BGP-4 Case Studies - University of Belgradetelekomunikacije.etf.bg.ac.rs/predmeti/ot4ai/BGP4-2.pdf · BGP-4 Case Studies Nenad Krajnovic e-mail: [email protected]. 2 Today topics

BGP-4 Case Studies

Nenad Krajnovice-mail: [email protected]

2

Today topics

load balancing over multiple linksmultihoming to a single providermultihoming to different providersfollowing defaults inside an ASpolicy routinglab examples

3

Load balancing over multiple links

Increasing traffic toward Internet is requesting more and more bandwidth. Increasing of bandwidth can be made by aggregating two or more links and load balancing over them.

4

load balancing over multiple links

1.1.1.21.1.1.1

AS 65300

Loopback Interface 0172.16.1.1


AS 65100

1.1.2.1 1.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24172.16.4.0/24

We like to load balance over all tree links betweenAS 65100 and AS 65300

5


1.1.1.21.1.1.1

AS 65300



AS 65100

1.1.2.1 1.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24 172.16.4.0/24

interface ethernet 0ip address 192.168.4.1 255.255.255.0

!interface serial 0

ip address 1.1.1.1 255.255.255.0!interface serial 1


ip address 1.1.3.1 255.255.255.0!Interface loopback 0

ip address 172.16.50.1 255.255.255.0!router bgp 65100

network 192.168.4.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihopneighbor 172.16.1.1 update-source loopback 0no auto-summary

!ip route 172.16.1.1 255.255.255.255 1.1.1.2 3ip route 172.16.1.1 255.255.255.255 1.1.2.2 3ip route 172.16.1.1 255.255.255.255 1.1.3.2 3

6



!interface serial 0





network 172.16.4.0 mask 255.255.255.0neighbor 172.16.50.1 remote-as 65300neighbor 172.16.50.1 ebgp-multihopneighbor 172.16.50.1 update-source loopback 0no auto-summary

!ip route 172.16.50.1 255.255.255.255 1.1.1.1 3ip route 172.16.50.1 255.255.255.255 1.1.2.1 3ip route 172.16.50.1 255.255.255.255 1.1.3.1 3

1.1.1.21.1.1.1

AS 65300



AS 65100

1.1.2.1 1.1.2.2

1.1.3.21.1.3.1

192.168.4.0/24 172.16.4.0/24

7

Multihoming to a single provider

In situation where links to the provider isn’t reliable enough, it is necessary to have more links to the provider. Beside that, this solution offer better stability and reliability of the network.

8

multihomed to a single provider - default only, one primary and one backup link

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP.

Outbound traffic from AS30 should always go on the X1 link unless that link fails, in which case it should switch to the other link.

Inbound traffic toward AS30 should always come on the X1 link unless that link fails, in which case is should switch to the other link.

Prevent any BGP updates from coming into AS3.

X1X2

192.168.1.4 E0192.168.1.1 E0

9

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.4 E0192.168.1.1 E0


router bgp 30network 172.18.23.0 mask 255.255.255.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 route-map BLOCK inneighbor 1.1.2.1 route-map SETMETRIC1 outneighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 route-map BLOCK inneighbor 1.1.1.1 route-map SETMETRIC2 outno auto-summary

!ip route 0.0.0.0 0.0.0.0 1.1.1.1 40ip route 0.0.0.0 0.0.0.0 1.1.2.1 60!route-map SETMETRIC1 permit 10

set metric 100!route-map SETMETRIC2 permit 10

set metric 50!route-map BLOCK deny 10

10


router# show ip route

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

1.0.0.0 255.0.0.0 is subnetted, 2 subnetsC 1.1.1.0 is directly connected, Serial 0C 1.1.2.0 is directly connected, Serial 1C 172.18.23.0 is directly connected, Ethernet0S* 0.0.0.0 0.0.0.0 [40/0] via 1.1.1.1

router# show ip bgpBGP table version 11, local router ID is 192.168.1.4Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path *>i 172.18.23.0/24 192.168.1.4 50 100 0 3 i* 1.1.2.1 100 0 3 i*> 192.168.4.0/24 0.0.0.0 0 32768 i

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.4 E0192.168.1.1 E0

11

multihomed to a single provider - default, primary and backup plus partial routing

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

12

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

Routing policiesAS3 will only accept AS1’s local routes and its customers’ routes

such as AS6. AS3 will also accept one route from the Internet to set its default toward the provider AS1.

