BGP Backdoor Routes

When your router learns about a prefix through EBGP and an IGP (RIP, OSPF or EIGRP) then it will always prefer the external BGP route. EBGP uses an administrative distance of 20 so it’s preferred over OSPF (110), RIP (120), or EIGRP (90).

This can introduce a problem, let me show you a scenario:

R1 R2 R3 AS1 AS2 AS3

Above you see 3 routers, R1, R2, and R3. Imagine R1 and R2 are two sites from a customer, and R3 is the ISP router.

R1 and R2 have a fast “backdoor” link, and OSPF is configured to exchange some prefixes between the two sites. To illustrate this, I have added a loopback interface on these two routers.

R1 and R2 are also configured to use EBGP with R3, they advertise the same prefixes as they do in OSPF. This introduces a problem:

R1 prefix learned OSPF BGP

Above you see that R1 learns about the 2.2.2.2 /32 prefix through BGP (R3) and OSPF (R2). Since EBGP has a lower (thus better) AD, it will install this path in its routing table. The same thing applies to R2 for the 1.1.1.1 /32 prefix.

Let’s take a look at this scenario on our routers, I’ll configure OSPF and BGP, and you will learn how to fix this problem.

OSPF Configuration

First, we’ll configure R1 and R2 to run OSPF. I’ll advertise their loopback interfaces:

R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0

Nothing special here, just a basic OSPF configuration. Here’s what the routing table of R1 and R2 looks like now:

R1#show ip route ospf | include 2.2
O        2.2.2.2 [110/2] via 192.168.12.2, 00:00:12, FastEthernet0/0
R2#show ip route ospf | include 1.1
O        1.1.1.1 [110/2] via 192.168.12.1, 00:00:27, FastEthernet0/0

They learned about each other’s prefixes, great! Our next move is configuring BGP…

BGP Configuration

R1 and R2 will both peer with R3, and I’ll advertise their loopback interfaces in BGP:

R1(config-router)#neighbor 192.168.13.3 remote-as 3
R1(config-router)#network 1.1.1.1 mask 255.255.255.255
R2(config-router)#neighbor 192.168.23.3 remote-as 3
R2(config-router)#network 2.2.2.2 mask 255.255.255.255
R3(config)#router bgp 3
R3(config-router)#neighbor 192.168.13.1 remote-as 1   
R3(config-router)#neighbor 192.168.23.2 remote-as 2

It’s just a plain and simple BGP configuration. Now look again at the routing table of R1 and R2:

R1#show ip route | incl 2.2 
B        2.2.2.2 [20/0] via 192.168.13.3, 00:00:45
R2#show ip route | incl 1.1
B        1.1.1.1 [20/0] via 192.168.23.3, 00:01:23

R1 and R2 will now use R3 to reach each other’s loopback interfaces. This happens because the AD of EBGP is 20 while OSPF has an AD of 110. As a result, OSPF is removed from the routing table. So how do we fix this? You could change the administrative distance manually, but this lesson is about the “backdoor” feature, so let’s see how it works.

BGP Backdoor Configuration

We have to configure the network that we want to use our “backdoor” for. Here’s what it looks like:

R1(config-router)#network 2.2.2.2 mask 255.255.255.255 backdoor
R2(config-router)#network 1.1.1.1 mask 255.255.255.255 backdoor

You use the network command but add the backdoor keyword at the end.

Verification

Let’s see what changed:

R1#show ip route | incl 2.2
O        2.2.2.2 [110/2] via 192.168.12.2, 00:00:42, FastEthernet0/0

R2#show ip route | incl 1.1
O        1.1.1.1 [110/2] via 192.168.12.1, 00:00:28, FastEthernet0/0

Great! Our routers now prefer the OSPF routes again. The prefixes are still in BGP, as you can see here:

R1#show ip bgp         
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.1/32       0.0.0.0                  0         32768 i
r> 2.2.2.2/32       192.168.13.3                           0 3 2 i
R2#show ip bgp
BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 1.1.1.1/32       192.168.23.3                           0 3 1 i
*> 2.2.2.2/32       0.0.0.0                  0         32768 i

This is a good thing. When the backdoor link fails, we can still use the information from BGP. Let’s simulate that:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 803 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
480 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Forum Replies

  1. excellent and very helpful note . easily to understand . for all u articles… i’n new to your website but really i thanksfull for your great effort. .

  2. Thanx a lot Rene … Excellent explanation … It was so systematic … to the point … and U made it so easy to understand … Great work

  3. Excellent! Thank you Rene! Can we assume that R1 and R2 are remote offices interconnected via L2 MPLS and the BGP peering is used for redundancy?

18 more replies! Ask a question or join the discussion by visiting our Community Forum