Logo

EcoRouter

EcoNAT

EcoQOE

EcoBypass

English

BGP EcoRouter Documentation / Routing / BGP

The Border Gateway Protocol (BGP) is used as an Internet routing protocol for studying, announcing and best route selecting. EcoRouterOS uses an extended BGP - Multiprotocol BGP (MP-BGP), which allows to combine different types of addressing (unicast, multicast) within a single configuration and, in the future, IPv6. MP-BGP is compatible with a traditional BGP ver.4. As a result BGP-4 router can communicate as a neighbor to MP-BGP router and just ignore any BGP messages with unknown extension.

In the table below one can see comparision of a BGP main concept with an Internal Gateway Protocol (IGP). OSPF is taken for example.

OSPFBGP
Neighbors to be set up before sending route informationThe same logic

Neighbors are found by multicast messages in a directly connected subnet

Neghbors are set up by static configuration, they can belong to a different subnets

TCP is not usedTCP connection is between neighbors (port 179)
Prefix/length is advertisedPrefix/length (Network Layer Reachability Information) is advertised
Metric information is advertisedPath attributes are advertised
Fast switching to the most effective and efficient route is a priority

Net scalability is a priority, not the most effective and efficient route can be chosen

Basic BGP configuring

The previously registered autonomous system ID (ASN) is required to exchange and recieve route information. The IANA regulates a number allocation process both for ASN and for open routing IP addresses. In certain connections to the Internet a provider allocates IDs from a private range autonomous system (AS). The EcoRouterOS supports IDs for AS in range <1-4294967295>.

Depending on the appertation to a local AS or to a nighboring AS BGP defines two neighborhood classes for routers: internal BGP (iBGP) and external BGP (eBGP) respectively. The EcoRouterOS supports flexible configuration for both of them. Proceed the following steps for basic configuring:

For iBGP:

Step 1. Specify a loopback interface IP address for each router, using the commands:

interface loopback.<number> 
ip address <address/mask>

Step 2. Enable BGP specifying the AS by command:

router bgp <number>

Step 3. Specify BGP to use a loopback interface as a source by command:

neighbor <neighbor-ip> update-source <interface-id>

Step 4. Configure bgp neghibors for each router specifying neighbor's loopback address and local AS's ID by command:

neighbor <neighbor-ip> remote-as <number>

Step 5. Check if each router has a route to the neighbor's loopback address.

show ip route bgp


For eBGP:

Step 1. Specify a loopback interface IP address for each router, using the commands:

interface loopback.<number> 
ip address <address/mask>

Step 2. Enable BGP specifying the AS by command:

router bgp <number>

Step 3. Specify BGP to use a loopback interface as a source by command:

neighbor <neighbor-ip> update-source <interface-id>

Step 4. Configure bgp neghibors for each router specifying neighbor's loopback address and local AS's ID by command:

neighbor <neighbor-ip> remote-as <number>

Step 5. Check if each router has a route to the neighbor's loopback address.

show ip route bgp

Step 6. To increase TTL value configure eBGP multihop by command:

neighbor <neighbor-ip> ebgp-multihop <hops>

 

The above examples shows one of the ways to configure the device (in terms of fault-tolerance) on a simple topology.

BGP attributes

For route information and traffic flow route control and BGP net administration problem resolving EcoRouterOS supports the attributes shown in the table below.

Attribute
Description
Traffic direction
Weight

A numerical value in range from 0 to 216-1, affects on a path to the prefix include into neighbor's update message. Is not advertised to a BGP neighbors.

Affects on outgoing traffic

Local Preference

A numerical value in range from 0 to 232-1, is sent to the local AS by router and affects on an exit route from the autonomous system

Affects on outgoing traffic

AS-path (length)

Number of autonomous systems. The less is the better

Affects on outgoing / incoming traffic

Origin

Indicates in which way the route was added into BGP advertisement (I (IGP), E (EGP), or ? (incomplete information).)

Affects on outgoing traffic

Multi-Exit Discriminator (MED)

Route metric analog, a numerical value in range from 0 to 232-1, affects on a route from another autonomous system to the local AS. The less is the better

Affects on incoming traffic

Some of BGP attributes are intended for a best route selection, some serve for another purposes. For example the Next Hop parameter displays an information about the neighbor. The routing to this address must be present in a routing table for protocol functionality, but this attribute doesn't affect on the best path selecting algorithm itself. The best path selecting is described in the table below. Parameters are arranged in descending order of priority, starting with the most preferred.

