The modern internet is constructed around a concept of Autonomous Systems (ASes) that uses the Border Gateway Protocol (BGP) for routing traffic between ASes.
The foundation was laid down by ARPANET which was a cluster of university campuses joined together to form the first wide area packet switching network.By the early eighties ARPANET was using Gateway-to-Gateway Protocol (GGP) for interior routing on the core campus routers and Exterior Gateway Protocol (EGP) for its exterior routing non-core inter-site connectivity. In 1995 ARPANET was retired and this heralded the dawn of the modern internet, requiring a modern open standard exterior routing protocol so Border Gateway Protocol (BGP) was adopted as the open standard as laid out in RFC 1771 (Hauben,M.,1998).
BGP is a classless inter-domain routing protocol used as an Exterior Routing Protocol providing a loop free environment for data packets to be transmitted around the internet. It is classified as a path vector protocol but also categorized as an advanced distance vector protocol (Teare,D., Vachon,B., Graziani,R.,2015, July). BGP relies on Path Attributes when calculating the best route using the Best-Path Algorithm, if none of these Attributes have been modified it will use the BGP AS_PATH (Autonomous System Path) to select the best route and place it in the BGP Table.
A manual neighbor relationship needs to be established between routers using Autonomous System Numbers (ASN) through a TCP session on port 179 before the Routing Table can be exchanged and best routes can be calculated. An Autonomous System Number (ASN) is obtained from the Internet Assigned Numbers Authority (IANA) which manages this database for the Regional Internet Registry (RIR) and assigns them to corporations or in most cases to ISPs. The 16-bit decimal number assigned for public use is in the range of 1 through 64495 and for lab environments 64572 to 65534.
The primary building block for any BGP construction is the necessity for network connectivity to be able to transmit packets over the Transport Layer. Once we have satisfied this prerequisite and configured BGP on the Cisco Inter Operating System (IOS), the BGP process will transition through the BGP Finite-State Machine Operation going through various states before adjoining routers become neighbors and exchange routing information.
BGP will transition from Active to Idle state when initially enabled or the device is reset, and on receiving a passive open message and a connection request we move to the Connect state which indicates a successful TCP session. We move swiftly onto the OpenSent state and an OPEN message is sent containing basic parameters including ASN and security values and we should receive a return OPEN message from the adjacent router. However if a NOTIFICATION message is received in its place it indicates that there is a misconfiguration and reverts back to the Active to Idle state. On receiving the OPEN message, we progress to the OpenConfirm state and finally we transcend to the Established state indicating that all neighbor parameters match and they are inserted into the BGP Routers Neighbor Table. A KEEPALIVE and an UPDATE message are now initiated and a Full BGP Table is sent after which only incremental changes are exchanged (Bookham,C.,2014).
During the initial configuration two types of BGP neighbors are formed; peers joined in the same Autonomous System are called Interior BGP (iBGP) and when peers are connected across different Autonomous Systems they are called Exterior BGP (eBGP). The main difference between the two peering types is how they deal with route redistribution: eBGP will re-advertise routes to eBGP and iBGP; whereas iBGP will only re-advertise them to eBGP, this prevents routing loops in iBGP Neighbors.
BGP CONVERGENCY PROCESS
BGP does not utilize periodic updates, but an important aspect of UPDATE messages is that they are only triggered when path prefixes are added or withdrawn from the BGP Routing Table, which are then incorporated into the message alongside Path Attributes. The best route metric will be forwarded to the Routing Table Manager along with any other routes learned through different routing protocols for a final decision which rests on Administrative Distance and it is finally uploaded to the IP Routing Table, also known as the Routing Information Base (RIB).
In a single-homed environment which is only having a single loop-free path to its destination there is no added benefit to changing any of the path attributes, but in a multi-homed environment you will need to modify the path extensions to guide traffic down a specific route making it a policy based routing protocol. Adjusting the path attributes in a multi-homed network BGP Best-Path Algorithm will apply these attributes in a descending order in selecting the best path.
