THIS SET IS # 0188 OF 5,000…









1:36 SCALE




BGP Part 3

Building the BGP table

Once peerings are established, UPDATE messages are exchanged to advertise NLRI and build the BGP table

Routes local to the AS can be orginated either by process level network [network] mask [subnet mask]  statement or redistribution.

Unlike IGP, networks do not have to be directly connected to be advertised, they only have to be in the routing table.

With IGP we match the interface. with BGP we match whats in the routing table.

The edge router will run BGP, they will orginate the network statements.

Prefixes in local routing table learned via OSPF can be advertised with BGP network statement.

eBGP has AD of 20

iBGP has AD of 200

eBGP routes will always be perefered over iBGP.

IGP is always prefered over iBGP

If we are learning a route from eBGP, it means that it is outside our own AS. If we are a learning a route from IGP, it means that it is inside our network.  We will trust our IGP routes over iBGP for routing inside our own AS.

This is why need IGP underneath, for TCP transport and loop free routing inside our own AS.

We advertise our networks that are learned via IGP.

show ip bgp summary – shows local as number, BGP table version 1. When we send send updates, the version number increases. prefrvd – we should see a numerical value if we are getting routes.

show ip route – all known routes to the router such as connected routes as well as IGP learned routes.

Advertising routes into BGP

config t

router bgp 200

network mask

network mask

verify bgp table

show ip bgp – what prefixes are originating. greater than sign means it is a best route. You can only install the best route into the routing table and only allowed to advertise the best path.

show ip bgp network mask – detailed overview for the network

show ip bgp neighbors advertised-routes – we can see if we are  stil propagting routes to this neighbor and the total number of prefixes.

iBGP routers will learn BGP routes from their eBGP neighbor.

BGP best path selection will be used when there is muliple paths to routes.

BGP next hop never changes once a route is sent to a eBGP neghbor.

When a route comes from a eBGP peer and it is sent down to its iBGP neighbors, the next hop will not change.

BGP Part 2

Establishing BGP Peerings

Like IGP, first step in BGP is to find neighbors to exchange information with

Unlike IGP…

– BGP deos not have its own transport protocol.

– Uses TCP port 179.

– For BGP neighbors, they will have to have IP reachability.

– BGP neighbors are not automatically discovered. We have to manually define our neighbors. BGP is policy based.

– Manually configure neighbors via neighbor statement

BGP Neighbors do not have to be connected

– IGP is always on a link-by-link basis

– BGP is a logical peering over TCP. BGP does not care where the neighbor is. There could be multiple routers in between them, along as they have TCP connectivity they will able to peer.

– Implies that BGP always needs a IGP underneath, like EIGRP or OSPF to provide the TCP transport.

BGP has different types of neighbors

External BGP vs. Internal BGP.

BGP Packet Formats

Peering Packet Formats

Uses four types of packets

– Open

– Keepalive

– Update

– Notification

BGP Open message

Use to start the BGP peerings

Includes information such as:

BGP version – should be version 4. Everyone has to aggree on the version.

Local ASN

Local Router-ID. Must be unique.

Hold time

options – AKA capabilities.

BGP Keepalive Message

– Basic hello, to ensure neighbor is up.

– Used for dead neighbor connection

– if hold time = 0. keepalives disabled. If we use a keepalive of 0, the holdtime will be disabled.

BGP update message

– Where the actual data is going to be sent. It is where we advertise or withdraw prefixs.

– Includes withdrawn routes – some route that we want to remove from the table.

– NLRI. New routes that we are updating

– Path vector attibutes

– Attributes for each individual routes where the BGP best path selection will be used to determine the best path.

BGP Notification Message

– Used to convey error messages. If there is a problem on the link BGP will send out a notification of the error.

– if a BGP speaking router is going down and we do not hear a keepalive within the holdtime a notification will be sent.

– After notification is sent BGP session is closed.

– BGP routers do not agree on the version a notification message will be generated that the connection is going down as the version is not supported.

– unsupported optional parameter. if i am routing IPv4 and my neighbor is routing IPv6, there will be an error.

– unaccepatable hold time

– unacceptable hold time

– hold timer expired.

BGP Peering state maching

BGP state machine keeps track of the Peering establishment.


– waiting to start 3 way handshake – TCP uses port 179 to establish a peering.

Client will send a SYN message to the server – I want to start a session with you

Server will respond with and SYN ACK

Client will then send a ACK back to state that the connection has been fully agreed.


waiting to complete 3 way handshake, we are in the process of setting up the TCP connection.