PriorityAttribute/propertyWhat is better?

0

Next Hop

If the address is unreacheable the router can not use this path

1

Weight

Maximum value

2

Local Preference

Maximum value

3

Local route (the network/redistribution command)

The local route is better than recieved via eBGP/iBGP

4

AS-path length

Minimum value

5

Origin

Preference I>E>?

6

MED

Minimum value

7

iBGP or eBGP

Preference eBGP>iBGP

8

IGP metric to Next Hop

Minimum value

9

eBGP route lifetime

Maximum value

10

Neighbor BGP router's ID

Minimum value

11Cluster list length (in case of multi-path)Minimum value

12

Neighbor's IP address

Minimum value

See the configuring commands' examples for changing a default values of attributes / parameters.

The neighbor <address> next-hop-self command saves Next Hop address when iBGP neighborhood (by default iBGP address is not transmitted).

The neighbor <address> weight <value> command sets the Weight value for a neighbor (default value is 0 for routes got from a neighbors and 32768 for routes locally injected). The value can be set up by route-map and implemented by the neighbor <address> route-map <name> in command.

The bgp default local-preference <0-4294967295> command sets the Local Preference value (default value is 100). The value can be set up by route-map and implemented by the neighbor <address> route-map <name> in command.

Attribute configuration commands via route-map

To use such command the neighbor <address> soft-reconfiguration inbound command must be included into protocol configuration.

To display all attributes available on a BGP configuration sublevel use the set <attribute> command.

ecorouter(config-route-map)#set ?
?corouter(config-route-map)#set
  aggregator        BGP aggregator attribute
  as-path           Prepend string for a BGP AS-path attribute
  atomic-aggregate  BGP atomic aggregate attribute
  comm-list         set BGP community list (for deletion)
  community         BGP community attribute
  dampening         Enable route-flap dampening
  extcommunity      BGP extended community attribute
  interface         Configure interface
  ip                Internet Protocol (IP)
  level             IS-IS level to export route
  local-preference  BGP local preference path attribute
  metric            Metric value for destination routing protocol
  metric-type       Type of metric for destination routing protocol
  origin            BGP origin code
  originator-id     BGP originator ID attribute
  tag               Tag value for destination routing protocol
  vpnv4             VPNv4 information
  weight            BGP weight for routing table

Attributes wich can be configuered are shown in the table below.

AttributeDescription

Aggregator

Indicates the router which made route aggregation. Router and AS addresses can be indicated

AS-path

Indicates all AS a route goes to the destination subnet through. Use the set command to increase attribute length

Atomic-Aggregate

The attribute is used when aggregating routes. Use the aggregate-address <address> [summary-only] [as-set] command to aggregate routes, where if [summary-only] presents in command only summary route will be transmitted (by default all subnets are transmitted along with a summary route).

[as-set] is a key to declare local AS.

Community

The attribute allows to group a certain routes into logical group for further handling them in a special way (put them on a different route, apply QoS policies).

To set the value use the set parameter:

ecorouter(config-route-map)#set community ?
<1-65535> community number
AA:NN community number in aa:nn format
additive Add to the existing community
internet Internet (well-known community)
local-AS Do not send outside local AS (well-known community)
no-advertise Do not advertise to any peer (well-known community)
no-export Do not export to next AS (well-known community)
none No community attribute

For further route advertising with the Community attribute use the command:

bgp config-type standart in the configuration mode, neighbor <address> send-community both will be automatically added

Comm-list

The parameter allows to select community list to be deleted. EcoRouterOS supports communiti-list creation to handle a subnet advertising using road-map (to read more about route-map see section "Route maps"). For example use the ip community-list 1 permit <numberAS:100>, where numberAS is ID of the AS which advertised a route, 100 means the command applied to set a metric for routes with a community=100.

route-map community permit 100
match community 1
set metric 777

For further route advertising with the Community attribute use the command:

neighbor <address> send-community

Dampening

An additional functionnality of the BGP to protect against route flapping.

Use the set dampening <1-45> command, where <1-45> is Reachability Half-life time in minutes (counts since successful reconecction till removal penalty points)

Extcommunity / extcommunity-list

The attribute for regular expression using

Local Preference

The attribute indicates a router selection to exit AS from.

Use the set local-preference <0-4294967295> command

Metric

The Multiexit_Descriminator (MED) attribute is a route metric's analog. Use the set metric <1-4294967295> command, default MED is 0.

