Upload
clifford-murphy
View
230
Download
1
Tags:
Embed Size (px)
Citation preview
1© 2000, Cisco Systems, Inc.
Session #Presentation_ID
Border Gateway Protocol
AgendaAgenda
• BGP Fundamentals
• BGP Attributes
• Controlling the flow of BGP updates
• Practical Design Examples
Autonomous System (AS)Autonomous System (AS)
AS 100AA
• Collection of networks with same policy
• Single routing protocol
• Usually under single administrative control
• Identified by AS number (1 – 65535) Private ASNs from 64512 – 65535
ARINARIN
• A unique routing policy (its policy differs from its border gateway peers)
• A multi-homed site
ASN Registration Guidelines
http://www.arin.net
What is an IGP?What is an IGP?
• Interior Gateway Protocol
• Within an Autonomous System
• Carries information about internal prefixes
• Examples—OSPF, RIP, EIGRP…
What is an EGP?What is an EGP?
• Exterior Gateway Protocol
• Used to convey routing information between Autonomous Systems
• Decoupled from the IGP
• Current EGP is BGP
Interior vs. Exterior Routing Protocols
Interior vs. Exterior Routing Protocols
• Interior
Automatic discovery
Generally trust your IGP routers
Routes go to all IGP routers
• ExteriorSpecifically configured peers
Connecting with outside networks
Set administrative boundaries
Why do we need an EGP?Why do we need an EGP?
• Scaling to large network
Hierarchy
Limit scope of failure
Fast convergence
No manual reconfig (static routes) - high maintenance
• Complex Routing Policies
Control reachability to prefixes by selecting outbound paths and announcing internal routes
NJEDgeNJEDge
Member RemoteNetwork
Alternate ISP
NJEDge IntranetNJEDge Internet
VerizonATM
What is BGP?What is BGP?
• Border Gateway Protocol, currently version 4 – defined in RFC 1771
• Distance-vector routing protocol running over TCP port 179
• Supports classless routing
• Actually two protocols – iBGP and eBGP
Internal BGPInternal BGP
AS 3847When BGP speakers in the same AS form a BGP connection for the purpose of exchanging routinginformation, they are said to be running IBGP or internal BGP.
IBGP speakers are usually fully-meshed.
B
A
c
External BGPExternal BGP
When BGP speakers in different ASs form a BGP connection for the purpose of exchanging routinginformation, they are said to be running EBGP or external BGP.
EBGP peers are usually directly connected.
AS 109
AS 110
131.108.0.0
A
B
150.10.0.0
131.108.10.0.1
.2
AgendaAgenda
• BGP Fundamentals
• BGP Attributes
• Controlling the flow of BGP updates
• Practical Design Examples
BGP AttributesBGP Attributes
• AS-path
• Origin
• Next-hop
• Weight
• Local preference
• Multi Exit Discriminator (MED)
• Community
BGP AttributesBGP Attributes
1880
AS-Path
141.253.10.0/24
A
690B
200
C
1. Router A sends update for 141.253.10.0/24 with AS_PATH: 18801. Router A sends update for 141.253.10.0/24 with AS_PATH: 1880
2. Router B sends update for 141.253.10.0/24 with AS_PATH: 690 1880
2. Router B sends update for 141.253.10.0/24 with AS_PATH: 690 1880
3.Router C sends update for 141.253.10.0/24 with AS_PATH: 200 690 1880
3.Router C sends update for 141.253.10.0/24 with AS_PATH: 200 690 1880
4.Router A will detect its own AS number and will discard the update
4.Router A will detect its own AS number and will discard the update
AS-PathAS-Path
AS3847207.240.0.0/16 AS1673
140.222.0.0/16
AS701192.67.95.0/24 AS3561
204.70.0.0/15
192.67.95.0/24 3847 701 i140.222.0.0 3847 1673 i204.70.0.0/15 3847 3561 i207.240.0.0/16 3847 i
AS6201
E
C
FG
D
B
A
show ip bgp
AS-PathAS-Path
•Sequence of ASNs a route has traversed.
