BGP

Configuring and Troubleshooting

Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements

Fundamentals of BGP
Autonomous System Networks and Routers under a single administrative authority Each AS is assigned a number AS numbers range form 1 to 65,535

Internal BGP
When BGP neighbors belong to the same AS

AS 200

External BGP
When BGP neighbors belong to different AS Neighbors should be directly connected Configuration
Router B router bgp 110 network 150.10.0.0 neighbor 131.108.10.1 remote-as 109 Router A router bgp 109 network 131.108.0.0 neighbor 131.108.10.2 remote-as 110
5

AS 109

131.108.0.0

.1

A 131.108.10.0 B .2

150.10.0.0

AS 110

IBGP, EBGP Example

AS 1 AS 3

EBGP

AS 2 IBGP

EBGP

Advertising Networks

Using the Network command Redistributing static routes Redistributing Dynamic routes

Advertising Networks
Using Network Command
Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 network 11.0.0.0 network 12.0.0.0
AS1 11.0.0.0 12.0.0.0
A

EBGP

Router B
router bgp 2 neighbor 1.1.1.1 remote-as 1 network 92.0.0.0 network 93.0.0.0

92.0.0.0 93.0.0.0

AS2

Advertising Networks
By redistributing Static Routes
AS1

Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 redistribute static ip route 11.0.0.0 255.0.0.0 null 0 ip route 12.0.0.0 255.0.0.0 null 0

11.0.0.0 12.0.0.0

EBGP

92.0.0.0 93.0.0.0

AS2

Advertising Networks
By Redistributing Dynamic Routes
AS1 11.0.0.0 12.0.0.0
A

Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 redistribute ospf 1 router ospf 1 network 11.0.0.0 0.255.255.255 area 0
92.0.0.0 93.0.0.0

EBGP

AS2

10

Synchronization
Rule:
Do not use/advertise a prefix until a matching route has been learnt from an IGP
Ensures consistency of information through out the AS Avoids black holes within the AS Safe to turn off when there is a full I-BGP mesh

11

Synchronization
C A

AS 10

Routers A, B, D run I-BGP Router C does not If synchronization is off then

AS 1

Router A sends traffic to C to reach 128.10.0.0 C drops the packets since it has no route to 128.10.0.0
If synchronization is on then
Routers A, B and D would not use the route until they receive the matching route via an IGP
12

AS 2 128.10.0.0

BGP Attributes
AS-path Next-hop Local preference MED Origin Communities

13

BGP Attributes
AS-Path
Path traversed one or more members of a set
{1880, 1881, 1882} (as-set)

1883 193.0.32/24 1881 193.0.33/24

A list of ASs that a route has traversed

1880 1883 (sequence)

1880 193.0.34/24

1882 193.0.35/24

193.0.33/24 1880 1881 193.0.34/24 1880 193.0.35/24 1880 1882 193.0.32/22 {1880,1881,1882}
14

BGP Attributes
Next Hop
AS 109
131.108.0.0

Next hop to reach a network Router A will advertise 131.108.10.2 next hop for net 150.10.0.0

.1

A 131.108.10.0

B .2 150.10.0.0

AS 110

15

BGP Attributes
Local Preference
690 1755 1880

A Needs to go to 690 666

Preference sent to all routers in local AS Paths with highest preference value are most desirable

16

BGP Attributes
Local Preference
Configuration of router A
router bgp 109 neighbor 131.108.1.1 remote-as 1880 neighbor 131.108.1.1 route-map foo in route-map foo 10 match as-path 2 set local-preference 120 route-map foo 20 match as-path 3 ip as-path access-list 2 permit _690$ ip as-path access-list 3 permit .*
17

BGP Attributes
Local Preference
690 1755 1880

A Needs to go to 690 666

18

BGP Attributes
Multi-Exit Discriminator (MED) Affects all routes form same AS path Advertised to external neighbors Lower MED value is preferred

19

BGP Attributes
Multi-Exit Discriminator (MED)
690 1883

1755 200

1880 209

Applies on a AS path basis

20

BGP Attributes
Multi-Exit Discriminator (MED)
Configuration for router B
router bgp 1755 neighbor 131.108.1.1 remote-as 1880 neighbor 131.108.1.1 route-map foo out route-map foo 10 match as-path 2 set metric 2 route-map foo 20 match as-path 3 ip as-path access-list 2 permit _690$ ip as-path access-list 3 permit .*
21

BGP Attributes
Multi-Exit Discriminator (MED)
690 1883

1755 200

1880 209

22

BGP Attributes
Origin IGP
Network statement under router BGP

EGP
Redistributed from EGP

Incomplete
Redistribute IGP under router BGP Example: redistribute static
23

Communities
BGP attribute Used to group destinations Represented as an integer Each destination could be member of multiple communities Community attribute carried across ASs Useful in applying policies
24

Communities
160.10.0.0/16 190.10.0.0/16 1000 1000 170.10.0.0/16 180.10.0.0/16 1001 2000

AS 400

AS 500

AS 300
170.10.0.0/16 160.10.0.0/16 1001 1000

180.10.0.0/16 190.10.0.0/16

2000 1000

AS 100

AS 200

25

BGP Path Selection Process

Do not consider IBGP path if not synchronized Do not consider path if no route to next hop Highest weight (local to router) Highest local preference (global within AS) Shortest AS path
26

BGP Path Selection Process (Cont.)

Lowest origin code. (IGP < EGP < incomplete) Multi-exit discriminator
Only consider if as-path length is equal

Prefer external path over internal path Prefer the path through the closest neighbor Prefer the path with the lowest BGP router id

27

Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements

28

Policy Control

Distribute list Filter list Communities

29

Policy Control
Distribute List Per neighbor access list Inbound or outbound Based upon prefix

30

Policy Control
Distribute List Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 distribute-list 5 out access-list 5 deny 170.10.0.0 access-list 5 permit any
31

Policy Control
Filter List Filter routes based on AS path Inbound or outbound Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 filter list 5 out ip as-path access-list 5 permit ^200$
32

Policy Control
Communities Local AS: Do not advertise outside local AS No-export: Do not advertise to external peers No-advertise: Do not advertise to any peer

33

Policy ControlCommunities (Cont.)

Special communities
No-export No-advertise

More specific routes advertised with no-export community No-export routes are automatically filtered
34

No-Export Community
170.10.0.0/16 170.10.X.X No-Export

170.10.X.X

A B E

170.10.0.0/16

AS 100

AS 200

35

Policy Control
Communities
Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 remote-as 200 neighbor 160.89.1.1 send-community neighbor 160.89.1.1 route-map set community out route-map set community 10 permit match ip address 1 set community no-export route-map set community 20 permit match ip address 2 access-list 1 permit 170.10.0.0 0.0.255.255 access-list 2 permit any
36

Policy Control
Communities
Configuration
router bgp 109 neighbor 160.89.1.2 remote-as 200 neighbor 160.89.1.2 route-map filter-on-community in route-map filter-on-community 10 permit match community 1 set metric 500 route-map filter-on-community 20 permit match community 2 exact-match set local-preference 200 route-map filter-on-community 30 permit match community 3 ip community-list 1 permit 100 200 ip community-list 2 permit 88
37

Policy ControlPeer Groups

IBGP neighbors receive same update Group peers with same outbound policy Updates are generated once per group Makes configuration easier Members could have different inbound policy EBGP neighbors

38

Policy Control
Peer Groups
Configuration
Internal peer group router bgp 109 neighbor internal peer-group neighbor internal remote-as 109 neighbor internal route-map send-med out neighbor internal filter-list 1 out neighbor 131.108.10.1 peer-group internal neighbor 131.108.20.1 peer-group internal neighbor 131.108.30.1 peer-group internal neighbor 131.108.30.1 filter-list 3 in
39

Policy Control
Peer Groups
Configuration
External peer group router bgp 109 neighbor external-peer peer-group neighbor external-peer route-map set-metric out neighbor 160.89.1.2 remote-as 200 neighbor 160.89.1.2 peer-group external-peer neighbor 160.89.1.4 remote-as 300 neighbor 160.89.1.4 peer-group external-peer

40

Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements

41

IBGP Mesh
Avoids routing information loop Does not scale Following solutions do not change the current behavior
Route reflectors Confederation

42

Normal IBGP

AS 100

43

Route Reflector: Principle

Route Reflector

AS 100

44

Route Reflector: Benefits

Solves IBGP mesh problem Packet forwarding is not affected Normal BGP speakers co-exist Multiple reflectors for redundancy Easy migration Multiple levels of route reflectors

45

Route Reflector
Route reflector Client Non-client Cluster Cluster ID Normal BGP peer
B A

AS 100
C

46

Route Reflector: Operation

Reflector receives path from clients and non-clients Selects best path Best path is from clientreflect to non-clients Best path is from non-clientreflect to clients Non-meshed clients
47

