[BGP] Significant Changes to BGP in Recent Years

Border Gateway Protocol (BGP) is a fundamental routing protocol that is responsible for routing Internet traffic between Autonomous Systems (ASes). BGP is used to exchange routing information between routers on the Internet, and it determines the best path for network traffic to follow. In recent years, BGP has undergone several changes, with new features added to improve its performance and security. In this article, we will discuss some of the newer features added to BGP in recent years.

One of the most significant changes to BGP is the addition of BGPsec. BGPsec is a security extension to BGP that provides secure routing by adding digital signatures to BGP updates. This ensures that BGP routing information is authentic and has not been tampered with, preventing attackers from hijacking traffic or redirecting it to a malicious destination. BGPsec is now widely deployed, and it is essential in ensuring the security and integrity of BGP routing information.

Another important addition to BGP is the support for Multiprotocol BGP (MP-BGP). MP-BGP allows BGP to support routing information for multiple protocols, such as IPv4 and IPv6, as well as other network layer protocols like MPLS. This provides greater flexibility and scalability in routing, allowing BGP to handle the increasing demands of modern networks.

BGP Flowspec is another feature that has been added to BGP in recent years. BGP Flowspec is a traffic filtering mechanism that allows network operators to specify how traffic should be treated based on specific characteristics, such as the source or destination IP address, the type of traffic, or the application used. This allows network operators to block or rate-limit traffic that is considered undesirable, such as traffic from known sources of DDoS attacks.

BGP Large Communities is another recent addition to BGP. BGP Large Communities is an extension to BGP that allows network operators to attach additional metadata to BGP routing updates. This metadata can be used for a wide range of purposes, such as filtering, traffic engineering, or monitoring. BGP Large Communities is particularly useful in large networks where the routing table can be very large, and it provides a more efficient way to manage routing updates.

BGP Link State is another recent addition to BGP that provides a more scalable way to handle routing information. BGP Link State is based on the same principles as the OSPF and IS-IS routing protocols, where routers maintain a database of link-state information, and routing decisions are made based on this information. BGP Link State can handle larger networks with more complex routing requirements, providing better scalability and efficiency in routing.

BGP Add-Path is a feature that allows BGP to advertise multiple paths for the same destination prefix. This provides greater redundancy and load balancing, allowing traffic to be distributed more evenly across multiple paths. BGP Add-Path is particularly useful in networks with high traffic volumes or where link failures are common.

Finally, BGP Route Refresh is a feature that allows BGP routers to refresh their routing tables without tearing down BGP sessions. This provides a more efficient way to handle routing updates, as BGP sessions do not need to be reset each time the routing table is updated. BGP Route Refresh is particularly useful in large networks with many BGP sessions, where resetting BGP sessions can be a time-consuming and disruptive process.

In conclusion, BGP has evolved over the years to become a more robust, secure, and flexible protocol, thanks to the addition of new features and improvements. Network operators can now benefit from advanced features like BGP Flowspec, BGP-LS, and BGPsec, to enhance their network's security, scalability, and resiliency. The combination of BGP with SDN technologies can further enhance network automation and programmability, making it easier to manage large-scale networks.

BGP Series 18: BGP Address-family Configuration

BGP Address-family Configuration:

.

• The technical name of BGP is MBGP (multiprotocol BGP) which means it was designed from ground up to advertise multiple L3 protocol to its neighbors (independent of IPv4 or IPv6)...though it was initially used for IPv4

• BGP doesn’t consider the routes as a route, for BGP, all routes whether IPv4 or IPv6 are all NLRI. So, in the same BGP update, we could have NLRI for IPv4 routes, NLRI for IPv4 multicast and IPv6 routes

• Multiprotocol because BGP can advertise reachability to many different ‘routes’:

• • IPv4 unicast routes
  • IPv4 multicast routes
  • IPv6 unicast routes
  • VPNv4 routes (used in MPLS VPNs)

• By default, BGP only advertises IPv4 prefixes

• Address-families are used to inform BGP that it needs to advertise other types of NLRI. In the Open message, BGP will tell that it supports the additional NLRI capabilities as well when address-families are configured

• By default, when we type in the ‘network’ command in router BGP it will consider it under IPv4 address-family automatically. We couldn’t type in IPv6 network even if we wanted to.

