Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
What is the BGP Backdoor Feature?
The term “backdoor” is a very controversial term when it comes to privacy and security. However, when it comes to BGP, it is a well-known feature that is used to change the administrative distance of eBGP in order for an interior gateway routing protocol (IGP) to take precedence over an eBGP route.
By default, external BGP (eBGP) has an administrative distance value of 20. Administrative distance is the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the best path and reliability of the source of the routing information. The smaller the administrative distance value, the more reliable the protocol/link.
Note: For more information about administrative distance in routing protocols refer to:
BGP selects a single path, by default, as the best path to a destination host or network. The best path selection algorithm analyzes path attributes to determine which route is installed as the best path in the BGP routing table. Each path carries well-known mandatory, discretionary, and optional transitive attributes that are used in BGP best path analysis.
The “Backdoor Feature” is often used to increase the administrative distance of eBGP to 200 with the goal of making the IGP learned routes to be preferred. A backdoor network is treated as a local network, except that it is not advertised. This is configured by using the network backdoor BGP command.
For example, in Figure 1 three separate networks are illustrated: a network in New York (AS 1010); another in Research Triangle Park (RTP), NC (AS 2020); and a third one in San Jose, CA (AS 3030).
Figure 1 – eBGP default admin distance
With the default administrative distances of BGP and EIGRP, if a device in the New York network (10.10.10.0/24) communicates with a device in RTP (10.20.20.0/24) the packets will route via the network in San Jose. This is because eBGP has a lower administrative distance (20) than EIGRP (90). To avoid this, the Cisco IOS Software network backdoor command can be used in New York’s R1 router (NY-R1) and vice-versa, as shown below.
After the network backdoor command is used in NY-R1, the administrative distance of eBGP is changed to 200 and the preferred path will be via the direct connection between NY-R1 and RTP-R1, as shown in Figure 2. The same steps can be followed in RTP, accordingly.
Figure 2 – eBGP admin distance after network backdoor command is used
The following are several additional references regarding BGP configuration and troubleshooting: