BGP-v4 - University of Belgradetelekomunikacije.etf.bg.ac.rs/predmeti/ot4ai/BGP4-v2-za_stampu.pdf · BGP-v4 Theory and Practice ... • Full global IP routing table (has 242485 routes)

1

1

BGP-v4Theory and Practice

Dr Nenad Krajnović

[email protected]

2

BGP-4Border Gateway Protocol

(Principles of Operation)

3

BGP-4(Border Gateway Protocol - RFC 1771, 4271)

• Exchanges inter-AS routing information, between two routers in

the same or different AS (BGP speakers, border routers, peers).

• A TCP connection (port 179) must be established between peers.

• Upon startup, the whole (or partial routing table) is exchanged.

• Later, only incremental NLRI is exchanged, depending on inter-

AS link states.

• Supports policy-based routing (policies).

• All routing policies, based on the hop-by-hop paradigm are

supported by the BGP-4.

• Supports route aggregation, saving router memory and inter-AS

communication link bandwidth usage.

• Supports CIDR.

2

4

BGP-4 - Messages

• BGP-4 uses four standard types of messages:

– OPEN - used to negotiate neighbor parameters.

– UPDATE - used to exchange NLRI between the BGP speakers.

– NOTIFICATION - used to report errors.

– KEEPALIVE - used to check inter-BGP-speaker link availability.

• OPEN - contains: version, AS number, hold time, router ID

(highest IP address on the router, or highest loopback address).

• NOTIFICATION - contains the error code.

• KEEPALIVE - sent periodically to assure availability of the link

between BGP speakers, at rate less than hold timer. If hold timer

expires, the BGP session is closed and the routes withdrawn.

• UPDATE - used to exchange NLRI.

5

BGP-4 Message header format

MarkerMarker ((16 octets16 octets))All bits must be set to 1.All bits must be set to 1.LengthLength ((2 octets2 octets)) TypeType ((1 octet1 octet))

Type codes:1 – OPEN message2 – UPDATE message3 – NOTIFICATION message4 – KEEPALIVE message

6

How BGP-4 Works?

• Two BGP speakers, located in the same or different AS’s establish a TCP connection

(port 179).

• The BGP speakers exchange OPEN messages, to negotiate parameters.

• If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is

sent back.

• Initially, the whole routing table is exchanged. Later, only incremental changes are

being exchanged.

• Upon receiving an update, a BGP speaker decides whether to accept it or not and

whether or not to announce it further.

• Data used in decision-making process are:

– Route to the destination already existing in the routing table (if it does exist).

– Routing policies, set locally by the network administration.

– Routing policies, set by the neighbor network administrators.

• Decision-making process might result in

– Installing a new route in the routing table

– Ignoring the update, but announcing it further.

– Total ignorance of the update, without announcing it further.

3

7

BGP-4 – OPEN Message format

BGP Identifier (4)BGP Identifier (4)

My Autonomous SystemMy Autonomous System (2)(2)

OptOpt Param LenParam Len (1)(1)

VersionVersion (1)(1)

Hold TimeHold Time (2)(2)

Optional parameters (variable)Optional parameters (variable)

BGPBGP--4 standard header4 standard header ((19 octets19 octets))

8

UPDATE Message Format

Message header

WL <- Widthdrawn route list length (2 bytes)

<- Path attributes list length (2 bytes)PL

Route 1 Route 2 Route 3

Path Attribute 1 Path Attribute 2 Path Attribute 3

NLRI route 1 NLRI route 2 NLRI route 3

Route format: Prefix length Prefix address

...

...

...

AS_PATH: Flags 2 #AS's ...AS 1 AS 2

9

BGP Path Attributes

• Attributes - set of parameters used to keep track of route-specific

information (path, route preferences, next hop, aggregation etc.).

• Used in decision-making process of a BGP process on the routers.

• Format: attribute typeattribute type, , attribute lengthattribute length, , attribute valueattribute value

• Well-known attributes - must be supported by all implementations:

– Well-known mandatory - must be present in each update (e.g. AS path)

– Well-known discretionary - may or may not be present in each update

• Optional attributes - not required by all BGP implementations:

– Optional transitive - the attribute must be passed to other BGP speakers.

– Optional non-transitive - should be ignored and not passed to others.

4

10

Review of BGP Path Attributes

Code Attribute Name Cat. Short description

1 Origin WK-M Origin of info (IGP/EGP/incomplete)

2 AS_Path WK-M List of traversed AS numbers

3 Next_hop WK-M IP address of next hop to destination

4 Multi_exit_disc Opt-NT Advise other AS on path selection

5 Local_pref WK-D Used in path select. within a local AS

6 Atomic_aggr WK-D Used to control route aggregation

7 Aggregator Opt-T Used to control route aggregation

8 Community Opt-T Grouping of routes with same policies

11

Basic Mode of Operation

AS 286

AS 27

AS 5377

AS 3 AS 11

147.91 /16

Path: 286

147.91 /16

Path: 286

147.91 /16

Path: 3 - 286

147.91 /16

Path: 11 - 3 - 286

147.91 /16

Path: 27 - 286

147.91 /16

Path: 27 - 286

147.91 /16

Path: 27 - 3 - 286

12

Basic Routing Configurations

AS 2

AS 27

AS 5377

AS 3 AS 11

Stub ASStub ASOnly one

neighbor AS

MultiMulti--homed AShomed ASMultiple neighbors, no transit!

Transit ASTransit ASFull transit

5

13

Stub AS

Customer

AS 6701AS 670110.91 /1610.91 /16

172.16.64 /18172.16.64 /18

ISP

AS 27AS 27

• Customer AS 6701 must be “visible” from the Internet.

• Thus, AS6701 has to announce its IP networks to AS 27.

• That will allow incoming traffic to 6701 to flow.

• The ISP AS27AS27 must provide enough information to AS6701.

• Thus, they will have to announce ANY information they have.

• Alterately, they will announce a default route only.

14

Stub AS - a Better Approach

Customer

AS 65500AS 6550010.91 /1610.91 /16

172.16.64 /18172.16.64 /18

ISP

AS 27AS 27

• AS numbers are a limited resource (only 65535 numbers!).

• IANA has reserved the range 64512 64512 -- 6553565535 for private AS’s.

• Private AS numbers do not get included in the AS path attribute.

• Thus, the customer might want to use a private AS number (say, AS65500AS65500).

• The customer will announce their networks to the ISP (AS27AS27).

• Since the private AS number is ignored, all routing information will look like it

originated from AS27.

Announce10.91/16

172.16.64/18

origin: AS27origin: AS27

15

Stub AS - the Best Solution

ISP

AS 27AS 27• Running BGP-4 with a stub AS is not recommended at all.

• In the stub AS case, BGP-4 only wastes link bandwidth!

• Recommended solution:

– place the customer’s network in the ISP AS (AS 27).

– the customer will announce routes to the ISP using an IGP, or the ISP will

use static routes to the customer.

– the customer will place a default (0.0.0.0/0) route to the ISP.

Customer10.91 /1610.91 /16

172.16.64 /18172.16.64 /18

6

16

Multi-homed Non-transit AS

AS 27 AS 12 AS 5377

Task:

• AS12 wants to use links to AS27 and AS5377 for load balancing.

• AS12 doesn’t want to allow traffic from AS5377 to AS27 to pass through it.

•• AS12 will announce its networks only to AS 27 and AS 5377.AS12 will announce its networks only to AS 27 and AS 5377.

• AS27 and AS5377 must provide full routing information they have to AS12.

• Full global IP routing table (has 242485 routes) is necessary for load sharing!

• It is also possible to have partial IP routing information.

•• Partial or full routing information must be announced by both AS27 and AS5377.Partial or full routing information must be announced by both AS27 and AS5377.

17

Preventing Dirty Games

AS 27AS 2710.12/16

AS 12AS 1210.1/1610.1/16

AS 5377AS 537710.91/16

Task:

• AS12 doesn’t want to allow traffic from AS5377 to AS27 to pass through it.

Problem:

• AS27 and AS5377 may place static routes to each other and to “cheat” on AS12.

Static route to 10.91 /16Static route to 10.91 /16

Static route to 10.12 /16Static route to 10.12 /16

Solution:

• Apply “accessaccess--class 101 inclass 101 in” on the interfaces to both ISP’s (AS27, AS5377).

• The access-list 101 would be of the form:

access-list 101 permit ip any 10.1.0.0 0.0.255.255

access-list 101 deny ip any any

18

Transit AS

• Transit may be full or restricted.

• Full transit assumes passing traffic from any AS to any other AS.

• Restricted transit assumes passing traffic coming from certain AS’s to certain

other AS’s.

• Transit routing policies need not to be symmetrical, though it is desirable they

are. Examples:

– Consider AS12, passing traffic between AS27 and AS5377.

– AS12 may want to pass traffic from AS27 to AS5377, but not in the opposite way.

– AS12 may want to pass traffic from AS4, coming through AS27 to AS5377.

AS 27AS 2710.12/16

AS 12AS 1210.1/1610.1/16

AS 5377AS 537710.91/16

AS 4AS 4

7

19

Transit AS - an Example

Task:

• To AS5377, AS12 wants to provide transit service for AS27 and AS4.

• To AS27, AS12 wants to provide transit service for AS5377, but not for AS5.

• AS12 itself will use both links to AS27 and AS5377, with default to AS27.

AS 27AS 2710.12/16

AS 12AS 1210.1/1610.1/16

AS 5377AS 537710.91/16

AS 4AS 4 AS 5AS 5

Solution:

• To AS5377, AS12 will announce all routes from AS27 and AS4.

• To AS27, AS12 will announce all routes from AS5377, but not routes from AS5.

• Accept anything AS27 and AS5377 announce, except default from AS5377.

• Accept default route from AS27.

announce

AS27, AS4AS27, AS4

announce

AS5377AS5377

20

Basic BGP-4 Routing Configurations

Review

• Stub AS:

– Standalone AS, connected to its neighbor using a single logical link.

– Explicitly forbidden (RFC 1930RFC 1930), except as a temporary solution in the initial

phase of a new AS setup.

– If BGP is needed anyway, use a private AS number (64512-65536)!

• Multi-homed, non-transit AS:

– Customer AS X, connected to two or more different AS’s.

– Transit from one neighbor network to another using AS X is not allowed!

• Tranzitni AS (Transit AS):

– Customer AS X, connected to two or more different AS’s.

– The customer allows partial or full transit to its neighbors.

– Backbone ISP’s orpeate in full-transit mode, to ensure global connectivity.

21

BGP-4Border Gateway Protocol

(Setting up and Running)

8

22

Scope of this Section

• Setting up a BGP-4 connection between peer routers

• Passing BGP-4 information inside of the AS

• Injecting routing information into BGP

• Decision-making process

• BGP attributes and their usage

• Path Selection Criteria.

23

Establishing a BGP-4 Session

• That is not always possible:

– some AS’s have multiple exit points

– some routers cannot run BGP

• BGP-4 peer routers must be

directly physically connected!

AS1AS1 AS3AS3AS2AS2

• Possible solutions:

– Internal BGP (IBGP)

– External BGP (EBGP) multi-hop

AS1AS1 AS3AS3

AS2AS2

AS1AS1 AS3AS3

AS2AS2

24

BGP basic configuration

router bgp autonomous_system_number

enable BGP routing process

network network_number mask network_mask

define network which will be advertised

neighbor neighbor_IP_address remote_as AS_number

define neighbor and his AS number

Basic commands to activate peer connection:

9

25

AS 65300AS 65400

RTR BRTR A

router bgp 65300network 192.168.1.0 mask 255.255.255.0neighbor 192.168.5.2 remote-as 65400

router bgp 65400network 192.168.4.0 mask 255.255.255.0neighbor 192.168.5.1 remote-as 65300

192.168.4.0/24192.168.1.0/24

192.168.5.1

192.168.5.2

EBGPEBGP

BGP basic configuration - EBGP

26

AS 65300

router bgp 65300neighbor 192.168.5.2 remote-as 65300

192.168.4.0/24

192.168.5.1

192.168.5.2

BGP basic configuration - IBGP

IBGPIBGP

27

Sometimes, two EBGP speakers cannot be directly

connected, or we like to use IP address of the

loopback interface as a next hop.

In those situations, we must use multi hop option.

neighbor IP_address ebgp-multihopdefine that neighbor is NOT directly connected

neighbor IP_address update-source interface

define another IP address source

You must ensure visibility of other address!


10

28

AS 65400

router bgp 65100neighbor 192.168.3.2 remote-as 65400neighbor 192.168.3.2 update-source loopback 0

192.168.4.0/24

AS 65100192.168.1.0/24

Loopback Interface 0172.16.1.1

router bgp 65400neighbor 172.16.1.1 remote-as 65100neighbor 172.16.1.1 ebgp-multihop

!ip route 172.16.1.1 255.255.255.255 serial 0

Serial 0192.168.3.2

192.168.3.1

BGP basic configuration - using other IP address for peering

29

AS 65300

router bgp 65300neighbor 192.168.3.1 remote-as 65100neighbor 192.168.3.1 ebgp-multihopneighbor 192.168.3.1 update-source loopback0

192.168.5.1

192.168.5.2

EBGP

AS 65100

router bgp 65100neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihop

!ip route 172.16.1.1 255.255.255.255 serial0

192.168.3.2

192.168.3.1


!

BGP basic configuration - BGP multihop

30

Passing BGP Information

Inside an AS

• An AS might have a single or (more often) multiple exit points.

• Information learnt via BGP-4 from one exit point must be passed

along the AS to all other exit points.

• This can be done using two different approaches:

–– Establish an internal BGP (IBGP) session between border routers.Establish an internal BGP (IBGP) session between border routers.

–– Redistribute BGP information into an IGP on entry and back to BGP on exit.Redistribute BGP information into an IGP on entry and back to BGP on exit.

• The first approach is better, since it preserves route attributes.

• The latter approach might result in complete loss of BGP attributes.

• Two basic rules are applied when passing BGP information out:

–– Do not advertise a network without checking whether it is internally Do not advertise a network without checking whether it is internally

reachable within the AS.reachable within the AS.

–– Do not advertise an external route, until all routers within AS don’t learn it Do not advertise an external route, until all routers within AS don’t learn it

(the rule of (the rule of SynchronizationSynchronization)!)!

11

31

External and Internal BGP(EBGP, IBGP)

AS 2

AS 27

AS 5377

AS 11

External BGPExternal BGPPeering between

different AS’s

??

Internal BGPInternal BGPPeering inside of an

AS

32

Another Solution - Use of an IGP(OSPF, RIPv1, RIPv2 …)

AS 2

AS 27

AS 5377

AS 11

External BGPExternal BGPPeering between

different AS’s

IGP (RIP, OSPF)IGP (RIP, OSPF)Routing information

exchange using IGP’s

External BGPExternal BGPBGP attributes

received from AS2

are lost !!!

33

BGP Continuity Inside of an AS

• To avoid routing loops inside the AS, BGP does not advertise routes learnt from

other IBGP peers to other internal BGP peers.

– Router A will advertise its EBGP routes to B, but B won’t pass them to C.

– Router C will advertise its EBGP routes to B, but B won’t pass them to A.

– Router B will advertise its EBGP routes to A and C.

• Apparently, there is a need for an IBGP session between routers A and C!

AA

BB

CC

IBGPIBGP IBGPIBGP

EBGPEBGP EBGPEBGP

EBGPEBGP

The IBGP sessions must be fullyThe IBGP sessions must be fully--meshed inside an AS!meshed inside an AS!

IBGPIBGP

12

34

Synchronization Within an AS

IBGPIBGP

• Router A receives update for 10.91/1610.91/16, via EBGP from its neighbor.

• Router A passes the update to the router C, using the existing IBGP session.

• Router C passes the update to its neighbor, router D, using EBGP.

• Upon receiving update, router D can send traffic for 10.91/1610.91/16 via router C.

• Router C receives this and passes it to router B3, which doesn’t know of 10.91/1610.91/16!

AA

B1B1

CC

EBGPEBGP

EBGPEBGP

B2B2B3B3

10.91/1610.91/16

10.91/1610.91/16

DD

BGP BGP must notmust not advertise a route outside the AS, until the route isadvertise a route outside the AS, until the route is

learnt by all routers within the AS, either statically or by IGP!learnt by all routers within the AS, either statically or by IGP!

This default behaviour may be turned off, if needed!This default behaviour may be turned off, if needed!

35

BGP and IGP synchronization

With no synchronization command you can turn off

synchronization between BGP and IGP process.

Synchronization is very important in situation where

you have IBGP connection through router which is

NOT running IBGP.

BGP basic configuration - synchronization

36

AS 65300

AS 65400router bgp 65300neighbor 192.168.3.2 remote-as 65100neighbor 192.168.5.9 remote-as 65300no synchronization

192.168.4.0/24

192.168.5.1

192.168.5.2

IGP IGP

IBGP

EBGP

AS 65100

EBGP

192.168.1.0/24

routing table:

0.0.0.0 192.168.5.1

192.168.5.10

192.168.5.9

To:

192.168.4.1

WITHOUTWITHOUT synchronization


192.168.3.1

192.168.3.2

13

37

AS 65300

AS 65400router bgp 65300neighbor 192.168.3.2 remote-as 65100neighbor 192.168.5.9 remote-as 65300

192.168.4.0/24

192.168.5.1

192.168.5.2

IGP IGP

IBGP

EBGP

AS 65100

192.168.1.0/24

routing table:

0.0.0.0 192.168.5.1

To:

192.168.4.1

EBGP

192.168.5.10

192.168.5.9

WITHWITH synchronization


192.168.3.1

192.168.3.2

38

Injecting Routes into BGP

• Routes may be injected into BGP:

– Statically (redistribute static)

– Semidynamically (network command)

– Dynamically (from an IGP)

• Statically injected routes are stable, but it must be assured that the

route goes down when the link goes down (interface-associated).

• Semidynamic method is more effective - it allows injection of a

selected set of IGP routes. This method assures good stability!

• Dynamical injection of the whole IGP routing table is not

recommended, unless there is a substantial degree of control within

the AS and there is a large number of network prefixes.

