Copy of Lfernandes Bgp 111401

8/8/2019 Copy of Lfernandes Bgp 111401

1/58

1 2000, Cisco Systems, Inc.Session #Presentation_ID

Border Gateway Protocol


2/58

Ag endaAg enda

BGP Fundamentals

BGP Attributes

Controllin g the flow of BGPupdates

Practical Desi g n Examples


3/58

Autonomous System ( AS)Autonomous System ( AS)

AS 100AA

Collection of networks with same policy

Sin g le routin g protocol

Usually under sin g le administrative control

Identified by AS number (1 65535)Private ASNs from 64512 65535


4/58

AR INAR IN

A unique routin g policy (its

policy differs from its border g ateway peers)

A multi-homed site

ASN Re g istration Guidelines

http://www.arin.net


5/58

W hat is an IGP?W hat is an IGP?

Interior Gateway Protocol

W ithin an Autonomous System

Carries information aboutinternal prefixes

ExamplesOSPF, R IP, EIG RP


6/58

W hat is an EGP?W hat is an EGP?

Exterior Gateway Protocol

Used to convey routin g informationbetween Autonomous Systems

Decoupled from the IGP

Current EGP is BGP


7/58

Interior vs. Exterior Routin g Protocols

Interior vs. Exterior Routin g Protocols

Interior Automatic

discoveryGenerally trustyour IGProuters

Routes g o to allIGP routers

Exterior Specificallyconfi g ured peers

Connectin g withoutside networks

Set administrative

boundaries


8/58

W hy do we need an EGP?W hy do we need an EGP?

Scalin g to lar g e networkHierarchy

Limit scope of failure

Fast conver g enceNo manual reconfi g (static routes) - hi g hmaintenance

Complex Routin g PoliciesControl reachability to prefixes byselectin g outbound paths andannouncin g internal routes


9/58

NJED g eNJED g e

Member Remote

Network

Alternate ISP

NJED g e IntranetNJED g e Internet

Verizon

ATM


10/58

W hat is BGP?W hat is BGP?

Border Gateway Protocol, currentlyversion 4 defined in RFC 1771

Distance-vector routin g protocolrunnin g over TCP port 179

Supports classless routin g

Actually two protocols iBGP andeBGP


11/58

Internal BGPInternal BGP

AS 3847Wh en BGP speakers in t h e same AS form a BGP connection for th e purpose of exc h anging routinginformation, t h ey are said to berunning IBGP or internal BGP.

IBGP speakers are usually

fully-mes h ed.

B

A

c


12/58

External BGPExternal BGP

When BGP speakers in different ASs form a BGP connection for

th e purpose of exc h anging routinginformation, t h ey are said to berunning EBGP or external BGP.

EBGP peers are usually directlyconnected.

AS 109

AS 110

131.108.0.0

A

B

150.10.0.0

131.108.10.0.1

.2


13/58

Ag endaAg enda

BGP Fundamentals

BGP Attributes




14/58

BGP AttributesBGP Attributes

AS-pathOri g inNext-hopW ei g htLocal preferenceMulti Exit Discriminator (MED)Community


15/58

BGP AttributesBGP Attributes

1880

AS-Path

141.253.10.0/24

A

690 B

200C

1. Router A sends update for 141.253.10.0/24 with AS_P ATH: 1880

2. Router B sends updatefor 141.253.10.0/24 withAS_P ATH: 690 1880

3. Router C sends updatefor 141.253.10.0/24 withAS_P ATH: 200 690 1880

4.Router A will detect its

own AS number and willdiscard the update


16/58

AS-PathAS-Path

AS3847207.240.0.0/16 AS1673

140.222.0.0/16

AS701192.67.95.0/24AS3561

204.70.0.0/15

192.67.95.0/24 3847 701 i140.222.0.0 3847 1673 i204.70.0.0/15 3847 3561 i207.240.0.0/16 3847 i

AS6201

E

C

FG

D

B

Ashow ip bgp


17/58

AS-PathAS-Path

Sequence of ASNs a route hastraversed.

Provides a mechanism for loop detection

Shortest AS path preferred

Policies may be applied based on AS path


18/58

Ori g inOri g in

Order of preference:

IGP (i)

Route is interior to the ori g inatin g AS

Set with the Network statement under router BGP

EGP (e)

Route learned via EGP

Incomplete (?)Route redistributed from IGP


19/58

R outerB# show ip bgp

table version is 24, local router ID is 203.250.15.2Status codes: s suppressed, d damped, h history, * valid, >

best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path*> 192.208.10.0 192.208.10.5 0 0 300 i

Ori g inOri g in

AS 300

AS 200

192.208.10.5

AB

192.208.10.6


20/58

Next HopNext Hop

160.10.0.0/16

150.10.0.0/16

150.10.1.1 150.10.1.2

AS 100

AS 300AS 200

150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1

AA BB

Next hop IP address toreach a network

For EBGP usually the IP of the nei g hbor specified bythe neighbor remote-ascommand


21/58

Next HopNext Hop

160.10.0.0/16

150.10.0.0/16

150.10.1.2

AS 100

AS 300AS 200

AA BB

CC

150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1

150.10.1.1

W ith IBGP Next Hop doesnot chan g e

Ensure that router C canreach 150.10.1.1 via an IGP


22/58

W ei g htW ei g ht

Cisco proprietary

Local to router, not propa g ated in anyroutin g updates

Value 0-65535 (default if ori g inated byrouter - 32768, other - 0)

Hig hest wei g ht preferred

Rarely used


23/58

router bgp 300

neighbor 1.1.1.1 remote-as 100neighbor 1.1.1.1 weight 2000neighbor 2.2.2.2 remote-as 200neighbor 2.2.2.2 weight 1000

W ei g htW ei g ht


24/58

Local PreferenceLocal Preference

AS 400

AS 200

160.10.0.0/16AS 100

AS 300

160.10.0.0/16 150> 160.10.0.0/16 200

150 200 EE

BB

CC

AA

DD


25/58

Path with hi g hest local pref ispreferred (default = 100)

Unlike wei g ht, local pref advertisedto routers within the same AS(IBGP)

Often used attribute

Powerful attribute, comes beforeAS-Path len g th in the BGP selectional g orithm



26/58

router bgp 400

neighbor 3.3.3.4 remote-as 300neighbor 128.213.11.1 remote-as 400

bgp default local-preference 200



27/58

Multi-Exit Discriminator (MED)Multi-Exit Discriminator (MED)

AS 201

AS 200

192.68.1.0/24

CC

AA BB

192.68.1.0/24 1000192.68.1.0/24 2000


28/58

Lowest MED preferred

Used to convey the relative preference of entrypoints into an AS (Local Pref is outbound )

Influences best path selection after AS_P AT Hevaluation

Comparable if paths arefrom same AS. Use bgp always-compare-med

command to compare all MEDsAdvertised to external nei g hbors

Usually based on IGP metric



29/58

router bgp 300

neighbor 3.3.3.2 remote-as 100neighbor 3.3.3.2 route map SETMEDOUT outneighbor 1.1.1.1 remote-as 300

route-map SETMEDOUT permit 10set metric 200



30/58

BGP attribute

Used to g roup destinations

Useful in applyin g routin g policies

Represented as number(s) that g etstamped on BGP routes

Each destination could be member of multiple communities

Community attribute carried acrossAutonomous Systems

CommunitiesCommunities


31/58

router bgp 200

network 160.10.0.0neighbor 3.3.3.1 remote-as 300neighbor 3.3.3.1 send-communityneighbor 3.3.3.1 route-map SETCOMMUNITY outroute-map SETCOMMUNITY permit 10

match ip address 1set community no-export

route-map SETCOMMUNITY permit 20

access list 1 permit 0.0.0.0 255.255.255.255

CommunitiesCommunities

AS 200

AS 300

3.3.3.2 A

B

3.3.3.1

AS 100

160.10.0.0

C


32/58

Ag endaAg enda

BGP Fundamentals

BGP Attributes




33/58

BGP Path Selection Alg orithmBGP Path Selection Alg orithm

1. Do not consider IBGP pathif not synchronized

2. Do not consider path if noroute to next hop

3. Hig hest wei g ht (local to router)

4. Hig hest local preference

(g lobal within AS)5. Shortest AS path


34/58

BGP Path Selection Alg orithmBGP Path Selection Alg orithm

6. Lowest ori g in codeIGP < EGP < incomplete

7. Multi-Exit Discriminator Considered only if paths are from the same AS

8. Prefer EBGP path over IBGP path

9. Path with shortest next hopmetric wins

10. Lowest router-id


35/58

router bgp 256neighbor 3.3.3.4 remote-as 300route-map SETLOCALIN in

neighbor 128.213.11.1 remote-as 256ip as-path 7 permit ^300$

route-map SETLOCALIN permit 10 match as-path 7

set local-preference 200route-map SETLOCALIN permit 20

Route MapsRoute Maps


36/58

Route-maps are Ciscos mechanism to select and modify routeswith if/then style al g orithms.

