of 16/16
DD2491, p2 2009 Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC DD2491 p2 2009

Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC · Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC DD2491 p2 2009. DD2491, p2 2009 JunOS Routing model

  • View
    5

  • Download
    0

Embed Size (px)

Text of Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC · Inter-domain routing and BGP BGP...

  • DD2491, p2 2009

    Inter-domain routing and BGPBGP in JunOS

    Olof Hagsand KTH/CSC

    DD2491 p2 2009

  • DD2491, p2 2009

    JunOS Routing modelNeighbours

    Protocols

    Neighbours

    Protocols

    RIB

    FIB

    ExportImport

    Note: Export policies may be applied only to active routes!

    Protocol Default import action Default export action

    direct and static accept all N/A

    RIP accept all RIP routes reject all

    BGP accept all BGP routes export all active BGP routes

    IS-IS accept all IS-IS routes reject all (IS-IS uses LSAs)

    OSPF accept all OSPF routes reject all (OSPF uses LSAs)

    MPLS accept all MPLS routes export all active MPLS routes

  • DD2491, p2 2009

    BGP Routing Process Model

    • Pool of routes received from peers

    • Import policy for filtering and attribute manipulation

    • Decision process to select best routes

    • Pool of routes used by router

    • Export policy for filtering and attribute manipulation

    • Pool of routes that the router advertises

    Peer

    importpolicy

    decisionprocess

    RIBRIB exportpolicy

    Peer

    Peer Peer

  • DD2491, p2 2009

    BGP Routing Information Bases (BGP RIBs)CISCO version

    Adj-RIB-In

    Adj-RIB-In

    Adj-RIB-In

    Adj-RIB-In

    BGPdecisionprocess

    Loc-RIB

    Adj-RIB-Out

    Adj-RIB-Out

    Adj-RIB-Out

    Adj-RIB-Out

    Input Policy Engine Output Policy Engine

    © 2001 Cisco Press

  • DD2491, p2 2009

    BGP RIBsBGP routing table consists of three parts• Adj-RIB-In

    – One per peer BGP speaker

    – Stores routing information learned from peer

    – Filtered/manipulated input policy engine

    • Loc-RIB– Selected best routes by decision process to each available

    destination

    • Adj-RIB-Out– One per peer BGP speaker

    – Stores routing information selected for advertisement to peer

    – Output policy applied to Loc-RIB before going into Adj-RIB-Out

    – This is redistributed if REFRESH capability is used

  • DD2491, p2 2009

    Import/Export Policy• Import policy

    – Affects routes received from peer BGP speakers

    – Filtering based on IP prefixes, AS_PATH and other BGP attributes

    – Manipulates path attributes to influence its own decision process

    • Export policy

    – Affects routes in Loc-RIB (candidates for advertisement)

    • In JunoS: only active BGP routes

    – Differentiates between internal and external peers

  • DD2491, p2 2009

    BGP example policies

    AS1

    importpolicy

    decisionprocess

    RIBRIB exportpolicy

    AS3

    AS2 AS4

    10.0.0.0/240/0

    10.0.0.0/2410.2.0.0/240/0

    •Deny 0/0 from AS1•Give 10.0.0.0/24 from AS1 better pref

    •Use 10.0.0.0/24 from AS1•Use 0/0 and 10.2.0.0/24 from AS2

    •Do not propagate 0/0•Do not announce 10.2.0.0/24 to AS3•Give 10.0.0.0/24 metric 10 toward AS4

    10.0.0.0/24

    10.0.0.0/2410.2.0.0/24

    0/0 AS2 BGP10.0.0.0/24 AS1 BGP10.2.0.0/24 AS2 BGP

  • DD2491, p2 2009

    Configuring BGP in JunOS

    • Many configurations can be made on global, group and peer level.

    • More specific is preferred (peer before group before global)

    protocol bgp { mtu-discovery Global properties group external-peers { type external; Group properties peer-as 42; neighbor 192.168.200.13;

    neighbor 192.168.200.14;neighbor 192.168.200.14{

    peer-as 93; Peer properties}

    }}

    See: http://www.juniper.net/techpubs/software/junos/junos92/

  • DD2491, p2 2009

    BGP commands in JunOS (1) advertise-inactive Advertise inactive routes advertise-peer-as Advertise routes received from the same autonomous system authentication-algorithm Authentication algorithm name authentication-key MD5 authentication key authentication-key-chain Key chain name cluster Cluster identifier damping Enable route flap damping description Text description disable Disable BGP+ export Export policy> family Protocol family for NLRIs in updates> graceful-restart BGP graceful restart options> group Define a peer group hold-time Hold time used when negotiating with a peer+ import Import policy include-mp-next-hop Include NEXT-HOP attribute in multiprotocol updates ipsec-sa IPSec SA name keep How to retain routes in the routing table

  • DD2491, p2 2009

    BGP commands in JunOS (2)

    local-address Address of local end of BGP session> local-as Local autonomous system number local-preference Value of LOCAL_PREF path attribute log-updown Log a message for peer state transitions> metric-out Route metric sent in MED mtu-discovery Enable TCP path MTU discovery> multihop Configure an EBGP multihop session no-advertise-peer-as Don't advertise routes received from the same

    autonomous system no-aggregator-id Set router ID in aggregator path attribute to 0 out-delay How long before exporting routes from routing table passive Do not send open messages to a peer> path-selection Configure path selection strategy peer-as Peer autonomous system number (1..65535) preference Preference value remove-private Remove well-known private AS numbers tcp-mss Maximum TCP segment size (1..4096)> traceoptions Trace options for BGP

  • DD2491, p2 2009

    Routing policy: syntax and flow

    • Changing the default routing policy

    • Syntax:

    policy-options {

    policy-statement name { term term-name { from {

    match; } then {

    action; } }

    }} term1 term2

    defaultpolicy

    term3

    term1 term2 term3

    Policy 1

    Policy 2

    term

    accept

    reject

    nextroute

  • DD2491, p2 2009

    Applying policies

    • Export policy evaluation order: p4->p2->p0

    • If verdict (accept, reject) policy chain is terminated

    • Side-effects may still apply

    protocol bgp { export p0; Global properties import p1; group external-peers { type external; Group properties export p2;

    import p3;neighbor 192.168.200.14{

    export p4; Peer propertiesimport p5;

    } }}

  • DD2491, p2 2009

    Policy-options statements

    • as-path name reg-exp

    – Create a named AS-PATH regular expression

    – Example: as-path asp0 “65000{4}”

    • as-path-group { [as-path] }

    • community name members [ ids ]

    – Example: community c0 members 701:555

    • damping name [options]

    • policy-statement

    • prefix-list name { ip-addresses }

    – Create a named list of prefixes

    – Example: prefix-list p0 {10.0.0.1; 192.168.1.0/24;}

    # set policy-options ?

  • DD2491, p2 2009

    Policy-statement matches

    – as-path– community– family– local-preference– metric– neighbor– next-hop– origin– preference– prefix-list– protocol– route-filter– ...

    # set policy-options policy-statement term from ?

  • DD2491, p2 2009

    Policy-statement actions

    • accept

    • reject

    • next policy

    • next term

    • trace

    Side-effects with accept:– as-path-prepend– community– color– external– load-balance per-packet– local-preference– metric– next-hop– origin– preference

    # set policy-options policy-statement term then ?

  • DD2491, p2 2009

    Lab overview

    RTX3

    RTX2

    RTX1

    RTX4

    Tier1

    AS6500X AS6500X+1

    10.X.8.0/2410.X.9.0/2410.X.10.0/2410.X.11.0/24

    AS65500

    0/0/0

    0/0/0

    1/0/1

    1/0/1

    1/0/1

    1/0/1 1/0/0

    1/0/0

    1/0/0

    1/0/0

    192.71.23.32/27

    .1

    .1.1 .2 .2

    .2

    AS6500X-1

    0/0/0