Sie sind auf Seite 1von 36

BGP

BGP neighbor negotiation


Idle Idle Connect TCP session establishment Connect

ROUTER STATE

Active TCP session establishment

Active

OpenSent
Open message Open message

OpenSent

OpenConfirm KEEPALIVE KEEPALIVE Established

OpenConfirm

UPDATE UPDATE

Established

Notification message
The message sent whenever is error detected .

ERROR codes
Error code Error sub code DATA 1 Message header error

ERROR sub codes


1-connection not synchr 2- bad message length 3- bad message type 1 - Unsupported Version Number 2 - Bad Peer AS 3 - Bad BGP Identifier 4 - Unsupported Optional Parameter 5 - Authentication Failure 6 - Unacceptable Hold Timer 7 - Unsupported Capability 1- Malformed attribute list 2 unrecognized well known attribute 3 Missing well known attribute 4 Attribute flag error 5 Attribute length error 6 Invalid origin attribute 7 AS routing loop 8 invalid next-hop attribute 9- Optional attribute error 10 Invalid network field 11 Malformed AS-PATH

2 OPEN message error

Error code failure type Error sub code more specific info

Data- data relevant to error (bad header, wrong AS ,) 3 UPDATE message error

4 Hold timer expired 5 finite state machine error 6 Cease error

OPEN message
OPEN message
Version Orig AS BGP id Opt param length Optional param Hold time Version BGP3 or 4 Orig AS Autonomous system Hold time amount of time between receiving KEEPALIVE and UPDATE packets. BGP id senders router ID

KEEPALIVE message
Periodic messages exchanged between peers to ensure the peer reach ability Recommended interval is the 1/3 of hold timer

UPDATE messages
The update message can be devided as:
Prefix Unreachable routes Prefix length

Unfeasible route
Withdrawn route Total path attribute length Path attributes Length Prefix Length/prefix Well known mandatory: the attributes which should be included and recognized by any BGP implementation ORIGIN AS_PATH NEXT_HOP Optional/Transitive in that case the router even if he can not recognize attribute he will forward it: AGGREGATOR COMMUNITY Network layer reachability information Path attributes (for example AS_PATH) 1 bit field Optional/well known

1 bit field Transitive/non transitive

Attribute flag Attribute type code Well known discretionary: the attributes which should be recognized but not necessary included into BGP implementation LOCAL_PREF ATOMIC_AGGREGATE Optional/nontransitive in that case the router if he can not recognize attribute he will drop it: MULTI_EXIT_DES CRIMINATOR ORIGINATOR_ID CLUSTER LIST

Attributes:
ORIGIN well-known mandatory attribute which defines the origin of the path can have the following values: 0 IGP interior to the originating AS 1 EGP network layer information learned via exterior gateway protocol 2 INCOMPLETE network layer info learned from somewhere else AS_PATH well-known mandatory attribute represents a chain of AS path segments. Segment represented (<path segment type, path segment length, path segment value>. ) (just a chain of ASs on the path) NEXT_HOP well-known mandatory attribute , the IP address of the router which should be used as the next hop for destination of network layer reachability of UPDATE message MED (MULTIEXIT_DESCREMINATOR) optional not transitive attribute, based on that attribute BGP speaker can make decision which exit point descriminate in multi-exit environment LOCAL_PREF well known discretionary attribute . Used by BGP speaker to inform other BGP speakers about preferences (inside AS) about advertised route ATOMIC_AGGREGATE well known discretionary. It is used by a BGP speaker to inform other BGP speakers that the local system selected a less specific route without selecting the more specific route which included in it AGGREGATOR transitive optional attribute which contain the last AS number followed with ip address of BGP speaker which formed the aggregated route COMMUNITY defines the common setting for BGP , for example community attribute 0xFFFFFF01 is NO_EXPORT , that route should not be advertised to peers outside AS, attribute 0xFFFFFF02 is NO_ADVERTISE the route will not advertised to any BGP peer (more attributes will be discussed later )

BAD DESIGHN
R1 IBGP R3 IBGP R4

EBGP
R2

EBGP R5

EBGP R6

In that configuration the main problem is: the routes learned via IBGP will never advertised to IBGP peer. In that example the routes learned from R2 will be advertised to R3 but R3 will not advertise those routes to R4

