CIS 185 CCNP ROUTE Ch. 6 Border Gateway Protocol Solution for ISP Connectivity – Part 2

CIS 185 CCNP ROUTECh. 6 Border Gateway Protocol Solution

for ISP Connectivity – Part 2

Rick Graziani

Cabrillo College

[email protected]

Last Updated: Fall 2010

2

Materials

Show configuration for not being a transit AS

3

Materials

Book: Implementing Cisco IP Routing

(ROUTE) Foundation Learning Guide: Foundation learning for the ROUTE 642-902 Exam

By Diane Teare Book

ISBN-10: 1-58705-882-0 ISBN-13: 978-1-58705-882-0

eBook ISBN-10: 0-13-255033-4 ISBN-13: 978-0-13-255033-8

4

SVL SAC

LAX RVR

SVL-Agg1

LAX-Agg1

L2 PAIX

CUDI

Level 3

Transit

Cogent

Transit

CENIC (non-transit AS) Google

CommodityPeer

Hurricane Elec

CommodityPeer

Comcast

CommodityPeer

Customer Prefixes

Internet 2

ResearchPeer

NLR

ResearchPeer

Bi-lateralSettlementFree Peer

Note: This diagram is by no means accurate but only a very simplified representation of an AS.

Cabrillo

UCSC

UCLA

Cuesta

Public IP Address

AS and Public IP Address


Public IP Address

Static Default

Static

Default

EBGP

EBGP

Fully-meshed IBGP

EBGP

EBGP

EBGPMED LocPref

IGP: IS-IS used for next-hop reachability

EBGP

Buy transit per Mb/s per month for routes not know from non-transit AS’s


Non-transit. You can get to our prefixes and we can get to your prefixes. No charge.

Note: Non-customer prefixes (networks connecting peers) are not included in EBGP updates to peers. IGP is not redistributed into IS-IS and IS-IS is not redistributed into BGP.

Redistribute static


5

6

www.cenic.org

7

Path Attributes

Each route has its own set of defined attributes, which can include: Path information Route preference Next-hop Aggregation information

Administrators use these values to enforce routing policy. Based on attribute values, you can configure BGP to:

filter routing information prefer certain paths customize its behavior

Every UPDATE message has a variable-length sequence of path attributes.

8

Path Attributes

Not all vendor implementations of BGP recognize the same attributes. Path attributes come in four different types:

Well-known mandatory Well-known discretionary Optional transitive Optional non-transitive

9

Well-known mandatory An attribute that has to exist in the BGP UPDATE packet. It must be recognized by all BGP implementations. If a well-known attribute is missing, a notification error will be generated

This ensures that all BGP implementations agree on a standard set of attributes.

Example: AS_PATH attribute

Path Attributes

10

Path Attributes

Well-known discretionary An attribute that is recognized by all BGP implementations But may or may not be sent in the BGP UPDATE message.

Example: LOCAL_PREF

11

Path Attributes

Optional transitive An attribute that may or may not be, recognized by all BGP

implementations (thus, optional). Because the attribute is transitive:

BGP should accept and advertise the attribute even if it isn’t recognized.

Example: COMMUNITY

12

Path Attributes

Optional non-transitive An attribute that may or may not be, recognized by all BGP

implementations. Whether or not the receiving BGP router recognizes the attribute, it is non-

transitive: Should NOT be passed along to other BGP peers.

Example: MED

The Route Selection Decision Process (Cisco)

13

Summary of the BGP Path Selection Process BGP uses the following criteria, in the order presented, to select a path for a

destination: NOTE: Not all of these are commonly used and will be examined in more

detail later in this presentation and in the next presentation.

1. If the path specifies a next hop that is inaccessible, drop the update.2. Prefer the path with the largest weight.3. If the weights are the same, prefer the path with the largest local preference.4. If the local preferences are the same, prefer the path that was originated by

BGP running on this router.5. If no route was originated, prefer the route that has the shortest AS_path.6. If all paths have the same AS_path length, prefer the path with the lowest

origin type (where IGP is lower than EGP, and EGP is lower than Incomplete).

7. If the origin codes are the same, prefer the path with the lowest MED attribute.

8. If the paths have the same MED, prefer the external path over the internal path.

9. If the paths are still the same, prefer the path through the closest IGP neighbor.

10. Prefer the path with the lowest IP address, as specified by the BGP router ID

WLam

Weight

Local Preference

as path

med

The AS-Path Attribute

AS-path attribute – Well-known mandatory attribute Whenever a route update passes through an AS, the AS number is prepended to

that update AS number is put at the beginning of the list when it is advertised to the next

EBGP neighbor. Router A: advertises network 192.168.1.0 in AS 64520. Router C: prepends its own AS number to it and advertises the route to Router B. Router B: From Router B’s perspective, the path to reach 192.168.1.0 is:

65500, 64520 14

My path to 192.168.1.0 is (65500, 64520)

WLam

Weight

Local Preference

as path

med

AS numbers are prepended only by routers advertising routes to EBGP neighbors.

Routers advertising routes to IBGP neighbors do not change the AS-path attribute

15

The AS-Path Attribute

My path to 192.168.1.0 is (65500, 64520)My path to

192.168.1.0 is (64520)

show ip bpg – Shows the BGP Table AS Path to 44.0.0.0 is via AS: 7018, 22822, 22822, 2152, 7377 2282 twice? AS Path prepend (later)

16

The Next-Hop Attribute

Next-hop attribute - A well-known mandatory attribute Indicates the next-hop IP address that is to be used to reach a destination. IGPs:

hop-by-hop routing protocol router-by-router

BGP: hop-by-hop routing protocol (like IGPs) AS-by-AS (not like IGPs) By default, the next-hop is the next AS

17

EBGP: The next-hop is the IP address of the neighbor that sent the update. Router A advertises (EBGP) 172.16.0.0 to Router B, with a next hop of

10.10.10.3 IBGP: The next-hop is carried into IBGP unchanged.

Router B advertises (IBGP) 172.16.0.0 to Router C, with a next hop of 10.10.10.3.

Router B uses 10.10.10.3 as the next-hop attribute to get to 172.16.0.0 Router C’s next hop to reach 172.16.0.0 is 10.10.10.3 not 172.20.10.1

18


Very important that Router C knows how to reach the 10.10.10.3 (10.0.0.0 or 10.10.10.0) IGP static route

Otherwise, Router C will drop packets destined for 172.16.0.0, because it will not be able to get to the next-hop address for that network.

Must either: Advertise the next-hop network, the network between AS’s, (10.10.10.0)

into the AS Change the next-hop address (Router B’s 172.20.10.0 network) - later

19


Recursive Lookup IBGP router performs a recursive lookup to find out how to reach the BGP next-

hop address by using its IGP entries in the routing table. Router C has a packet to send to 172.16.100.1

Finds the longest-match for 172.16.100.1 (172.16.0.0/16) in the routing table and finds a BGP route with a next hop of 10.10.10.3.

Does a recursive lookup in the routing table for a path to network 10.10.10.3 If there is an IGP route to 10.10.10.3 (ex: 10.10.10.0) in the routing table with

a next hop of 172.20.10.1 Forwards the packet destined for 172.16.100.1 to 172.20.10.1 Otherwise, drops the packet 20


Third-party Next-Hop: When running BGP over a multiaccess network such as Ethernet, a BGP

router uses the appropriate address as the next-hop address (by changing the next-hop attribute) to avoid inserting additional hops into the path.

Because the network among the three routers A, B, and C is a multiaccess network, it makes more sense for Router A to use Router C as a next hop to reach 172.30.0.0, rather than making an extra hop via Router B.

21

Third-Party Next-Hop

I’m your EBGP peer but your best next-hop path to 172.30.0.0 is via Router C at 10.10.10.2

172.30.0.0

EBGP

However, if the common medium between routers is a nonbroadcast multiaccess (NBMA) medium, complications might occur.

Routers A, B, and C are connected by Frame Relay. Router B can reach network 172.30.0.0 via 10.10.10.2 (PVC). When Router B sends a BGP update to Router A about 172.30.0.0, it uses

10.10.10.2 as the next hop, not its own IP address (10.10.10.1). A problem arises if Routers A and C do not know how to communicate directly

Routers A and C do not have a Frame Relay map entry to reach each other Solution: Router B could advertise itself as the next-hop address for routes sent

to Router A like a non-multiaccess network (later)22

Third-Party Next-Hop

172.30.0.0

EBGP PVCPVC

I’m your EBGP peer but since this is a multicaccess network I know your best next-hop path to 172.30.0.0 is via Router C at 10.10.10.2

Thanks but I don’t have a PVC or a Frame Relay map entry to 10.10.10.2

The Origin Attribute

The origin attribute is a well-known mandatory attribute Defines the origin of the path information.

The origin attribute can be one of three values: IGP

The route is interior to the originating AS. Normally when the network command is used (coming) Indicated with an “i” in the BGP table (coming)

EGP The route is learned via EGP EGP is legacy and no longer supported in the Internet Indicated with an “e” in the BGP table.

Incomplete The route’s origin is unknown or is learned via some other means. This usually occurs when a route is redistributed into BGP. Indicated with a “?” in the BGP table. 23

The Local Preference Attribute

Local preference - A well-known discretionary attribute Indicates to routers in the AS which path is preferred to exit the AS

Path with the higher local preference is preferred. Configured on a router Exchanged only among routers within the same AS

Passed only via IBGP not via EBGP Default value on a Cisco router is 100 Local Preference takes precedence over AS_PATH

WLam: Weight, Local preference, as path, med24

IBGP

172.16.0.0

WLam

Weight

Local Preference

as path

med

AS 64520 receives updates about network 172.16.0.0 from two directions: via AS 65500 (65500, 65350) via 65000 (65000, 65250, 65350)

Router A and Router B are IBGP neighbors. Local preference:

On Router A for network 172.16.0.0 is set to 200 On Router B for network 172.16.0.0 is set to 150

Local preference information is exchanged within AS 64520 via IBGP All traffic in AS 64520 addressed to network 172.16.0.0 is sent to Router A

as an exit point from AS 64520. 25

The Local Preference Attribute

IBGP

172.16.0.0

My Local Preference is higher so I am the preferred exit point.

The MED Attribute

The MED attribute - An optional nontransitive attribute. Also called the metric

Displayed in the metric column in the BGP table. Indicates to external neighbors the preferred path into an autonomous

system. A way for an AS to try to influence another AS as to which way it should

send its traffic when there are multiple entry points. MED is sent to EBGP peers:

Those routers propagate the MED within their AS But do not pass it on to the next AS

26

172.20.0.0

WLam

Weight

Local Preference

as path

med

By default, a router compares the MED attribute only for paths from neighbors in the same AS.

By using the MED attribute, BGP is the only protocol that can affect how routes are sent into an AS.

Router B has set the MED attribute to 150 for 172.20.0.0 Router C has set the MED attribute to 200 for 172.20.0.0 Router A receives EBGP updates from Routers B and C

Chooses Router B as the best next hop to get to AS 6550027

The MED Attribute

Which path is most attractive?

172.20.0.0

My MED is 150 for 172.20.0.0 so send those packets this way.

My MED is 200 for 172.20.0.0 so send those packets this way.

By default, a router compares the MED attribute only for paths from neighbors in the same AS.

If these were two different AS’s then Router A would use MED for best path selection

28

The MED Attribute

My MED is 150 for 172.20.0.0 so send those packets this way to AS 65001.

My MED is 200 for 172.20.0.0 so send those packets this way to AS 65002.

Different AS’s so I won’t use the MED unless configured with “bgp always compare med”

AS 65000172.20.0.0AS

65001

AS 65002

The Weight Attribute (Cisco Only)

Weight attribute - a Cisco-defined attribute used for the path-selection process.

Configured locally and not propagated to any other routers Higher weight is preferred when there are multiple routes to the same

network. Weight takes precedence over Local Preference Value from 0 to 65535. Default of 32768

29

WLam

Weight

Local Preference

as path

med

Router A has two ways to reach 172.20.0.0 via Router B (AS 65000) via Router C (AS 65500)

Router A is configured to set the weight of updates coming from: Router B to 200 Router C to 150

Weight for Router B is higher so Router A uses Router B as a next hop to reach 172.20.0.0

30

The Weight Attribute (Cisco Only)

Router A

AS 65500 150AS 65000

200

The Path-Selection Decision Process with a Multihomed Connection

An AS rarely implements BGP with only one EBGP connection, so generally multiple paths exist for each network in the BGP forwarding database.

Using the 11-step route selection process as outlined in Diane Teare’s book…

31

The Route Selection Decision Process (Cisco)

32

Summary of the BGP Path Selection Process BGP uses the following criteria, in the order presented, to select a path for a

destination: NOTE: Not all of these are commonly used and will be examined in more

detail later in this presentation and in the next presentation.

