Upload
bambang-adi
View
38
Download
3
Embed Size (px)
DESCRIPTION
09
Citation preview
Dell Force10 BGP Configuration
Module 9
9-2
Objectives BGP Overview
BGP Implementation in FTOS
Basic BGP Configuration
Troubleshooting
9-3
BGP Overview An IGP (like ISIS or OSPF) is usually
used to optimize routing within the AS
BGP is an External Gateway Protocol Path Vector (AS# and direction)
BGP is more concerned with the flow of data between ASs Establishes communication between
two different Autonomous Systems
BGP has a distinct focus on routing policy Unlike OSPF, BGP does not
dynamically learn routes
BGP is a simple protocol, but complex to configure
Mistakes can impact the Internet
BGP must be explicitly configured to make routing decisions
AS-1 AS-2
AS-4 AS-3
iBGP peering eBGP peering
External route
9-4
OSPF vs. BGP OSPF BGP
Version: v2 v4
RFC: 2328 1771
IGP - EGP: (1) IGP EGP
Type: Link state Path vector
Algorithm: Dijkstra Best Path Selection
Convergence: (2) Fast Slow
Administrative distance: 110 20
OSI level / port: IP / 89 TCP / 179
Configuration complexity: Medium Hard to very hard
Routing granularity: Router Autonomous System (3)
Scalable for: < 100 routers > 100 routers
Resource consumption: Low to Medium High
1. IGP stands for Interior Gateway Protocols, EGP for Exterior Gateway Protocols. EGPs are used between independent administrative entities, often called autonomous systems and IGPs are used inside them.
2. Convergence time: time needed for the routers to update their routing table after a change in the network topology.
3. When several paths are available for a specific network, BGP chooses the route crossing the smallest number of autonomous systems.
9-5
Policy with BGP
BGP provides capability for enforcing various policies
BGP enforces policies by choosing paths from multiple alternatives and controlling advertisement to other ASs
Import policy What to do with routes learned from neighbors?
Select the best path
Export policy What routes to announce to neighbors?
It depends on the relationship with the neighbor
9-6
More About BGP
BGP uses TCP as a reliable transport mechanism over port 179
Two Types of BGP Sessions eBGP
BGP session between BGP talkers with different AS numbers
I-BGP
BGP session between BGP talkers with the same AS number Usually relies on IGP unless fully meshed
Routes in BGP are also known as prefixes
Routers configured for BGP are called BGP speakers
9-7
Receiving a BGP Prefix
The path passes through two steps before being chosen as a candidate to populate the RIB.
Step 1 - Check if the path is valid: The prefix must not been marked as not-synchronized
There must be a route in the RIB to reach the next-hop For prefixes learned through eBGP sessions, the local AS number must
not be in the AS-PATH of the prefix
If the path is valid, the prefix will get installed into the BGP table
Step 2 - Route selection will start.
Route selection is a multi-step process to determine the best path available in BGP.
9-8
How BGP Builds The Route Table
IP Unicast Route Table
Inbound Policy Engine
BGP Table
BGP Updates BGP Updates
Everything
Discarded
Outbound Policy Engine
Hardware Forwarding Table
Prefixes
RIB-Out
RIB-In
Prefix Used Forwarding
Entries Best Path
RIB-Local
9-9
What is Route Selection?
This is how BGP determines and selects the best path to reach the prefix
If there is only one path, no comparison needed
If there are many paths to reach the prefix, there is a special algorithm that BGP uses to select the best path
Additionally, BGP uses attributes and route maps to help in a Best Path Route Selection process
9-10
Best Path Selection Criteria
Lowest Cluster ID
List
From Lowest
Router ID
From Lowest
Neighbor Address
Highest Weight
Highest Local Preference
Locally Originated Path
Shortest AS Path
Lowest Origin Code
Lowest MED
Learned via EBGP
Lowest NEXT-HOP Cost
A Single Route Is Selected & Installed In The Routing Table
Tie Breakers
9-13
BGP Implementation in FTOS
BGP process runs in RP1 Maximum of 1,536 BGP peers
Deterministic MED default, missing MED is treated as worst-path
Confederations and Route Reflectors
Peer Groups (maximum of 64 peers per group)
Route Refresh
Graceful Restart (IETF-IDR-RESTART-08)
Common BGP attributes: AS-path
MED
Local Preference
Origin
9-14
Force10(conf)# router bgp 65111
Force10(conf-router_bgp)# bgp router-id
192.168.1.11
Force10(conf-router_bgp)# network
10.10.91.0/24
Force10(conf-router_bgp)# neighbor
192.168.1.12 remote-as 65111
Force10(conf-router_bgp)# neighbor
192.168.1.12 no shutdown
Force10(conf-router-bgp)# neighbor
192.168.1.12 update-source Loopback 0
Force10(conf-router_bgp)#show conf
!
router bgp 6501 network 10.10.91.0/24 neighbor 192.168.1.12 remote-as 6501 neighbor 192.168.1.12 update-source Loopback 0 neighbor 192.168.1.12 no shutdown
A
B
C
A. Enable global BGP routing process by assigning an AS number
Force10(conf)# router bgp
B. Assign a BGP router-id Force10(conf-router_bgp)# bgp
router-id
C. Configure the network to the peer Force10(conf-router_bgp)#
network < mask>
[route-map ]
D. Configure any neighbors you wish to peer with Force10(conf-router_bgp)#
neighbor
update-
source loopback
E. Enable the peering session Force10(conf-router_bgp)#
neighbor no
shutdown
Basic BGP Configuration Commands
D
E
9-15
Configuring iBGP vs eBGP
eBGP Neighbors remote AS number is different
Neighbor must be on same subnet
iBGP Neighbors remote AS number is the same
Neighbors can be across the network Reachable via an IGP (OSPF, RIP, IS-IS) etc.
Configure iBGP sessions between loopback interface addresses Make sure loopback interfaces are described by the IGP Make sure to use the update-source option when configuring a
neighbor using loopback interfaces
Force10 (conf-router bgp) # neighbor
update-source loopback
9-16
Answer:
Compare iBGP with eBGP Configuration
Which one is eBGP and why?
Force10(conf)# router bgp 65111
Force10(conf-router_bgp)# bgp router-id 192.168.1.11
Force10(conf-router_bgp)# network 10.10.91.0/24
Force10(conf-router_bgp)# neighbor 10.10.91.9 remote-as 65222
Force10(conf-router_bgp)# neighbor 10.10.91.9 no shutdown
Force10(conf)# router bgp 65111
Force10(conf-router_bgp)# bgp router-id 192.168.1.11
Force10(conf-router_bgp)# network 10.10.91.0/24
Force10(conf-router_bgp)# neighbor 192.168.1.12 remote-as 65111
Force10(conf-router_bgp)# neighbor 192.168.1.12 update-source Loopback 0
Force10(conf-router_bgp)# neighbor 10.10.91.9 no shutdown
The neighbor with a different AS number
9-17
Route Redistribution
You can add routes from other routing instances or protocols to the OSPF process
With the redistribute command, you can include IGP, static, or directly connected routes
Include, directly connected or user-configured (static) routes in BGP: redistribute {connected | static} [route-map map-name]
Include specific OSPF routes redistribute ospf process-id [match external {1 | 2} |
match internal] [metric-type {external | internal}]
[route-map map-name]
9-18
Verifying BGP Route Redistribution
Redistributed routes should be injected into BGP as a result of configuration BGP.
The 144.254 static routes were configured for redistribution and appear as BGP routes.
2/22/2013
A0(conf-router_bgp)# do show ip route bgp Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- B IN 144.254.11.0/24 via 192.168.1.11 200/0 00:06:16 B IN 144.254.12.0/24 via 192.168.1.12 200/0 00:06:21
A0(conf-router_bgp)# redistribute static
9-19
Verifying BGP Configuration
Verify BGP adjacencies are formed with neighboring routers after the initial configuration.
Example (abbreviated) output:
Note: the ideal state for a BGP neighbor is "ESTABLISHED"
A1(conf-router_bgp)# do show bgp neighbors
BGP neighbor is 192.168.1.11, remote AS 6501, internal link BGP version 4, remote router ID 192.168.1.11 BGP state ESTABLISHED, in this state for 00:12:06
9-20
Verifying BGP Configuration
The command is used to examine the results of configuring BGP. The output below shows a correct BGP configuration with BGP neighbors peering correctly and exchanging BGP update messages.