In that case we need full mesh topology additional connection showed by

That situation can be handled by route reflectors which will be described lateer

Synchronization
When router is receiving the route from IBGP peer the BGP router before advertise that route to the EBGP will check if the other routers able to reach the next hop and if destination prefix exists in the IGP database and then advertise that route, otherwise if BGP will not recognize that route BGP will not Advertise it. The synchronization rule is that the router should not advertise the route into external destination untill it is not known through the IGP. Most of BGP implementations allow to disable synchronization , because the problem is : we can not inject all routes into IGP no one IGP protocol can not handle thousands of routes NOTE! It is very important : how routes injected into internet

Route reflectors
Route reflector server

IBGP Route reflector client

IBGP Route reflector client

Reflected route

EBGP

EBGP

The routers in large networks can have a dozens peers each , the idea behind route reflectors is to have one router to which the others will be peers to the one focal router and the route reflector will be peer to another route reflector, also the rule that route learned via IBGP peer will not advertised to another IBGP speaker , route reflector allow to reflect routes which allows to relax full-mesh topology. Route reflector server also can be optimized to send copies of UPDATE messages instead generate them for each peer separately.

Route reflector redundancy


Route reflector server Route reflector server

Cluster

Cluster

The redundancy stands for several route reflectors servers in the network the main point to have logical redundant connections but it is nothing without redundant physical connections . Route reflector is not able to overwrite the attributes of reflected IBGP routes CLUSTER_LIST optional no transitive attribute

route injection
Dynamic : pour dynamic redistribution of all IGP routes into BGP and semi dynamic redistribution only certain routes into BGP (network command). The second case : the router will check ip routing table and the route will not found than BGP router will not advertise it. Full redistribution of IGP into BGP will cause some unwanted information be advertised. Mutual redistribution : redistribution in both directions BGP<->IGP , in that case route learned from external BGP and redistributed into IGP could be advertised back to EBGP peer with own AS like AS 1 presented bellow
- Route advertisement

The best practice is statically inject routes into BGP

AS 2

IGP

Routing process
Filtering, attributes manipulation Routes used by router Routes advertised by peers Inbound policy engine BGP Table Outbound policy engine Routes advertised to peers

Routing table

Best routes selection

Filtering, attributes manipulation

BGP RIBs
Inbound policy engine outbound policy engine

In-BGP-RIB

Out-BGP-RIB

In-BGP-RIB

Adj-BGP-RIB

Out-BGP-RIB

In-BGP-RIB

Route injection

Out-BGP-RIB

Routing table

BGP decision process


1 If next hop is unreachable route discarded 2 The route with highest weight (Cisco proprietary attribute) 3 The route with bigger value of local_pref attribute (as was described before well known discretionary attribute advertised only inside AS ) 4 The route with the shortest AS_PATH 5 If the path length the same prefer the route originating (IGP , EGP, unknown exactly with this order) 6 The route with the lowest MED 7 The route learned from EBGP preferred to router learned through IBGP 8 The closest IGP neighbor (the shortest path to BGP NEXT_HOP attribute) 9 The lowest router ID preferable

Private AS usage
AS1 CUST2 ISP AS6 ISPB

AS65500
ISPA

CUST1 AS65
AS65501

In that case we have two customers multihomed to a single service provider. The private AS numbers range is : 64512 65535

AS path filters regular expressions


Character Special Meaning

period asterisk plus sign question mark

. * + ?

Matches any single character, including white space. Matches 0 or more sequences of the pattern. Matches 1 or more sequences of the pattern. Matches 0 or 1 occurrences of the pattern.

caret

Matches the beginning of the input string.

dollar sign

Matches the end of the input string.

PEER GROUPS
Peer group is a group of neighbor BGP routers which share the same update settings. Peer groups allow to define the common for peers policies instead of defining them for each router. FOR EXAMPLE: In that case Router A have 2 external peers and 1 internal 2 peer groups is defined in router A .

