Embed Size (px)
Citation preview
1
Border Gateway Protocol (BGP)
Between Autonomous Systems: uses path vector routing.
This routing protocol uses TCP and port #179. Messages are encapsulated inTCP.
For between autonomous systems:
•Distance Vector not good to use because do not always want to use smallesthop count
•Link state not good - Internet is too large for this approach. Data base toolarge, shortest path algorithm calculations do not scale well.
Source: TCP/IP Protocol Suite, by Fourouzan
2
Path Vector Routing
Routing table entries consist of destination network, next router,autonomous system path to reach destination
Example path vector routing table
Destination Network Next Router PathN01 R07 AS5, AS19, AS21N02 R10 AS14, AS8, AS7N03 R2 AS4, AS9, AS6N04 R3 AS1, AS2
Autonomous Boundary Routers advertise to their neighbors how to get tonetworks inside their own autonomous systems
with path vector routing:
• loops can be avoided because AS sees itself in path and detects loop
• policy-based routing can be employed, e.g. if one AS does not want toroute through another AS, it simply drops paths containing the other AS
3
4
BGP Types of Messages
Types are: OPEN, UPDATE, KEEPALIVE, NOTIFICATION
Packet Formats:
All BGP packets have same common header:
Marker 16 bytes
Type 8 bitsLength 16 bits
Marker - Fields for authenticationLength - Length of entire BGP message including common header shown hereType - Identifies which of the four message types this is.
5
Open Message
BGP Identifier 32 bits
Version 8 bits
My autonomous system 16 bits Hold Time 16 bits
Option Length
Variable Length Option
Type in common header = 1
Version - Version is 4 at present in the Internet
My Autonomous System - Autonomous System Number
Hold Time - Max number of seconds before must receive update or akeep alive message or we consider other router dead
BGP ID - Four byte IP address of sending router
Options
Use this message type to open a connection (TCP connection used) with neighbor
6
Update Message
Used to remove routes that were advertised previously, or announce newroute. BGP is allowed to remove several routes but only to add one newroute in each update message.
Path Attribute Length 16 bits
Unfeasible Routes Length 8 bits
Withdrawn Routes is of variable length
Variable Length Path Attributes
Variable Length Network Layer Reachability Info
Unfeasible Routes Length - Length of next fieldWithdrawn Routes - List of routes to removePath Attributes Length - Length of next fieldPath Attributes - Info like ORIGIN: RIP, OSPF, etc generated route info;
AS_PATH: List of autonomous systems through which we go to get to destination;Next Hop: Router where we should send packet
Network Layer Reachability Info - Network IP and number of bits in mask
7
Keep Alive Message
The Routers exchange Keep Alive messages. (every 2 minutes is common)
The message itself is just a common BGP Header Message with Type = 3
Notification Message
Sent when error is detected or router wants to close the connection.
Message consists of error codes, error subcase, and error data.
Type = 4 Error Code 8 bits
Variable Length Error data
Error Subcode 8 bits
8
spawn telnet route-server.ip.att.netTrying 12.0.1.28...Connected to route-server.cbbtier3.att.net.Escape character is '^]'.CCC############## route-server.ip.att.net ######################## AT&T IP Services Route Monitor ########### This router maintains peerings with customer-facing routersthroughout the AT&T IP Services Backbone: 12.123.21.243 Atlanta, GA 12.123.133.124 Austin, TX 12.123.41.250 Cambridge, MA 12.123.5.240 Chicago,IL 12.123.17.244 Dallas, TX 12.123.139.124 Detroit, MI 12.123.37.250 Denver, CO 12.123.134.124 Houston, TX 12.123.29.249 Los Angeles, CA 12.123.1.236 New York, NY 12.123.33.249 Orlando,FL 12.123.137.124 Philadelphia, PA 12.123.142.124 Phoenix, AZ 12.123.145.124 San Diego, CA 12.123.13.241 San Francisco, CA 12.123.25.245 St. Louis, MO 12.123.45.252 Seattle, WA 12.123.9.241 Washington, DC This router has the global routing table view from each of the aboverouters, providing a glimpse to the Internet routing table from theAT&T network's perspective.
