7/30/2019 BGP-0

1/55

1

Border Gateway Protocol

(BGP4)

7/30/2019 BGP-0

2/55

7/30/2019 BGP-0

3/55

routes and packets flow

For communication between AS1 and AS2:AS1 announce routes to AS2

AS2 accept routes from AS1

AS2 announce routes to AS1

AS1 accept routes from AS2

accept

announce

announce

acceptAS 1 AS2

packets

packets

routing

information

outcoming

incoming

7/30/2019 BGP-0

4/55

Route types

Static Routesmanually configured

Directly connected Routes

automatically created as soon as theinterface is up

Interior Routesroutes within an AS

routes learnt by an IGP

Exterior RoutesLearnt by an EGP

routes not belonging to the local AS

7/30/2019 BGP-0

5/55

Basic Principles

BGP used between ASBGP transported by TCP

(port 179)

AS 100 AS 101

AS 102

E

B D

A C

Session

7/30/2019 BGP-0

6/55

Vocabulary

Neighbor

NLRI

NLRI - network layer reachabilityinformation

Information concerning the accessibility (or

not) of a remote networkRouter-ID

7/30/2019 BGP-0

7/55

BGP basics ...

Multiple possible paths to reach a network

Attributes configuration (policy) permit to

define the best one (main difference withIGP where an algorithm decides)

7/30/2019 BGP-0

8/55

AS 100 AS 101

AS 102

A C

BGP Routers calledpeers or neighbors

BGP Sessions

Session between 2different AS= External BGP

eBGP peers must be directly connected

E

B D

220.220.8.0/24 220.220.16.0/24

220.220.32.0/24

7/30/2019 BGP-0

9/55

AS 100 AS 101

A C

Sessions BGP

internal peers

AS 102

E

B

220.220.8.0/24 220.220.16.0/24

220.220.32.0/24

iBGP peers can be not directly connected

7/30/2019 BGP-0

10/55

AS 100 AS 101

A C

Sessions BGP

AS 102

D

220.220.8.0/24 220.220.16.0/24

220.220.32.0/24

E

B

BGP exchange NLRI

7/30/2019 BGP-0

11/55

BGP sessions configuration

interface Serial 0

ip address 222.222.10.2 255.255.255.252

router bgp 100

network 220.220.8.0 mask 255.255.255.0neighbor 222.222.10.1 remote-as 101

interface Serial 0

ip address 222.222.10.1 255.255.255.252

router bgp 101

network 220.220.16.0 mask 255.255.255.0neighbor 222.222.10.2 remote-as 100

Connexion TCP eBGP

222.222.10.0/30

B C DA

AS 100 AS 101

.2220.220.8.0/24 220.220.16.0/24.2 .1 .2 .1.1

7/30/2019 BGP-0

12/55

AS 100 AS 101

222.222.10.0/30

.2

interface Serial 1

ip address 220.220.16.2 255.255.255.252

router bgp 101

network 220.220.16.0 mask 255.255.255.0neighbor 220.220.16.1 remote-as 101

B

interface Serial 1

ip address 222.220.16.1 255.255.255.252

router bgp 101

network 220.220.16.0 mask 255.255.255.0neighbor 220.220.16.2 remote-as 101

C

Session TCP iBGP

D220.220.8.0/24 220.220.16.0/24A .2 .1 .2 .1.1

BGP sessions configuration

7/30/2019 BGP-0

13/55

Each iBGP router must establish a session with

all other iBGP routers of the same AS

Connection TCP/IP

iBGP

AS 100

AB

C

BGP sessions configuration

7/30/2019 BGP-0

14/55

use of interfaces Loopback for iBGP sessions

AS 100215.10.7.1

215.10.7.2

215.10.7.3

A

B

C

Connexion TCP/IP

iBGP

BGP sessions configuration

7/30/2019 BGP-0

15/55

Configuration des sessions BGP

AS 100

A

215.10.7.1215.10.7.2

215.10.7.3

C

B

interface loopback 0

ip address 215.10.7.1 255.255.255.255

router bgp 100

network 220.220.1.0

neighbor 215.10.7.2 remote-as 100

neighbor 215.10.7.2 update-source loopback0

neighbor 215.10.7.3 remote-as 100neighbor 215.10.7.3 update-source loopback0

A

7/30/2019 BGP-0

16/55

For iBGP, you might want to allow your BGPconnections to stay up regardless of which

interface is used to reach a neighbor. To enable

this configuration, you first configure a loopbackinterface and assign it an IP address.Next,

configure the BGP update source to be the

loopback interface. Finally, configure yourneighbor to use the address on the loopback

interface.Now the iBGP session will be up as long

as there is a route, regardless of any interface.