3 way handshake has failed. try again. Activite state is always BAD. if we dont get pass the tcp handshake there is a problem with TCP such as an ACL filtering the TCP connection,

Open Sents

3 way handshake is complete, open message is sent. Open message is used to negotiate the attributes.

Open Confirm

open message received, everything is agreed upon.


Peering complete.

if we loook at show ip bgp summary the acutal routes can now be exchanged.

debug ip bgp – will show how we progress through the state machine.

BGP Peering Types

External BGP (EBGP) Peers

– neighbors outside my Autonoums system. AS numbers do not match between routers.

Internal BGP (IBGP)

– neighbors inside my own Autonoum system. If my AS matches with your AS, then we are in the same AS.

EBGP Peerings

Peers in different Ases

We have a customer edge router, that is doing a peering with the provider edge router. If I am buying a data circuit from AT&T, I will do a direct eBGP peering up to them.

can be “multiphop” where there are multiple routers in between the acutual BGP routers who want to do the peering. Protection mechanism to protect the count to infinty, which is the TTL.

Once the eBGP neighbor is established, it will use AS-Path attribute for loop prevention.

If I advertise a route out I will put my AS in the path, if i get that route  back, i will know its my own route and discard it.

If i receieve and update back from an eBGP peer with my own ASN in the AS-Path, discard it – loop prevention

iBGP peerings

Peers which belong to the same AS

Many times iBGP neighbors are not directly connected which implies IGP needed underneath to provide TCP transport. An underlying IGP protocol is needed to provide TCP transport.

If you learn a route from an iBGP peer, you should not advertise that route to another iBGP peer. Every router should be in a full mesh design. Every iBGP within the same AS must peer with each other.

BGP Peering Redundancy

BGP peering is based on TCP reachability to peer address. We have to have a solid and reliable TCP connection.

If peer addresss is unreachable, peering goes down

If IP adress of serial link is used for peering and serial link goes down, peer goes down.

For redundancy there are multiple links, If I have multiple links between R1 and R2, if 1 link goes down I will have a backup link to re route data to.

R1 and R2 peering between multiple serial links if one serial link goes down, we will not be able to re roure as the IP address assoicated with the serial link has gone down.

Using loopback addresses for peering allows re routing around link failures and adds redundancy. If any of the routers link is up, loopback can be reached.

Defined as update-source for TCP session. What IP address do you want to ues when generating the TCP connection.

Basic BGP Configuration

Enable Global BGP process

– router bgp [ASN] public AS allocated by IANA

Establish BGP peers

– neighbor [address] remote -as [remote ASN] statically configure individual peers. Based on ASN, will they be iBGP or eBGP based on ASN.

Basic BGP verification

Verify BGP peerings

– show ip bgp summary – our AS number, local ID what are my remote peers – what is their version and how many routes we are learning from them.

Verify BGP table

– show ip bgp routes are exchanged that go into the bgp table – use BGP best path selection

verify BGP table detail

– show ip bgp [network] [mask] individual prefix and their length.

verify routing tables

– show ip route [bgp] where we find the best routes from the BGP table.

iBGP Full mesh scalability

With iBGP we have to maintain a full mesh of peerings with each iBGP neighbor which does scale well if we have to many routers, it becomes unmanageable.

n* (n – 1) doesn’t scale

– 10 routers, 45 peerings

– 100 routers, 4950 peerings

– 1000 routers, 499,500 peerings

Can be fixed with two expections

– Route Reflectors

same logic as DR/DIS.

– Conferderation

Split the AS into smaller sub-ASes

Route Reflectors.

– Eliminates the need for full mesh of peerings.

– Incharge of receiving all BGP updates from iBGP neighbors and sending it back out to all other iBGP neighbors.

– We send one update to the Route Reflector, in turn the Route Reflector is responsible for sending it out to its clients, the iBGP routers.

– Each iBGP router will peer with the Route Reflector, instead of peering with every other routers.

– Breaks the Full mesh of iBGP peerings.

– Loop Prevention through CLUSTER-ID

– Cluster-ID is where the Route Reflector recieves a route update and wants to send it out to other iBGP sneighbors, once its sent out its going to add its own Cluster- ID (router-ID) and if its recieved back with its own Cluster-ID, it will discard it.

– There will be multiple route reflectors, for redunancy purposes as if one goes down everyone can be effected.