39

Common Injection Problems

• Injection of private IP addresses (RFC 1918)

• Injection of reserved and unallocated addresses

• Injection of small networks, filtered by some backbone ISP’s

• Injection of a classful network - lack of “ip classless” command

– Best known case - network 62/8, upon startup of its exploatation.

• Unstable routes, route flapping

• Paperwork and procedural problems

– Injection without proper documenting in an Internet routing registry (IRR)

– Inconsistency between the data in the IRR and the applied routing policy

– Changing routing policy, without notificating ANS.

14

40

BGP basic configuration - injecting information

Information about networks can be injected via 3

different ways:

� with network command - this is only possibilityonly possibility to

announce a network; network will be announced only

if router know how to route this network

� with redistribute static routes

� with redistribute from some IGP protocol

41

BGP basic configuration - injecting information

AS 65100

router bgp 65100neighbor 172.16.1.1 remote-as 65300network 192.168.2.0 mask 255.255.255.0redistribute staticredistribute ospf 16

!ip route 192.168.40.0 255.255.255.0 1.1.1.2!router ospf 16network 1.1.0.0 255.255.0.0 area 0

1.1.1.0/24

AS 65300

172.16.1.2172.16.1.1

42

Backdoors

• Learning of routing

information from different

routing protocols is very

common.

• For example, the same route

(say, 10.91/1610.91/16) may be learnt

via BGP (from another BGP

speaker), OSPF (from a router

inside of AS), static route etc.

• Table of precedence is given

on the left - less distance, more

preference. The values are

changeable.

Protocol Distance

Direct 0

Static 1

EBGP 20

EIGRP (int.) 90

IGRP 100

OSPF 110

ISIS 115

RIP 120

EGP 140

EIGRP (ext.) 170

IBGP 200

BGP Local 200

Unknown 255

15

43

Backdoors - Example

• Routers A, B and C learn about the same route (10.1/1610.1/16) using EBGP sessions.

• However, a direct line between border routers A and C is established.

• If the routing information between A and C is exchanged using OSPF, then:

– Router B will announce 10.1/1610.1/16 to C, distance value being 2020.

– Router A will annoucne 10.1/1610.1/16 to C, using OSPF, distance value being 110110.

– Thus, route via AS2 and router B will always have a precedence.

• This can be changed used a “network a.b.c.d backdoor” command, which raises

distance value to 200, placing it less preferred than OSPF.

AA

BB

CC

10.1/1610.1/16

EBGPEBGP10.1/1610.1/16

EBGPEBGP

10.1/1610.1/16

OSPFOSPF

AS 1AS 1

AS 2AS 2

AS 3AS 3

10.1/1610.1/16

44

Decision-making Process

• The router receives a pool of routes from its peers, by BGP updates.

• Input policies are being performed to filter-out update messages.

• BGP routing table is being updated and the best route selected.

• The best route gets installed in the IP routing table.

• A set of output policies is being used to determine what routes

should be advertised further, with what attributes.

Input

policies

BGPBGP

routingrouting

tabletable

IP

routing

table

Output

policiesUpdatesUpdates

BGP attributes BGP attributes -- play the most important role in theplay the most important role in the

route selection process!route selection process!

45

BGP Path Attributes

• Attributes - set of parameters used to keep track of route-specific

information (path, route preferences, next hop, aggregation etc.).

• Used in decision-making process of a BGP process on the routers.

• Format: attribute typeattribute type, , attribute lengthattribute length, , attribute valueattribute value

• Well-known attributes - must be supported by all implementations:

– Well-known mandatory - must be present in each update (e.g. AS path)

– Well-known discretionary - may or may not be present in each update

• Optional attributes - not required by all BGP implementations:

– Optional transitive - the attribute must be passed to other BGP speakers.

– Optional non-transitive - should be ignored and not passed to others.

16

46

NEXT_HOP Attribute

• With most IGPs, the next hop to a route is the IP address of the

connected interface of the router that has announced the route.

• When speaking of BGP, the next hop is:

– EBGP - the IP address of the neighbor that announced the route.

– IBGP -

– For routes originated inside the AS - the IP address of the

neighbor that announced the route.

– For routes outside the AS (that came via EBGP) - the next

hop is carried unaltered (IP address of the external neighbor).

– On multiaccess media - the IP address of the interface connected

to the media.

47

NEXT_HOP - Example

• Router C runs an EBGP session with router D and learns the route 10.91.8/2410.91.8/24.

– Since this is an EBGP-learnt route, the next hop will be 1.1.1.11.1.1.1 (neighbor D interface)

• Router A runs an IBGP session with router C and learns the route 10.91.1/2410.91.1/24.

– Since this is an IBGP-learnt route, locally originated, the next hop will be 2.2.2.22.2.2.2 .

• Router A also learns the route the route 10.91.8/2410.91.8/24 from the router C.

– Since this is an IBGP-learnt route, externally originated, the next hop will be 1.1.1.11.1.1.1.

DD

AA

BB

CC

IBGPIBGP

10.91.1/2410.91.1/24

10.91.8/2410.91.8/24

1.1.1.11.1.1.1

2.2.2.22.2.2.2

3.3.3.33.3.3.3

48

NEXT_HOP and Multi-access Media

• Router C learns the route to 11.1.2/2411.1.2/24 from router A, using OSPF.

• Router B runs an EBGP session with router C and learns the route 11.1.2/2411.1.2/24.

• Question: What is the next hop to 11.1.2/2411.1.2/24? Router C?

• Answer: Nope! Router A (10.91.8.310.91.8.3!).

CC

10.91.8.110.91.8.1

EBGPEBGP

11.1.2/2411.1.2/24

10.91.8.310.91.8.3

BBAA

10.91.8.210.91.8.2

OSPFOSPF

On multi-access media (Ethernet, FDDI etc.) a router should

advertise the actual source of the route as the next hop, if

the source is on the same multi-access media as the router!

17

49

NEXT_HOP and NBMA (FR, ATM)

• Router B learns the route to the network 11.11.11/2411.11.11/24 from C by OSPF.

• If nothing specified, router B will advertise 11.11.11/2411.11.11/24 to A by BGP, placing the

address of router C (10.91.1.310.91.1.3) as the next hop.

• Routers A and C are not directly connected by a PVC and this will fail.

• Solution: the router B should always install itself as the next hop for routes

learnt from the router C. This is done by using “next-hop-self”

parameter in the “neighbor” command.

CC

10.91.1.210.91.1.2

10.91.1.110.91.1.1

BB

AA

11.11.11/2411.11.11/24

Frame RelayNetwork

10.91.1.310.91.1.3

50

BGP basic configuration - next hop attribute

Next hopNext hop attribute is defining next hop interface to reach IP

address (network).

In BGP, next hop attribute is taking 3 different values:

� EBGP - the next hop is the IP address of the neighbor that

announced the route

� IBGP - for routes originated inside the AS, the next hop is the IP

address of the neighbor that announced the route

� IBGP - for routes injected into the AS via EBGP, the next hop is

the IP address of the EBGP neighbor from which the route was

learned

� when the route is advertised on a multiaccess media, the next

hop is the IP address of interface of router, connected to that

media, that originated the route

51


Inside an AS, in some situation it is necessary to modify

value of next hop attribute. This is very important

attribute for network reachability, especially if we

redistribute BGP information in IGP protocol.

Next hopNext hop attribute can be modified with:

neighbor {ip-address | peer-group-name} next-hop-self

Next hopNext hop attribute

18

52


AS 65100

1.1.1.0/241.1.1.0/24

AS 65300

172.16.1.1

172.16.1.2

EBGPIBGP

192.168.3.1

Serial 0192.168.3.2

with defaultwith default next hop attribute value

router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300no synchronization

routing table:dest. next hop1.1.1.0/24 172.16.1.2192.168.3.0/24 Serial 0172.16.1.0/24 ?????

53


AS 65100

1.1.1.0/241.1.1.0/24

AS 65300

172.16.1.1

172.16.1.2

EBGPIBGP

192.168.3.1

Serial 0192.168.3.2

with modifiedwith modified next hop attribute value

router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300neighbor 192.168.3.2 nextneighbor 192.168.3.2 next--hophop--selfselfno synchronization

routing table:dest. next hop1.1.1.0/24 192.168.3.1192.168.3.1192.168.3.0/24 Serial 0

54

AS_Path Attribute

• Sequence of AS numbers a route has traversed to reach a destination

• The AS originating the route adds its own AS number and forwards

the update further.

• Each AS, receiving the update add (prepend) its own AS number at

the beginning of the sequence and forwards the update further.

• At the end, each route will contain the sequence of AS numbers the

update message has traversed. The shortest AS path is preferredThe shortest AS path is preferred!

• To prevent routing loops, if an AS finds itself prior in the AS

sequence (which means that update traversed it once) - it will discard

the update and stop forwarding it further.

• When traversing through the same AS (IBGP), AS_Path is left

untouched.

19

55

AS_Path - Example

AS 286

AS 27

AS 5377

AS 3 AS 11

147.91 /16

Path: 286

147.91 /16

Path: 286

147.91 /16

Path: 3 - 286

147.91 /16

Path: 11 - 3 - 286

147.91 /16

Path: 27 - 286

147.91 /16

Path: 27 - 286

147.91 /16

Path: 27 - 3 - 286

56

AS_Path Prepending

• From AS12, there are two paths to AS300. Path 400 - 300 is better.

