Traspasing Juniper Bgp To Cisco

BGP stands for Border Gateway Protocol and is a routing protocol that builds this gigantic inter-network connection that is known to us all as the internet. There are two types of BGP, namely internal BGP (iBGP) and external BGP (eBGP). The protocols and attributes used in either iBGP or eBGP are standardized for all vendors, including Cisco. In this article, we will give an example of how to configure eBGP in Cisco IOS router and establish eBGP connection between different network entities.

How to Configure eBGP in Cisco IOS Router

External BGP or eBGP is essentially a routing protocol that connects one independent network entity to a different network entity. This independent network entity is called Autonomous System (AS), and each one of them has an AS number as assigned by IANA (Internet Assigned Number Authority). The AS number is ranging from 1-64511 for public use and 64512-65535 for private use. Just like public IP address space, the public AS number is unique, means that an AS number can only be associated to one entity.

Trespass into the network. They are classified as many types but we are dealing with spoofers. Our intention is to identify the spoofer's location.

Figure below is the example of eBGP connection between two AS:

In this scenario, R1 and R2 are Cisco IOS router and each of them is part of an AS. R1 is part of AS 65531 with two network subnets directly connected to it, while R2 is part of AS 65532 with one network subnet directly connected to it. The goal here is to establish inter-AS connection that enables these subnets talk to each other through eBGP.

The steps to configure eBGP in Cisco IOS Router and achieve the above goal is as follows:

1. Defining the AS number

The configuration starts by activating the BGP routing protocol on the router global configuration and specifying its AS number. The command to do so is: router bgp [AS_number].

On the above example, the command on R1 will looks like this:

Meanwhile, the command on R2 will looks like this:

Notice that after running the commands above, we are entering the routing configuration mode.

2. Defining the neighboring BGP router

On each router, enter the command neighbor [neighbor_router_address] remote-as [neighbor_AS_number] in the routing configuration mode. Once configured, give the router time approximately 10-20 seconds to form the BGP peering because BGP convergence time is relatively slower than any IGP routing. Note that in eBGP, the neighbor router should be directly connected in a layer 3 connection.

Continuing from the previous step, the command to be added on R1 to define R2 as the neighbor is:

On the other hand, the command on R2 is simply just the reversal of the above:

A message similar to below example will appear on each router, indicating that BGP peering is now established:

Once again, note that it may take 10-20 seconds of time for BGP peering to come up.

3. Advertising known routes to the peer AS

Unlike IGP routing, BGP does not automatically exchanging its routing table. The administrator needs to define which route on each router that it wants to advertise. In eBGP configuration, a router can only advertise known routes on its own AS (to advertise routes learned from another AS, use iBGP configuration).

The command to advertise the route is network [address] mask [subnet_mask] and is entered under BGP routing configuration mode. Below is the example configuration on R1:

Then, below is the example configuration on R2:

With this, all subnet in each AS can now reach the subnet in neighbor AS.

4. Verification

After following the steps to configure eBGP in Cisco IOS router as above, the final configuration on each router should look like this:

Finally, we can verify reachability from each subnet by using ping test. For example:

Working with eBGP

When working with eBGP, administrator can use all BGP commands such as show ip bgp summary to see the detail of eBGP configuration. The output of this command shows important information such as router identifier, the AS number where the router is belong to, number of network and path entries, the memory consumes by BGP process, and also information about peer router including neighbor AS number, the peering state, statistics, and number of the prefix or route received from each peer router.

For example:

On the first line of the above output, R2 router identifier is 10.12.12.2 and it is taken from its interface IP address. Also, as configured in BGP configuration, the AS number where R2 is belong to is AS 65532. The next line tells about the statistics of the currently running BGP process in R2. Then, the last line is telling that R2 currently peering with 10.12.12.1 (or in this case is R1 router identifier) from AS 65531 which makes this as an eBGP connection because R2 is peering with neighbor from different AS number. Notice the State/PfxRcd value, if it says anything other than a number then BGP peering is either not completely established yet or there is a problem in the peering. There is number 2 here, means R2 peering with R1 is working as expected, and there are two routes received from the neighbor or in this case is R1.

To see what are the routes received from the neighbor, use command show ip bgp

The route entry with next hop value 0.0.0.0 and path “i” means are route that coming from the router itself, and the rest are routes coming from the neighbor. On the output above, we know that routes to 172.16.1.0/24 and 172.17.1.0/24 are coming from eBGP peering between R2 and R1, because the next hop address is R1 IP address and the path is “65531 i” which means the route is exist on AS 65531 which is outside the AS of R2.

