BGP Essentials: Configuring Internal BGP Sessions

Internal BGP (IBGP) sessions (BGP sessions within your autonomous system) are identified by the neighbor’s AS number being identical to your AS number. While the external BGP (EBGP) sessions are usually established between directly-connected routers, IBGP sessions are expected to be configured across the network.

The current best practice is to configure IBGP sessions between the loopback interfaces of the BGP neighbors, ensuring that the TCP session between them (and the BGP adjacency using the TCP session) will not be disrupted after a physical link failure as long as there is an alternate path toward the adjacent router.

To configure IBGP session on a Cisco router, specify the neighbor’s loopback address in all neighbor commands and use the neighbor update-source command to specify the source IP address of the TCP session. Without the neighbor update-source configuration command, the TCP session will use the IP address of the outgoing physical interface and the neighbor will reject the incoming TCP SYN packet as it’s not coming from a recognized BGP neighbor.

The following table shows the configuration commands necessary to configure an IBGP session between loopback interfaces of two routers:

AS 11AS 12
interface Loopback 0
ip address 10.0.0.1
!
router bgp 65001
neighbor 10.0.0.2 remote-as 65001
neighbor 10.0.0.2 update-source loopback 0
interface Loopback 0
ip address 10.0.0.2
!
router bgp 65001
neighbor 10.0.0.1 remote-as 65001
neighbor 10.0.0.1 update-source loopback 0

If you're looking for more in-depth BGP knowledge, try our Configuring BGP on Cisco Routers e-learning solution. If you just need to enhance your hands-on skill, the BGP Remote Lab Bundle is the perfect choice.

Posted by Ivan Pepelnjak on Tuesday, January 22, 2008

Labels:

2 comments:

Anonymous said...

Hi, thank you for the article. Could you go over some reasons why you would require IBGP in general as well as in a non-internet or non-mpls environment. For eg in typical extranet type enterprise environment often IBGP is used between redundant edge routers and redundant inside routers and EBGP between the edge and inside through a firewall. Is this a recommended design and if so what is the real advantage of running IBGP between the inside routers. Thx

24 September, 2008 02:47
Ivan Pepelnjak said...

The nice thing about running BGP across firewall is that it's just another TCP session from the firewall's perspective, so you don't need any extra security rules. When I get a few hours of spare time, I'll write a post about typical design scenario.

See also this thread in NIL forums for other reasons to use BGP in enterprise network.

24 September, 2008 18:59

Subscribe to: Post Comments (Atom)
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.