• However, the administrator might want to prefer the other path.

• There are many ways to do so, of which AS number prepending is

the most simple one.

AS 12AS 12

AS 100AS 100

AS 400AS 400

AS 200AS 200

AS 300AS 300

10.91 /1610.91 /16

300300

10.91 /1610.91 /16

30030010.91 /1610.91 /16

400 300400 300

10.91 /1610.91 /16

200 300200 300

57

AS_Path Prepending

• When an update wants to leave the AS, AS number is prepended.

• That number might be prepended multiple times.

• For example, let’s prepend AS300 three times (300 300 300300 300 300).

• Now, instead of 400 300400 300, at AS12 we have 400 300400 300 300 300 300300 300 300.

• Automatically, the other path (100 200 300100 200 300) will be shorter.

AS 12AS 12

AS 100AS 100

AS 400AS 400

AS 200AS 200

AS 300AS 300

10.91 /1610.91 /16

300300

10.91 /1610.91 /16

300 300 300 300 300300 300 300

10.91 /1610.91 /16

200 300200 300

10.91 /1610.91 /16

400 300 400 300 300 300 300300 300 300

20

58

Local Preference Attribute

• Degree of preference given to a route to compare it with other routes

for the same destination. The highest local preference is preferredThe highest local preference is preferred!

• This attribute is defined locally in the AS.

• This attribute is valid for all BGP speakers within the same AS.

• It is being exchanged normally via IBGP, but not via EBGP.

• Used to set the exit point from the AS for a certain destination.

• It affects outgoingoutgoing traffic from the AS only. Incoming traffic will

still have a possibility to reach from an arbitary AS entry/exit point

(unless AS path prepending or similar technique is not applied).

• Cisco Systems have defined a similar attribute, but valid for the local

BGP speaker only - not exchanged even with other speakers in the

same AS. It’s called WEIGHT attribute.

59

Local preference - Example

• Both AS200 and AS300 offer the route 10.91/1610.91/16.

• However, the path to AS300 may be preferred (higher bandwidth).

• The administrator of the router A sets local_pref 200 for that route.

• The administrator of the router B sets local_pref 300 for that route.

• A and B exchange local_pref attributes and agree on preference.

• Incoming traffic may go via either link - local_pref doesn’t have any impact on it!

AS 12AS 12

ISP A

AS 100AS 100

ISP B

AS 300AS 300

NN

AA

PP

AS500AS50010.91/1610.91/16

10.91 /1610.91 /16

Local pref = 200Local pref = 200

10.91 /1610.91 /16

Local pref = 300Local pref = 300

10.91/1610.91/16

10.91/1610.91/16

AA

BB

60

BGP basic configuration - attributes

Local preferenceLocal preference attribute can be modified through route

map with:

set local-preference value

or with

bgp default local-preference value

�Local preference attribute is part of the routing update

and is exchanged among routers in the samein the same AS.

21

61

BGP basic configuration - local preference attribute

AS 1

10.4.4.0/24

AS 5AS 6

AS 3

1.1.1.11.1.2.1

1.1.1.21.1.2.2

1.1.3.1

router bgp 3neighbor 1.1.2.1 remote-as 6neighbor 1.1.3.1 remote-as 3bgp default local-preference 200

router bgp 3neighbor 1.1.1.1 remote-as 5neighbor 1.1.3.2 remote-as 3bgp default local-preference 150router# show ip bgp

BGP table version 9, local router ID is 1.1.3.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 150 5 1 i*> 10.4.4.0/24 1.1.2.1 0 200 6 1 i

1.1.3.2

62

BGP basic configuration - local preference attribute

AS 1

10.4.4.0/24

AS 5AS 6

AS 3

1.1.1.11.1.2.1

1.1.1.21.1.2.2

1.1.3.1

router bgp 3neighbor 1.1.3.1 remote-as 3neighbor 1.1.2.1 remote-as 6 neighbor 1.1.2.1 route-map SD in

ip as-path 7 permit ^6 ?[0-9]*$route-map SD permit 10match as-path 7set local-preference 300

route-map SD permit 20

1.1.3.2

router# show ip bgpBGP table version 9, local router ID is 1.1.3.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 100 5 1 i*> 10.4.4.0/24 1.1.2.1 0 300 6 1 i

63

Function Examples

. Matches any single character. 0.0 matches 0x0 and 020

t..t matches strings such as test, text, and tart

\ Matches the character following the backslash. Also matches (escapes) special characters.

172\.1\.. matches 172.1.10.10 but not 172.12.0.0

\. allows a period to be matched as a period

[ ] Matches the characters or a range of characters separated by a hyphen, within left and right square brackets.

[02468a-z] matches 0, 4, and w, but not 1, 9, or K

^ Matches the character or null string at the beginning of an input string. ^123 matches 1234, but not 01234

? Matches zero or one occurrence of the pattern. (Precede the question mark with Ctrl-V sequence to prevent it from being interpreted as a help command.)

ba?b matches bb and bab

$ Matches the character or null string at the end of an input string. 123$ matches 0123, but not 1234

* Matches zero or more sequences of the character preceding the asterisk. Also acts as a wildcard for matching any number of characters.

5* matches any occurrence of the number 5 including none

18\..* matches the characters 18. and any characters that follow 18.

+ Matches one or more sequences of the character preceding the plus sign.

8+ requires there to be at least one number 8 in the string to be matched

() []

Nest characters for matching. Separate endpoints of a range with a dash (-).

(17)* matches any number of the two-character string 17

([A-Za-z][0-9])+ matches one or more instances of letter-digit pairs: b8 and W4, as examples

| Concatenates constructs. Matches one of the characters or character patterns on either side of the vertical bar.

A(B|C)D matches ABD and ACD, but not AD, ABCD, ABBD, or ACCD

_ Replaces a long regular expression list by matching a comma (,), left brace ({), right brace (}), the beginning of the input string, the end of the input string, or a space.

The characters _1300_ can match any of the following strings:

^1300$ ,1300,

^1300space {1300}

space1300 {1300,

Formati za regular expression

22

64

BGP basic configuration - local-preference attribute

AS 65100

1.1.1.0/241.1.1.0/24

AS 65300

172.16.1.1

172.16.1.2

EBGPIBGP

192.168.3.1

Serial 0192.168.3.2

router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300bgp default localbgp default local--preference 200preference 200

BGP table:dest. local preference1.1.1.0/24 200200

65

Multi-exit Discriminator (MED)

• Hint to external neighbors about the preferred path into an AS with

multiple exit points. The lowest MED is preferredThe lowest MED is preferred!

• Exchanged between AS’s.

• Not transitive - once it enters an AS it doesn’t get transmitted in the

further updates to other neighbors!

• When the route is originated by the AS itself, MED for it follows its

IGP metric, which is useful for multiple connections to the same ISP.

• At the same time, MED’s reflect the internal topology of an AS.

• Only MED’s for paths from the same neighbor AS are compared.

This behaviour may be changed by using “always-compare-med”.

66

MED - Example

• Routers C and D (AS500AS500), as well as router B (AS20AS20) offer the route to 10.91/1610.91/16.

• Normally, router A will compare MED’s from routers C and D (AS500AS500 only!).

• The router A will chose MED=120 and, therefore, the route via the router C.

• If “always-compare-med” is used, it will also take into account router B MED.

• In that case the router A will chose MED=50 and, thus, the route via the router B.

AS10AS10

AS500AS500

AS20AS20MED=50MED=50

MED=120MED=120

AABB

CC DD

10.91/1610.91/16

23

67

ORIGIN Attribute

• Indicates the origin of the routing update, with respect to the AS that originated it.

• BGP considers three types of origins:

– IGP - the NLRI at the originating AS is learnt by an IGP and was advertised with a network router configuration command

– EGP - the NLRI is on the origin learnt by the EGP protocol

– INCOMPLETE - NLRI is learnt by some other means (e.g. redistribute static)

• Each type of origin is associated a number: IGP=0, EGP=1, INCOMPLETE=2. The lowest ORIGIN value is preferredThe lowest ORIGIN value is preferred!

68

Community Attribute

• Group of destination, sharing some common property.

• Communities have no physical boundaries - they are not restricted to

a network or an AS!

• A group of IP networks and/or AS’s may form a community, for

which separate routing policies may be set.

• Community is a transitive attributes (passed to other AS’s).

• Well-known communities with global meaning (reserved values);

– From 0x00000000 to 0x0000FFFF and from 0xFFFF0000 to 0xFFFFFFFF.

– NO_ADVERTISE (0xFFFFFF02) - route in this community - not to be adv.

• Usually, first two bytes are AS number and last is community in AS.

• Example: in AS256, good choice is to use 256:1 (0x01000001)

• A route may have multiple community attributes. A BGP speaker

may follow one, some or all community attributes in the route.

69

Community Attribute - Example

• Regional multi-homed ISP’s (AS6505AS6505, AS6711AS6711), connect two single-homed

branch offices (Bahrain, Muscat).

• The ISP’s announce their routes to their peers, using community attribute: 55:2255:22.

• London office is multi-homed (AS55AS55) - we may decide to:

– Use one link for general Internet traffic (but not for traffic to our offices!).

– Use another link for the traffic to our offices only!

• Solution: set the router in the London office to:

– Accept all routes with community set to 55:2255:22 on the interface Serial0Serial0.

– Accept any other route on the interface Serial1Serial1.

Internet

Bahrain

officeISPISP

Muscat

office

ISPISP

AS6505AS6505

AS6711AS6711London office

AS55AS55

24

70

NO_EXPORT Community - Example

• A customer AS100AS100 with two offices, connected to a WAN is multi-homed.

• The customer has two links - each one near one of the offices.

• Both links are capable of routing the whole traffic, however this is not efficient.

• On the other hand, if we let Bahrain and Muscat offices to announce all more

specific routes, they will be propagated to the NAP.

• Solution: set NO_EXPORT community to all routes from AS100 to AS200.

• Advertise only the aggregated route to the NAP.

10.91.0/2410.91.0/24

10.91.1/2410.91.1/24

10.91.2/2410.91.2/24

……

10.91.15/2410.91.15/24

NN

AA

PP

10.91.0/20

AS100AS100AS200AS200

Bahrain

Muscat

NO_EXPORTNO_EXPORT

NO_EXPORTNO_EXPORT

71

BGP Path Selection Criteria

• BGP bases its decision on path selection on the attribute values.

• When multiple routes to a same destination exist, the following

sequence of operations is being performed:

– If the next hop is inaccessible, the route is ignored.

– Prefer the path with the largest WEIGHT parameter.

– If the weights are same, prefer the route with the largest local preference.

– If the local pref’s are same, prefer the routes with the shortest AS paths.

– If AS path length is the same, prefer the route with the loweset ORIGIN.

– If origins are the same, prefer the route with the lowest MED.

– If the routes have the same MED, prefer EBGP-learnt over IBGP-learnt.

– If that fails too, try to find the route with the shortest path to its next hop.

– If nothing other helps, the router with lower router ID will be preferred!

72

BGP-4Basic Routing Policies

25

73

Objectives

• Redundancy– Building stability by providing alternate default routes in the case of link

failure. How to do it?

• Symmetry– Configuring routes in such manner that certain traffic enters and exits an

AS at the same point.

• Load balancing– Capability to divide traffic optimally over multiple links.

• Typical scenarios– Controlling inbound and outbound traffic when multihoming to single

and different ISP’s.

74

Redundancy

• Redundancy - possibility to use a backup link to the global

network if the main link fails.

• Redundancy is one of the major goals of BGP.

• The most simple technique to achieve redundancy is to introduce

multiple default routes inside the AS.

• Default route - 0.0.0.0 /00.0.0.0 /0 - is the least specific route in the router

forwarding table, that is used if more specific route for a

destination does not exist (Cisco term: gateway of last resort).

• Default route can be learnt:

– Dynamically, via BGP or some IGP.

– Statically - manually entered by the operator - it can point to a next hop

IP address, specific router interface or a remote IP network.

75

Dynamically Learnt Default Routes

• To achieve redundancy, default routes from multiple sources

will be received.

• One route will always be primary, while other will be backup.

• Using local preference, we can always prefer one route over the

other.

Primary

Backup

1.1.1.11.1.1.1

2.2.2.22.2.2.2

EBGPEBGP

EBGPEBGP

IBGPIBGP AS2AS2AS1AS1

set localset local--prefpref

100100


5050

26

76

Statically Set Default Routes

1.1.1.11.1.1.1AS1AS1

AS10AS1010.212/1610.212/16

NN

AA

PP

AS2AS224.32.64/1824.32.64/18

AS5AS538.2 /1638.2 /16

Serial0Serial0

Default route

pointing to a

router interfacerouter interface

Default route

pointing to the

next hopnext hop

Default route

pointing to a

remote IP networkremote IP network

77

Usage of Static Default Routes

• The customer sets a separate default route to AS2AS2 on each router.

• Each static route will point to the remote IP network 38.2 /1638.2 /16.

• Using local preference, the customer can always prefer one route

over the other.

Primary

Backup

38.2 /1638.2 /16

38.2 /1638.2 /16

0/00/0

IBGPIBGP AS2AS2AS1AS1


100100


50500/00/0

78

following defaults inside an AS

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

Border routers HAVEHAVE

physical connection.

27

79


Routing policies

�RTG is an interior router in AS3 that is running an OSPF; RTG is

following the default route 0/0 to reach networks outside AS3

�AS3 is multihomed to two different providers.

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

80


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always!router bgp 3no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.1.2 remote-as 3no auto-summary!ip as-path access-list 10 permit ^$

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

81


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always!router bgp 3no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 1neighbor 172.16.1.1 next-hop-selfneighbor 172.16.5.2 remote-as 2neighbor 172.16.5.2 filter-list 10 outno auto-summary!ip as-path access-list 10 permit ^$

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

router ospf 16network 172.16.0.0 0.0.255.255 area 0

28

82


192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

Border routers

DON’TDON’T HAVEHAVE

physical

connection.

83


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default!router bgp 3no synchronizationnetwork 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.50.1 remote-as 3neighbor 172.16.50.1 route-map setlocalpref inno auto-summary!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 172.16.20.1!route-map setlocalpref permit 10set local-preference 300!route-map send_default permit 10match ip address 1match ip next-hop 2

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

84


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default!router bgp 3no synchronizationnetwork 172.16.50.0 mask 255.255.255.0neighbor 172.16.70.1 remote-as 3neighbor 172.16.70.1 net-hop-selfneighbor 192.68.5.2 remote-as 2neighbor 192.68.5.2 filter-list 10 outno auto-summary!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 192.68.5.2!route-map send_default permit 10match ip address 1match ip next-hop 2

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2

IGPIGP RTG

router ospf 16network 172.16.0.0 0.0.255.255 area 0

29

85

Symmetry

• Symmetry: traffic leaving the AS from an exit point comes back

through the same point.

• In multi-homed environment symmetry is hardly achievable.

• In some configurations asymmetry is preferred:

Customer

network

Satellite

ISPISP

86

Load Balancing

• Capability to divide data traffic over multiple connections.

• Load balancing does not mean equal distribution of the load.

• Perfectly equal load distribution is rarely achievable.

• Load balancing might be done on:

Customer

ISP AISP A

ISP BISP B

ISP CISP C

Outbound trafficOutbound traffic

Customer

ISP AISP A

ISP BISP B

ISP CISP C

Inbound trafficInbound traffic

87

Outbound Traffic Load Balancing

Customer

ISP AISP A

ISP BISP B

ISP CISP C

Outbound traffic load balancing mostly depends on what we’ll

receive from our peers.

By applying appropriate attributes and route filters we can

the effect of their updates.

Outbound traffic will depend on the results of decision-making

process of our router.

30

88

Inbound Traffic Load Balancing

Customer

ISP AISP A

ISP BISP B

ISP CISP C

Inbound traffic mostly depends on what we’ll announce to our

peers. What we announce is what traffic we’ll get!

For example, we may decide to announce 10.1/1610.1/16 to ISP A,

10.2/1610.2/16 to ISP B and 10.3/1610.3/16 to ISP C.

Traffic to 10.1/1610.1/16 will flow from the link to ISP A, traffic to

10.2/1610.2/16 from ISP B and traffic to 10.3/1610.3/16 from ISP C.

89

load balancing over multiple links

1.1.1.21.1.1.1

AS 65300



AS 65100

1.1.2.1 1.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24172.16.4.0/24

We like to load balance over all tree links between

AS 65100 and AS 65300

90


1.1.1.21.1.1.1

AS 65300



AS 65100

1.1.2.11.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24172.16.4.0/24

interface ethernet 0ip address 192.168.4.1 255.255.255.0!interface serial 0ip address 1.1.1.1 255.255.255.0!interface serial 1ip address 1.1.2.1 255.255.255.0!interface serial 2ip address 1.1.3.1 255.255.255.0!Interface loopback 0ip address 172.16.50.1 255.255.255.0!router bgp 65100network 192.168.4.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihopneighbor 172.16.1.1 update-source loopback 0no auto-summary

!ip route 172.16.1.1 255.255.255.255 1.1.1.2 3ip route 172.16.1.1 255.255.255.255 1.1.2.2 3ip route 172.16.1.1 255.255.255.255 1.1.3.2 3

31

91


interface ethernet 0ip address 172.16.4.1 255.255.255.0!interface serial 0ip address 1.1.1.2 255.255.255.0!interface serial 1ip address 1.1.2.2 255.255.255.0!interface serial 2ip address 1.1.3.2 255.255.255.0!Interface loopback 0ip address 172.16.1.1 255.255.255.0!router bgp 65100network 172.16.4.0 mask 255.255.255.0neighbor 172.16.50.1 remote-as 65300neighbor 172.16.50.1 ebgp-multihopneighbor 172.16.50.1 update-source loopback 0no auto-summary

!ip route 172.16.50.1 255.255.255.255 1.1.1.1 3ip route 172.16.50.1 255.255.255.255 1.1.2.1 3ip route 172.16.50.1 255.255.255.255 1.1.3.1 3

1.1.1.21.1.1.1

AS 65300



AS 65100

1.1.2.11.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24172.16.4.0/24

92

Basic Topology Scenarios

Cases:

• One customer, multihoming to a single ISP.

