BGP

BGP uses the following terms:

BGP speaker: A router configured to support BGP.

BGP neighbors (peers): A pair of BGP speakers that exchange routing

information.

There are two types of BGP neighbors:

Internal (IBGP) neighbor: A pair of BGP speakers within the same AS.

External (EBGP) neighbor: A pair of BGP neighbors, each in a different

AS. These neighbors typically share a directly connected network.

BGP session: A TCP session connecting two BGP neighbors. The session is

used to exchange routing information. The neighbors monitor the state of the

session by sending keepalive messages.

Traffic type: BGP defines two types of traffic:

Local: Traffic local to an AS either originates or terminates within the AS.

Either the source or the destination IP address resides in the AS.

Transit: Any traffic that is not local traffic is transit traffic. One of the goals of BGP is to minimize the

amount of transit traffic.

AS type: BGP defines three types of autonomous systems:

Stub: A stub AS has a single connection to one other AS. A stub AS carries only local traffic.

Multihomed: A multihomed AS has connections to two or more autonomous systems. However, a

multihomed AS has been configured so that it does not forward transit traffic.

Transit: A transit AS has connections to two or more autonomous systems and carries both local and

transit traffic. The AS can impose policy restrictions on the types of transit traffic that will be forwarded.
AS number: A 16-bit number uniquely identifying an AS.

AS path: A list of AS numbers describing a route through the network. A BGP neighbor communicates

paths to its peers.

Routing policy: A set of rules constraining the flow of data packets through the network. Routing

policies are not defined in the BGP protocol. Rather, they are used to configure a BGP device. For

example, a BGP device can be configured so that:

A multihomed AS can refuse to act as a transit AS. This is accomplished

by advertising only those networks contained within the AS.

A multihomed AS can perform transit AS routing for a restricted set of adjacent autonomous

systems. It does this by tailoring the routing advertisements sent to EBGP peers.

An AS can optimize traffic to use a specific AS path for certain categories of traffic.

Network layer reachability information (NLRI): NLRI is used by BGP to advertise routes. It consists of

a set of networks represented by the tuple <length,prefix>. For example, the tuple <14,220.24.106.0>

represents the CIDR route 220.24.106.0/14.

http://www.awsarchitectureblog.com/2014/1
2/internet-routing.html
A transit autonomous system is a network that is passing transit traffic (traffic
not originated nor terminated in the network) between remote autonomous
systems.

A non-transit AS is a network that transports only traffic originating or

terminating on an IP host (or server) within the network.

