Problem solve Get help with specific problems with your technologies, process and projects.

5 essential reasons for BGP in your IP network

The Border Gateway Protocol (BGP) is considered the hardest routing protocol to design, configure and maintain, but there are the 5 major reasons you need all of that difficulty in your network.

Yes, Border Gateway Protocol (BGP) has the reputation of being the hardest routing protocol to design, configure and maintain. But while this notion has some validity, there are situations where BGP is the only tool available to get the job done, or where deploying BGP throughout your network can increase its security or stability.

BGP's complexity is primarily due to the large number of attributes it can attach to a route, its complex route selection rules, and the manual configuration of neighboring routers (which are discovered automatically in most other routing protocols) needed to ensure the security of the routing information exchange. Having a large number of configuration options and BGP-specific filtering mechanisms available on routers from different major vendors doesn't help either.

In this article, I'll give you five scenarios where BGP is the best match for your network requirements.

1. Internet service advantages

If you're an Internet service provider (ISP), running BGP in your network is almost a must. I've seen consumer-focused ISPs that tried to get around this recommendation and used BGP solely to peer with their upstream ISPs, but they eventually had to bite the bullet and deploy BGP to increase the stability of their network, provide end-to-end quality-of-service or penetrate enterprise markets. Enterprise-focused ISPs have to run BGP from the start to support their multi-homed customers).

2. Layer 3 VPN services

There are situations where BGP is the only tool available to get the job done...
Ivan Pepelnjak Chief Technology AdvisorNIL Data Communications

We've seen a variety of technologies used to implement Layer 3 VPN services in recent years, and MPLS-based VPNs have undoubtedly proven to be the most scalable solution, partly due to using BGP as the underlying routing protocol. Fortunately, you don't have to deploy BGP everywhere in your network if you want to deploy MPLS/VPN solutions. It's enough to deploy BGP on the Provider Edge (PE) routers that connect your VPN customers and on a few core devices that act as route servers (these devices should not be expected to forward heavy traffic loads).

3. Increasing network stability

Although I've met networking engineers trying to use BGP as the sole routing protocol in their networks, that's not how you should use it. Any decent BGP design should rely on another faster routing protocol (for example, OSPF, EIGRP or IS-IS) to provide core routing in the network, with BGP responsible for the edge/customer routing.

With the separation of core and edge routing into two routing protocols, your network core becomes more stable, as the edge problems cannot disrupt the core. This design has been used very successfully in large enterprise networks with haphazard addressing schemes that defied attempts at route summarization. It should also be used in almost all service provider environments. You should never carry your customers' routes in your core routing protocol, as customer's internal problems could quickly affect the stability of your own network.

I must note that it's amazing what you can see in the field. I saw an ISP running OSPF with its customers a few years ago. In that setup, a rogue or ignorant customer could have easily disrupted the whole service provider network.

4. Automatic Response to Denial-of-Service Attacks

Among other peculiarities, BGP allows you to specify any IP address as the next-hop for an IP prefix. This property is most-often used to ensure optimum routing across a BGP autonomous system. You can also use it to implement network-wide sinkholes and remote blackholes to quickly stop worms and denial-of-service attacks on your network.

Please note that you don't have to migrate your routing to BGP if you want to use these mechanisms. To implement remote blackholes, it's enough that you deploy BGP on strategic points in your network and link them via BGP sessions with a central router through which you'll insert the IP addresses to block.

5. Large-scale QOS or web caching deployment

Not only does BGP carry a number of attributes describing the IP routes, it allows you to add extra baggage to every IP route it advertises in the form of BGP communities that are totally transparent to BGP (unless you're manually configuring route selection rules to use them) but propagated throughout the network.

A few technologies completely unrelated to BGP allow you to use these attributes to implement large-scale designs. For example, Quality-of-Service Policy Propagation with BGP (QPPB) allows you to set QoS bits for specific BGP destinations based on BGP communities and other BGP attributes. Similarly, you can control the Web Cache Communication Protocol (WCCP)-based web caching policy with BGP.

Summary

Even though BGP is categorized as a complex and hard-to-configure routing protocol, its deployment in large enterprise networks can bring significant benefits, which is almost mandatory in a service provider environment.

About the author:
Ivan Pepelnjak, CCIE No. 1354, is a 25-year veteran of the networking industry. He has more than 10 years of experience in designing, installing, troubleshooting and operating large service provider and enterprise WAN and LAN networks and is currently chief technology advisor at NIL Data Communications, focusing on advanced IP-based networks and web technologies. His books include MPLS and VPN Architectures and EIGRP Network Design. Check out his blog.

This was last published in January 2008

Dig Deeper on Telecom Resources

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

You must find the IP address of the remote interface and the remote autonomous system number usually directly connected to your network's egress interface peers must be able to reach each other using TCP port 179 interface on the local router must be configured with an IP address router must have a path to its remote peer
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchDataCenter

SearchCloudComputing

SearchCloudProvider

Close