1. If the path specifies a next hop that is inaccessible, drop the update.2. Prefer the path with the largest weight.3. If the weights are the same, prefer the path with the largest local preference.4. If the local preferences are the same, prefer the path that was originated by

BGP running on this router.5. If no route was originated, prefer the route that has the shortest AS_path.6. If all paths have the same AS_path length, prefer the path with the lowest

origin type (where IGP is lower than EGP, and EGP is lower than Incomplete).

7. If the origin codes are the same, prefer the path with the lowest MED attribute.

8. If the paths have the same MED, prefer the external path over the internal path.

9. If the paths are still the same, prefer the path through the closest IGP neighbor.

10. Prefer the path with the lowest IP address, as specified by the BGP router ID

WLam

Weight

Local Preference

as path

med

Step 1 Prefer the route with the highest weight. (Recall that the weight is Cisco-proprietary and is local to the router only.)

Step 2 If multiple routes have the same weight, prefer the route with the highest local preference. (Recall that the local preference is used within an AS.)

Step 3 If multiple routes have the same local preference, prefer the route that was originated by the local router. (network command)

Step 4 If none of the routes were originated by the local router, prefer the route with the shortest AS-path.

Step 5 If the AS-path length is the same, prefer the lowest origin code (IGP < EGP < incomplete).

Step 6 If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is exchanged between autonomous systems.) The MED comparison is done only if the neighboring AS is the same for all routes considered, unless the bgp always-compare-med router configuration command is enabled.

Step 7 If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP).

Step 8 If synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means that the router prefers the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop).

Step 9 For EBGP paths, select the oldest route, to minimize the effect of routes going up and down (flapping).

Step 10 Prefer the route with the lowest neighbor BGP router ID value. Step 11 If the BGP router IDs are the same, prefer the route with the lowest neighbor IP

address.33

The Route Selection Decision Process (ROUTE)










Step 10 Prefer the route with the lowest neighbor BGP router ID value.

Step 11 If the BGP router IDs are the same, prefer the route with the lowest neighbor IP address.

34

The Route Selection Decision Process (ROUTE) 12

3

4

5

67

8 9

10 11

Multiple Path Selection (BGP Multipath) BGP chooses only a single best path for each destination. The maximum-paths paths affects only the number of routes kept in the IP

routing table, not the number of paths selected as best by BGP. Defaults to one. R2 and R3 are advertising network 10.0.0.0.

With maximum-paths 2: both paths appear in the IP routing table Without maximum-paths 2: only one path to 10.0.0.0 in R1’s routing

table Only one path is still selected as the best in the BGP table “>” (offered

to the IP routing table) and advertised to its BGP neighbors. 35

R1(config)#router bgp 65201R1(config-router)# maximum-paths 2

Configuring BGP

36

Entering BGP Configuration Mode

Use the router bgp autonomous-system global configuration command autonomous-system identifies the local AS.

AS determines whether IBGP or EBGP neighbors. The router bgp command alone does not activate BGP on a router.

Must enter at least one subcommand. Only one instance of BGP can be configured on a router

37

RTA(config)#router bgp 100RTA(config-router)#

RTB(config)#router bgp 200RTB(config-router)#

Defining BGP Neighbors and Activating BGP Sessions

neighbor {ip-address | peer-group-name} remote-as autonomous-system This address must be reachable (for TCP session) and exchanging BGP

updates. autonomous-system field of the neighbor remote-as:

EBGP: different AS numbers IBGP: same AS number

Note: We will discuss peer groups later.

38

RTA(config)#router bgp 100RTA(config-router)#neighbor 10.1.1.1 remote-as 200

RTB(config)#router bgp 200RTB(config-router)#neighbor 10.1.1.2 remote-as 100

39

EBGP and fully meshed IBGP

router bgp 65101 neighbor 10.2.2.2 remote-as 65101 neighbor 10.1.1.2 remote-as 65101

Shutting Down a BGP Neighbor To disable (administratively shut down) an existing BGP neighbor or

peer group This command not only terminates the session but also removes all

associated routing information. Use the “no neighbor…” to enable a neighbor previously shutdown If you want to implement major policy changes to a neighboring you must:

Administratively shut down the neighboring router Implement the changes (attributes, route filtering, etc.) Administratively bring the neighboring router back up

40

Router(config)# router bgp asRouter(config-router)# neighbor {ip-address | peer-group-name} shutdown

Defining the Source IP Address

The BGP neighbor statement tells the BGP process the destination IP address of each update packet.