http://wiki.nil.com/%28Non
%29Transit_Autonomous_System
The AS-path attribute is the list of AS numbers that a
route has traversed to reach a destination, with the
number of the AS that originate the route at the end of
the list.
The AS-Path attribute avoids routing loops by the local
AS simply rejecting any route object that contains its
own AS in the AS_PATH attribute.
The BGP system prefers the route object with the
shortest AS_PATH attribute length.
In the above figure, AS1 originates a network 10.0.0.0/8 and advertises it to AS2 and AS3. AS1 adds its
own AS number to the AS_PATH.
AS2 and AS3 learns of the route with an associated path vector of <AS1>.
AS2 advertises the route to its neighbor AS 4. AS2 prepends its own AS number to the AS_PATH.
AS3 advertises the route it learns from AS1 to AS5. AS3 prepends its own AS to the AS_PATH.
AS4 learns of the route from AS2 with an associated path vector of <AS2, AS1>.
AS 5 eventually learns two paths to 10.0.0.0/8.
One with a path vector of <AS3, AS1>
Another with path vector of <AS4, AS2, AS1>
AS5 will select the shortest path to reach 10.0.0.0/8. This path is the one that goes though AS3 > AS1.
This path that AS5 chose will also be advertised to its adjacent AS peers.
Loop prevention mechanism on BGP will not allow AS5 to advertise the same path to AS1 because AS1
is already in the path vector.
Next-Hop Attribute
The next-hop attribute indicates the next-hop IP address to reach a destination.
The next-hop IP address is not always the address of a neighboring router.
For EBGP, the next-hop is the IP address of the neighbor that sent the update.
For IBGP, it stipulates that the next hop advertised by EBGP should be carried into IBGP.
It is not necessarily the connected IGP neighbor that is advertised as the BGP next hop
address.
Consider the diagram above, Router B learns the network 172.16.0.0 from Router A, with the next-
hop IP address of 10.10.10.3. Likewise, A uses 10.10.10.1 as the next hop IP address to get to
172.20.0.0.
Because the rule for IBGP states that the next hop advertised by EBGP should be carried into IBGP,
Router B advertises to its IBGP peer Router C the network 172.16.0.0, with the next hop of
10.10.10.3 (not 172.20.10.1 as were accustomed to seeing in the IGP world).
It is important that Router C knows how to reach the 10.10.10.0 subnet, otherwise packets destined
for 172.16.0.0 could be dropped.
Router C can learn about network 10.10.10.0 by IGP or static route.
An IGP uses the IP address of a routing update (route source) as the next-hop address.
BGP uses a separate field for each network to record the next-hop address.
IBGP neighbors use recursive lookup to reach BGP next-hop address by using its IGP entries in
the routing table.
Router C learns about 172.16.0.0 from Router B (route source 172.20.10.1) with Router A
(10.10.10.3) as the next hop.
Router C, therefore, installs the route to 172.16.0.0/16 in the routing table with a next hop of
10.10.10.3
With Router B using an IGP to announce network 10.10.10.0/24 to Router C, Router C also
installs 10.10.10.0/24 in its routing table with a next hop of 172.20.10.1.
When Router C sends a packet to a destination in the 172.16.0.0. network, it looks up the
network in the routing table and finds a BGP route with a next hop of 10.10.10.3.
Because it is a BGP entry, Router C completes a recursive lookup in the routing table for a
path to network 10.10.10.3.
There is an IGP route to network 10.10.10.0 in the routing table with a nesxt hop of
172.20.10.1.
Router C then forwards the packet destined for the network 172.16.0.0 to 172.20.10.1.

http://routemyworld.com/2008/12/18/bsci-
bgp-attributes-ii/
http://netcerts.net/bgp-path-attributes-and-
the-decision-process/
http://www.hill2dot0.com/wiki/index.php?
title=Border_Gateway_Protocol
http://www2.ensc.sfu.ca/~ljilja/cnl/presentat
ions/tony/BGP_in_ns/sld021.htm
https://networklessons.com/ccnp-route-
lessons/
Border Gateway Protocol (BGP)

Border Gateway Protocol is an Exterior Gateway Protocol (EGP) used for routing between the autonomous systems.

It is the protocol which is used to to make core routing decisions on the internet.

BGP has two flavours, eBGP and iBGP. eBGP is routing between the autonomous systems and iBGP is routing within
an autonomous systems. BGP is a path-vector routing protocol and has following features:
Reliable updaes (TCP -based, port 179)
Triggered updates only
Rich metric
Scalable to massive networks

Specifications
Protocol Type Path-vector
eBGP AD 20
iBGP AD 200
Update Mode Triggered only
Transport TCP/179
Authentication None, md5
RFC RFC 4271

Default Timers
Holddown time 180 seconds
Keepalive interval 60 seconds
Advertisement interval (iBGP) 5 seconds
Advertisement interval (eBGP) 30 seconds

BGP Path Attributes

BGP metrics attached to a BGP route are called 'Path attributes'. BGP path attributes are categorized as 'Well-known'
and 'Optional'.
 Well -known: Well-known attributes must be recognized by all compliant
BGP implementations. All well-known attributes are propagated to other
neighbors. Well-known attributes are mandatory or discretionary.

Mandatory well-known attributes must be present in all update messages

Next-hop: IP address of the next-hop router

AS-path: Sequence of AS numbers through which the network is accessible.
Origin: Origin of BGP route
i Route originated in an IGP
e Route originated in EGP
? Route was redistributed into BGP

Discretionary well-known attributes must be supported by all BGP

implementations, but do not have to be present in all BGP updates.
Local preference: Used for consistent routing policy within AS.
Atomic aggregate: Informs the router that the route has been summarized.
 Optional: Optional attributes may or may not be recognized by all
BGP implementation. Optional BGP attributes are transitive or non-
transitive.