Peer group 1

Peer group 2

Case 1- single customer multihomed to single provider


In that case we have 2 routers and 2 paths between them . Router on the left will receive the two next hop toward destination. but only the best route will be added to the IP routing table. The solution proposed by cisco is to establish sessions not between LAN/WAN interfaces but between loopback interfaces in that case we will have connection between routers based on the routerID

Case 2 one customer connected to 2 providers


The possible solutions is to have one primary default rout and 1 backup default route . Customer can prefer one default route to another by manipulating the administrative distance or local preference

Case 3 one provider two customers


The possible solutions is to have one primary default rout and 1 backup default route . Customer can prefer one default route to another by manipulating the administrative distance or local preference

Confederations
AS65502 AS65501

EBGP

EBGP

AS500
AS65500

The idea about confederations is that AS can be broken into few smaller ASs. Inside sub-AS all IBGP rules should be applied (like full mesh), between Sub-AS established EBGP. Route decision preferences is: External to AS External to SubAS - IBGP

Capabilities Advertisement with BGP-4


When a BGP speaker that supports capabilities advertisement sends an OPEN message to its BGP peer, the message may include an Optional Parameter, called Capabilities. The parameter lists the capabilities supported by the speaker. A BGP speaker determines the capabilities supported by its peer by examining the list of capabilities present in the Capabilities Optional Parameter carried by the OPEN message that the speaker receives from the peer. A BGP speaker that supports a particular capability may use this capability with its peer after the speaker determines. BGP speaker determines that a peer do not support that capability if receive NOTIFICATION message with the Error Sub-code set to Unsupported Optional Parameter. Capability is optional parameter which contains one or more triplets :
Capability Code (1 octet)

The use and meaning of these fields are as follows: Capability Code: Capability Code is a one octet field that unambiguously Capability Value (variable) identifies individual capabilities. Capability Length: Capability Length is a one octet field that contains the length of the Capability Value field in octets. Capability Value is a variable length field that is interpreted according to the value of the Capability Code field. A particular capability, as identified by its Capability Code, may occur more than once within the Optional Parameter. Capability codes assignments doing organization IANA 0 is reserved 1 64 assigned according to IETF Consensus policy, 65128 first came first served policy, 129-255 for private use.
Capability Length (1 octet)

Soft reconfiguration (cisco)


BGP uses a TCP transport protocol . The session establishment based on the OPEN message. When connection is reset the cache is invalidated and the routes disappears . Cisco introduced the soft reconfiguration. It is allows to change attributes without resetting TCP session . The drawback of soft reconfiguration is : it is requires that unmodified routes from selected peers would stored in memory (we need to have two identical BGP-RIB databases)

BGP route refresh


Address family identifier
Reserved field

Subsequent address family identifier

Route refresh message is the new type of BGP message. BGP speaker which wants to receive the route refresh message from his peer need to send route refresh capability using BGP capability advertising. The AFI SFI carried in such message should be AFI SFI advertised during session establishment via capability advertisement. If speaker received AFI, SFI which is not , then speaker shall ignore that message

Note: Otherwise, the BGP speaker shall re- advertise to that peer the Adj-RIB-Out of the <AFI, SAFI> carried in the message, based on its outbound route filtering policy

Route dampening
Route dampening is a mechanism of route stability control. Route which is flapping cause UPDATE/WITHDRAWN messages to be propagated. Route dampening categorize routes as good (well) behaved or bad (ill behaved). Good behaved route is the route which shows a high level of stability during long period of time Bad behaved route is the route which shows a low level of stability during short period of time TERMINOLOGY: Penalty a number of points which assigned to route each time the route flaps Suppress (suppressed not advertised) limit if the amount of points greater than suppress limit the route is suppressed Half-life the amount of time which should pass to amount of points would reduced by one-half Reuse limit the amount of points (if route is up) under which the route is not suppressed any more History entry to store the route flap information

Penalty points

Suppress limit

Reuse limit

time

Multi-protocol BGP extension


That feature defined to enable BGP v4 to be able support multiple network layer protocols , to a chive that introduced two optional non transitive attributes: MP_UNREACH_NLRI and MP_REACH_NLRI that way the protocol implementation which not support multi-protocol extension will ignore it MP_REACH_NLRI the optional not transitive attribute which serves for advertising of feasible peers to neighbors, to permit a router that should be used as a next hop

Address Family Identifier (AFI) Subsequent Address Family Identifier (SAFI) Length of the next hop address Next hop address Reserved NLRI

AFI -SAFI identifies the set of network layer protocols Reserved 1 octet field which value shoud be set to 0 and ignored upon receipe NLRI Nettwork layer information NOTE! An UPDATE message that carries the MP_REACH_NLRI MUST also carry the ORIGIN and the AS_PATH attributes (both in EBGP and in IBGP exchanges). Moreover, in IBGP exchanges such a message MUST also carry the LOCAL_PREF attribute. MP_UNREACH_NLRI optional non transitive attribute which can be used for routes withdrown Address Family Identifier (AFI) Subsequent Address Family Identifier (SAFI) WOTHDRAW