The source IP address must match the address in the corresponding neighbor statement on the other router.

BGP does not accept unsolicited updates.

41

RTA(config)#router bgp 100RTA(config-router)#neighbor 10.1.1.1 remote-as 200

I will only accept BGP updates with a source IP address of 10.1.1.1

Router D has the configuration above. If Router A is sending the BGP packets to Router D via Router B

The source IP address of the packets will be 10.1.1.1 Router D:

Does not recognize the sender of the BGP packet (10.1.1.1) 10.1.1.1 is not configured as a neighbor of Router D. The IBGP session between Router A and D will not be established.

42

RouterD(config)#router bgp 65102RouterD(config-router)#neighbor 10.3.3.1 remote-as 650102

Solution: Establish the IBGP session using a loopback interface when there are multiple paths between the IBGP neighbors.

Causes the router to use the address of the specified loopback interface as the source address for BGP connections to this neighbor.

Need to make sure loopback address is reachable (TCP session)43

Router(config)#router bgp asRouter(config-router)# neighbor {ip-address | peer-group-name}

update-source loopback interface-numberRouterA(config)#router bgp 65102RouterA(config-router)#neighbor 192.168.4.4 remote-as 650102RouterA(config-router)#neighbor 192.168.4.4 update-source loopback0

RouterD(config)#router bgp 65102RouterD(config-router)#neighbor 192.168.1.1 remote-as 650102RouterD(config-router)#neighbor 192.168.1.1 update-source loopback0

Router B has Router A as an EBGP neighbor Only reachable via directly connected address 172.16.1.1

Router C has Router D as an EBGP neighbor Only reachable via directly connected address 192.168.1.1

44

However, Router B has multiple paths to reach Router C (IBGP neighbor) Router B and C: All networks are reachable via IGP EIGRP including

loopback interfaces Neighbor relationship between Routers B and C are loopback interfaces If one of the links between Router B and C goes down the BGP peering is

not affected. Without the loopbacks as source interfaces If one of the links between

Router B and C goes down the BGP neighbor relationship would be lost.

45

EBGP Multihop

Because IGP routing information is not exchanged with external peers: The router must point to a directly connected address for external neighbors. A loopback interface is never directly connected.

So, if you want to peer with a loopback interface instead: Must add a static route to the loopback pointing to the physical address of the

directly connected network (the next-hop address) Must also enable multihop EBGP, with the router configuration command:

neighbor {ip-address | peer-group-name} ebgp-multihop [ttl] This command increases the default of one hop for EBGP peers by changing the default

Time to Live (TTL) value of 1 and therefore allowing routes to the EBGP loopback address. By default, the TTL is set to 255 with this command. This command is of value when redundant paths exist between EBGP neighbors.

46

Alternative but less desirable Router A in AS 65102 has two paths to Router B in AS 65101.

Primary Backup

Router A can use two neighbor statements pointing to 192.168.1.18 and 192.168.1.34 on Router B.

Disadvantage: Router A will send duplicate (two) BGP updates to Router B because of the two neighbor statements.

47

EBGP Multihop

RTA(config)#router bgp 65102RTA(config-router)#neighbor 192.168.1.18 remote-as 65101RTA(config-router)#neighbor 192.168.1.34 remote-as 65101

EBGP Multihop Each router instead:

Uses its loopback address as the source IP address for its BGP updates Points to the loopback address of the other router

IGP is not used between autonomous systems, so neither router can reach the loopback of the other router without assistance.

Assistance: Each router needs to use two static routes: A path to reach the loopback address of the other router.

neighbor ebgp-multihop: Must also be configured to change the default setting of BGP and inform the BGP process that this neighbor IP address is more than one hop away (2 hops in this example). 48

EBGP Multihop

Changing the Next-Hop Attribute

An internal protocol, such as RIP, EIGRP, or OSPF, always uses the source IP address of a routing update as the next-hop address for each network from that update that is placed in the routing table.

IBGP: The next-hop is carried into IBGP unchanged. neighbor {ip-address | peer-group-name} next-hop-self router

configuration command Used to force BGP to use the source IP address of the update as the

next hop for each network it advertises to the neighbor Rather than using the next-hop AS IP address (default).

