The term “backdoor” is a very controversial term when it comes to privacy and security. However, when it comes to BGP, it is a well-known feature that is used to change the administrative distance of eBGP in order for an interior gateway routing protocol (IGP) to take precedence over an eBGP route.
By default, external BGP (eBGP) has an administrative distance value of 20. Administrative distance is the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the best path and reliability of the source of the routing information. The smaller the administrative distance value, the more reliable the protocol/link.
Note: For more information about administrative distance in routing protocols refer to:
BGP selects a single path, by default, as the best path to a destination host or network. The best path selection algorithm analyzes path attributes to determine which route is installed as the best path in the BGP routing table. Each path carries well-known mandatory, discretionary, and optional transitive attributes that are used in BGP best path analysis.
The “Backdoor Feature” is often used to increase the administrative distance of eBGP to 200 with the goal of making the IGP learned routes to be preferred. A backdoor network is treated as a local network, except that it is not advertised. This is configured by using the network backdoor BGP command.
For example, in Figure 1 three separate networks are illustrated: a network in New York (AS 1010); another in Research Triangle Park (RTP), NC (AS 2020); and a third one in San Jose, CA (AS 3030).
Figure 1 – eBGP default admin distance
With the default administrative distances of BGP and EIGRP, if a device in the New York network (10.10.10.0/24) communicates with a device in RTP (10.20.20.0/24) the packets will route via the network in San Jose. This is because eBGP has a lower administrative distance (20) than EIGRP (90). To avoid this, the Cisco IOS Software network backdoor command can be used in New York’s R1 router (NY-R1) and vice-versa, as shown below.
After the network backdoor command is used in NY-R1, the administrative distance of eBGP is changed to 200 and the preferred path will be via the direct connection between NY-R1 and RTP-R1, as shown in Figure 2. The same steps can be followed in RTP, accordingly.
Figure 2 – eBGP admin distance after network backdoor command is used
The following are several additional references regarding BGP configuration and troubleshooting:
Hello.I'm having an issue with SSH console slowness once connected into a network device on GNS3. It generally slow on any router/switch regardless of the configuration to ssh/vty lines.If using Telnet it's perfectly fine and very responsive but ssh is sl...
I'm trying to connect 2 sites to the main office in the middle using VPN I already configured the left side and It works fine but I can't seem to connect the right side to the middle network, here are all the configuration commands i used, !on ...
I'm trying to connect 2 sites to the main office in the middle using VPN I already configured the left side and It works fine but I can't seem to connect the right side to the middle network, here are all the configuration commands i used, !on router...
I'm having an issue with a single VLAN. I have a few VLANs on this switch: 1,4,25,26,30,45. The connected ports are configured thusly: int range ge1-10switchport mode trunkswitchport trunk allowed vlan all My uplink port is ge10My testing port i...
Hello there. I am attempting to setup multiple VLAN's at my church using two SG300-10-10PP managed switches. However, after several attempts and searching the web for examples and instructions, only the default VLAN can access the Internet.&nbs...