Capability advertisement

Encapsulation SAFI attribute and tunnel encapsulation attribute


TUNNEL ENCAPSULATION attribute is optional, transitive attribute type 23 The idea behind this is: the bgp speaker letting know to other bgp speakers : "if you want to encapsulate the packet which you need to send to me than here is the necessary information which you need to properly form the encapsulation header . ENCAPSULATION is optional attribute NLRI is carried in UPDATE message using multi protocol extension with an AFI 1 or 2 (IPV4 or IPV6) and SAFI = 7 (encapsulation SAFI). The NLRI is encoded in format <prefix length>, <prefix value>. The prefix value is structured as follows:
Endpoint Address

End point address the address of BGP speaker originating update. The message which carries the MP_REACH_NLRI or MP_UNREACH_NLRI should also carry ORIGIN, AS_PATH, LOCAL_PREFERENCE for IBGP. TUNNEL ENCAPSULATION attribute structure is as follows:
Tunnel type Length Value Tunnel type type of tunneling technology, unknown types ignored and discarded Length number of octets of value field Value comprised of multiple SubTLV
SubTLV Type
SubTLV Length

Tunnel TLV

SubTLV Value

SubTLV Type - defines the certain propertiey about the tunnel , Type 1 is encapsulation Type 2 is protocol Type 4 is color (?)

BGP IPsec Tunnel Encapsulation


The BGP SAFI allows exchange of tunnel information and association of that information to BGP next hop TUNNEL TYPES: Transmit tunnel end point tunnel type 3 IPSec in tunnel mode tunnel type 4 IP to IP tunnel with IPSec in transport mode tunnel type 5 MPLS to IP tunnel in IPSec transport mode tunnel type 6 USE OF IPSEC TUNELLS
Authentication type
Value

If one bgp speaker receives the Encapsulation SAFI update from another bgp speaker then first bgp speaker must initiate an IPSec security association (SA) of the specified tunnel type and all the packets must be sent through that SA ATTRIBUTE sub-TLV :

Configuration example (very simple and very sample)


Loppback : 192.6.1.1 192.6.2.1 192.6.3.1 192.6.4.1

Router6

15.1.1.1

15.1.1.2

Router5

AS 2

10.1.1.2

16.1.1.1
11.1.1.1 11.1.1.2 16.1.1.2 Router1 Router3 13.1.1.1 12.1.1.1 13.1.1.2 12.1.1.2 Router4 Router2 17.1.1.1 17.1.1.2

AS 3

10.1.1.1
Loppback : 192.1.1.1 192.1.2.1 192.1.3.1 192.1.4.1 Loopback 1.1.1.1

Loppback : 192.5.1.1 192.5.2.1 192.5.3.1 192.5.4.1

AS 1
Loppback : 192.3.1.1 192.3.2.1 192.3.3.1 192.3.4.1

Loopback 4.4.4.4

Loppback : 192.4.1.1 192.4.2.1 192.4.3.1 192.4.4.1

Loppback : 192.2.1.1 192.2.2.1 192.2.3.1 192.2.4.1

NOTE! That topology should be considered as 3 equal AS which need to advertise all their routes to each others, and not pretend to be best practice other wise (in case if one of AS is customer multihomed to 2 providers should be implemented routing policies to not allow customers AS became a transit AS for SP traffic)

Session establishment
Router# debug ip bgp all *Nov 21 16:19:41.231: BGP: 1.1.1.1 went from Idle to Connect *Nov 21 16:19:41.239: BGP: 1.1.1.1 rcv message type 1, length (excl. header) 26 *Nov 21 16:19:41.243: BGP: 1.1.1.1 rcv OPEN, version 4, holdtime 180 seconds *Nov 21 16:19:41.243: BGP: 1.1.1.1 went from Connect to OpenSent *Nov 21 16:19:41.243: BGP: 1.1.1.1 sending OPEN, version 4, my as: 1, holdtime 1 80 seconds *Nov 21 16:19:41.243: BGP: 1.1.1.1 rcv OPEN w/ OPTION parameter len: 16 *Nov 21 16:19:41.243: BGP: 1.1.1.1 rcvd OPEN w/ optional parameter type 2 (Capab ility) len 6 *Nov 21 16:19:41.247: BGP: 1.1.1.1 OPEN has CAPABILITY code: 1, length 4 *Nov 21 16:19:41.247: BGP: 1.1.1.1 OPEN has MP_EXT CAP for afi/safi: 1/1 *Nov 21 16:19:41.247: BGP: 1.1.1.1 rcvd OPEN w/ optional parameter type 2 (Capab ility) len 2

