Introduction to BGP (Border Gateway Protocol)

The network structure called “internet” today has evolved from the coming together of several small networks working independently of each other into a giant communication spiral covering the entire world. During the formation process of this global network, it has created an impossible, complex, and unmanageable situation for each device to be connected individually. It is not logically possible for a system with this structure to operate stably. The need for a dynamic network routing mechanism has emerged to overcome this problem.

IGP (Interior Gateway Protocol) refers to the group of protocols used to route different networks within a single autonomous system. OSPF, RIP, and IS-IS protocols are each defined as an IGP protocol. However, the rapid development of the internet and the increase in the number of autonomous systems have caused IGP to become inadequate after a certain point. In this context, autonomous systems (Autonomous Systems – AS) have been developed to monitor and optimize packet routing from one network to another. Initially, the dynamic routing protocol known as EGP (Exterior Gateway Protocol) was used to transmit the current accessibility information of the devices forming the network to neighboring autonomous systems. This protocol allowed devices to communicate with each other and dynamically share the general status of the network.

An autonomous system can include different networks belonging to more than one Internet Service Provider (ISP). Each autonomous system is identified by a unique identification number (AS Number). In this structure, the routing rules of each autonomous system are determined and IP ranges are defined, and in this way, traffic within the network is directed.

The hierarchical structure of EGP made it difficult for new networks to work effectively and scalably in an integrated structure, and as a result, a more advanced external routing protocol was needed. BGP (Border Gateway Protocol), which is a part of EGP, was developed to meet this need. BGP represents a significant advance over EGP by offering flexibility, scalability, and robust routing capabilities. BGP is an advanced routing protocol that assigns autonomous system numbers to routers and operates on Layer 4. BGP is an advanced routing protocol that assigns autonomous system numbers to routers. This autonomous system number ranges from 1 to 65535. Special autonomous system numbers range from 64512 to 65535 and can be used by anyone.

Unlike EIGRP, BGP allows different autonomous systems to communicate with each other. A label is added to each packet sent indicating which autonomous system it belongs to.

We can refer to an example from daily life to better understand the BGP protocol. It is possible to compare autonomous systems to a neighborhood consisting of many streets. Street signs correspond to network prefixes (network and prefix), and home addresses correspond to IP addresses. If a car leaving a house tries to reach another house via the most efficient route, a packet leaving a network reaches the destination network by following the best route. This situation can be compared to the best route suggestions offered by GPS applications. GPSs evaluate factors such as traffic, roadworks, or accidents with instant data and draw the best route to reach the destination. BGP routing works similarly.

Each BGP peer is defined as a peer, and these peers instantly share routing information with each other along with their network prefixes. BGP’s decision mechanism analyzes all data and communication between peers to be able to precisely route packets to their destination. Each peer manages a routing table related to the routing of packets to their destination. In this way, BGP collects routing information of autonomous systems and ensures that it is shared with each other. At the same time, these peers also transfer internal information within their own autonomous systems. Layer 1, Layer 2, and Layer 3 information is not taken into account in BGP neighbors. Two BGP neighbors do not need to be directly connected to each other. Neighborhoods can be established mutually only by being reachable by the next-hop address and being able to ping the neighbor. In addition, a packet originating from the same autonomous system is prevented from returning to the same autonomous system. This situation can usually be experienced in ‘update’ packets, and loop formation due to update packets is prevented in the BGP structure.

BGP has three basic tables to perform routing operations:

• Neighborhood Table: This table is a structure where BGP determines neighboring routers and stores information about them. Neighborhoods are added manually and information about which information can be forwarded to which router is also kept in this table.
  
• BGP Table: This table contains information that regularly checks the communication status with neighboring routers. Every minute, whether or not update messages containing “I’m up” or “I’m working” information are received from neighboring routers is monitored through this table.
  
• IP Routing Table: This table contains the best routes that allow the source point to reach the destination in the most efficient way. It is one of the most critical components that BGP uses when making routing decisions.

There is usually more than one route to reach the destination from the source. BGP (Border Gateway Protocol) analyzes the data in the existing tables to choose the most efficient one among these routes and evaluates the instant changes, making decisions in accordance with the configured routing policy. These policies are determined by considering criteria such as cost, realizability, speed, and measurability.