WHY LOOPBACK ????

7/30/2019 BGP-0

17/55

NLRI = Network Layer ReachabilityInformation

To announce a route or suppress routeswhich are no longer reachable

Each message contains attributes as :origin, AS path, Next-Hop, ... to influencethe route choice

Update BGP Messages

7/30/2019 BGP-0

18/55

160.10.0.0/16

150.10.0.0/16

192.10.1.0/30

.2

AS 100

AS 200

Network Next-Hop Path160.10.0.0/16 192.20.2.1 100

C

Attribute Next-Hop

.1

MessageBGP

B

A

.1

.2

AS 300

E

D

Next router to reach a network

In a session eBGP it is a local address

140.10.0.0/16

7/30/2019 BGP-0

19/55

the next-hop is updated forsessions eBGP160.10.0.0/16

150.10.0.0/16

192.10.1.0/30

.2

AS 100

AS 200C

Attribute Next-Hop

.1

B

A

.1

.2

MessageBGP

E

D

AS 300140.10.0.0/16

Network Next-Hop Path150.10.0.0/16 192.10.1.1 200160.10.0.0/16 192.10.1.1 200 100

7/30/2019 BGP-0

20/55

the next-hop is not modifiedin sessions iBGP

Internally IGP is in charge ofrouting decisions

160.10.0.0/16

150.10.0.0/16

192.10.1.0/30

.2

AS 100

AS 200

Network Next-Hop Path150.10.0.0/16 192.10.1.1 200160.10.0.0/16 192.10.1.1 200 100

C

Attribute Next-Hop

.1

B

A

.1

.2

MessageBGP

D

E

AS 300140.10.0.0/16

BGP d t t ithd

7/30/2019 BGP-0

21/55

BGP updates to withdraw

Routes

AS 321AS 123

192.168.10.0/24

192.192.25.0/24

.1 .2

x

Connection failure

Message

BGP

Withdraw Routes192.192.25.0/24

Network Next-Hop Path150.10.0.0/16 192.168.10.2 321 200192.192.25.0/24 192.168.10.2 321

7/30/2019 BGP-0

22/55

BGP RIB

BGP RIB

D 10.1.2.0/24

D 160.10.1.0/24

D 160.10.3.0/24R 153.22.0.0/16

S 192.1.1.0/24

Network Next-Hop Path

router bgp 100network 160.10.1.0 255.255.255.0network 160.10.3.0 255.255.255.0no auto-summary

Routing Table (do not depend on a routing protocol)

*>i160.10.1.0/24 192.20.2.2 i

*>i160.10.3.0/24 192.20.2.2 i

the command BGP network is used to

fill the BGP RIB from the routing table(2 conditions)

BGP Routing

Information

Base

7/30/2019 BGP-0

23/55

BGP RIB

BGP RIB

router bgp 100network 160.10.0.0 255.255.0.0aggregate-address 160.10.0.0 255.255.0.0 summary-onlyno auto-summary

Routing Table

Network Next-Hop Path

D 10.1.2.0/24

D 160.10.1.0/24

D 160.10.3.0/24

R 153.22.0.0/16

S 192.1.1.0/24

*> 160.10.0.0/16 192.20.2.2 i

s> 160.10.1.0/24 192.20.2.2 i

s> 160.10.3.0/24 192.20.2.2 i

The command BGP aggregate-address permit to insert in the BGP

RIB an aggregated route if at least onesubnetwork exists in the routing table

7/30/2019 BGP-0

24/55

BGP RIB

Network Next-Hop Path

router bgp 100network 160.10.0.0 255.255.0.0redistribute static route-map foono auto-summary

access-list 1 permit 192.1.1.0 0.0.0.255route-map foo permit 10match ip address 1

Route Table

D 10.1.2.0/24

D 160.10.1.0/24D 160.10.3.0/24

R 153.22.0.0/16

S 192.1.1.0/24

* i 192.20.2.2 i

*> 192.1.1.0/24 192.20.2.2 i

BGP RIB

7/30/2019 BGP-0

25/55

No mistake ??