• One customer, multihoming to different ISP’s.

• Two customers of the same ISP, with a mutual backup link.

Configurations:

• Minimal configuration - default routes only.

• Primary/backup configuration.

• Routing with partial BGP routing table (“customer routes”).

• Routing with full BGP routing table (cca 480.000 routes!).

93

Multihoming to a Single ISPDefault Only, Primary/Backup

Customer oubound traffic:Customer oubound traffic:

• The customer sets two

separate default routes

to AS2AS2 on its router.

• One default will be

preferred, using local

preference.


primary, other one

backup.

AS2AS2ISPISP

CustomerCustomerAS1AS1

Customer inbound traffic:Customer inbound traffic:

• Customer announces its

IP networks to the ISP

AS2AS2.

• If nothing applied by

the customer, traffic

will flow according to

the distance between

destination and POP.

AA BB

The user may wantThe user may want

to apply differentto apply different

MED’s whenMED’s when

advertising routes.advertising routes.

32

94

Multihoming to a Single ISPDefault Only, Primary/Backup + Partial Routing

AS2AS2

ISPISP

AS1AS1

AA BB

YYXX ZZ

C1C1C2C2 C3C3 C4C4

AA BB

Outbound:Outbound: prefer link via A to reach C1 and C2, link B for others.

Inbound:Inbound: prefer link via A to reach X, Y; link via B to reach Z.

Default route:Default route: link to the location B is primary, with backup to A.

Local_pref:Local_pref:

C1, C2: 300C1, C2: 300

other: 200other: 200


C3, C4: 300C3, C4: 300


MEDMED

X, Y: 200X, Y: 200


MEDMED

Z: 200Z: 200


95

multihomed to a single provider - default only, one primary and one backup link

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0

IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

�AS30 is not learning any BGP routes from

AS10 and is sending its own routes via BGP.

�Outbound traffic from AS30 should always

go on the X1 link unless that link fails, in

which case it should switch to the other link.

�Inbound traffic toward AS30 should always

come on the X1 link unless that link fails, in

which case is should switch to the other link.

�Prevent any BGP updates from coming into

AS3.

X1X2

192.168.1.4 E0

192.168.1.1 E0

96

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0

IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.4 E0

192.168.1.1 E0


router bgp 30network 172.18.23.0 mask 255.255.255.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 route-map BLOCK inneighbor 1.1.2.1 route-map SETMETRIC1 outneighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 route-map BLOCK inneighbor 1.1.1.1 route-map SETMETRIC2 outno auto-summary

!ip route 0.0.0.0 0.0.0.0 1.1.1.1 40ip route 0.0.0.0 0.0.0.0 1.1.2.1 60!route-map SETMETRIC1 permit 10set metric 100!route-map SETMETRIC2 permit 10 set metric 50!route-map BLOCK deny 10

33

97


router# show ip route

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

1.0.0.0 255.0.0.0 is subnetted, 2 subnetsC 1.1.1.0 is directly connected, Serial 0C 1.1.2.0 is directly connected, Serial 1C 172.18.23.0 is directly connected, Ethernet0S* 0.0.0.0 0.0.0.0 [40/0] via 1.1.1.1


Network Next Hop Metric LocPrf Weight Path *>i 172.18.23.0/24 192.168.1.4 50 100 0 3 i* 1.1.2.1 100 0 3 i*> 192.168.4.0/24 0.0.0.0 0 32768 i

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0

IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.4 E0

192.168.1.1 E0

98

multihomed to a single provider - default, primary and backup plus partial routing

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

99

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

Routing policies

�AS3 will only accept AS1’s local routes and its customers’ routes

such as AS6. AS3 will also accept one route from the Internet to set

its default toward the provider AS1.

�For all outbound traffic toward AS1 and AS6 (the partial routes),

AS3 should use the X2 link. In case of failure, the other link is used.

�For all other outbound traffic toward the Internet, AS3 should use

the X1 link as the primary link by following a default route. In case

of failure, the default via other link should be used.

�For inbound traffic, AS3 will instruct AS1 to use the X2 link for

172.16.220.0/24.

�For all other inbound traffic, the X1 link is the primary.

multihomed to a single provider

- default, primary and backup

plus partial routing

34

100


192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map SET_OUTBOUND_TRAFFIC inneighbor 172.16.20.1 route-map SET_INBOUND_TRAFFIC outneighbor 172.16.20.1 filter-list 10 outno auto-summary!ip route 0.0.0.0 0.0.0.0 193.78.0.0ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$ip as-path access-list 4 permit ^1$access-list 2 permit 172.16.220.0 0.0.0.255access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10match ip address 101set local-preference 200route-map SET_OUTBOUND_TRAFFIC permit 20match as-path 4set local-preference 300!route-map SET_INBOUND_TRAFFIC permit 10match ip address 2set local-preference 200route-map SET_INBOUND_TRAFFIC permit 20set metric 300

101


192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map SET_OUTBOUND_TRAFFIC inneighbor 192.68.5.2 route-map SET_INBOUND_TRAFFIC outneighbor 192.68.5.2 filter-list 10 outno auto-summary!ip route 0.0.0.0 0.0.0.0 193.78.0.0!ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$

! ip as-path access-list ^1 ?[0-9]*$ip as_path access-list 4 permit ^1$!access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10match ip address 101set local-preference 250!route-map SET_OUTBOUND_TRAFFIC permit 20match as-path 4set local-preference 250!route-map SET_INBOUND_TRAFFIC permit 10set metric 250

102

multihomed to a single provider - automatic load balancing

172.16.60.2

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.20.1

X1X2

192.68.6.1

192.68.6.2

172.16.1.1 E1172.16.1.2

172.16.10.1172.16.2.254 L0

IBGP

AS 6

192.68.40.1

192.68.11.2

172.16.60.1

AS1 will load balancing traffic over two

links between AS1 and AS3.

RTA

35

103

multihomed to a single provider - automatic load balancing

172.16.60.2

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.20.1

X1X2

192.68.6.1

192.68.6.2

172.16.1.1 E1172.16.1.2

172.16.10.1172.16.2.254 L0

IBGP

AS 6

192.68.40.1

192.68.11.2

172.16.60.1

router bgp 3no sunchronizationneighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source loopback0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.60.1 remote-as 1neighbor 172.16.60.1 filter-list 10 outmaximum-paths 2no auto-summary!ip as-path access-list 10 permit ^$


Network Next Hop Metric LocPrf Weight Path *>i 172.16.10.0/24 172.16.1.2 0 100 0 i*> 192.68.11.0 172.16.20.1 0 0 1 i* 172.16.60.1 0 1 i*> 192.68.40.0 172.16.20.1 0 1 6 i*> 172.16.60.1 0 1 6 i

104

Multihoming to Multiple ISP’sDefault only, Primary/Backup

Customer oubound traffic:Customer oubound traffic:

• The customer sets

default routes to AS2AS2

and AS3AS3 on its router.

• The default should

point to a remote

network out of ISP A

and ISP B network.


preferred, using local

preference.

AS2AS2


Customer inbound traffic:Customer inbound traffic:

• Customer announces its

IP networks to the ISP

AS2AS2.

• If nothing applied by

the customer, traffic

will flow according to

the distance between

destination and POP.

AA

MED’s cannot beMED’s cannot be

used here! Anotherused here! Another

approach must beapproach must be

used !!!used !!!

BB AS3AS3

105

Multihoming to Multiple ISP’sDefault only, Primary/Backup + Partial Routing

AS1AS1

AA

YYXX ZZ

C1C1C2C2

AA BB

Outbound:Outbound: prefer link via A to reach C1 and C2, link B for others.

Default route:Default route: link to the location B is primary, with backup to A.


C1, C2: 300C1, C2: 300



C3, C4: 300C3, C4: 300


AS2AS2BB

C3C3 C4C4

AS3AS3

36

106

Multihoming to Multiple ISP’sInbound Traffic (AS_Path Prepending Technique)

Task: Use AS22AS22 to reach network X, while AS23AS23 to reach network Y and others.


AS23AS23AS22AS22

XX YY

AS50AS50

AS_Path:AS_Path:

X: 21X: 21

Y: 21Y: 21

AS_Path:AS_Path:

X: 21X: 21

Y: 21Y: 21

AS_Path:AS_Path:

X: 21X: 21

Y: 21 Y: 21 21 21 2121 21 21

AS_Path:AS_Path:

X: 21 X: 21 21 21 2121 21 21

Y: 21Y: 21

AS_Path:AS_Path:

X: 22 21X: 22 21

Y: 22 21 Y: 22 21 21 21 2121 21 21

AS100AS100

AS_Path:AS_Path:

X: 23 21 X: 23 21 21 21 2121 21 21

23 50 22 2123 50 22 21

Y: 23 21Y: 23 21

23 50 22 21 23 50 22 21 21 21 2121 21 21

107

multihomed to different provider

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

Route

Server

108


Routing policies

�AS3 will be accepting AS1’s local and customer routes only via

the X2 link. All other Internet routes will be accepted via the X1 link

(primary).

