have a lesson where I explain this:

On the P and PE routers, we use an IGP like OSPF or IS-IS, on the PE routers we use iBGP.

VRFs are often used in MPLS VPN where you want customer routing to be separated 100%. You don’t really need this for just Internet access. With MPLS VPN, you typically use a different VRF for each customer and then use route leaking to import/export routes between VRFs when needed. For example, for Internet access or shared resources.

If a PE router is connected to CE routers through an access switch then yes, we use sub-interfaces on the PE router for each VRF and a different VLAN on the switch for each VRF. That’s how we keep things separate on L2.

I don’t have a lot of lessons about design but there are some good books out there about ISP designs. Even some of the old ones can be interesting to see how things have evolved over the years.

Rene

1 Like
(Minh D) #112

Thank you for the explanation, Rene.

Enjoy your weekend,
Minh

(Pipat S) #113

it seems BGP acts like something on top of IGP, we cant cut out IGP right ?
because whenever Administrative Distance of BGP is lower(like external BGP AD=20), that route will be installed into routing table.

(Lazaros Agapides) #114

Hello Pipat

BGP does indeed interoperate with IGPs, but of course we can’t cut out IGPs. Take a look at this post that compares BGP to OSPF.

The comparison could well have been between BGP and any IGP. The above link describes the role of BGP as compared to that of IGPs. Each one does indeed have a specific role that is ideal for its purpose. BGP and IGPs do indeed complete each other :slight_smile: .

I hope this has been helpful!

Laz

(Brian C) #115

Ok I ran into something I cannot figure out!!!

So I just cannot seem to get away from route even though I passed the test. I am now studying Tshoot and working through tickets. I realized on some tickets I could not remember all the commands as well as I would like so I figured I would rebuild these all in GNS3.

Well I did and I understand I think the topology and everything in the lesson here but then I was like I will start messing around with the topology and make changes see what happens. basically I was trying to get a really good grasp of how prefixes move through IBGP and really taking a deep look at next hop self and split horizon as well as the neighbor commands with update, and next-hop and remote-as.

I then decided I wanted to be able to ping from R3 and see how far I could get. I saw that 3.3.3.0/24 was not in R1 routing table so I added the “network 3.3.3.0 mask 255.255.255.0” to R3, and I was then able to see 3.3.3.0/24 in R1 table. Now at this point I am working with the exact same topology as you have just added the one network to iBGP.

I checked a ping from R3 to 192.168.12.2 it was successful.

R3#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/15/32 ms
R3#

Next I tested to R1 and pinged 192.168.12.1

R3#ping 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:

Success rate is 0 percent (0/5)
R3#

I could not ping. Whats more when I check the routing table I see that it tries to get to 192.168.12.1 via 2.2.2.2 which is R2. So its going to the correct router though I would rather it had used 192.168.23.2. Honestly I think this has something to do with my problem but I cannot explain it logically except that this is beeping red to me saying this is perhaps connected and the reason.

here is R3 routing table:

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B 192.168.12.0/24 [200/0] via 2.2.2.2, 00:16:43
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 2.2.2.2, 04:38:28
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.23.2, 04:40:29, FastEthernet0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
B 192.168.45.0/24 [200/0] via 4.4.4.4, 04:36:18
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 192.168.34.4, 05:03:49, FastEthernet0/1
C 192.168.23.0/24 is directly connected, FastEthernet0/0
C 192.168.34.0/24 is directly connected, FastEthernet0/1

Now if I ping from R1 to R3 I have no issues as long as I have the network command I added on R3 See below.

R1#ping 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms
R1#

So R1 can reach back to R3

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, FastEthernet0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
3.0.0.0/24 is subnetted, 1 subnets
B 3.3.3.0 [20/0] via 192.168.12.2, 00:25:49
B 192.168.45.0/24 [20/0] via 192.168.12.2, 04:41:47
R1#

You can see here that the path to 3.3.3.3 has the actual next hop address instead of the router ID. Normally though if you can get to something then you can find your way back. Since it can find its way back my logic was saying that that should have worked via R3 as well. However, I really believe its tied to the using the router ID instead of IP addresses. I am probably missing something so blaringly out in the open that I just “cannot see the forest for the trees”

below is the basic topology I created but its identical to the post plus the added network command under bgp on R3.

Capture

I basically was trying to reach the 192.168.12.1 address from R3 and R4. I was trying to do so without using OSPF on R1 and R5. There was not reason in a real world situation that I would need to I was just trying to really get my mind wrapped about things and that’s when I found this little conundrum.

