BGP Synchronization

BGP Synchronization

Adapted from the Synchronization example in http://www.cisco.com/en/US/docs/internetworking/case/studies/icsbgp4.html

When an AS provides transit service to other ASs when there are non-BGP routers in the AS, transit traffic might be dropped if the intermediate non-BGP routers have not learned routes for that traffic via an IGP. The BGP synchronization rule states that if an AS provides transit service to another AS, BGP should not advertise a route until all of the routers within the AS have learned about the route via an IGP.

The topology shown in Figure 1 demonstrates this synchronization rule.

Figure 1: Synchronization

In Figure 1, Router C sends updates about network 170.10.0.0 to Router A. Routers A and B are running IBGP, so Router B receives updates about network 170.10.0.0 via IBGP. If synchronization is disabled, Router B will install the IBGP route to 170.10.0.0 in its routing table. So when Router B wants to reach network 170.10.0.0, it sends traffic to Router E. If Router A does not redistribute network 170.10.0.0 into an IGP, Router E has no way of knowing that network 170.10.0.0 exists and will drop the packets.

�

If Router B advertises to AS 400 that it can reach 170.10.0.0 before Router E learns about the network via IGP, traffic coming from Router D to Router B with a destination of 170.10.0.0 will flow to Router E and be dropped.

This situation is handled by the synchronization rule of BGP, which states that if an AS (such as AS100 in Figure 1) passes traffic from one AS to another AS, BGP does not advertise a route before all routers within the AS (in this case, AS 100) have learned about the route via an IGP. In this case, Router B waits to hear about network 170.10.0.0 via an IGP before it sends an update to Router D.

Worked Example

In the example below, synchronization is enabled (default behaviour before Cisco IOS Software Release 12.2(8)T) but no redistribution is configured.

�

RouterB#show ip bgp

BGP table version is 2, local router ID is 150.10.10.33

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i150.10.0.0 150.10.10.1 0 100 0 i

*> 0.0.0.0 0 32768 i

* i170.10.0.0 2.2.2.1 0 100 0 300 I

RouterB#show ip route bgp

<no output>

Now although Router B gets the IBGP update, it will not install this route into its routing table until it sees a valid route to 170.10.0.0, nor will it advertise the route to RouterD. A debug ip bgp updates will show this:

RouterB# debug ip bgp updates

*Mar 1 06:29:56.142: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up

*Mar 1 06:29:58.206: BGP(0): 150.10.10.1 rcvd UPDATE w/ attr: nexthop 150.10.10.1, origin i, localpref 100, metric 0

*Mar 1 06:29:58.210: BGP(0): 150.10.10.1 rcvd 150.10.0.0/16

*Mar 1 06:29:58.210: BGP(0): 150.10.10.1 rcvd UPDATE w/ attr: nexthop 2.2.2.1, origin i, localpref 100, metric 0, path 300

*Mar 1 06:29:58.210: BGP(0): 150.10.10.1 rcvd 170.10.0.0/16

*Mar 1 06:30:26.226: BGP(0): no valid path for 170.10.0.0/16

*Mar 1 06:30:26.226: BGP(0): nettable_walker 150.10.0.0/16 route sourced locally

*Mar 1 06:30:26.226: BGP(0): nettable_walker 170.10.0.0/16 no best path

*Mar 1 06:30:26.226: BGP(0): 1.1.1.2 send UPDATE (format) 150.10.0.0/16, next 1.1.1.1, metric 0, path Local

*Mar 1 06:30:26.230: BGP(0): 150.10.10.1 send UPDATE (format) 150.1150.10.10.33, metric 0, path Local

RouterB#

*Mar 1 06:30:33.738: BGP(0): no valid path for 170.10.0.0/16

If Router B wants to reach network 170.10.0.0, it would have no path to follow and would drop the packets. If Router A does not redistribute network 170.10.0.0 into an IGP, neither Router D or Router E has a way of knowing that network 170.10.0.0 exists and will drop the packets. This is what synchronization is all about � not installing IBGP routes into the routing table before being synchronised to the IGP.

Disabling Synchronization

In the following example, synchronization has been disabled on Router A & Router B.

RouterA(config)#router bgp 100

RouterA(config-router)#no synchronization

RouterB(config)#router bgp 100

RouterB(config-router)#no synchronization

Router B receives the IBGP update as before, but installs it into its routing table:

RouterB#

*Mar 1 06:55:46.606: BGP(0): 1.1.1.2 send UPDATE (format) 150.10.0.0/16, next 1.1.1.1, metric 0, path Local

*Mar 1 06:55:46.610: BGP(0): 150.10.10.1 send UPDATE (format) 150.10.0.0/16, next 150.10.10.33, metric 0, path Local

RouterB#

*Mar 1 06:55:51.530: BGP(0): 150.10.10.1 rcvd UPDATE w/ attr: nexthop 150.10.10.1, origin i, localpref 100, metric 0

*Mar 1 06:55:51.534: BGP(0): 150.10.10.1 rcvd 150.10.0.0/16

*Mar 1 06:55:51.554: BGP(0): 150.10.10.1 rcvd UPDATE w/ attr: nexthop 2.2.2.1, origin i, localpref 100, metric 0, path 300

*Mar 1 06:55:51.558: BGP(0): 150.10.10.1 rcvd 170.10.0.0/16

*Mar 1 06:55:51.566: BGP(0): Revise route installing 1 of 1 routes for 170.10.0.0/16 -> 2.2.2.1(main) to main IP table

RouterB#

*Mar 1 06:56:16.714: BGP(0): 1.1.1.2 send UPDATE (format) 170.10.0.0/16, next 1.1.1.1, metric 0, path 300

RouterB#show ip bgp

BBGP table version is 3, local router ID is 150.10.10.33

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i150.10.0.0 150.10.10.1 0 100 0 i

*> 0.0.0.0 0 32768 i

*>i170.10.0.0 2.2.2.1 0 100 0 300 i

RouterB#show ip route bgp

B 170.10.0.0/16 [200/0] via 2.2.2.1, 02:31:24

Notice that bgp entry for the 170.10.0.0 network above has been tagged as both valid (*) and best (>), whereas before when synchronization was required, it was shown only as valid (*). And we can see from the output of the show ip route bgp that the route to 170.10.0.0 has been added to the routing table.

So now Router B is advertising to AS 400 that it can reach 170.10.0.0 before it or Router E has learnt about the network via IGP. This will result in traffic coming from Router D to Router B with a destination of 170.10.0.0 will flow to Router E and be dropped.

RouterD#show ip bgp

BGP table version is 3, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 150.10.0.0 1.1.1.1 0 0 100 i

*> 170.10.0.0 1.1.1.1 0 100 300 I

RouterD#show ip route bgp

B 170.10.0.0/16 [20/0] via 1.1.1.1, 02:49:08

B 150.10.0.0/16 [20/0] via 1.1.1.1, 02:49:38

RouterD#traceroute 170.10.10.1

Type escape sequence to abort.

Tracing the route to 170.10.10.1

1 1.1.1.1 16 msec 24 msec 16 msec

2 150.10.10.25 [AS 100] 20 msec 12 msec 12 msec

3 150.10.10.25 [AS 100] !H * !H

The trace only gets as far as Router E! So even with synchronization disabled, in this situation, it breaks the network.

For this example, redistribution of the bgp routes into an IGP is essential for proper operation of the network.

RouterA(config)#router rip

RouterA(config-router)#redistribute bgp 100 metric transparent

RouterD#ping 170.10.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 170.10.10.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/48 ms

RouterD#traceroute 170.10.10.1

Type escape sequence to abort.

Tracing the route to 170.10.10.1

1 1.1.1.1 12 msec 8 msec 20 msec

2 150.10.10.25 [AS 100] 16 msec 8 msec 36 msec

3 150.10.10.9 [AS 100] 4 msec 48 msec 20 msec

4 2.2.2.1 40 msec * 32 msec

When to disable synchronization

The BGP synchronization rule states that if an AS provides transit service to another AS, BGP should not advertise a route until all of the routers within the AS have learned about the route via an IGP.

You can disable synchronization if one of the following conditions is true

Your AS does not pass traffic from one AS to another AS.
All the transit routers in your AS run BGP.

Figure 2 shows a topology in which it is desirable to disable synchronization.

Figure 2: Disabled Synchronization

The following commands configure Routers A, B, and C:

!Router A

router bgp 100

network 150.10.0.0

neighbor 3.3.3.4 remote-as 100

neighbor 2.2.2.1 remote-as 300

no synchronization

!Router B

router bgp 100

network 150.10.0.0

neighbor 1.1.1.2 remote-as 400

neighbor 3.3.3.3 remote-as 100

no synchronization

!Router D

outer bgp 400

neighbor 1.1.1.1 remote-as 100

network 175.10.0.0

The no synchronization router configuration command causes Router B to put 170.10.0.0 in its IP routing table and advertise it to Router D without learning network 170.10.0.0 via an IGP.

RouterD#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B 170.10.0.0/16 [20/0] via 1.1.1.1, 00:01:20

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, FastEthernet0/0

4.0.0.0/24 is subnetted, 1 subnets

C 4.4.4.0 is directly connected, Loopback0

B 150.10.0.0/16 [20/0] via 1.1.1.1, 00:10:28

RouterD#ping 170.10.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 170.10.10.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/23/32 ms

