Orhan Ergun No Comments

Tier 1, Tier 2 and Tier 3 Service Providers

Tier 1,Tier 2 and Tier 3 Service Providers

What is tier in the first place ? If you are dealing with Service Provider networks, you hear this term a lot. But how we define Tier 1,Tier 2 and Tier 3 Service Providers ?

What should be their infrastructure to be seen as Tier 1 for example ?

Which tier is bigger in scale ? Which one is better for the customers to purchase a service from ?

Why Service Providers claim that they are Tier 1 or Tier 2 ?  Read more

Orhan Ergun No Comments

BGP in MPLS Layer 3 VPN – BGP as a PE-CE Routing Protocol

BGP can be used as a PE-CE routing protocol in MPLS Layer 3 VPN. Also Service Providers run MP-BGP (Multiprotocol BGP) if they have MPLS Layer 3 VPN.

In this article, MP-BGP will not be explained since it has been explained here earlier in detail.

When BGP is used as a PE-CE routing protocol between the customer and its MPLS Layer 3 VPN Provider, it is important to say that there is no need to redistribute on the Service Provider PE. All the other routing protocol require redistribution from MP-BGP into the routing protocol and vice versa.

In this post, I will explained what are the design considerations when BGP is used as PE-CE routing protocol in MPLS Layer 3 VPN and the how you can mitigate possible routing loop problems.

Last but not least, I will share when CE (Customer Equipment) is multihomed to two PEs (Provider Edge Device), what would be the design considerations if BGP is used in MPLS Layer VPN. Read more

Orhan Ergun 2 Comments

BGP Peering – Private, Public, Bilateral and Multilateral Peering

BGP Peering

BGP Peering is an agreement between different Service Providers. It is an EBGP neighborship between different Service Providers to send BGP traffic between them without paying upstream Service Provider.


To understand BGP peering, first we must understand how networks are connected to each other on the Internet. The Internet is a collection of many individual networks, which interconnect with each other under the common goal of ensuring global reachability between any two points.


BGP peering
BGP Peering and Transit Links

Read more

Orhan Ergun 1 Comment

BGP (Border Gateway Protocol) Quiz,Questions and Detailed Answers

BGP (Border Gateway Protocol) a.k.a Bloody Good Protocol quiz !

I prepared 20 Questions in this quiz for you. Intend of this quiz to provide you the BGP design information.

This quiz is part of the BGP Review Questions of my upcoming new version of CCDE Workbook. There will be hundreds of questions in it and will be available shortly !

This quiz helps for CCDE Written and CCDE Practical exam as well as real-life Network Engineering Interviews.

For more quizzes and many other design resources such as videos, mind maps and the my books, you can subscribe and access immediately. Click here to subscribe Self Paced CCDE Course 

Read more

Orhan Ergun No Comments

BGP As-path prepending – Use cases, Alternatives and Challenges

BGP As-path is a mandatory BGP attribute which has to be sent in every BGP message. BGP as-path prepending is one of the BGP traffic engineering methods which will be explained in detail throughout this post. 



What is BGP As-path attribute ? Why BGP as-path attribute is used ?

What is BGP as-path prepending ?

What are the other alternatives for BGP as-path prepending ?

How BGP traffic engineering is achieved with BGP as-path prepending ?

What are the challenges which BGP as-path prepending cannot handle and what are the solutions for incoming BGP path selections.

Read more

Orhan Ergun No Comments

BGP Best External

BGP Best External is used in Active Standby BGP Topologies generally but not limited with that.BGP Best External feature helps BGP to converge much faster by sending external BGP prefixes which wouldn’t normally be sent if they are not overall BGP best path.

There are BGP best internal, BGP best external and BGP Overall best path.

BGP Best external in an active-standby scenarios can be used in MPLS VPN, Internet Business Customers, EBGP Peering Scenarios, Hierarchical large scale Service Provider backbone and many others.

But,How active-standby scenario connection with BGP is created ? In which situation people use active-standby instead of active-active connection ?

Let’s start with the below scenario.

bgp best external

Figure -1 BGP Active-Standby Path Selection Example

Read more

Orhan Ergun 6 Comments

What is MP-BGP – Multiprotocol BGP

MP-BGP (Multiprotocol BGP) is an extensions to BGP protocol. Standard BGP only supports IPv4 unicast address family, whereas MP-BGP supports more than 15 different BGP address families.

RFC4760 defines the extensions for BGP protocol and states that ” in order to bring extra functionality to BGP protocol, new BGP AFI (Address Family Identifier) and BGP SAFI (Sub Address Family Identifier) is introduced”.

Multi protocol BGP supports IPv4 and IPv6 address families and their unicast and multicast variants.

MPBGP also supports Layer 2 VPN address families. EVPN (Ethernet VPN) is a mechanism which the mac addresses are exchanged between PE devices over BGP control plane. Read more

Orhan Ergun 3 Comments

BGP Next-Hop Behaviour in IP and MPLS Networks

One of my CCDE bootcamp students asked a question about next hop in MPLS VPN network. So, I would be very pleased to explain the BGP next hop behaviour both in IP and MPLS network in this post.

Let’s start with this IP network shown below (Figure-1).

IBGP next-hop

Figure-1 IBGP Next Hop handling in IP networks

Read more

Orhan Ergun 1 Comment

What is DFZ (Default Free Zone)?

In the context of the Internet and BGP routing, DFZ – commonly known as Default Free Zone – refers to the collections of all the public IPv4 BGP prefixes without default route on the global Internet.

Most of the time, you hear full-route or full-Internet-route terms which are the same with Default Free Zone term. Having all BGP routes, which are announced by all the available AS (Autonomous System), on the Internet.

Currently, there are more than 600,000 IPv4 BGP routes and about 30,000 IPv6 routes in the DFZ (Default Free Zone).  These numbers, however, could easily be reduced to 300,000 for IPv4 and less than 20,000 for IPv6 based on the CIDR reports (IPv4 CIDR report and  IPv6 CIDR report). Read more

Orhan Ergun 1 Comment



BGP PIC Edge provides sub second convergence time in the case of edge link or node failure. BGP PIC is a useful for MPLS VPN service and can be provided by the Service provider as a value added service thus might provide additional revenue.

BGP PIC provides sub second converge time in case link or node failure, and BGP PIC edge covers the edge failure cases.Sub second convergence is not possible without PIC – Prefix Independent Convergence for BGP.

Read more

Orhan Ergun 1 Comment

What does BGP free core mean ?

What is the meaning of BGP free core?

BGP refers to an Internet protocol used between different Autonomous System on the Internet. The purpose of this post is not to explain the fundamentals of BGP, as I believe that readers are already familiar with the basic of BGP and IP routing operation. To understand the rudimentary aspect of BGP, click here to peruse articles on BGP.

Let’s look at the topology shown below to understand the BGP operation and IP destination-based lookup. Read more

Orhan Ergun 9 Comments

BGP Design Case Study

Below BGP design case study is taken from the Orhan Ergun’s CCDE Practical Workbook.In the new version of the workbook there are more than 50 case studies are shared for many technologies.

If you are in the network design field or want to learn about it,don’t miss the book.

Scenario :
Network A is a customer of Network Z, Network B is a peer of Network Z.
Network A becomes transit customer of Network B.
Network A announces aggregate to Network Z and more specific prefixes, and to Network B. Network B sends more specific to its peer Z.
Network Z only announces the aggregate to the world. Network B doesn’t announce anything to the upstream SP.

What is the impact of this design ?
Is there any problem ? If there is , how you can fix ? 

Read more

Orhan Ergun 6 Comments

BGP PIC – Prefix Independent Convergence

BGP PIC ( Prefix Independent Convergence )  is a BGP Fast reroute mechanism which can provides sub second convergence even for the 500K internet prefixes by taking help of IGP convergence.

BGP PIC uses hierarchical data plane in contrast to flat FIB design which is used by Cisco CEF and many legacy platforms. Read more

Orhan Ergun 23 Comments

BGP Route Reflector Clusters

BGP route reflectors, used as an alternate method to full mesh IBGP, help in scaling.

BGP route reflector clustering is used to provide redundancy in a BGP RR design. BGP Route reflectors and its clients create a cluster.

In IBGP topologies, every BGP speaker has to be in a logical full mesh. However, route reflector is an exception.

IBGP router sets up BGP neighborship with only the route reflectors.

In this article, I will specifically mention the route reflector clusters and its design.

Some Terminology first :

Route Reflector Cluster ID has four-byte BGP attribute, and, by default, it uses a BGP router ID.

If two routers share the same BGP cluster ID, they belong to the same cluster.


Before reflecting a route, route reflectors append its cluster ID to the cluster list. If the route is originated from the route reflector itself, then route reflector does not create a cluster list.


If the route is sent to EBGP peer, RR removes the cluster list information.