The number of autonomous systems plays an important role in BGP’s metric calculations. Although this shows that BGP uses a type of Distance Vector algorithm, it adopts a Path Vector approach, unlike traditional Distance Vector protocols. For this reason, BGP is generally considered a unique type of protocol. Characteristic features in BGP’s working principle:

• CIDR Support: BGP supports the CIDR (Classless Inter-Domain Routing) structure to optimize IP addresses.
• Port and Communication: It uses TCP port 179 to communicate and share routing information between neighboring routers (peers). A 19-byte packet is sent over this port every 60 seconds.
• Data Integrity: Thanks to TCP’s error-checking mechanism, packets are delivered in order and lost packets are resent. This feature allows BGP to avoid the need for additional verification mechanisms, as in other routing protocols.
• Update Packet: BGP only transmits changed routes in update packets.
• Connection Security: The MD5 authentication mechanism is used to increase security in BGP sessions. This method prevents unauthorized access and verifies the source of TCP segments sent between routers.

BGP is divided into two types according to whether it works inside or outside the autonomous system:

• eBGP (Exterior Border Gateway Protocol), eBGP, Exterior Border Gateway Protocol is used for routers in different autonomous systems to establish neighborship with each other. Using this protocol, the network information learned from the neighbor is added to the router table with an Administrative Distance value of 20.
• iBGP (Interior Border Gateway Protocol), iGBP, Interior Border Gateway Protocol is used for routers in the same autonomous system to establish neighborship with each other. Using this protocol, the network information learned from the neighbor is added to the router table with an “Administrative Distance” value of 200.

In BGP, the ‘neighbor’ command is used to establish a neighborship between the same or different routers. With this command, the IP address and autonomous system (AS) numbers of the routers to be established as neighbors are determined. However, BGP takes into account the number of autonomous systems it passes through to reach its destination when determining a route. However, since factors such as bandwidth are not directly taken into account, manual intervention may be required on these parameters. For routing optimization, BGP uses various attributes to make routing decisions more effective. These are;

Well-Known Attributes: These are attributes that are recognized by all routers and are always present. These attributes are critical for making routing decisions for BGP routes. They are present in all BGP update messages.

• Mandatory Attributes: These are attributes that must be present in all update messages. These attributes must be present for every route in BGP messages. If these attributes are missing in a BGP message, that message is not considered valid and is not processed by the router.

o AS Path: Indicates the autonomous systems passed on the way to the destination. If the route passes through more than one AS, each AS number is listed in order. This attribute is important for preventing loops; when a router sees its own AS number, it does not accept this route. Thus, loops are prevented.

o Next-Hop: Indicates the IP address of the next router to be visited on the way to the destination. The BGP router uses this information to determine whether the route is correctly routed.

o Origin: Indicates how BGP learned the route.

• Internal(i): Routes learned with iBGP and are identified with the letter “i”.
• External(e): Routes learned with eBGP and are identified with the letter “e”.
• Incomplete(?): Indicates that the origin is unknown and is transferred into BGP in other ways. It is identified with “?”. The route contains the specified value because it is not learned from any protocol.

• Discretionary Attributes: These are attributes that are not mandatory for routers to use in the BGP protocol, but can be preferred according to certain network requirements. These attributes do not have to be recognized by every router and their use is optional. A router may not process these attributes and still transmit data with BGP. However, they may be useful for certain situations or network policies.

o Local Preference: Determines which route the router will prefer from multiple routes learned from neighboring routers. A high Local Preference value means higher preference.

o Atomic Aggregate: Used in routes created with summarization. Indicates to the router that transmissions with multiple routes should be handled atomically, that is, one at a time before the routes are summarised.

Optional Attributes: Whether or not it is present in BGP update messages depends on the manufacturer.

• Transitive Attributes: These attributes ensure that the values ​​of the routes are transmitted without being changed or corrupted during the transfer. A BGP route preserves its properties while being transferred from a neighboring router to another router and should be transmitted to the advancing routers without any corruption.

o Aggregator: Identifies the router that performs route summarization within the autonomous system.
o Community: Enables routers to mark routes on a group basis and to apply certain policies within this scope. Markings are provided by processing different numbers of bits into the packet header.

