Scribd
Upload
75 views42 pages

01 Implementing BGP Routing

BGP ROuting Protocol

Uploaded by

Sharizan Sumuui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views42 pages

01 Implementing BGP Routing

BGP ROuting Protocol

Uploaded by

Sharizan Sumuui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

External Service Provider Routing

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-1
• Describe BGP terminology
• Describe autonomous systems in BGP networks
• List the basic BGP configuration steps
• Explain how to enable the BGP routing process and enable the address
family under the BGP routing process
• Explain how to configure IBGP peering
• Explain how to configure EBGP peering
• Explain how to temporary disable a BGP peer
• Explain how to configure BGP authentication
• Explain the show command that is used to verify BGP peering
• Describe the network command that is used to announce local
networks to other BGP peers
• Describe the basic concepts of Cisco IOS XR routing policy language
(RPL)
• Explain the show commands that are used to verify BGP routes

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-2
• Autonomous system: A collection of networks under a single
administrative domain
• Interdomain routing: Routing between the customer and the service
provider
• Internal routing: Uses IGP protocol (RIP, OSPF, IS-IS, and so on) to
exchange routing information inside the autonomous system
• External routing: Uses EGP protocol (BGP) to exchange routes
between autonomous systems
• Two BGP implementations:
- Internal BGP (IBGP): When BGP is used inside an AS
- External BGP (EBGP): When BGP is used between autonomous systems

IBGP
AS 65001 EBGP 10.1.1.1 10.1.1.2
AS 65002
192.168.1.1 192.168.1.2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-3
• An autonomous system (AS) is a collection of networks under a single
technical administration.
- 16-bit numbers (as of January 2009, 32-bit numbers are available)
- Ranging from 1 to 65535
- Private AS: 64512–65535
• The IANA allocates AS numbers.
• IGPs operate within an AS.
• BGP is used between autonomous systems.
• Access http://www.iana.org or http://bgp.he.net/ to check AS number

AS 65010 AS 65020
BGP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-4
• BGP neighbors are not discovered; they must be configured manually.
• Configuration must be done on both sides of the connection.
• Both routers will attempt to connect to the other with a TCP session on
port number 179.
• EBGP peers are usually reachable through a directly connected link.
• IBGP peers are typically established between loopback interfaces.
- IGP ensures reachability of loopback addresses.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-5
• A TCP-based session has no neighbor presence verification, except
when sending BGP traffic.
• An additional mechanism is needed.
- Keepalive BGP messages provide verification of neighbor existence.
- Keepalive messages are sent every 60 seconds (by default).

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-6
• IBGP session inside ASs
- Over IPv4
• IPv4 prefixes
- Over IPv6
• IPv6 prefixes
• EBGP session between ASs
- Over IPv4
• IPv4 prefixes
- Over IPv6
• IPv6 prefixes

AS 2 AS 3

IPv4
EBGP IBGP
IPv6

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-7
1. Enable the BGP process.
2. Enable address family for specific protocols.
3. Configure a BGP peer (internal or external).
4. Configure BGP peer authentication (optional).

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-8
router(config)#
router bgp as-number

• Starts BGP routing.


• Use private AS numbers (64512–65535) if you run BGP in a private network.
• Only one BGP routing process per router is allowed.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-9
• IOS/IOS XE
- address family IPv4 unicast – by default
- activate or deactivate peer under specific address family
• IOS XR
- address family must be enabled
- define address family per peer

AS 2 AS 3

IPv4
EBGP IBGP
IPv6

router bgp 2 IOS router bgp 3 IOS XR router bgp 3 IOS XR


address-family ipv4 unicast address-family ipv4 unicast
! !
address-family ipv6 unicast address-family ipv6 unicast
! !

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-10
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

interface Loopback0 IOS XR


interface Loopback0 IOS ipv4 address 3.0.0.2 255.255.255.255
ip address 2.0.0.1 255.255.255.255 !
! interface GigabitEthernet0/0/0/0
interface Ethernet0/0 ipv4 address 202.0.23.2 255.255.255.252
ip address 202.0.23.1 255.255.255.252 !
interface GigabitEthernet0/0/0/1
ipv4 address 100.0.3.2 255.255.255.252
!
router ospf 1
interface Loopback0 IOS area 0
ip address 3.0.0.1 255.255.255.255
interface Loopback0
!
!
interface Ethernet0/0
interface GigabitEthernet0/0/0/1
ip address 100.0.3.1 255.255.255.252
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-11
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

router bgp 3 router bgp 3


address-family ipv4 unicast
IOS XR bgp log-neighbor-changes
IOS
! neighbor 3.0.0.2 remote-as 3
neighbor 3.0.0.1 neighbor 3.0.0.2 update-source Loopback0
remote-as 3
update-source Loopback0
address-family ipv4 unicast

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-12
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary


Tue May 9 04:07:36.737 UTC
BGP router identifier 3.0.0.2, local AS number 3
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
A number in the state column
BGP main routing table version 2
indicating the number of routes
BGP scan interval 60 secs learned from this neighbor.
BGP is operating in STANDALONE mode.

