Friday, March 21, 2014

BGP Backdoor


BGP Backdoor is a feature in BGP that is used to optimize/overide the routing table when the default routing table route installation process isn’t in fact the best way to reach a certain network. Let’s first revise the route installation process before we get any deeper.

The main function of the routing table is to calculate the best route to a specific network.  Routing updates can come through different protocols. Each protocol has an Administrative Distance (AD)

For example, Cisco’s IOS uses the following Administrative Distances to sort out protocol updates.


Directly Connected
0
Static
1
eBGP
20
EIGRP
90
OSPF
110
RIP
120
EIGRP External
170
iBGP
200


The lower AD, the more preferable the route to be installed in the routing table

The router takes a few steps before actually installing routes in the routing table in a step by step basis which is the following.

1- Longest Prefix Match 
2- Administrative Distance
3- Metric

To make it clearer, let’s look at this topology



Let’s say two companies decided to merge and both of them needs to exchange route, both of them used to communicate through a service provider before merging together.

Now after the merge, they installed a direct link between them running OSPF as an IGP. Let’s take the network 222.222.222.222/24 as an example for the problem we’re facing here.

R2 is advertising the network 222.222.222.222/24 via eBGP to R1 and via OSPF to R3, By turn R1 propagates 222.222.222.222/24 to R3 since it’s in a different AS than R2, now  R3 has to decide which route source is better,

From R1
AD 20
Link capacity 1.5 Mbs
2 Hops
From R2
AD 110
Link Capacity 100 Mbs
1 Hop

Clearly the route directly through R2 is better, but again R3 will prefer the link through R1 since the BGP AD is lower than OSPF AD

Let’s see what’s on R3

R3#show ip route

B    222.222.222.0/24 [20/0] via 10.0.13.1, 00:00:47
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 10.0.23.2, 00:06:05, FastEthernet0/1
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.0.12.0 [110/74] via 10.0.23.2, 00:06:05, FastEthernet0/1
C       10.0.13.0 is directly connected, Serial0/0
C       10.0.23.0 is directly connected, FastEthernet0/1



R3#show ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 222.222.222.0    10.0.13.1                              0 1 65000 i

Now let’s fix that be enabling BGP backdoor on R3 ( I also enabled debug IP ROUTING)

R3(config)#router bgp 65001
R3(config-router)#network 222.222.222.0 mask 255.255.255.0 backdoor


*Mar  1 00:18:34.647: RT: del 222.222.222.0 via 10.0.13.1, bgp metric [20/0]
*Mar  1 00:18:34.647: RT: delete network route to 222.222.222.0
*Mar  1 00:18:34.651: RT: NET-RED 222.222.222.0/24
*Mar  1 00:18:34.675: RT: add 222.222.222.0/24 via 10.0.23.2, ospf metric [110/20]
*Mar  1 00:18:34.679: RT: NET-RED 222.222.222.0/24


Checking the routing table and BGP table

R3#show ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 222.222.222.0    10.0.13.1                              0 1 65000 i

The Asterix in front of the prefix is now gone, and there’s the small letter “r” indicating a RIB failure, which essentially means that the routing table has a more preferred route other than the one received by BGP

Here’s the routing table of R3

R3#show ip route
O    222.222.222.0/24 [110/20] via 10.0.23.2, 00:04:45, FastEthernet0/1
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 10.0.23.2, 00:20:11, FastEthernet0/1
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.0.12.0 [110/74] via 10.0.23.2, 00:20:11, FastEthernet0/1
C       10.0.13.0 is directly connected, Serial0/0
C       10.0.23.0 is directly connected, FastEthernet0/1



R3 is now using the “actual” better route to reach the 222.222.222.222/24 prefix in R2.