Transitive optional attributes are propagated to other neighbors even

if not recognized. (partial bit set to indicate that the attribute was not
recognized)
Aggregator: Specifies the IP address and AS number of the router that
performed route aggregation.
Community: Used for route tagging.

Non-Transitive optional attributes are discarded if not recognized.

Multi-Exit Discriminator: Used to discriminate between multiple entry
points to a single AS.
Order of preference of attributes in BGP
The order of preference varies based on whether the attributes are
applied for inbound updates or outbound updates.

For inbound updates the order of preference is:

route-map
filter-list
prefix-list, distribute-list

For outbound updates the order of preference is:

prefix-list, distribute-list
filter-list
route-map
BGP Message Types
Four BGP message types are specified in RFC 1771.
Open: Opens a BGP communication session between peers and is the
first message sent by each side.
Update: Used to provide routing updates to other BGP systems.
Notification: Sent when an error condition is detected.
Keep-alive: Notifies BGP peers that a device is active.
BGP Neighbor States
When BGP is configured with a neighbor IP address, it goes through a series of stages before it
reaches the desired Established state in which BGP has negotiated all the required parameters and
is willing to exchange BGP routes. BGP goes through the following stages of neighbor relationship:
Idle State:
Refuse all incoming BGP connections.

Start the initialization of event triggers.

Initiates a TCP connection with its configured BGP peer.

Listens for a TCP connection from its peer.

Changes its state to Connect.

If an error occurs at any state of the process, the BGP session is terminated immediately and

returned to the Idle state. Some of the reasons why a router does not progress from the Idle state

are:

TCP port 179 is not open.

A random TCP port over 1023 is not open.

Peer address configured incorrectly on either router.

Connect State:

Waits for successful TCP negotiation with peer.

BGP does not spend much time in this state if the TCP session has been successfully

established.

Sends Open message to peer and changes state to OpenSent.

If an error occurs, BGP moves to the Active state. Some reasons for the error are:

TCP port 179 is not open.

A random TCP port over 1023 is not open.

Peer address configured incorrectly on either router.

AS number configured incorrectly on either router.

Active State:

If the router was unable to establish a successful TCP session, then it ends up in the Active

state.

BGP tries to restart another TCP session with the peer and, if successful, then it sends an Open

message to the peer.

If it is unsuccessful again, the FSM is reset to the Idle state.

Repeated failures may result in a router cycling between the Idle and Active states. Some of the

reasons for this include:

TCP port 179 is not open.

A random TCP port over 1023 is not open.

BGP configuration error.

Network congestion.

Flapping network interface.

OpenSent State:

BGP FSM listens for an Open message from its peer.

Once the message has been received, the router checks the validity of the Open message.

If there is an error it is because one of the fields in the Open message does not match between the

peers, e.g., BGP version mismatch, MD5 password mismatch, the peering router expects a different My

AS, etc. The router then sends a Notification message to the peer indicating why the error occurred.

If there is no error, a Keepalive message is sent, various timers are set and the state is changed to

OpenConfirm.

OpenConfirm State:

The peer is listening for a Keepalive message from its peer.

If a Keepalive message is received and no timer has expired before reception of the Keepalive, BGP

transitions to the Established state.

If a timer expires before a Keepalive message is received, or if an error condition occurs, the router

transitions back to the Idle state.

Established State:

In this state, the peers send Update messages to exchange information about each route being

advertised to the BGP peer.

If there is any error in the Update message then a Notification message is sent to the peer, and BGP

transitions back to the Idle state.

If a timer expires before a Keepalive message is received, or if an error condition occurs, the router

transitions back to the Idle state.

HOW DOES BGP WORK:
BGP Uses TCP As Its Transport Protocol (Port 179). Two BGP
Speaking Routers Form A TCP Connection Between One Another
(Peer Routers) And Exchange Messages To Open And Confirm
The Connection Parameters.