Origin

The attrtibute indicates to the way which the route in update was recieved. Use the set origin command

Originator-ID <0|1|2>

The attribute indicates Router ID which advertised the route in the local AS. If the router recieves an update which contains its RID, the route not to be used and transmitted to a nighbors. Use the set originator-id command to specify the value.

See the possible attribute values:

  • 0 — IGP: NLRI recieved within the original AS;

  • 1 — EGP: NLRI was learnt by Exterior Gateway Protocol (EGP). BGP's predecessor, not in use;

  • 2 — Incomplete: NLRI was learnt in some other way

Vpnv4

The attribute allows to specify next hop address for a route for VPN.

Use the set vpnv4 next-hop <address> command, where <address> - next routers's address

Weight

The attribute determins which interface will be used to exit from AS. The bigger weight the greater priority. Use the set weight command to specify a value


BGP configuring example

See the topology configuration example:

Objective: configure neighborhood between R1-ECO1 and ECO1-R2, change the MED attribute value for routes announced by R1 in order to set 33.0.0.0/29 metrica equal to 1000 and 33.0.0.8/29 metrica equal to 500.

ECO1 configuration:

Step 1. Entering configuration mode

ECO1>enable
ECO1#configure terminal

Step 2. Configuring at interfaces, service instances and ports

ECO1(config)#interface e1
ECO1(config-if)#interface e1
ECO1(config-if)#ip address 77.0.0.200/8
ECO1(config-if)#interface e2
ECO1(config-if)#ip address 200.0.0.200/24
ECO1(config-if)#port ge1
ECO1(config-port)#service-instance ge1/e1
ECO1(config-service-instance)#encapsulation untagged
ECO1(config-service-instance)#connect ip interface e1
ECO1(config-service-instance)#exit
ECO1(config-port)#port ge2
ECO1(config-port)#service-instance ge2/e2
ECO1(config-service-instance)#encapsulation untagged
ECO1(config-service-instance)#connect ip interface e2
ECO1(config-service-instance)#exit
ECO1(config-port)#exit

Step 3. Configuring filter lists

ECO1(config)#policy-filter-list 1 permit 33.0.0.0 0.0.0.7
ECO1(config)#policy-filter-list 2 permit 33.0.0.8 0.0.0.7

Step 4. Matching filter lists and specifying metrica for networks

ECO1(config)#route-map bgp permit 1
ECO1(config-route-map)#match ip address 1
ECO1(config-route-map)#set metric 1000
ECO1(config-route-map)#route-map bgp permit 2
ECO1(config-route-map)#match ip address 2
ECO1(config-route-map)#set metric 500

Step 5. Creating an empty filter list for all other routes with a default metric

ECO1(config-route-map)#route-map bgp permit 3
ECO1(config-route-map)#exit

Step 6. Creating and configuring neighbor groups

ECO1(config)#router bgp 200
ECO1(config-router)#neighbor eBGP peer-group
ECO1(config-router)#neighbor eBGP remote-as 100
ECO1(config-router)#neighbor eBGP ebgp-multihop 2
ECO1(config-router)#neighbor eBGP update-source loopback.0
ECO1(config-router)#neighbor eBGP route-map bgp in
ECO1(config-router)#neighbor iBGP peer-group
ECO1(config-router)#neighbor iBGP remote-as 200
ECO1(config-router)#neighbor iBGP update-source loopback.0
ECO1(config-router)#neighbor iBGP next-hop-self
ECO1(config-router)#neighbor 1.1.1.1 peer-group eBGP
ECO1(config-router)# neighbor 2.2.2.2 peer-group iBGP
ECO1(config-router)#exit

Step 7. Creating static routes

ECO1(config)#ip route 1.1.1.1/32 77.0.0.100
ECO1(config)#ip route 2.2.2.2/32 200.0.0.202

See the example of BGP table information output on the picture below:

Use the network command to place routes into BGP and furter announcing or use the redistribute command for redistribution from Interior Gateway Protocols (further IGP).

connectedInject directly connected networks into route redistribution
isis

Inject networks learned from IS-IS into route redistribution

ospfInject networks learned from OSPF into route redistribution
ripInject networks learned from RIP into route redistribution
staticInject static networks into route redistribution

Use the network command to announce the loopbac-interface of the R2 router

ECO1(config-router)#network 2.2.2.2 mask 255.255.255.255

In the EcoRouterOS the synchronization is disabled by default. In the protocol configuration mode use the synchronization command to enable it.