9
route-server>Kerberos: No default realm defined for Kerberos!term len 0route-server>sh ip bgp sumBGP router identifier 10.1.2.5, local AS number 65000BGP table version is 1286647, main routing table version 1286647163458 network entries using 16509258 bytes of memory3370426 path entries using 161780448 bytes of memory37373 BGP path attribute entries using 2093112 bytes of memory33667 BGP AS-PATH entries using 879950 bytes of memory5 BGP community entries using 136 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 181262904 total bytes of memoryDampening enabled. 1389 history paths, 994 dampened paths163353 received paths for inbound soft reconfigurationBGP activity 181085/17627 prefixes, 5037513/1667087 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.2 4 7018 0 0 0 0 0 never Idle (Admin)12.0.1.63 4 7018 397245 12186 1286648 0 0 1w1d 012.123.1.236 4 7018 387448 12185 1286645 0 0 1w1d 16335312.123.5.240 4 7018 346180 12186 1286645 0 0 1w1d 16335212.123.9.241 4 7018 419257 12185 1286645 0 0 1w1d 16335312.123.13.241 4 7018 356320 12185 1286645 0 0 1w1d 16335412.123.17.244 4 7018 411677 12189 1286645 0 0 2d20h 16335412.123.21.243 4 7018 474681 12185 1286645 0 0 1w1d 16335112.123.25.245 4 7018 348068 12186 1286645 0 0 1w1d 16335312.123.29.249 4 7018 347119 12186 1286645 0 0 1w1d 16335412.123.33.249 4 7018 501231 12185 1286645 0 0 1w1d 16335212.123.37.250 4 7018 521938 12167 1286645 0 0 1d19h 163354
10
BGP table version is 1286649, local router ID is 10.1.2.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete
Network From Reuse Path*d 193.178.117.0 12.123.9.241 00:01:30 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 12.174.7.0/24 12.123.17.244 00:01:40 7018 10428 i*d 193.178.117.0 12.123.13.241 00:01:50 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.134.124 00:02:00 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.33.249 00:02:00 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.25.245 00:01:50 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.29.249 00:01:50 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.196.111 00:01:50 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.37.250 00:02:00 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 193.178.117.0 12.123.145.124 00:02:00 7018 5400 5400 5400 5588 8246 34765 34765 34765 34765 34765 34765 i*d 129.66.0.0/18 12.123.139.124 00:02:40 7018 701 14793 14793 14793 3464 i*d 192.54.250.0 12.123.13.241 00:02:40 7018 16928 i*d 140.157.208.0/20 12.123.13.241 00:02:40 7018 16928 i*d 140.157.64.0/20 12.123.13.241 00:02:40 7018 16928 i*d 140.157.48.0/20 12.123.13.241 00:02:40 7018 16928 i*d 140.157.32.0/20 12.123.13.241 00:02:40 7018 16928 i*d 84.44.0.0/24 12.123.5.240 00:02:40 7018 3549 12713 9121 15924 i*d 84.44.0.0/24 12.123.45.252 00:02:40 7018 3549 12713 9121 15924 i*d 84.44.0.0/24 12.123.13.241 00:02:40 7018 3549 12713 9121 15924 i
11
* 222.255.224.0/19 12.123.37.250 0 7018 7473 7643 i* 12.123.139.124 0 7018 7473 7643 i* 12.123.145.124 0 7018 7473 7643 i* 12.123.45.252 0 7018 7473 7643 i* 12.123.17.244 0 7018 7473 7643 i* 12.123.41.250 0 7018 7473 7643 i*> 12.123.1.236 0 7018 7473 7643 i* 12.123.142.124 0 7018 7473 7643 i* 12.123.21.243 0 7018 7473 7643 i* 12.123.137.124 0 7018 7473 7643 i* 12.123.9.241 0 7018 7473 7643 i* 12.123.13.241 0 7018 7473 7643 i* 12.123.199.239 0 7018 7473 7643 i* 12.123.133.124 0 7018 7473 7643 i* 12.123.33.249 0 7018 7473 7643 i* 12.123.196.111 0 7018 7473 7643 i* 12.123.134.124 0 7018 7473 7643 i* 12.123.5.240 0 7018 7473 7643 i* 12.123.25.245 0 7018 7473 7643 i* 12.123.29.249 0 7018 7473 7643 i
12
route-server>term len 512route-server>sh ip bgpBGP table version is 1286652, local router ID is 10.1.2.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* 3.0.0.0 12.123.37.250 0 7018 701 703 80 i* 12.123.139.124 0 7018 701 703 80 i* 12.123.145.124 0 7018 701 703 80 i* 12.123.45.252 0 7018 701 703 80 i* 12.123.17.244 0 7018 701 703 80 i* 12.123.41.250 0 7018 701 703 80 i* 12.123.1.236 0 7018 701 703 80 i* 12.123.142.124 0 7018 701 703 80 i* 12.123.21.243 0 7018 701 703 80 i* 12.123.137.124 0 7018 701 703 80 i* 12.123.9.241 0 7018 701 703 80 i* 12.123.13.241 0 7018 701 703 80 i* 12.123.199.239 0 7018 701 703 80 i* 12.123.133.124 0 7018 701 703 80 i* 12.123.33.249 0 7018 701 703 80 i* 12.123.196.111 0 7018 701 703 80 i* 12.123.134.124 0 7018 701 703 80 i*> 12.123.5.240 0 7018 701 703 80 i* 12.123.25.245 0 7018 701 703 80 i* 12.123.29.249 0 7018 701 703 80 i* 4.0.0.0 12.123.37.250 0 7018 3356 i* 12.123.139.124 0 7018 3356 i* 12.123.145.124 0 7018 3356 i* 12.123.45.252 0 7018 3356 i
13
Two More Interconnection Techniques in Addition to BGP
1. Aggregation
2. Using Static and default routes
Aggregation - routing domain is represented by a single IP prefix and router sits at the aggregation point.( can have more than one router and aggregation point ).Only the aggregate is advertised out on backbone.
