Solved: loop prevention in EBGP

dhikra-marghli8 · ‎12-20-2023

Hello

i want to know how i can loop prevention in EBGP cisco ?

i use allowas-in and AS-Override ?

what are attribue can loop prevention in session EBGP ?

Thanks

MHM Cisco World · ‎12-20-2023

MHM

View solution in original post

M02@rt37 · ‎12-20-2023

Hello @dhikra-marghli8

In BGP, loop prevention is essential to avoid routing loops. In the context of EBGP, where routers in AS exchange routing information, certain attributes and techniques help in preventing loops. Here are a few key attributes and techniques:

BGP routers can perform a Time-to-Live security check on incoming EBGP updates. This involves verifying that the TTL value in the IP header of the received BGP update is greater than 1. If the TTL is 1, it indicates that the update has traversed only one router and might be loopingThe AS_PATH attribute contains a list of AS numbers through which the route has traversed. BGP routers use the AS_PATH to prevent routing loops. The

allowas-in

command is used to allow the same AS number to appear multiple times in the AS_PATH attribute. This is helpful when a route traverses the same AS multiple times (AS confederation scenarios).

AS-Override is another technique used to address issues in scenarios where BGP routers within the same AS use EBGP to peer with routers in another AS. AS-Override allows a router to advertise routes to its EBGP peer with the AS_PATH attribute modified to appear as if the routes originated within the local AS. This can help in scenarios where route reflection is used.

BGP confederation is a method to address the issue of scalability within an AS. In a confederation, an AS is divided into sub-ASes, and routers within the same sub-AS use EBGP to peer. Confederation sub-ASes are still part of the overall AS, and loop prevention is maintained through standard BGP mechanisms.

When using BGP route reflectors within an AS, the route reflectors help in distributing routes without causing loops. Clients of a route reflector receive routes without modification, and non-client routes are reflected with the next-hop attribute set to the IP address of the route reflector.

Site of Origin is a tool to help prevent routing loops in scenarios where there are redundant entry points into an AS, and it provides a way to mark and filter routes based on their origin site. This contributes to the stability and efficiency of routing in complex network topologies.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎12-20-2023

SiteA-ISP-SiteB

Now SiteA use same As as SiteB

We use allowas-in/override-as

The SiteB accept route from SiteA

Assume there is direct connect between two sites

SiteB will re advertise route to SiteA

Here SiteA using SoO know that origin of this prefix is itself and drop the route and prevent loop.

MHM

View solution in original post

MHM Cisco World · ‎12-20-2023

you ask about attribute and accpet solution of TTL which is data plane
I am confused
MHM

View solution in original post

M02@rt37 · ‎12-20-2023

@dhikra-marghli8

Other thread here:

https://yurmagccie.wordpress.com/2018/06/06/bgp-part-3-loop-prevention-mandatory-attributes/

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎12-20-2023

the Lab is simple
there are two Loop
one control plane routing Loop
other is Data Loop
so we use SoO for routing Loop
you can see before the SoO I see 5.5.5.5/32 via two path one from R5 and other from R3 even so it originate from R5 itself.
after you use SoO, the R5 know that this prefix originate from it and drop it.

View solution in original post

MHM Cisco World · ‎12-20-2023

MHM

dhikra-marghli8 · ‎12-20-2023

thanks

i can't unterstant why Site of origin can prevent loop in EBGP ?

Thanks

MHM Cisco World · ‎12-20-2023

SiteA-ISP-SiteB

Now SiteA use same As as SiteB

We use allowas-in/override-as

The SiteB accept route from SiteA

Assume there is direct connect between two sites

SiteB will re advertise route to SiteA

Here SiteA using SoO know that origin of this prefix is itself and drop the route and prevent loop.

MHM

dhikra-marghli8 · ‎12-20-2023

Hello ,

Thanks for your help

dhikra-marghli8 · ‎12-20-2023

Juste i want to know siteA==> it is CPE ?

MHM Cisco World · ‎12-20-2023

I will share lab later today about this point SoO
thanks

MHM

M02@rt37 · ‎12-20-2023

Hello @dhikra-marghli8

In BGP, loop prevention is essential to avoid routing loops. In the context of EBGP, where routers in AS exchange routing information, certain attributes and techniques help in preventing loops. Here are a few key attributes and techniques:

BGP routers can perform a Time-to-Live security check on incoming EBGP updates. This involves verifying that the TTL value in the IP header of the received BGP update is greater than 1. If the TTL is 1, it indicates that the update has traversed only one router and might be loopingThe AS_PATH attribute contains a list of AS numbers through which the route has traversed. BGP routers use the AS_PATH to prevent routing loops. The

allowas-in

command is used to allow the same AS number to appear multiple times in the AS_PATH attribute. This is helpful when a route traverses the same AS multiple times (AS confederation scenarios).

AS-Override is another technique used to address issues in scenarios where BGP routers within the same AS use EBGP to peer with routers in another AS. AS-Override allows a router to advertise routes to its EBGP peer with the AS_PATH attribute modified to appear as if the routes originated within the local AS. This can help in scenarios where route reflection is used.

BGP confederation is a method to address the issue of scalability within an AS. In a confederation, an AS is divided into sub-ASes, and routers within the same sub-AS use EBGP to peer. Confederation sub-ASes are still part of the overall AS, and loop prevention is maintained through standard BGP mechanisms.

When using BGP route reflectors within an AS, the route reflectors help in distributing routes without causing loops. Clients of a route reflector receive routes without modification, and non-client routes are reflected with the next-hop attribute set to the IP address of the route reflector.

Site of Origin is a tool to help prevent routing loops in scenarios where there are redundant entry points into an AS, and it provides a way to mark and filter routes based on their origin site. This contributes to the stability and efficiency of routing in complex network topologies.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

dhikra-marghli8 · ‎12-20-2023

Bravo ...thanks again for your help .

MHM Cisco World · ‎12-20-2023

you ask about attribute and accpet solution of TTL which is data plane
I am confused
MHM

M02@rt37 · ‎12-20-2023

@dhikra-marghli8

Other thread here:

https://yurmagccie.wordpress.com/2018/06/06/bgp-part-3-loop-prevention-mandatory-attributes/

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎12-20-2023

the Lab is simple
there are two Loop
one control plane routing Loop
other is Data Loop
so we use SoO for routing Loop
you can see before the SoO I see 5.5.5.5/32 via two path one from R5 and other from R3 even so it originate from R5 itself.
after you use SoO, the R5 know that this prefix originate from it and drop it.

dhikra-marghli8 · ‎12-20-2023

Thanks for your reply and your help