Filtering and neighbor relations in BGP

A route filtering in BGP is similar to IGP but politics are indicated for each neighbor separately with a direction mark in or out.

The commands for route filtering in BGP are shown in the table below.

CommandList which command referred on

neighbor distribute-list

policy-filter-list

neighbor prefix-list

ip prefix-list

neighbor filter-list

ip as-path access-list

neighbor route-map

route-map

The description for different list types can be found in the relevant sections. Here only AS-path lists are described. The AS-path lists allow to filter routes depending on autonomous systems mentioned in AS-path attribute. Use the regular expressions to specify AS-path attribute value (read mere in section Service Instances). Use the  ip as-path access-list <номер> permit/deny <regular expression> command to configure route politics.

BGP partnership relations updating

The commands for BGP partnership relations updating are shown in the table below.

CommandUpdate typeNumber of neughbors, direction

clear ip bgp

Hard

All, incoming/outgoing

clear ip bgp neighbor-id

Hard

One, incoming/outgoing

clear ip bgp neighbor-id in/out

Soft

One, incoming/outgoing

clear ip bgp neighbor-id soft in/out

Soft

One, incoming/outgoing

clear ip bgp soft

Soft

All, incoming/outgoing

clear ip bgp neighbor-id soft

Soft

One, incoming/outgoing

Hard type means that BGP partnership relations updating will be done with TCP session reset.

Soft type means that BGP partnership relations updating will be done without TCP session reset.

For the clear ip bgp neighbor-id in functionality the neighbor <address> soft-reconfiguration inbound command must be in configuration of protocol.

Users often have to change BGP route filter policies. Major changes in the routing tables and the reset of TCP sessions with BGP neighbors cause a surge in the load on the central processor of the router. To reduce this effect and make working with BGP neighbors and route information announcements more convenient and flexible, EcoRouterOS provides functionality to disable of routing information auto-update when changing filter policies. In BGP, route policies can be configured in the following ways:

  • by prefix lists;
  • by route-maps;
  • by policy-filter-lists;
  • by distribute-lists;
  • by filter-lists along with ip as-path access-lists.

By default, when creating or changing a filter policy towards a neighbor, the router will send a BGP Update message 30 seconds later (in the case of an EBGP neighborhood) or instantly (in the case of an iBGP neighborhood).

Example:

ip prefix-list 1 deny 1.1.1.1/32
neighbor 10.0.0.2 prefix-list 1 out  

Use the neighbor 1.1.1.1 advertisement-interval <VALUE> command to change the time interval where <VALUE> specified in seconds. Use the neighbor 10.0.0.2 disable-auto-refresh command to disable this behavior. Then, to send the routing information, the neighbor will need to reset the neighbor relationship. To do this, without resetting the TCP sessions reset the neighbor relations (soft reset), add the soft keyword to the clear ip bgp ... reset command call.

By default, when creating or changing the filtering policy in the direction from the neighbor, the router instantly (in both cases - EBGP and iBGP Neighborhood) will send a message requesting BGP Route-Refresh updates, but only if the neighbor supports this option.

Example:

  ip prefix-list 1 deny 1.1.1.1/32  
  neighbor 10.0.0.2 prefix-list 1 in

This behavior is caused by the BGP Auto-Refresh option, which is enabled by default in EcoRouterOS. Use the neighbor 10.0.0.2 disable-auto-refresh command to disable this behavior. Then, to send the routing information, the neighbor will need to reset the neighbor relationship. To do this, without resetting the TCP sessions reset the neighbor relations (soft reset), add the soft keyword to the clear ip bgp ... reset command call. It also requires that the neighbor supports BGP Route-Refresh.

Use the no neighbor 10.0.0.2 capability route-refresh command to disable the BGP Route-Refresh option and exclude the ability to send BGP Route-Refresh messages to a neighbor.

Attention! It is strongly recommended to disable the auto-refresh functionality for neighbors if they promote too many BGP announces.

To test if the neigbor supports this option, use the command:

ecorouter # show ip bgp neighbors
BGP neighbor is 10.0.0.2, remote AS 2, local AS 1, external link
  BGP version 4, remote router ID 100.100.100.100
  BGP state = Established, up for 02:07:11
  Last read 02:07:11, hold time is 90, keepalive interval is 30 seconds
  Neighbor capabilities:
    Route refresh: advertised and received (old and new)
    Address family IPv4 Unicast: advertised and received
  Received 315 messages, 0 notifications, 0 in queue

         …………..The output is shortened…………….

The "advertised and received" phrase in the output indicates the BGP Route-Refresh option enabled on both the local router and the neighbor.

The result of disabling this option on the local device is shown below:

ecorouter#show ip bgp neighbors
 
BGP neighbor is 10.0.0.2, remote AS 2, local AS 1, external link
  BGP version 4, remote router ID 100.100.100.100
  BGP state = Established, up for 02:07:11
  Last read 02:07:11, hold time is 90, keepalive interval is 30 seconds
  Neighbor capabilities:
    Route refresh: received (old and new)
    Address family IPv4 Unicast: advertised and received
  Received 315 messages, 0 notifications, 0 in queue

         …………..The output is shortened…………….

Regular expressions

In the EcoRouterOS realization the following regular expressions are supported (see the table below):

Expression

Usage

^

Beginning of line

$

End of line

[ ]

Range of values

-

Range specification, i.e. [0-9]

( )

Logical group

.

Any value

*

Zero or more mathes with a previous symbol

+

One or more mathes with a previous symbol

?

Zero or one match with a previous symbol

_

Beginning and end of line, space, comma, opening or closing brackets

See some examples of frequently used regular expressions:

  • .* - any expression matches to this rule,
  • ^$ - the route from local AS,
  • ^100_ - the route information recieved from AS 100,
  • _100$ - the subnet located in AS 100,
  • _100_ - the route passes through AS 100,
  • ^[0-9]+$ - the route from the directly connected (neighboring) AS.

Route reflectors and confederations

Route reflector is a router which performs the function of route reflecting. A route reflector recieves a route from one neighbor and advertizes it to all others. It allows to reduce the number of connections needed to create at full-mesh topology when teaching neighbors to all AS's routes and avoid routing loops.

When administrating a big BGP domain the route reflectors must be configured. Use the neighbor <address> route-reflector-client command.

The route reflectors do not affect on the pathes of IP packets but define the order of propagating the route information along the network.

Confederation is a group of several AS which are anounced to the external BGP nodes by common AS identifier. The route reflector's function normally is viewed from the standpoint of iBGP. The confederation operates at the level of AS. Using confederation allows to divide an autonomous system onto several subsystems which exchange by route information via eBGP. When creating a confederation the bgp confederation identifier <1-65535> command for all the routers must be used. Use the bgp confederation peers <numberAS1 numberAS2 ...> command to specify the neighboring AS which must be included into the confederation. The neighboring AS identifiers in the command must be separated by spaces.

BGP configuration commands

The BGP configuring commands are shown in the table below. These commands are available in the router's configuration mode and context configuration mode (config-router)#.


Command

Mode

Description

router bgp <AS number>

Configuration

Switch to the BGP configuration mode

address-family ipv4 {unicast | multicast}

Context

Switch to the address-family configuration mode

aggregate-address <address>

Context

Create aggregation route

auto-summary

Context

Enable auto-summarizing

bgp always-compare-med

Context

The best path is defined by comparing the MED attributes recieved from the different AS

bgp as-local-count <2-64>

Context

Specify the number of the own AS in the AS-path attribute

bgp bestpath ...

Context

Change the best path selecting algorythm

bgp client-to-client reflection

Context

Enable the reflector role

bgp cluster-id <1-4294967295>

Context

Specify cluster's number

bgp confederation identifier <1-65535>

Context

Specify confederation's number

bgp confederation peers <1-65535>

Context

Specify the neighbors in confederation

bgp config-type {standard | ecorouteros}

Context

Specify the configuration type, the ecorouteros is enabled by default, to transmit the community attribute the standard type is used

bgp dampening ...ContextConfigure BGP route dampening parameters

bgp default local-preference <0-4294967295>

Context

Specify the local presence attribute

bgp deterministic-med

Context

Compare the MED attributes for the route recieved from an AS; the AS, weight, local preference, AS-path, and origin must be equal

bgp enforce-first-as

Context

The update message recieved not from the neighboring configured AS will be discarded

bgp fast-external-failover

Context

Instant reset of the BGP session when interface failed

bgp nexthop-trigger delay <1-100>

Configuration

Specify the delay interval to refresh BGP table after nexthop parameters changed

bgp nexthop-trigger enable

Configuration

Enable the neighbor address specific monitoring

bgp rfc1771-path-select

Configuration

Enable the best path selection according to RFC 1771

bgp rfc1771-strict

Configuration

Specify the origin attribute according to RFC 1771

bgp router-id <адрес>

Context

Specify router's BGP identifier

bgp scan-time <0-60>

Context

Specify the route accessibility scanning period in the route table (60 sec by default)

