Professional Documents
Culture Documents
Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements
Fundamentals of BGP
Autonomous System Networks and Routers under a single administrative authority Each AS is assigned a number AS numbers range form 1 to 65,535
Internal BGP
When BGP neighbors belong to the same AS
AS 200
External BGP
When BGP neighbors belong to different AS Neighbors should be directly connected Configuration
Router B router bgp 110 network 150.10.0.0 neighbor 131.108.10.1 remote-as 109 Router A router bgp 109 network 131.108.0.0 neighbor 131.108.10.2 remote-as 110
5
AS 109
131.108.0.0
.1
A 131.108.10.0 B .2
150.10.0.0
AS 110
EBGP
AS 2 IBGP
EBGP
Advertising Networks
Using the Network command Redistributing static routes Redistributing Dynamic routes
Advertising Networks
Using Network Command
Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 network 11.0.0.0 network 12.0.0.0
AS1 11.0.0.0 12.0.0.0
A
EBGP
Router B
router bgp 2 neighbor 1.1.1.1 remote-as 1 network 92.0.0.0 network 93.0.0.0
92.0.0.0 93.0.0.0
AS2
Advertising Networks
By redistributing Static Routes
AS1
Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 redistribute static ip route 11.0.0.0 255.0.0.0 null 0 ip route 12.0.0.0 255.0.0.0 null 0
11.0.0.0 12.0.0.0
EBGP
92.0.0.0 93.0.0.0
AS2
Advertising Networks
By Redistributing Dynamic Routes
AS1 11.0.0.0 12.0.0.0
A
Router A
router bgp 1 neighbor 1.1.1.2 remote-as 2 redistribute ospf 1 router ospf 1 network 11.0.0.0 0.255.255.255 area 0
92.0.0.0 93.0.0.0
EBGP
AS2
10
Synchronization
Rule:
Do not use/advertise a prefix until a matching route has been learnt from an IGP
Ensures consistency of information through out the AS Avoids black holes within the AS Safe to turn off when there is a full I-BGP mesh
11
Synchronization
C A
AS 10
AS 1
Router A sends traffic to C to reach 128.10.0.0 C drops the packets since it has no route to 128.10.0.0
If synchronization is on then
Routers A, B and D would not use the route until they receive the matching route via an IGP
12
AS 2 128.10.0.0
BGP Attributes
AS-path Next-hop Local preference MED Origin Communities
13
BGP Attributes
AS-Path
Path traversed one or more members of a set
{1880, 1881, 1882} (as-set)
1880 193.0.34/24
1882 193.0.35/24
193.0.33/24 1880 1881 193.0.34/24 1880 193.0.35/24 1880 1882 193.0.32/22 {1880,1881,1882}
14
BGP Attributes
Next Hop
AS 109
131.108.0.0
Next hop to reach a network Router A will advertise 131.108.10.2 next hop for net 150.10.0.0
.1
A 131.108.10.0
B .2 150.10.0.0
AS 110
15
BGP Attributes
Local Preference
690 1755 1880
Preference sent to all routers in local AS Paths with highest preference value are most desirable
16
BGP Attributes
Local Preference
Configuration of router A
router bgp 109 neighbor 131.108.1.1 remote-as 1880 neighbor 131.108.1.1 route-map foo in route-map foo 10 match as-path 2 set local-preference 120 route-map foo 20 match as-path 3 ip as-path access-list 2 permit _690$ ip as-path access-list 3 permit .*
17
BGP Attributes
Local Preference
690 1755 1880
18
BGP Attributes
Multi-Exit Discriminator (MED) Affects all routes form same AS path Advertised to external neighbors Lower MED value is preferred
19
BGP Attributes
Multi-Exit Discriminator (MED)
690 1883
1755 200
1880 209
BGP Attributes
Multi-Exit Discriminator (MED)
Configuration for router B
router bgp 1755 neighbor 131.108.1.1 remote-as 1880 neighbor 131.108.1.1 route-map foo out route-map foo 10 match as-path 2 set metric 2 route-map foo 20 match as-path 3 ip as-path access-list 2 permit _690$ ip as-path access-list 3 permit .*
21
BGP Attributes
Multi-Exit Discriminator (MED)
690 1883
1755 200
1880 209
22
BGP Attributes
Origin IGP
Network statement under router BGP
EGP
Redistributed from EGP
Incomplete
Redistribute IGP under router BGP Example: redistribute static
23
Communities
BGP attribute Used to group destinations Represented as an integer Each destination could be member of multiple communities Community attribute carried across ASs Useful in applying policies
24
Communities
160.10.0.0/16 190.10.0.0/16 1000 1000 170.10.0.0/16 180.10.0.0/16 1001 2000
AS 400
AS 500
AS 300
170.10.0.0/16 160.10.0.0/16 1001 1000
180.10.0.0/16 190.10.0.0/16
2000 1000
AS 100
AS 200
25
Prefer external path over internal path Prefer the path through the closest neighbor Prefer the path with the lowest BGP router id
27
Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements
28
Policy Control
29
Policy Control
Distribute List Per neighbor access list Inbound or outbound Based upon prefix
30
Policy Control
Distribute List Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 distribute-list 5 out access-list 5 deny 170.10.0.0 access-list 5 permit any