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


3.0.0.1 0 3 9 8 2 0 0 00:05:14 0

RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-13
BGP neighbor states:
• Idle state
Established
- Start BGP process
- Initiates TCP connection with
configured peers
OpenConfirm
- Changes to Connected call state
• Active state OpenSent
- Router tries to establish another TCP
session
• If successful, changes to OpenSent
Connected Active
state
• If unsuccessful, changes to idle state
• Established state
- Peer sends update messages Idle

- On error, changes to idle state


© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-14
When establishing a BGP session, BGP goes through
the following states:
1. Idle: The router is searching the routing table to see whether a route
exists to reach the neighbor.
2. Connect: The router found a route to the neighbor and has completed
the three-way TCP handshake.
3. Open sent: The open message is sent, with the parameters for the
BGP session.
4. Open confirm: The router received an agreement on the parameters for
establishing a session.
- Alternatively, the router goes into the active state if there is no response to
the open message.
5. Established: Peering is established; routing begins.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-15
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

router bgp 2 IOS router bgp 3 IOS XR


bgp log-neighbor-changes address-family ipv4 unicast
neighbor 202.0.23.2 remote-as 3 !
neighbor 202.0.23.1
remote-as 2
address-family ipv4 unicast

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-16
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary


Tue May 9 04:07:36.737 UTC
BGP router identifier 3.0.0.2, local AS number 3
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP scan interval 60 secs

Some configured eBGP neighbors (under default or non-default vrfs)


do not have both inbound and outbound policies configured for IPv4 Unicast
address family. These neighbors will default to sending and/or
receiving no routes and are marked with '!' in the output below.
Use the 'show bgp neighbor <nbr_address>' command for details.

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


3.0.0.1 0 3 43 39 2 0 0 00:10:12 0
202.0.23.1 0 2 7 5 2 0 0 00:03:02 0!
RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-17
• IOS XR only
• Usually use for EBGP peer
• Powerful tool for route manipulation
- Prepend AS to AS path
- Set origin
- Set weight
- Set local-preference
- And so on…
• Easy to configure

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-18
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

route-policy pass
pass
IOS XR
end-policy
!
router bgp 3
address-family ipv6 unicast
!
neighbor 202.0.23.1
remote-as 2
address-family ipv4 unicast
route-policy pass in
route-policy pass out

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-19
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary


Tue May 9 04:07:36.737 UTC
BGP router identifier 3.0.0.2, local AS number 3
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP scan interval 60 secs

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


3.0.0.1 0 3 43 39 2 0 0 00:10:12 0
202.0.23.1 0 2 7 5 2 0 0 00:05:02 0
RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-20
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2::1/128 2002:3::2/128 2002:3::1/128

interface Loopback0 IOS XR


interface Loopback0 IOS ipv6 address 2002:3::2/128
ipv6 address 2000:2::1/128 !
! interface GigabitEthernet0/0/0/0
interface Ethernet0/0 ipv6 address 2001:202:12:23::2/64
ipv6 address 2001:202:12:23::1/64 !
interface GigabitEthernet0/0/0/1
ipv6 address 2002:100:10:3::2/64
!
interface Loopback0 IOS router ospfv3 1
ipv6 address 2002:3::1/128 area 0
ospfv3 1 ipv6 area 0 interface Loopback0
! !
interface Ethernet0/0 interface GigabitEthernet0/0/0/1
ipv6 address 2002:100:10:3::1/64
ospfv3 1 ipv6 area 0
!
router ospfv3 1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-21
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2:0:0::1 2002:3:0:0::2 2002:3:0:0::1

router bgp 3 IOS XR ipv6 unicast-routing


address-family ipv6 unicast !
IOS
! router bgp 3
neighbor 2002:3::1 bgp log-neighbor-changes
remote-as 3 neighbor 2002:3::2 remote-as 3
update-source Loopback0 neighbor 2002:3::2 update-source Loopback0
address-family ipv6 unicast !
address-family ipv6
neighbor 2002:3::2 activate
exit-address-family

