Download pdf - Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC · Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC DD2491 p2 2009. DD2491, p2 2009 JunOS Routing model

DD2491, p2 2009

Inter-domain routing and BGPBGP in JunOS

Olof Hagsand KTH/CSC

DD2491 p2 2009

DD2491, p2 2009

JunOS Routing modelNeighbours

Protocols

Neighbours

Protocols

RIB

FIB

ExportImport

Note: Export policies may be applied only to active routes!

Protocol Default import action Default export action

direct and static accept all N/A

RIP accept all RIP routes reject all

BGP accept all BGP routes export all active BGP routes

IS-IS accept all IS-IS routes reject all (IS-IS uses LSAs)

OSPF accept all OSPF routes reject all (OSPF uses LSAs)

MPLS accept all MPLS routes export all active MPLS routes

DD2491, p2 2009

BGP Routing Process Model

• Pool of routes received from peers

• Import policy for filtering and attribute manipulation

• Decision process to select best routes

• Pool of routes used by router

• Export policy for filtering and attribute manipulation

• Pool of routes that the router advertises

Peer

importpolicy

decisionprocess

RIBRIB exportpolicy

Peer

Peer Peer

DD2491, p2 2009

BGP Routing Information Bases (BGP RIBs)CISCO version

Adj-RIB-In

Adj-RIB-In

Adj-RIB-In

Adj-RIB-In

BGPdecisionprocess

Loc-RIB

Adj-RIB-Out

Adj-RIB-Out

Adj-RIB-Out

Adj-RIB-Out

Input Policy Engine Output Policy Engine

© 2001 Cisco Press

DD2491, p2 2009

BGP RIBsBGP routing table consists of three parts• Adj-RIB-In

– One per peer BGP speaker

– Stores routing information learned from peer

– Filtered/manipulated input policy engine

• Loc-RIB– Selected best routes by decision process to each available

destination

• Adj-RIB-Out– One per peer BGP speaker

– Stores routing information selected for advertisement to peer

– Output policy applied to Loc-RIB before going into Adj-RIB-Out

– This is redistributed if REFRESH capability is used

DD2491, p2 2009

Import/Export Policy• Import policy

– Affects routes received from peer BGP speakers

– Filtering based on IP prefixes, AS_PATH and other BGP attributes

– Manipulates path attributes to influence its own decision process

• Export policy

– Affects routes in Loc-RIB (candidates for advertisement)

• In JunoS: only active BGP routes

– Differentiates between internal and external peers

DD2491, p2 2009

BGP example policies

AS1

importpolicy

decisionprocess

RIBRIB exportpolicy

AS3

AS2 AS4

10.0.0.0/240/0

10.0.0.0/2410.2.0.0/240/0

•Deny 0/0 from AS1•Give 10.0.0.0/24 from AS1 better pref

•Use 10.0.0.0/24 from AS1•Use 0/0 and 10.2.0.0/24 from AS2

•Do not propagate 0/0•Do not announce 10.2.0.0/24 to AS3•Give 10.0.0.0/24 metric 10 toward AS4

10.0.0.0/24

10.0.0.0/2410.2.0.0/24

0/0 AS2 BGP10.0.0.0/24 AS1 BGP10.2.0.0/24 AS2 BGP

DD2491, p2 2009

Configuring BGP in JunOS

• Many configurations can be made on global, group and peer level.

• More specific is preferred (peer before group before global)

protocol bgp { mtu-discovery Global properties group external-peers { type external; Group properties peer-as 42; neighbor 192.168.200.13;

neighbor 192.168.200.14;neighbor 192.168.200.14{

peer-as 93; Peer properties}

}}

See: http://www.juniper.net/techpubs/software/junos/junos92/

DD2491, p2 2009

BGP commands in JunOS (1) advertise-inactive Advertise inactive routes advertise-peer-as Advertise routes received from the same autonomous system authentication-algorithm Authentication algorithm name authentication-key MD5 authentication key authentication-key-chain Key chain name cluster Cluster identifier damping Enable route flap damping description Text description disable Disable BGP+ export Export policy> family Protocol family for NLRIs in updates> graceful-restart BGP graceful restart options> group Define a peer group hold-time Hold time used when negotiating with a peer+ import Import policy include-mp-next-hop Include NEXT-HOP attribute in multiprotocol updates ipsec-sa IPSec SA name keep How to retain routes in the routing table

DD2491, p2 2009

BGP commands in JunOS (2)

local-address Address of local end of BGP session> local-as Local autonomous system number local-preference Value of LOCAL_PREF path attribute log-updown Log a message for peer state transitions> metric-out Route metric sent in MED mtu-discovery Enable TCP path MTU discovery> multihop Configure an EBGP multihop session no-advertise-peer-as Don't advertise routes received from the same

autonomous system no-aggregator-id Set router ID in aggregator path attribute to 0 out-delay How long before exporting routes from routing table passive Do not send open messages to a peer> path-selection Configure path selection strategy peer-as Peer autonomous system number (1..65535) preference Preference value remove-private Remove well-known private AS numbers tcp-mss Maximum TCP segment size (1..4096)> traceoptions Trace options for BGP

DD2491, p2 2009

Routing policy: syntax and flow

• Changing the default routing policy

• Syntax:

policy-options {

policy-statement name { term term-name { from {

match; } then {

action; } }

}} term1 term2

defaultpolicy

term3

term1 term2 term3

Policy 1

Policy 2

term

accept

reject

nextroute

DD2491, p2 2009

Applying policies

• Export policy evaluation order: p4->p2->p0

• If verdict (accept, reject) policy chain is terminated

• Side-effects may still apply

protocol bgp { export p0; Global properties import p1; group external-peers { type external; Group properties export p2;

import p3;neighbor 192.168.200.14{

export p4; Peer propertiesimport p5;

} }}

DD2491, p2 2009

Policy-options statements

• as-path name reg-exp

– Create a named AS-PATH regular expression

– Example: as-path asp0 “65000{4}”

• as-path-group { [as-path] }

• community name members [ ids ]

– Example: community c0 members 701:555

• damping name [options]

• policy-statement

• prefix-list name { ip-addresses }

– Create a named list of prefixes

– Example: prefix-list p0 {10.0.0.1; 192.168.1.0/24;}

# set policy-options ?

DD2491, p2 2009

Policy-statement matches

– as-path– community– family– local-preference– metric– neighbor– next-hop– origin– preference– prefix-list– protocol– route-filter– ...

# set policy-options policy-statement <name> term <name> from ?

DD2491, p2 2009

Policy-statement actions

• accept

• reject

• next policy

• next term

• trace

Side-effects with accept:– as-path-prepend– community– color– external– load-balance per-packet– local-preference– metric– next-hop– origin– preference

# set policy-options policy-statement <name> term <name> then ?

DD2491, p2 2009

Lab overview

RTX3

RTX2

RTX1

RTX4

Tier1

AS6500X AS6500X+1

10.X.8.0/2410.X.9.0/2410.X.10.0/2410.X.11.0/24

AS65500

0/0/0

0/0/0

1/0/1

1/0/1

1/0/1

1/0/1 1/0/0

1/0/0

1/0/0

1/0/0

192.71.23.32/27

.1

.1.1 .2 .2

.2

AS6500X-1

0/0/0