Route Reflector
Divide the backbone into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed Clients in a cluster could be fully meshed Single IGP to carry next hop and local routes
48

Route ReflectorExample
Configuration for RR
router bgp 2 neighbor 141.153.12.1 remote-as 2 neighbor 141.153.12.1 route-reflector-client neighbor 141.153.17.2 remote-as 2 neighbor 141.153.17.2 route-reflector-client B AS 2 C A (RR)

AS3

AS1
49

Confederations
Collection of ASsub-AS Visible to outside world as single AS Uses reserved AS numbers for internal sub-AS Sub-AS are fully meshed EBGP between sub-AS

50

Confederation

Sub-AS 65002 A

Sub-AS 65003

Sub-AS 65001

Confederation 100

51

Confederation: Principle
Best path sent to neighbor sub-AS Packet forwarding depends on next hop IGP carries next hops and local networks Preserve next hop across sub-AS EBGP
52

Confederation: Next Hop

180.10.0.0/16 180.10.11.1

Sub-AS 65002 A Sub-AS 65003 B C Sub-AS 65001 D AS 200

Confederation 100

53

Confederation: Principle
Local preference and MED influence path selection Preserve local preference and MED across sub-AS boundary Sub-AS EBGP path administrative distance

54

Confederation: AS-Sequence
180.10.0.0/16 A 200

Sub-AS 65002
B 180.10.0.0/16 {65004 65002} 200 C 180.10.0.0/16 {65002} 200

Sub-AS 65004
H

Sub-AS 65003

Sub-AS 65001

180.10.0.0/16

100 200

Confederation 100

55

Confederation: Benefits
Solves IBGP mesh problem Packet forwarding not affected Can be used with route reflectors Policies could be applied to route traffic between sub-ASs

56

BGP Internal Mesh Solution

Confederation
Configuration
router bgp 65532 confederation identifier 2 bgp confederation peers 65530 65531 neighbor 141.153.12.1 remote-as 65530 neighbor 141.153.17.2 remote-as 65531
B Sub-AS 65532 Sub-AS 65531 Sub-AS 65530

57

BGP Internal Mesh Solution

Confederation
Sh ip bgp at router B
BGP table version is 78, local router ID is 141.153.17.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.0.0.0 *> 144.10.0.0 Next Hop 141.153.14.3 141.153.12.1 Metric LocPrf Weight Path 0 0 0 0 100 100 100 100 0 (65531) 1 i 0 (65530) i 0 (65530) i 0 (65530) 1 i

*> 141.153.0.0 141.153.30.2 *> 199.10.10.0 141.153.29.2

58

Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements

59

Configuring Aggregation
Three ways to configure route aggregation
Redistribute static Network mask command Aggregate-address command

60

Configuring Aggregation
Redistribute Static Configuration
router bgp 109 network 131.108.0.0 redistribute static ip route 198.10.0.0 255.255.0.0 null 0

61

Configuring Aggregation
Network and mask command
router bgp 109 network 198.10.0.0 mask 255.255.0.0 Matching IGP route must exist. ip route 198.10.0.0 255.255.0.0 null 0

62

Configuring Aggregation
Aggregate-address command
router bgp 109 network 131.108.0.0 aggregate-address 198.10.0.0 255.255.0.0 {as-set} {summary-only} More specific route must exist in bgp table.

63

Configuring Aggregation

Suppress map Unsuppress map

64

Aggregation Policies
Suppress map
router bgp 1 network 199.10.10.0 network 199.10.11.0 network 199.10.12.0 network 199.10.33.0 network 199.10.34.0 aggregate-address 199.10.0.0 255.255.0.0 suppress-map foo1 neighbor 141.153.29.1 remote-as 2 access-list 3 deny 199.10.8.0 0.0.7.255 access-list 3 permit any route-map foo1 permit 10 match ip address 3

65

Aggregation Policies
Suppress map
Sh ip bgp at the remote router. AGS-4#sh ip bgp BGP table version is 11, local router ID is 199.10.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 141.153.0.0 *> 199.10.0.0/16 *> 199.10.10.0 *> 199.10.11.0 *> 199.10.12.0 Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0 0 0 Metric LocPrf Weight Path 0 32768 32768 32768 32768 0 i i i i
66