• Provides a mechanism for loop detection
• Shortest AS path preferred
• Policies may be applied based on AS path
OriginOrigin
Order of preference:
• IGP (i)
Route is interior to the originating AS
Set with the Network statement under router BGP
• EGP (e)
Route learned via EGP
• Incomplete (?)
Route redistributed from IGP
RouterB# show ip bgp
table version is 24, local router ID is 203.250.15.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 192.208.10.0 192.208.10.5 0 0 300 i
OriginOrigin
AS 300
AS 200
192.208.10.5
AB
192.208.10.6
Next HopNext Hop
160.10.0.0/16
150.10.0.0/16
150.10.1.1 150.10.1.2
AS 100
AS 300AS 200
150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1
AA BB
• Next hop IP address to reach a network
• For EBGP usually the IP of the neighbor specified by the neighbor remote-as command
Next HopNext Hop
160.10.0.0/16
150.10.0.0/16
150.10.1.2
AS 100
AS 300
AS 200AA BB
CC
150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1
150.10.1.1
• With IBGP Next Hop does not change
• Ensure that router C can reach 150.10.1.1 via an IGP
WeightWeight
• Cisco proprietary
• Local to router, not propagated in any routing updates
• Value 0-65535 (default if originated by router - 32768, other - 0)
• Highest weight preferred
• Rarely used
router bgp 300
neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 weight 2000 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 weight 1000
WeightWeight
Local PreferenceLocal Preference
AS 400
AS 200
160.10.0.0/16
AS 100
AS 300
160.10.0.0/16 150> 160.10.0.0/16 200
150 200 EE
BB
CC
AA
DD
• Path with highest local pref is preferred (default = 100)
• Unlike weight, local pref advertised to routers within the same AS (IBGP)
• Often used attribute
• “Powerful” attribute, comes before AS-Path length in the BGP selection algorithm
Local PreferenceLocal Preference
router bgp 400
neighbor 3.3.3.4 remote-as 300 neighbor 128.213.11.1 remote-as 400 bgp default local-preference 200
Local PreferenceLocal Preference
Multi-Exit Discriminator (MED)Multi-Exit Discriminator (MED)
AS 201
AS 200
192.68.1.0/24
CC
AA BB
192.68.1.0/24 1000192.68.1.0/24 2000
• Lowest MED preferred
• Used to convey the relative preference of entry points into an AS (Local Pref is outbound)
• Influences best path selection – after AS_PATH evaluation
• Comparable if paths are from same AS. Use bgp always-compare-med command to compare all MEDs
• Advertised to external neighbors
• Usually based on IGP metric
Multi-Exit Discriminator (MED)Multi-Exit Discriminator (MED)
router bgp 300
neighbor 3.3.3.2 remote-as 100 neighbor 3.3.3.2 route map SETMEDOUT out neighbor 1.1.1.1 remote-as 300
route-map SETMEDOUT permit 10 set metric 200
Multi-Exit Discriminator (MED)Multi-Exit Discriminator (MED)
• BGP attribute
• Used to group destinations
• Useful in applying routing policies
• Represented as number(s) that get “stamped” on BGP routes
• Each destination could be member of multiple communities
• Community attribute carried across Autonomous Systems
CommunitiesCommunities
router bgp 200
network 160.10.0.0 neighbor 3.3.3.1 remote-as 300 neighbor 3.3.3.1 send-community neighbor 3.3.3.1 route-map SETCOMMUNITY out
route-map SETCOMMUNITY permit 10 match ip address 1 set community no-export route-map SETCOMMUNITY permit 20
access list 1 permit 0.0.0.0 255.255.255.255
CommunitiesCommunities
AS 200
AS 300
3.3.3.2 A
B
3.3.3.1
AS 100
160.10.0.0
C
AgendaAgenda
• BGP Fundamentals
• BGP Attributes
• Controlling the flow of BGP updates
• Practical Design Examples
BGP Path Selection AlgorithmBGP Path Selection Algorithm
1. Do not consider IBGP path if not synchronized
2. Do not consider path if no route to next hop
3. Highest weight (local to router)
4. Highest local preference (global within AS)
5. Shortest AS path
BGP Path Selection AlgorithmBGP Path Selection Algorithm
6. Lowest origin code
IGP < EGP < incomplete
7. Multi-Exit Discriminator
Considered only if paths are from the same AS
8. Prefer EBGP path over IBGP path
9. Path with shortest next hop metric wins
10. Lowest router-id
router bgp 256 neighbor 3.3.3.4 remote-as 300 route-map SETLOCALIN in neighbor 128.213.11.1 remote-as 256
ip as-path 7 permit ^300$
route-map SETLOCALIN permit 10 match as-path 7
set local-preference 200
route-map SETLOCALIN permit 20
Route MapsRoute Maps
• Route-maps are Cisco’s mechanism to select and modify routes with if/then style algorithms.
