-
7/30/2019 BGP-0
1/55
1
Border Gateway Protocol
(BGP4)
-
7/30/2019 BGP-0
2/55
-
7/30/2019 BGP-0
3/55
routes and packets flow
For communication between AS1 and AS2:AS1 announce routes to
AS2
AS2 accept routes from AS1
AS2 announce routes to AS1
AS1 accept routes from AS2
accept
announce
announce
acceptAS 1 AS2
packets
packets
routing
information
outcoming
incoming
-
7/30/2019 BGP-0
4/55
Route types
Static Routesmanually configured
Directly connected Routes
automatically created as soon as theinterface is up
Interior Routesroutes within an AS
routes learnt by an IGP
Exterior RoutesLearnt by an EGP
routes not belonging to the local AS
-
7/30/2019 BGP-0
5/55
Basic Principles
BGP used between ASBGP transported by TCP
(port 179)
AS 100 AS 101
AS 102
E
B D
A C
Session
-
7/30/2019 BGP-0
6/55
Vocabulary
Neighbor
NLRI
NLRI - network layer reachabilityinformation
Information concerning the accessibility (or
not) of a remote networkRouter-ID
-
7/30/2019 BGP-0
7/55
BGP basics ...
Multiple possible paths to reach a network
Attributes configuration (policy) permit to
define the best one (main difference withIGP where an algorithm
decides)
-
7/30/2019 BGP-0
8/55
AS 100 AS 101
AS 102
A C
BGP Routers calledpeers or neighbors
BGP Sessions
Session between 2different AS= External BGP
eBGP peers must be directly connected
E
B D
220.220.8.0/24 220.220.16.0/24
220.220.32.0/24
-
7/30/2019 BGP-0
9/55
AS 100 AS 101
A C
Sessions BGP
internal peers
AS 102
E
B
220.220.8.0/24 220.220.16.0/24
220.220.32.0/24
iBGP peers can be not directly connected
-
7/30/2019 BGP-0
10/55
AS 100 AS 101
A C
Sessions BGP
AS 102
D
220.220.8.0/24 220.220.16.0/24
220.220.32.0/24
E
B
BGP exchange NLRI
-
7/30/2019 BGP-0
11/55
BGP sessions configuration
interface Serial 0
ip address 222.222.10.2 255.255.255.252
router bgp 100
network 220.220.8.0 mask 255.255.255.0neighbor 222.222.10.1
remote-as 101
interface Serial 0
ip address 222.222.10.1 255.255.255.252
router bgp 101
network 220.220.16.0 mask 255.255.255.0neighbor 222.222.10.2
remote-as 100
Connexion TCP eBGP
222.222.10.0/30
B C DA
AS 100 AS 101
.2220.220.8.0/24 220.220.16.0/24.2 .1 .2 .1.1
-
7/30/2019 BGP-0
12/55
AS 100 AS 101
222.222.10.0/30
.2
interface Serial 1
ip address 220.220.16.2 255.255.255.252
router bgp 101
network 220.220.16.0 mask 255.255.255.0neighbor 220.220.16.1
remote-as 101
B
interface Serial 1
ip address 222.220.16.1 255.255.255.252
router bgp 101
network 220.220.16.0 mask 255.255.255.0neighbor 220.220.16.2
remote-as 101
C
Session TCP iBGP
D220.220.8.0/24 220.220.16.0/24A .2 .1 .2 .1.1
BGP sessions configuration
-
7/30/2019 BGP-0
13/55
Each iBGP router must establish a session with
all other iBGP routers of the same AS
Connection TCP/IP
iBGP
AS 100
AB
C
BGP sessions configuration
-
7/30/2019 BGP-0
14/55
use of interfaces Loopback for iBGP sessions
AS 100215.10.7.1
215.10.7.2
215.10.7.3
A
B
C
Connexion TCP/IP
iBGP
BGP sessions configuration
-
7/30/2019 BGP-0
15/55
Configuration des sessions BGP
AS 100
A
215.10.7.1215.10.7.2
215.10.7.3
C
B
interface loopback 0
ip address 215.10.7.1 255.255.255.255
router bgp 100
network 220.220.1.0
neighbor 215.10.7.2 remote-as 100
neighbor 215.10.7.2 update-source loopback0
neighbor 215.10.7.3 remote-as 100neighbor 215.10.7.3
update-source loopback0
A
-
7/30/2019 BGP-0
16/55
For iBGP, you might want to allow your BGPconnections to stay up
regardless of which
interface is used to reach a neighbor. To enable
this configuration, you first configure a loopbackinterface and
assign it an IP address.Next,
configure the BGP update source to be the
loopback interface. Finally, configure yourneighbor to use the
address on the loopback
interface.Now the iBGP session will be up as long
as there is a route, regardless of any interface.