• Standard Community: 32-bit labeling.
  Extended Community: 64-bit more advanced labeling.
  Large Community: 128-bit comprehensive labeling.
  Well-Known Community: Labeling that defines predefined and commonly used communities (No-Export, No-Advertise, Internet, Local AS).

• No-Export: A community that prevents routes from being transferred to other autonomous systems, i.e. to the outside. The route can only be used in the local network without being exported.
• No-Advertise: Provides the feature of not advertising the route to other routers. The router does not announce this route to its neighbors even if they are in the same AS.
• Internet: Generally indicates that a route is open to large internet networks.
• Local AS: Indicates the local autonomous system number used in the network and plays an important role in determining routing policies, establishing neighborhoods, or making routing decisions in protocols such as BGP.

• Non-Transitive Attributes: When a BGP route is transferred from one router to another, it carries values ​​that only that router can use with these attributes, and these values ​​are not transmitted to other routers.

o MED (Multi Exit Discriminator): In BGP, when an autonomous system has more than one exit point, it is a priority value that determines which exit should be preferred in accessing neighboring autonomous systems. MED informs routers which exit is more suitable and allows routers to optimize traffic flow in networks with multiple connections. The MED value is entered low for the line from which packets are desired to come first.
o Originator ID: It identifies the source router that created the BGP update by carrying its number. Defining the source of the BGP route prevents loops. It plays an important role especially when used with Route Reflection and Confederation.
o Cluster ID: It specifies the number of the cluster to which routers in the same autonomous system belong. When Route Reflector is used, it prevents loops between routers and ensures that routes are routed correctly. It follows the routes propagated by routers in a specific Route Reflector group and in the same cluster and prevents loops by broadcasting to the same cluster.

BGP route selection is made according to the following criteria:

1- Highest Weight
This is a parameter that the BGP router uses locally and is only valid for this router. It is not forwarded to routers outside the AS where the router is located. Its default value is “0”. This value can be set manually on the router and is usually used to prefer the closest exit route.

2- Highest Local Preference
It is used to determine which route is better to reach a destination within the same AS. This value is shared within the AS with BGP updates. Its default value is “100”. The route with the highest local preference value is preferred. This value plays a critical role in determining which exit point the traffic will use within the AS.

3- Originate (Local Router Originated)
Routes created locally by the router (for example, manually adding a network in the BGP configuration) take precedence over other routes. If the route was created by the local router, the next-hop address appears as “0.0.0.0” and this route is preferred. This value allows the router to prefer its own network.

4- Shortest AS Path Length
The route is evaluated according to the number of ASs until it reaches the destination. A shorter AS path usually means less delay and a faster path. For this reason, the route with the shorter AS path is preferred. In some cases, the traffic flow can be directed by manipulating the AS path.

5- Lowest Origin Code
A ranking is made according to the route source. The origin can be found in three different types in the BGP table:

• IGP (Interior Gateway Protocol): Highest priority.
• EGP (Exterior Gateway Protocol): Medium priority.
• Incomplete: Lowest priority.
  It is preferred according to the source code order: IGP < EGP < Incomplete.

6- Lowest MED (Multi-Exit Discriminator)
MED is used to determine which route is better in an AS with multiple entry/exit points. MED is compared only between two neighboring ASes, it is not a global value. The route with the lower MED value is preferred.

7- Prefer eBGP over iBGP
If a route is received with both eBGP (External BGP) and iBGP (Internal BGP), the eBGP route is preferred. Because the eBGP route usually contains fewer hops and comes from external sources. For this reason, eBGP routes take precedence over iBGP routes.

8- Lowest IGP Metric to BGP Next-Hop
BGP evaluates the IGP (OSPF, IS-IS, etc.) metrics used to reach the next step (next-hop) of the route. A lower IGP metric usually means a shorter path.

9- Oldest Path
If all the above criteria are equal, the first learned (oldest) route is preferred. This is an approach used to maintain the stability of BGP. This criterion is important for a stable network because it prevents constant route changes that may otherwise occur.