distance bgp <1-255> <1-255> <1-255>

Context

Specify administrative distance for external, internal, local routes

max-paths {ebgp | ibgp} <2-64>

Context

Maximum number of equal-cost routes

mpls-resolution

Context

An automatic creation of the FTN record for prefixes recieved from the neighbors

neighbor <address> activate

Context

Activate neighborhood in address-family configuration mode

neighbor <address> advertisement-interval <0-65535>

Context

Specify the minimum interval between Update messages

neighbor <адрес> allowas-in <1-10>Context

Advertise prefixes (routes) even when the source of the prefixes is from the same Autonomous System (AS) number

neighbor <address> as-origination-interval <1-65535>

Context

Specify the minimum update AS-origination messages sending interval

neighbor <address> attribute-unchanged [as-path | next-hop | med]

Context

Propagate default value when attribute value is changed

neighbor <адрес> capability dynamicContext

Enable the dynamic capability for a specific peer. This command allows a BGP speaker to advertise or withdraw an address family capability to a peer in a non-disruptive manner.

neighbor <адрес> capability orf prefix-listContext

Enable Outbound Router Filtering (ORF), and advertise the ORF capability to its neighbors. The ORFs send and receive capabilities to lessen the number of updates exchanged between neighbors. By filtering updates, this option minimizes generating and processing of updates.

neighbor <адрес> capability route-refreshContext

Advertise to peer about route refresh capability support. If route refresh capability is supported, then router can dynamically request that the peer re-advertises its Adj-RIB-Out.

neighbor <address> connection-retry-time <1-65535>

Context

Specify default neighbor connection retry timeout (120 sec by default)

neighbor <address> default-originate

Context

Send a default route to a neighbor

neighbor <address> description

Context

Description for the neighboring router (80 symbols max)

neighbor <address> disable-infinite-holdtime

Context

Disallow the configuration of infinite holdtime

neighbor <address> disable-capability-negotiate

Context

Disable sending neighbor capability negotiation (Disabled by default)

neighbor <address> ebgp-multihop <1-255>

Context

Specify a TTL value in BGP packets during BGP session

neighbor <address> enforce-multihop

Context

Enforce the requirement of multihop connection

neighbor <address> local-as <1-4294967295>

Context

Specify a local AS number

neighbor <address> maximum-prefix <1-4294967295>

Context

Specify a maximum number of routes which can be recieved from a neighbor

neighbor <address> next-hop-self

Context

Send a next-hop information to the iBGP neighbors

neighbor <address> passive

Context

Enable passive mode

neighbor <address> password

Context

Specify an MD5 authentication password (80 symbols max)

neighbor <name/address> peer-group <name>

Context

Create group of neighbors/add into a group

neighbor <address> port <0-65535>

Context

Specify BGP port for a neighbor

neighbor <address> remote-as

Context

Specify a AS number for a neighbor

neighbor <address> remove-private-AS

Context

Remove private AS numbers from outbound updates

neighbor <address> route-reflector-client

Context

Enable a reflector role and specify a neighbor as a client

neighbor <address> route-server-client

Context

Configure a neighbor as a route server client

neighbor <address> send-community {both | vextended | standard}

Context

Send a community attribute

neighbor <address> shutdown

Context

An administrative shutdown of BGP relations

neighbor <address> soft-reconfiguration inbound

Context

Enable local store for inbound routes

neighbor <address> timers <0-65535> <0-65535> [connect <1-65535>]

Context

Specify keepalive, hold and connect timer values

neighbor <address> transparent-as

Context

Enable a transparent AS mode without including own AS value into AS-path attribute

neighbor <address> transparent-nexthop

Context

Enable a transparent AS mode without specifying itself as a next-hop for the route

neighbor <address> unsuppress-map <group name>

Context

Selectively advertise routes previously suppressed by the aggregate-address command

neighbor <address> update-source <address>

Context

Specify an interface for TCP connections

neighbor <address> weight <0-65535>

Context

Specify the weight attribute

network <address>

Context

Specify subnets for advertising

redistribute {connected | isis | rip | static}

Context

Redistribute in BGP

synchronization

Context

Enable synchronization mode

timers bgp <0-65535> <0-65535>

Context

Specify keepalive and hold timer values



BGP show commands

Viewing BGP settings and statistic information commands are shown in the table below.