31
Policy Control
Filter List Filter routes based on AS path Inbound or outbound Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 filter list 5 out ip as-path access-list 5 permit ^200$
32
Policy Control
Communities Local AS: Do not advertise outside local AS No-export: Do not advertise to external peers No-advertise: Do not advertise to any peer
33
More specific routes advertised with no-export community No-export routes are automatically filtered
34
No-Export Community
170.10.0.0/16 170.10.X.X No-Export
170.10.X.X
A B E
170.10.0.0/16
AS 100
AS 200
35
Policy Control
Communities
Configuration
router bgp 109 network 131.108.0.0 neighbor 160.89.1.1 remote-as 200 neighbor 160.89.1.1 send-community neighbor 160.89.1.1 route-map set community out route-map set community 10 permit match ip address 1 set community no-export route-map set community 20 permit match ip address 2 access-list 1 permit 170.10.0.0 0.0.255.255 access-list 2 permit any
36
Policy Control
Communities
Configuration
router bgp 109 neighbor 160.89.1.2 remote-as 200 neighbor 160.89.1.2 route-map filter-on-community in route-map filter-on-community 10 permit match community 1 set metric 500 route-map filter-on-community 20 permit match community 2 exact-match set local-preference 200 route-map filter-on-community 30 permit match community 3 ip community-list 1 permit 100 200 ip community-list 2 permit 88
37
38
Policy Control
Peer Groups
Configuration
Internal peer group router bgp 109 neighbor internal peer-group neighbor internal remote-as 109 neighbor internal route-map send-med out neighbor internal filter-list 1 out neighbor 131.108.10.1 peer-group internal neighbor 131.108.20.1 peer-group internal neighbor 131.108.30.1 peer-group internal neighbor 131.108.30.1 filter-list 3 in
39
Policy Control
Peer Groups
Configuration
External peer group router bgp 109 neighbor external-peer peer-group neighbor external-peer route-map set-metric out neighbor 160.89.1.2 remote-as 200 neighbor 160.89.1.2 peer-group external-peer neighbor 160.89.1.4 remote-as 300 neighbor 160.89.1.4 peer-group external-peer
40
Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements
41
IBGP Mesh
Avoids routing information loop Does not scale Following solutions do not change the current behavior
Route reflectors Confederation
42
Normal IBGP
AS 100
43
AS 100
44
45
Route Reflector
Route reflector Client Non-client Cluster Cluster ID Normal BGP peer
B A
AS 100
C
46
Route Reflector
Divide the backbone into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed Clients in a cluster could be fully meshed Single IGP to carry next hop and local routes
48
Route ReflectorExample
Configuration for RR
router bgp 2 neighbor 141.153.12.1 remote-as 2 neighbor 141.153.12.1 route-reflector-client neighbor 141.153.17.2 remote-as 2 neighbor 141.153.17.2 route-reflector-client B AS 2 C A (RR)
AS3
AS1
49
Confederations
Collection of ASsub-AS Visible to outside world as single AS Uses reserved AS numbers for internal sub-AS Sub-AS are fully meshed EBGP between sub-AS
50
Confederation
Sub-AS 65002 A
Sub-AS 65003
Sub-AS 65001
Confederation 100
51
Confederation: Principle
Best path sent to neighbor sub-AS Packet forwarding depends on next hop IGP carries next hops and local networks Preserve next hop across sub-AS EBGP
52
Confederation 100
53
Confederation: Principle
Local preference and MED influence path selection Preserve local preference and MED across sub-AS boundary Sub-AS EBGP path administrative distance
54
Confederation: AS-Sequence
180.10.0.0/16 A 200
Sub-AS 65002
B 180.10.0.0/16 {65004 65002} 200 C 180.10.0.0/16 {65002} 200
Sub-AS 65004
H
Sub-AS 65003
Sub-AS 65001
180.10.0.0/16
100 200
Confederation 100
55
Confederation: Benefits
Solves IBGP mesh problem Packet forwarding not affected Can be used with route reflectors Policies could be applied to route traffic between sub-ASs
56
57
58
Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements
59
Configuring Aggregation
Three ways to configure route aggregation
Redistribute static Network mask command Aggregate-address command
60
Configuring Aggregation
Redistribute Static Configuration
router bgp 109 network 131.108.0.0 redistribute static ip route 198.10.0.0 255.255.0.0 null 0
61
Configuring Aggregation
Network and mask command
router bgp 109 network 198.10.0.0 mask 255.255.0.0 Matching IGP route must exist. ip route 198.10.0.0 255.255.0.0 null 0
62
Configuring Aggregation
Aggregate-address command
router bgp 109 network 131.108.0.0 aggregate-address 198.10.0.0 255.255.0.0 {as-set} {summary-only} More specific route must exist in bgp table.