If the route is received from EBGP peer, RR does not create a cluster list attribute.

Cluster list is used for loop prevention by only the route reflectors. Route reflector clients do not use cluster list attribute, so they do not know to which cluster they belong.


If RR receives the routes with the same cluster ID, it is discarded.

Let’s start with the basic topology.

BGP Route Reflector Cluster Same CLuster ID

Figure-1  Route Reflector uses same cluster id


In the diagram shown above in fig.1, R1 and R2 are the route reflectors, and R3 and R4 are the RR clients. Both route reflectors use the same cluster ID.

Green lines depict physical connections. Red lines show IBGP connections.

Assume that we use both route reflectors as cluster ID which is R1’s router ID.

R1 and R2 receive routes from R4.

R1 and R2 receive routes from R3.

Both R1 and R2 as route reflectors appends as cluster ID attributes that they send to each other. However, since they use same cluster, they discard the routes of each other.

That’s why, if RRs use the same cluster ID, RR clients have to connect to both RRs.

In this topology, routes behind R4 is learned only from the R1-R4 direct IBGP session by the R1 (R1 rejects from R2). Of course, IGP path goes through R1-R2-R4, since there is no physical path between R1-R4.

If the physical link between R2 and R4 goes down, both IBGP sessions between R1-R4 and R2-R4 goes down as well. Thus, the networks behind R4 cannot be learned.

Since, the routes cannot be learned from R2 (the same cluster ID), if physical link is up and IBGP session goes down between R1 and R4, networks behind R4 will not be reachable either, but if you have BGP neighborship between loopbacks and physical topology is redundant , the chance of IBGP session going down is very hard.

Note : Having redundant physical links in a network design is a common best practice. Thats why below topology is a more realistic one.


What if we add a physical link between R1-R4 and R2-R3 ?

BGP Route Reflector Clusters Same Cluster-ID with excessive redundancy

 Figure-2 Route Reflector uses same cluster-ID, physical cross-connection is added between the RR and RR clients


In Figure-2  physical cross-connections are added between R1-R4 and R2-R3.

Still, we are using the same BGP cluster ID on the route reflectors.

Thus, when R2 reflects R4 routes to R1, R1 will discard those routes. In addition, R1 will learn R4 routes through direct IBGP peering with R4. In this case, IGP path will change to R1-R4 rather than to R1-R2-R4.

In a situation in which R1-R4 physical link fails, IBGP session will not go down if the IGP converges to R1-R2-R4 path quicker than BGP session timeout (By default it does).

Thus, having the same cluster ID on the RRs saves a lot of memory and CPU resource on the route reflectors even though link failures do not cause IBGP session drop if there is enough redundancy in the network.

If we would use different BGP cluster ID on R1 and R2, R1 would accept reflected routes from R2 in addition to routes from direct peering with R4.

Orhan Ergun recommends Same BGP Cluster ID for the Route Reflector redundancy.

Route reflectors would keep an extra copy for each prefix.

Let me throw a series of questions to you.

Do you have route reflector in your network?

Do you have more than one for redundancy?

Are you using identical or different cluster ID?

Let’s discuss your network design in the comment section.

Orhan Ergun 3 Comments

Route Redistribution Best Practices

You need route redistribution for many reasons.

In this post,the drivers for the route redistribution but more importantly the best practices for applying route redistribution will be explained in great detail. Read more

Orhan Ergun 4 Comments

BGP Route reflectors and potato routing


If you are designing enterprise, service provider, even datacenter networks you have to understand BGP route reflector.

You want to know what is hot , cold and mash potato routing. Read more

Orhan Ergun 6 Comments

MPLS Layer 2 and Layer 3 VPN

RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.

In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and  defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.

With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.

Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.

With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.

Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.

If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.

In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.

All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.

One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.

If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.


Orhan Ergun No Comments

BGP Outbound Route Filtering ( ORF )

Outbound Route Filtering (ORF) is the BGP capability which is negotiated between BGP neighbours during a session setup.

If during a session setup process BGP ORF ( Outbound Route Filtering ) capability is exchanged , one peer can send a signal to its BGP neighbour about desired or unwanted prefixes.

Assume you are receiving a full BGP table from the neighbouring Internet Service Provider , if they support ORF as a BGP capability and agree with you to use it then you can tell to neighbouring BGP router by sending an update that you don’t want particular BGP prefixes without calling ISP and explaining what you want.

It may seem an easy task but from operational point of view , it can really shorten your time and effort.