The other day I was reading about BGP backdoor feature – the book says that the network <Net> mask <mask> backdoor command would do two things:
- Change the admin distance of that route from 20 (eBGP) to 200 (iBGP) so that IGP routes are preferred
- The route would not be advertised
I had no problems in understanding the 1st statement; this was not the case for the 2nd one. I was thinking, “well … if the route is not advertised, am I not going to have a routing problem should I need to advertise that route to another neighbour? How would I then go about it? And, if the route is not advertised – does this actually apply to iBGP, eBGP or both?”
To be honest, for such a simple feature, I was feeling it would be a bit overkill to lab it. So I looked on the Internet for some resources where I could found these questions answered – but couldn’t find any. All I could find was other blogs of people explaining how the backdoor feature works using a 4x routers topology in order to replicate the problem solved by the backdoor command.
I will use the following topology:
I am showing above what, naturally happens to the advertised route 172.16.1.0 /24 – R1 advertises the route to R2 via eBGP. As per native BGP routes, R2 advertises the route to R3 router, via iBGP. Further, R3 advertises the same route to R4 via it’s eBGP peering session. At last, R4 will then advertise the route to R6 and R7 via the iBGP and eBGP sessions.
In paralel, R4 will get the route advertised directly from R1 router, via the OSPF. R4 router is not running OSPF with any other router.
So do you see what is happening? R4 will now have two paths for reaching the 172.16.1.0 /24 route, somewhere behind R1 router. But which one of these two paths will show up in the routing table – obviously, it will be the BGP route due to it’s lower administrative distance. But that is the less optimal route too – even if the OSPF peering was over a 10 Gbps link, it would simply not matter; the router will always look at AD and choose the lowest, first.
Now, on router R4, I ran the following commands:
network 172.16.1.0 mask 255.255.255.0 backdoor
By using the bgp backdoor feature, we are transparently increasing the AD of that particular BGP route so that the router prefers the IGP route instead. This feature has local scope only – i.e., it affects routing decision on the router where the command is applied. I have updated the diagram to reflect the routing after adding the backdoor command.
On router R4, the BGP route to 172.16.1.0 /24 will have the AD set to 200, higher (less preferred) to the OSPF route.
On the lab, I have also confirmed that the route is in fact advertised further to R6 and R7, by the R4 router, as per standard BGP routes. So R6 will have the route with AD of 200 as per the iBGP peering to R4, while R7 will have the route set with AD of 20, as per its eBGP session, also with router R4.
So in the book, when they say that the route is not advertised, what do they actually mean?
What does the network command do in BGP? It advertises a network as long as it’s in the routing table, right. In this case, by using the network command, the route is not explicitely advertised! In our case, this is not a problem because the route will be automatically advertised by BGP as per it’s built-in rules. However, if we do need R4 to advertise a route out, while also setting the AD to 200 by means of the backdoor command, just by using the command will not advertise the route – we would still need to use a separate network command to advertise the route.