For all outbound traffic toward AS1 and AS6 (the partial routes), AS3 should use the X2 link. In case of failure, the other link is used.

For all other outbound traffic toward the Internet, AS3 should use the X1 link as the primary link by following a default route. In case of failure, the default via other link should be used.

For inbound traffic, AS3 will instruct AS1 to use the X2 link for 172.16.220.0/24.

For all other inbound traffic, the X1 link is the primary.


13


192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map SET_OUTBOUND_TRAFFIC inneighbor 172.16.20.1 route-map SET_INBOUND_TRAFFIC outneighbor 172.16.20.1 filter-list 10 outno auto-summary

!ip route 0.0.0.0 0.0.0.0 193.78.0.0ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$ip as-path access-list 4 permit ^1$access-list 2 permit 172.16.220.0 0.0.0.255access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10

match ip address 101set local-preference 200

route-map SET_OUTBOUND_TRAFFIC permit 20match as-path 4set local-preference 300

!route-map SET_INBOUND_TRAFFIC permit 10


route-map SET_INBOUND_TRAFFIC permit 20set metric 300

14


192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1192.68.6.2

AS 7

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0

IBGP

192.68.10.1

AS 6

192.68.40.1

192.68.11.2NAP

router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map SET_OUTBOUND_TRAFFIC inneighbor 192.68.5.2 route-map SET_INBOUND_TRAFFIC outneighbor 192.68.5.2 filter-list 10 outno auto-summary

!ip route 0.0.0.0 0.0.0.0 193.78.0.0!ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$

! ip as-path access-list ^1 ?[0-9]*$ip as_path access-list 4 permit ^1$!access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10


!route-map SET_OUTBOUND_TRAFFIC permit 20

match as-path 4set local-preference 250

!route-map SET_INBOUND_TRAFFIC permit 10

set metric 250

15

multihomed to a single provider - automatic load balancing

172.16.60.2

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.20.1

X1X2

192.68.6.1192.68.6.2

172.16.1.1 E1172.16.1.2

172.16.10.1172.16.2.254 L0

IBGP

AS 6

192.68.40.1

192.68.11.2

172.16.60.1

AS1 will load balancing traffic over two links between AS1 and AS3.

RTA

16

multihomed to a single provider - automatic load balancing

172.16.60.2

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

IBGP

172.16.20.1

X1X2

192.68.6.1192.68.6.2

172.16.1.1 E1172.16.1.2

172.16.10.1172.16.2.254 L0

IBGP

AS 6

192.68.40.1

192.68.11.2

172.16.60.1

router bgp 3no sunchronizationneighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source

loopback0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.60.1 remote-as 1neighbor 172.16.60.1 filter-list 10 outmaximum-paths 2no auto-summary

!ip as-path access-list 10 permit ^$


Network Next Hop Metric LocPrf Weight Path *>i 172.16.10.0/24 172.16.1.2 0 100 0 i*> 192.68.11.0 172.16.20.1 0 0 1 i* 172.16.60.1 0 1 i*> 192.68.40.0 172.16.20.1 0 1 6 i*> 172 16 60 1 0 1 6

17

Multihomed to different provider

Multihoming to different provider is offering better stability and reliability of network. Because of that, it can be often found network which is multihomed.

18

multihomed to different provider

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

RouteServer

19


Routing policiesAS3 will be accepting AS1’s local and customer routes only via

the X2 link. All other Internet routes will be accepted via the X1 link (primary).

AS3 will accept a default route from AS1 just in case there is a failure in the X1 link.

AS3 prefers that the network 172.16.220.0/24 be reachable by theoutside world via the X2 link, and networks 172.16.10.0/24 and 172.16.65.0/26 be reachable via the X1 link.

