BGP Confederation

The implementation of BGP Confederations reduces the iBGP mesh inside an AS. The trick is to divide an AS into multiple ASs and assign the whole group to a single confederation. Each AS alone has iBGP fully meshed and has connections to other ASs inside the confederation. Even though these ASs have eBGP peers to ASs within the confederations, the ASs exchange routing as if they used iBGP. In this way, the confederation preserves next hop, metric, and local preference information. To the outside world, the confederation appears to be a single AS.

In order to configure a BGP confederation, issue this command:
bgp confederation identifier autonomous-system
The confederation identifier is the AS number of the confederation group.

The execution of this command performs peering between multiple ASs within the confederation:
bgp confederation peers autonomous-system [autonomous-system]
Here is an example of confederation:

Assume that you have an AS500 that consists of nine BGP speakers. Other non-BGP speakers exist also, but you only have interest in the BGP speakers that have eBGP connections to other ASs. If you want to make a full iBGP mesh inside AS500, you need nine peer connections for each router. You need eight iBGP peers and one eBGP peer to external ASs.

If you use confederation, you can divide AS500 into multiple ASs: AS50, AS60, and AS70. You give the AS a confederation identifier of 500. The outside world sees only one AS, AS500. For each of AS50, AS60, and AS70, you define a full mesh iBGP peers, and you define the list of confederation peers with the bgp confederation peers command.

Here is a sample configuration of routers RTC, RTD, and RTA:

Note: RTA has no knoledge of AS50, AS60, or AS70. RTA has only knowledge of AS500.

router bgp 50
bgp confederation identifier 500
bgp confederation peers 60 70
neighbor remote-as 50
neighbor remote-as 50
neighbor remote-as 60
neighbor remote-as 70
neighbor remote-as 100
router bgp 60
bgp confederation identifier 500
bgp confederation peers 50 70
neighbor remote-as 60
neighbor remote-as 50
neighbor remote-as 70
neighbor remote-as 600
router bgp 100
neighbor remote-as 500


Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration