Technical Tip: Use BGP backdoor to prefer IGP over EBGP

ppatel · ‎03-07-2021

Description

This article describes the use of BGP backdoor to prefer IGP over EBGP.

Solution
Diagram.

- As illustrated, EBGP is running between 'FGT-A' and 'FGT-C' as well as 'FGT-B' and 'FGT-C'.
- Let’s say, an IGP protocol running between 'FGT-A' and 'FGT-B'. It can be OSPF, IS-IS or RIP protocol.
- EBGP has distance of 20, which is less than the IGP distances. The IGP protocol default distances are:

- 'FGT-A' will learn the 172.16.20.0/24 via 'FGT-C' EBGP (distance-20) and with IGP from FGT-B with a distance greater than 20. Hence, 'FGT-A' will install the route via 'FGT-C' EBGP as it has lower distance.
- However, the user wants the 'FGT-A' to prefer 172.16.20.0/24 route via IGP from 'FGT-B'.

- If the user wants 'FGT-A' to prefer 172.16.20.0/24 route via IGP RIP from 'FGT-B', use BGP backdoor.
- Assume IGP RIP protocol is running between 'FGT-A' and 'FGT-B'.
- Configure 'set backdoor enable' for network 172.16.20.0/24 under the 'FGT-A' BGP network configuration as the user wants to prefer this network via IGP.

- With backdoor enable, FGT-A BGP will consider prefix 172.16.20.0/24 as locally assigned network but it will not advertise the prefix in BGP updates to FGT-C.
-Due to BGP backdoor enabled, 'FGT-A' will learn the 172.16.20.0/24 route from 'FGT-B' via RIP with distance 120.

FGT-B Configuration.

# config router rip
    # config network
        edit 1
            set prefix 172.16.20.0 255.255.255.0
        next
    end

FGT-A Configuration.

# config router rip
    # config network
        edit 1
            set prefix 172.16.10.0 255.255.255.0
        next
    end

# config router bgp
   set as 10
    # config neighbor
        edit "10.10.10.30"
            set ebgp-enforce-multihop enable
            set remote-as 30
            set update-source "loopback"
        next
    end
    # config network
        edit 1
            set prefix 172.16.20.0 255.255.255.0
            set backdoor enable
        next
    end