Embed Size (px)
DESCRIPTION
bgp
Citation preview
BGP
Alp ISIK
ObjectivesPart 1 (bgp introduction)- IBGP Peering- Update source- EBGP Peering- Network command- Next-hop-self- Route-Reflector- Synchronization- Authentication- IBGP Confederation- Redistribute internal- Peer group
Part 2 (bgp best-path selection)- Weight- Local-Preference- AS-Path- Origin- MED
Objectives• Part 3 (Aggregation)- Aggregation- Summary-only- Suppress-map- Unsuppress-map- AS-SET- Advertise-map - Allowas-in
• Part 4 (Communities)- No-export- No-advertise- Local-as
General information about BGP• EBGP AD20, IBGP AD200• BGP uses TCP port 179.• BGP updates are triggered and incremental.• Convergence is very slow.• Routing table is very big.
• Tables
-----------------------------
- Neighbor table
- BGP Table
- Routing Table
Basic BGP Topology
OSPF 1 area 0
ebgp
IBGP Peering
• Internet network divided by BGP autonomous systems, each ISP/company represented by AS number.
• There are two kind of BGP peering IBGP and EBGP; for IBGP peering, peers need to be in the same AS; EBGP Peering is between different AS’s.
• For IBGP Peering we need full mesh topology or similating full-mesh. Because updates coming from IBGP peer does not sent to other IBGP peers, it’s also called ibgp split-horizon
Update source loopback
• Between R4 and R1; in order to make bgp neighborship we have 2 choices; either f0/0 or f0/1 and if we choose any of them we will not have any redundancy. Since we are using TCP we are configuring neighborship over lo0 interfaces, it provides redundancy.
• For IBGP peering physical directly connection is not required.
R2R1
lo0lo0
Bgp session
• In order to test if the router is listenning the TCP port :
-------------------------------------------------------------------------------
show tcp brief all
TCB Local Address Foreign Address (state)
67701674 *.179 1.1.1.1.* LISTEN
R2# clear ip bgp *
R2#debug ip bgp events
R2#debug ip bgp updates
EBGP Peering
• For EBGP the default TTL value is 1. So in order to make the neighborhood over loopback interfaces we need to increase the value to the required hop value.
• disable-connected-check is an alternate configuration. It’s used for EBGP peers configured over loopback addresses. Provides not to look at TTL value, and send the information. If thare are plenty of neighboorhood over loopback addresses, it provides efficiantly use of sources.
Network command
• In IGP; via network command we make the neighborship but in BGP we use this command for the prefixes that we want to advertise.
• Need to be careful while writing the mask it should exact match to the routing table.
• What is “r”, “>”, “?”, “i”, “*” ???
• “r” is the rib failure; it’s saying that same root is learnt from IGB with higher AD.
show ip bgp rib-failure.
• Why can’t we ping 55.55.55.55 from R1- R2 - R3 ?
• At AS1234 router’s we see as the next-hop for 55.55.55.55, 5.5.5.5 but except R4, the other routers don’t know how to reach 5.5.5.5.
• So “next-hop-self” command needed at R4 for the IBGP neighbor, to be a next-hop of AS5 originated prefixes.
Next-hop Self
Route-Reflector
• Remember the rule that the route learnt from ibgp peer does not sent to other ibgp peer.
• With route reflector configuration we can send the route learnt from ibgp peer to an other one.
55.55.55.55
R5 R4 R3 R1ebgp ibgp ibgp
55.55.55.55 55.55.55.55X
55.55.55.55
R5 R4 R3 R1ebgp ibgp ibgp
55.55.55.55 55.55.55.55
RR
Route-reflector-client
RR
ibgp
Route-reflection with clusters
as100
h
R1
R4
R5
sw4sw2
R3
SW3SW1R6
RR
BB3
BB1
Clıuster id 150.1.1.1 Clıuster id 150.1.3.3RR
RR Clıuster id 150.1.5.5
R2
as200
as54
As 54
Route-Reflection with Clusters1-routes learnt from EBGP peers can be sent to other EBGP peers,
clients and non-clients.
2- routes learnt from client peers can be sent to EBGP peers, other client peers and non-clients.
3- routes learnt from non-client peers can be sent to EBGP peers and client peers, but not other non-client peers.
R1; does not sent R3 learnt routes to R5, but send them to R4 and R6.
R3; does not sent R1 learnt routes to R5, but send them to SW1 and SW3.
In order to make Full-mesh redundancy between R1,R3, R5 route-reflector-client can be configured.
