BGP FAQ

Border Gateway Protocol (BGP) FAQ

What is BGP, and when should I use it?

BGP, short for "Border Gateway Protocol", is a protocol used by Internet routers to communicate which networks they can access. You should use BGP if you have more than one Internet connection, and are trying to achieve load balancing and/or redundancy.

Autonomous System Number (ASN). A unique 16 bit number assigned by ARIN in North America that refers to a particular collection of IP networks under a common administration and sharing a common routing strategy in order to exchange exterior routing information and to identfiy the system themselves.

How does BGP work?

Before you run BGP, you must be assigned an ASN ("Autonomous System Number"). This number identifies your network to the Internet.

When you announce (also known as advertising) that you have a block of IPs in your ASN, you are sending information about that IP block to your "Neighbor", usually your ISP's BGP router. Your neighbor receives the advertisement and adds it to their BGP tables. It will then add its' ASN to your ASN in the AS Path and copy the advertisement to it's neighbors.
This process continues until your route has been copied (propagated) to every ASN on the Internet.

Since many Internet routers have several connections, and thus several different paths to your network, they have to decide on the best path to your network. This is where it uses the ASN information. The Internet routers select the path to your network that has the shortest number of ASNs to cross. This is called the "ASN hop Count", and is different from the number of hops you see in a traceroute.

Hypothetical Example:
Bob (ASN 12345) has a connection to UUNet (ASN 701) and Genuity (ASN 1).
UUNet has a direct connection to Bill (ASN 23456). Genuity doesn't have a direct connection to Bill, but instead has to cross Buddy (ASN 7654).

Diagram:
Bob(12345) - UUNet(701) - Bill(23456)
+- Genuity(1) - Buddy(7654) -+

In this scenario, Bill is going to receive two paths to Bob.
The first path Via UUNet looks like this: 701 12345
The second path Via Genuity/Buddy looks like this: 7654 1 12345
Bill would select the UUNet path because of the shorter number of ASNs in the AS PATH.

If Bob's UUNet connection went down, then Bill would still have the longer Genuity path in his BGP tables and would send data to Bob via that path. This is why BGP is used for redundancy.

III

What are the basic steps to running BGP?

1.	Talk to your ISP's and see if they will let you peer with them. This isn't a question that the average helpdesk person is going to be able to answer, so you may have to work your way up the support chain. If the answer is no, then you need to find a different ISP. Most large ISP's have no problem with this. I won't suggest a specific ISP in the FAQ, but I have personally worked with UUNet, Sprint, AT&T and Cable & Wireless. AT&T: (888) 613-6330 (Request route change, static to BGP) MCI (UUNet): (800) 900-0241 (Written request: help4u@mci.com)
2.	Apply for an Autonomous System Number from ARIN. This requires a one-time ARIN registration fee of $500 for each ASN assigned plus each year thereafter a $100 annual maintenance fee, payable on the anniversary date of the first resource registration. If you are not within the continental US, you will have to apply for an ASN from a different agency, probably RIPE or APNIC. ARIN - www.arin.net RIPE - www.ripe.net APNIC - www.apnic.net
3.	Acquire a minimum of a /24 (256 IPs) from at least one of your ISP's. It is technically possible to run BGP with an IP block smaller than a /24, but most ISP's filter advertisements more specific than a /24. This filtering is done to conserve memory and CPU resources on BGP routers.
4.	Configure your router for BGP, and contact your ISP's for turn up. Cisco configuration: router bgp asnumber network 1.2.3.0 255.255.255.0 neighbor 2.3.4.5 remote-as external-asnumber >sh ip bgp neighbor 2.3.4.5
5.	Verify your routes are being advertised by checking a BGP Looking Glass. http://www.traceroute.org/
6.	Test your Fault-Tolerance and Tweak the Load Balancing parameters as necessary.

What type of router do I need to run BGP?

Most people running BGP use Cisco routers. Juniper, Lucent, Foundry, and many other companies also manufacture BGP capable routers, but Cisco has the largest market share.

Here are the things to look for in a BGP router:
1.	Processing Power - It should be able to easily handle the amount of traffic you want to push through it.
2.	Memory - BGP's memory requirements are flexible, depending on how much routing information you choose to receive. If you only accept a default route from each provider, then it will not require more than the standard memory configuration. Conversely, running BGP with Full tables is memory intensive. Currently, it takes approximately 102mb of Ram to accept full tables from two providers. This number is growing, so it is best to keep an eye towards future scalability.
3.	Interfaces - It seems obvious, but if you are going to have two T1s and a DS-3, your router needs to be able to accept interfaces for two T1s and a Ds-3.
4.	Cost - This is obvious. High-end routers are not cheap. If your company structure allows it, it is often possible to pick up 2 or 3 used routers for the cost of a single new one. Ask around to find a good used equipment vendor, or try ebay.

In August of 2002, I see most BGP deployments on Cisco 3640's with the maximum amount of memory. In the near future, many people will stay with this platform and accept less than full routing tables to overcome the memory limitation. The next step up from the 3640 is the 3660, the 7200 series, and the 7500 series.

A 2501 can run BGP in a Default-only configuration for 2 T1's. If Cost is the overriding factor in your decision, choose a router based on required interfaces and throughput, and run a default-only configuration.

This sounds complicated, do I need another person on staff just to manage this?

Usually, No. Once BGP is setup, it doesn't require much in the way of regular maintenance. The only thing I usually recommend is having the network administrator check occasionally (once a day) to verify that all of your links are still up. This can be made easier using a graphical tool like MRTG to display the status of the router in a web page.

Cisco System BGR (Border Gateway Protocol)

Additional questions in no particular order.

1.	Do DNS or NAT based redundancy solutions really work? In a word, no. BGP is the only standards based redundancy mechanism that will work with every network service.
2.	Don't I have to get an IP block from ARIN? According to the website it will cost $3000 for a /24. No. You only have to contact ARIN/RIPE/APNIC for IPs when you require more than 8 /24s. If your needs are smaller than a /21, then you will run BGP with your ISP's IP space. IP's that are assigned to you through your ISP are called "Provider Aggregatable" (PA). You retain PA IP space as long as you are a customer of that ISP. The other type of IP assignment is "Provider Independent" PI. PI IP space is assigned to you directly by ARIN/RIPE/APNIC, and you retain this IP space even if you change ISP's.
3.	What is a BOGON, and why do people filter BOGONs? A BOGON is a network that has not been assigned to anyone for use by ARIN/RIPE/APNIC. Traffic coming from these networks is almost certainly spam or malicious in nature, and should be ignored. Filtering BOGONs keeps them out of your routing table. If you filter BOGONs, you must be diligent in updating the filter as new networks are assigned. Failure to do so will cause difficulty in reaching the newly assigned networks, and is a significant headache for those that receive IP blocks from recently assigned (formerly BOGON) space.
4.	What is a route server or looking glass? These allow you to remotely view the BGP tables of another AS. They are useful for verifying that your routing advertisements are being propagated properly, and troubleshooting issues with Load-Balancing. The route server route-views.oregon-ix.net maintains connections to many (>10) ASs, and provides a very comprehensive view of how the Internet sees your networks. To reach it, telnet to route-views.oregon-ix.net . It supports Ping and Traceroute, as well as Cisco style SHOW IP BGP commands. 5. How do I justify needing a /24 to my ISP if all I have is a router, webserver, and a mail server? In 2001, ARIN ratified a policy that permits multhoming (connection to more than one ISP) as justification for a /24. An ISP with an ASN will most likely be a member of ARIN, and should accept this policy.