And that’s how you configure eBGP in Cisco IOS router.

You may also like -

The following two tabs change content below.

Arranda Saputra

ITIL Certified, CCNA, CCDA, VCP6-DCV, MCSA Administering Windows Server 2012
I am IT practitioner in real life with specialization in network and server infrastructure. I have years of experience in design, analysis, operation, and optimization of infrastructure solutions for enterprise-scaled network. You can send me a message on LinkedIn or email to arranda.saputra@outlook.com for further inquiry regarding stuffs that I wrote or opportunity to collaborate in a project.
  • Restore DHCP Server in Windows Server 2012 R2 - January 9, 2020
  • Backup DHCP Server in Windows Server 2012 R2 - January 9, 2020
  • Configure DHCP Reservation in Windows Server 2012 R2 - January 9, 2020

This post represents the solution and explanation for quiz-17.
Have a look at the quiz to understand the problem.

Quiz Review

The quiz presents a situation when the network is refreshed by swapping the Cisco routers with Juniper ones.
It's far from me the intention of discussing which one is better..the reason for this quiz is to present different approaches chosen by these two vendors when implementing BGP advertisements.
There are a lot of differences but this article discusses the default behaviour for advertising inactive routes by BGP.

The inactive routes are routes that are not installed into the RIB (not selected as best path), most of the times because they are also learned from another routing protocol that has a better (read lower) administrative distance or route preference, in Juniper terminology.
As a revision of these values, below is a table of Cisco's AD and Juniper's Route Preference for some of the routing protocols:

Note that this table does not contain all routing sources!

Getting back to the quiz, R1 and R2 are part of the OSPF Area 0 and also run an iBGP session between them. R1 advertises local subnets in both OSPF and BGP. The configuration applied to Juniper devices 'matches' Cisco configuration, meaning: there is no import/export policies applied (Juniper's BGP Default Policy is Accept All/Advertise All, same as Cisco's).

Note that this article does not discuss BGP design 'best practices'

In this topology, when R2 is a Cisco device, R3 will receive the 192.168.100.0/24 and 192.168.200.0/24 prefixes.. but with Juniper as R2, these routes are not received by R3.

Default behaviour on Cisco vs. Juniper

The different result seen on router R3 is due to the different default behavior:

  • by default, CISCO advertises inactive routes - this can be disabled with command bgp suppress-inactive, but only in special situations, depending whether next-hop matches or not !
  • by default, JUNIPER does not advertise inactive routes - this can be enabled with command advertise-inactive

In my opinion, in a good network design (please read 'in most situations', as I don't want to debate here when & why a network design is better than another) you would not have to deal with BGP inactive routes. In the routing world, where all advertisements/redistribution are done from the RIB / active routes, the Juniper approach seems logical. On the other hand, Cisco seems to support designs where prefixes are 'leaked' into the BGP domain on devices that are not at the edge of the network (like in this quiz: 192.168.x00.0/24 get into BGP on R1 instead of edge router, R2).

Pilihan But the jacket is the red one.4. Those jackets are expensive. Almost all students think that Mathematic is the subject in the school.5.

Please note that for both vendors, the inactive route needs to be selected as best path in the BGP table in order to have the option of being advertised !

Displaying the inactive routes on Cisco and Juniper

Inactive routes appear in the BGP table with the prefix of 'r' which means 'RIB-failure':

Spotting the inactive routes on Juniper is much easier due to the fact that the output of the command 'show route' contains information about all routing sources:

This simple command 'show route' display both active route (OSPF, preference 10, marked with a '*') and inactive route (BGP, preference 170).

Using the detailed/extensive version, 'show route extensive', you will also see detailed output for each routing information and in case of the BGP inactive route, the output will contain the reason why it is inactive !

Solutions

The best solution, for this scenario, is to use the 'advertise-inactive' command on Juniper router R2:

Of course, other solutions are possible, in order of my own preference:

  • announce internal routes into BGP on the edge router R2, instead of the 'internal' router R1
  • redistribute the OSPF routes into BGP on router R2
  • change the default route preference, either make BGP 'better' (read lower) than OSPF or vice-versa. The best approach would be to change the default preference with a routing policy rather than changing it for the whole protocol, which may create even bigger problems than the initial one trying to solve

Thank you for your comments and interest in the quiz!
Subscribe to this blog to get more interesting quizzes and detailed solutions.