�AS3 will accept a default route from AS1 just in case there is a

failure in the X1 link.

�AS3 prefers that the network 172.16.220.0/24 be reachable by the

outside world via the X2 link, and networks 172.16.10.0/24 and

172.16.65.0/26 be reachable via the X1 link.

�AS3 cannot be a transit network for A1 and AS2, which means

that under no circumstances will AS1 use AS3 to reach AS2.

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

Route

Server

37

109

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

Route

Server


router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source Loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map ACCEPT_ALL inneighbor 172.16.20.1 route-map PREPEND_PATH outno auto-summary!ip as-path access-list 1 permit ^1 ?[0-9]*$ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.65.0 0.0.0.63access-list 1 permit 172.16.10.0 0.0.0.255access-list 10 permit 0.0.0.0!route-map PREPEND_PATH permit 10match ip address 1set as-path prepend 3 3 3!route-map PREPEND_PATH permit 20match as-path 2!route-map ACCEPT_LOCAL permit 10match ip address 10set local-preference 50!route-map ACCEPT_LOCAL permit 20match as-path 1

110

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1

172.16.10.1172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

Route

Server


router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map PREPEND_PATH outno auto-summary!ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.220.0 0.0.0.255!route-map PREPEND_PATH permit 10match ip address 1set as-path prepend 3 3 3!route-map PREPEND_PATH permit 20match as-path 2

111

multihomed to different provider - customers of the same provider with a backup link

X1X2

AS 6

192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1

172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

38

112


X1X2

AS 6

192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1

172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

Routing policies

�In normal condition, AS1 and AS2 will use the private link only

for traffic between AS1 and AS2; for all other Internet traffic, the

direct link to the provider AS3 is used.

�AS1 and AS2 agree to use each other as backup in case their links

to AS3 fail.

113


X1X2

AS 6

192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1

172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

router bgp 1network 192.168.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 3neighbor 172.16.20.2 route-map PREF_FROM_AS3 inneighbor 192.68.6.1 remote-as 1neighbor 192.68.6.1 route-map PREF_FROM_AS2 inno auto-summary!ip as-path access-list 1 permit _2_!route-map PREF_FROM_AS3 permit 10match ip address 1set local-preference 100!route-map PREF_FROM_AS3 permit 20match local-preference 300!route-map PREF_FROM_AS2 permit 10set local-preference 200

114



Network Next Hop Metric LocPrf Weight Path *>i 172.16.1.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.10.0/24 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.65.0/26 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.220.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i* 192.68.10.0 172.16.20.2 0 100 0 3 2 i*> 192.68.6.1 200 0 2 i*> 192.68.11.0 0.0.0.0 0 32768 i*> 192.68.40.0 172.16.20.2 300 0 3 6 i*> 192.68.6.1 200 0 2 3 6 i

X1X2

AS 6

192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1

172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

39

115

multihomed to different provider - customers of different providers with a backup link

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

116


Routing policies

�In normal condition, AS1 and AS2 will use the private link only

for traffic between AS1 and AS2; for all other Internet traffic, both

customers would like to go out via their direct providers, AS1 via

AS4 and AS2 via AS3

�In case the private link goes down, the customers should be able to

talk to one another via the providers. If a link to the provider fails,

the other customer should be used to reach the Internet.

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

117


router bgp 4network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 route-map CHECK_COMMUNITY inneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map CHECK_COMMUNITY inno auto-summary!ip community-list 2 permit 4:40ip community-list 3 permit 4:60!route-map CHECK_COMMUNITY permit 10match community 2set local-preference 40!route-map CHECK_COMMUNITY permit 20match community 3set local-preference 60!route-map CHECK_COMMUNITY permit 30set local-preference 100

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

Solution No. 1 - The Community Approach

40

118


router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 send-communityneighbor 172.16.20.2 route-map SETCOMMUNITY outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map SETCOMMUNITY permit 10match as-path 2set community 4:40!route-map SETCOMMUNITY permit 20

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


119


router bgp 3network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192neighbor 172.16.1.1 remote-as 4neighbor 172.16.1.1 send-communityneighbor 172.16.1.1 route-map setcommunity outneighbor 192.68.5.2 remote-as 2no auto-summary!route-map setcommunity permit 10set community 4:60

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


120


X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 60 0 3 i*> 172.16.65.0/26 172.16.1.2 0 60 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 60 0 3 2 i* 172.16.20.1 40 0 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i


41

121


router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 route-map setpath outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map setpath permit 10match as-path 2set as-path prepend 1!route-map setpath permit 20

X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

Solution No. 2 - The AS_Path Approach

122


X1X2

AS 4172.16.220.1

172.16.1.1

172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 0 3 i*> 172.16.65.0/26 172.16.1.2 0 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 0 3 2 i* 172.16.20.1 0 1 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i


123

Customers of the Same ISP + Mutual

Backup

Customer

AS1

ISPISP

AS10AS10

Customer

AS2

Task:

• From AS1AS1 and AS2AS2 use links to AS10AS10 to access all sites.

• If any of the links to AS10AS10 fails, allow transit through the remaining link.

AS1 - outbound traffic:

• Use two default routes, with preference set for default to AS10AS10.

AS1 - inbound traffic:

• To AS10AS10 announce routes from AS1AS1, without prepending anything.

• To AS2AS2 announce routes from AS1AS1, but prepend AS1AS1 at least 3 times.

AS1: 1 1 1AS1: 1 1 1

AS1: 1AS1: 1AS1: 10 1AS1: 10 1

10 2 1 1 110 2 1 1 1

42

124

BGP maintenance commands


Beside configuration of BGP process, we must

maintain BGP process. For this purpose, there is

group of commands for maintaining. We can divide

this commands in three groups:

�show commands - for checking BGP statusfor checking BGP status

�clear commands - for accepting changesfor accepting changes

�debug commands - for troubleshootingfor troubleshooting

125


Show commands

show ip bgp [ cidr-only | community | community-list |

filter-list | neighbors | paths | inconsistent-as | peer-group |

regexp | summary]

With show ip bgp we can get information about BGP

routing table.


Network Next Hop Metric LocPrf Weight Path *> 10.4.4.0/24 1.1.1.1 0 150 150 5 1 i*> 10.4.5.0/26 1.1.2.1 0 100 200 23 252 6 1 i

126


Router# show ip bgpBGP table version is 716977, local router ID is 193.0.32.1

Status codes: s suppressed, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?

*>i 193.0.16.1 0 100 0 1800 1239 ?

* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?

*>i 193.0.16.1 0 100 0 1800 690 568 ?

* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?

*>i 193.0.16.1 0 100 0 1800 701 35 ?

* 198.92.72.24 0 1878 704 701 35 ?

* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?

*>i 193.0.16.1 0 100 0 1800 690 560 ?

* 198.92.72.24 0 1878 704 701 560 ?

* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?

*>i 193.0.16.1 0 100 0 1800 690 200 ?

* 198.92.72.24 0 1878 704 701 200 ?

* i15.0.0.0 193.0.22.1 0 100 0 1800 174 ?

*>i 193.0.16.1 0 100 0 1800 174 ?

* i16.0.0.0 193.0.22.1 0 100 0 1800 701 i

*>i 193.0.16.1 0 100 0 1800 701 i

* 198.92.72.24 0 1878 704 701 i

43

127


With show ip bgp cidr-only we can get information

about non-standard networks in BGP routing table.

This is network CIDR network masks.

Router# show ip bgp cidr-onlyBGP table version is 220, local router ID is 198.92.73.131




*> 192.0.0.0/8 198.92.72.24 0 1878 ?

*> 198.92.0.0/16 198.92.72.30 0 108 ?

128


To get information about networks which belongs to

specified BGP community, we can use

show ip bgp community community-number [exact]

Router# show ip bgp community 10BGP table version is 716977, local router ID is 193.0.32.1




* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?

*>i 193.0.16.1 0 100 0 1800 1239 ?

* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?

*>i 193.0.16.1 0 100 0 1800 690 568 ?

* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?

*>i 193.0.16.1 0 100 0 1800 701 35 ?

* 198.92.72.24 0 1878 704 701 35 ?

* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?

*>i 193.0.16.1 0 100 0 1800 690 560 ?

* 198.92.72.24 0 1878 704 701 560 ?

* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?

*>i 193.0.16.1 0 100 0 1800 690 200 ?

* 198.92.72.24 0 1878 704 701 200 ?

129


To display routes that are permitted by the BGP community list, we

use:

show ip bgp community-list community-list-number [exact]

To display routes that conform to a specified filter list, we use:

show ip bgp filter-list access-list-number

If we have next filter list:

ip as-path access-list ^109 108$

then we will get next results:

44

130


Router# show ip bgp filter-list 2BGP table version is 1738, local router ID is 198.92.72.24




* 198.92.0.0 198.92.72.30 0 109 108 ?

* 198.92.1.0 198.92.72.30 0 109 108 ?

* 198.92.11.0 198.92.72.30 0 109 108 ?

* 198.92.14.0 198.92.72.30 0 109 108 ?

