8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

1/7

Cisco Support Community

Home

What is the BGP Backdoor Feature?Document

 Tue, 01/05/2016 - 06:04

Omar Santos  Jul 11th, 2013

 The term “backdoor” is a very controversial term when it comes to privacy and security.

However, when it comes to BGP, it is a well-known feature that is used to change the

administrative distance of eBGP in order for an interior gateway routing protocol (IGP) to take

precedence over an eBGP route.

By default, external BGP (eBGP) has an administrative distance value of 20. Administrative

distance is the first criterion that a router uses to determine which routing protocol to use if 

two protocols provide route information for the same destination. Administrative distance is a

measure of the best path and reliability of the source of the routing information. The smallerthe administrative distance value, the more reliable the protocol/link.

Note: For more information about administrative distance in routing protocols refer to:

http://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtml

BGP selects a single path, by default, as the best path to a destination host or network. The

best path selection algorithm analyzes path attributes to determine which route is installed as

the best path in the BGP routing table. Each path carries well-known mandatory, discretionary,

and optional transitive attributes that are used in BGP best path analysis.

 The “Backdoor Feature” is often used to increase the administrative distance of eBGP to 200

with the goal of making the IGP learned routes to be preferred. A backdoor network is treated

as a local network, except that it is not advertised. This is configured by using the network

backdoor BGP command.

For example, in Figure 1 three separate networks are illustrated: a network in New York (AS1010); another in Research Triangle Park (RTP), NC (AS 2020); and a third one in San Jose, CA

(AS 3030).

https://supportforums.cisco.com/https://supportforums.cisco.com/users/osantoshttp://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a0080094195.shtmlhttps://supportforums.cisco.com/users/osantoshttps://supportforums.cisco.com/

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

2/7

Figure 1 – eBGP default admin distance

With the default administrative distances of BGP and EIGRP, if a device in the New York

network (10.10.10.0/24) communicates with a device in RTP (10.20.20.0/24) the packets will

route via the network in San Jose. This is because eBGP has a lower administrative distance

(20) than EIGRP (90). To avoid this, the Cisco IOS Software network backdoor  command can

be used in New York’s R1 router (NY-R1) and vice-versa, as shown below.

NY-R1(config)#router bgp 1010

NY-R1(config-router)#network 10.20.20.0 mask 255.255.255.0 backdoor

In Cisco IOS XR Software, the network backdoor  command is configured under the address

family configuration mode, as shown in the following example:

RP/0/RP0/CPU0:NY-R1(config)# router bgp 109

RP/0/RP0/CPU0:NY-R1(config-bgp)# address-family ipv4 unicast

RP/0/RP0/CPU0:NY-R1(config-bgp-af)# network 10.20.20.0/24 backdoor

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

3/7

After the network backdoor  command is used in NY-R1, the administrative distance of eBGP

is changed to 200 and the preferred path will be via the direct connection between NY-R1 and

RTP-R1, as shown in Figure 2. The same steps can be followed in RTP, accordingly.

Figure 2 – eBGP admin distance after network backdoor command is used

 The following are several additional references regarding BGP configuration and

troubleshooting:

BGP Case Studies:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbac

kdoor

Cisco IOS Software BGP Configuration Guide

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.html

BGP Command Reference

http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.htmlhttp://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1145478http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-overview.htmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoorhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

4/7

BGP Frequently Asked Questions

http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.sh

tml

Rating

1

2

3

4

5

Overall Rating: 5 (3 ratings)

Comments

Collapse all

Recent replies last

noemi.berry@ana...  Fri, 07/24/2015 - 10:07

Figures 1 and 2 look identical; was Figure 2 supposed to illustrate a change?

See More

http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttps://supportforums.cisco.com/printpdf/148471?rate=VaRKHfxQ_dYA_KDHQMiiyweCGIdO_VbHk7JiQatHfughttps://supportforums.cisco.com/printpdf/148471?rate=AL8HtBt1LAiidlGmI6L7VO4ldAqCzc6R2i-KHUYpiWYhttps://supportforums.cisco.com/printpdf/148471?rate=hT3VIC6lMf_9auL8qSMD00EC7KAk9Avpe1Y6eYricD4https://supportforums.cisco.com/printpdf/148471?rate=vvxTWnc4fdxTDAqQNbHQyv4cBwxGRucqPJoizpx7O10https://supportforums.cisco.com/printpdf/148471?rate=xdxWME3qhM1re4rbNjduWAorL5Ba5llEQWkm3ZU-gBghttps://supportforums.cisco.com/#https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature?recent=0https://supportforums.cisco.com/users/noemiberryanaplancomhttp://supportforums.cisco.com/printpdf/148471#http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/noemiberryanaplancomhttps://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature?recent=0https://supportforums.cisco.com/#https://supportforums.cisco.com/printpdf/148471?rate=xdxWME3qhM1re4rbNjduWAorL5Ba5llEQWkm3ZU-gBghttps://supportforums.cisco.com/printpdf/148471?rate=vvxTWnc4fdxTDAqQNbHQyv4cBwxGRucqPJoizpx7O10https://supportforums.cisco.com/printpdf/148471?rate=hT3VIC6lMf_9auL8qSMD00EC7KAk9Avpe1Y6eYricD4https://supportforums.cisco.com/printpdf/148471?rate=AL8HtBt1LAiidlGmI6L7VO4ldAqCzc6R2i-KHUYpiWYhttps://supportforums.cisco.com/printpdf/148471?rate=VaRKHfxQ_dYA_KDHQMiiyweCGIdO_VbHk7JiQatHfughttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtmlhttp://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

5/7

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

6/7

paul.jerome1  Tue, 01/05/2016 - 06:04

No the article is correct. We're talking about installing routes into the routing table, you are

talking about packet forwarding. This is about a control plane operation not a data planeoperation. The prefix length isn't considered when installing routes. If it receives 10.1.0.0/16

and 10.1.0.0/24 it installs both routes (because /16 offers a path to more potential destinations

than /24). In this case we're saying "what does the router do when it receives two routes to

the same destination?" The destination field in a route entry is a network prefix. Thus "same

destination" in this context means "same prefix".

See More

Kuriakose Varghese Thu, 10/29/2015 - 16:32

 You are missing the point. If you have the same exact prefix from multiple routing protocol

such as BGP, OSPF, EIGRP then router will use the administrative distance of the protocol toselect the route.

 This is an excellent explanation of of the concept.

See More

https://supportforums.cisco.com/users/pauljerome1https://supportforums.cisco.com/users/kuriakosehttp://supportforums.cisco.com/printpdf/148471#http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/kuriakosehttp://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/pauljerome1

8/16/2019 Cisco Support Community - What is the Bgp Backdoor Feature - 2013-07-11

7/7

Leesa Thu, 04/03/2014 - 23:02

 You're focusing on the wrong end of the statement. He did say "if the two protocols provide

route information for the same destination". This article is about which path from which routingprotocol makes it into the routing table, not which path the router chooses when forwarding a

packet.

See More

https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature

http://supportforums.cisco.com/printpdf/148471#https://supportforums.cisco.com/users/leesagilroy