For route-maps with the keyword permit, if the prefix bein g examined passes the match statement, the set commands areexecuted and the route-map is exited.

If the match statement is not passed, the next sequence number is executed.

If there are no more sequence numbers, the prefix isfiltered/dropped.

Route MapsRoute Maps

route-map SETLOCALIN permit 10 match as-path 7set local-preference 200

route-map SETLOCALIN permit 20


37/58

ip as-path 7 permit ^300$

. Period matches any sin g le character, includin g white space.* Asterisk matches 0 or more sequences of the pattern.

+ Plus si g n matches 1 or more sequences of the pattern.

? Question mark matches 0 or 1 occurrences of the pattern^ Caret matches the be g innin g of the input strin g .

$ Dollar si g n matches the end of the input strin g .

_ Underscore matches a comma (,), left brace ({), ri g ht brace (}) leftparenthesis, ri g ht parenthesis, the be g innin g or end of the input strin g ,or a space.

][ Square brackets desi g nate a ran g e of sin g le character patterns.

- Hyphen separates the endpoints of a ran g e.

These are much like standard vi re g ular expressions.

Cisco Re g ular ExpressionsCisco Re g ular Expressions


38/58

Cisco Re g ular ExpressionsCisco Re g ular Expressions

3847

6201

D

A

C

BE

701

F

6202

G

T h e following configuration could be used on router Bto accept routes from AS6201 & 6202 and deny all

oth ers.

ip as-path access-list 10 permit ^6201$ip as-path access-list 10 permit ^6201_6202$ip as-path access-list 10 deny .*


39/58

R outer A

router bgp 100

network 170.10.0.0neighbor 2.2.2.2 remote-as 200neighbor 2.2.2.2 route-map SETPATH out

route-map SETPATH permit 10set as-path prepend 100 100

AS-Path Paddin gAS-Path Paddin g

AS 400

AS 200

AS 100

AS 300

A


40/58

A way to g roup in a confi g uration template a set of nei g hborshavin g the same outbound policy.

Peer- g roups allow:

easier confi g uration (and maintenance) of BGPnei g hbors

better cpu/memory usa g e when g eneratin g updates

By g roupin g nei g hbors with common policy to g ether, routerscan save CPU by creatin g once a route object and thenadvertisin g that object to multiple peers.

Also, saves typin g :)

Peer GroupsPeer Groups


41/58

router bgp 300

neighbor EXTE R NALMAP peer-groupneighbor EXTE R NALMAP route-map SETMEDneighbor EXTE R NALMAP filter-list 1 outneighbor EXTE R NALMAP filter-list 2 inneighbor 2.2.2.2 remote-as 100neighbor 2.2.2.2 peer-group EXTE R NALMAPneighbor 4.4.4.2 remote-as 600neighbor 4.4.4.2 peer-group EXTE R NALMAP

neighbor 1.1.1.2 remote-as 200neighbor 1.1.1.2 peer-group EXTE R NALMAPneighbor 1.1.1.2 filter-list 3 in

Peer GroupsPeer Groups


42/58

Three ways to confi g ure routea gg re g ation

Redistribute static

Network mask command

Agg re g ate-address command

Agg re g ationAgg re g ation


43/58

router bgp 200

neighbor 3.3.3.1 remote-as 300redistribute static

ip route 160.0.0.0 255.0.0.0 null 0


Redistribute Static


44/58

router bgp 200

network 160.0.0.0 mask 255.0.0.0neighbor 3.3.3.1 remote-as 300

ip route 160.0.0.0 255.0.0.0 null 0


Network Mask


45/58

router bgp 200

network 160.0.0.0neighbor 3.3.3.1 remote-as 300

aggregate-address 160.0.0.0 255.0.0.0


Agg re g ate-address


46/58

router bgp 300

neighbor 3.3.3.3 remote-as 200neighbor 2.2.2.2 remote-as 100network 160.10.0.0aggregate-address 160.0.0.0 255.0.0.0 suppress-map CHECK

route-map CHECK permit 10 match ip address 1

access-list 1 deny 160.20.0.0 0.0.255.255access-list 1 permit 0.0.0.0 255.255.255.255


