Home » BGP Deep Dive: eBGP, iBGP, Path Attributes, Route Reflector, Confederation และ BGP Security
ไม่มีหมวดหมู่

BGP Deep Dive: eBGP, iBGP, Path Attributes, Route Reflector, Confederation และ BGP Security

bom
March 9, 2026
2 Views
BGP Deep Dive: eBGP, iBGP, Path Attributes, Route Reflector, Confederation และ B

BGP Deep Dive: eBGP, iBGP, Path Attributes, Route Reflector, Confederation และ BGP Security

BGP (Border Gateway Protocol) เป็น routing protocol ที่รัน internet eBGP เชื่อมต่อระหว่าง Autonomous Systems, iBGP กระจาย routes ภายใน AS, Path Attributes กำหนดเส้นทางที่ดีที่สุด, Route Reflector ลดความซับซ้อนของ iBGP full mesh, Confederation แบ่ง AS ใหญ่เป็นส่วนย่อย และ BGP Security ป้องกัน route hijacking

BGP เป็น “glue ที่เชื่อมต่อ internet ทั้งหมดเข้าด้วยกัน”: 75,000+ Autonomous Systems, 900,000+ IPv4 prefixes, 200,000+ IPv6 prefixes BGP path selection กำหนดว่า traffic จะไหลผ่านเส้นทางไหน ถ้า BGP มีปัญหา → internet ล่มเป็นวงกว้าง (Facebook outage 2021 = BGP misconfiguration ทำให้ Facebook, Instagram, WhatsApp หาย 6 ชั่วโมง)

eBGP vs iBGP

Feature eBGP iBGP
Between Different AS (AS 100 ↔ AS 200) Same AS (routers within AS 100)
AD 20 (preferred over iBGP) 200
TTL 1 (directly connected) — use ebgp-multihop if not 255 (loopback peering)
Next-Hop Changes to advertising router’s IP Does NOT change (next-hop-self needed)
AS-Path Prepends own AS number Does NOT modify AS-Path
Full Mesh Not required Required (or use Route Reflector / Confederation)
Loop Prevention AS-Path (reject routes with own AS) Split-horizon (iBGP peer ≠ re-advertise to iBGP peer)

BGP Path Selection (Best Path Algorithm)

Priority Attribute Prefer
1 Weight (Cisco-specific) Highest (local to router, default 0, set manually)
2 Local Preference Highest (default 100, shared within AS via iBGP)
3 Locally Originated Prefer locally originated routes (network, redistribute, aggregate)
4 AS-Path Length Shortest (fewer AS hops = shorter path)
5 Origin IGP (i) > EGP (e) > Incomplete (?)
6 MED (Multi-Exit Discriminator) Lowest (hint to neighbor AS which path to use)
7 eBGP over iBGP Prefer eBGP-learned routes over iBGP
8 Lowest IGP Metric Closest next-hop (lowest IGP cost to reach next-hop)
9 Oldest Route Prefer older (more stable) route
10 Lowest Router ID Tiebreaker: lowest BGP router ID

Key Path Attributes

Attribute Type Description
AS-Path Well-known Mandatory List of AS numbers route has traversed — loop prevention + path selection
Next-Hop Well-known Mandatory IP address of next router to reach destination — must be reachable
Origin Well-known Mandatory How route was injected: i (IGP/network), e (EGP), ? (redistribute)
Local Preference Well-known Discretionary Shared within AS — higher = preferred outbound path
MED Optional Non-transitive Hint to neighbor AS — lower = preferred inbound path (not always honored)
Community Optional Transitive Tags for policy: no-export, no-advertise, custom (e.g., 65000:100)
Aggregator Optional Transitive Information about which router performed route aggregation

Route Reflector

Feature รายละเอียด
Problem iBGP requires full mesh: N routers = N×(N-1)/2 sessions → 100 routers = 4,950 sessions!
Solution Route Reflector (RR): iBGP peers only with RR → RR reflects routes to all clients
Client iBGP peers of RR — receive reflected routes from RR
Non-Client Regular iBGP peers — full mesh with other non-clients and RRs
Cluster ID Identifies RR cluster — prevents loops between redundant RRs
Reflection Rules From client → reflect to all clients + non-clients | From non-client → reflect to clients only
Redundancy Deploy 2 RRs per cluster → if one fails, other continues reflecting

Confederation

Feature รายละเอียด
Problem Same as RR: iBGP full mesh scalability
Solution Split AS into sub-AS numbers → eBGP between sub-AS → iBGP within sub-AS
External View Outside world sees single AS number → confederation is internal detail
Sub-AS Private AS numbers (64512-65534) → not visible externally
Advantage Reduces iBGP sessions, keeps AS-Path loop prevention
vs Route Reflector RR = simpler, more common | Confederation = more complex, better for very large AS

BGP Security

Threat Description Defense
Route Hijacking Advertise someone else’s prefix → traffic goes to attacker RPKI (ROA), prefix filtering, IRR
Route Leak Re-advertise routes to wrong peers → traffic misdirected AS-Path filtering, community-based policies, ASPA
Session Hijacking Inject TCP RST or fake BGP messages into session MD5/TCP-AO authentication, GTSM (TTL security)
Prefix De-aggregation Advertise more-specific prefix → longest match wins → steal traffic ROV (Route Origin Validation), max-prefix limits
RPKI Resource Public Key Infrastructure: cryptographic proof of prefix ownership ROA (Route Origin Authorization) + ROV on routers
BGPsec Sign each AS hop in AS-Path → verify entire path (not just origin) Future: full path validation (not widely deployed yet)

ทิ้งท้าย: BGP = The Protocol That Runs the Internet

BGP Deep Dive eBGP: between AS (AD 20, TTL 1, changes next-hop) | iBGP: within AS (AD 200, full mesh required) Path Selection: weight → local pref → AS-path length → origin → MED → eBGP > iBGP → IGP metric → oldest → router ID Attributes: AS-Path (loop prevention), Next-Hop (reachability), Local Pref (outbound), MED (inbound), Community (policy) Route Reflector: eliminate iBGP full mesh → RR reflects to clients → most common scalability solution Confederation: split AS into sub-AS → eBGP between sub-AS → alternative to RR for very large AS Security: RPKI/ROA (origin validation), prefix filtering, MD5/TCP-AO auth, GTSM → BGPsec (future path validation) Key: BGP misconfiguration = internet outage — understand path selection, implement security (RPKI), monitor routes

อ่านเพิ่มเติมเกี่ยวกับ EIGRP Deep Dive Metric Calculation Feasible Successor และ WAN Technologies MPLS SD-WAN DMVPN ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com

บทความที่เกี่ยวข้อง

Siam2R.com — Portfolio งาน IT · XM Signal — Free Forex EA Download

Related Articles
จัดส่งรวดเร็วส่งด่วนทั่วประเทศ
รับประกันสินค้าเคลมง่าย มีใบรับประกัน
ผ่อนชำระได้บัตรเครดิต 0% สูงสุด 10 เดือน
สะสมแต้ม รับส่วนลดส่วนลดและคะแนนสะสม

ติดต่อเรา | LINE: @siamlancard

Facebook | YouTube | LINE OA

เว็บในเครือ: SiamCafe.net | iCafeForex.com | Siam2R.com | XMSignal.com

© 2026 SiamLancard — จำหน่ายการ์ดแลน อุปกรณ์ Server และเครื่องพิมพ์ใบเสร็จ

SiamLancard
Logo
Free Forex EA Download — XM Signal · EA Forex ฟรี
iCafeForex.com - สอนเทรด Forex | SiamCafe.net
Shopping cart