141.153.29.1

2i

Aggregation Policies
Unsuppress map
router bgp 1 network 199.10.10.0 network 199.10.11.0 network 199.10.33.0 network 199.10.34.0 aggregate-address 199.10.0.0 255.255.0.0 summary-only neighbor 141.153.29.1 remote-as 2 neighbor 141.153.29.1 unsuppress-map foo1 access-list 3 deny 199.10.8.0 0.0.7.255 access-list 3 permit any route-map foo1 permit 10 match ip address 3
67

Aggregation Policies
Unsuppress map
sh ip bgp at remote AGS-5#sh ip bgp BGP table version is 90, local router ID is 142.153.12.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 141.153.0.0 0.0.0.0 0 32768 i *>i144.10.0.0 141.153.30.1 0 100 0 i *> 199.10.0.0/16 141.153.29.2 0 1i *> 199.10.33.0 141.153.29.2 0 0 1i *> 199.10.34.0 141.153.29.2 0 0 1i

68

Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements

69

BGP Soft-Reconfig
Allows policies to be changed without clearing the neighbor Both inbound and outbound Inbound requires additional memory Outbound more efficient

70

BGP Soft-Reconfig
Out bound does not require any config Inbound configuration:
router bgp 65530 no synchronization bgp confederation identifier 2 bgp confederation peers 65531 65532 neighbor 141.153.12.2 remote-as 65532 neighbor 141.153.12.2 soft-reconfiguration neighbor 141.153.12.2 route-map foo neighbor 141.153.30.2 remote-as 65531
71

Multi-Path Support
Router peering with multiple routers in neighboring AS Install multiple routes in IP routing table Routes should be identical Next-hop is set to self

690

1880

72

Multi-Path Support
Configuration for Multi-path
router bgp 690 neighbor 141.153.17.2 remote-as 1880 neighbor 141.153.12.1 remote-as 1880 network 160.10.0.0 neighbor 141.153.12.1 send-community maximum-paths 2

Sh ip route
B 144.10.0.0/16 [20/0] via 141.153.12.1, 00:03:29 [20/0] via 141.153.17.2, 00:03:29

73

Route Flap Dampening

Route flap
Going up and down of path Change in attribute

Ripples through the entire Internet Wastes CPU Reduce scope of route flap propagation
74

Flap Dampening: Terminology

Penalty Decay Half-life time Suppress-limit Reuse-limit Suppress

75

Route Flap Dampening

4 Suppress-Limit 3

Penalty 2
1

Reuse-Limit

0
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Time

76

Flap Dampening: Operation

Add penalty for each flap Exponentially decay penalty Penalty above suppress-limit do not advertise up route Penalty decayed below reuse-limitadvertise route History path
77

Flap Dampening: Operation (Cont.)

Done only for external path Alternate paths still usable Suppress-limit, reuse-limit and half-life time give control Less overhead

78

Flap Dampening: Enhancements

Selective dampening based on
AS-path Community Prefix

Variable dampening Flap statistics

79

Prefix Lists
Filtering on prefix length
Both exact match and range match

Configuration of either permit or deny First match wins incremental updates allowed

80

Prefix ListsExample
router bgp 101 neighbor 131.108.10.1 prefix-list aaa in|out

Exact match
ip prefix-list aaa deny 0.0.0.0/0 ip prefix-list aaa permit 35.0.0.0/8

Length match
ip prefix-list aaa permit 192.0.0.0/8 le 16

81

BGP Policy Propagation

Allows IP precedence setting based on destination IP address Uses AS path or community attribute to convey precedence value for different prefixes via BGP updates Allows ingress routers to prioritize incoming traffic Supports inter-ISP service level agreements (SLAs)
82

BGP Policy Propagation

Based on AS Path Attribute
int fddi 1/0 ip add 12.1.1.1 255.255.255.0 bgp-policy ip-precedence-map router bgp 101 neighbor 12.1.1.2 remote-as 201 table-map prec-map route-map prec-map permit 10 match as-path 1 set ip precedence 7 route-map prec-map permit 20 match as-path 2 ip as-path access-list 1 permit ^201& ip as-path access-list 2 permit .*
83

BGP Policy Propagation

Based on Community Attribute
int fddi 1/0 ip add 12.1.1.1 255.255.255.0 bgp-policy ip-precedence-map router bgp 101 table-map prec-map neighbor 12.1.1.2 remote-as 201 route-map prec-map 10 permit match community 10 set ip precedence network route-map prec-map 20 permit set ip precedence routine ip community-list 10 permit 201:10 exact match
84