In Border Gateway Protocol (BGP), managing how routes are advertised is critical for network stability and efficiency. Two common methods for injecting routes into BGP are the `network` statement and the `redistribute connected` command. In this post, we’ll analyze these methods and explain their intricacies.
Network Statement vs Redistribute Connected
The Origin Attribute
Using `redistribute connected`, the routes are inserted into BGP with an origin attribute of ‘incomplete‘. This means if two identical routes exist, with the only difference being one came via the `network` command and the other via redistribution, the route originated via the `network` command is preferred. This is due to the BGP Best Path Selection algorithm, where an IGP origin is preferred over an ‘incomplete‘ origin. While this might not pose a significant issue, it’s an additional factor to consider during troubleshooting.
Reactivity to Changes
With the `network` statement, BGP reacts to changes in the routing table. For instance, if a static route is withdrawn from the IP routing table, BGP will also withdraw the prefix. This is particularly beneficial when dealing with static routes, as they are known in advance and can be explicitly controlled.
Control and Scalability
Using `redistribute connected`, you advertise all connected networks through BGP. This could be efficient for advertising a large number of prefixes but lacks a fine control that the `network` statement offers. However, you can attach a route-map to the `redistribute connected` command to exert more control over what is injected into BGP.
Recommendations
1. Prefer the Network Statement for Precision: For better control, especially when the set of networks to be advertised is known, it’s advisable to use the `network` statement.
2. Use Redistribution Judiciously: The use of redistribution is often best reserved for dynamic routing protocols like OSPF or EIGRP where the subnets to be advertised may not be known in advance. It’s also useful when you need to advertise a large number of prefixes.
3. Route-Maps for Control: When using `redistribute connected`, it is highly recommended to use a route-map to control which prefixes are injected into BGP.
4. Be Aware of Origin: Remember that the origin attribute impacts the BGP path selection process. `Network` sets the origin to IGP, while `redistribute connected` sets it to ‘incomplete’.
5. Fix the Origin Attribute: You can modify the origin attribute when redistributing by using a route-map. For instance, you can set the origin attribute to IGP by adding the `set origin igp` statement in the route-map. Here’s an example:
route-map SET_ORIGIN_IGP permit 10 set origin igp router bgp {AS-Number} redistribute connected route-map SET_ORIGIN_IGP
Clarification Using Prefix Lists
It’s crucial to note by using a prefix-list, you are controlling which connected routes you are redistributing into BGP. Without it, all connected routes would be redistributed regardless of their IP ranges. This is beneficial when you only want to redistribute a subset of your connected routes.
For example, there’s no difference when talking about private IP Subnets with the two configuration below:
Configuration 1:
ip prefix-list RFC1918 seq 10 permit 10.0.0.0/8 le 32 ip prefix-list RFC1918 seq 20 permit 172.16.0.0/12 le 32 ip prefix-list RFC1918 seq 30 permit 192.168.0.0/16 le 32 route-map SET_ORIGIN_IGP permit 10 match ip address prefix-list RFC1918 match source-protocol connected set origin igp router bgp {AS-number} redistribute connected route-map SET_ORIGIN_IGP
Configuration 2:
route-map SET_ORIGIN_IGP permit 10 match source-protocol connected set origin igp router bgp {AS-number} redistribute connected route-map SET_ORIGIN_IGP
Let me explain. In the context of redistributing private IP subnets (as defined in RFC 1918), Configuration 1 and Configuration 2 would have the same effect.
- Configuration 1 specifies a prefix-list that matches all subnets within the RFC 1918 private address space. It only redistributes the connected subnets that fall within these ranges.
- Configuration 2 does not specify any prefix-list, so it does not filter based on the IP address ranges. This means all connected subnets will be redistributed.
In an environment where only RFC 1918 private addresses are used for connected subnets, both configurations will redistribute all connected subnets. The prefix-list in Configuration 1 is redundant in this specific scenario because it essentially matches all subnets that would have been matched without it.
However, it is important to understand the differences in behavior if there were connected subnets outside of the RFC 1918 ranges. Configuration 1 would not redistribute those, whereas Configuration 2 would.
Conclusion
Understanding the differences between the `network` statement and the `redistribute connected` command is crucial for effective BGP route management. Although the `network` statement offers more control and is often preferred, there are scenarios where `redistribute connected` is useful, particularly for scalability or dealing with dynamic routing protocols. When using redistribution, the use of route-maps for filtering and setting attributes, including modifying the origin attribute, is recommended to maintain control over the advertised routes.
By considering these nuances, network engineers can make more informed decisions and maintain a robust and efficient network.