The term “backdoor” is a very controversial term when it comes to privacy and security. However, when it comes to BGP, it is a well-known feature that is used to change the administrative distance of eBGP in order for an interior gateway routing protocol (IGP) to take precedence over an eBGP route.
By default, external BGP (eBGP) has an administrative distance value of 20. Administrative distance is the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the best path and reliability of the source of the routing information. The smaller the administrative distance value, the more reliable the protocol/link.
Note: For more information about administrative distance in routing protocols refer to:
BGP selects a single path, by default, as the best path to a destination host or network. The best path selection algorithm analyzes path attributes to determine which route is installed as the best path in the BGP routing table. Each path carries well-known mandatory, discretionary, and optional transitive attributes that are used in BGP best path analysis.
The “Backdoor Feature” is often used to increase the administrative distance of eBGP to 200 with the goal of making the IGP learned routes to be preferred. A backdoor network is treated as a local network, except that it is not advertised. This is configured by using the network backdoor BGP command.
For example, in Figure 1 three separate networks are illustrated: a network in New York (AS 1010); another in Research Triangle Park (RTP), NC (AS 2020); and a third one in San Jose, CA (AS 3030).
Figure 1 – eBGP default admin distance
With the default administrative distances of BGP and EIGRP, if a device in the New York network (10.10.10.0/24) communicates with a device in RTP (10.20.20.0/24) the packets will route via the network in San Jose. This is because eBGP has a lower administrative distance (20) than EIGRP (90). To avoid this, the Cisco IOS Software network backdoor command can be used in New York’s R1 router (NY-R1) and vice-versa, as shown below.
After the network backdoor command is used in NY-R1, the administrative distance of eBGP is changed to 200 and the preferred path will be via the direct connection between NY-R1 and RTP-R1, as shown in Figure 2. The same steps can be followed in RTP, accordingly.
Figure 2 – eBGP admin distance after network backdoor command is used
The following are several additional references regarding BGP configuration and troubleshooting:
Hi All, I am designing a network that is connected to a corporate network. The private network contains a Project network and a Developers Network. My topology is below. Please could I have some feedback on how it can be improved as t...
Hi,I was wondering if there was a way I use Prime to look at the downtime of a switchport?. It would be useful to find out how long it has been since the switchport was up so we can determine whether to shut down the port or not ? is it possible do you kn...
Hi all, I'm trying to create a PTP domain using SyncE. The documentation about all these technologies is huge and there are lots of restrictions. Firstly, if I understand correctly :SyncE will provide the "bit clock" to my routers and...