Configure iBGP in Cisco IOS Router

Spread the love

When two or more BGP routers resides within the same AS, the relationship between them is called iBGP or internal BGP. iBGP is required to be configured to enable a non-adjacent BGP speakers able to exchange route information internally within an AS. The main difference between iBGP and eBGP is that iBGP doesn’t need the neighboring routers to be directly connected, as long as the neighbor address is reachable through any internal routing protocol like OSPF, EIGRP, or even static route. In this article we are going to learn to Configure iBGP in Cisco IOS Router through a scenario.

How to Configure iBGP in Cisco IOS Router

In below scenario, we have six routers in three different AS. eBGP has been configured between R1-R5 and R3-R6. The internal routing protocol used in AS65535 is OSPF. In this condition, R5 doesn’t know the route to reach loopback in R6 and vice versa. The goal is to enable BGP routing information exchange between the BGP speakers so that R5 and R6 knows how to reach each other.

Configure iBGP in Cisco IOS Router

The routing configuration for each router is shown below:

R1#sh run | s router
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 10.12.12.1 0.0.0.0 area 0
network 10.14.14.1 0.0.0.0 area 0
router bgp 65535
bgp log-neighbor-changes
neighbor 192.168.15.5 remote-as 65531
R2#sh run | s router
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
R3#sh run | s router
router ospf 1
network 3.3.3.3 0.0.0.0 area 0
network 10.23.23.3 0.0.0.0 area 0
network 10.34.34.3 0.0.0.0 area 0
router bgp 65535
bgp log-neighbor-changes
neighbor 192.168.36.6 remote-as 65532
R4#sh run | s router
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
R5#sh run | s router
router bgp 65531
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
neighbor 192.168.15.1 remote-as 65535
R6#sh run | s router
router bgp 65532
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 192.168.36.3 remote-as 65535

R5 should obtain the information of R6 loopback address from R1, and R6 should receive information about R5 loopback address from R3. But, this information now is not even being exchanged between R1 and R3 in AS65535.

If we use command show ip bgp on R1, we can see that it only knows about R5 and not R6:

R1#sh ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 192.168.15.5 0 0 65531 i

On the other side, R3 only knows about R6 and not R5:

R3#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 6.6.6.6/32 192.168.36.6 0 0 65532 i

In this case, the most appropriate way to enable BGP information exchange between R1 and R3 is to configure iBGP relationship.

We can configure iBGP in Cisco IOS router in similar way with the eBGP configuration. The difference is that iBGP configuration doesn’t need direct connectivity between the BGP routers, and you can also use virtual interface to specify the neighbor address — as long as the router knows how to reach that virtual address. In our case, we will use both loopback address of R1 and R3 in the BGP configuration

R1(config)#router bgp 65535
R1(config-router)#neighbor 3.3.3.3 remote-as 65535
R1(config-router)#neighbor 3.3.3.3 update-source lo0
R3(config)#router bgp 65535
R3(config-router)#neighbor 1.1.1.1 remote-as 65535
R3(config-router)#neighbor 1.1.1.1 update-source lo0

Note that the command “neighbor [address] update-source [interface]” is required to let the router know which interface that it should use to perform the iBGP relationship. This has to be enabled on both sides otherwise peering can’t be formed.

The message below should appear on R1 after configuring all the lines above, indicating iBGP configuration is success (R3 will also have the similar message) :

R1(config-router)#
*Dec 29 14:41:53.087: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 Up

And now we can see both R5 and R6 loopback in R1 and R3 (note that BGP information exchange may take a few minutes to complete, because BGP convergence is very slow):

R1#sh ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 192.168.15.5 0 0 65531 i
i 6.6.6.6/32 192.168.36.6 0 100 0 65532 i

Troubleshooting iBGP Configuration in Cisco IOS Router

Even after we have enabled iBGP information exchange between R1 and R3, both R5 and R6 still can’t see each other’s loopback in its routing table.

R5#sh ip bgp 6.6.6.6
% Network not in table
R6#sh ip bgp 5.5.5.5
% Network not in table

This is because R1 (and R3) doesn’t have the way to reach the last hop before the loopback address, therefore it is not forwarding this information to R5 (and R6). If we use show ip bgp command for R5/R6 loopback address in R1/R3, this will be the output:

R1#sh ip bgp 6.6.6.6
BGP routing table entry for 6.6.6.6/32, version 0
Paths: (1 available, no best path)
Not advertised to any peer
Refresh Epoch 1
65532
192.168.36.6 (inaccessible) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal

Notice that R1 cannot reach R6 loopback because it can’t reach the hop before the target, which is 192.168.36.6 (see the “inaccessible” remark on the output above). R3 will also having the same result because it cannot reach the hop 192.168.15.5.

Now, to overcome this issue, both R1 and R3 must advertise this network in their BGP configuration. And the command to do that is shown below:

R1(config)#router bgp 65535
R1(config-router)#network 192.168.15.0 mask 255.255.255.0
R3(config)#router bgp 65535
R3(config-router)#network 192.168.36.0 mask 255.255.255.0

With this, R1 can now have visibility to all hops to reach R6 (the same should applies for R3 to R5)

R1#sh ip bgp 6.6.6.6
BGP routing table entry for 6.6.6.6/32, version 8
Paths: (1 available, best #1, table default)
Advertised to update-groups:
10
Refresh Epoch 1
65532
192.168.36.6 (metric 3) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best

And in R5 routing table we can now see the route and next hop to reach R6 (and vice versa)

R5#sh ip route 6.6.6.6
Routing entry for 6.6.6.6/32
Known via "bgp 65531", distance 20, metric 0
Tag 65535, type external
Last update from 192.168.15.1 00:18:12 ago
Routing Descriptor Blocks:
* 192.168.15.1, from 192.168.15.1, 00:18:12 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 65535
MPLS label: none

And now we have completed all the steps to configure iBGP in Cisco IOS router.

Note that communication between R5-R6 may not still be able to be performed because the intermediate router in AS65535 (R2 and R4) still doesn’t have the knowledge of the route to R5 and R6. To enable full communication between R5 and R6, we can enable iBGP on R2-R4 as well (creating a full-mesh iBGP), or using MPLS tunneling, or redistribute BGP into OSPF, or add static route to both networks.

The following two tabs change content below.

Arranda Saputra

ITIL Certified, CCNA, CCDA, VCP6-DCV, MCSA Administering Windows Server 2012
I am IT practitioner in real life with specialization in network and server infrastructure. I have years of experience in design, analysis, operation, and optimization of infrastructure solutions for enterprise-scaled network. You can send me a message on LinkedIn or email to arranda.saputra@outlook.com for further inquiry regarding stuffs that I wrote or opportunity to collaborate in a project.

Latest posts by Arranda Saputra (see all)

scroll to top