49

50

EBGP: The next-hop is the IP address of the neighbor that sent the update. Router A advertises (EBGP) 192.168.15.0 to Router B, with a next hop of 172.16.1.1 Router C advertises (EBGP) 192.168.15.0 to Router B, with a next hop of 192.168.1.1

IBGP: The next-hop is carried into IBGP unchanged. Router B advertises (IBGP) 192.168.15.0 to Router C, with a next hop of 172.16.1.1

Router B uses 172.16.1.1 as the next-hop attribute to get to 192.168.15.0 and Router C uses 172.16.1.1 as the next-hop attribute to get to 192.168.15.0 Router C’s next hop to reach 192.168.15.0 is 172.16.1.1 not one of it’s local interfaces Very important that Router C knows how to reach the 172.16.1.1:

IGP Static route

Otherwise, Router C will drop packets destined for 192.168.15.0, because it will not be able to get to the next-hop address for that network.

Must either: Advertise the next-hop network, the network between AS’s, (172.16.0.0) into the AS Change the next-hop address to Router B’s local interface

192.168.15.0

The neighbor next-hop-self command to change the default BGP next-hop settings.

Router B advertises a next hop of 192.168.2.2 (the IP address of its loopback interface) to its IBGP neighbor set with the neighbor update-

source command

51

192.168.15.0

Defining the Networks That BGP Advertises

Two options available to advertise networks into BGP: network command Redistributing routes from an IGP into BGP

Not recommended because any change in IGP routes (link goes down) might cause a BGP update

Could result in unstable BGP tables If redistribution:

Only local routes to the AS are redistributed Problem if you redistribute routes learned from other AS’s into

the IGP and the redistribute those routes back into BGP because it could result in a routing loop. 52

RTA(config)#router bgp asRTA(config-router)#network network-number

network network-number [mask network-mask] [route-map map-tag]

Permits BGP to advertise a network if it is present in the IP routing table No mask: Classful default mask is assumed. Different than IGP network command:

Determines which networks this router advertises. Does not determine which interfaces send/receive routing protocol updates Sole purpose of the network command is to notify BGP which networks to

advertise If the mask is not specified router announces only the classful network

address At least one subnet of the specified major network must be present in the

IP routing table for BGP to announce the classful network as a BGP route. If you specify the network-mask:

An exact match to the network (both address and mask) must exist in the routing table for the network to be advertised. 53

RTA(config)#router bgp asRTA(config-router)# network network-number [mask network-mask] [route-

map map-tag]

With Cisco IOS 12.1(8)T – Default is no auto-summary auto-summary – All redistributed subnets are summarized to their

classful boundaries in the BGP table. When a subnet is redistributed from an IGP into BGP, only the classful

network route is injected into the BGP table.

54

RTA(config)#router bgp asRTA(config-router)# no auto-summary

Auto-summary

BGP Neighbor Authentication

BGP neighbor authentication on a router so that the router authenticates the source of each routing update packet that it receives

Exchange of an authenticating keys (sometimes referred to as a passwords) To enable MD5 authentication on a TCP connection between two BGP

peers, use the string router configuration command:

neighbor {ip-address | peer-group-name} password 55

synchronization - Router configuration command to enable BGP synchronization Router will not advertise routes in BGP until it learns them in an IGP. No longer the default as of Cisco IOS 12.2(8)T

BGP synchronization rule states: A BGP router should not use or advertise to an external BGP neighbor a route learned by IBGP, unless that route is directly connected or learned from the IGP.

56

BGP SynchronizationI learned about 172.16.0.0 via IBGP from Router B. I will not advertise 172.16.0.0 to Router E via EBGP unless I see this network in my routing table leaned via an IGP (OSPF).

?IBGP

AS 65000 networksInto OSPF

OSPF

Note: There is not a physical link b/t A and B

RTA(config)#router bgp 65500RTA(config-router)# synchronization

no synchronization - Router configuration command disables synchronization

Default as of Cisco IOS 12.2(8)T Best practice is to no longer redistribute BGP networks into the IGP. Instead, all routers in the AS should be fully meshed IBGP.

57

No BGP Synchronization

?IBGP

AS 65000 networksInto OSPF

OSPF

I learned about 172.16.0.0 via IBGP from Router B. I will not advertise 172.16.0.0 to Router E via EBGP unless I see this network in my routing table leaned via an IGP (OSPF).