Router 1
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router1 ! (omitted) ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Loopback1 ip address 192.168.1.1 255.255.255.0 ! interface Loopback2 ip address 192.1.2.1 255.255.255.0 ! interface Loopback3 ip address 192.1.3.1 255.255.255.0 ! interface Loopback4 ip address 192.1.4.1 255.255.255.0 ! interface FastEthernet0/0 ip address 13.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue clock rate 125000 ! interface FastEthernet0/1 ip address 11.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/1 no ip address shutdown clock rate 2000000 ! interface FastEthernet1/0 ip address 12.1.1.1 255.255.255.0 speed auto half-duplex ! router bgp 1 no synchronization bgp log-neighbor-changes redistribute connected neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 10.1.1.2 remote-as 2 neighbor 11.1.1.2 remote-as 1 neighbor 11.1.1.2 update-source Loopback0 neighbor 11.1.1.2 route-reflector-client neighbor 11.1.1.2 next-hop-self neighbor 12.1.1.2 remote-as 1 neighbor 12.1.1.2 route-reflector-client no auto-summary ! ip forward-protocol nd ip route 4.4.4.4 255.255.255.255 FastEthernet0/0 ! (omitted) alias exec s sh ip int brief (omitted end

To advertise routes learned from 1 bgp to another

Router 2
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router2 ! boot-start-marker boot-end-marker ! (omitted) ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface FastEthernet1/0 ip address 12.1.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 ip address 17.1.1.2 255.255.255.0 duplex auto speed auto ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 12.1.1.1 remote-as 1 neighbor 17.1.1.1 remote-as 1 no auto-summary ! ! Alias exec s sh ip int brief no ip http server no ip http secure-server

Router2> en Router2# configure terminal Router2(config)#interface FastEthernet 1/0 Router2(config-if)# ip address 12.1.1.2 255.255.255.0

Router2> en Router2# configure terminal Router2(config)#router bgp 1 Router2(config-router)# neighbor 12.1.1.1 remote-as 1 Router2(config-router)# neighbor 17.1.1.1 remote-as 1 Router2(config-router)# no auto-summary

IBGP peers

Router 3
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router3 ! (omitted) ! ! interface Loopback1 ip address 192.3.1.1 255.255.255.0 ! interface Loopback2 ip address 192.3.2.1 255.255.255.0 ! interface Loopback3 ip address 192.3.3.1 255.255.255.0 ! interface Loopback4 ip address 192.3.4.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface FastEthernet1/0 ip address 11.1.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 ip address 16.1.1.2 255.255.255.0 serial restart-delay 0 no fair-queue ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! interface Serial2/4 no ip address shutdown serial restart-delay 0 ! interface Serial2/5 no ip address shutdown serial restart-delay 0 ! interface Serial2/6 no ip address shutdown serial restart-delay 0 ! interface Serial2/7 no ip address shutdown serial restart-delay 0 ! router bgp 1 no synchronization bgp log-neighbor-changes redistribute connected neighbor 1.1.1.1 remote-as 1 neighbor 16.1.1.1 remote-as 3 neighbor 16.1.1.1 route-map mapasprepend out no auto-summary ! ip route 1.1.1.1 255.255.255.255 FastEthernet1/0 ip route 4.4.4.4 255.255.255.255 11.1.1.1 ! no ip http server no ip http secure-server ! ! access-list 1 permit 192.3.0.0 0.0.255.255 access-list 1 permit 192.168.1.0 0.0.0.255 ! route-map mapasprepend permit 10 match ip address 1 set as-path prepend 1 1 1 ! (omitted) ! alias exec s sh ip int brief

Router3> en Router3# configure terminal Router3(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Router3(config)#route-map mapasprepend permit 10 Router3(config-route-map)# match ip address 1 Router3(config-route-map)# set as-path prepend 1 1 1 Note! The traffic for 192.168.1.0 sourced from Router5 will go now through Router6