• For route-maps with the keyword “permit”, if the prefix being examined passes the match statement, the set commands are executed and the route-map is exited.
• If the match statement is not passed, the next sequence number is executed.
• If there are no more sequence numbers, the prefix is filtered/dropped.
Route MapsRoute Mapsroute-map SETLOCALIN permit 10 match as-path 7 set local-preference 200
route-map SETLOCALIN permit 20
ip as-path 7 permit ^300$
. Period matches any single character, including white space.
* Asterisk matches 0 or more sequences of the pattern.
+ Plus sign matches 1 or more sequences of the pattern.
? Question mark matches 0 or 1 occurrences of the pattern
^ Caret matches the beginning of the input string.
$ Dollar sign matches the end of the input string.
_ Underscore matches a comma (,), left brace ({), right brace (}) left parenthesis, right parenthesis, the beginning or end of the input string, or a space.
][ Square brackets designate a range of single character patterns.
- Hyphen separates the endpoints of a range.
These are much like standard vi regular expressions.
Cisco Regular ExpressionsCisco Regular Expressions
Cisco Regular ExpressionsCisco Regular Expressions
3847
6201
D
A
C
BE
701
F
6202
G
The following configuration could be used on router B to accept routes from AS6201 & 6202 and deny all others.
ip as-path access-list 10 permit ^6201$ip as-path access-list 10 permit ^6201_6202$ip as-path access-list 10 deny .*
Router A
router bgp 100
network 170.10.0.0 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 route-map SETPATH out
route-map SETPATH permit 10 set as-path prepend 100 100
AS-Path PaddingAS-Path Padding
AS 400
AS 200
AS 100
AS 300
A
• A way to group in a configuration template a set of neighbors having the same outbound policy.
• Peer-groups allow:
easier configuration (and maintenance) of BGP neighbors
better cpu/memory usage when generating updates
• By grouping neighbors with common policy together, routers can save CPU by creating once a route object and then advertising that object to multiple peers.
