Internal BGP (Border Gateway Protocol) explained

lagapidis · December 28, 2020, 10:30am

Hello Sims

A RIB failure will occur if a route is learned via BGP, and that route already exists in the local routing table learned from a source with a lower AD. In other words, if BGP advertises the 5.5.5.0/24 prefix to RouterA, but RouterA already has a route to this destination in its routing table with a lower AD, BGP marks the route with a RIB failure designation. More info on this can be found at the following Cisco documentation:

Now in this scenario, would the AD value of OSPF cause such a RIB failure? Well, iBGP has a default AD of 200, OSPF a default AD of 110 and eBGP a default AD of 20. Static routes have an AD of 1 and directly connected routes an AD of 0.

In the topology described in the lesson, the routes as they are learned via OSPF and via BGP are never in conflict. OSPF is only running on R2, R3, and R4, and the routes learned via OSPF are 192.168.23.0/24 abd 192.168.34.0/24, as well as the loopbacks of R2 and R4. BGP advertises only the 1.1.1.0/24 network and the 192.168.45.0/24 network. This means that OSPF and BGP in this topology are advertising different networks, and thus will never get into the situation of a RIB failure.

Now this is one of the reasons why the default AD values are set the way they are. Routers should prefer routes within an AS that come from an IGP such as OSPF or EIGRP rather than iBGP. This is because IGPs have been designed to be the primary routing protocol to be used within an AS. But they should prefer eBGP routes over any IGP, because any routes to destinations outside of the local AS should not be routed using IGPs, but eBGP which is what it was desinged for. This is why eBGP AD is lower than all IGPs and iBGP AD is higher than all IGPs.

I hope this has been helpful!

Laz

eugene.moshi · January 1, 2021, 11:17am

Hello Rene
Take an assumption, now we have two customers using the same AS number as per the diagram. How can I be able to advertise a network on R2 using ebgp and be learned on R1, both in the same AS number ?

lagapidis · January 3, 2021, 7:50am

Hello Eugene

When creating topologies with BGP, there are certain rules that must be followed. One of those rules is that within a particular AS, all BGP routers must become full mesh iBGP peers. Another rule is that you cannot have two separate AS’es using the same AS number. The situation that you describe above violates both of those rules.

So in order to make this topology work correctly, you must either connect R1 and R2 to each other so they can become iBGP neighbors, OR, you must use different AS numbers for R1 and R2. Otherwise there is no way to advertise a network on R2 using eBGP and have it learned by R1.

I hope this has been helpful!

Laz

sims · March 16, 2021, 10:25am

Hi,
Why do we need iBGP,
EBGP provide path vector routing between different AS
once the packet gets into the AS further routing is handled by IGP
So why do we need iBGP
Thanks

lagapidis · March 19, 2021, 6:01am

Hello Sims

This can often be a confusing part of BGP in general, and your question makes sense. Think about it this way. Imagine you have AS 100 and AS 200. Within each you are running OSPF. Now you have R1 which is within AS 100 that is not an eBGP router. In other words, it is not found on the edge of the AS and is thus not running eBGP. Now R1 wants to send a packet to R2 which is in AS 200.

Can it do it using OSPF? No because OSPF is not aware of anything in AS200
Can it do it using eBGP? No because R1 is not connecdted to any eBGP routers in some other AS

It can only do it if it learns about the IP addresses of routers in other ASes, and it can only do this using iBGP.

In other words, iBGP is used to inform routers within an AS (that are not eBGP routers) of routes to destinations in other ASes. And specifically, iBGP tells such routers what the next-hop BGP router is. That next hop BGP router is actually the exit point of the local AS that should be used to get to the desired destination.

I hope this has been helpful!

Laz

sims · March 24, 2021, 4:50am

Sorry I did not get the above point

lagapidis · March 25, 2021, 8:09am

Hello Sims

Take a look at this diagram:

Imagine that within each AS, OSPF is being used, and between AS’es, eBGP is being used. Now the router circled in red has no direct connection to routers in other AS’es. It has no eBGP peerings.

How will this router learn about routes in AS5? Via OSPF? No, becaues OSPF doesn’t know anything outside of AS2. Via eBGP? No, because our router has no eBGP peerings.

The only way it can learn about IP address destinations in AS5 is if it learns them via iBGP. In other words, the two eBGP routers in AS2, that have learned about the IP address destinations in AS5 will advertise these to our router using iBGP. This is why, in a basic iBGP configuration, full mesh iBGP peering within an AS is required.

I hope this has been helpful!