CommandDescription
show bgp statisticsDisplays statistics
show ip bgpDisplays BGP table
show ip bgp <subnet address>Displays a specified route information
show ip bgp attribute-infoDisplays all internal attributes information
show ip bgp communityDisplays routes list which belong to a particular community
show ip bgp community-infoDisplays information about communities
show ip bgp dampening {dampened-paths | flap-statistics | parameters} vrf {<vrf-name> | all | default}Displays information about dampening
show ip bgp filter-listDisplays route list corresponding to the AS-path list
show ip bgp ipv4 <unicast/multicast> ...Displays an address-family information
show ip bgp neighborsDisplays information about all configuered neighbors
show ip bgp neighbors <address>advertised-routesDisplays information about all advertised routes which passed an outgoing filter
show ip bgp neighbors <address> routesDisplays information about all recieved routes which passed an incoming filter
show ip bgp neighbors <address>received-routes*Displays information about all recieved routes before any incoming filter
show ip bgp pathsDisplays information of a local router's paths
show ip bgp prefix-listDisplays route list corresponding to a prefix list
show ip bgp regexpDisplays route list corresponding to a regular expression
show ip bgp route-mapDisplays route list corresponding to a route map
show ip bgp summaryDisplays all BGP connections' statuses

BGP Route Dampening

The BGP route dampening is an instrument to reduce the instability caused by route flapping. In computer networking and telecommunications, route flapping occurs when the routes are added to and then excluded from routing table in quick sequence. This can be caused by broken link, device operation errors, inproper equipment configuration, etc. Flapping routes in the routing table increase the load of network equipment processors leading more serious network problems. Implemeintation of route dampening is a good practice used in many providers' networks.

A penalty is added for every flap in a flapping route. As soon as the total penalty reaches the suppress limit the  advertisement of the route is suppressed. This penalty is decayed according to the configured half time value. Once the penalty is lower than the reuse limit, the route advertisement is unsuppressed.

The dampening information is purged from the router once the penalty becomes less than half of the reuse limit.

In the context router configuration mode use the bgp dampening {route-map <ROUTE-MAP-NAME> | <REACHIBILITY-HALF-LIFE-TIME> <REUSE-VALUE> <SUPPRESS-VALUE> <MAX-SUPPRESS-VALUE> <UN-REACHIBILITY-HALF-LIFE-TIME>} command to configure dampening. This command alsow allows to specify a certain route to be supressed.

ParameterDescription
<ROUTE-MAP-NAME>

Route-map name

<REACHIBILITY-HALF-LIFE-TIME>

Reachability Half-life time for the penalty in minutes. Range 1-45. Default value 15

<REUSE-VALUE>

Value to start reusing a route. Range 1-20000. Default value 750

<SUPPRESS-VALUE>

Value to start suppressing a route. Range 1-20000. Default value 2000

<MAX-SUPPRESS-VALUE>

Maximum duration to suppress a stable route in minutes. Range 1-255. Default value is four times bigger than Reachability Half-life time, that is 60 minutes

<UN-REACHIBILITY-HALF-LIFE-TIME>

 <1-45> Un-reachability Half-life time for the penalty in minutes. Range 1-45. Default value 15

Example:

#configure terminal
(config)#router bgp 11
(config-router)#bgp dampening 20 800 2500 80 25

Background BGP scanners

These parameters are responsible both for scanning the BGP RIP and IP RIB tables of the router, and sorting, sending and deleting of entries in it. The BGP uses only routes with available next-hop, in case of the next-hop is unavailable the subnets will be deleted from the routing tables. These actions are defined by the background bgp next-hops timer value, by default all the routes are checked once per 60 seconds.

Use the bgp scan-time next-hops <0-60> command in context BGP configuration mode to change the value of this timer. If the value is set to 0 the scanning will be disabled.

In addition to the availability of next-hop, BGP scans the router's tables for new static entries and the route 0.0.0.0. These actions are determined by the value of the background bgp networks timer, by default all the routes are checked once every per 15 seconds.

Use the bgp scan-time networks <15-60> command in context BGP configuration mode to change the value of this timer.

To reduce the load on the CPU of the device, the network engineer can set the maximum values of the scanning timers, but the network convergence time will be increased.

Clear commands

In the administration mode use the clear ip bgp dampening command to reset BGP route flap dampening information for specified subnet or VRF instance. The command syntax is following: clear ip bgp dampening [<ADDRESS>[/<MASK>] | ] [ vrf {<VRF-NAME> | default | all} ].

ParameterDescription
<ADDRESS>/<MASK>
Subnet specified by IP and mask, e.g. 35.0.0.0/8
vrf {<VRF-NAME> | default | all}
Reset the information for the VRF instance specified by VRF-NAME, default VRF-instabce or for all VRF-instances

Example:

#clear ip bgp dampening 35.0.0.0/8

In the administration mode use the clear bgp group of command to reset BGP statistics and IPv4 information.

To reset BGP statistics use the following command syntax: clear bgp statistics.

To reset BGP IPv4 information use the following command syntax: clear bgp ipv4 {multicast | unicast} { * | <AS-number> | <ADDRESS>[/<MASK>] | flap-statistics { <ADDRESS>[/<MASK>] | vrf {<VRF-NAME> | all | default} } }.

ParameterDescription
<ADDRESS>/<MASK>
Subnet specified by IP and mask, e.g. 35.0.0.0/8
multicast | unicast
Choose multicast or unicast mode
<AS-number>
Autonomous system number, range 1-4294967295
flap-statistics
Reset BGP flap route statistics for VRF instanse specified by address and mask (ADDRESS/MASK) or name (VRF-NAME), for all VRF instances (all) or default instance (default)

Example:

#clear bgp statistics
#clear bgp ipv4 unicast flap-statistics all

BGP Blackhole

The traffic discarding functionality via Null interface by substituting it as the next hop address for BGP routes in EcoRouterOS as one of the methods against DDoS attack is implemented. Such scenarios are an effective means against large-scale attacks, the purpose of which is to bring the attacked network to "denial of service" status. More information about all the advantages and disadvantages of this functionality can be found on the Internet.

The example of scenario and EcoRouter configuration is shown below.

Consider an attacker from the 192.168.0.0/24 network sends a huge amount of traffic to BGP AS to the Server 10.10.10.10/32, trying to cause the server down. As a result the task is to send advertising about the address 10.10.10.10/32 from the device R1 to a certain number of the community attribute. After the ECO-2 router accepted advertising with this route, it must update the data in the RIB and start discarding all packets arriving from the PC towards the address 10.10.10.10/32. The ECO-2 router configuration might look like this:

ecorouter#sh running-config
!
no service password-encryption
!
hw mgmt ip 192.168.255.1/24
!
ip vrf management
!
mpls propagate-ttl
!
security default
security none vrf management
!
ip pim register-rp-reachability
!
router bgp 1
 redistribute connected
 neighbor 1.1.1.1 remote-as 1
 neighbor 1.1.1.1 soft-reconfiguration inbound
 neighbor 1.1.1.1 route-map BLACKHOLE in
!
ip route 9.9.9.9/32 Null
!
ip community-list 66 permit 1:777
!
route-map BLACKHOLE permit 10
 match community 66
 set ip next-hop 9.9.9.9
!
route-map BLACKHOLE permit 20
!
line con 0
line vty 0 39
!
traffic-class default
!
port te0
 lacp-priority 32767
 mtu 9728
 service-instance 1
  encapsulation untagged
!
port te1
 lacp-priority 32767
 mtu 9728
 service-instance 1
  encapsulation untagged
!
interface 1
 ip mtu 1500
 connect port te1 service-instance 1
 ip address 1.1.1.2/24
!
interface 2
 ip mtu 1500
 connect port te0 service-instance 1
 ip address 192.168.0.1/24
 vrf management

Note the static route in the Null interface and the set ip next-hop 9.9.9.9 instruction in the route map. These are the main conditions for setting a recursive route to the RIB via the Null interface. Example of output of the routing table is shown below:

ecorouter#sh ip ro
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
IP Route Table for VRF "default"
C       1.1.1.0/24 is directly connected, 1
S       9.9.9.9/32 [1/0] is a summary, Null
B       10.10.10.0/24 [200/0] via 1.1.1.1, 1, 00:08:45
B       10.10.10.10/32 [200/0] via 9.9.9.9 (recursive blackhole), 00:08:45
C       192.168.0.0/24 is directly connected, 2

Gateway of last resort is not set

In the example the iBGP protocol is used, if necessary this functionality can be used in the eBGP topology. However, to create a recursive route via Null, the neighbor <address> ebgp-multihop <value> command for the neighbor must be specified. This command makes the neighbor to send information about the route with the community attribute (in the example the neighbor's address is 1.1.1.1) or create a loopback interface on the EcoRouter with the address from the subnet of the BGP next-hop used in the route map.