Professional Documents
Culture Documents
Course Objectives
u
Describe routing policy features Configure routing policy in a variety of situations Configure advanced routing policy for BGP Manage communities Manage AS path regular expressions Set route damping parameters
Slide 2
Module Objectives
u
v v
v v
When to define routing policies The difference between importing and exporting routes The basic structure of routing policies Match conditions and actions available for policies How to define route filters How to apply routing policy
Slide 4
Overview
Policy Overview
u
Controls routing information transferred between routing table and each routing protocol
v
Incoming routing information can be ignored or changed Outgoing routing information can be suppressed or changed
You do not want to import all learned routes into the routing table You do no want to advertise all learned routes to neighboring routers You want one protocol to receive routes from another protocol You want to modify information associated with a route
Slide 7
Routes
Routes
Protocol PFE
Protocol
Forwarding Table
= Slide 8
Routing Policy
Allow you to filter and control routing information entering and leaving the router u Separate policy for each routing protocol
u
Neighbors
Import Policy #1
Routes
Import Policy #2
Routes
Export Policy #2
Protocol
Slide 9
Routing Policy
u u
Policies contain collections of terms Terms contain a condition and an action to apply to each route
Accept Last Term Reject Next Policy
Accept
Reject
Slide 10
Routing Policy
u
Accept
Accept
Reject
Reject
Slide 11
Match Conditions
u
General
v
Route metrics
v v v v
bgp, direct, dvmrp, isis, local, mpls, ospf, pim-dense,pim-sparse, rip, static, aggregate
Slide 12
Match Conditions
u
OSPF
v v
Area ID Tag and tag2 fields Level number Autonomous system path (AS path) Community name Local preference Origin
Slide 13
IS-IS
v
BGP
v v v v
Match Actions
u
Terminate
v v
Accept route Reject (or suppress) route Skip to next policy Skip to next term Log the match to trace file, continue processing term
Flow Control
v v
Trace
v
Slide 14
Match Actions
u
Modify
v v v v
Slide 15
Match Actions
u
Modify
v
OSPF
IS-IS
Level number
Slide 16
Match Actions
u
Modify
v
BGP
Prepend AS path Add, delete, or set community Change route damping parameters Change local preference value Change protocol origin
Slide 17
Default Policies
Different default policies for each protocol being imported or exported u Reaching the end of a policy (or chain of policies) invokes default policy for that protocol
u
Slide 18
Default Policies
u
Import
Import all routes from protocol IS-IS and OSPF cannot override or change this default policy could lead to inconsistent routing
Export
Export routes learned by that protocol Export direct routes for interfaces on which the protocol is explicitly configured
Slide 19
Default Policies
u
BGP
v
Import
Export
Transmit all routes learned from BGP neighbors to all BGP neighbors Only active routes can be exported
Slide 20
Configuring Policy
Configuring Policy
u u u
Policies are made up of terms Terms are made up of match conditions and actions Match conditions can be split into from and to parts
Match Condition Action Match Condition Term Action
Term
Policy
= Slide 22
Configuring Policy
u
Slide 23
Configuring Policy
u
Example
policy-options { policy-statement advertise-ospf { term pick-ospf { from protocol ospf; then accept; } } } protocols bgp { export advertise-ospf; }
Slide 24
Configuring Policy
u
Slide 25
Applying policy
Applying Policy
u u
Most routing protocols have global import and export filtering points LinkLink -state protocols (IS(IS -IS and OSPF) have only export filtering points
protocols { isis { export [ policy-list ]; } ospf { export [ policy-list ]; } }
Slide 27
Applying Policy
u
Neighbor policy overrides group and global policies Group policy overrides global policy
Slide 28
Applying Policy
u
u BGP
sample
Route Matching
Route Filters
[..] term term-name { from { route-filter prefix/prefix-length match-type <actions>; [..] } then action; }
u u
Multiple route filters in a single term u Evaluation of route filters has special rules
= Slide 32
Includes
192.168.0.0/16
Excludes
Everything else
Slide 33
Includes
192.168.0.0/16 192.168.12.4/30 192.168.0.0/17 192.168.12.128/32 192.168.4.0/24
=
Excludes
192.168.0.0/8 192.169.1.0/24 192.170.0.0/16
Slide 34
Includes
192.168.12.4/30 192.168.0.0/17 192.168.12.128/32 192.168.4.0/24
=
Excludes
192.0.0.0/8 192.170.0.0/16 192.169.1.0/24 192.168.0.0/16
Slide 35
Match a range of routes having the mostmost significant bits in common as described by the first prefix length, but not exceeding the second prefix length
term sample { from route-filter 192.168/16 upto /24; then accept; }
Includes
192.168.0.0/16 192.168.0.0/17 192.168.4.0/24
=
Excludes
192.0.0.0/8 192.170.0.0/16 192.169.1.0/24 192.168.5.4/30
192.168.12.128/32
Slide 36
Includes
192.168.0.0/16 192.168.0.0/17 192.168.0.0/18
=
Excludes
192.168.0.0/19 192.168.16.0/20 192.168.128.0/17 192.168.192.0/18 192.168.5.4/30
Slide 37
192.168.0.0/20 192.168.224.0/19
If the route matches the filter and action is specified, it takes effect immediately and the then then portion of the term is ignored u If one or more patterns match and no action is specified, the then then portion is executed
u
= Slide 38
Logical OR function
u u
Multiple filters with similar prefixes the longest prefix Action associated with longest filter is performed
Slide 39
Slide 40
#Default #Loopbacks #Reserved A block #Reserved B block #Reserved C block #Multicast #IANA reserved-2
Slide 41
Slide 42
Checkpoint
u
Strip away some unwanted prefixes The difference between importing and exporting routes ? The basic structure of routing policies? The match conditions and actions available for policies? How to define route filters? How to apply routing policy?
Slide 43
Module Objectives
u
Policy commands applied to BGP communities AS path regular expressions Damping parameters How to test and view policies
Slide 45
Communities
BGP Communities
u u u u u
Group destinations that share a common property Perform action on entire group Community associations sent in BGP update message Multiple communities can be associated with a single destination With routing policy, you can
v v v
Crate a community Match communities using regular expressions Set, add, or delete communities
Slide 47
Creating Communities
u
Where
v v
name
community -ids
Example
policy-options { community foobar members 64512:666 community no-internal -BGP member [64512:111 64512:222] }
Well-known Communities
u
v v
no-export --- Dont advertise outside of BGP confederation no-advertise --- Dont advertise to other BGP peers no-export-subconfed --- Dont advertise to external BGP peers, including peers in other members ASs inside a BGP confederation
Slide 49
Community Actions
u Three possible actions
v
add --- Add the community to current set of communities delete --- Delete the community to current set of communities set --- Set the community, replacing any exting ones
u Example
policy-options { policy-statement accept-but-do-not-export { from route -filter 192.11/16 orlonger; then { community add do-not-export; accept; } } community do-not-export members no-export; }
Slide 51
AS Path Matching
AS Path Matching
u
Define routing policy matches based on the AS path Match all or portions of the AS path Use regular expressions to define pattern matching on the AS path
Slide 53
at policy-options level
u Where
v v
Slide 54
expressions consist of
term [operator]
An AS path
set as-path path-name 701 2685
expressions consist of
term [operator]
u Operator
v v
Optional Defines pattern-matching operations applied to the term Can include one or more term-operator pairs
as-path match-path 701? 2685*
Except for the pipe (|) and dash ( - ), which are placed between terms
as-path match-path 701 | 2685
Slide 56
Slide 59
Route Damping
Route Damping
u
Reduce the number of update messages sent between BGP peers Generally applied to EBGP routes
v
Configured by creating a named set of damping parameters that you apply as damping policy action Must enable BGP damping first
Slide 62
New route given a figure of merit of 0 Figure of merit increases with each incident
v v v
Withdrawn route 1000 Readvertised route 1000 Path attribute change 500
Slide 63
Exponential decay
v
Reduces figure of merit over time Default is 60 minutes Stops increasing when ceiling is reached Determined by formula Not explicitly configurable
Slide 64
Damping - Configuration
u Defining
Slide 65
Damping - Example
policy -options { policy -statement damp { from { route-filter 11/8 exact damping high; route-filter 15/8 exact damping medium; } then accept; } damping high { half-life 15; suppress 3000; reuse 2500; max-suppress 50; } damping medium { half-life 3; max-suppress 4; } }
= Slide 66
Test Policy
u
u u
Test Policy
u
user@host> show policy lab-routes Policy lab-routes: from 0.0.0.0/0 reject 10.0.0.0/8 orlonger accept 192.0.2.0/24 orlonger accpt then reject user@host>
= Slide 69
Policy Subroutines
u u u
Call other policies from within a policy Good for evaluating the same route filters in multiple policies Called policies return success or failure
[edit policy options]
policy-statement martian-filter { from policy common-martians; then reject; }
Slide 71
Slide 72
Check point
u
v v
Slide 73