What am I missing hopefully I find it before you guys answer but its late and I am getting tired so probably wont find it tonight. If I do I will update.

(samit k) #116

Hi Rene
I did not get your this phrase “you are forced to use physical interfaces” could you please rephrase it for me

(samit k) #117

Hi Rene
why do we need to use physical interfaces as lo interface can work well.

(samit k) #118

hi Rene

i am still not clear with your explanation.

(Lazaros Agapides) #119

Hello Brian

When you ping from R1 to R3, you will use a source address of 192.168.1.1 and a destination address of 3.3.3.3. When you ping from R3 to R1, the source address used of R3 for the ping will by default be the IP address of the interface through which the ping will be routed. In this case, the source address will not be 3.3.3.3 but 192.168.23.3. Now if you look in the routing table of R1, you will see that the 192.168.23.0/24 subnet is not there. Therefore R1 will receive the echo request successfully but it doesn’t know how to send it back to the source IP because it has no route to 192.168.23.0/24.

Now if you try an extended ping from R3 to R1 using the source address of 3.3.3.3, then the ping should be answered because as you correctly described, the 3.3.3.0 subnet is indeed in R1’s routing table.

I hope this has been helpful!

Laz

(Lazaros Agapides) #120

Hello Samit

The original question was “can we do away with OSPF and use loopback addresses for BGP peering by advertising the loobacks of each BGP router”

Rene’s answer was one of the reasons why this is not possible. Without OSPF, the loopbacks cannot be advertised to all of the BGP routers within the AS because of the fact that any such advertisements would not reach all of the required routers due to the iBGP split horizon rule. So, if you want to avoid using OSPF, you will be required to have a physical connection between routers R2 and R4 and to use the physical interface IP addresses for BGP peering. This will allow iBGP to be implemented without OSPF or some other IGP.

I hope this has been helpful!

Laz

(Brian C) #121

actually it is helpful. I have ran into that in the work place. I just was so focused I was not seeing it. I have actually ran into that in the work environment. where we had a bgp prefix of a customer and we needed to test to see if they could get outside the ISP network. My initial pings did not work because of something similar here where the IP being used by default by the ping was not the correct one and we had to use the source command. So that is vey similar to this except in those cases it was actual public IPs and not loopbacks. However, now that you have pointed it out and its allowed me to step back and see from a further out it makes perfect sense.

Thanks!

1 Like
(Vinod A) #122

Hi Rane, Thanks for explaination . Is it good idea to change next-hop at each ibgp router /speaker . what is other option that can we use.

(Lazaros Agapides) #123

Hello Vinod

If there is no next hop, we can’t install the prefix from BGP into the routing table. So in order to fix this, we can either change the next hop IP address with the next-hop-self command or we can advertise the network in question using a routing protocol, either an IGP or via BGP so that the network will be in the routing table and the prefix will be installed in the routing table from BGP.

I hope this has been helpful!

Laz

(Gareth W) #124

Why does eBGP have a lower admin distance than iBGP? Surely if a route is available from within the internal network then that should be used?

(Lazaros Agapides) #125

Hello Gareth

By default, eBGP has an AD of 20 while iBGP has an AD of 200, and all IGRPs are somewhere between. This is done on purpose. If you learn of a route to a destination via eBGP, that means that that destination does not exist in your AS, but it was learned from another AS. If for whatever reason the same destination is advertised by any other routing protocol (IGRP or iBGP for example), the eBGP should take precedence, because if you want to reach that destination, you will definitely what it to be routed via eBGP to the external AS and not via your own network. This is because eventually, you will have to exit your network again (from the same or a different point) to get to that destination because by definition it is not in your AS.

Now if you learn of a destination via iBGP, you know that the destination is in your AS. But, if that same destination is advertised by an IGRP such as OSPF or EIGRP, then you would prefer to use those routing protocols to get there, because they converge faster and they are more appropriate for routing internally. This is why iBGP has a higher AD than the IGRPs. iBGP will only be used if the destination is not advertised in any other way.

So in short, eBGP should be preferred to any IGRPs for any destination learned via eBGP, because such a destination is in a different AS, therefore even if another routing protocol advertises the same destination, it is preferable to go directly via eBGP outside of your AS.

iBGP should always be the last choice because such a destination is in the same AS and if you have the same destination advertised via an IGRP, it is preferable to use that.

I hope this has been helpful!

Laz