BGP Routers Will Exchange Network Reachability Information,

This Information Is Mainly An Indication Of The Full Paths (BGP
AS Numbers) That A Route Should Take In Order To Reach The
Destination Network. This Information Will Help In Constructing
A Graph Of Ass That Are Loop Free And Where Routing Policies
Can Be Applied In Order To Enforce Some Restrictions On The
Routing Behavior.
Two BGP Routers Become Neighbors Or Peers Once They Establish A TCP
Connection Between One Another. The TCP Connection Is Essential In Order For
The Two Peer Routers To Start Exchanging Routing Updates. Two BGP Speaking
Routers Trying To Become Neighbors Will First Bring Up The TCP Connection Between One
Another And Then Send Open Messages In Order To Exchange Values Such As The AS
Number, The BGP Version, The BGP Router ID And The Keepalive Hold Time, Etc. After
These Values Are Confirmed And Accepted The Neighbor Connection Will Be Established.
The Two Types Of Neighbors Differ Only Slightly In Regard To Forming Neighbor
Relationships, With More Significant Differences In How The Type Of Neighbor (IBGP OR
EBGP) Impacts The BGP Update Process And The Addition Of Routes To The Routing Tables.

BGP Peers Will Initially Exchange Their Full BGP Routing Tables. From Then On Incremental
Updates Are Sent As The Routing Table Changes. BGP Keeps A Version Number Of The BGP
Table And It Should Be The Same For All Of Its BGP Peers. The Version Number Will
Change Whenever BGP Updates The Table Due To Some Routing Information Changes.
Keepalive Packets Are Sent To Ensure That The Connection Is Alive Between The BGP
Peers And Notification Packets Are Sent In Response To Errors Or Special Conditions. If Any
State Other Than Established Is An Indication That The Two Routers Did Not Become
Neighbors And Hence The BGP Updates Will Not Be Exchanged.
BGP MESSAGE TYPES (BGP PEERS MESSAGES):
There Are Four Types Of Messages That Can Be Exchanged
Between Two BGP Peers:

1. Open Message - Establish Neighbor Relationship.

BGP Forms Its Peer Relationships Through A Series Of
Messages. First, An OPEN Message Is Sent Between Peers To
Initiate The Session.

2. Keepalive Message - Maintain Neighbor

Relationship. Keepalive Messages Are Sent Periodically (Every
60 Seconds By Default) To Ensure That The Remote Peer Is
Still Available. If A Router Does Not Receive A Keepalive From
A Peer For A Hold-Time Period (By Default, 180 Seconds), The
Router Declares That Peer Dead.

3. Update Message - Exchange Routing Information.

Update Messages Message
4. Notification Are Used To-Exchange Routes
When Error Between
Occurs;
Peers. Finally,
Neighbor Notification
Relationship Messages
Reset. Are Sent Message
If A Notification When There
Is Is A
Fatal
Sent, Error Condition.
The BGP Peer Session Is Torn Down And Reset.
THE OPEN MESSAGE HAS TWO MAIN PURPOSES :
The First Is Identification And Initiation Of A Link Between The
Two Devices; It Allows One Peer To Tell The Other ``I Am A BGP
Speaker Named X On Autonomous System Y, And I Want To Start
Exchanging BGP Information With You''.

The Second Is Negotiation Of Session Parameters. These Are The

Terms By Which The BGP Session Will Be Conducted. One
Important Parameter Negotiated Using Open Message Is The
Method That Each Device Wants To Use For Authentication. The
Importance Of BGP Means That Authentication Is Essential, To
Avoid Bad Information Or A Malicious Person From Disrupting
Routes.

Each BGP Receiving An Open Message Should Process It. If Its

Contents Are Acceptable, Including The Parameters The Other
Device Wants To Use, It Responds With A Keepalive Message As An
Acknowledgment. Each Peer Must Send An Open And Receive A
Keepalive Acknowledgment For The BGP Session To Be Initialized.
If Either Is Not Willing To Accept The Terms Of The Open, The
Session Is Not Established. In That Case, A Notification Message
May Be Sent To Convey The Nature Of The Problem.
EACH OPEN MESSAGE SPECIFIES THE FOLLOWING PARAMETERS:
BGP Version Number: It Identifies The BGP Protocol Version Used. Almost All
Implementations Now Use Version 4 (Since It Is The Only Version To Support
CIDR).

Autonomous System Number (AS Number): Gives The Autonomous

System Of The Senders System, Determines If The BGP Session Will Be IBGP Or
If It Will Be An EBGP Session. Each Router Announces Its Own AS Number In The
Open Message.

The Range For AS Numbers Is 0 65535, Where 0, 5632064511 And

65535 Are Reserved By IANA And Cannot Be Used In Any Routing
Environment. ASN 0 May Be Used To Label Non-Routed Networks. AS
Numbers Can Be Public Or Private, Public AS Numbers Are Assigned By
IANA, Private AS Numbers Can Range Between 64512 Through 65534.

If The AS Number Sent Does Not Match The AS Number Configured In

The Neighbor Statement Of The Peer Receiving The Open Message,
The Recipient Sends A Notification Message Indicating An Error
Condition.

Hold Time :Is The Maximum Number Of Seconds That Can Elapse Before
Receiving A Keepalive Or An Update Message. Hold Time Values Must Match
Between Both The BGP Speakers, If The Hold Time Values Differ Then The Lower
Value Is Selected As Hold Time For The Connection. If The Hold Time Is Set To
Zero Then No Keepalives Are Sent. If Keeplaives Are Needed Then The Lowest
BGP Identifier It Is A 32-Bit Value That Uniquely Identifies The Sender. It Is The IP Address
And The Router Must Choose One Of Its IP Addresses To Use With All The BGP Peers. Is The
IP Address That Identifies A BGP Speaker. If BGP Identifier Is Not Manually Set Then Cisco
Defaults To Use The BGP Identifier As Numerically Highest Loopback Address And If No
Loopback Address Is Configured On The Router Then Numerically Highest IP Address On A
Physical Interface Is Used.

This Is The Highest Loopback Address Configured On The Router And Serves To
UNIQUELY IDENTIFY THE SENDER OF THE OPEN MESSAGE.

Parameter Length: If Optional Parameters Are Specified Then This Fields Contains The
Length Of Optional Parameters, In Octets.

Optional Parameters: It Contains A List Of Parameters. Authentication Is Also A Kind Of

Parameter In BGP. Its Done In This Way So That The BGP Peers Can Choose The
Authentication Method Without Making It A Part Of BGP Fixed Header.

BGP Peers May Authenticate Each Other Using The MD-5 Algorithm, Whose Message
Digest May Be Placed In The Open Message As An Optional Parameter. A New Optional
Parameter Called Capability Permits BGP Peers To Evaluate Each Others Capabilities For
The Support Of New Network-Layer Protocols Such As IP Multicast And IP Version 6. This
New ParameterCapabilityIs Backward Compatible, Allowing A Peer That Does Not
Support The Parameter To Maintain A Session With A Peer That Does Support The
Parameter.

An OPEN Message Is Acknowledged By A KEEPALIVE Message, When It Accepts

An Incoming OPEN Message, A Machine Speaking BGP Responds By Sending A
Keepalive Message. Each Side Must Send An OPEN Message And Receive A
Keepalive Message Before They Can Actually Exchange Routing Information.
Thus, Keepalive Messages Are A Kind Of Acknowledgement For OPEN Message.
KEEPALIVE MESSAGE:
If The Parameters In The Open Message Are Accepted Then The
Router Responds With A Keepalive Message, Keepalive Messages
Ensure That The Connections To BGP Peers Are Alive.

The Default Interval Between Keepalive Messages Is 60 Seconds (On

Cisco Routers), And The Hold Time Interval Is 180 Seconds (3 X
Keepalive). Keepalives Are Sent Every 60 Seconds And After Not
Receiving Any Keepalive Message From BGP Peer For 180 Seconds,
The Connection To That Peer Is Declared As Dead And The BGP
Neighbor Is Reported As Down.

