The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure the ASA to route data, perform authentication, and redistribute routing information using the Border Gateway Protocol (BGP).
BGP is an inter autonomous system routing protocol. An autonomous system is a network or group of networks under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP). This section includes the following topics:
Customer networks, such as universities and corporations, usually employ an Interior Gateway Protocol (IGP) such as OSPF for the exchange of routing information within their networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP routes. When BGP is used between autonomous systems (AS), the protocol is referred to as External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is referred to as Interior BGP (IBGP).
BGP neighbors exchange full routing information when the TCP connection between neighbors is first established. When changes to the routing table are detected, the BGP routers send to their neighbors only those routes that have changed. BGP routers do not send periodic routing updates, and BGP routing updates advertise only the optimal path to a destination network.
Routes learned via BGP have properties that are used to determine the best route to a destination, when multiple paths exist to a particular destination. These properties are referred to as BGP attributes and are used in the route selection process:
– IGP- The route is interior to the originating AS. This value is set when the network router configuration command is used to inject the route into BGP.
– EGP-The route is learned via the Exterior Border Gateway Protocol (EBGP).
– Incomplete- The origin of the route is unknown or learned in some other way. An origin of incomplete occurs when a route is redistributed into BGP.
– no-export- Do not advertise this route to EBGP peers.
– no-advertise- Do not advertise this route to any peer.
– internet- Advertise this route to the Internet community; all routers in the network belong to it.
BGP may receive multiple advertisements for the same route from different sources. BGP selects only one path as the best path. When this path is selected, BGP puts the selected path in the IP routing table and propagates the path to its neighbors. BGP uses the following criteria, in the order presented, to select a path for a destination:
|
|
---|---|
This section includes the guidelines and limitations for this feature.
Supported in single and multiple context mode.
Does not support transparent firewall mode. BGP is supported only in router mode.
Supports Stateful Failover in single and multiple context mode.
Note When you delete and reapply the BGP configuration in the user context allow a delay of 60 seconds, to enable the slave/ standby ASA unit to sync.
This section describes how to enable the BGP process on your system. After you have enabled BGP, see the following topics to learn how to customize the BGP process on your system.
To configure BGP, perform the following steps:
Step 1 In the CLI, enable BGP, and configure general BGP parameters.
Step 2 Define the best path for the BGP routing process and configure the best path configuration parameters.
Step 3 Add and configure policy lists.
Step 4 Add and configure AS path filters.
Step 5 Add and configure Community Rules.
Step 6 Configure IPv4 Address Family settings.
This section describes the steps required to enable BGP routing, establish a BGP routing process and configure general BGP parameters.
This section describes the steps required to configure the BGP best path. For more information on the best path, see BGP Path Selection.
When a policy list is referenced within a route map, all of the match statements within the policy list are evaluated and processed. Two or more policy lists can be configured with a route map. A policy list can also coexist with any other preexisting match and set statements that are configured within the same route map but outside of the policy list. This section describes the steps required to configure policy lists.
An AS path filter allows you to filter the routing update message by using access lists and look at the individual prefixes within an update message. If a prefix within the update message matches the filter criteria then that individual prefix is filtered out or accepted depending on what action the filter entry has been configured to carry out. This section describes the steps required to configure AS path filters.
Note The as-path access-lists are not the same as the regular firewall ACLs.
A community is a group of destinations that share some common attribute. You can use community lists to create groups of communities to use in a match clause of a route map. Just like an access list, a series of community lists can be created. Statements are checked until a match is found. As soon as one statement is satisfied, the test is concluded. This section describes the steps required to configure community rules.
The IPv4 settings for BGP can be set up from the IPv4 family option within the BGP configuration setup. The IPv4 family section includes subsections for General settings, Aggregate address settings, Filtering settings and Neighbor settings. Each of these subsections enable you to customize parameters specific to the IPv4 family.
This section describes how to customize the BGP IPv4 family settings and includes the following topics:
This section describes the steps required to configure the general IPv4 settings.
This section describes the steps required to define the aggregation of specific routes into one route.
This section describes the steps required to filter routes or networks received in incoming BGP updates.
This section describes the steps required to define BGP neighbors and neighbor settings.
Note You cannot add neighbors that support graceful restart, because ASA 9.2.1 does not support graceful restart.
This section describes the steps required to define the networks to be advertised by the BGP routing process.
This section describes the steps required to define the conditions for redistributing routes from another routing domain into BGP.
This section describes the steps required to define the routes to be conditionally injected into the BGP routing table.
You can use the following commands to monitor the BGP routing process. For examples and descriptions of the command output, see the command reference. Additionally, you can disable the logging of neighbor change messages and neighbor warning messages.
To monitor or disable various BGP routing statistics, enter one of the following commands:
This example shows how to enable and configure BGP with various optional processes.
Step 1 To enable BGP, enter the following commands:
Step 2 To enable you to discard routes that have a number of as-path segments that exceed the specified value:
Step 3 To enable logging of BGP neighbor resets:
Step 4 To enable BGP to automatically discover the best TCP path MTU for each BGP session:
Step 5 To enable BGP to terminate external BGP sessions of any directly adjacent peer if the link used to reach the peer goes down; without waiting for the hold-down timer to expire:
Table 29-1 lists each feature change and the platform release in which it was implemented.