eBGP Configuration and Verification for CCNP ENCOR

eBGP Configuration and Verification

Introduction to eBGP

External Border Gateway Protocol (eBGP) is a critical routing protocol used in enterprise networks and the internet backbone. Understanding eBGP configuration and verification is essential for CCNP ENCOR certification, as it forms the foundation for advanced routing implementations.

Why eBGP Configuration is Important

eBGP is important for several reasons:

• Inter-AS Communication: eBGP enables communication between different Autonomous Systems (AS), making it essential for large enterprise networks with multiple AS numbers and internet connectivity.
• Scalability: Unlike IGPs like OSPF or EIGRP, eBGP provides superior scalability for large networks and can handle thousands of routes efficiently.
• Path Control: eBGP allows administrators to implement granular control over traffic flows through the use of route attributes like AS PATH, LOCAL PREFERENCE, and MED.
• Redundancy and Load Balancing: Multiple eBGP connections enable redundancy and load balancing across different providers or network segments.
• Internet Connectivity: eBGP is the protocol used by ISPs and enterprises to establish internet connectivity and manage BGP peering relationships.

What is eBGP?

eBGP refers to BGP peering relationships between routers in different Autonomous Systems. An Autonomous System (AS) is a collection of networks under a single administrative control, identified by a unique 16-bit (or 32-bit) AS number. When two routers exchange BGP updates with different AS numbers, they are running eBGP.

Key characteristics of eBGP:

• Peering occurs between routers in different AS numbers
• Routers are typically directly connected (eBGP neighbors share a common subnet)
• Default TTL for eBGP packets is 1 (hop count limited)
• Updates are sent to all eBGP neighbors by default
• eBGP neighbors must be explicitly configured

How eBGP Works

1. Neighbor Establishment

eBGP communication begins with neighbor establishment. Two routers must be configured as neighbors before they can exchange routing information. The configuration requires:

• Local AS number on the router
• Neighbor's IP address
• Neighbor's AS number (different from local AS for eBGP)
• Direct connectivity between neighbor IP addresses

Example configuration:

router bgp 65000
neighbor 10.1.1.2 remote-as 65001

2. TCP Connection Establishment

BGP uses TCP port 179 to establish reliable connections between neighbors. The process involves:

• One router initiates a TCP connection to the neighbor on port 179
• If successful, both routers exchange OPEN messages containing their AS numbers and BGP versions
• After OPEN message exchange, routers are in the ESTABLISHED state
• KEEPALIVE messages maintain the connection

3. Route Advertisement and Reception

Once neighbors are established:

• Routers advertise known routes via UPDATE messages
• UPDATE messages contain Network Layer Reachability Information (NLRI) and path attributes
• Routers apply inbound route-maps and policies to filter or modify incoming updates
• Best path selection algorithm determines which routes to install in the routing table
• Selected routes are advertised to other peers

4. Path Attributes

eBGP advertisements carry multiple attributes that influence routing decisions:

• AS PATH: List of AS numbers the route has traversed; shorter paths are preferred
• ORIGIN: How the route was injected into BGP (IGP, EGP, or INCOMPLETE)
• NEXT_HOP: IP address of the next hop router
• LOCAL_PREFERENCE: Used for outbound path selection; higher values are preferred (default 100)
• MULTI_EXIT_DISC (MED): Influences inbound traffic from other AS; lower values are preferred
• COMMUNITY: Tags for route grouping and filtering

5. Convergence and Updates

eBGP continuously monitors network changes:

• If a route becomes unavailable, the router sends WITHDRAW messages
• Neighbors receiving withdrawals remove affected routes from their databases
• Route changes propagate throughout the network based on policy
• Converged state is reached when all routers have consistent view of available routes

eBGP Configuration Steps

Step 1: Enable BGP and Configure Local AS

First, enable BGP on the router and specify the local AS number:

router bgp 65000

Step 2: Configure eBGP Neighbors

Define eBGP neighbors with different AS numbers:

neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.2.2 remote-as 65002

Step 3: Configure Address Families (AFI/SAFI)

Specify which address families to advertise (IPv4, IPv6, etc.):

address-family ipv4
neighbor 10.1.1.2 activate
exit-address-family

Step 4: Advertise Networks

Inject networks into BGP using network commands or redistribution:

address-family ipv4
network 192.168.1.0 mask 255.255.255.0
exit-address-family

Step 5: Verify eBGP Configuration

Use verification commands to ensure proper operation:

• show ip bgp summary - Displays neighbor status and statistics
• show ip bgp neighbors - Detailed neighbor information including state, timers, and capabilities
• show ip bgp neighbors x.x.x.x advertised-routes - Shows routes advertised to a specific neighbor
• show ip bgp neighbors x.x.x.x received-routes - Shows routes received from a specific neighbor
• show ip route bgp - Displays BGP routes in the routing table
• show ip bgp - Shows all BGP routes in the BGP database

