IOS Configuration: BGP
Basic Configuration
Router(config)# router bgp <ASN>
Neighbors must be explicitly defined along with their AS number:
Router(config-router)# neighbor <IP address> remote-as <ASN>
IBGP connections are formed between same ASNs; EBGP connections are between different ASNs.
The network command in BGP is used to define which networks to advertise (not which interfaces should run BGP).
Router(config-router)# network <network address> mask <subnet mask>
Peer Groups
Peer groups are defined to efficiently apply policies to multiple neighbors:
Router(config-router)# neighbor <group name> peer-group
Router(config-router)# neighbor <group name> remote-as <ASN>
Router(config-router)# neighbor <IP address> peer-group <group name>
Router(config-router)# neighbor <IP address> peer-group <group name>
Neighbors can be temporarily disabled with neighbor {<IP address> | <group name>} shutdown.
Source Interfaces
The source interface from which to peer with a neighbor can be administratively set (ideally to a loopback):
Router(config-router)# neighbor 10.1.1.2 remote-as 100
Router(config-router)# neighbor 10.1.1.2 update-source loopback0
EBGP packets by default have a TTL of 1, requiring neighbors to be directly attached. This can be administratively overridden with neighbor <IP address> ebgp-multihop <hop count>.
Forcing the Next-hop Address
The next-hop-self command allows a router to substitute its internal address as the next hop for a route to an external AS to ensure that its internal neighbors can reach it.
Router(config-router)# neighbor 10.1.1.2 next-hop-self
Route Summarization
BGP routes are summarized using an administratively defined aggregate route:
Router(config-router)# aggregate-address <network address> <subnet mask>
[summary-only] [as-set]
If summary-only is set, no more-specific routes will be advertised, just the summary. This is typical.
If as-set is used, all autonomous systems which the route traverses will be recorded in update messages.
Authentication
A password can be applied to a neighbor statement to force MD5 authentication. This is very common between peers on the Internet.
Router(config-router)# neighbor <IP address> password <password>
Influencing Route Selection
Weight Attribute
The weight attribute is Cisco proprietary, and is considered before any other attribute.
Weight is local to the router and not propagated to other routers.
Weight is a 16-bit value; higher is preferable. Default is 0 if the route is learned from a peer, or 32,768 if sourced locally.
Router(config-router)# neighbor {<IP address> | <group name>} weight <weight>
Local-Preference Attribute
Local preference is a 32-bit value; higher values are preferred. Default value is 100.
Configured as a default:
Router(config-router)# bgp default local-preference <value>
Configured per prefix (via a route-map):
Router(config-router)# neighbor {<IP address> | <group name>} route-map <map name> in
MED Attribute
The multi-exit discriminator is used to influence path selection by external neighbors routing into the AS.
Default MED value is 0; lower is preferred.
Configured as a default:
Router(config-router)# default-metric <value>
MED can also be configured per prefix via route-maps.
Verification and Troubleshooting
show ip bgp [summary]show ip bgp neighborsshow processes cpudebug ip bgp [dampening | events | keepalives | updates]
Resetting Neighbors
Configuration changes can necessitate a hard reset of neighbors:
Router(config-router)# clear ip bgp {* | <address>} [soft [in | out]]
Drawbacks of a hard reset include:
- The time taken to re-exchange routes and the interruption in the routing process
- Hard resets count as a link flap
- Re-exchange of routes could generate a large amount of traffic
Soft resets achieve the same goal without counting as a link flap, and can be applied inbound or outbound.