7/30/2019 BGP-0

26/55

BGP RIB

BGP RIB

Network Next-Hop Path

router bgp 100network 160.10.0.0 255.255.0.0redistribute static route-map foono auto-summary

access-list 1 permit 192.1.0.0 0.0.255.255route-map foo permit 10match ip address 1

Route Table

D 10.1.2.0/24

D 160.10.1.0/24D 160.10.3.0/24

R 153.22.0.0/16

S 192.1.1.0/24

* i 192.20.2.2 i

*> 192.1.1.0/24 192.20.2.2 ?

7/30/2019 BGP-0

27/55

BGP RIB

BGP RIBProcess IN

Message

Network Next-Hop Path173.21.0.0/16 192.20.2.1 100

*>173.21.0.0/16 192.20.2.1 100

Message

Network Next-Hop Path

*>i160.10.1.0/24 192.20.2.2 i

*>i160.10.3.0/24 192.20.2.2 i

Process Out

Possible conditions to update the RIB

7/30/2019 BGP-0

28/55

BGP RIB

Process OUT

Network Next-Hop Path160.10.1.0/24 192.20.2.2 200160.10.3.0/24 192.20.2.2 200

173.21.0.0/16 192.20.2.2 200 100

BGP RIB

> 173.21.0.0/16 192.20.2.1 100

Network Next-Hop Path

*>i160.10.1.0/24 192.20.2.2 i

*>i160.10.3.0/24 192.20.2.2 i*

Process IN

Message Message

Possible conditions to send information contained in RIB

7/30/2019 BGP-0

29/55

BGP RIB

BGP RIB

D 10.1.2.0/24

D 160.10.1.0/24

D 160.10.3.0/24R 153.22.0.0/16

S 192.1.1.0/24

Network Next-Hop Path

*>i160.10.1.0/24 192.20.2.2 i

*>i160.10.3.0/24 192.20.2.2 i

*> 173.21.0.0/16 192.20.2.1 100

This line is inserted in the routing table if

B 173.21.0.0/16

Routing Table

unique or The distance is the lowest for

this network

Result of process in

7/30/2019 BGP-0

30/55

BGP Command

Configuration

router bgp

neighborremote-as no auto-summary:Disables automatic networksummarization.

Consultation

show ip bgp summaryshow ip bgp neighbors

7/30/2019 BGP-0

31/55

redistribute static

Examplerouter bgp 109

redistribute static

ip route 198.10.4.0 255.255.254.0 serial0

The static route must exist for the

redistribution to be active

7/30/2019 BGP-0

32/55

Redistribute risk

Very strict Control needed with the use ofroute-maps

7/30/2019 BGP-0

33/55

Local Preference

AS 400

AS 200

160.10.0.0/16

AS 100

AS 300

160.10.0.0/16 500> 160.10.0.0/16 800

500 800 E

B

C

A

D

7/30/2019 BGP-0

34/55

Multi-Exit Discriminator

Permit to transport relative preferences between exit

points

The path with the lowest MED is chosen

7/30/2019 BGP-0

35/55

Multi-Exit Discriminator (MED)

AS 201

AS 200

192.68.1.0/24

C

A B

192.68.1.0/24 1000192.68.1.0/24 2000

Selected path

7/30/2019 BGP-0

36/55

Origin (route origin)

Indicates the NLRI origin

3 valuesIGP -exemple : network 35.0.0.0

EGP - Redistributed by an EGP

IncompleteIGP < EGP < INCOMPLETE

Ad i i t ti Di t

7/30/2019 BGP-0

37/55

Administrative Distance

Routes can be learnt by different routingprotocols

classification

Default Distances for BGP:

eBGP : 20, iBGP : 200

7/30/2019 BGP-0

38/55

Attributes classification

All attributes are classified from highestpriority to lowest priority

7/30/2019 BGP-0

39/55

Synchronization

IOS Cisco Specific : a BGP router will notannounce a route if each router of its AS

has not previously learnt it by the IGP

7/30/2019 BGP-0

40/55

Synchronization

C is not a BGP speakerA will not announce 35.0.0.0/8 to D if it has not

learnt this network by its own IGPWe can deactivate synchronization to supress this

condition:router bgp 1880

no synchronization

1880

209

690

B

AC

35.0.0.0/8

D OSPF

7/30/2019 BGP-0

41/55

We want to be sure that C

will be able to route usefull data to network

35.0.0.0 !!

7/30/2019 BGP-0

42/55

Policyprefix list

Access-list (in and/or out)

Implicit deny or permit

7/30/2019 BGP-0

43/55

Prefix list - Examples

prefix 35.0.0.0/8 permittedip prefix-list Example permit 35.0.0.0/8

prefix 172.16.0.0/12 deniedip prefix-list Example deny 172.16.0.0/12

In network 192/8 permit till /24ip prefix-list Example permit 192.0.0.0/8 le 24

Any route permitted in 192.0.0.0/8, except/25, /26, /27, /28, /29, /30, /31 and /32

7/30/2019 BGP-0

44/55

ip prefix-list Exemple deny 192.0.0.0/8 ge 25

Very similar with the previous one

ip prefix-list Exemple permit 192.0.0.0/8 ge 12 le 20

Prefix list - Examples

7/30/2019 BGP-0

45/55

Use of prefix list

configuration Examplerouter bgp 200

network 215.7.0.0

neighbor 220.200.1.1 remote-as 210neighbor 220.200.1.1 prefix-list PEER-IN in

neighbor 220.200.1.1 prefix-list PEER-OUT out

!

ip prefix-list PEER-IN deny 218.10.0.0/16

ip prefix-list PEER-IN permit 0.0.0.0/0 le 32

ip prefix-list PEER-OUT permit 215.7.0.0/16

ip prefix-list PEER-OUT deny 0.0.0.0/0 le 32

All is accepted from neighbor except 218.10.0.0

We only send our network to the neighbor

7/30/2019 BGP-0

46/55

Distribute list with ACL IP

access-list 1 deny 10.0.0.0access-list 1 permit any

access-list 2 permit 20.0.0.0

router bgp 100

neighbor 171.69.233.33 remote-as 33

neighbor 171.69.233.33 distribute-list 1 inneighbor 171.69.233.33 distribute-list 2 out

7/30/2019 BGP-0

47/55

Filter list

ip as-path access-list 1 permit 3561ip as-path access-list 2 deny 35

ip as-path access-list 2 permit any

router bgp 100

neighbor 171.69.233.33 remote-as 33

neighbor 171.69.233.33 filter-list 1 in

neighbor 171.69.233.33 filter-list 2 out

Accept only routes with origin AS 3561 (deny implicit).Do Not announce routes from AS 35 (implicit permit all)

Policy Control Route

7/30/2019 BGP-0

48/55

Policy ControlRoute

Maps

route-map

ifmatchthen do expressionand exit

elseifmatchthen do expressionand exit

else etc

Route-map : clauses match & set

7/30/2019 BGP-0

49/55

Route map : clauses match & set

for policy control

AS-path

IP address

AS-path prepend

Local-PreferenceMED

Origin

...

Match Set

7/30/2019 BGP-0

50/55

[ ] Matches the characters or a range of charactersseparated by a hyphen, within left and rightsquare brackets.

[02468a-z] matches 0,4, and w, but not 1, 9, orK

^ Matches the character or null string at thebeginning of an input string.

^123 matches 1234, butnot 01234

? Matches zero or one occurrence of the pattern.(Precede the question mark with Ctrl-V sequenceto prevent it from being interpreted as a helpcommand.)

ba?b matches bb andbab

$ Matches the character or null string at the end ofan input string.

123$ matches 0123, butnot 1234

Regular expression

7/30/2019 BGP-0

51/55

Route Map:Example

configuration with AS-PATH prepend

router bgp 300

network 215.7.0.0

neighbor 2.2.2.2 remote-as 100

neighbor 2.2.2.2 route-map SETPATH out

route-map SETPATH permit 10set as-path prepend 300 300

Use your own AS number to Prependotherwise loop detection can stop your announce

7/30/2019 BGP-0

52/55

AS 100

AS 101B

A

ISP

Client

Stub AS

t b AS

7/30/2019 BGP-0

53/55

stub AS

BGP not needed

Default Route to the ISP

ISP announce your networks

ISP policy is your policy

7/30/2019 BGP-0

54/55

AS multi-homed

AS 100

AS 200

AS 300

D

CB

AISP

ISP

client

Full meshed iBGP required

7/30/2019 BGP-0

55/55

ISP AS

AS 100 AS 200

AS 400

AS 300

F

E

D

G

H

CB

A

FAI