Example aggregation network “ Interop Net 1997 ”.Class A 45.0.0.0/8 used in convention center. One aisle was one “Routing Information Base” RIB.
Each RIB had a common /16 prefix for example 45.77.0.0/16 was “RIB 77. ” Subnet mask /22 used within each RIBSo only a portion of each RIB was used.
R
RP2RP1
RR
R
RR
FDDIBack Bone
45.0.4.70
45.0.4.1
45.77.0.1 45.77.0.2 45.77.0.0/1645.77.0.7 45.77.0.11 45.77.0.21
45.77.16.0/22
45.77.32.0/2245.77.44.0/22
45.77.0.35
45.77.96.0/2245.77.20.0/22
14
RIPV1 was used on the RIB because all vendors’ routers implement RIPv1.
OSPF was used on FDDI backbone.
Routers RP1 and RP2 spoke both OSPF and RIPv1
RIB’s OSPF area ID was 45.77.0.0 and each RIB was a stub area.
If an exhibitor wanted to run OSPF they could do so.
Routers RP1 and RP2 advertised default route onto RIB so RIB attached routers had a way out to Internet.
Unnecessary to advertise any other routers onto RIB.
All routers on RIB learn RIP routes from each other as well as default routes from backbone routers.
Backbone routers RP1 and RP2 were configured (restricted) so they could only learn RIP Routes from the /22s within 45.77.0.0/16
15
Examples of valid /22 prefixes that are members of this “RIB 77”:
45.77.0.0/22 45.77.4.0/22 … 45.77.248.0/22 45.77.252.0/22
Back bone routers will know about specific routes inside 45.77.0.0/16 from RIP.
Any /22 routes not within 45.77.0.0/16 will not be learned by this RIB.
For example 45.101.88.0/22 should be learned only by routers on RIB 101 ( 45.101.0.0/16 ).
With aggregation, backbone routers RP1 and RP2 do not put in their routing tables every active/22 prefix from the other RIBs
Backbone routers only advertised single aggregated prefix 45.77.0.0/16 on backbone.Thus RP1 and RP2 are known to be where other backbone routers should send traffic for 45.77.×.×.
When a packet arrives at RP1 or RP2 they look at RIP learned routes from their attached RIB to decide how to forward packets.
16
Example Forwarding Table:
Known Prefixes Next-Hop Gateway Metric Source------------------------ ------------------------------ -------------------- -----------------
0.0.0.0/0 45.0.4.1 10 OSPF45.0.4.0/22 45.0.4.70 0 (connected) direct45.60.0.0/16 45.0.4.60 6 OSPF45.61.0.0/16 45.0.4.61 6 OSPF45.62.0.0/16 45.0.4.62 6 OSPF45.63.0.0/16 45.0.4.63 6 OSPF 45.77.0.0/22 45.77.0.1 0 ( connected ) direct45.77.16.0/22 45.77.0.7 1 RIP45.77.20.0/22 45.77.0.7 2 RIP45.77.32.0/22 45.77.0.11 1 RIP45.77.44.0/22 45.77.0.21 1 RIP45.77.96.0/22 45.77.0.35 1 RIP
17
- Which router contains the previous routing table?
Since 45.77.0.1 0 (connected ) must be RP1 ( Primary Router for RIB 77 )
- Note that several / 16s were learned via OSPF via 45.0.4.0/22 interface which is the FDDI backbone. These are other RIB aggregates. Their internal structure is invisible to us. (each RIB is an OSPF area )
- Note 5 routes learned from RIP and match the diagram drawn of the network.
- If router RP1 gets packet with destination 45.77.96.171 it will be forwarded to 45.77.0.35
18
A Router Aggregation Fundamental Issue :
What if RP1 receives packet for destination 45.77.251.99 ? 45.77.111110 11.99 Destination Address 255.255.111111 00.0 SubNetmask /22
45.77.248 does not match any entry thus normally would forward to default route of 45.0.4.1
but 45.0.4.1 would say that packet matches 45.77.0.0/16 which would be in default router table
Packet will come back and repeat in a loop!
RP1 must realize since it is creating the aggregate for 45.77.0.0/16 ( and advertises this via OSPF to backbone ) it should not forward any 45.77.0.0/16.
If the router aggregating 45.77.0.0/16 does not know an address, no one will.
If OSPF, and if aggregation => do not forward to default route addresses that match aggregate advertised out.
19
Using Static And Default Routing To Interconnect Domains
Routing Domain- T -
Routing Domain- L -
XT3
YT4 T2
Z
TT1
J
K
I
L
D
L1L3
L4
L2
FIGURE 14. 12 Static routing sample topology.
Router X Router Y Router Z Dest . Next - Hop Dest . Next - Hop Dest . Next - Hop
0.0.0.0./0 Router Z 0.0.0.0/0 Router Z 0.0.0.0/0 Router T
Prefix T2 n / a ( Self ) Prefix T2 n / a ( Self ) Prefix T1 n / a ( Self )
Prefix T3 n / a ( Self ) Prefix T4 n / a ( Self ) Prefix T2 n / a ( Self )
Prefix T3 Router X
Prefix T4 Router Y
20
0.0.0.0/0 Router L Prefix D n / a (self )
Prefix D n / a (Self ) Prefix L1 Router L
Prefix T1 n / a (Self ) Prefix L2 Router L
Prefix T2 Router Z Prefix L3 Router L
Prefix T3 Router Z Prefix L4 Router L
Prefix T4 Router Z Prefix T1 n / a ( Self )
Prefix T2
Prefix T3
Prefix T4
Router Z
Router Z
Router Z
There are two ways we can configure the table in Router T:
Router T- “ Dangerous ” Router T - “ Safe ”
Dest . Next - Hop Dest . Next - Hop
Forwarding tables for routing domain T.
21
Router I Router J Router K Dest . Next - Hop Dest . Next - Hop Dest . Next - Hop
0.0.0 .0/0 Router J 0.0.0.0/0 Router L 0.0.0.0/0 Router L
Prefix L3 n / a ( Self ) Prefix L1 n / a ( Self ) Prefix L1 n / a ( Self )
Prefix L4 n / a ( Self ) Prefix L3 n / a ( Self ) Prefix L2 n / a ( Self )
Router L- “ Dangerous ” Router L - “ Safe ”
Dest . Next - Hop Dest . Next - Hop
0.0.0.0 / 0Prefix DPrefix L1Prefix L2Prefix L3Prefix L4
Router Tn / a ( Self )n / a ( Self )Router KRouter JRouter J
Prefix DPrefix L1Prefix L2Prefix L3Prefix L4Prefix T1Prefix T2Prefix T3Prefix T4
n / a ( Self )n / a ( Self )Router KRouter JRouter JRouter TRouter TRouter TRouter T
Forwarding tables for routing domain L.
22
Why is it dangerous to have the border router both having default route to each other?
=> Possible Routing Loop!Static tables, if not updated when new network say T5 added and router L generates a packet to T5 and routerT does not know about T5 yet => Loop!
1. Forwarding tables not up to date 2. Domain border routers do not have complete routing information
If it is possible to aggregate a routing domain, domain border router tables can be simplified.
Router T- “Safe” Router L- “Safe” Dest . Next-Hop Dest . Next-Hop
Prefix DPrefix LPrefix T1Prefix T2Prefix T3Prefix T4
n / a ( Self )Router Ln / a ( Self )Router zRouter zRouter z
Prefix DPrefix L1Prefix TPrefix L2Prefix L3Prefix L4
n / a ( Self )n / a ( Self )Router TRouter KRouter JRouter J
Safe aggregate-based forwarding tables for domain border routers.