• • 

• Say we have two routers R1 and R2 and the link between them is only configured with IPv4, but, we have both IPv4 and IPv6 links behind us--> theoretically, we could send IPv6 routes over to the neighbor along with the IPv4 routes. But, it doesn’t make sense since I don’t know if you understand IPv6 at all in this link. So, an IPv4 network and an IPv6 network must be configured on the link the both routers share

• • This point is because if we have to advertise IPv4 routes over the wire, we need to be able to speak IPv4 across the wire
  • Similarly, if we need to exchange IPv6 routes over this wire, we need to be able to speak IPv6 across this wire
  • So, we need to configure both IPv4 and IPv6 on the same link between the two routers

• The main question to be answered (this is a design question, both are good):

• • Do you want two (2) BGP sessions-per-peer?

  • • One IPv4 session and another IPv6 session?

  • Or only a single BGP session per peer?

  • • Peering done via IPv4, and a single BGP update carries both IPv4 and Ipv6 prefixes, or….
    • Peering done via IPv6, and a single BGP update carries both IPv4 and Ipv6 prefixes

• Thus, we have 3 options:

• • Two sessions- one for Ipv4, one for Ipv6
  • One session- IPv6 over IPv4
  • One session- IPv4 over IPv6

• In the second methods above, we could have only one BGP session and save CPU/memory and that one session will have IPv4 section and IPv6 section...This is implemented via the number of neighbor statements we have under the router bgp

• OPTION 1: One for IPv4, One for Ipv6:

BGP Series 17: Other BGP Attributes: Origin Code, IGP Metric to Next-hop, BGP Multipath :

Other BGP Attributes: Origin Code, IGP Metric to Next-hop, BGP Multipath :

• Origin Code:

• • BGP routes with origin attribute of ‘i’ > ‘e’ > ‘?’ is the order of preference

  • Usually, we will never see any routes with ‘e’ as origin code since that meant the routes originated on the old EGP routing protocol which is unused

  • In modern scenarios, we will see either routes having Origin code as

  • • ‘i’ which means the routes originated via IGP and was injected into BGP via “network” command or “aggregate-address” command or “neighbor default-originate” command
    • ‘?’ which means the origin is unclear as the routes were redistributed into BGP

BGP Series 16: BGP Attributes: AS_PATH and MED

BGP Attributes: AS_PATH and MED:

.

• AS_PATH Attribute:

• • It is a BGP attribute

  • Shortest length of AS_PATH is preferred when weight and local preference is same

  • It can be used to influence both inbound and outbound traffic

  • With AS_PATH prepending, we can make the AS_PATH longer for a path that is less preferred. Ideally, the local AS is prepended

  • Example:

  • • In below example, we own AS-1 and both our routers ‘a’ and ‘b’ are advertising net-X to downstream neighbor...But, we want the downstream neighbor to choose ‘b’ .

    • Since I can’t change Weight in router ‘c’ which is not owned by me and I cant use local-pref since it is in a different AS

BGP Series 15: BGP Attributes: Weight and Local Preference

BGP Attributes: Weight and Local Preference:

.

• Usually if we want to modify some attributes for best path selection, we will mosify one of these: WEIGHT, LOC_PREF, AS_PATH

• Influencing BGP Weight:

• • It is not actually an attribute since it is not part of a bgp packet

  • It was previously Cisco proprietary (now used by others like Arista as well) and configured locally on a router

  • It is locally significant to the router and is not advertised to any other BGP neighbor as part of BGP Update

  • It can be used to influence the choice of outbound routes

  • It is set on inbound routes (.ie. for updates coming into the router, a weight is set)

BGP Series 14: BGP Path Attributes and BGP Best Path Algorithm

BGP Path Attributes and BGP Best Path Algorithm:

.

• BGP uses different path attributes to calculate the best path to a certain destination

• But, they can also be used for a variety of things other than best path calculation such as AS_PATH attribute for loop-detection, …

• Each path-attribute describes something about the path

• The most common bgp path attributes are:

BGP Series 13: BGP Filtering- Part 2

BGP Filtering- Part2:

• Filter-List Example:

• • Consider the AS-path for a route of Network-X to be 100 200 400 6678
  • One thing to consider is no matter how big the AS_PATH, the beginning should have the ‘^’ symbol and end of every AS_PATH must have the ‘$’ sign

• • This is the simplest AS_PATH regex, but