AS3 cannot be a transit network for A1 and AS2, which means that under no circumstances will AS1 use AS3 to reach AS2.

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

RouteServer

20

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

RouteServer


router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source Loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map ACCEPT_ALL inneighbor 172.16.20.1 route-map PREPEND_PATH outno auto-summary

!ip as-path access-list 1 permit ^1 ?[0-9]*$ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.65.0 0.0.0.63access-list 1 permit 172.16.10.0 0.0.0.255access-list 10 permit 0.0.0.0!route-map PREPEND_PATH permit 10

match ip address 1set as-path prepend 3 3 3

!route-map PREPEND_PATH permit 20

match as-path 2!route-map ACCEPT_LOCAL permit 10


!route-map ACCEPT_LOCAL permit 20

match as-path 1

21

192.68.5.1

AS 3

AS 1

172.16.20.2 S0

192.68.11.1

172.16.220.1 E0

192.68.5.2172.16.20.1

X1X2

192.68.6.1

193.78.0.0/16

172.16.1.1 E1

172.16.1.2 E1

172.16.65.1172.16.10.1

172.16.2.254 L0255.255.255.255

IBGP

192.68.10.1

AS 6192.68.40.1

192.68.10.4

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

RouteServer


router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map PREPEND_PATH outno auto-summary

!ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.220.0 0.0.0.255!route-map PREPEND_PATH permit 10

match ip address 1set as-path prepend 3 3 3

!route-map PREPEND_PATH permit 20

match as-path 2

22

multihomed to different provider - customers of the same provider with a backup link

X1X2

AS 6192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

23


X1X2

AS 6192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

Routing policiesIn normal condition, AS1 and AS2 will use the private link only

for traffic between AS1 and AS2; for all other Internet traffic, the direct link to the provider AS3 is used.

AS1 and AS2 agree to use each other as backup in case their links to AS3 fail.

24


X1X2

AS 6192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

router bgp 1network 192.168.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 3neighbor 172.16.20.2 route-map PREF_FROM_AS3 inneighbor 192.68.6.1 remote-as 1neighbor 192.68.6.1 route-map PREF_FROM_AS2 inno auto-summary

!ip as-path access-list 1 permit _2_!route-map PREF_FROM_AS3 permit 10


!route-map PREF_FROM_AS3 permit 20

match local-preference 300!route-map PREF_FROM_AS2 permit 10set local-preference 200

25



Network Next Hop Metric LocPrf Weight Path *>i 172.16.1.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.10.0/24 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.65.0/26 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.220.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i* 192.68.10.0 172.16.20.2 0 100 0 3 2 i*> 192.68.6.1 200 0 2 i*> 192.68.11.0 0.0.0.0 0 32768 i*> 192.68.40.0 172.16.20.2 300 0 3 6 i*> 192.68.6.1 200 0 2 3 6

X1X2

AS 6192.68.40.1

172.16.10.4

172.16.10.1

AS 3

172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

IBGP

AS 7

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

NAP

192.68.6.1

192.68.5.2

AS 2

192.68.5.1

172.16.20.2

192.68.6.1

26

multihomed to different provider - customers of different providers with a backup link

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

27


Routing policiesIn normal condition, AS1 and AS2 will use the private link only

for traffic between AS1 and AS2; for all other Internet traffic, both customers would like to go out via their direct providers, AS1 via AS4 and AS2 via AS3

In case the private link goes down, the customers should be able to talk to one another via the providers. If a link to the provider fails, the other customer should be used to reach the Internet.

