Understanding BGP Backdoor: A Closer Look
What is BGP Backdoor?
BGP (Border Gateway Protocol) Backdoor is a specific feature with a well-defined use case within BGP routing. It enables an external BGP (eBGP) speaker to adjust the Administrative Distance (AD) of an eBGP-learned route. This adjustment involves changing the AD to 200, allowing network administrators to prefer an Interior Gateway Protocol (IGP) path over the eBGP path for a particular route. Essentially, BGP Backdoor treats the route as if it were "locally sourced."
When is BGP Backdoor implemented:
- The backdoor feature is utilized to identify paths reachable through backdoor exits to another AS, known as backdoor paths.
- Visualize the entire AS as a house from the BGP perspective, with eBGP peerings as primary entrances (front doors) and additional paths between ASes as secondary entrances and exits (backdoors).
- In Cisco IOS, networks with alternate backdoor paths are marked using the backdoor keyword in the network command matching the network.
- Once identified as a backdoor path, the router assigns an Administrative Distance (AD) value of 200 to BGP-learned routes sent to the routing table.
- Routes from other sources (e.g., EIGRP route to loopback 1 interfaces) take precedence over BGP-learned routes with a designated backdoor path.
- Apply the backdoor feature to paths received by the local router, not those originated by it.
- Any network in the BGP table can be designated as a backdoor path, even if originated by the router itself.
- If the network backdoor command matches a path originated by the router, removing the command with the no version requires reissuing the network command without the backdoor keyword.
- Care must be taken to avoid disrupting existing routes by reissuing the network command for the same prefix without the backdoor keyword.
Configuration and Verification
To implement and verify BGP Backdoor, follow these steps:
Configuration
-
Configuration Location: It's important to note that the configuration should be performed on the receiving eBGP peer.
-
Command: Use the following command to configure the BGP Backdoor feature:
network x.x.x.x mask x.x.x.x backdoor
Verification
To verify the configuration and its effects, you can use the following commands:
-
show ip bgp
: This command displays the BGP routing table, allowing you to inspect the state of BGP-learned routes and their attributes. -
show ip route
: This command provides information about the IP routing table, helping you identify the path that is selected for specific routes.
By using these commands, you can confirm that the BGP Backdoor feature is correctly configured and functioning as intended.
Use Case for BGP Backdoor
The primary use case for BGP Backdoor is when network administrators want to influence the path selection for a specific route. By changing the AD of an eBGP-learned route to 200, BGP Backdoor effectively makes the route less preferable when compared to IGP-learned routes. This preference adjustment can be valuable in scenarios where administrators want to ensure that an IGP path is chosen over an eBGP path for a particular destination.
Conclusion
BGP Backdoor is a feature that enables network administrators to fine-tune routing decisions by giving preference to IGP paths over eBGP paths for specific routes. By modifying the Administrative Distance (AD) of eBGP-learned routes, BGP Backdoor helps achieve specific routing objectives, ultimately enhancing network control and stability.