1.11 Troubleshoot BGP (Internal and External; unicast and VRF-Lite)
📘CCNP Enterprise – ENARSI (300-410)
1. What Are BGP Policies?
In BGP, a policy is a set of rules that controls:
- Which routes are accepted
- Which routes are advertised
- Which path is preferred
- Which path is avoided
Without policies, BGP would:
- Accept all routes
- Advertise all routes
- Choose paths automatically (sometimes not what we want)
👉 BGP policies allow network administrators to control routing behavior.
2. Why BGP Policies Are Important (Exam Perspective)
For the ENARSI exam, you must understand:
- How BGP policies affect route selection
- How routing problems occur due to wrong policies
- How to troubleshoot when routes are:
- Missing
- Preferred incorrectly
- Advertised unexpectedly
3. Two Main Types of BGP Policies
BGP policies fall into two major categories:
A. Route Filtering
(Control which routes are allowed or blocked)
- Inbound filtering
- Outbound filtering
B. Path Manipulation
(Control which route/path is preferred)
PART A – ROUTE FILTERING
4. What Is Route Filtering?
Route filtering means controlling which routes BGP accepts or advertises.
Think of it as a security and control mechanism.
Filtering is done using:
- Prefix-lists
- Route-maps
- AS-path filters (basic idea only)
5. Inbound Filtering (Incoming Routes)
What Is Inbound Filtering?
Inbound filtering controls which routes are accepted FROM a BGP neighbor.
➡ Applied when routes are received
➡ Happens before routes enter the BGP table
Why Use Inbound Filtering?
Inbound filtering is used to:
- Prevent unwanted routes
- Reduce routing table size
- Improve security
- Avoid incorrect routing decisions
How Inbound Filtering Works (Simple Flow)
- Neighbor sends routes
- Router checks inbound policy
- Allowed routes are installed
- Denied routes are discarded
Common Inbound Filtering Tools
1. Prefix-Lists (Most Common)
- Allow or deny specific networks
- Very efficient
- Exam favorite
Example logic (not configuration):
- Allow
10.0.0.0/8 - Deny everything else
2. Route-Maps
- More advanced
- Can filter and modify attributes
- Used when prefix-lists alone are not enough
Exam Tip – Inbound Filtering
⚠ Important:
- Inbound filtering does NOT affect what you advertise
- It only affects what you accept
6. Outbound Filtering (Outgoing Routes)
What Is Outbound Filtering?
Outbound filtering controls which routes are advertised TO a BGP neighbor.
➡ Applied before sending routes
➡ Happens after BGP selects best path
Why Use Outbound Filtering?
Outbound filtering is used to:
- Prevent leaking internal routes
- Control routing visibility
- Enforce routing policies
- Improve security
How Outbound Filtering Works
- Router selects best paths
- Outbound policy is applied
- Allowed routes are advertised
- Denied routes are not sent
Common Outbound Filtering Tools
- Prefix-lists
- Route-maps
Exam Tip – Outbound Filtering
⚠ Important:
- Outbound filtering does NOT affect local routing decisions
- It only affects what neighbors see
7. Inbound vs Outbound Filtering (Very Important for Exam)
| Feature | Inbound Filtering | Outbound Filtering |
|---|---|---|
| Affects local routing | Yes | No |
| Affects neighbor routing | No | Yes |
| Applied when | Receiving routes | Sending routes |
| Common use | Block bad routes | Control advertisements |
PART B – PATH MANIPULATION
8. What Is Path Manipulation?
Path manipulation means changing BGP attributes to influence:
➡ Which path is selected as best
BGP uses many attributes to choose the best path.
Policies allow us to modify these attributes.
9. Why Path Manipulation Is Needed
Without path manipulation:
- BGP might choose a path that is:
- Slower
- Less preferred
- Against company policy
Path manipulation ensures:
- Predictable routing
- Controlled traffic flow
- Stable networks
10. Common BGP Attributes Used for Path Manipulation
For ENARSI, you MUST understand these:
1. Weight (Cisco-Specific)
- Highest value wins
- Local to router only
- Not advertised
Use case:
- Prefer one path on a single router
2. Local Preference (Very Important)
- Higher value is preferred
- Advertised within iBGP
- Used inside an AS
Use case:
- Control outbound traffic from AS
3. AS-Path
- Shorter path is preferred
- Can be modified using AS-path prepending
Use case:
- Influence incoming traffic
4. MED (Multi-Exit Discriminator)
- Lower value is preferred
- Used between neighboring ASes
- Optional and not always honored
Use case:
- Suggest preferred entry point into an AS
5. Next-Hop Attribute
- Determines where traffic is sent next
- Incorrect next-hop causes route failures
Used often with:
- Route-maps
- iBGP and eBGP policies
11. Path Manipulation Using Route-Maps
Why Route-Maps?
Route-maps can:
- Match routes
- Set attributes
- Filter routes
They are the most powerful BGP policy tool.
Route-Maps Can Be Applied:
- Inbound
- Outbound
Example Policy Logic (Conceptual)
- If prefix is
10.1.0.0/16- Set Local Preference to 200
- If prefix is
10.2.0.0/16- Prepend AS-Path
12. AS-Path Prepending (Exam Favorite)
What Is AS-Path Prepending?
AS-Path prepending means:
➡ Artificially increasing AS-Path length
This makes a route less preferred.
Why Use AS-Path Prepending?
- Influence incoming traffic
- Make one path look worse
- Encourage use of another path
Key Exam Points
- Prepending affects other ASes
- It does NOT affect local routing directly
- Overuse can cause instability
13. Common Policy-Related BGP Problems (Troubleshooting)
For ENARSI, recognize these symptoms:
Problem 1: Routes Not Appearing
Possible causes:
- Inbound filter blocking routes
- Prefix-list too strict
- Route-map deny statement
Problem 2: Routes Advertised Incorrectly
Possible causes:
- Missing outbound filter
- Wrong prefix-list applied
- Route-map sequence order issue
Problem 3: Wrong Path Selected
Possible causes:
- Incorrect local preference
- Weight applied unexpectedly
- AS-path prepending mistake
14. Important Troubleshooting Concepts (Exam)
Know these commands conceptually:
show ip bgpshow ip bgp neighborsshow ip bgp neighbors advertised-routesshow ip bgp neighbors received-routesshow route-mapshow ip prefix-list
15. Key Exam Summary (Must Remember)
Filtering
- Inbound = controls accepted routes
- Outbound = controls advertised routes
Path Manipulation
- Weight → router-local
- Local Preference → inside AS
- AS-Path → incoming traffic
- MED → external suggestion
Tools
- Prefix-lists → simple filtering
- Route-maps → filtering + attribute control
16. Final Exam Tip
📌 ENARSI focuses on troubleshooting, not memorizing commands.
You must be able to:
- Identify which policy causes a problem
- Understand where it is applied
- Know which attribute affects which traffic direction