10- Lowest BGP Neighbor Router_ID
If there is still equality in the criteria, the Router ID (RID) of the BGP neighbors is compared. The Router ID is a unique number that identifies the BGP router. The route with the lower Router ID is preferred. The Router ID is usually the highest loopback IP address or a value manually assigned by the router.

11- Lowest BGP Neighbor IP_Address
If all previous criteria are equal, the route with the lowest neighbor IP address is preferred. The route learned from the neighbor with the lower IP address is selected. This criterion is the final decision mechanism that will determine the route in case of equality.

To summarize the route selection in order;

• If the next router cannot be reached, the route in question is canceled directly.
• The route with the largest Weight value is selected.
• If the Weight values ​​are equal, the route with the largest Local Preference value is selected.
• If the Local Preference values ​​are also equal, the AS Path value is checked.
• If the AS Path values ​​are equal, the priority is given to the route’s origin, including the route learned from the inside; the route learned from the outside, and the route whose origin is unknown, respectively.
• If the routes to be selected do not have origins, the route with the lowest MED value is selected.
• If the MED values ​​are the same, routes with external origins are preferred over routes with internal origins.
• If the routes to be selected have the same origin, the route closest to the iBGP neighbor is selected in route selection.
• The smallest IP address specified by the router number is preferred as the route.
• If all the above scales are equal, the route with the neighbor with the smallest IP address is preferred.

BGP follows certain steps when establishing a secure connection with neighboring routers. BGP initiates a 3-way handshake process with a TCP connection. This process is called BGP FSM (Finite State Machine).

• Idle: BGP detects the connection initiation event and tries to establish a TCP connection with its neighbor. If the connection cannot be established, the “ConnectRetryTimer” in the packet header is reset and the connection is tried again. If this process continues, the timer is doubled. The neighbor that manages the connection is always the one with the higher IP address.
• Connect: The router waits for the TCP three-stage handshake to be completed. If it is successful, it goes to the “OpenSent” state, if the connection fails, it goes to the “Active” state. If the timer expires, a new TCP connection is attempted and the process is repeated.
• Active: If the connection cannot be established, BGP tries to establish a new TCP connection. If it successfully establishes the connection, it goes to the “OpenSent” state. If the connection fails, it goes back to the “Connect” state.
• OpenSent: In this phase, the source router sends an “Open” message and waits for a message from its neighbor. If an error message is received, BGP closes the connection and returns to the “Idle” state. If a correct message is received, the Hold Time is negotiated, and “keepalive” messages are sent.
• OpenConfirm: BGP waits for a “keepalive” or “notification” message from the remote neighbor. When the Keepalive is received, the connection goes to the “Established” state. If any error occurs, it returns to the “Idle” state.
• Established: The connection is established and the BGP neighborhood is complete. Routers send update packets to exchange routing information. If the Hold Timer expires or an error is detected, the connection returns to the Idle state.

This process allows BGP to correctly establish connections with neighboring routers and securely share routing information.

Multiprotocol BGP (MBGP or MP-BGP) is an extension to BGP and allows multiple types of addresses to be managed simultaneously. While standard BGP can only route using IPv4 unicast addresses, MP-BGP can work with both IPv4 and IPv6 addresses and also supports different types of data transmission, such as unicast and multicast.

The most important feature of MP-BGP is that it can manage both unicast and multicast routing information in a network. This allows them to be separated by storing both types of routing information in different routing tables. For example, unicast routing information is in one table, and multicast routing information is in another table. In this way, both types of routing can be handled independently according to their own needs without interfering with each other. The multicast routing topology can be different from the unicast routing topology. This allows network administrators to manage both types of traffic in a more flexible and controlled manner.

The use of MP-BGP is especially common in advanced network structures such as MPLS L3 VPN (Multiprotocol Label Switching Layer 3 Virtual Private Network). In such networks, VPN labels are used to distinguish traffic between customer sites. By ensuring that these labels are routed correctly, MP-BGP separates the traffic of each customer network from the others and guarantees correct and separate routing for each customer.

BGP manipulations are adjustments and interventions made to change or optimize routing policies. Manipulations are used to direct traffic flow as desired or restrict access to certain destinations by taking advantage of BGP’s flexible and policy-based structure. BGP manipulations are a powerful tool for controlling traffic flow, providing security, and gaining cost advantage in large-scale networks. However, these manipulations must be implemented carefully and in a planned manner. Misconfigurations can cause routing loops, performance losses, and even network outages. The best route selection can be done by changing the default values, and similar manipulation techniques can be applied to increase the adaptation process and get better results by applying different configurations to solve situations where certain problems may occur when working together with different protocols.

• This provides redundancy for a virtual IP address between a group of routers. The purpose of VRRP is to ensure that the network operates uninterruptedly by taking over another device in case one of the routing devices fails. This usually happens at Layer 2 or Layer 3 level. VRRP uses a virtual IP address, and this IP is usually used as a “gateway” in Layer 3 routing operations. BGP shares routing information between different ASes or with routers within the same AS. Since these two protocols serve different purposes, unexpected problems may occur during their interactions in some cases. If the next-hop address used by BGP is the same as the virtual IP controlled by VRRP, routing loops or incorrect path selections may occur. While VRRP passes traffic through a router, BGP may choose another routing path. This can lead to asymmetric traffic flow in the network. VRRP allows the backup device to quickly take over as the master in case of a master device failure. VRRP’s fast transition mechanism can be incompatible with BGP’s longer session re-establishment process. During this transition process, the BGP session can be disconnected because BGP has TCP-based session management and these sessions require stability. For example, incoming traffic can come from one device while outgoing traffic can be routed through another device. This can cause connectivity issues and performance degradation.

In such a case, if VRRP (Virtual Router Redundancy Protocol) and BGP are intended to be used together, the next-hop self-command can be used in the BGP configuration to ensure that the BGP routing tables are not dependent on the virtual IP address. Thus, the next-hop address is set as the real physical IP address instead of the virtual IP address of VRRP. Manually configuring the physical router IPs in BGP routing without using the virtual IP address of VRRP can reduce problems. The role change period of VRRP can be made compatible with the session timers of BGP. For example, setting the transition period of VRRP in accordance with the “hold-time” value of BGP can provide stability. The Graceful Restart feature in the BGP protocol can be enabled to prevent BGP sessions from being interrupted during a VRRP transition. It is possible to minimize the risks in a scenario where problems are likely to occur by applying the commands mentioned above.

• While sharing routing information between BGP and OSPF or EIGRP, loops may occur during redistribution. Incorrect or incomplete filtering rules can lead to unnecessary or incorrect entries in routing tables. While BGP can route on a large scale (for example, more than 500,000 routes), OSPF or EIGRP are not designed to handle such a large load. OSPF stability may be compromised during redistribution. OSPF uses a metric based on link cost, while BGP works with various policy-based metrics (for example, Local Preference, MED). This incompatibility may cause incorrect route selection.

In such a case, one of the filtering and loop prevention mechanisms, the “route-map” configuration or the “next-hop-self” command can be applied to make next-hop information compatible with BGP. Limiting and carefully planning the redistribution process between BGP and OSPF (Open Shortest Path First) or EIGRP (Enhanced Interior Gateway Routing Protocol) will minimize the risks.

• In MPLS VPN (Multi-Protocol Label Switching – Virtual Private Network) configurations, traffic losses may occur if the Label information carried by BGP is mismatched. While MPLS provides fast traffic routing, BGP’s slower consensus mechanism can be a bottleneck.

In such a case, MPLS and BGP configurations should be carefully synchronized and if you are using MPLS VPN, MP-BGP (Multiprotocol BGP) should be enabled.

• Since RIP is a class-based routing protocol, it cannot process the CIDR (Classless Inter-Domain Routing) based routing information carried by BGP. This can lead to loss of route information. In addition, RIP (Routing Information Protocol) has a fixed metric system (a metric is added to each hop), which conflicts with BGP’s more flexible and detailed metric structure.

In such a case, the compatibility between RIP and BGP can be increased by using summarization and static routes when redistributing from RIP to BGP.

The dynamic structure of BGP can conflict with static routes and create routing loops. While static routes cannot react to any changes, BGP’s failover capabilities may be ineffective. In such a case, preventing static routes from conflicting with routes learned by BGP and using “floating static routes” for static routes will minimize the related risks.