• Also, saves typing :)
Peer GroupsPeer Groups
router bgp 300
neighbor EXTERNALMAP peer-group neighbor EXTERNALMAP route-map SETMED neighbor EXTERNALMAP filter-list 1 out neighbor EXTERNALMAP filter-list 2 in neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 peer-group EXTERNALMAP neighbor 4.4.4.2 remote-as 600 neighbor 4.4.4.2 peer-group EXTERNALMAP neighbor 1.1.1.2 remote-as 200 neighbor 1.1.1.2 peer-group EXTERNALMAP neighbor 1.1.1.2 filter-list 3 in
Peer GroupsPeer Groups
• Three ways to configure route aggregation
Redistribute static
Network mask command
Aggregate-address command
AggregationAggregation
router bgp 200
neighbor 3.3.3.1 remote-as 300 redistribute static
ip route 160.0.0.0 255.0.0.0 null 0
AggregationAggregation
Redistribute Static
router bgp 200
network 160.0.0.0 mask 255.0.0.0 neighbor 3.3.3.1 remote-as 300
ip route 160.0.0.0 255.0.0.0 null 0
AggregationAggregation
Network Mask
router bgp 200
network 160.0.0.0 neighbor 3.3.3.1 remote-as 300
aggregate-address 160.0.0.0 255.0.0.0
AggregationAggregation
Aggregate-address
router bgp 300
neighbor 3.3.3.3 remote-as 200 neighbor 2.2.2.2 remote-as 100 network 160.10.0.0 aggregate-address 160.0.0.0 255.0.0.0 suppress-map CHECK
route-map CHECK permit 10 match ip address 1
access-list 1 deny 160.20.0.0 0.0.255.255 access-list 1 permit 0.0.0.0 255.255.255.255
AggregationAggregation
Suppress-map
AgendaAgenda
• BGP Fundamentals
• BGP Attributes
• Controlling the flow of BGP updates
• Practical Design Examples
Multi-homing with two ISPsMulti-homing with two ISPs
141.253.10.0/24
A
AS 100
ISP A
AS 200
CNJEDge Internet
B
10.10.10.10
20.20.20.20
AS 300
1.0.0.0 / 82.0.0.0 / 8
Risk of your AS becoming a transit ASRisk of your AS becoming a transit AS
router bgp 300
network 1.0.0.0 network 2.0.0.0 neighbor 10.10.10.10 remote-as 100 neighbor 10.10.10.10 route-map localonly out neighbor 20.20.20.20 remote-as 200 neighbor 20.20.20.20 route-map localonly out
ip as-path access-list 10 permit ^$
route-map localonly permit 10 match as-path 10
Configuration to Receive Full Internet Routing Table
Configuration to Receive Full Internet Routing Table
Load Sharing when Multi-homed to Two ISPsLoad Sharing when Multi-homed to Two ISPs
AS 100
AS 300ISP A Network
Internet
AS 400
10.10.10.0/24 10.10.20.0/24
EE
BB
CC
AA
DD
IBGP
NJEDge Internet
Member Network
router eigrp 10 network 175.220.0.0
router bgp 200 neighbor 1.1.1.1 remote-as 300 neighbor 2.2.2.2 remote-as 200 neighbor 1.1.1.1 distribute-list 1 out redistribute eigrp 10
access-list 1 permit 175.220.0.0 0.0.255.255
Redistributing IGP into BGPRedistributing IGP into BGP
Requires careful use of access lists to prevent routes from being injected back into BGP
router bgp 200 network 175.220.0.0 neighbor 1.1.1.1 remote-as 300 neighbor 2.2.2.2 remote-as 200
Redistributing IGP into BGP(Preferred)
Redistributing IGP into BGP(Preferred)
• Works for networks learned through IGP or static routes
• Use with aggregate-address command if necessary
Redistributing BGP into IGPRedistributing BGP into IGP
• Normally avoided because too many routes would be injected into the IGP
• Common design is to redistribute one or two routes and make them exterior routes
• Or, have your BGP router generate default for your autonomous system
• When redistributing from BGP into IGP, only routes learned using EBGP get redistributed
Cisco RoutersCisco Routers
• Can’t run full BGP -
2500
4000/4000M/4500/4500M
• Can run full BGP (64 MB)-
2600
3620/3640/3660
4700M
7206
7000
7500
Best PracticesBest Practices
• Peer IBGP routers using loopback address
neighbor 1.1.1.1 update-source loopback0
• BGP soft-reconfig
Allows config changes w/o clearing neighbor Inbound: neighbor 1.1.1.1 soft-reconfiguration inbound Outbound: no configuration necessary clear ip bgp 1.1.1.1 soft (in/out)
Route Refresh Capability IOS 12.0(1.0.4)S and later
• bgp dampening command
Suppress flapping routes (high CPU utilization) For EBGP only Alternate paths still usable Use judiciously!
• bgp log-neighbor-changes
Used to log neighbor up/down events and resets