BGP Confederations (GNS3 Lab)
Similar to using route reflectors confederations are usually used to reduce the amount of IBGP connections needed for a full mesh. They do this by splitting an AS into multiple sub ASs. In the sub ASs created by the confederation all the normal rules of IBGP apply e.g. Fully meshed. EBGP must run between the sub ASs. To the outside world a confederation still looks like a single full AS. The AS numbers for the sub ASs can be assigned from the private AS range between 64512 and 65535. Another benefit/feature of a confederation is that IGPs that run within a sub AS are completly autonomous from IGPs in other sub ASs.
Below we will configure two confederations inside AS200. The GNS3 net file and the initail configs with addressing and EIGRP/OSPF configured can be found [HERE].
Each of the sub ASs has full connectivity within itself at the moment so to build on this configure each of the routers in turn starting with Conf1A.
First we enter bgp config mode under the sub AS number. We then configure the router to tell EBGP neighbours its part of AS200 using the confederation identifier command. After that its IBGP with other hosts in the sub AS (using the sub AS number) and EBGP as normal to SmileyISP. Now Conf1B.
Conf1A(config)#conf t Conf1A(config)#router bgp 65001 Conf1A(config-router)#bgp confederation identifier 200 Conf1A(config-router)#network 10.1.12.0 mask 255.255.255.0 Conf1A(config-router)#network 10.1.23.0 mask 255.255.255.0 Conf1A(config-router)#neighbor 10.1.12.1 remote-as 100 Conf1A(config-router)#neighbor 10.1.23.3 remote-as 65001 Conf1A(config-router)#neighbor 10.1.34.4 remote-as 65001
Similar to Conf1A but this time since interface fa 1/0 connects to the other sub AS we need the "bgp confederation peers" command. This command will ensure all the attributes euch as local pref and next hop are preserved when they traverse this EBGP to the sub AS 65002. Since the next hop attribute is preserved between the sub ASs and there might not be routes in the routing table to allow this to work we use the "next-hop-self" command.
Conf1B(config-router)#router bgp 65001 Conf1B(config-router)#no synchronization Conf1B(config-router)#bgp log-neighbor-changes Conf1B(config-router)#bgp confederation identifier 200 Conf1B(config-router)#bgp confederation peers 65002 Conf1B(config-router)#network 10.1.23.0 mask 255.255.255.0 Conf1B(config-router)#network 10.1.34.0 mask 255.255.255.0 Conf1B(config-router)#network 10.1.36.0 mask 255.255.255.0 Conf1B(config-router)#neighbor 10.1.23.2 remote-as 65001 Conf1B(config-router)#neighbor 10.1.34.4 remote-as 65001 Conf1B(config-router)#neighbor 10.1.36.6 remote-as 65002 Conf1B(config-router)#neighbor 10.1.36.6 next-hop-self
At this point we have full connectivity from the loopback on Conf1C to the loopback on SmileyISP :) Now to configure the routers in sub AS 65002. Similar configs only replacing a few addresses in places.
router bgp 65001 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 network 188.8.131.52 mask 255.255.255.0 network 10.1.34.0 mask 255.255.255.0 neighbor 10.1.23.2 remote-as 65001 neighbor 10.1.34.3 remote-as 65001
router bgp 65002 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 bgp confederation peers 65001 network 10.1.36.0 mask 255.255.255.0 network 10.1.56.0 mask 255.255.255.0 network 192.168.1.0 neighbor 10.1.36.3 remote-as 65001 neighbor 10.1.36.3 next-hop-self neighbor 10.1.56.5 remote-as 65002
Now theres full connectivity to all networks from all routers. The output on SmileyISP confirms that it only sees AS200 and not the sub ASs.
router bgp 65002 no synchronization bgp log-neighbor-changes bgp confederation identifier 200 network 10.1.15.0 mask 255.255.255.0 network 10.1.56.0 mask 255.255.255.0 neighbor 10.1.15.1 remote-as 100 neighbor 10.1.56.6 remote-as 65002
SmileyISP#show ip bgp
BGP table version is 13, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
- 184.108.40.206/24 10.1.15.5 0 200 i
*> 10.1.12.2 0 200 i
- 10.1.12.0/24 10.1.15.5 0 200 i
10.1.12.2 0 0 200 i
*> 0.0.0.0 0 32768 i
If we check Conf1B
Conf1B#show ip bgp 192.168.1.0
BGP routing table entry for 192.168.1.0/24, version 15
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
10.1.36.6 from 10.1.36.6 (192.168.1.1)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
We see routes learned from sub AS 65002 are classified as confederation external (confed-external) routes. This is used in route selection with EBGP routes preferred over confed-external which are in turn preferred over internal.
The formula to calculate the number of IBGP connections needed for a full mesh of N number of routers is N(N-1)/2 so here without using a confederation we would have used (5*4)/2=10 but we used 5. Not too much but considering the saving grows exponentially with every router running IBGP it can ease config/administration a lot.