BGP backdoor it’s a well-known feature of the BGP which is used to change the AD (administrative distance) of eBGP. By default, external BGP (eBGP) has an administrative distance value of 20 with the help of a backdoor command you can set 200 AD. If two routing protocols provide route information for the same destination the administrative distance is the first criterion that a router uses to determine which routing protocol to use for the best path. The lowest AD value is a more reliable protocol and link.

Why do we need to change eBGP AD?

Whenever our router learns about a network (prefix) through eBGP and also with an IGP protocol like OSPF EIGRP or RIP then our router always chooses the Ebgp route because Ebgp uses an administrative distance value of 20 so our router by default prefers eBGP over EIGRP AD 90, RIP AD 120, OSPF AD 110.

In some scenarios this becomes a problem let’s see the configuration.

Topology:

Goal:

configure the topology as per the diagram.
assign the IP addresses
configure EIGRP 100 on router 1 and router 3
advertise the interfaces
configure eBGP peering between router 1 and 2
configure eBGP peering between router 2 and router 3
make sure router 1 gets the 192.168.30.1 route from serial 4/3 link via EIGRP.
configure backdoor in order to get 192.168.30.1 route via serial link 4/3 from router 3.

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#no keepalive

R1(config-if)#exit

R1(config)#interface serial 4/2

R1(config-if)#ip address 3.3.3.2 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface loopback 0

R1(config-if)#ip address 192.168.10.1 255.255.255.255

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface serial 4/0

R2(config-if)#ip address 1.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 2.2.2.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 20.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#no keepalive

R2(config-if)#exit

R2(config)#interface loopback 0

R2(config-if)#ip address 192.168.20.1 255.255.255.255

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 2.2.2.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/2

R3(config-if)#ip address 3.3.3.1 255.0.0.0

R3(config-if)# no shutdown

R3(config-if)#exit

R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#no keepalive

R3(config-if)#exit

R1(config)#router eigrp 100

R1(config-router)#network 192.168.10.0

R1(config-router)#network 3.0.0.0

R1(config-router)#exit

*May 20 13:40:19.679: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.1 (Serial4/2) is up: new adjacency

R1(config)#router bgp 6111

R1(config-router)#neighbor 1.1.1.2 remote-as 6100

R1(config-router)#network 192.168.10.1 mask 255.255.255.255

R1(config-router)#network 10.0.0.0

R1(config-router)#exit

R1(config)#end

*May 20 13:43:29.459: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up

R2(config)#router bgp 6100

R2(config-router)#neighbor 1.1.1.1 remote-as 6111

R2(config-router)#network 192.168.20.1 mask 255.255.255.255

R2(config-router)#neighbor 2.2.2.2 remote-as 6333

R2(config-router)#exit

20 13:43:29.531: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

R3(config)#router eigrp 100

R3(config-router)#network 3.0.0.0

R3(config-router)#network 192.168.30.0

R3(config-router)#exit

*May 20 13:40:19.663: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

R3(config)#router bgp 6333

R3(config-router)#neighbor 2.2.2.1 remote-as 6100

R3(config-router)#network 30.0.0.0

R3(config-router)#network 192.168.30.1 mask 255.255.255.255

R3(config-router)#exit

R3(config)#end

*May 20 13:42:50.559: %BGP-5-ADJCHANGE: neighbor 2.2.2.1 Up

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.10.0/32 is subnetted, 1 subnets

B 192.168.10.1 [20/0] via 2.2.2.1, 00:02:03

( as can see from the above output router 3 is getting (R1) 192.168.10.1 route from route via serial 4/0 to serial 4/1 {2.2.2.1} R2. because of the lower AD value of eBGP )

Let's see on router 1 from where it's getting 192.168.30.1 network

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.30.0/32 is subnetted, 1 subnets

B 192.168.30.1 [20/0] via 1.1.1.2, 00:01:44

( router 1 is also installing 192.168.30.1 network from router 1 because of lower AD of eBGP)

We need to fix this with help of the BGP backdoor command.

R1(config)#router bgp 6111

R1(config-router)#network 192.168.30.1 mask 255.255.255.255 backdoor

R1(config-router)#exit

R3(config)#router bgp 6333

R3(config-router)#network 192.168.10.1 mask 255.255.255.255 backdoor

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.10.0/32 is subnetted, 1 subnets

D 192.168.10.1 [90/2297856] via 3.3.3.2, 00:38:02, Serial4/2

( as you can see after applying the backdoor command now our routers installing a new path)

A backdoor network is treated as a local network, except that it is not advertised.

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.30.0/32 is subnetted, 1 subnets

D 192.168.30.1 [90/2297856] via 3.3.3.1, 00:02:17, Serial4/2

What is ARP (Address Resolution Protocol)?

ARP (Address Resolution Protocol) it’s a communication protocol. Networking devices used for discovering MAC (media access control) addresses, associate with an IPv4 address (internet layer address), and map the MAC addresses to IPv4 addresses this mapping is done dynamically and stored in the ARP cache. ARP works between layer 2 and layer 3 of the OSI because the MAC address exists on the data link layer and the IP address exists on the network layer.

How does ARP work?

Whenever a fresh PC (computer) connects to LAN, it will assign an IP address statically or dynamically to use for identity and for communication. When an incoming packet destined for a host machine on a particular LAN arrives at a gateway, the gateway is going to ask ARP for a MAC address that matches the IP address. There is a table called ARP cache in this table ARP mapping record. Whenever a host asks for a MAC address in order to send a packet to another host in the LAN, ARP looks it the cache to see if their IP to MAC mapping translation is already stored. If it’s already stored then no need for ARP broadcast but if there is no translation stored then ARP sends a request for the network address (does anybody knows this IP address)

ARP sends broadcast a request packet to all the hosts on the LAN network and asks is there any host using this particular IP address please let me know. When a host recognizes oh it’s my IP address it will immediately send a unicast reply so ARP can update and store it in the cache table and now communication can proceed.

What happens if the host (machine) doesn’t know its own IP address?

In this situation, RARP (Reverse ARP) protocol is used for discovery. next chapter we are going to see proxy ARP and RARP.

What is ARP cache?

ARP cache is a table where mapping or translation is stored. The size of the ARP cache is limited and from time to time cleansed its entire entries to free its space. Mappings are stored for a few minutes. ARP frequently updates when a host changes their requested IP address.

ARP Commands

we used arp -a command to display the ARP table. It shows all the entries of the ARP cache or table.