UPDATE MESSAGE:
Reachability Information Is Exchanged Between Peers In UPDATE
Messages. Once BGP Speakers Have Made Contact And A Session
Has Been Established Using Open Messages, The Peers Begin The
Actual Process Of Exchanging Routing Information. Each BGP Router
Uses Its BGP Decision Process To Select Certain Routes To Be
Advertised To Its Peer. This Information Is Then Placed Into BGP
Update Messages, Which Are Sent To Every BGP Peer For Which A
Session Has Been Established. These Messages Are The Way That
Network Reachability Knowledge Is Propagated Around The
Internetwork, Includes New Routes, Withdrawn Routes, And Path
Update Messages Are Used To Update The BGP Neighbor About The
Network Layer Reachability Information (NLRI) And The Path
Attributes Associated With That NLRI. NLRI Is Simply The
Combination Of IP Address Prefix And Length (Subnet Mask) In The
Format X.X.X.X /Mask For IPv4 Addresses.

Path Attributes Are Used In The Selection Of Shortest Path

Or To Detect Any Routing Loops. Update Messages Advertise
Both Feasible Routes And Also The Withdrawn Routes. Withdrawn
Routes Let The BGP Neighbor Know Of Any Destinations Which Have
Become Unreachable.
THE UPDATE MESSAGE SPECIFIES THE FOLLOWING
PARAMETERS :
Withdrawn Routes Length - The Length Of The Withdrawn
Routes Field.

Withdrawn Routes - A List Of IP Prefixes That The Sender Had

Announced But Now Wishes To Withdraw. This Could Be A Result
Of A Change In The Network Topology Or Configuration.

Total Path Attributes Length - The Length Of The Attributes

Length Field. Path Attributes-A List Of BGP Attributes That Apply To
The Prefixes Described In The Network Layer Reachability
Information Field.

Network Layer Reachability Information (NLRI) - A List Of

Prefixes That The Sender Is Advertising To Its Peer. Note That The
Path Attributes Listed Earlier Apply To All Prefixes In The NLRI
Field.
NOTIFICATION MESSAGE:
Notification Messages Are Used To Indicate An Error Condition Such As
The Expiry Of The Hold Timer, The Receipt Of An Unrecognized
Attribute Type, An Invalid AS Number, Etc. The Underlying TCP Session
Is Closed After A Notification Message Is Sent.

Once Established, A BGP Session Will Remain Open For A Considerable

Period Of Time, Allowing Routing Information To Be Exchanged
Between Peers On A Regular Basis. During The Course Of Operation,
Certain Error Conditions, When A Problem Occurs That Causes A
Router To End The BGP Peering Session, Some Of These Are Serious
Enough That The BGP Session Must Be Terminated. When This Occurs,
The Peer Detecting The Error Will Inform Its Peer Of The Nature Of The
Problem By Sending It A BGP NOTIFICATION Message, And Then Close
The Connection.

.
NOTIFICATION OF ERROR CONDITIONS : A BGP Device Can
Observe Error Conditions Impacting The Connection To A Peer.
Notification Messages Are Sent To The Neighbor When These
Conditions Are Detected. After The Message Is Sent, The BGP
Transport Connection Is Closed.

This Means That All Resources For The BGP Connection Are
Deallocated. The Routing Table Entries Associated With The Remote
Peer Are Marked As Invalid. Finally, Other Peers Are Notified That
Notification
These Routes Are Invalid Messages Include An
Error Code And An Error Sub
Code. THE ERROR CODES
PROVIDED BY BGP INCLUDE:
Message Header Error
OPEN Message Error
UPDATE Message Error
Hold Timer Expired
Finite State Machine Error
Cease
Error Code
1 Message Header Error
2 OPEN Message Error
3 UPDATE Message Error
4 Hold Timer Expired
5 Finite State machine Error
6 Cease (fatal error)
Error Subcode
1 Connection Not Synchronized
2 Bad Message Length
3 Bad Message Type
1 Unsupported Version Number
2 Bad Peer AS
3 Bad BGP Identifier
4 Unsupported Optional Parameters
5 Authentication Failure
6 Unacceptable Hold Timer
7 Unsupported Capability
1 Malformed Attribute List
2 Unrecognized Well Know Attribute
3 Missing Well-known Attribute
4 Attribute Flags Error
5 Attribute Length Error
6 Invalid Origin Attribute
7 AS Routing Loop
8 Invalid NEXT_HOP Attribute
9 Optional Attribute Error
10 Invalid Network Field
11 Malformed AS_PATH