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-22
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

ipv6 unicast-routing IOS router bgp 3 IOS XR


! address-family ipv6 unicast
router bgp 2 !
neighbor 2001:202:12:23::2 remote-as 3 neighbor 2001:202:12:23::1
! remote-as 2
address-family ipv6 address-family ipv6 unicast
neighbor 2001:202:12:23::2 activate route-policy pass in
exit-address-family route-policy pass out

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-23
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2000:2:0:0::1 2002:3:0:0::2 2002:3:0:0::1

RP/0/0/CPU0:ASBR2#show bgp ipv6 unicast summary


Tue May 9 04:07:36.737 UTC
BGP router identifier 3.0.0.2, local AS number 3
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer


Speaker 2 2 2 2 2 2

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


2001:202:12:23::1
0 2 4 3 2 0 0 00:00:59 0
2002:3::1 0 3 4 3 2 0 0 00:00:37 0

RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-24
1. Two Method to advertise local routes.
- Use the network command.
 network and subnet mask must be exact same as local route
- Redistribute routes from other routing protocols.
2. Route policy for EBGP peers is mandatory.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-25
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128

interface Loopback2 IPv4 interface Loopback22 IPv6


ip address 2.2.2.2 255.255.255.255 ipv6 address 2001:2:2:2::2/128
no shutdown no shutdown
! !
router bgp 2 router bgp 2
! !
address-family ipv4 address-family ipv6 unicast
network 2.2.2.2 mask 255.255.255.255 network 2001:2:2:2::2/128
exit-address-family !
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-26
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


3.0.0.1 0 3 81 74 3 0 0 00:44:37 0
202.0.23.1 0 2 47 45 3 0 0 00:22:53 1

RP/0/0/CPU0:ASBR2#

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 202.0.23.1 0 0 2 i

Processed 1 prefixes, 1 paths


RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-27
AS 2 ASBR2 AS 3
ASBR1
2.2.2.2/32
EBGP
2001:2:2:2::2/128

RP/0/0/CPU0:ASBR2#sh bgp ipv6 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


2001:202:12:23::1
0 2 28 24 3 0 0 00:21:12 1
2002:3::1 0 3 54 50 3 0 0 00:46:00 0
RP/0/0/CPU0:ASBR2#

RP/0/0/CPU0:ASBR2#sh bgp ipv4 unicast

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path
*> 2001:2:2:2::2/128 2001:202:12:23::1
0 0 2 i
Processed 1 prefixes, 1 paths
RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-28
AS 2 ASBR2 AS 3
ASBR1
EBGP
22.22.22.22/32

interface Loopback222 IOS


ip address 22.22.22.22 255.255.255.255
no shutdown
!
route-map RM_Con permit 10
match interface Loopback222
!
router bgp 2
!
address-family ipv4
redistribute connected route-map RM_Con
exit-address-family
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-29
AS 2 ASBR2 AS 3
ASBR1
EBGP
22.22.22.22/32

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast

Status codes: s suppressed, d damped, h history, * valid, > best


i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?

Processed 2 prefixes, 2 paths


RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-30
RP/0/0/CPU0:ASBR2#show route bgp
Tue May 9 05:19:09.743 UTC

B 2.2.2.2/32 [20/0] via 202.0.23.1, 00:09:08


B 22.22.22.22/32 [20/0] via 202.0.23.1, 00:02:40
RP/0/0/CPU0:ASBR2#

RP/0/0/CPU0:ASBR2#show route ipv6 bgp


Tue May 9 05:19:38.651 UTC

B 2001:2:2:2::2/128
[20/0] via fe80::a8bb:ccff:fe00:1000, 00:09:28, GigabitEthernet0/0/0/0
RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-31
Summarization is called “aggregation” in BGP.
1. Aggregation creates summary routes (called “aggregates”) from
networks already in BGP table.
2. Individual networks can be announced or suppressed.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-32
router(config-router)#
aggregate-address address-prefix mask

• Specify aggregation range in BGP routing process.


• The aggregate will be announced if there is at least one network in
the specified range in the BGP table.
• Individual networks will still be announced in outgoing BGP updates.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-33
An alternative method to configure aggregation:
router(config-router)#
aggregate-address address-prefix mask summary-only

• Configure aggregation of BGP routes.