WHY LOOPBACK ????
-
7/30/2019 BGP-0
17/55
NLRI = Network Layer ReachabilityInformation
To announce a route or suppress routeswhich are no longer
reachable
Each message contains attributes as :origin, AS path, Next-Hop,
... to influencethe route choice
Update BGP Messages
-
7/30/2019 BGP-0
18/55
160.10.0.0/16
150.10.0.0/16
192.10.1.0/30
.2
AS 100
AS 200
Network Next-Hop Path160.10.0.0/16 192.20.2.1 100
C
Attribute Next-Hop
.1
MessageBGP
B
A
.1
.2
AS 300
E
D
Next router to reach a network
In a session eBGP it is a local address
140.10.0.0/16
-
7/30/2019 BGP-0
19/55
the next-hop is updated forsessions eBGP160.10.0.0/16
150.10.0.0/16
192.10.1.0/30
.2
AS 100
AS 200C
Attribute Next-Hop
.1
B
A
.1
.2
MessageBGP
E
D
AS 300140.10.0.0/16
Network Next-Hop Path150.10.0.0/16 192.10.1.1 200160.10.0.0/16
192.10.1.1 200 100
-
7/30/2019 BGP-0
20/55
the next-hop is not modifiedin sessions iBGP
Internally IGP is in charge ofrouting decisions
160.10.0.0/16
150.10.0.0/16
192.10.1.0/30
.2
AS 100
AS 200
Network Next-Hop Path150.10.0.0/16 192.10.1.1 200160.10.0.0/16
192.10.1.1 200 100
C
Attribute Next-Hop
.1
B
A
.1
.2
MessageBGP
D
E
AS 300140.10.0.0/16
BGP d t t ithd
-
7/30/2019 BGP-0
21/55
BGP updates to withdraw
Routes
AS 321AS 123
192.168.10.0/24
192.192.25.0/24
.1 .2
x
Connection failure
Message
BGP
Withdraw Routes192.192.25.0/24
Network Next-Hop Path150.10.0.0/16 192.168.10.2 321
200192.192.25.0/24 192.168.10.2 321
-
7/30/2019 BGP-0
22/55
BGP RIB
BGP RIB
D 10.1.2.0/24
D 160.10.1.0/24
D 160.10.3.0/24R 153.22.0.0/16
S 192.1.1.0/24
Network Next-Hop Path
router bgp 100network 160.10.1.0 255.255.255.0network 160.10.3.0
255.255.255.0no auto-summary
Routing Table (do not depend on a routing protocol)
*>i160.10.1.0/24 192.20.2.2 i
*>i160.10.3.0/24 192.20.2.2 i
the command BGP network is used to
fill the BGP RIB from the routing table(2 conditions)
BGP Routing
Information
Base
-
7/30/2019 BGP-0
23/55
BGP RIB
BGP RIB
router bgp 100network 160.10.0.0 255.255.0.0aggregate-address
160.10.0.0 255.255.0.0 summary-onlyno auto-summary
Routing Table
Network Next-Hop Path
D 10.1.2.0/24
D 160.10.1.0/24
D 160.10.3.0/24
R 153.22.0.0/16
S 192.1.1.0/24
*> 160.10.0.0/16 192.20.2.2 i
s> 160.10.1.0/24 192.20.2.2 i
s> 160.10.3.0/24 192.20.2.2 i
The command BGP aggregate-address permit to insert in the
BGP
RIB an aggregated route if at least onesubnetwork exists in the
routing table
-
7/30/2019 BGP-0
24/55
BGP RIB
Network Next-Hop Path
router bgp 100network 160.10.0.0 255.255.0.0redistribute static
route-map foono auto-summary
access-list 1 permit 192.1.1.0 0.0.0.255route-map foo permit
10match ip address 1
Route Table
D 10.1.2.0/24
D 160.10.1.0/24D 160.10.3.0/24
R 153.22.0.0/16
S 192.1.1.0/24
* i 192.20.2.2 i
*> 192.1.1.0/24 192.20.2.2 i
BGP RIB
-
7/30/2019 BGP-0
25/55
No mistake ??
-
7/30/2019 BGP-0
26/55
BGP RIB
BGP RIB
Network Next-Hop Path
router bgp 100network 160.10.0.0 255.255.0.0redistribute static
route-map foono auto-summary
access-list 1 permit 192.1.0.0 0.0.255.255route-map foo permit
10match ip address 1
Route Table
D 10.1.2.0/24
D 160.10.1.0/24D 160.10.3.0/24
R 153.22.0.0/16
S 192.1.1.0/24
* i 192.20.2.2 i
*> 192.1.1.0/24 192.20.2.2 ?
-
7/30/2019 BGP-0
27/55
BGP RIB
BGP RIBProcess IN
Message
Network Next-Hop Path173.21.0.0/16 192.20.2.1 100
*>173.21.0.0/16 192.20.2.1 100
Message
Network Next-Hop Path
*>i160.10.1.0/24 192.20.2.2 i
*>i160.10.3.0/24 192.20.2.2 i
Process Out
Possible conditions to update the RIB
-
7/30/2019 BGP-0
28/55
BGP RIB
Process OUT
Network Next-Hop Path160.10.1.0/24 192.20.2.2 200160.10.3.0/24
192.20.2.2 200
173.21.0.0/16 192.20.2.2 200 100
BGP RIB
> 173.21.0.0/16 192.20.2.1 100
Network Next-Hop Path
*>i160.10.1.0/24 192.20.2.2 i
*>i160.10.3.0/24 192.20.2.2 i*
Process IN
Message Message
Possible conditions to send information contained in RIB
-
7/30/2019 BGP-0
29/55
BGP RIB
BGP RIB
D 10.1.2.0/24
D 160.10.1.0/24
D 160.10.3.0/24R 153.22.0.0/16
S 192.1.1.0/24
Network Next-Hop Path
*>i160.10.1.0/24 192.20.2.2 i
*>i160.10.3.0/24 192.20.2.2 i
*> 173.21.0.0/16 192.20.2.1 100
This line is inserted in the routing table if
B 173.21.0.0/16
Routing Table
unique or The distance is the lowest for
this network
Result of process in
-
7/30/2019 BGP-0
30/55
BGP Command
Configuration
router bgp
neighborremote-as no auto-summary:Disables automatic
networksummarization.
Consultation
show ip bgp summaryshow ip bgp neighbors
-
7/30/2019 BGP-0
31/55
redistribute static
Examplerouter bgp 109
redistribute static
ip route 198.10.4.0 255.255.254.0 serial0
The static route must exist for the
redistribution to be active
-
7/30/2019 BGP-0
32/55
Redistribute risk
Very strict Control needed with the use ofroute-maps
-
7/30/2019 BGP-0
33/55
Local Preference
AS 400
AS 200
160.10.0.0/16
AS 100
AS 300
160.10.0.0/16 500> 160.10.0.0/16 800
500 800 E
B
C
A
D
-
7/30/2019 BGP-0
34/55
Multi-Exit Discriminator
Permit to transport relative preferences between exit
points
The path with the lowest MED is chosen
-
7/30/2019 BGP-0
35/55
Multi-Exit Discriminator (MED)
AS 201
AS 200
192.68.1.0/24
C
A B
192.68.1.0/24 1000192.68.1.0/24 2000
Selected path
-
7/30/2019 BGP-0
36/55
Origin (route origin)
Indicates the NLRI origin
3 valuesIGP -exemple : network 35.0.0.0
EGP - Redistributed by an EGP
IncompleteIGP < EGP < INCOMPLETE
Ad i i t ti Di t
-
7/30/2019 BGP-0
37/55
Administrative Distance
Routes can be learnt by different routingprotocols
classification
Default Distances for BGP:
eBGP : 20, iBGP : 200
-
7/30/2019 BGP-0
38/55
Attributes classification
All attributes are classified from highestpriority to lowest
priority
-
7/30/2019 BGP-0
39/55
Synchronization
IOS Cisco Specific : a BGP router will notannounce a route if
each router of its AS
has not previously learnt it by the IGP
-
7/30/2019 BGP-0
40/55
Synchronization
C is not a BGP speakerA will not announce 35.0.0.0/8 to D if it
has not
learnt this network by its own IGPWe can deactivate
synchronization to supress this
condition:router bgp 1880
no synchronization
1880
209
690
B
AC
35.0.0.0/8
D OSPF
-
7/30/2019 BGP-0
41/55
We want to be sure that C
will be able to route usefull data to network
35.0.0.0 !!