Common eBGP Configuration Scenarios

Scenario 1: Basic eBGP Peering

Two companies establish direct BGP peering:

Router A (Company 1):
router bgp 65000
neighbor 203.0.113.2 remote-as 65001
address-family ipv4
neighbor 203.0.113.2 activate
network 192.168.0.0 mask 255.255.255.0
exit-address-family

Router B (Company 2):
router bgp 65001
neighbor 203.0.113.1 remote-as 65000
address-family ipv4
neighbor 203.0.113.1 activate
network 10.0.0.0 mask 255.255.255.0
exit-address-family

Scenario 2: Multi-hop eBGP

For non-adjacent eBGP peers, modify the TTL:

router bgp 65000
neighbor 192.168.100.1 remote-as 65001
neighbor 192.168.100.1 ebgp-multihop 2

Scenario 3: Route Filtering and Policies

Apply policies to control which routes are advertised:

route-map EXPORT_ROUTES permit 10
match ip address prefix-list ALLOWED_ROUTES
exit
router bgp 65000
neighbor 203.0.113.2 route-map EXPORT_ROUTES out

Verification Techniques

1. Neighbor State Verification

Use show ip bgp summary to verify that all eBGP neighbors are in the ESTABLISHED state. The State/PfxRcd column should show a number (not a state string) indicating the neighbor is established.

2. Route Advertisement Verification

Confirm that routes are being advertised correctly:

show ip bgp neighbors 203.0.113.2 advertised-routes

This command shows all routes your router is advertising to the specified neighbor. Verify that expected routes are present and filtered correctly.

3. Route Reception Verification

Check which routes are being received from neighbors:

show ip bgp neighbors 203.0.113.2 received-routes

Confirm that routes from the neighbor's networks appear in this output.

4. Best Path Selection Verification

Examine which routes are selected as best paths:

show ip bgp 192.168.1.0/24

This displays the best path and alternative paths with their respective attributes and why the best path was selected.

5. AS PATH Verification

Verify the AS PATH to ensure routes have traversed the correct AS sequence:

show ip bgp 10.0.0.0/24 | include AS PATH

6. Neighbor Capability Verification

Check negotiated capabilities between neighbors:

show ip bgp neighbors 203.0.113.2 | include Capability

This shows features like route refresh, graceful restart support, and address family negotiation.

Troubleshooting eBGP Issues

Issue 1: Neighbor Not Establishing

Symptoms: Neighbor stuck in ACTIVE or CONNECT state

Common causes:

• Incorrect neighbor IP address or AS number
• Network connectivity issue between neighbors
• Firewall or ACL blocking TCP port 179
• BGP process not running

Verification:

show ip bgp neighbors x.x.x.x - Check connection state and last error message
ping x.x.x.x - Verify IP reachability
debug ip bgp keepalives - Monitor BGP communication

Issue 2: Routes Not Being Advertised

Symptoms: Routes exist locally but aren't advertised to neighbors

Common causes:

• Routes not in BGP routing table
• Route-map filtering blocking advertisement
• Prefix list restrictions
• Neighbor not activated in correct address family

Verification:

show ip bgp - Check if routes are in BGP table
show route-map - Verify route-map policies
show ip prefix-list - Check prefix list entries

Issue 3: Routes Not Being Received

Symptoms: Routes from neighbor not appearing in local BGP table

Common causes:

• Inbound route-map filtering routes
• Neighbor not advertising the routes
• AS PATH attribute causing rejection
• NEXT_HOP unreachable

Verification:

show ip bgp neighbors x.x.x.x received-routes - Confirm neighbor is sending routes
show ip bgp neighbors x.x.x.x | include Inbound route-map - Check inbound policies

Exam Tips: Answering Questions on eBGP Configuration and Verification

Tip 1: Focus on AS Number Differences

eBGP is defined by routers in different AS numbers. If a question mentions configuring BGP between routers in the same AS, it's iBGP, not eBGP. Always verify the AS numbers in the scenario.

Tip 2: Remember the TTL Default

eBGP has a default TTL of 1, meaning neighbors must be directly connected. If a question asks about non-adjacent eBGP peers, immediately think of the ebgp-multihop command. This is a common exam question.

Tip 3: Understand Path Attribute Precedence

BGP best path selection follows a specific order. Know the order for the exam:

• Weight (highest wins) - Cisco proprietary
• LOCAL_PREFERENCE (highest wins)
• Locally originated routes
• AS PATH (shortest wins)
• ORIGIN (IGP < EGP < INCOMPLETE)
• MED (lowest wins)
• eBGP over iBGP
• IGP metric to NEXT_HOP
• Other tie-breakers

Tip 4: Mastering Verification Commands

Exam questions frequently test your ability to interpret output from verification commands. Learn these critical commands:

• show ip bgp summary - Quick view of all neighbors
• show ip bgp neighbors x.x.x.x - Detailed neighbor information
• show ip bgp advertised-routes/received-routes - Route flow verification
• show ip bgp x.x.x.x/y - Specific route attributes

Tip 5: Recognize Configuration Errors

Exam questions often present incorrect configurations and ask you to identify the error. Common mistakes to spot:

• Using neighbor x.x.x.x remote-as 65000 with the same AS number (should be iBGP)
• Missing neighbor activate under the address family
• Incorrect NEXT_HOP for route advertisement
• Forgetting network statements when routes aren't redistributed
• Route-maps with incorrect match criteria

Tip 6: Understand Route-Map Application

Route-maps in BGP can be applied in/out for filtering and modifying routes. Know:

• route-map X in - Filters received routes from the neighbor
• route-map X out - Filters advertised routes to the neighbor
• Route-maps use permit/deny logic
• Multiple statements are processed top-to-bottom
• Routes matching permit are processed; deny routes are discarded

Tip 7: Study Neighbor State Transitions

Understand BGP finite state machine states:

• IDLE: Initial state, waiting to establish connection
• CONNECT: TCP connection in progress
• ACTIVE: Attempting to establish TCP connection
• OPENSENT: Sent OPEN message, waiting for response
• OPENCONFIRM: Received OPEN message, exchanging KEEPALIVE
• ESTABLISHED: Fully operational, exchanging UPDATE messages

Exam questions may show a neighbor stuck in a particular state and ask what's wrong.

Tip 8: Pay Attention to Scenario Details

In scenario-based questions, carefully note:

• Which routers should be eBGP peers (different AS numbers)
• Which routes need to be advertised
• What policies or filtering is required
• Whether multi-hop eBGP is needed
• Address family requirements (IPv4, IPv6, etc.)

Tip 9: Verify Address Family Activation

A common issue is forgetting to activate neighbors in address families. Even if the neighbor relationship is established, routes won't be exchanged without activation:

address-family ipv4
neighbor x.x.x.x activate

Tip 10: Know Common Policy Controls

Exam questions test policy implementation using:

• Prefix Lists: Match specific networks or ranges
• Route-maps: Complex matching with set options
• AS PATH filters: Match based on AS numbers traversed
• Community filters: Control by community tags
• Distribute-lists: Legacy filtering (less common in modern exams)

Tip 11: Practice Interpreting BGP Table Output

Learn to read the show ip bgp output:

• The > symbol indicates the best path
• The * symbol indicates valid paths
• The 'i' flag indicates iBGP learned routes
• AS PATH shows the AS numbers traversed
• Lack of symbols means the route is not valid

Tip 12: Time Management Strategy

For eBGP configuration questions on the exam:

• Read the entire scenario first to understand requirements
• Identify all eBGP peer relationships needed
• Verify AS numbers are different for eBGP questions
• Check if multi-hop is needed
• Identify any filtering or policy requirements
• Answer configuration questions first, then verification questions
• Use elimination for multiple-choice verification questions

Tip 13: Common Exam Scenarios

Be prepared for these typical exam scenarios:

• ISP Connectivity: Company A connects to ISP (AS 65000 to AS 65001) via eBGP
• Multi-site with Internet: Corporate network with multiple sites, each with internet connection
• Route Filtering: Restrict which routes are advertised or accepted
• BGP Failover: Multiple eBGP connections with backup paths
• Transit AS: Routes from one AS passing through another AS

Tip 14: Watch for Configuration Syntax

Cisco IOS BGP syntax is specific. Common errors:

• Using neighbor instead of no neighbor to remove
• Incorrect syntax for neighbor commands (IP, remote-as order)
• Using address-family commands outside the address family context
• Forgetting exit-address-family statements

Tip 15: Review and Verify Before Submitting

For configuration questions:

• Trace through the configuration step-by-step
• Verify each neighbor relationship is correctly defined
• Confirm routes are properly advertised
• Check that policies match requirements
• Ensure all required address families are activated

For verification questions:

• Match command output to the question requirements
• Look for specific flags or symbols in output
• Count neighbors and routes mentioned in scenarios
• Verify neighbor states match expectations
• Check AS PATH and other attributes

Conclusion

eBGP configuration and verification is a critical skill for CCNP ENCOR success. By understanding the fundamentals of how eBGP works, mastering configuration syntax, and becoming proficient with verification commands, you'll be well-prepared to answer exam questions confidently. Focus on the key differences between eBGP and iBGP (different AS numbers), practice interpreting command output, and study the various filtering and policy mechanisms. With dedicated study and hands-on practice, you'll master this essential topic.