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

28


router bgp 4network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 route-map CHECK_COMMUNITY inneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map CHECK_COMMUNITY inno auto-summary

!ip community-list 2 permit 4:40ip community-list 3 permit 4:60!route-map CHECK_COMMUNITY permit 10

match community 2set local-preference 40

!route-map CHECK_COMMUNITY permit 20

match community 3set local-preference 60

!route-map CHECK_COMMUNITY permit 30set local-preference 100

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

Solution No. 1 - The Community Approach

29


router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 send-communityneighbor 172.16.20.2 route-map SETCOMMUNITY outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary

!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map SETCOMMUNITY permit 10

match as-path 2set community 4:40

!route-map SETCOMMUNITY permit 20

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


30


router bgp 3network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192neighbor 172.16.1.1 remote-as 4neighbor 172.16.1.1 send-communityneighbor 172.16.1.1 route-map setcommunity outneighbor 192.68.5.2 remote-as 2no auto-summary

!route-map setcommunity permit 10set community 4:60

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


31


X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 60 0 3 i*> 172.16.65.0/26 172.16.1.2 0 60 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 60 0 3 2 i* 172.16.20.1 40 0 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i


32


router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 route-map setpath outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary

!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map setpath permit 10

match as-path 2set as-path prepend 1

!route-map setpath permit 20

X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3

Solution No. 2 - The AS_Path Approach

33


X1X2

AS 4172.16.220.1

172.16.1.1172.16.1.2

172.16.65.1172.16.2.254 L0255.255.255.255

AS 1

192.68.11.1

172.16.20.1

192.68.6.2

192.68.10.1

192.68.5.2

AS 2

192.68.5.1172.16.20.2

192.68.6.1

172.16.10.1

AS 3


Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 0 3 i*> 172.16.65.0/26 172.16.1.2 0 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 0 3 2 i* 172.16.20.1 0 1 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i


34

Following default inside an AS

Inserting default route in an AS can make a lot of problem if it wasn’t do on appropriate way.

35

following defaults inside an AS

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2 172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1

172.16.70.2IGPIGP RTG

Border routers HAVEHAVEphysical connection.

36


Routing policiesRTG is an interior router in AS3 that is running an OSPF; RTG is

following the default route 0/0 to reach networks outside AS3AS3 is multihomed to two different providers.

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2 172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


37


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always

!router bgp 3

no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.1.2 remote-as 3no auto-summary


192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2 172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


38


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always

!router bgp 3

no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 1neighbor 172.16.1.1 next-hop-selfneighbor 172.16.5.2 remote-as 2neighbor 172.16.5.2 filter-list 10 outno auto-summary


192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.1.1

172.16.1.2 172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


router ospf 16network 172.16.0.0 0.0.255.255 area 0

39


192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


Border routers DONDON’’TTHAVEHAVE physical connection.

40

following defaults inside an ASrouter ospf 16

passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default

!router bgp 3

no synchronizationnetwork 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.50.1 remote-as 3neighbor 172.16.50.1 route-map setlocalpref inno auto-summary

!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 172.16.20.1!route-map setlocalpref permit 10set local-preference 300

!route-map send_default permit 10

match ip address 1match ip next-hop 2

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


41


router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default

!router bgp 3

no synchronizationnetwork 172.16.50.0 mask 255.255.255.0neighbor 172.16.70.1 remote-as 3neighbor 172.16.70.1 net-hop-selfneighbor 192.68.5.2 remote-as 2neighbor 192.68.5.2 filter-list 10 outno auto-summary

!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 192.68.5.2!route-map send_default permit 10

match ip address 1match ip next-hop 2

192.68.5.1AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

192.68.5.2172.16.20.1

X1X2

193.78.0.0/16

172.16.50.1

IBGP

192.68.10.1

AS 2

192.68.10.2

AS 7

192.68.10.3

NAP

172.16.50.2

172.16.70.1


router ospf 16network 172.16.0.0 0.0.255.255 area 0

42

Policy routing

Possibility to route traffic based on source IP address, instead of destination IP address.

43

policy routing

AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

172.16.80.2172.16.20.1

X1X2

172.16.50.1

192.68.6.1 AS 2192.68.6.2

172.16.50.2

172.16.70.1

172.16.70.2IGPIGP

192.68.10.1

172.16.112.1

172.16.10.1

Routing policiesTraffic from network 172.16.10.0/24 is directed toward AS2, over

X1 link.Traffic from network 172.16.112.0/24 is directed toward AS1 over

X2 link; in case of a link failure to AS1, the traffic will go to AS2.For all other source IP address, follow normal routing.

172.16.80.1

44

AS 3

AS 1

172.16.20.2

192.68.11.1

172.16.220.1

172.16.80.2172.16.20.1

X1X2

172.16.50.1

192.68.6.1 AS 2192.68.6.2

172.16.50.2

172.16.70.1

172.16.70.2IGPIGP

192.68.10.1

172.16.112.1

172.16.10.1172.16.80.1

policy routing

interface ethernet0ip address 172.16.80.1 255.255.255.0

!interface serial1

ip address 172.16.70.1 255.255.255.0ip policy route-map CHECK_SOURCE

!router ospf 16

passive-interface Serial0passive-interface Ethernet0network 172.16.0.0 0.0.255.255 area 0default-information originate always

!router bgp 3

network 172.16.70.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.112.0 mask 255.255.255.0

neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.80.2 remote-as 2neighbor 172.16.80.2 filter-list 10 outno auto-summary

!ip as-path access-list 10 permit ^$!access-list 1 permit 172.16.10.0 255.255.255.0access-list 2 permit 172.16.112.0 255.255.255.0!route-map CHECK_SOURCE permit 10

match ip address 1set ip next-hop 172.16.80.2

!route-map CHECK_SOURCE permit 20

match ip address 2set ip next-hop 172.16.20.1 172.16.80.2

45

Lab examples

Equipment:

CISCO 2501 (1x10BaseAUI + 2xSerial) ……………3 pcs.

DTE cables…………………………………………...3 pcs

DCE cables…………………………………………...3 pcs

hub

46

lab example 1

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP.

Outbound traffic from AS30 should always go on the X1 link unless that link fails, in which case it should switch to the other link.

Inbound traffic toward AS30 should always come on the X1 link unless that link fails, in which case is should switch to the other link.

Prevent any BGP updates from coming into AS3.

X1X2

192.168.1.2 S1192.168.1.1 S1

47

lab example 1

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1


!interface serial 0

ip address 1.1.1.2 255.255.255.0clockrate 64000

!interface serial 1


!router bgp 30

network 172.18.23.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 route-map BLOCK in

neighbor 1.1.2.1 route-map SETMET1 outneighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 route-map BLOCK inneighbor 1.1.1.1 route-map SETMET2 outno auto-summary

!ip route 0.0.0.0 0.0.0.0 1.1.1.1 40ip route 0.0.0.0 0.0.0.0 1.1.2.1 60!route-map SETMET1 permit 10

set metric 100!route-map SETMET2 permit 10

set metric 50!route-map BLOCK deny 10

48

lab example 1

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1


!interface serial 0



network 192.168.0.0 mask 255.255.0.0neighbor 1.1.2.2 remote-as 30neighbor 192.168.1.2 remote-as 10no auto-summary

49

lab example 1

1.1.1.2 S0

AS 30

AS 10

1.1.2.2 S1

192.168.4.0/24 E0IBGP

172.18.23.0/24 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1

interface serial 0ip address 1.1.1.1 255.255.255.0

!interface serial 1


network 192.168.0.0 mask 255.255.0.0network 1.1.1.0 mask 255.255.255.0neighbor 1.1.1.2 remote-as 30neighbor 192.168.1.1 remote-as 10no auto-summary

50

lab example 2-a

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1

172.18.2.1 E0

172.18.3.1 E0

Routing policiesTraffic to the Internet should go toward 172.18.2.10.IBGP is running between RTA and RTB; IGP is running between

RTB and RTC.

RTBRTA

RTC

51

lab example 2-a


!interface serial 0


interface serial 1ip address 192.168.1.1 255.255.255.0clockrate 6400

!router bgp 10

no synchronizationnetwork 172.18.2.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 192.168.1.2 remote-as 10neighbor 192.168.1.2 next-hop-selfredistribute static route-map default_onlyno auto-summary

!ip route 0.0.0.0 0.0.0.0 172.18.2.1 40access-list 1 permit 0.0.0.0!route-map default_only permit 10

match ip address 1 set local-preference 300

route-map default_only deny 20

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

52

lab example 2-a interface ethernet 0ip address 172.18.3.1 255.255.255.0

!interface serial 0



no synchronizationnetwork 172.18.3.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 192.168.1.1 remote-as 10neighbor 192.168.1.1 next-hop-selfno auto-summary

!router ospf 16

network 1.1.0.0 0.0.3.255 area 0default-originate route-map def-only

!access-list 1 permit 0.0.0.0!route-map def_only permit 10

match ip address 1

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

53

lab example 2-a


!interface serial 0


ip address 1.1.2.2 255.255.255.0!router ospf 16

network 1.1.0.0 0.0.3.255 area 0

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

192.168.1.2 S1192.168.1.1 S1

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

54

lab example 2-b

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

172.18.2.1 E0

172.18.3.1 E0

Routing policiesTraffic to the Internet should go toward 172.18.2.10.IBGP is running between RTA and RTB; IGP is running between

RTB and RTC.

RTBRTA

RTC

55


!interface serial 0


!router bgp 10

no synchronizationno synchronizationnetwork 172.18.2.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 next-hop-selfredistribute static route-map default_onlyno auto-summary

!ip route 0.0.0.0 0.0.0.0 172.18.2.1 40access-list 1 permit 0.0.0.0!route-map default_only permit 10

match ip address 1 set local-preference 300

!route-map default_only deny 20

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

lab example 2-b

56

lab example 2-b interface ethernet 0ip address 172.18.3.1 255.255.255.0

!interface serial 0


no synchronizationnetwork 172.18.3.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 next-hop-selfno auto-summary

!router ospf 16

network 1.1.0.0 0.0.3.255 area 0default-originate route-map def-only

!access-list 1 permit 0.0.0.0!route-map def_only permit 10

match ip address 1

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

57

1.1.1.2 S0AS 10

1.1.2.2 S1

IBGP

172.18.23.1 E0

1.1.1.1 S01.1.2.1 S0

X1X2

172.18.2.1 E0

172.18.3.1 E0

RTBRTA

RTC

lab example 2-b


!interface serial 0


ip address 1.1.2.2 255.255.255.0!router ospf 16

network 1.1.0.0 0.0.3.255 area 0

58

lab example 3

AS 65300



AS 65100

192.168.4.1 E0172.16.4.1 E0

We like to load balance over two links betweenAS 65100 and AS 65300

1.1.1.2 S01.1.1.1 S0

1.1.2.1 S11.1.2.2 S1

59

lab example 3

AS 65300



AS 65100

192.168.4.1 E0172.16.4.1 E0

1.1.1.2 S01.1.1.1 S0

1.1.2.1 S11.1.2.2 S1


!interface serial 0


!interface serial 1


!Interface loopback 0


network 192.168.4.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihopneighbor 172.16.1.1 update-source loopback 0no auto-summary

!ip route 172.16.1.1 255.255.255.255 1.1.1.2 3ip route 172.16.1.1 255.255.255.255 1.1.2.2 3

60

lab example 3

AS 65300



AS 65100

192.168.4.1 E0172.16.4.1 E0

1.1.1.2 S01.1.1.1 S0

1.1.2.1 S11.1.2.2 S1


!interface serial 0




network 172.16.4.0 mask 255.255.255.0network 172.16.1.0 mask 255.255.255.0neighbor 172.16.50.1 remote-as 65100neighbor 172.16.50.1 ebgp-multihopneighbor 172.16.50.1 update-source loopback 0no auto-summary

!ip route 172.16.50.1 255.255.255.255 1.1.1.1 3ip route 172.16.50.1 255.255.255.255 1.1.2.1 3

Documents

BGP-4 Case Studies - University of Belgradetelekomunikacije.etf.bg.ac.rs/predmeti/ot4ai/BGP4-2.pdf · BGP-4 Case Studies Nenad Krajnovic e-mail: [email protected]. 2 Today topics