• Advertise only the aggregate and not the individual networks.
Benefits:
• Smaller BGP routing tables
• More stable internetworks (less route flapping)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-34
AS 2 ASBR2 AS 3
200.1.1.0/24 ASBR1
200.1.2.0/24 EBGP
200.1.3.0/24
200.1.4.0/24
200.1.0.0/16

interface Loopback200
ip address 200.1.1.1 255.255.255.0
ip address 200.1.2.1 255.255.255.0 secondary
ip address 200.1.3.1 255.255.255.0 secondary
ip address 200.1.4.1 255.255.255.0 secondary
!
router bgp 2
!
address-family ipv4
network 200.1.1.0 mask 255.255.255.0
network 200.1.2.0 mask 255.255.255.0
network 200.1.3.0 mask 255.255.255.0
network 200.1.4.0 mask 255.255.255.0
aggregate-address 200.1.0.0 255.255.0.0 summary-only
exit-address-family
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-35
RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?
*> 200.1.0.0/16 202.0.23.1 0 0 2 i
*> 200.1.1.0/24 202.0.23.1 0 0 2 i
*> 200.1.2.0/24 202.0.23.1 0 0 2 i
*> 200.1.3.0/24 202.0.23.1 0 0 2 i
*> 200.1.4.0/24 202.0.23.1 0 0 2 i

Processed 7 prefixes, 7 paths


RP/0/0/CPU0:ASBR2#

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast


Origin codes: i - IGP, e - EGP, ? - incomplete
summary-only
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 202.0.23.1 0 0 2 i
*> 22.22.22.22/32 202.0.23.1 0 0 2 ?
*> 200.1.0.0/16 202.0.23.1 0 0 2 i

Processed 3 prefixes, 3 paths


RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-36
• Neighbor authentication
- Using MD5 authentication (password)
- Using key chains

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-37
• BGP peers can be authenticated by using a password.
- MD5 hashing function is used on the password.
- Hash is sent to the BGP peer in open message.
- Password is not sent to peer.
• Both routers must be configured with the same password.
• Authenticating BGP peers prevents denial of service (DoS) attacks.
• MD5 authentication is used mostly for EBGP peers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-38
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

router bgp 2 IOS router bgp 3 IOS XR


neighbor 2001:202:12:23::2 remote-as 3 address-family ipv4 unicast
neighbor 2001:202:12:23::2 password cisco address-family ipv6 unicast
neighbor 202.0.23.2 remote-as 3 !
neighbor 202.0.23.2 password cisco neighbor 202.0.23.1
! remote-as 2
password clear cisco
address-family ipv4 unicast
!
!
neighbor 2001:202:12:23::1
remote-as 2
password clear cisco
address-family ipv6 unicast
!
!
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-39
AS 2 ASBR2 AS 3
P1
ASBR1
IPv4 EBGP IBGP
E0/0 Gi0/0/0/0 Gi0/0/0/1 E0/0
IPv6 Lo0 Lo0 Lo0
2.0.0.1/32 3.0.0.2/32 3.0.0.1/32

RP/0/0/CPU0:ASBR2#show bgp ipv4 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


3.0.0.1 0 3 118 117 27 0 0 01:18:51 0
202.0.23.1 0 2 103 88 27 0 0 00:07:00 7

RP/0/0/CPU0:ASBR2#

RP/0/0/CPU0:ASBR2#show bgp ipv6 unicast summary

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd


2001:202:12:23::1
0 2 64 59 5 0 0 00:03:16 1
2002:3::1 0 3 89 83 5 0 0 01:17:56 0

RP/0/0/CPU0:ASBR2#

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-40
• To temporarily disable a BGP neighbor, use these commands:
router(config-router)#
router(config-router)# neighbor <ip-address> shutdown

• Disables communication with a BGP neighbor


• Use scenarios:
- Debugging and troubleshooting
- During extensive modification of routing policies

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-41
• When policies change, the change takes effect immediately.
• The next time that a prefix or path is advertised or received,
the new policy is used. This can take a long time for all networks.
• You must trigger an update for immediate action.
Hard reset
clear bgp *

Soft reset
clear bgp ipv4 unicast 202.0.23.1 soft out

EBGP

RP/0/RSP0/CPU0:PE1#show bgp neighbor 202.0.23.1 | include Route refresh


Route refresh: advertised and received
Route refresh request: received 2, sent 1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4-42

You might also like