-
7/30/2019 BGP-0
42/55
Policyprefix list
Access-list (in and/or out)
Implicit deny or permit
-
7/30/2019 BGP-0
43/55
Prefix list - Examples
prefix 35.0.0.0/8 permittedip prefix-list Example permit
35.0.0.0/8
prefix 172.16.0.0/12 deniedip prefix-list Example deny
172.16.0.0/12
In network 192/8 permit till /24ip prefix-list Example permit
192.0.0.0/8 le 24
Any route permitted in 192.0.0.0/8, except/25, /26, /27, /28,
/29, /30, /31 and /32
-
7/30/2019 BGP-0
44/55
ip prefix-list Exemple deny 192.0.0.0/8 ge 25
Very similar with the previous one
ip prefix-list Exemple permit 192.0.0.0/8 ge 12 le 20
Prefix list - Examples
-
7/30/2019 BGP-0
45/55
Use of prefix list
configuration Examplerouter bgp 200
network 215.7.0.0
neighbor 220.200.1.1 remote-as 210neighbor 220.200.1.1
prefix-list PEER-IN in
neighbor 220.200.1.1 prefix-list PEER-OUT out
!
ip prefix-list PEER-IN deny 218.10.0.0/16
ip prefix-list PEER-IN permit 0.0.0.0/0 le 32
ip prefix-list PEER-OUT permit 215.7.0.0/16
ip prefix-list PEER-OUT deny 0.0.0.0/0 le 32
All is accepted from neighbor except 218.10.0.0
We only send our network to the neighbor
-
7/30/2019 BGP-0
46/55
Distribute list with ACL IP
access-list 1 deny 10.0.0.0access-list 1 permit any
access-list 2 permit 20.0.0.0
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 distribute-list 1 inneighbor
171.69.233.33 distribute-list 2 out
-
7/30/2019 BGP-0
47/55
Filter list
ip as-path access-list 1 permit 3561ip as-path access-list 2
deny 35
ip as-path access-list 2 permit any
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 filter-list 1 in
neighbor 171.69.233.33 filter-list 2 out
Accept only routes with origin AS 3561 (deny implicit).Do Not
announce routes from AS 35 (implicit permit all)
Policy Control Route
-
7/30/2019 BGP-0
48/55
Policy ControlRoute
Maps
route-map
ifmatchthen do expressionand exit
elseifmatchthen do expressionand exit
else etc
Route-map : clauses match & set
-
7/30/2019 BGP-0
49/55
Route map : clauses match & set
for policy control
AS-path
IP address
AS-path prepend
Local-PreferenceMED
Origin
...
Match Set
-
7/30/2019 BGP-0
50/55
[ ] Matches the characters or a range of charactersseparated by
a hyphen, within left and rightsquare brackets.
[02468a-z] matches 0,4, and w, but not 1, 9, orK
^ Matches the character or null string at thebeginning of an
input string.
^123 matches 1234, butnot 01234
? Matches zero or one occurrence of the pattern.(Precede the
question mark with Ctrl-V sequenceto prevent it from being
interpreted as a helpcommand.)
ba?b matches bb andbab
$ Matches the character or null string at the end ofan input
string.
123$ matches 0123, butnot 1234
Regular expression
-
7/30/2019 BGP-0
51/55
Route Map:Example
configuration with AS-PATH prepend
router bgp 300
network 215.7.0.0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 route-map SETPATH out
route-map SETPATH permit 10set as-path prepend 300 300
Use your own AS number to Prependotherwise loop detection can
stop your announce
-
7/30/2019 BGP-0
52/55
AS 100
AS 101B
A
ISP
Client
Stub AS
t b AS
-
7/30/2019 BGP-0
53/55
stub AS
BGP not needed
Default Route to the ISP
ISP announce your networks
ISP policy is your policy
-
7/30/2019 BGP-0
54/55
AS multi-homed
AS 100
AS 200
AS 300
D
CB
AISP
ISP
client
Full meshed iBGP required
-
7/30/2019 BGP-0
55/55
ISP AS
AS 100 AS 200
AS 400
AS 300
F
E
D
G
H
CB
A
FAI