1. All paths must be loop-free
2. A valid next-hop address
3. Highest Weight (Cisco proprietary and locally significant only)
4. Highest Local Preference
5. Locally Originated Routes
6. Shortest Path
7. Lowest origin type – how the route was learnt through the original router
8. Lowest MED (Multi-Exit Discriminator) also referred to as Metric (Administrative Distance)
9. Prefer External Paths over Internal Paths of BGP
10. Shortest Path to the closest IGP Neighbor
11. Select the oldest route in the BGP Table
12. Lowest Router ID
13. Lowest Neighbor Address
Another facet of BGP configuration is security, as from the outset BGP was designed with the underlying assumption of trust which leaves BGP vulnerable to different types of attack vectors. These range from hijacking to the possibility of cyberwarfare, so BGPSec has been proposed and submitted to the IETF (Internet Engineering Task Force) which implements a PKI trusted infrastructure using X.509 certificate to verify authenticity; however uptake of BGPSec is slow as the costs are exorbitant to the ISPs.
In the meantime we need to employ Security using MD5 hashing, but the password used in MD5 is stored in clear text on Cisco IOS so you would need to encrypt the encryption password by going into the Global Configuration command and issuing “Service Password Encryption”.
BGPs guiding principals have been to reduce wasted public IP addresses when assigning prefixes and reduce the size of the IP Routing Table. It has managed to achieve this quite admirably in comparison to its predecessors or other routing protocols especially considering it was only a short term fix designed on Two Napkins hence also referred to as the “Two Napkin Protocol” (Jabloner,P.,2015).
Bookham,C., (2014),’Versatile Routing and Services with BGP:Understanding and Implementing BGP in SR-OS (1)’, Indianapolis, Indiana: John Wiley & Sons Inc.
Bryant,C. CCIE No12933., (2016) ‘CCNP Route 300-101 Study Guide’, Published in Great Britain for Amazon, pp. 152-231
Fordham,S., (2014) ’01 BGP for Cisco Networks, A CCIE v5 guide to the Border Gateway Protocol’, Published in Great Britain for Amazon.
Hauben,M.,(1998, 3 August),‘Behind the Net: The Untold Story of the ARPANET and Computer Science’, First Monday [Online]. Available at http://firstmonday.org/ojs/index.php/fm/article/view/612/533 (Accessed 6 August 2016)
Mills,D.L.,(1984,April),’Exterior Gateway Protocol Formal Specification’, Internet Engineering Task Force [Online]. Available at https://tools.ietf.org/html/rfc904 (Accessed 26 July 2016)
Perkin,R.,(2014),’BGP Weight Attribute – Configuration Tutorial’, Roger Perkin [Online]. Available at http://www.rogerperkin.co.uk/routing-protocols/bgp/bgp-weight-attribute/ (Accessed 30 July 2016)
Wallace, Kevin CCIE No.7945. (2015), ‘CCNP Routing and Switching ROUTE 300-101’, Indianapolis, Indiana: Cisco Press.
Solie,K.,Lynch,L.,(2003),CCIE Practical Studies,Volume II, Indianapolis, Indiana: Cisco Press.
Song,Y.,Venkataramani,A.,Gao,L.,(2016, 11 January), ’Identifying and Addressing Reachability and Attack in “Secure” BGP’, IEEE [Online].
http://ieeexplore.ieee.org.libezproxy.open.ac.uk/stamp/stamp.jsp?tp=&arnumber=7378327 (Accessed 28 July 2016)
Teare,D., Vachon,B., Graziani,R.,(2015, July),’Implementing Cisco IP Routing (ROUTE)’, Indianapolis, Indiana: Cisco Press. pp 428
TechLibrary (2016, 29 April),‘BGP Message Overview’, Juniper Networks [online] http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/bgp-routing-messages-overview.html (Accessed 14 August 2016)
Timberg,C.,(2015, 31 May),’Net of insecurity – The long life of a quick fix’, The Washington Post [Online]. Available at http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/ (Accessed 19 August 2016)
Van Beijnum,I.,(2016, 26 January),’BGP Security’, BGP Expert [Online]. Available at http://www.bgpexpert.com/#bgpsec (Accessed 19 August 2016)
Jabloner,P.,(2015, 4 March),‘The Two Napkin Protocol’, Computer History Museum [Online] http://www.computerhistory.org/atchm/the-two-napkin-protocol/ (Accessed 6 August 2016)