BGP Confederation

Reduces full mesh iBGP need by splitting the AS into samller Sub-Ases.

– inside Sub-AS full mesh or RR need remains. Takes our AS and breaks it into smaller sub ASes but within the small sub-as we still have to have that iBGP full mesh of peerings.

– Between Sub-AS acts like EBGP.

Devices outside the confederation do not know about the internal structure.

when updates go out to other ASes, the Sub-AS numbers will be stipped from the updates. It will be replaced with the actual public ASN.

– Sub-AS numbers are stripped from advertisements to true eBGP peers.

Typically uses ASNs in private range

(64512 – 65535)

BGP Peer Groups

For larger scale designs

Typically many peers share the same update policy.

iBGP neighbors share the same type of update policy.

From a Route Reflector prespective, its client will share the same updating policy

We are going to receieve updates from eBGP peers, from outside our own AS. Then we send the updates down to our Route Reflector Clients.

We have individual neighbor statements for all the iBGP peers, behind the scenes once the router runs the best path selection. it will need to generate an update message for each individual router. As we do not know if they all share the same update policy.

BGP peer groups reduce configuration and processing overhead by applying a template to the peers.

Peer group, groups neighbors together into the same update policy to reduce overhead. If I take R1 and R2 and put them in the same peer group, since the peer group has the same updating policy. the result of the best path selection is going to be the same on all three routers.

it will cut down the amount of config we need

it will also cut down on the amount of utilization that the BGP process will need.

Peer group is assigned parameters such as:

– remote-as

– route-reflector-client


Neighbor is specified as a member of the group

– peers in a group must be either all iBGP or all eBGP.

The full internet routing table now is around 350000 routes. Which means we will have 350000 routes going down to all neighbors.

BGP Peer Group Example

router bgp 1

neighbor IBGP_PEER_GROUP peer-group

neighbor IBGP_PEER_GROUP remote-as 1

neighbor IBGP_PEER_GROUP update-source loopback 0

neighbor IBGP_PEER_GROUP route-reflector-client

neighbor IBGP_PEER_GROUP next-hop-self

neighbor peer-group IBGP_PEER_GROUP

neighbor peer-group IBGP_PEER_GROUP

neighbor peer-group IBGP_PEER_GROUP

neighbor peer-group IBGP_PEER_GROUP

we are sharing a couple of commands between the peers. We are defining who is part of our peer group.

BGP Authentication

Like IGP authentication, BGP peer authentication protects control plane against attacks and misconfigurations.

BGP is based on TCP transport, hackers can send TCP packets to attack BGP speaking routers.

Without authetication, BGP susceptible to TCP Reset attacks to drop its peers. Very similar to Dos attacks

when we are exchanging BGP messages, we have to ensure that there is authentication.

Uses MD5 authentication.

Protectes BGP sessions via the TCP MD5 signature option

Simply configured as neighbor {address} password {password}

Misc. BGP Configuration

Modify peering source address

neighbor {address} update-source {interface} everyone has to agree the source address that they are peering from.

Enabling BGP authentication

neighbor {address} password {password}

Configuring BGP peer group

neighbor {peer-grooup-name} peer-group

neighbor {peer-group-name} {attrbiutes}

neighbor {address} peer-group { peer-group-name}

Enabling Route Reflection

neighbor {address} route-reflector-client – defined based on who our clients are.

Enabling Conferderation

Enable global BGP process

router bgp {sub-ASN} – some private address

Define Global BGP Process

bgp conferderation-id {ASN} – actual BGP ASN.

Define other Sub-Ases

bgp conferderation peers {sub-ASN] – who are else is part of the sub AS.


Configuring Route Redistribution

Redistributing routes from one protocol into another protocols is called mutual redistribution.

Configuring Route Redistribution

Redistributing routes from one protocol into another protocols is called mutual redistribution.

The need for route Redistribution

Transitioning to a more advanced routing protocol.

We might be migrating from RIPv1 to OSPF, it might no be an overnight upgrade. We might run a portion of the network with RIPv1 and another portion with OSPF, during that time we might migrate fully to OSPF, we will have to configure route redistribution between them so they have full reachability between them.

Merger of companies

We have a companies that merge together, one company was running OSPF and the other was running EIGRP the networks are in different administrative control, route redistribution becomes necessary to exchange routing information between them for reachability.

Different areas of administrative control.

When we throw multiple routing protocols together, we have a boundary router that sits in the middle. The boundary router will connect the various routing protocols together and its here we configure mutual redistribution.