Laz

sims · March 29, 2021, 3:26am

What if we redistribute into IGP ?. Apart from the size of the routing table what are the other issue ?
Thanks

lagapidis · March 31, 2021, 6:56am

Hello Sims

The primary problem with redistributing into the IGP is indeed the size of the routing table. IGPs are not designed to learn about routes to destinations outside of the local AS. Of course you could filter out routes to make sure that the routing tables remain small, but that’s an additional administrative overhead for you. If you do this in your own enterprise network, then sure, that’s possible, but you can’t do that within an AS that functions as a transit AS for other internet traffic. It would become difficult to administer, especially since advertised BGP routes change all the time, and you’d have to modify your filtering accordingly.

In other words, it can be done, but it adds administrative overhead that is unnecessary. To be honest, I can think of no benefit to configuring it in this way.

I hope this has been helpful!

Laz

shxmi1 · May 20, 2021, 8:12pm

Hi Rene,
I have a question regarding the iBGP neighbor adjacency. Is there any way we can use SVI on Layer3 switch to create the iBGP neighbor adjacency? Is there going to be any issues if we create BGP neighbor with SVI? I cannot really replicate the scenario with GNS3. Thank you!
Bruce

lagapidis · May 23, 2021, 9:08am

Hello Bruce

When you issue the neighbor command in BGP, it will always use the interface on the local device that is “closest” to the neighbor IP to send and receive BGP information. This could be a physical interface, a subinterface, or even an SVI, just as long as it is a Layer 3 interface that has been assigned an IP address and is up. So yes, you could use an SVI as the source for BGP advertisements.

If you want to force a particular interface, such as an SVI interface, to be used for BGP advertisements even if it is not the “closest” interface, you can use the update-source keyword in your neighbor command to do this.

An example of this usage can be seen in the following lesson, where a loopback interface was specified using this command:

I hope this has been helpful!

Laz

anoopst1993 · July 31, 2021, 4:27pm

so the reason we dont redistribute from bgp to ospf is because ospf cant handle that many routes
1.so the issue is with the alogorithm of ospf compared to bgp ?
2.how many routes can ospf handle
eg.like lets say there is 10000 prefix can ospf handle that many prefix so that we can avoid using BGP

lagapidis · August 5, 2021, 10:36am

Hello Anoop

The problem isn’t simply that OSPF can’t handle that many routes, but the fact that OSPF, like all IGPs, is designed specifically to route traffic within a single Autonomous System.

This is not a limitation of the OSPF algorithm, but a part of the actual design of routing. The architecture of routing itself is such that within an AS, you need not know about all possible routes in the world. It wouldn’t make sense to do this, as no routing protocol is able to handle such a huge volume of routes. Routing has a hierarchical structure and divides the burden of routing between EGPs and IGPs. External Gateway Protocols (EGPs) such as BGP deal with inter-AS routing, while IGPs deal with internal routing.

This depends upon the CPU and memory of the router running OSPF. There is theoretically no limit to the number of routes an OSPF router can have, but typically it’s a good idea to keep it less than 1000. This is just a general guideline and should not be used as a solid limit. Remember OSPF is separated into areas in order to limit OSPF database sizes and make it more efficient. Now there is a way to limit the number of redistributed routes so that an OSPF process can prevent the router from being flooded by too many redistributed routes. More info on that can be found here:

I hope this has been helpful!

Laz

wilder7bc · September 25, 2021, 5:10pm

So on this formula is confusing the hex out of me. I know the guys that created this formula understand math so it has to be me looking at this wrong…

X*(X-1)/2

here is how I was seeing it:

if you had 2 routers you have 2(1)/2 = 1

That means you have 1 neighbor adjacency per router? but since you have two routers you have a total of two entries.

if you had 3 routers you would have 3(2)/2 = 3 So you would have a total of 3 adjacencies per router so 9 entries etc…

=========EDITED===============

Never mind on the formula I see how they are getting it they are counting both sides of the adjacency as one

Meaning an Adjacency between R1 and R2 that had singles neighbor would not be counted at one entry on each router (even though your having to do the work by inputting it twice).

So you count that as one Adjacency it just didnt make sense to me because of why you would have the formula and for me the reason to have the formula would be to tell you how much work you had to do lol…

So I guess if you wanted to find the work/energy of this task you would just take whatever number that formula gave you and multiple it by two to get a real answer on how much work your doing lol…

in addition ran into this issues as well:

something I dont understand is that you say the following;

What we’ll do is advertise the 192.168.45.0 /24 prefix into BGP, we can do this on R4 or R5:

R5(config)#router bgp 3
R5(config-router)#network 192.168.45.0 mask 255.255.255.0

However, at least on the semi newer routers this does not work. The reason being you have connected/static routes for both 192.168.45.0/24 and 192.168.12.0/24 and these static routes have better ADs and for this reason it will give you a RIB-Failure. Since you get a RIB-Failure shown by the following “r>i 192.168.12.0, r>192.168.45.0” it will not put it in the routing table so that route wont be used.

