eBGP Configuration and Verification
eBGP (External Border Gateway Protocol) Configuration and Verification is a critical component of CCNP Enterprise (ENCOR) infrastructure. eBGP operates between Autonomous Systems (AS), enabling inter-domain routing. CONFIGURATION BASICS: To configure eBGP, first enable BGP routing using 'router bg… eBGP (External Border Gateway Protocol) Configuration and Verification is a critical component of CCNP Enterprise (ENCOR) infrastructure. eBGP operates between Autonomous Systems (AS), enabling inter-domain routing. CONFIGURATION BASICS: To configure eBGP, first enable BGP routing using 'router bgp [ASN]'. Define neighbors with 'neighbor [IP] remote-as [ASN]'. Since eBGP peers typically exist on directly connected networks, ensure the neighbor IP is reachable. Configure network statements to advertise routes: 'network [IP] mask [subnet-mask]'. Apply route-maps and policies to control advertisement and acceptance of routes. KEY CONFIGURATION ELEMENTS: - Router BGP ASN configuration - Neighbor statements with remote AS numbers - Network statements for route advertisement - Route-maps for filtering and policy application - Timer adjustments if needed (keepalive and hold-time) VERIFICATION COMMANDS: 'show ip bgp summary' displays peer status, showing established connections and advertised/received route counts. 'show ip bgp neighbors [IP]' provides detailed neighbor information including capabilities and timer values. 'show ip bgp' reveals the BGP routing table with best path selection. 'show ip route bgp' displays only BGP-learned routes in the routing table. IMPORTANT CONSIDERATIONS: eBGP requires AS numbers differ between peers (defining external relationship). By default, eBGP increments the TTL, and packets traverse the internet. Implement filtering using prefix-lists and route-maps to control route propagation. Monitor BGP states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. Common troubleshooting checks include verifying neighbor reachability, confirming AS numbers are correct, reviewing route-map policies, and checking for network statement accuracy. Proper eBGP configuration ensures reliable inter-domain routing and network scalability in enterprise environments.
eBGP Configuration and Verification for CCNP ENCOR
eBGP Configuration and Verification
Introduction to eBGP
External Border Gateway Protocol (eBGP) is a critical routing protocol used in enterprise networks and the internet backbone. Understanding eBGP configuration and verification is essential for CCNP ENCOR certification, as it forms the foundation for advanced routing implementations.
Why eBGP Configuration is Important
eBGP is important for several reasons:
- Inter-AS Communication: eBGP enables communication between different Autonomous Systems (AS), making it essential for large enterprise networks with multiple AS numbers and internet connectivity.
- Scalability: Unlike IGPs like OSPF or EIGRP, eBGP provides superior scalability for large networks and can handle thousands of routes efficiently.
- Path Control: eBGP allows administrators to implement granular control over traffic flows through the use of route attributes like AS PATH, LOCAL PREFERENCE, and MED.
- Redundancy and Load Balancing: Multiple eBGP connections enable redundancy and load balancing across different providers or network segments.
- Internet Connectivity: eBGP is the protocol used by ISPs and enterprises to establish internet connectivity and manage BGP peering relationships.
What is eBGP?
eBGP refers to BGP peering relationships between routers in different Autonomous Systems. An Autonomous System (AS) is a collection of networks under a single administrative control, identified by a unique 16-bit (or 32-bit) AS number. When two routers exchange BGP updates with different AS numbers, they are running eBGP.