R1 – R2 – R3


R2 will become our boundary router, R2 has interfaces in both domains and we will have to configure redistribution from one routing protocol into another.

Seed Metric

One challenge we might have when redistributing one routing protocol into another routing protocol is that routing protocols often use different metrics

we have to set a seed metric also called a default metric.

A seed metric will assign the metric once a routing protocol is redistributed into another routing protocols so its understood by the local routing protocol.

Can be defined in one of three ways:

– the defaul-metric command

– the metric parameter in the redistribute command

– a route map config

OSPF has a default seed metric of 20, so if routes are coming from EIGRP they will inherit a metric of 20 once injected into OSPF. .

We have to assign a seed metric to OSPF routes that are going into EIGRP.

If we have multiple routing protocols configured on routers with no redistribution in place, there will be no reachability between the routers as they are unaware of each other. We have to man perform the configuration.

if we have a portion of the network running EIGRP and another portion of the network running OSPF, we have to inject the EIGRP routes into OSPF and vice versa.

Redistribution syntax

Router ospf
Enables OSPF process on the router
Redistribute eigrp autonomous system number subnets
Redistributes routes, including subnetted routes , from a specific EIGRP autonomous system into the OSPF process
Router eigrp autonomous system number
Enable an EIGRP routing process on a router
Redistribute ospf process-id
Redistributes routes from a specified OSPF Process-id into EIGRP
Specifies the parameters used to calculate the seed metric for routes being redistributed into EIGRP, using the following EIGRP Metrics
Bandwidth in KPBS
Delay is in Microseconds
Reliability in maximum of 255
load is a minimum of 1
MTU default is 1500 bytes

What is BGP

Border Gateway Protocol Version 4 is currently in use today.

Protocol that is used on the internet to route on the internet between different ASes.

Considered an Exterior Gateway Protocol (EGP) as opposed to an IGP such as RIP and EIGRP.

We are using it for inter domain routing between different Autonomous Systems. It is used to exchange recachability information between different Autonoum Systems. (AS)

An AS is defined as a network under your own technical control.

BGP is a path vector routing protocol as it uses multiple attributes for the routing decision. BGP uses multiple attributes such as local pref, AS, med and weight.

Gives us the ability to control our routing policy  to enforce how traffic leaves our AS to out to the internet and how traffic from the internet is coming back to us.

If you don’t own your own IPv4 address space. ISP adverises their address space on your behalf.

BGP is a clasess protocol which supports VLSM and summraztion, whereas subnetting we take one major network and break it up into more subnetworks. With route aggreation where taking multiple subnets and combing them into a shorter match route.

Autonomous System (AS)

A set of routers under a single technical administration, using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the AS. We will use BGP to control traffic between ASes.

If I am buying a data circuit from AT&T or Britisih Telecom, I will be using them and running BGP to route to the internet.

Like IP address blocks, AS numbers must be assigned by the Internet Assigned Numbers Authority (IANA)

AS numbers are public and private. If you want to run BGP you have to apply for a AS number and justify why you would like to run BGP.

BGP ASNs orginally 2 bytes

BGP has now 4 bytes to provide more space.

Why use BGP

Scalability, the internet routing table is large our IGPs cannot scale to hundered of thousands routes. IGPs can scale to thousands of routes. BGP was designed with scalability in mind. BGP is responsible for holding the current global internet table.

Stability purposes, BGP is stable enough to handle routing and decision making at the same time.

We are an enterprise network and we have multiple connections out to the internet, BGP is used for redundancy purposes. Our networks will be “multi homed” We have one circuit out to AT&T and one circuit out to BT, BGP can be used to announce our network out to the internet and in return the enterprise network can learn destiantions that are on the internet. We also have failover in place so if one connection goes down we can still route out the other link.  Customer may have multiple upstream connections to ISPs . The Customer will

Another reason is that  we may be a service provider, acting as a transit network providing bandwitdh for customers. Will have the full routing table to make accurate decisions to forward data. Will have a exact match for each network.

ISP will have downstream peers (Customers.) The customer will be advertsing routes to us.  The ISP will have upstream connections to other ISPs, where they will learn the full routing table.

To enforce routing policy. Traffic engineering is possible, we have control what leaves our network and traffic that is coming into our network.

When not to use BGP

There maybe the case where you will not need to use BGP, you will have to look at the indvidual requirements.

The main reason you may not use BGP is if you have a single connection to an  ISP for internet connectivity, a single default route pointing out the ISP is more sufficent.