I learned about 172.16.0.0 via IBGP from Router B. I can advertise 172.16.0.0 to Router E via EBGP even if this network in NOT in my routing table leaned via an IGP (OSPF).

RTA(config)#router bgp 65500RTA(config-router)# no synchronization

Resetting BGP Sessions

So we can focus on other items, please read this section on your own.

58

Resetting BGP Sessions

BGP can potentially handle huge volumes of routing information. Cisco IOS Software applies changes on only those updates received or

transmitted after the BGP policy configuration change has been performed. If the network administrator wants the policy change to be applied on all

routes, he or she must trigger an update to force the router to let all routes pass through the new filter. Outgoing information, the router has to resend its BGP table through the

new filter Incoming information, the router needs its neighbor to resend its BGP

table so that it passes through the new filter There are three ways to trigger an update:

Hard reset Soft reset Route refresh

59

Hard Reset of BGP Sessions

clear ip bgp * or clear ip bgp {neighbor-address} Resetting a session is a method of informing the neighbor or neighbors of a

policy change. All routes from that session are invalidated and removed from the BGP

table. The remote neighbor detects a BGP session down state:

Also invalidates the received routes. After a period of 30 to 60 seconds, the BGP sessions are reestablished

automatically The BGP tables are exchanged again, but through the new filters. However, resetting the BGP session disrupts packet forwarding.

60

RTA(config)#router bgp 65500RTA(config-router)# no synchronization

Router A: Has eight neighbors Each neighbor sends Router A the full Internet table

assume that is about 32 MB in size If the clear ip bgp * command is issued on Router A:

All eight routers resend their 32 MB table at the same time. Router A will need 256 MB of RAM

Router A will have to process all of this information. This will take a considerable number of CPU cycles This will further delaying the routing of user data

clear ip bgp neighbor-address - one neighbor is reset at a time is less severe

61

RTA(config)#router bgp 65500RTA(config-router)# clear ip bgp *Or RTA(config-router)# clear ip bgp neighbor-address

Soft Reset of BGP Sessions Outbound

clear ip bgp {* | neighbor-address} [soft out]

Note: soft keyword is optional Causes BGP to do a soft reset for outbound updates. Does not reset the BGP session Router creates a new update and sends the whole table to the specified

neighbors. Does not have any memory overhead. This command is highly recommended when you are changing an

outbound policy But does not help if you are changing an inbound policy.

62

RTA# clear ip bgp * soft outOr RTA# clear ip bgp neighbor-address soft out

Soft Reset of BGP Sessions Inbound There are two ways to perform an inbound soft reconfiguration:

Stored routing update information Dynamically

Inbound Soft Reset Using Stored Information First: Enter the neighbor {ip-address} soft-reconfiguration inbound router

configuration command to inform BGP to save all updates that were learned from the neighbor specified. The BGP router retains an unfiltered table of what that neighbor has sent.

Next, the inbound policy is changed Then, use clear ip bgp {* | neighbor-address} soft in privileged EXEC command

causes the router to use the stored unfiltered table to generate new inbound updates; the new results are placed in the BGP forwarding database.

Thus, if you make changes, you do not have to force the other side to resend everything.

63

RTA(config)#router bgp 65500RTA(config-router)# neighbor {ip-address} soft-reconfiguration inbound

RTA# clear ip bgp {* | neighbor-address} soft in

Route Refresh: Dynamic Inbound Soft Reset provides automatic support for dynamic soft reset of inbound BGP routing table

updates that is not dependent on stored routing table update information. This new method requires no preconfiguration The clear ip bgp {* | neighbor-address} [soft in | in] privileged EXEC

command is the only command required for this dynamic soft reconfiguration. The soft in option generates new inbound updates without resetting the BGP

session, but it can be memory intensive. BGP does not allow a router to force another BGP speaker to resend its entire

table. If you change the inbound BGP policy and you do not want to complete a hard

reset, use this command to cause the router to perform a soft reconfiguration. The soft in option generates new inbound updates without resetting the BGP

session, but it can be memory intensive. BGP does not allow a router to force another BGP speaker to resend its entire

table. If you change the inbound BGP policy and you do not want to complete a hard

reset, use this command to cause the router to perform a soft reconfiguration.