Key characteristics of eBGP:
- Peering occurs between routers in different AS numbers
- Routers are typically directly connected (eBGP neighbors share a common subnet)
- Default TTL for eBGP packets is 1 (hop count limited)
- Updates are sent to all eBGP neighbors by default
- eBGP neighbors must be explicitly configured
How eBGP Works
1. Neighbor Establishment
eBGP communication begins with neighbor establishment. Two routers must be configured as neighbors before they can exchange routing information. The configuration requires:
- Local AS number on the router
- Neighbor's IP address
- Neighbor's AS number (different from local AS for eBGP)
- Direct connectivity between neighbor IP addresses
Example configuration:
router bgp 65000
neighbor 10.1.1.2 remote-as 65001
2. TCP Connection Establishment
BGP uses TCP port 179 to establish reliable connections between neighbors. The process involves:
- One router initiates a TCP connection to the neighbor on port 179
- If successful, both routers exchange OPEN messages containing their AS numbers and BGP versions
- After OPEN message exchange, routers are in the ESTABLISHED state
- KEEPALIVE messages maintain the connection
3. Route Advertisement and Reception
Once neighbors are established:
- Routers advertise known routes via UPDATE messages
- UPDATE messages contain Network Layer Reachability Information (NLRI) and path attributes
- Routers apply inbound route-maps and policies to filter or modify incoming updates
- Best path selection algorithm determines which routes to install in the routing table
- Selected routes are advertised to other peers
4. Path Attributes
eBGP advertisements carry multiple attributes that influence routing decisions:
- AS PATH: List of AS numbers the route has traversed; shorter paths are preferred
- ORIGIN: How the route was injected into BGP (IGP, EGP, or INCOMPLETE)
- NEXT_HOP: IP address of the next hop router
- LOCAL_PREFERENCE: Used for outbound path selection; higher values are preferred (default 100)
- MULTI_EXIT_DISC (MED): Influences inbound traffic from other AS; lower values are preferred
- COMMUNITY: Tags for route grouping and filtering
5. Convergence and Updates
eBGP continuously monitors network changes:
- If a route becomes unavailable, the router sends WITHDRAW messages
- Neighbors receiving withdrawals remove affected routes from their databases
- Route changes propagate throughout the network based on policy
- Converged state is reached when all routers have consistent view of available routes
eBGP Configuration Steps
Step 1: Enable BGP and Configure Local AS
First, enable BGP on the router and specify the local AS number:
router bgp 65000
Step 2: Configure eBGP Neighbors
Define eBGP neighbors with different AS numbers:
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.2.2 remote-as 65002
Step 3: Configure Address Families (AFI/SAFI)
Specify which address families to advertise (IPv4, IPv6, etc.):
address-family ipv4
neighbor 10.1.1.2 activate
exit-address-family
Step 4: Advertise Networks
Inject networks into BGP using network commands or redistribution:
address-family ipv4
network 192.168.1.0 mask 255.255.255.0
exit-address-family
Step 5: Verify eBGP Configuration
Use verification commands to ensure proper operation:
- show ip bgp summary - Displays neighbor status and statistics
- show ip bgp neighbors - Detailed neighbor information including state, timers, and capabilities
- show ip bgp neighbors x.x.x.x advertised-routes - Shows routes advertised to a specific neighbor
- show ip bgp neighbors x.x.x.x received-routes - Shows routes received from a specific neighbor
- show ip route bgp - Displays BGP routes in the routing table
- show ip bgp - Shows all BGP routes in the BGP database
Common eBGP Configuration Scenarios
Scenario 1: Basic eBGP Peering
Two companies establish direct BGP peering:
Router A (Company 1):
router bgp 65000
neighbor 203.0.113.2 remote-as 65001
address-family ipv4
neighbor 203.0.113.2 activate
network 192.168.0.0 mask 255.255.255.0
exit-address-family
Router B (Company 2):
router bgp 65001
neighbor 203.0.113.1 remote-as 65000
address-family ipv4
neighbor 203.0.113.1 activate
network 10.0.0.0 mask 255.255.255.0
exit-address-family
Scenario 2: Multi-hop eBGP
For non-adjacent eBGP peers, modify the TTL:
router bgp 65000
neighbor 192.168.100.1 remote-as 65001
neighbor 192.168.100.1 ebgp-multihop 2
Scenario 3: Route Filtering and Policies
Apply policies to control which routes are advertised:
route-map EXPORT_ROUTES permit 10
match ip address prefix-list ALLOWED_ROUTES
exit
router bgp 65000
neighbor 203.0.113.2 route-map EXPORT_ROUTES out
Verification Techniques
1. Neighbor State Verification
Use show ip bgp summary to verify that all eBGP neighbors are in the ESTABLISHED state. The State/PfxRcd column should show a number (not a state string) indicating the neighbor is established.
2. Route Advertisement Verification
Confirm that routes are being advertised correctly:
show ip bgp neighbors 203.0.113.2 advertised-routes
This command shows all routes your router is advertising to the specified neighbor. Verify that expected routes are present and filtered correctly.