Suppress-map


47/58

Ag endaAg enda

BGP Fundamentals

BGP Attributes




48/58

Multi-homin g with two ISPsMulti-homin g with two ISPs

141.253.10.0/24

A

AS 100

ISP A

AS 200

CNJED g e Internet

B

10.10.10.10

20.20.20.20

AS 300

1.0.0.0 / 82.0.0.0 / 8

R isk of your AS becomin g a transit AS

f llf ll


49/58

router bgp 300

network 1.0.0.0network 2.0.0.0

neighbor 10.10.10.10 remote-as 100neighbor 10.10.10.10 route-map localonly outneighbor 20.20.20.20 remote-as 200neighbor 20.20.20.20 route-map localonly outip as-path access-list 10 permit ^$

route-map localonly permit 10 match as-path 10

Confi g uration to Receive FullInternet Routin g Table

Confi g uration to Receive FullInternet Routin g Table


50/58

router bgp 300

network 1.0.0.0network 2.0.0.0neighbor 10.10.10.10 remote-as 100neighbor 10.10.10.10 route-map localonly outneighbor 10.10.10.10 route-map as100only inneighbor 20.20.20.20 remote-as 200neighbor 20.20.20.20 route-map localonly outneighbor 20.20.20.20 route-map as200only inip as-path access-list 10 permit ^$ip as-path access-list 20 permit ^100$ip as-path access-list 30 permit ^200$route-map localonly permit 10

match as-path 10route-map as100only permit 10

match as-path 20R oute-map as200only permit 10

match as-path 30ip route 0.0.0.0 0.0.0.0 10.10.10.10

ip route 0.0.0.0 0.0.0.0 20.20.20.20

Confi g uration to Receive Directly-Connected Routes

Confi g uration to Receive Directly-Connected Routes

C fi i R iC fi i R i


51/58

router bgp 300network 1.0.0.0network 2.0.0.0neighbor 10.10.10.10 remote-as 100neighbor 10.10.10.10 route-map localonly outneighbor 10.10.10.10 prefix-list ABC inneighbor 20.20.20.20 remote-as 200neighbor 20.20.20.20 route-map localonly outneighbor 20.20.20.20 prefix-list ABC inip prefix-list ABC seq 5 permit 0.0.0.0/0

ip as-path access-list 10 permit ^$route-map localonly permit 10

match as-path 10

Confi g uration to ReceiveDefault Routes Only

Confi g uration to ReceiveDefault Routes Only

L d Sh i hL d Sh i h


52/58

Load Sharin g whenMulti-homed to Two ISPs

Load Sharin g whenMulti-homed to Two ISPs

AS 100

AS 300

ISP A Network

Internet

AS 400

10.10.10.0/2410.10.20.0/24

EE

BB

CC

AA

DD

IBGP

NJED g e Internet

Member Network


53/58

router eigrp 10network 175.220.0.0

router bgp 200neighbor 1.1.1.1 remote-as 300

neighbor 2.2.2.2 remote-as 200neighbor 1.1.1.1 distribute-list 1 outredistribute eigrp 10

access-list 1 permit 175.220.0.0 0.0.255.255

Redistributin g IGP into BGPRedistributin g IGP into BGP

Requires careful use of access lists to prevent routesfrom bein g injected back into BGP


54/58

router bgp 200network 175.220.0.0

neighbor 1.1.1.1 remote-as 300neighbor 2.2.2.2 remote-as 200

Redistributin g IGP into BGP(Preferred)

Redistributin g IGP into BGP(Preferred)

W orks for networks learned throu g h IGP or static routes

Use with aggregate-address command if necessary


55/58

Redistributin g BGP into IGPRedistributin g BGP into IGP

Normally avoided because too many routes wouldbe injected into the IGP

Common desi g n is to redistribute one or two

routes and make them exterior routesOr, have your BGP router g enerate default for your autonomous systemW hen redistributin g from BGP into IGP, only

routes learned usin g EBGP g et redistributed


56/58

Cisco RoutersCisco Routers

Cant run full BGP -

2500

4000/4000M/4500/4500M

Can run full BGP (64 MB)-2600

3620/3640/3660

4700M

7206

7000

7500


57/58

Best PracticesBest PracticesPeer IBGP routers usin g loopback address

neighbor 1.1.1.1 update-source loopback0

BGP soft-reconfi gAllows confi g chan g es w/o clearin g nei g hbor Inbound: neighbor 1.1.1.1 soft-reconfiguration inbound Outbound: no confi g uration necessaryclear ip bgp 1.1.1.1 soft (in/out)

Route Refresh Capability IOS 12.0(1.0.4)S and later

bgp dampening commandSuppress flappin g routes (hi g h CPU utilization)

For EBGP onlyAlternate paths still usableUse judiciously!

bgp log-neighbor-changesUsed to lo g nei g hbor up/down events and resets


58/58

Copy of Lfernandes Bgp 111401

Documents

Transcript of Copy of Lfernandes Bgp 111401