BGP takes a lot physical hardware resources to run the BGP best path selection.

its a general recommendation that you have at least 1GB memory to run the BGP best path selection.

If you do not have your own address space. ISP will advertise their IP address space on behalf of the customer.

BGP Data Structure

Like IGPs such as EIGRP and OSPF BGP uses three sepeate tables.

– Neighbor Table

Lists of active adjancies called perrings. Where we exchange prefixes with our peers. From an enterprise point of view, the edge router sometimes called the customer edge router will have a peering agreement with the provider edge router and do the actual exchaning of routes. The peers do not have to be directly connected.

– BGP Table

All prefixs learned from peers. Where the BGP best path selection is run on.

– IP Routing table

The best routes from the BGP table and the routes that are used for actual forwading.

How BGP works

Establish BGP peerings to build neighbor table. BGP does not own its own transport protocol, as opposed to OSPF which uses IP Protocol 89.

BGP will be using TCP port 179, to establish peerings between BGP speaking routers.

If two routers have IP connectivity, if they are able to ping each other they should be able to establish peerings.

Exchange updates to build BGP table

Select BGP best paths to build routing table.

MPLS Notes

MPLS is popular with service providers

Types of MPLS

– Cell mode MPLS
– Frame mode MPLS

With frame mode mpls the routing table will determine the outgoing interface by
looking at its routing table. The routing protocol such as eigrp or ospf will
determine this factor. MPLS will work over the routing protocol.

Once the packet enteres the mpls network the router will insert a label on
the packet.

It will be inserted between the layer 2 and layer 3 header.

MPLS is a layer 2.5 technology because the label is attached between the
layer 2 header and the layer 3 header.

The router will then make fowarding decisons based soley on the label and
not the destination IP address.

This will make fowarding more efficent as the router will no longer need
to make IP routing table lookups as the path is pre determined based on the

MPLS offers us many other beniefts such as traffic engineering and QOS. MPLS
is suited for VPN, which can add security for our networks.

The control plane will associate labels with the IP routes. The control plane
controls the protocol which does the label distruibtion. Every IP prefix has
its own label mapping. The control plane uses the LDP to populate the LFIB, the label fowarding information base.

CEF is required to run MPLS.

The data plane maintains the LFIB (label fowarding information base) and is used by mpls to send frames outside the apporiate interface.

inside a mpls network you have a:

LSR – Label swithc router. An LSR is responisble for swaping labels. Edge LSR can look at the destination address and apply a label based on the destination. This can happen when a packet enters a MPLS network. When the packet exits the mpls network the Edge LSR router is responsible for removing the label.

To enable MPLS we must have CEF confifured first.
We than use a protocol for label distribuition. We can use label distribuition protocol (LDP) or Tag distruibtion Protocol (TDP).

Router(Config)ip cef – Enables the CEF on all routers interfaces

Router(Config-if)mpls ip – enables the mpls label switching on the interface

Router(config-if)mpls label protocol ldp – specifies the label distribution protocol to be used by the interface.

Router(config-if)mpls mtu size – configure the maximum MTU size for the labels
as we are adding labels there will be additional data we do not want the packet to be greater than 1500, the default size. If this happens fragmentation can occur.

Config t
ip cef
interface fa 0/0
mpls ip
mpls label protocol ldp

config t
ip cef
interface fa 0/0
mpls ip
mpls label protocol ldp

LDP neighborship should form between the routers

config t
ip cef
interface fa 0/0
mpls ip
mpls label protocol ldp

Verify MPLS

show mpls interfaces
show mpls ldp neighbor
show mpls ldp bindings

As the title suggests, I will begin to pursue my Switch studies today. I passed my CCNA six months ago but yet to start any CCNP modules. The six months that have passed, I have been unable to find any employment, I’ve been looking around many job sites for work but cannot seem to find any suitable roles that require a CCNA candidate. I have also been looking for entry level jobs.

CCNP SWITCH is one of three modules required in order to gain the CCNP certification. The other two being ROUTE and TSHOOT.

There are various materials on the market which will help with study, I have decided to use CBT nuggerts Switch by Jeremy Cioara, Foundation Learning guide and hands on with cisco switch gear.

EDIT: It has been nearly a year since I have posted. I have been distracted with other duties. I have yet to acheive any of the CCNP Modules and I have decided it is time to get my head down and study towards the ROUTE. I have watched INE ROUTE COD videos. Need to dig in deep now.