* 198.92.15.0 198.92.72.30 0 109 108 ?

* 198.92.16.0 198.92.72.30 0 109 108 ?

* 198.92.17.0 198.92.72.30 0 109 108 ?

* 198.92.18.0 198.92.72.30 0 109 108 ?

* 198.92.19.0 198.92.72.30 0 109 108 ?

* 198.92.24.0 198.92.72.30 0 109 108 ?

* 198.92.29.0 198.92.72.30 0 109 108 ?

* 198.92.30.0 198.92.72.30 0 109 108 ?

131


To display routes with inconsistent originating autonomous

systems, we use:

show ip bgp inconsistent-as

Router# show ip bgp inconsistent-asBGP table version is 87, local router ID is 172.19.82.53




* 11.0.0.0 171.69.232.55 0 0 300 88 90 99 ?

*> 171.69.232.52 2222 0 400 ?

* 171.69.0.0 171.69.232.55 0 0 300 90 99 88 200 ?

*> 171.69.232.52 2222 0 400 ?

* 200.200.199.0 171.69.232.55 0 0 300 88 90 99 ?

*> 171.69.232.52 2222 0 400 ?

132


To display information about the TCP and BGP connections to

neighbors, we use:

show ip bgp neighbors address [received routes]

Router# show ip bgp neighborsBGP neighbor is 134.24.127.3, remote AS 1740, external link

Index 1, Offset 0, Mask 0x2

ebgp peer-group member

BGP version 4, remote router ID 134.24.99.3

BGP state = Established, table version = 2185429, up for 2d11h

Last read 00:00:19, hold time is 180, keepalive interval is 60 seconds

Minimum time between advertisement runs is 30 seconds

Received 277877 messages, 0 notifications, 0 in queue

Sent 9826 messages, 0 notifications, 0 in queue

Outgoing update network filter list is 100

Connections established 3; dropped 2

Last reset 2d12h, due to Peer closing down the session

No. of prefix received 48809

External BGP neighbor may be up to 255 hops away.

45


Connection state is ESTAB, I/O status: 1, unread input bytes: 0

Local host: 198.32.162.100, Local port: 14958

Foreign host: 134.24.127.3, Foreign port: 179

Enqueued packets for retransmit: 0, input: 0, saved: -37

Event Timers (current time is 0x2388D21C):

Timer Starts Wakeups Next

Retrans 3625 22 0x0

TimeWait 0 0 0x0

AckHold 23590 17252 0x0

SendWnd 0 0 0x0

KeepAlive 0 0 0x0

GiveUp 0 0 0x0

PmtuAger 0 0 0x0

iss: 460572470 snduna: 460640919 sndnxt: 460640919 sndwnd: 16251

irs: 460628140 rcvnxt: 465343152 rcvwnd: 32614 delrcvwnd: 154

SRTT: 405 ms, RTTO: 1290 ms, RTV: 240 ms, KRTT: 0 ms

minRTT: 28 ms, maxRTT: 1248 ms, ACK hold: 300 ms

Flags: higher precedence, nagle, path mtu capable

Datagrams (max data segment is 536 bytes):

Rcvd: 29668 (out of order: 806), with data: 26160, total data bytes: 4715011

Sent: 29316 (retransmit: 22), with data: 3602, total data bytes: 68448

134


To display all the BGP paths in the database, we use:

show ip bgp paths

Router# show ip bgp paths

Address Hash Refcount Metric Path

0x297A9C 0 2 0 i

0x30BF84 1 0 0 702 701 ?

0x2F7BC8 2 235 0 ?

0x2FA1D8 3 0 0 702 701 i

135


To display information about BGP peer groups, we use:

show ip bgp peer-group [tag] [summary]

Router# show ip bgp peer-group0 internalBGP neighbor is internal, peer-group leader

BGP version 4

Minimum time between advertisement runs is 5 seconds

Incoming update AS path filter list is 2

Outgoing update AS path filter list is 1

Route map for outgoing advertisements is set-med

46

136


To display routes matching the regular expression, we use:

show ip bgp regexp regular-expression

Router# show ip bgp regexp 108$BGP table version is 1738, local router ID is 198.92.72.24




* 198.92.0.0 198.92.72.30 0 109 108 ?

* 198.92.1.0 198.92.72.30 0 109 108 ?

* 198.92.11.0 198.92.72.30 0 109 108 ?

* 198.92.14.0 198.92.72.30 0 109 108 ?

* 198.92.15.0 198.92.72.30 0 109 108 ?

* 198.92.16.0 198.92.72.30 0 109 108 ?

* 198.92.17.0 198.92.72.30 0 109 108 ?

* 198.92.18.0 198.92.72.30 0 109 108 ?

* 198.92.19.0 198.92.72.30 0 109 108 ?

* 198.92.24.0 198.92.72.30 0 109 108 ?

* 198.92.29.0 198.92.72.30 0 109 108 ?

137


To display the status of all BGP connections, we use:

show ip bgp summary

Router# show ip bgp summaryBGP table version is 717029, main routing table version 717029

19073 network entries (37544 paths) using 3542756 bytes of memory

691 BGP path attribute entries using 57200 bytes of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State

193.0.16.1 4 1755 32642 2973 717029 0 0 1:27:11

193.0.17.1 4 1755 4790 2973 717029 0 0 1:27:51

193.0.18.1 4 1755 7722 3024 717029 0 0 1:28:13

193.0.19.1 4 1755 0 0 0 0 0 2d02 Active

193.0.20.1 4 1755 3673 3049 717029 0 0 2:50:10

193.0.21.1 4 1755 3741 3048 717029 0 0 12:24:43

193.0.22.1 4 1755 33129 3051 717029 0 0 12:24:48

193.0.23.1 4 1755 0 0 0 0 0 2d02 Active

193.0.24.1 4 1755 0 0 0 0 0 2d02 Active

193.0.25.1 4 1755 0 0 0 0 0 2d02 Active

193.0.26.1 4 1755 0 0 0 0 0 2d02 Active

193.0.27.1 4 1755 4269 3049 717029 0 0 12:39:33

193.0.28.1 4 1755 3037 3050 717029 0 0 2:08:15

198.92.72.24 4 1878 11635 13300 717028 0 0 0:50:39

138


After each changes, it is necessary to reset BGP TCP

connection to the peer. This can be done with:

clear ip bgp {* | address | peer-group name} [soft [in | out]]

If we use soft argument, then TCP connection will NOT be

reset. Instead of this, router will send only update messages.

47

139


In order to generate new inbound updates without resetting the

BGP session, the local BGP speaker should store all the received

updates without modification regardless of whether it is accepted

or denied by the current inbound policy.

To allow inbound reconfiguration, BGP should be informed to

store all received updates. Outbound reconfiguration does not

require pre-configuration.

To configure BGP soft configuration, we use:

neighbor {ip-address | peer-group-name} soft reconfiguration

140


To adjust BGP network timers, we use:

timers bgp keepalive holdtime

where:

�keepalive - Frequency, in seconds, with which the

Cisco IOS software sends keepalive messages to its peer.

The default is 60 seconds.

�holdtime - Interval, in seconds, after not receiving a

keepalive message that the software declares a peer dead.

The default is 180 seconds.

141


For troubleshooting, on the Internet exist few servers

which is offering BGP related information. One of them is

route-views.oregon-ix.net

which is CISCO 2500 series router with BGP. Access to

this router is unlimited.

48

142

Route flap dampening

Route Flap Dampening

is a mechanism for minimizing the instability caused by

route flapping.

The following terms are used to describe route flap

dampening:

�Penalty - A numeric values that is assigned to a route

when it flaps.

�Half-life time - A configurable numeric value that

describes the time required to reduce the penalty by

one half (default 15 min).

143


� Suppress limit - A numeric values that is compared with

the penalty. If the penalty is greater than the suppress

limit, the route is suppressed (default is 2000).

� Suppressed - A route that is not advertised even though

it is up. A route is suppressed if the penalty is more

than the suppressed limit.

� Reuse limit - A configurable numeric value that is

compared with the penalty. If the penalty is less than

the limit, a suppressed route that is up will no longer be

suppressed (default is 750).

� History entry - An entry that is used to store flap

information about a route that is down.

144


0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

0

1

2

3

4

Suppress-Limit

Reuse-Limit

Time

49

145


To enable BGP route dampening or change various BGP route

dampening factors, we use:

bgp dampening [half-life reuse suppress max-suppress-time]

[route-map map]

To clear route dampening statistics, we use:

clear ip bgp flap-statistics [{regexp regexp} | {filter-list list}

| {address mask}]

146


For maintenance purpose, we must see information about

router flap dampening. To display BGP dampened routes,

we use:

show ip bgp dampened-paths

To display BGP flap statistics, we use:

show ip bgp flap-statistics [{regexp regexp} | {filter-list

list} | {address mask [longer-prefix]}]

147

BGP-v4Theory and Practice

Dr Nenad Krajnović

[email protected]

Documents

BGP-v4 - University of Belgradetelekomunikacije.etf.bg.ac.rs/predmeti/ot4ai/BGP4-v2-za_stampu.pdf · BGP-v4 Theory and Practice ... • Full global IP routing table (has 242485 routes)