63
Configuring Aggregation
64
Aggregation Policies
Suppress map
router bgp 1 network 199.10.10.0 network 199.10.11.0 network 199.10.12.0 network 199.10.33.0 network 199.10.34.0 aggregate-address 199.10.0.0 255.255.0.0 suppress-map foo1 neighbor 141.153.29.1 remote-as 2 access-list 3 deny 199.10.8.0 0.0.7.255 access-list 3 permit any route-map foo1 permit 10 match ip address 3
65
Aggregation Policies
Suppress map
Sh ip bgp at the remote router. AGS-4#sh ip bgp BGP table version is 11, local router ID is 199.10.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 141.153.0.0 *> 199.10.0.0/16 *> 199.10.10.0 *> 199.10.11.0 *> 199.10.12.0 Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0 0 0 Metric LocPrf Weight Path 0 32768 32768 32768 32768 0 i i i i
66
141.153.29.1
2i
Aggregation Policies
Unsuppress map
router bgp 1 network 199.10.10.0 network 199.10.11.0 network 199.10.33.0 network 199.10.34.0 aggregate-address 199.10.0.0 255.255.0.0 summary-only neighbor 141.153.29.1 remote-as 2 neighbor 141.153.29.1 unsuppress-map foo1 access-list 3 deny 199.10.8.0 0.0.7.255 access-list 3 permit any route-map foo1 permit 10 match ip address 3
67
Aggregation Policies
Unsuppress map
sh ip bgp at remote AGS-5#sh ip bgp BGP table version is 90, local router ID is 142.153.12.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 141.153.0.0 0.0.0.0 0 32768 i *>i144.10.0.0 141.153.30.1 0 100 0 i *> 199.10.0.0/16 141.153.29.2 0 1i *> 199.10.33.0 141.153.29.2 0 0 1i *> 199.10.34.0 141.153.29.2 0 0 1i
68
Agenda
Fundamentals of BGP Policy Control Tools IBGP mesh Route Aggregation/CIDR Protocol Enhancements
69
BGP Soft-Reconfig
Allows policies to be changed without clearing the neighbor Both inbound and outbound Inbound requires additional memory Outbound more efficient
70
BGP Soft-Reconfig
Out bound does not require any config Inbound configuration:
router bgp 65530 no synchronization bgp confederation identifier 2 bgp confederation peers 65531 65532 neighbor 141.153.12.2 remote-as 65532 neighbor 141.153.12.2 soft-reconfiguration neighbor 141.153.12.2 route-map foo neighbor 141.153.30.2 remote-as 65531
71
Multi-Path Support
Router peering with multiple routers in neighboring AS Install multiple routes in IP routing table Routes should be identical Next-hop is set to self
690
1880
72
Multi-Path Support
Configuration for Multi-path
router bgp 690 neighbor 141.153.17.2 remote-as 1880 neighbor 141.153.12.1 remote-as 1880 network 160.10.0.0 neighbor 141.153.12.1 send-community maximum-paths 2
Sh ip route
B 144.10.0.0/16 [20/0] via 141.153.12.1, 00:03:29 [20/0] via 141.153.17.2, 00:03:29
73
Ripples through the entire Internet Wastes CPU Reduce scope of route flap propagation
74
75
Penalty 2
1
Reuse-Limit
0
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Time
76
78
79
Prefix Lists
Filtering on prefix length
Both exact match and range match
Configuration of either permit or deny First match wins incremental updates allowed
80
Prefix ListsExample
router bgp 101 neighbor 131.108.10.1 prefix-list aaa in|out
Exact match
ip prefix-list aaa deny 0.0.0.0/0 ip prefix-list aaa permit 35.0.0.0/8
Length match
ip prefix-list aaa permit 192.0.0.0/8 le 16
81