A1(conf-router_bgp)# do show ip bgp summary BGP router identifier 192.168.1.10, local AS number 6501 BGP table version is 3, main routing table version 3 3 network entrie(s) using 470 bytes of memory 6 paths using 408 bytes of memory BGP-RIB over all using 414 bytes of memory 1 BGP path attribute entrie(s) using 64 bytes of memory 1 BGP AS-PATH entrie(s) using 39 bytes of memory 2 neighbor(s) using 12288 bytes of memory
Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx
192.168.1.11 6501 21 34 3 0 0 00:18:08 2 192.168.1.12 6501 14 32 3 0 0 00:10:51 2
9-21
Additional BGP Verification Commands
show ip bgp neighbor advertised-routes
show ip bgp neighbor
show ip bgp prefix-list
show ip bgp flap-statistics
show ip bgp dampened-paths
show ip bgp inconsistent-as
show ip bgp filter-list
show ip bgp community-list
show ip route
ping
traceroute
9-22
Force10#debug ip bgp updates
BGP: 15.0.0.1 rcvd UPDATE w/ attr: origin i, path (5000), nexthop 15.0.0.1, metric 0,
local pref 100, BGP: 15.0.0.1 rcvd 25.0.0.0/8
Force10#debug ip bgp out
BGP: 15.0.2.1 sending NOTIFICATION 6/0 (cease)
BGP: 15.0.2.1 went from Established to Idle
Force10#BGP: 15.0.2.1 went from Start to Connect
BGP: 15.0.2.1 went from Connect to Active
BGP: 15.0.3.2 sending UPDATE w/ empty path attr
BGP: 15.0.3.2 send UPDATE 18.0.0.0/8 -- unreachable
BGP: 15.0.3.2 sent message type 2, length (incl. header) 6
BGP: 15.0.2.1 sending OPEN, version 4, my as: 23
BGP: 15.0.2.1 went from Active to OpenSent
BGP: 15.0.2.1 went from OpenSent to OpenConfirm
BGP: 15.0.2.1 went from OpenConfirm to Established
BGP: all prefix 17.0.0.0/8 DENIED due to: outbound filter-list deny3
BGP: 15.0.2.1 sending UPDATE w/ attr: origin i, path 23 , nexthop 15.0.2.2, metric 0,
BGP: 15.0.2.1 send UPDATE 16.0.0.0/8, next 15.0.2.2, path 23
BGP: 15.0.2.1 sent message type 2, length (incl. header) 31
BGP: 15.0.2.1 sending KEEPALIVE
Useful Debug Commands
debug ip bgp updates
debug ip bgp [in/out]
9-23
Troubleshooting: BGP Are BGP peer sessions up?
show ip bgp summary show ip bgp neighbors debug ip bgp events
Are you receiving the routing information you expect? show ip bgp neighbors routes to see what route
prefixes you are receiving from the neighbor Verify that you are receiving the prefixes you expect.
Check that a prefix list, filter list or route-map applied to the neighbor is not blocking prefixes
Verify there is not a better path available This should never happen if you are singly homed
Verify the path for the next-hop is available show ip route to verify the next hop
is known If it is not in the routing table, review how the next hop should have
been learned From an eBGP neighbor, if the local AS number appears in the path, the
path will be denied upon ingress and not installed into the BGP routing-information base
9-24
BGP Neighbor not Established
Verify the configuration of the BGP peer and if an eBGP neighbor, contact the support group for that neighbor to compare: AS number
Neighbor IP address BGP version
EBGP Multi-hop (if needed)
Try: debug ip bgp events and then clear ip bgp while connected to the console Type undeb all before this command so you can easily disable it by
using the up arrow
Verify that there is no access list entry that is preventing the BGP session from being established
The neighbor initiating the BGP session uses TCP/UDP port 179 to establish the connection
9-25
BGP Routes not Advertised
Verify the routes you are advertising to the neighbor using show ip bgp neighbors advertised-routes
to see what route prefixes you are advertising to the neighbor
Verify the route is in the BGP routing table using\: show ip bgp
If the next-hop is unavailable, you will see it here
Verify the route is in the local routing table using: show ip route
How is the route learned: BGP, connected, static, OSPF?
9-26
Module Summary
In this module we learned
Overview of BGP
Implementing BGP in FTOS
Basic BGP Configuration
Troubleshooting