What is BGP Backdoor? How to configure BGP Backdoor?

 BGP backdoor it’s a well-known feature of the BGP which is used to change the AD (administrative distance) of eBGP. By default, external BGP (eBGP) has an administrative distance value of 20 with the help of a backdoor command you can set 200 AD. If two routing protocols provide route information for the same destination the administrative distance is the first criterion that a router uses to determine which routing protocol to use for the best path.  The lowest AD value is a more reliable protocol and link.

 

Why do we need to change eBGP AD?

Whenever our router learns about a network (prefix) through eBGP and also with an IGP protocol like OSPF EIGRP or RIP then our router always chooses the Ebgp route because Ebgp uses an administrative distance value of 20 so our router by default prefers eBGP over EIGRP AD 90, RIP AD 120, OSPF AD 110.

 In some scenarios this becomes a problem let’s see the configuration.

Topology:

Goal:

• configure the topology as per the diagram.
• assign the IP addresses 
• configure EIGRP 100 on router 1 and router 3
• advertise the interfaces
• configure eBGP peering between router 1 and 2
• configure eBGP peering between router 2 and router 3
•  make sure router 1 gets the 192.168.30.1 route from serial 4/3 link via EIGRP. 
• configure backdoor in order to get 192.168.30.1 route via serial link 4/3 from router 3.

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#no keepalive

R1(config-if)#exit

R1(config)#interface serial 4/2

R1(config-if)#ip address 3.3.3.2 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface loopback 0

R1(config-if)#ip address 192.168.10.1 255.255.255.255

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface serial 4/0

R2(config-if)#ip address 1.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 2.2.2.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 20.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#no keepalive

R2(config-if)#exit

R2(config)#interface loopback 0

R2(config-if)#ip address 192.168.20.1 255.255.255.255

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 2.2.2.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/2

R3(config-if)#ip address 3.3.3.1 255.0.0.0

R3(config-if)# no shutdown

R3(config-if)#exit

R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#no keepalive

R3(config-if)#exit

R1(config)#router eigrp 100

R1(config-router)#network 192.168.10.0

R1(config-router)#network 3.0.0.0

R1(config-router)#exit

*May 20 13:40:19.679: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.1 (Serial4/2) is up: new adjacency

R1(config)#router bgp 6111

R1(config-router)#neighbor 1.1.1.2 remote-as 6100

R1(config-router)#network 192.168.10.1 mask 255.255.255.255

R1(config-router)#network 10.0.0.0

R1(config-router)#exit

R1(config)#end

*May 20 13:43:29.459: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up

R2(config)#router bgp 6100

R2(config-router)#neighbor 1.1.1.1 remote-as 6111

R2(config-router)#network 192.168.20.1 mask 255.255.255.255

R2(config-router)#neighbor 2.2.2.2 remote-as 6333

R2(config-router)#exit

 20 13:43:29.531: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

R3(config)#router eigrp 100

R3(config-router)#network 3.0.0.0

R3(config-router)#network 192.168.30.0

R3(config-router)#exit

*May 20 13:40:19.663: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

R3(config)#router bgp 6333

R3(config-router)#neighbor 2.2.2.1 remote-as 6100

R3(config-router)#network 30.0.0.0

R3(config-router)#network 192.168.30.1 mask 255.255.255.255

R3(config-router)#exit

R3(config)#end

*May 20 13:42:50.559: %BGP-5-ADJCHANGE: neighbor 2.2.2.1 Up

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.10.0/32 is subnetted, 1 subnets

B        192.168.10.1 [20/0] via 2.2.2.1, 00:02:03

( as can see from the above output router 3 is getting  (R1) 192.168.10.1 route from route via serial 4/0 to serial 4/1 {2.2.2.1} R2. because of the lower AD value of eBGP )

 Let's see on  router 1 from where it's getting 192.168.30.1 network 

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.30.0/32 is subnetted, 1 subnets

B        192.168.30.1 [20/0] via 1.1.1.2, 00:01:44

( router 1 is also installing 192.168.30.1 network  from router 1 because of lower AD of eBGP)

We need to fix this with help of the BGP backdoor command.

R1(config)#router bgp 6111

R1(config-router)#network 192.168.30.1 mask 255.255.255.255 backdoor

R1(config-router)#exit

R3(config)#router bgp 6333

R3(config-router)#network 192.168.10.1 mask 255.255.255.255 backdoor

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.10.0/32 is subnetted, 1 subnets

D        192.168.10.1 [90/2297856] via 3.3.3.2, 00:38:02, Serial4/2

( as you can see after applying the backdoor command now our routers installing a new path)

A backdoor network is treated as a local network, except that it is not advertised. 

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.30.0/32 is subnetted, 1 subnets

D        192.168.30.1 [90/2297856] via 3.3.3.1, 00:02:17, Serial4/2