eBGP Loopbacks: Multihop vs Disable Connected Check

By default, BGP checks if its configured external (or eBGP) peers are directly connected. If not, BGP will not initialize for those peers (will stuck in Init). Respectively, this is true when destination’s IP address belongs to a loopback interface, even though it is configured on the directly connected router. Moreover, default TTL value for eBGP packets is 1 (that is why the check is required). There are two ways to change router’s default behavior – configure eBGP multihop or disable the check for directly connected peers. They both do same thing for loopback interfaces, yet the logic is different.

Consider the following example

Routers are configured as follows

SP
interface Loopback0
 description BGP RID
 ip address 10.180.0.10 255.255.255.255
!
interface Serial0/0
 description Client A/Link #1
 ip address 10.180.1.2 255.255.255.252
!
router bgp 10
 neighbor 10.180.0.1 remote-as 11
 neighbor 10.180.0.1 update-source Loopback0
!
ip route 10.180.0.1 255.255.255.255 Serial0/0 10.180.1.1

RGW1
interface Loopback0
 description BGP RID
 ip address 10.180.0.1 255.255.255.255
!
interface Serial0/0
 description SP/Primary
 ip address 10.180.1.1 255.255.255.0
!
router bgp 11
 neighbor 10.180.0.10 remote-as 10
 neighbor 10.180.0.10 update-source Loopback0
!
ip route 10.180.0.10 255.255.255.255 Serial0/0

As you may see, eBGP peers’ IP addresses are taken from loopback interfaces. The configuration is intentionally unfinished. Let’s review BGP’s default behavior. If you’ll check BGP summary information on any of these routers, you’ll notice that it stuck in the Init state for the remote peer. The detailed neighbor’s information will reveal the reason.

RGW1#sh ip bgp summ
BGP router identifier 10.180.0.1, local AS number 11
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.180.0.10     4    10       0       0        0    0    0 never    Idle

RGW1#sh ip bgp neigh 10.180.0.10
BGP neighbor is 10.180.0.10,  remote AS 10, external link
  BGP version 4, remote router ID 0.0.0.0
  BGP state = Idle

  -- cut for brevity --

  Connections established 0; dropped 0
  Last reset never
  External BGP neighbor not directly connected.
  No active TCP connection

Right, eBGP peer is not directly connected. Default behavior tells router not to work with this peer. As I previously said, there are two ways to change it – use ebgp-multihop or disable-connected-check. So, what’s the difference?

ebgp-multihop n

By configuring this command, you tell router that remote peer is up to n hops away. It will disable the directly connected check for the peer and effectively change eBGP packets’ TTL value to n. In case of the loopback interfaces, configured on the directly connected routers, you will set this to 2.

disable-connected-check

This command does nothing to the default TTL value (which is 1), thus it won’t make eBGP operational if peers are not directly connected. It will (as it says) disable the check if peer is directly connected. Although it will try to establish the TCP connection with a router which is few hops away, its first neighbor will drop packets due to the default TTL of 1. The following picture illustrates the difference between both methods (arrows point to the interfaces which are configured as eBGP peer).

Once you enable any of the mentioned commands, BGP will establish the TCP connection and exchange the routing updates (providing the rest of configuration is correct). One thing to point – there’s no requirement to configure the same command from both ends – BGP session will be established as long as both peers are allowed to reach each others loopback interfaces. See the complete configuration and output of the appropriate show commands (which confirm operation) below.

SP
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.180.0.1 remote-as 11
 neighbor 10.180.0.1 ebgp-multihop 2
 neighbor 10.180.0.1 update-source Loopback0
 no auto-summary
SP#sh ip bgp neigh 10.180.0.1
BGP neighbor is 10.180.0.1,  remote AS 11, external link
  BGP version 4, remote router ID 10.180.0.1
  BGP state = Established, up for 00:01:18
  Last read 00:00:17, last write 00:00:17, hold time is 180, keepalive interval is 60 seconds

  -- cut for brevity --

  Connections established 1; dropped 0
  Last reset never
  External BGP neighbor may be up to 2 hops away.
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 2
Local host: 10.180.0.10, Local port: 28158
Foreign host: 10.180.0.1, Foreign port: 179
RGW1
router bgp 11
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.180.0.10 remote-as 10
 neighbor 10.180.0.10 disable-connected-check
 neighbor 10.180.0.10 update-source Loopback0
 no auto-summary

RGW1#sh ip bgp neigh 10.180.0.10
BGP neighbor is 10.180.0.10,  remote AS 10, external link
  BGP version 4, remote router ID 192.162.10.1
  BGP state = Established, up for 00:04:26
  Last read 00:00:26, last write 00:00:26, hold time is 180, keepalive interval is 60 seconds

 -- cut for brevity --

  Connections established 1; dropped 0
  Last reset never
  External BGP neighbor not directly connected.
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 10.180.0.1, Local port: 179
Foreign host: 10.180.0.10, Foreign port: 28158

Questions?

One Comment

  1. Vladimir says:

    Спасибо, статья помогла разобраться в разнице между ebgp-multihop и disable-connected-check

Leave a Reply

%d bloggers like this: