You are on page 1of 7

BGP Confederation Explained

In this tutorial well take a look at the BGP Confederation. As you might know, IBGP requires
a full mesh of peerings which can become an administrative nightmare. If you dont know
why we need a full mesh, I recommend to start reading my IBGP tutorial first.
To reduce the number of IBGP peerings there are two techniques:

Confederations
Route Reflector
Lets talk about confederations, look at the picture below:

Above we have AS 1 with 6 routers running IBGP. The number of IBGP peerings can be
calculated with the full mesh formula:
N(N-1)/2
So in our case thats:
6 * (6-1 = 5) / 2 = 15 IBGP peerings.
A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP
peerings. Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use
something that looks like EBGP but behaves like IBGP (called confederation BGP) . Heres an
example of what a BGP confederation could look like:

By dividing our main AS into two sub-ASes we reduced the number of IBGP peerings from 15
to 8.
Within the sub-AS we still have the full-mesh IBGP requirement. Between sub-ASes its just
like EBGP, its up to you how many peerings you want. The outside world will never see your
sub-AS numbers, they will only see the main AS number.

Since the sub-AS numbers are not seen outside of your network you will often see private AS
numbers used for the sub-ASes (64512 65535) but you can pick any number you like.
You should now have an idea what BGP confederations are like, lets look at the
configuration so I can add some more details. Ill use the following topology:

Above we have AS 2 which is divided into two sub-ASes, AS 24 and AS 35. Theres also AS 1
on top that we can use to see how the outside world sees our confederation.
Lets look at the configuration shall we?

Configuration

Just like any other IBGP configuration its best practice to use loopback interfaces for the
BGP sesssions. For this reason I created a loopback interface on all routers within AS 2 and
Ill use OSPF to advertise them.

OSPF Configuration
R2(config)#router ospf 1
R2(config-router)#network 192.168.23.0 0.0.0.255 area 0
R2(config-router)#network 192.168.24.0 0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R3(config)#router ospf 1
R3(config-router)#network 192.168.23.0 0.0.0.255 area 0
R3(config-router)#network 192.168.35.0 0.0.0.255 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#network 192.168.24.0 0.0.0.255 area 0
R4(config-router)#network 192.168.45.0 0.0.0.255 area 0
R4(config-router)#network 4.4.4.4 0.0.0.0 area 0
R5(config)#router ospf 1
R5(config-router)#network 192.168.35.0 0.0.0.255 area 0
R5(config-router)#network 192.168.45.0 0.0.0.255 area 0
R5(config-router)#network 5.5.5.5 0.0.0.0 area 0

Now we can worry about the BGP confederation configuration. Ill explain all the different
steps

BGP Confederation Configuration


Lets start with R2:

R2(config)#router bgp 24
R2(config-router)#bgp confederation identifier 2
R2(config-router)#bgp confederation peers 35
R2(config-router)#neighbor 4.4.4.4 remote-as 24
R2(config-router)#neighbor 4.4.4.4 update-source loopback 0
R2(config-router)#neighbor 3.3.3.3 remote-as 35
R2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R2(config-router)#neighbor 3.3.3.3 ebgp-multihop 2

The configuration of R2 requires some explanation. First of all, when you start the BGP
process you have to use the AS number of the sub-AS. Secondly, you have to use the bgp
confederation identifier command to tell BGP what the main AS number is.
We also have to configure all other sub-AS numbers with the bgp confederation peers
command, in this case thats only AS 35. R4 is in the same sub-as so you can configure this
neighbor just like any other IBGP neighbor. R3 is a bit different thoughsince its in another
sub-AS we have to use the same rules as EBGP, that means configuring multihop if you are
using loopbacks.
Lets take a look at R3:

R3(config)#router bgp 35
R3(config-router)#bgp confederation identifier 2
R3(config-router)#bgp confederation peers 24
R3(config-router)#neighbor 2.2.2.2 remote-as 24
R3(config-router)#neighbor 2.2.2.2 update-source loopback 0
R3(config-router)#neighbor 2.2.2.2 ebgp-multihop 2
R3(config-router)#neighbor 5.5.5.5 remote-as 35
R3(config-router)#neighbor 5.5.5.5 update-source loopback 0

The configuration of R3 is similar to R2. We configure it to use AS 35 while the main AS is 2.


Our only sub-AS peer is 24 and we have two neighborsone IBGP neighbor and one EBGP
(confederation BGP) neighbor.
R4 and R5 look pretty much the same:

R4(config)#router bgp 24
R4(config-router)#bgp confederation identifier 2
R4(config-router)#bgp confederation peers 35
R4(config-router)#neighbor 2.2.2.2 remote-as 24
R4(config-router)#neighbor 2.2.2.2 update-source loopback 0
R4(config-router)#neighbor 5.5.5.5 remote-as 35
R4(config-router)#neighbor 5.5.5.5 update-source loopback 0
R4(config-router)#neighbor 5.5.5.5 ebgp-multihop 2
R5(config)#router bgp 35
R5(config-router)#bgp confederation identifier 2
R5(config-router)#bgp confederation peers 24
R5(config-router)#neighbor 4.4.4.4 remote-as 24
R5(config-router)#neighbor 4.4.4.4 update-source loopback 0
R5(config-router)#neighbor 4.4.4.4 ebgp-multihop 2
R5(config-router)#neighbor 3.3.3.3 remote-as 35
R5(config-router)#neighbor 3.3.3.3 update-source loopback 0

That takes care of configuring the neighbors. The more interesting part is of course using
some show commands to see the differences with normal IBGP and EBGP. Lets get going

Verification

To have something we can look at I will create a loopback interface on R5 and advertise a
network in BGP:

R5(config)#interface loopback 5
R5(config-if)#ip address 55.55.55.55 255.255.255.255

Lets advertise it in BGP:

R5(config)#router bgp 35
R5(config-router)#network 55.55.55.55 mask 255.255.255.255

Lets look at R3 first, this router is in the same sub-AS as R5:

R3#show ip bgp 55.55.55.55


BGP routing table entry for 55.55.55.55/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
2
Local
5.5.5.5 (metric 2) from 5.5.5.5 (5.5.5.5)
Origin IGP, metric 0, localpref 100, valid, confed-internal, best

This entry looks pretty much the same as normal IBGP but theres one important
difference

You might also like