BGP for beginners BGP (border gateway protocol) is something which is used on the internet to advertise a network to another network. This is necessary to make the internet work. Without this, the internet would probably be less flexible as it is in these days. In my work as a network administrator, I often work with BGP and I learned a lot of it. I want to share my knowledge so I will try to explain to you the following: what you need how it works basic configuration some cool options what TO do what NOT to do If you don't understand, feel free to mail me, the address is below. I assume that you will have basic network knowledge, TCP/IP knowledge and it would be nice if you have experience configuring a router. AND you may not be named Chantalle. what you need First thing you need is a router which speaks BGP. Most vendors which sell routingequipment have BGP routers, Cisco and Juniper are two examples. If you don't have a real router, you can use *ix box running Zebra. Personally I use Zebra on a linux box with a p100 and 16megs of RAM. I have got it working on a FreeBSD box as well. If you want to use Zebra for professional purposes I'd recommend using some form of BSD (ie FreeBSD, NetBSD or OpenBSD) with at least a P200 and 128megs of RAM. Second thing you need is at least one other router that speaks BGP. This can be your ISP or simply a tunnel to a friend. Again, this router may as well be simple PC-hardware running Zebra. how it works Suppose you are a network administrator. Your network has about 400 hosts so it is possible that your ISP has assigned you a /23 (which is 512 IP addresses). If this ISP fsckes up, you have a problem. The ISP does the routing for you and you can not just go to another ISP because that would force you to renumber. If this new ISP turns out to have even more downtime, you would have to renumber again. So what you want is to be able to switch ISP's whenever you want, and even better: you want it automatically. That is all possible. First of all you arrange your own IP space. This is called PI (Provider Independent) assigned. Now we have a problem. How does my ISP know which IP space I have? This is the part where BGP kicks in. Let's say we have 192.168.128.0/23. Our first provider has 10.0.0.0/16 and our second provider has 172.16.0.0/19: What we want is to tell ISP1 and ISP2 about our 192.168.128.0/23 and hear about their 10.0.0.0/16 and 172.16.0.0/19. In order to do so, the first thing is to have unique identifiers so we would know who is who. In BGP we use so-called Autonomous System Numbers (ASN's). A network is referred to as Autonomous System (AS). To make it more clear, we are an AS, ISP1 is an AS and ISP2 is an AS. So let's say we are ASN65003, ISP1 is ASN 65001 and ISP2 is 65002. You can request your own real ASN the same way you requested your PI IP space at RIPE, ARIN, APNIC or your specific RIR. Telling another AS what network numbers we have is called announcing. Basically we announce our own network to other network, and they announce themselves to us. This is called peering. It is also possible to have them announce us to their other peers. So if ISP2 would be connected to ISP3, with whom we don't have a direct connection, this is called transit. Our traffic flows through the network of ISP2. Since we want 2 uplinks (multihomed) we have ISP1 and ISP2 as our transit providers. We tell them who we are and they give us all the information they have about other networks. basic configuration These examples are based on Zebra's configuration. Cisco's syntax is similar to Zebra's. First we need to configure our ASN: ! router bgp 65003 ! Next our router ID. This is usually the IP of the outgoing interface. !   bgp router-id 192.168.0.1 ! Tell which network we are advertising: !   network 192.168.0.0/23 ! And who our ISP's (neighbors) are: !   neighbor 10.0.0.1 remote-as 65001   neighbor 172.16.0.1 remote-as 65002 ! We now have the following configuration: ! router bgp 65003   bgp router-id 192.168.0.1   network 192.168.0.0/23   neighbor 10.0.0.1 remote-as 65001   neighbor 172.16.0.1 remote-as 65002 ! NOTE: This is very basic. Do NOT use this on a live network. some cool options BGP4 offers you a set of very cool options, including but not limited to: local preferences This option enables you to give a higher preference to routes received by a specific peer or group of peers. as path prepending By using as path prepending you can make your own route look longer. This is very useful if you have a peer which is on a low-bandwith link but who has another route to you through another peer. If this peer refuses to set a lower preference on your route, you can add your own AS a couple of time to the routes you announce so it looks as if that path is longer. as filtering You are able to filter out routes announces by a specific AS. For instance, if AS 65004 is full of abusers and that network refuses to answer it's abusemail, you can simply decide not to listen to routes advertised by them, reaching you through a peer. encryption On most systems, it is possible to encrypt your sessions. This rox, especially on public peering points like LINX or AMS-IX. what TO do filtering Filter. Filter. Filter. Oh, did I mention you should filter? Don't trust your peers. Don't trust anyone. Before you know you'll end up getting full routing tables from someone you just want to receive their networks from. Sure, free transit is cool but if they have 10mbit/s international bandwith, you are fscked. Only accept what is in the routing registries. Btw, don't forget to filter. encryption Use encryption if your system allows you to. Do I really need to explain the basics of security? Nah, probably not. routing registries Make sure that before you announce anything, your routing registry knows about it. For the RIPE region, you will have to use the RPSL format. aggregate Aggregate the netspace you announce ie two /24's to 1 /23. Help keep the global routing table small. what NOT to do RFC1918 address space I will personally hunt you down if you announce private address space. They did not name it "private" for fun. It should not be routed on the internet. default routes Do not announce 0.0.0.0/0. You will not make friends with it. static routes If you are present on a public peering point, do NOT set static routes. prefix length Do not announce prefixes longer then /24. Nobody accepts it and you will make a fool out of yourself. Trust me, been there, done it, got laughed at.

(c) 2001 Sabri Berisha (sabri@cluecentral.net)
Permission hereby granted to copy and mirror this anywhere as long as you refer to me as the author with a link to my emailaddress. And keep it up to date.