388 CHAPTER 30: BGP CONFIGURATION
■ Using the peer next-hop-local command can specify the router as the next
hop for routes to a peer/peer group. If BGP load balancing is configured, the
router specify itself as the next hop for routes to a peer/peer group regardless
of whether the peer next-hop-local command is configured.
■ In a “third party next hop” network, that is, the two EBGP peers reside in a
common broadcast subnet, the BGP router does not specify itself as the next
hop for routes to the EBGP peer, unless the peer next-hop-local command is
configured.
■ In general, BGP checks whether the AS_PATH attribute of a route from a peer
contains the local AS number. If so, it discards the route to avoid routing loops.
■ You can specify a fake AS number to hide the real one as needed. The fake AS
number applies to routes to EBGP peers only, that is, EBGP peers in other ASs
can only find the fake AS number.
■ The peer substitute-as command is used only in specific networking
environments. Inappropriate use of the command may cause routing loops.
Tuning and
Optimizing BGP
Networks
This task involves the following parts:
1 Configure BGP timers
After establishing a BGP connection, two routers send keepalive messages
periodically to each other to keep the connection. If a router receives no keepalive
message from the peer after the holdtime elapses, it tears down the connection.
When establishing a BGP connection, the two parties compare their holdtime
values, taking the shorter one as the common holdtime.
2 Reset BGP connections
After modifying a route selection policy, you have to reset BGP connections to
make the new one take effect, causing short time disconnections. The current BGP
implementation supports the route-refresh capability. With this capability enabled
on all BGP routers in a network, when a policy is modified on a router, the router
advertises a route-refresh message to its peers, which then resend their routing
information to the router. Therefore, the local router can perform dynamic route
update and apply the new policy without tearing down BGP connections.
If a router not supporting route-refresh exists in the network, you must configure
the peer keep-all-routes command to save all route updates, and then use the
refresh bgp command to soft-reset BGP connections, to refresh the BGP routing
table and apply the new policy without tearing down BGP connections.
3 Configure BGP authentication
BGP employs TCP as the transport protocol. To enhance security, you can
configure BGP to perform MD5 authentication when establishing a TCP
connection. BGP MD5 authentication is not for BGP packets. It is used to set
passwords for TCP connections. If the authentication fails, the TCP connection can
not be established.
To Next Page
Loading...
