This skill should be used when the user asks to "configure BGP", "manipulate BGP path selection", "implement BGP confederations", "configure route reflectors", "use BGP communities", or "troubleshoot BGP routing". It provides comprehensive BGP configuration and path manipulation techniques.
Master Border Gateway Protocol (BGP) configuration and path manipulation for enterprise and ISP networks. This skill covers BGP peering, attribute manipulation, confederations, route reflectors, communities, and advanced path control techniques essential for network engineers and penetration testers analyzing routing infrastructure.
Establish BGP peering relationships:
! Basic eBGP configuration
router bgp 65001
bgp router-id 1.1.1.1
neighbor 10.0.0.2 remote-as 65002
network 192.168.1.0 mask 255.255.255.0
! eBGP with loopback (requires ebgp-multihop)
router bgp 65001
neighbor 2.2.2.2 remote-as 65002
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 ebgp-multihop 3
! Static route for loopback reachability
ip route 2.2.2.2 255.255.255.255 Serial0/0
iBGP Configuration:
! iBGP peering (same AS)
router bgp 65001
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
Understand the BGP best path selection algorithm:
| Priority | Attribute | Preference |
|---|---|---|
| 1 | Weight | Highest |
| 2 | Local Preference | Highest |
| 3 | Locally Originated | Prefer local |
| 4 | AS-Path Length | Shortest |
| 5 | Origin | IGP < EGP < Incomplete |
| 6 | MED | Lowest |
| 7 | eBGP over iBGP | Prefer eBGP |
| 8 | IGP Metric | Lowest |
| 9 | Router ID | Lowest |
Verification Commands:
show ip bgp
show ip bgp summary
show ip bgp neighbors
show ip bgp 192.168.1.0/24
Influence local path selection (Cisco-proprietary):
! Set weight for specific neighbor
router bgp 65001
neighbor 10.0.0.2 weight 1000
! Set weight using route-map (preferred)
ip prefix-list NETWORK-A seq 5 permit 192.168.1.0/24
route-map SET-WEIGHT permit 10
match ip address prefix-list NETWORK-A
set weight 500
route-map SET-WEIGHT permit 20
router bgp 65001
neighbor 10.0.0.2 route-map SET-WEIGHT in
Key Points:
Influence AS-wide path selection:
! Set local preference for incoming routes
ip prefix-list PREFER-PATH seq 5 permit 10.0.0.0/8
route-map SET-LOCPREF permit 10
match ip address prefix-list PREFER-PATH
set local-preference 200
route-map SET-LOCPREF permit 20
router bgp 65001
neighbor 10.0.0.2 route-map SET-LOCPREF in
Key Points:
Verification:
show ip bgp
! Look for LocPrf column
Influence inbound traffic by lengthening AS-path:
! Prepend own AS number to outgoing updates
route-map PREPEND permit 10
set as-path prepend 65001 65001 65001
router bgp 65001
neighbor 10.0.0.2 route-map PREPEND out
Key Points:
Influence inbound traffic between same AS connections:
! Set MED for outgoing routes
route-map SET-MED permit 10
set metric 100
router bgp 65001
neighbor 10.0.0.2 route-map SET-MED out
! Compare MED from different ASes (not default)
router bgp 65001
bgp always-compare-med
bgp bestpath as-path ignore
Key Points:
Manipulate path preference via origin code:
! Set origin in route-map
route-map SET-ORIGIN permit 10
set origin incomplete
route-map SET-ORIGIN-EGP permit 10
set origin egp 1
router bgp 65001
neighbor 10.0.0.2 route-map SET-ORIGIN out
Origin Codes:
i - IGP (from network command) - Most preferrede - EGP (legacy) - Middle preference? - Incomplete (redistributed) - Least preferredScale iBGP with sub-AS design:
! Sub-AS 65501 configuration
router bgp 65501
bgp confederation identifier 65000
bgp confederation peers 65502
neighbor 10.0.0.2 remote-as 65502
neighbor 10.0.0.2 next-hop-self
neighbor 3.3.3.3 remote-as 65501
! Sub-AS 65502 configuration
router bgp 65502
bgp confederation identifier 65000
bgp confederation peers 65501
neighbor 10.0.0.1 remote-as 65501
neighbor 4.4.4.4 remote-as 65502
Key Points:
Alternative iBGP scaling solution:
! Route Reflector configuration
router bgp 65001
neighbor 2.2.2.2 remote-as 65001
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 route-reflector-client
! Client configuration (no special config needed)
router bgp 65001
neighbor 1.1.1.1 remote-as 65001
Reflection Rules:
Tag routes for policy application:
! Enable community sending
router bgp 65001
neighbor 10.0.0.2 send-community
! Set community on routes
route-map SET-COMMUNITY permit 10
set community 65001:100
! Match community for filtering
ip community-list standard BLOCK permit 65001:999
route-map FILTER-COMMUNITY deny 10
match community BLOCK
route-map FILTER-COMMUNITY permit 20
! Well-known communities
set community no-export ! Don't advertise outside AS
set community no-advertise ! Don't advertise to any peer
set community local-as ! Don't advertise outside local AS
Peer Groups for Efficiency:
router bgp 65001
neighbor INTERNAL peer-group
neighbor INTERNAL remote-as 65001
neighbor INTERNAL update-source Loopback0
neighbor INTERNAL next-hop-self
neighbor 2.2.2.2 peer-group INTERNAL
neighbor 3.3.3.3 peer-group INTERNAL
neighbor 4.4.4.4 peer-group INTERNAL
| Attribute | Scope | Manipulation |
|---|---|---|
| Weight | Local router | route-map set weight |
| Local-Pref | Within AS | route-map set local-preference |
| AS-Path | Global | route-map set as-path prepend |
| MED | Between ASes | route-map set metric |
| Origin | Global | route-map set origin |
| Command | Purpose |
|---|---|
show ip bgp | Display BGP table |
show ip bgp summary | Neighbor summary |
show ip bgp neighbors | Detailed neighbor info |
clear ip bgp * | Reset all BGP sessions |
debug ip bgp updates | Debug BGP updates |
| Goal | Best Method |
|---|---|
| Prefer outbound path | Local Preference (higher) |
| Influence inbound traffic | AS-Path Prepend |
| Prefer backup link | Weight (local) |
| Signal entry preference | MED (lower) |
Symptoms: State stuck in Active/Idle
Solutions:
Symptoms: Neighbors up but missing routes
Solutions:
Symptoms: Wrong path selected
Solutions:
show ip bgp <prefix> for detailed analysis