cisco support community - what is the bgp backdoor feature - 2013-07-11
TRANSCRIPT
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
1/7
Cisco Support Community
Home
What is the BGP Backdoor Feature?Document
Tue, 01/05/2016 - 06:04
Omar Santos Jul 11th, 2013
The term “backdoor” is a very controversial term when it comes to privacy and security.
However, when it comes to BGP, it is a well-known feature that is used to change the
administrative distance of eBGP in order for an interior gateway routing protocol (IGP) to take
precedence over an eBGP route.
By default, external BGP (eBGP) has an administrative distance value of 20. Administrative
distance is the first criterion that a router uses to determine which routing protocol to use if
two protocols provide route information for the same destination. Administrative distance is a
measure of the best path and reliability of the source of the routing information. The smallerthe administrative distance value, the more reliable the protocol/link.
Note: For more information about administrative distance in routing protocols refer to:
http://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtml
BGP selects a single path, by default, as the best path to a destination host or network. The
best path selection algorithm analyzes path attributes to determine which route is installed as
the best path in the BGP routing table. Each path carries well-known mandatory, discretionary,
and optional transitive attributes that are used in BGP best path analysis.
The “Backdoor Feature” is often used to increase the administrative distance of eBGP to 200
with the goal of making the IGP learned routes to be preferred. A backdoor network is treated
as a local network, except that it is not advertised. This is configured by using the network
backdoor BGP command.
For example, in Figure 1 three separate networks are illustrated: a network in New York (AS1010); another in Research Triangle Park (RTP), NC (AS 2020); and a third one in San Jose, CA
(AS 3030).
https://supportforums.cisco.com/https://supportforums.cisco.com/users/osantoshttp://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtmlhttps://supportforums.cisco.com/users/osantoshttps://supportforums.cisco.com/
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
2/7
Figure 1 – eBGP default admin distance
With the default administrative distances of BGP and EIGRP, if a device in the New York
network (10.10.10.0/24) communicates with a device in RTP (10.20.20.0/24) the packets will
route via the network in San Jose. This is because eBGP has a lower administrative distance
(20) than EIGRP (90). To avoid this, the Cisco IOS Software network backdoor command can
be used in New York’s R1 router (NY-R1) and vice-versa, as shown below.
NY-R1(config)#router bgp 1010
NY-R1(config-router)#network 10.20.20.0 mask 255.255.255.0 backdoor
In Cisco IOS XR Software, the network backdoor command is configured under the address
family configuration mode, as shown in the following example:
RP/0/RP0/CPU0:NY-R1(config)# router bgp 109
RP/0/RP0/CPU0:NY-R1(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:NY-R1(config-bgp-af)# network 10.20.20.0/24 backdoor
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
3/7
After the network backdoor command is used in NY-R1, the administrative distance of eBGP
is changed to 200 and the preferred path will be via the direct connection between NY-R1 and
RTP-R1, as shown in Figure 2. The same steps can be followed in RTP, accordingly.
Figure 2 – eBGP admin distance after network backdoor command is used
The following are several additional references regarding BGP configuration and
troubleshooting:
BGP Case Studies:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbac
kdoor
Cisco IOS Software BGP Configuration Guide
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.html
BGP Command Reference
http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.htmlhttp://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.htmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
4/7
BGP Frequently Asked Questions
http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.sh
tml
Rating
1
2
3
4
5
Overall Rating: 5 (3 ratings)
Comments
Collapse all
Recent replies last
noemi.berry@ana... Fri, 07/24/2015 - 10:07
Figures 1 and 2 look identical; was Figure 2 supposed to illustrate a change?
See More
http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttps://supportforums.cisco.com/printpdf/148471?rate=VaRKHfxQ_dYA_KDHQMiiyweCGIdO_VbHk7JiQatHfughttps://supportforums.cisco.com/printpdf/148471?rate=AL8HtBt1LAiidlGmI6L7VO4ldAqCzc6R2i-KHUYpiWYhttps://supportforums.cisco.com/printpdf/148471?rate=hT3VIC6lMf_9auL8qSMD00EC7KAk9Avpe1Y6eYricD4https://supportforums.cisco.com/printpdf/148471?rate=vvxTWnc4fdxTDAqQNbHQyv4cBwxGRucqPJoizpx7O10https://supportforums.cisco.com/printpdf/148471?rate=xdxWME3qhM1re4rbNjduWAorL5Ba5llEQWkm3ZU-gBghttps://supportforums.cisco.com/#https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature?recent=0https://supportforums.cisco.com/users/noemiberryanaplancomhttp://supportforums.cisco.com/printpdf/148471#http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/noemiberryanaplancomhttps://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature?recent=0https://supportforums.cisco.com/#https://supportforums.cisco.com/printpdf/148471?rate=xdxWME3qhM1re4rbNjduWAorL5Ba5llEQWkm3ZU-gBghttps://supportforums.cisco.com/printpdf/148471?rate=vvxTWnc4fdxTDAqQNbHQyv4cBwxGRucqPJoizpx7O10https://supportforums.cisco.com/printpdf/148471?rate=hT3VIC6lMf_9auL8qSMD00EC7KAk9Avpe1Y6eYricD4https://supportforums.cisco.com/printpdf/148471?rate=AL8HtBt1LAiidlGmI6L7VO4ldAqCzc6R2i-KHUYpiWYhttps://supportforums.cisco.com/printpdf/148471?rate=VaRKHfxQ_dYA_KDHQMiiyweCGIdO_VbHk7JiQatHfughttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
5/7
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
6/7
paul.jerome1 Tue, 01/05/2016 - 06:04
No the article is correct. We're talking about installing routes into the routing table, you are
talking about packet forwarding. This is about a control plane operation not a data planeoperation. The prefix length isn't considered when installing routes. If it receives 10.1.0.0/16
and 10.1.0.0/24 it installs both routes (because /16 offers a path to more potential destinations
than /24). In this case we're saying "what does the router do when it receives two routes to
the same destination?" The destination field in a route entry is a network prefix. Thus "same
destination" in this context means "same prefix".
See More
Kuriakose Varghese Thu, 10/29/2015 - 16:32
You are missing the point. If you have the same exact prefix from multiple routing protocol
such as BGP, OSPF, EIGRP then router will use the administrative distance of the protocol toselect the route.
This is an excellent explanation of of the concept.
See More
https://supportforums.cisco.com/users/pauljerome1https://supportforums.cisco.com/users/kuriakosehttp://supportforums.cisco.com/printpdf/148471#http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/kuriakosehttp://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/pauljerome1
-
8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11
7/7
Leesa Thu, 04/03/2014 - 23:02
You're focusing on the wrong end of the statement. He did say "if the two protocols provide
route information for the same destination". This article is about which path from which routingprotocol makes it into the routing table, not which path the router chooses when forwarding a
packet.
See More
https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature
http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/leesagilroy