In this article we’ll be going over the BGP Backdoor feature. This is used in cases where two systems are connected via an IGP, but also receiving routes to the same system through BGP. I stumbled across this feature while checking out one of the labs on Darren’s Blog. The only way I could think of to complete one of his criteria was changing the Administrative Distance of either BGP or the IGP. That is essentially what this feature does, but on a route-by-route basis instead of changing the AD of an entire protocol. I asked Darren if that was the only solution and he pointed me to “BGP Backdoor”. As usual, I will be including my Dynagen/GNS3 .net file at the end of this post. Here is our topology:

BGP_BD Topology

Let’s go through the config:

R1

hostname R1
!
interface Serial0/0
 ip address 10.1.1.1 255.255.255.0
!
interface Serial0/1
 ip address 10.1.3.1 255.255.255.0
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.1.2 remote-as 65525
 neighbor 10.1.3.2 remote-as 65535
 no auto-summary

Simple interface and BGP config. We turn of synchronization, and auto summarization, then we add our neighbors.

R2:

hostname R2
!
interface Loopback1
 ip address 50.144.25.1 255.255.255.0
 ip ospf network point-to-point
!
interface Serial0/0
 ip address 10.1.1.2 255.255.255.0
!
interface Serial0/1
 ip address 10.1.2.1 255.255.255.0
!
router ospf 100
 network 10.1.2.0 0.0.0.255 area 0
 network 50.144.25.0 0.0.0.255 area 2
!
router bgp 65525
 no synchronization
 bgp log-neighbor-changes
 network 50.144.25.0 mask 255.255.255.0
 network 75.42.133.0 mask 255.255.255.0 backdoor
 neighbor 10.1.1.1 remote-as 65000
 no auto-summary

R3:

hostname R3
interface Loopback1
 ip address 75.42.133.1 255.255.255.0
 ip ospf network point-to-point
!
interface Serial0/0
 ip address 10.1.3.2 255.255.255.0
!
interface Serial0/1
 ip address 10.1.2.2 255.255.255.0
!
router ospf 100
 network 10.1.2.0 0.0.0.255 area 0
 network 75.42.133.0 0.0.0.255 area 3
!
router bgp 65535
 no synchronization
 bgp log-neighbor-changes
 network 50.144.25.0 mask 255.255.255.0 backdoor
 network 75.42.133.0 mask 255.255.255.0
 neighbor 10.1.3.1 remote-as 65000
 no auto-summary

Normal OSPF config. The important command here is obviously the “network [IP] mask [mask] backdoor” command.

This command tells BGP to use an AD of 200 for this route, instead of the default AD of 20 with eBGP routes. With this we force the router to prefer the point to point OSPF link, which will likely be faster than going through the SP. Let’s look at our routing tables.

First we’ll look at it BEFORE the we use the backdoor command:

R3#sh ip route
...
     50.0.0.0/24 is subnetted, 1 subnets
B       50.144.25.0 [20/0] via 10.1.3.1, 00:00:15

Notice that it’s learning the router via BGP.

Now we’ll look at it AFTER the backdoor command:

R3#sh ip route
...
     50.0.0.0/24 is subnetted, 1 subnets
O IA    50.144.25.0 [110/65] via 10.1.2.1, 00:00:09, Serial0/1

After entering the BGP Backdoor command we see the same route now learned via OSPF.

Finally, let’s see what happens if the OSPF link goes down:

R3#sh ip route
...
          50.0.0.0/24 is subnetted, 1 subnets
B       50.144.25.0 [200/0] via 10.1.3.1, 00:00:04

As you’d expect, the OSPF route is gone and the BGP route is in the table with an AD of 200.

That’s it for today. This is a very interesting feature that I didn’t know existed before this morning.

The Dynagen/GNS3 .net file
(you will need to change the paths to make it work)

Colby

Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts