Re: BGP Backdoor conclusion (Sorry for the long post) from Jay McMickle on 2011-12-29 (Ccielab archives 12/2011)

From: Jay McMickle <jay.mcmickle_at_yahoo.com>
Date: Thu, 29 Dec 2011 10:24:26 -0800 (PST)

Good write up. Thanks for sharing. Oh, and where were you like 18 months ago
when I started this adventure?

Have a good one.

Regards,
Jay McMickle-
CCNP, CCSP, CCDP, MCSE
http://mycciepursuit.wordpress.com/

Support me in the
MS150 Challenge!
http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=5886043&pg=pe
rsonal&fr_id=17896

________________________________
From: Hasse
<eriksson.hans_at_gmail.com>
To: Cisco certification <ccielab_at_groupstudy.com>;
Narbik Kocharians <narbikk_at_gmail.com>
Sent: Thursday, December 29, 2011 11:39
AM
Subject: BGP Backdoor conclusion (Sorry for the long post)

BGP Backdoor
conclusion (is this correct)?

I under stand that backdoor feature change the
AD distance to 200.
I am configure this on R2, where i receive the route from
R3.

The backdoor command does influence the way I will send the traffic on
the router where
it is configured.

If I do not configure this on both sides
I can end up with asymmetric routing.
Backdoor command does not influence
where I receive the route.

R2 ----Fa (EIGRP)---- R3
  |
        |
  |__Serial_ R1 eBGP_ |

Network 150.1.3.0 advertised in EIGRP and
BGP
R3 have already config backdoor option for 150.1.2.0

eBGP AD 20
EIGRP 90
-- We can se that EIGRP will not install the route.

P 150.1.3.0/24, 0
successors, FD is Inaccessible, serno 14
via 150.1.23.3
(156160/128256), FastEthernet0/0

- We do se that it is installed in the BGP
table

B 150.1.3.0 [20/0] via 10.1.12.1, 00:06:56

- We do als see here
more details about the specific route

R2#show ip bgp 150.1.3.0/24
BGP routing
table entry for 150.1.3.0/24, version 14
Paths: (1 available, best #1, table
Default-IP-Routing-Table)
  Not advertised to any peer
  100 300
    10.1.12.1
from 10.1.12.1 (1.1.1.1)
      Origin IGP, localpref 100, valid, external,
best

- Traceroute showing us that this is not the preferred way (Via BGP
cloud when we have an (100 mbit etheternet connection)

R2#traceroute
150.1.3.3 source 150.1.2.2

Type escape sequence to abort.
Tracing the route
to 150.1.3.3

1 10.1.12.1 28 msec 28 msec 28 msec (R1 serial)
2 10.1.13.3
20 msec 20 msec * (R3 Serial)

on R2

- This eBGP connection should be a
backup so I did
configure the backdoor option.

- Under the bgp process on
R2
network 150.1.3.0 mask 255.255.255.0 backdoor

- Now we see that EIGRP have
installed the route in the topology table.

P 150.1.3.0/24, 1 successors, FD
is 156160, serno 15
via 150.1.23.3 (156160/128256), FastEthernet0/0

-
As expected we do now get a RIB failure in BGP

r> 150.1.3.0/24 10.1.12.1
0 100 300 i

- Jus to make sure, that the rib
failure is correct (Higher AD)

R2#show ip bgp rib-failure
Network
Next Hop RIB-failure RIB-NH Matches
150.1.3.0/24
10.1.12.1 Higher admin distance n/a

- Some more details
about the RIB failure

R2#show ip bgp 150.1.3.0/24
BGP routing table entry for
150.1.3.0/24, version 15
Paths: (1 available, best #1, table
Default-IP-Routing-Table, RIB-failure(17))
  Not advertised to any peer
  100
300
    10.1.12.1 from 10.1.12.1 (1.1.1.1)
      Origin IGP, localpref 100,
valid, external, best

- The route are now in the eigrp routing table

the
result is correct.
D 150.1.3.0 [90/156160] via 150.1.23.3, 00:02:06,
FastEthernet0/0

- Traceroute show that we are choosing the 100 mbit/s way
Type escape sequence to abort.
Tracing the route to 150.1.3.3

1 150.1.23.3
0 msec 0 msec * (R3 fas 0/0)

Lesson learned (I did believe before that the
backdoor command was
configured on the advertising router)
I do now understand
that the backdoor command influence the path out
only. This was obvious when i
did some detail
reading and config.

when I am reading the reference guide
whit new eyes, it is dead simple :)

Usage Guidelines
A backdoor network is
assigned an administrative distance of 200. The
objective is to make Interior
Gateway Protocol (IGP) learned routes
preferred. A backdoor network is treated
as a local network, except
that it is not advertised. A network that is marked
as a back door is
not sourced by the local router, but should be learned from
external
neighbors. The BGP best path selection algorithm does not change when
a network is configured as a back door.

Examples
The following address family
configuration example configures network
10.108.0.0 as a local network and
network 192.168.7.0 as a backdoor
network:

router bgp 109
address-family ipv4
multicast
network 10.108.0.0
network 192.168.7.0 backdoor

The following
router configuration example configures network
10.108.0.0 as a local network
and network 192.168.7.0 as a backdoor
network:
router bgp 109
network
10.108.0.0
network 192.168.7.0 backdoor

I hope that some one else have use of
this information.

Blogs and organic groups at http://www.ccie.net
Received on Thu Dec 29 2011 - 10:24:26 ART

This archive was generated by hypermail 2.2.0 : Sun Jan 01 2012 - 08:27:01 ART