Router 4
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router4 ! (omitted) interface Loopback0 ip address 4.4.4.4 255.255.255.255 ! interface Loopback1 ip address 192.4.1.1 255.255.255.0 ! interface Loopback2 ip address 192.4.2.1 255.255.255.0 ! interface Loopback3 ip address 192.4.3.1 255.255.255.0 ! interface Loopback4 ip address 192.4.4.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface FastEthernet1/0 ip address 17.1.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 ip address 13.1.1.2 255.255.255.0 duplex auto speed auto ! router bgp 1 no synchronization bgp log-neighbor-changes redistribute connected neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 17.1.1.2 remote-as 1 no auto-summary ! ip route 1.1.1.1 255.255.255.255 FastEthernet1/1 ! no ip http server no ip http secure-server ! ! (omitted) ! ! end

Router 5
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router5 ! (omitted) ! interface Loopback1 ip address 192.5.1.1 255.255.255.0 ! interface Loopback2 ip address 192.5.2.1 255.255.255.0 ! interface Loopback3 ip address 192.5.3.1 255.255.255.0 ! interface Loopback4 ip address 192.5.4.1 255.255.255.0 ! interface FastEthernet0/0 ip address 15.1.1.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 ip address 16.1.1.1 255.255.255.0 clock rate 56000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown clock rate 2000000 ! router bgp 3 no synchronization bgp log-neighbor-changes redistribute connected neighbor 15.1.1.1 remote-as 2 neighbor 16.1.1.2 remote-as 1 no auto-summary ! ip forward-protocol nd ! ! ip http server no ip http secure-server ip pim accept-rp auto-rp ! (omitted) ! ! end

Router 6
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router6 ! (omitted) ! ip multicast-routing ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated ! (omitted) ! interface Loopback1 ip address 192.6.1.1 255.255.255.0 ! interface Loopback2 ip address 192.6.2.1 255.255.255.0 ! interface Loopback3 ip address 192.6.3.1 255.255.255.0 ! interface Loopback4 ip address 192.6.4.1 255.255.255.0 ! interface FastEthernet0/0 ip address 15.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0 ip address 10.1.1.2 255.255.255.0 clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown clock rate 2000000 ! router bgp 2 no synchronization bgp log-neighbor-changes redistribute connected neighbor 10.1.1.1 remote-as 1 neighbor 15.1.1.2 remote-as 3 no auto-summary ! ip forward-protocol nd ! ! ip http server no ip http secure-server ip pim accept-rp auto-rp ! alias exec s sh ip int brief ! (omitted) end

multihop and confederations configuration example


AS 200 Router2 Router5

Not running BGP

Router1
AS 65501 AS 100

Router4 AS 65500

Router 1
(omitted) ! interface FastEthernet0/0 ip address 13.1.1.1 255.255.255.0 duplex auto speed auto router bgp 65500 no synchronization bgp log-neighbor-changes bgp confederation identifier 100 bgp confederation peers 65501 redistribute connected neighbor 13.1.1.2 remote-as 65501 no auto-summary ! (omitted) Router3> en Router3# configure terminal Router3(config)# router bgp 65500 Router3(config-router)#bgp confederation identifier 100 Router3(config-router)# bgp confederation peers 65501 Router3(config-router)# redistribute connected Router1(config-router)# neighbor 13.1.1.2 remote-as 65501 Router1(config-router)# no auto-summary

Router 2
In that example router 2 havent any special configuration except static routes to provide ip connectivity between Router 4 and Router 5

Router 4
interface FastEthernet1/0 ip address 17.1.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 ip address 13.1.1.2 255.255.255.0 duplex auto speed auto ! router bgp 65501 no synchronization bgp log-neighbor-changes bgp confederation identifier 100 bgp confederation peers 65500 redistribute connected neighbor 12.1.1.1 remote-as 200 neighbor 12.1.1.1 ebgp-multihop 5 neighbor 13.1.1.1 remote-as 65500 no auto-summary

Router 5
interface FastEthernet1/0 ip address 17.1.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 ip address 13.1.1.2 255.255.255.0 duplex auto speed auto ! router bgp 65501 no synchronization bgp log-neighbor-changes bgp confederation identifier 100 bgp confederation peers 65500 redistribute connected neighbor 12.1.1.1 remote-as 200 neighbor 12.1.1.1 ebgp-multihop 5 neighbor 13.1.1.1 remote-as 65500 no auto-summary

Route dampening configuration example


Router 4

Router 4 configuration
(omitted) ! bgp dampening route-map selectivedampening redistribute connected ! (omitted) ! route-map selectivedampening permit 10 match ip address 1 set dampening 30 5000 10000 30 ! (omitted)

Maximum suppress time

Suppress limit Half-life Reuse limit