3. Route Reception Verification
Check which routes are being received from neighbors:
show ip bgp neighbors 203.0.113.2 received-routes
Confirm that routes from the neighbor's networks appear in this output.
4. Best Path Selection Verification
Examine which routes are selected as best paths:
show ip bgp 192.168.1.0/24
This displays the best path and alternative paths with their respective attributes and why the best path was selected.
5. AS PATH Verification
Verify the AS PATH to ensure routes have traversed the correct AS sequence:
show ip bgp 10.0.0.0/24 | include AS PATH
6. Neighbor Capability Verification
Check negotiated capabilities between neighbors:
show ip bgp neighbors 203.0.113.2 | include Capability
This shows features like route refresh, graceful restart support, and address family negotiation.
Troubleshooting eBGP Issues
Issue 1: Neighbor Not Establishing
Symptoms: Neighbor stuck in ACTIVE or CONNECT state
Common causes:
- Incorrect neighbor IP address or AS number
- Network connectivity issue between neighbors
- Firewall or ACL blocking TCP port 179
- BGP process not running
Verification:
show ip bgp neighbors x.x.x.x - Check connection state and last error message
ping x.x.x.x - Verify IP reachability
debug ip bgp keepalives - Monitor BGP communication
Issue 2: Routes Not Being Advertised
Symptoms: Routes exist locally but aren't advertised to neighbors
Common causes:
- Routes not in BGP routing table
- Route-map filtering blocking advertisement
- Prefix list restrictions
- Neighbor not activated in correct address family
Verification:
show ip bgp - Check if routes are in BGP table
show route-map - Verify route-map policies
show ip prefix-list - Check prefix list entries
Issue 3: Routes Not Being Received
Symptoms: Routes from neighbor not appearing in local BGP table
Common causes:
- Inbound route-map filtering routes
- Neighbor not advertising the routes
- AS PATH attribute causing rejection
- NEXT_HOP unreachable
Verification:
show ip bgp neighbors x.x.x.x received-routes - Confirm neighbor is sending routes
show ip bgp neighbors x.x.x.x | include Inbound route-map - Check inbound policies
Exam Tips: Answering Questions on eBGP Configuration and Verification
Tip 1: Focus on AS Number Differences
eBGP is defined by routers in different AS numbers. If a question mentions configuring BGP between routers in the same AS, it's iBGP, not eBGP. Always verify the AS numbers in the scenario.
Tip 2: Remember the TTL Default
eBGP has a default TTL of 1, meaning neighbors must be directly connected. If a question asks about non-adjacent eBGP peers, immediately think of the ebgp-multihop command. This is a common exam question.
Tip 3: Understand Path Attribute Precedence
BGP best path selection follows a specific order. Know the order for the exam:
- Weight (highest wins) - Cisco proprietary
- LOCAL_PREFERENCE (highest wins)
- Locally originated routes
- AS PATH (shortest wins)
- ORIGIN (IGP < EGP < INCOMPLETE)
- MED (lowest wins)
- eBGP over iBGP
- IGP metric to NEXT_HOP
- Other tie-breakers
Tip 4: Mastering Verification Commands
Exam questions frequently test your ability to interpret output from verification commands. Learn these critical commands:
- show ip bgp summary - Quick view of all neighbors
- show ip bgp neighbors x.x.x.x - Detailed neighbor information
- show ip bgp advertised-routes/received-routes - Route flow verification
- show ip bgp x.x.x.x/y - Specific route attributes
Tip 5: Recognize Configuration Errors
Exam questions often present incorrect configurations and ask you to identify the error. Common mistakes to spot:
- Using neighbor x.x.x.x remote-as 65000 with the same AS number (should be iBGP)
- Missing neighbor activate under the address family
- Incorrect NEXT_HOP for route advertisement
- Forgetting network statements when routes aren't redistributed
- Route-maps with incorrect match criteria
Tip 6: Understand Route-Map Application
Route-maps in BGP can be applied in/out for filtering and modifying routes. Know:
- route-map X in - Filters received routes from the neighbor
- route-map X out - Filters advertised routes to the neighbor
- Route-maps use permit/deny logic
- Multiple statements are processed top-to-bottom
- Routes matching permit are processed; deny routes are discarded
Tip 7: Study Neighbor State Transitions
Understand BGP finite state machine states:
- IDLE: Initial state, waiting to establish connection
- CONNECT: TCP connection in progress
- ACTIVE: Attempting to establish TCP connection
- OPENSENT: Sent OPEN message, waiting for response
- OPENCONFIRM: Received OPEN message, exchanging KEEPALIVE
- ESTABLISHED: Fully operational, exchanging UPDATE messages
Exam questions may show a neighbor stuck in a particular state and ask what's wrong.
Tip 8: Pay Attention to Scenario Details
In scenario-based questions, carefully note:
- Which routers should be eBGP peers (different AS numbers)
- Which routes need to be advertised
- What policies or filtering is required
- Whether multi-hop eBGP is needed
- Address family requirements (IPv4, IPv6, etc.)
Tip 9: Verify Address Family Activation
A common issue is forgetting to activate neighbors in address families. Even if the neighbor relationship is established, routes won't be exchanged without activation:
address-family ipv4
neighbor x.x.x.x activate
Tip 10: Know Common Policy Controls
Exam questions test policy implementation using:
- Prefix Lists: Match specific networks or ranges
- Route-maps: Complex matching with set options
- AS PATH filters: Match based on AS numbers traversed
- Community filters: Control by community tags
- Distribute-lists: Legacy filtering (less common in modern exams)
Tip 11: Practice Interpreting BGP Table Output
Learn to read the show ip bgp output:
- The > symbol indicates the best path
- The * symbol indicates valid paths
- The 'i' flag indicates iBGP learned routes
- AS PATH shows the AS numbers traversed
- Lack of symbols means the route is not valid
Tip 12: Time Management Strategy
For eBGP configuration questions on the exam:
- Read the entire scenario first to understand requirements
- Identify all eBGP peer relationships needed
- Verify AS numbers are different for eBGP questions
- Check if multi-hop is needed
- Identify any filtering or policy requirements
- Answer configuration questions first, then verification questions
- Use elimination for multiple-choice verification questions
Tip 13: Common Exam Scenarios
Be prepared for these typical exam scenarios:
- ISP Connectivity: Company A connects to ISP (AS 65000 to AS 65001) via eBGP
- Multi-site with Internet: Corporate network with multiple sites, each with internet connection
- Route Filtering: Restrict which routes are advertised or accepted
- BGP Failover: Multiple eBGP connections with backup paths
- Transit AS: Routes from one AS passing through another AS
Tip 14: Watch for Configuration Syntax
Cisco IOS BGP syntax is specific. Common errors:
- Using neighbor instead of no neighbor to remove
- Incorrect syntax for neighbor commands (IP, remote-as order)
- Using address-family commands outside the address family context
- Forgetting exit-address-family statements
Tip 15: Review and Verify Before Submitting
For configuration questions:
- Trace through the configuration step-by-step
- Verify each neighbor relationship is correctly defined
- Confirm routes are properly advertised
- Check that policies match requirements
- Ensure all required address families are activated
For verification questions:
- Match command output to the question requirements
- Look for specific flags or symbols in output
- Count neighbors and routes mentioned in scenarios
- Verify neighbor states match expectations
- Check AS PATH and other attributes
Conclusion
eBGP configuration and verification is a critical skill for CCNP ENCOR success. By understanding the fundamentals of how eBGP works, mastering configuration syntax, and becoming proficient with verification commands, you'll be well-prepared to answer exam questions confidently. Focus on the key differences between eBGP and iBGP (different AS numbers), practice interpreting command output, and study the various filtering and policy mechanisms. With dedicated study and hands-on practice, you'll master this essential topic.
🎓 Unlock Premium Access
CCNP Enterprise (ENCOR) + ALL Certifications
- 🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
- 2873 Superior-grade CCNP Enterprise (ENCOR) practice questions
- Unlimited practice tests across all certifications
- Detailed explanations for every question
- ENCOR 350-401: 5 full exams plus all other certification exams
- 100% Satisfaction Guaranteed: Full refund if unsatisfied
- Risk-Free: 7-day free trial with all premium features!