IBGP Confederations
AS65012
AS65034cbgp
cbgp
IBGP Confederation
• Configure with the Sub-AS.
// router bgp 65012• configure AS as identifier.
// bgp confed ide 1234• Configure peer AS’es.
// bgp confed peer 65034
PS: between different sub AS peers, TTL is counting, need to configure TTL higher.
Authenticating BGP Peerings
MD5 is Default. Implement directly to the router.
iBGP Synchronization• If IBGP synchronizatin is enabled, for a route to be valid,
it should be learnt from IGP first.
• Sometimes for Full redundancy need to redistribute Ebgp learnt routes into IGP.
• But it causes RIB failure.
• In order to get rid of RIB failure we can configure “bgp suppress-inactive” .
İnternet cloud
igpigp
BB1 BB2
CE1 CE2
C1
ebgpebgp
ibgp
• In this scenario, while CE1 sending the routes learnt from BB1, it will first send to C1 as physical way.
• Because of C1 does no spoke IBGP it can not make next-hop resolution and the routes couldn’t be sent to CE2; there are coubple ways to fix that
• 1- at C1, we can open IBBGP• 2- we can redistribute the interface IP of CE1,
CE2 connection of BB to IGP.• 3- we can make a tunnel between CE1 - CE2
and IBGP from that tunnel.
BGP over GRE
AS200
AS254
AS100
AS54
tunnel10.0.0.2/24
10.0.0.4/24
• Between R2 and R4, IGP is configured (bgp unaware)
• At R2
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
tunnel source 155.1.23.2
tunnel destination 155.1.146.4
router bgp 200
network 150.1.2.0 mask 255.255.255.0
neighbor 155.1.146.4 remote-as 100
neighbor 155.1.146.4 ebgp-multihop 5
neighbor 192.10.1.254 remote-as 254
neighbor 192.10.1.254 password CISCO
• At R4
interface Tunnel0
ip address 10.0.0.4 255.255.255.0
tunnel source 155.1.146.4
tunnel destination 155.1.23.2
router bgp 100
network 150.1.4.0 mask 255.255.255.0
neighbor 155.1.23.2 remote-as 200
neighbor 155.1.23.2 ebgp-multihop 5
neighbor 155.1.23.2 route-map FROM_R2 in
neighbor 155.1.23.2 route-map TO_R2 out
neighbor 204.12.1.254 remote-as 54
route-map TO_R2 permit 10
set ip next-hop 10.0.0.4
route-map FROM_R2 permit 10
set ip next-hop 10.0.0.2
BGP Redistribute Internal
AS100AS54
AS54
Bg
p to
IGP
RR
Ad
vertise 112
.0.0.1/24 to b
gp
Advertise 112.0.0.1/24 to bgp
• At R1, configured EIGRP external AD higher then IBGP.
• Since originally R1 is learning these 112.0.0.1 routes from R4 and R6 via IBGP AD200; while redistributing them into IGP at R3 with 170AD(EIGRP EX) it begun to learn them from R3; and R3’s Route reflector is R1, (R1 will sent to R3 and R3 will sent to R1) it will become a routing loop.
BGP Redistribute Internal
• While type “redistribute bgp” under IGP, IBGP routes will not redistributed. In order to make them active
• At R3
router bgp 100
bgp redistribute-internal
neighbor 155.1.13.1 remote-as 100
neighbor 155.1.13.1 route-map FROM_R1 in
route-map FROM_R1 permit 10
set ip next-hop 155.1.13.1
router eigrp 100
redistribute bgp 100 metric 10000 1000 255 1 1500
network 155.1.0.0
• At R1
router eigrp 100
network 155.1.0.0
distance eigrp 90 201
router bgp 100
neighbor 155.1.13.3 remote-as 100
neighbor 155.1.13.3 route-reflector-client
neighbor 155.1.146.4 remote-as 100
neighbor 155.1.146.4 route-reflector-client
neighbor 155.1.146.6 remote-as 100
neighbor 155.1.146.6 route-reflector-client
BGP Peer Groups• At R1
router bgp 100
neighbor IBGP_PEERS peer-group
neighbor IBGP_PEERS remote-as 100
neighbor IBGP_PEERS update-source Loopback0
neighbor IBGP_PEERS route-reflector-client
neighbor 150.1.2.2 peer-group IBGP_PEERS
neighbor 150.1.3.3 peer-group IBGP_PEERS
neighbor 150.1.4.4 peer-group IBGP_PEERS
neighbor 150.1.5.5 peer-group IBGP_PEERS
neighbor 150.1.6.6 peer-group IBGP_PEERS
Bgp best path selection criteria
• Exclude routes with inaccessible next hop
• Weight : with this command, we can determine which routes we will prefer, higher is better.
• Local Preference : it’s the preference that we get the routes, default is 100. Higher is better.
• AS Path : for loop prevention via AS-path; router does not accept prefix with it’s own AS in the path. Shorter is better.
• Origin : where the routes came from; incomplete (IGP have a preferences to redistributed routes)
• MED : Prefer lowest MED.
Best-path selection - Weight
Weight 10
• Default is 0, bigger is better. Give you control of the routes on the same router.
• We can configure directly to a neighbor; or we can implement via route-map for specific routes.
• It only effects upload traffic.
• It’s putting the max value 32768 for locally originated prefixes
Best-path selection - Weight
Best Path Selection Local Preference
Local-pref 1
03
Best Path Selection Local Preference
• It effects all local AS routers.• This attributes only sent to only IBGP neighbors.• If for same prefix router learns the prefix from
different paths wih same weight then local pref is in the game and higher one wins.
• It only effects upload traffic.
AS Path
Each time a route pass through an AS, each AS information is added to prevent loop.we can modify the passed AS as well.
Best-path Selection As Path
• Both upload and download traffic can be modified.
• In order to effect the traffic both weight and local preference need to be same for the prefix learnt from different paths.
Best-path Selection As Path
AS path 10 20 30
Best-Path Selection Origin
• Injected prefixes with network command are superior to redistributed ones to bgp.
Best-Path Selection Origin
Origin with ?
• Higher one has lower priority.
• In normal situation BGP only compares med for learnt from same AS.
• But if we configure (config-router)#bgp always-compare-med; it will check all the time.
Best-Path Selection MED
Best-Path Selection MED
Metric 10
MED Always compare
cloud
5.5.5.5/32 metric 50
5.5.5.5/32
BGP Aggregation
• We can aggregate prefixes from different AS’es as well.
• All prefixes (both summary and specific ones) are send.
• With “summary-only” command we can suppress the specific ones.
• With “suppress-map” we can send some individual prefixes.
• With “unsuppress-map” we can implement this to a neighbor.
BGP Aggregation10.0.0.0 /2410.0.1.0 /2410.0.2.0 /2410.0.3.0 /2410.0.0.0 /22
BGP Aggregation Summary-only
10.0.0.0 /22
BGP Aggregation Summary-only Suppress-map
10.0.0.0 /2210.0.2.0/24
BGP Aggregation Summary-only Unsuppress-map
10.0.0.0 /2210.0.1.0/24
10.0.0.0 /22
BGP Aggregation AS-SET
• While aggregation is done at another router (in which prefixes are not originated) AS information does not hold; with “as-set” command, routers holds that info.
BGP Aggregation AS-SET
10.0.0.0 /22 {1,2,3,4}
X No bgp
BGP Aggregation Advertise-MapAllowas-in
10.0.0.0 /22 {1,2,4}
10.0.0.0 /2210.0.0.0 /22
x No bgp
Bgp communities• There are 4 well known community :
- Internet : useless- Local-AS : dont send outside the local AS; (not send to
confederation as well)- no-advertise : dont advertise to any peer- no-export : dont export to the next AS
• What is the function: it provides grouping the prefixes so that inside the AS there is no need to catch the prefixes one by one to modify or filtering, bind the community according to AS number and modify whole prefixes.
BGP Communities no-export
AS65012
cbgp
ebgp
x No bgp
AS65034
55.55.55.55/32 community 200:200
55.55.55.55/32 Send community no export
55.55.55.55/32 Send community no export
55.55.55.55/32
BGP Communities no-advertise
AS65012
cbgp
ebgp
x No bgp
AS65034
55.55.55.55/32 community 200:200
55.55.55.55/32 Send community no advertise
55.55.55.55/32 Send community no export
55.55.55.55/32
BGP Communities local-as
AS65012
cbgp
ebgp
x No bgp
AS65034
33.33.33.33/32
33.33.33.33/32 Send community Local-as
33.33.33.33/32
community 300:300
BGP Filtering with Maximum Prefix
• Rack1SW1(config-router)#neighbor 155.1.37.3 maximum-prefix 20 warning-only
• Rack1R6(config-router)# neighbor 54.1.1.254 maximum-prefix 20 80 restart 3
BGP Dampening• At R2, R3, R5, SW2, SW4
router bgp 200
bgp dampening 4 750 2000 16
