BGP Backdoor

byPGR Spot Post a Comment
 When a particular prefix is learn through both EBGP and IGP (RIP / EIGRP /OSPF), it always the EBGP link as the AD value of EBGP is 20 which is lower as compared to IGP protocols.

Let's see it in action with the below topology:

From the above topology:
- There are 3 routers: R1, R2 and R3.
- R1 and R2 are connected via OSPF link
- (R1 and R3 are connected via EBGP) and (R2 and R3 are connected via EBGP)

Let's start:

R1 Interface Configuration:
R1#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.13.1    YES manual up                    up
FastEthernet0/1            192.168.12.1    YES manual up                    up
Loopback0                  1.1.1.1         YES manual up                    up
R1#

R2 Interface Configuration:
R2#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.23.2    YES manual up                    up
FastEthernet0/1            192.168.12.2    YES manual up                    up
Loopback0                  2.2.2.2         YES manual up                    up
R2#

R3 Interface Configuration:
R3#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.13.3    YES manual up                    up
FastEthernet0/1            192.168.23.3    YES manual up                    up
R3#

First lets do OSPF Configuration between R1 and R2:

R1 OSPF Configuration:
R1#conf t
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#end
R1#

R2 OSPF Configuration:
R2#conf t
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R2(config-router)#end
R2#

Now lets check the routing table of R1 for the prefix 2.2.2.2/32,
R1#show ip route 2.2.2.2 longer-prefixes
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 192.168.12.2, 00:00:56, FastEthernet0/1
R1#

Prefix  2.2.2.2/32 network is reachable via OSPF. Lets try to ping the ip address.

R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R1#

Lets start with BGP Configuration:

R1 BGP Configuration:
R1#conf terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.13.3 remote-as 3
R1(config-router)#redistribute connected
R1(config-router)#end
R1#

R2 BGP Configuration:
R2#conf t
R2(config)#router bgp 2
R2(config-router)#neighbor 192.168.23.3 remote-as 3
R2(config-router)#redistribute connected
R2(config-router)#end
R2#

R3 BGP Configuration:
R3#conf terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 3
R3(config-router)#neighbor 192.168.13.1 remote-as 1
R3(config-router)#neighbor 192.168.23.2 remote-as 2
R3(config-router)#redistribute connected
R3(config-router)#end
R3#

Now, lets see the R1 routing table for prefix 2.2.2.2/32 again:
R1#show ip route 2.2.2.2 longer-prefixes
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [20/0] via 192.168.13.3, 00:00:14
R1#

It has changed to EBGP as the AD value is lower as compared OSPF.

Now, I am going to enable backdoor for the prefix 2.2.2.2/32 in R1

R1 Backdoor Configuration:
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 1
R1(config-router)#network 2.2.2.2 mask 255.255.255.255 backdoor
R1(config-router)#end
R1#

Now lets see the routing table of R1:
R1#show ip route 2.2.2.2 longer-prefixes
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 192.168.12.2, 00:02:28, FastEthernet0/1

Prefix 2.2.2.2/32 is learned from OSPF and not from BGP because of BGP configuration.

What will happen now the backdoor link fails? Lets see that too...

Shut the Fa0/1 
R1#conf terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#interface fastEthernet 0/1
R1(config-if)#shutdown
R1(config-if)#end
R1#
*Mar  1 02:04:48.619: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 02:04:49.519: %SYS-5-CONFIG_I: Configured from console by console
R1#
R1#
*Mar  1 02:04:50.615: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar  1 02:04:51.615: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
R1#

Now the fast 0/1 interface and OSPF is also down. Let's check the routing table in R1.
R1#show ip route 2.2.2.2 longer-prefixes
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 192.168.13.3, 00:00:09
R1#

  • 2.2.2.2/32 prefix is learned through BGP. Also if you look closely AD value has been changed to 200. That's the reason when the backdoor is enabled OSPF takes high priority to BGP
If you prefer, you can also look into my video tutorial in Tamil:

Tagged In:

Posted by PGR Spot

Post a Comment

Post a Comment