So that did not allow me to ping. in order for me to ping I had to create default route on my customer facing router of R1 and R5.

R1= 0.0.0.0 0.0.0.0 192.168.12.2
R5 = 0.0.0.0 0.0.0.0 192.168.45.4

This worked for me and its common to have a default route on your edge devices as I see it a lot.

Anyway just curious why you did not get the same errors on this lab as the documentation did not work for me as far as pinging the edges.
--------------------------------------------------------------------------EDITED----------------------------------------------------
Well I went back and worked on this some more and while its true the RIB command stops it from being put in the routing table of some of the routers who have the static route/connected route it looks like it will still add it in the routers that do not have the static/connected without the RIB error.

In addition, when I advertised the 192.168.45.0/24 from R4 and the 192.168.12.0/24 from R2 then I was able to ping from R1 to R5 and the reverse.

So it does work that way also and of course the default route works as well.

is it ok to have RIB errors like that are they harmless?

P.S. also in your config for R1 you forgot to add loopback 0 for 1.1.1.1/24

lagapidis · September 28, 2021, 8:43am

Hello Brian

Thanks for responding to your own posts when you do resolve an issue, or when you get new insight during your troubleshooting. It is helpful for all users to see this thought process.

Just a note about the RIB failure. A RIB failure in and of itself is not bad. On R5, you get a RIB failure because the 192.168.45.0/24 network is directly connected, so that route is installed in the routing table rather than the route learned via BGP. However, keep in mind that such a BGP entry will still be advertised to BGP neighbors, so other BGP routers will be able to learn about that network.

Take a look at this NetworkLessons note for more information:
https://notes.networklessons.com/bgp-rib-failure

Thanks for pointing that out, I’ll let Rene know…

I hope this has been helpful!

Laz

ReneMolenaar · October 7, 2021, 11:55am

Thanks @wilder7bc I fixed this.

Rene

venus.grc · December 1, 2021, 7:56am

I have the same topology and i need R2 and R4 directly connected but with IBGP configuration on it via Loopback 0. The Physical Interface between R2 and R4 has 10.67.32.152/29 and 10.67.32.1 and .2 for Loopback IP on both routers 1 and 2. I think i am having a loop cause my remote access to the device has gone down and ping test has failed. Would you please suggest on what needs to be done.

lagapidis · December 3, 2021, 7:38am

Hello Venus

Before you involve BGP configurations at all, you must first ensure that the routers found within AS2 have properly working routing configurations. If you want to add a link between R2 and R4, you should be able to do that with the IP addressing spaces that you choose. How are you achieving routing within AS2? Are you using OSPF like in the lesson? If so, make sure that you are including the appropriate routes using OSPF, including your loopbacks.

If you have lost connectivity, then it may be that routing has been misconfigured so you can’t reach the desired interface via IP, or a static route has caused a routing loop that is overwhelming the routers, thus causing them to lose connectivity.

I suggest you troubleshoot the internal routing of R2, R3, and R4 before moving ahead with your BGP configuration. Determine where the routing has gone wrong so that you can regain access and move on to your BGP configuration. Let us know how your troubleshooting is coming along.

I hope this has been helpful!

Laz

anoopst1993 · December 7, 2021, 11:34am

HI Rene,

This is a interview question

My LDP router id, OSPF router id and BGP router id is different, will it work to forward the traffic of customers or not?

I answered Yes didnt got any response from interviewer i am bit confused

lagapidis · December 9, 2021, 6:27am

Hello Anoop

I agree with your answer!

The router ID used for each routing/switching process such as BGP or OSPF, or LDP, is used only within that routing process and is never shared or required by other processes. So the OSPF router ID is used only by the OSPF process. It will not affect the BGP or LDP process in any way.

LDP, OSPF and BGP would be used simultaneously within an MPLS Layer 3 VPN implementation delivering connectivity between multiple customers. The context of the question seems to be pointing to such a scenario. Even so, the router ID used for each process still remains independent.

It seems that the interviewer wanted to also test your confidence in your answer, giving no indication of correctness… Don’t let them unnerve you, simply be confident in your skills and abilities. I wish you success in your interviewing process!

I hope this has been helpful!

Laz