64

When a BGP session is reset using soft reconfiguration, the following commands can be useful for monitoring the BGP routes received, sent, or filtered:

show ip bgp neighbors {address} received-routes: displays all received routes (both accepted and rejected) from the specified neighbor.

show ip bgp neighbors {address} routes: displays all routes that are received and accepted from the specified neighbor.; this output is a subset of the output displayed by the received-routes keyword.

show ip bgp: displays entries in the BGP table. show ip bgp neighbors {address} advertised-routes: displays

all BGP routes that have been advertised to neighbors 65

BGP Configuration Examples

66

Basic BGP

67

68

IBGP and EBGP

router bgp 65000 neighbor 10.1.1.2 remote-as 64520 neighbor 192.168.2.2 remote-as 65000 neighbor 192.168.2.2 update-source loopback0 neighbor 192.168.2.2 next-hop-self network 172.16.10.0 mask 255.255.255.0 network 192.168.1.0 network 192.168.3.0 no synchronization

router eigrp 10 network 192.168.2.1 255.255.255.255

Router B

EBGP peer to Router AIBGP peer to Router C’s loopback

IBGP-RTC: Use Lo0 as sourceIBGP-RTC: Changes next-hop attribute to its own Lo0

Advertises LAN 172.16.10.0/24 via BGP

Advertises serial link 192.168.1.0/24 via BGPAdvertises serial link 192.168.3.0/24 via BGP

Advertises Lo0 192.168.2.1/32 via EIGRP so RTC can reach it with it’s neighbor statement. RTC will advertise 192.168.2.2/32

May be default if IOS 12.2(8)T or later. Must be fully-meshed IBGP

Verifying and Troubleshooting BGP You can verify BGP operation using show EXEC commands, including the

following: show ip bgp—Displays entries in the BGP topology database (BGP table).

Specify a network number to get more specific information about a particular network.

show ip bgp rib-failure—Displays BGP routes that were not installed in the routing information base (RIB), and the reason that they were not installed.

show ip bgp neighbors—Displays detailed information about the TCP and BGP connections to neighbors.

show ip bgp summary—Displays the status of all BGP connections. Use the show ip bgp ? command on a router to see other BGP show

commands. debug commands display events as they happen on the router. For BGP,

the debug ip bgp privileged EXEC command has many options, including the following: dampening—BGP dampening events—BGP events keepalives—BGP keepalives updates—BGP updates

69

show ip bgp

show ip bgp - Displays the BGP topology database (the BGP table). The origin codes are shown at the end of each line. The status codes are shown at the beginning of each line of output In this output, most of the rows have an asterisk (*) in the first column.

Means that the next-hop address is valid. The next-hop address is not always the router that is directly connected to this

router. (IBGP) A locally originated route has a next hop of 0.0.0.0 70

71

Please review on your own… s: indicates that the specified routes are suppressed

(usually because routes have been summarized and only the summarized route is being sent).

d: for dampening, indicates that the route is being dampened (penalized) for going up and down too often. Although the route might be up right now, it is not

advertised until the penalty has expired. h: for history, indicates that the route is unavailable and

is probably down; historic information about the route exists, but a best route does not exist.

r: for RIB failure, indicates that the route was not installed in the RIB. The reason that the route is not installed can be

displayed using the show ip bgp rib-failure command, as described in the next section.

S: for stale, indicates that the route is stale (this is used in a nonstop forwarding-aware router

72

A greater-than sign (>) in the second column indicates the best path for a route selected by BGP

This route is offered to the IP routing table.

asterisk (*) - means that the next-hop address is valid.

73

Third column is either blank or has an i: Blank: BGP learned that route from an external peer (EBGP) i: BGP learned that route from an internal peer (IBGP) .

74

The fourth column lists the networks that the router learned. The fifth column lists all the next-hop addresses for each route. This next-hop address

column might contain 0.0.0.0, which signifies that this router originated the route. The next three columns list three BGP path attributes associated with the path:

metric (MED) local preference weight.

75

“Path” header may contain a sequence of autonomous systems in the path. The first AS listed is the adjacent AS from which this network was learned. The last AS this network’s originating AS. If the path column is blank, the route is from the current AS (this AS)

76

The last column signifies how this route was entered into BGP on the original router (the origin attribute).

i: The original router probably used a network command to introduce this network into BGP.

e: The original router learned this network from EGP (legacy, not likely). ?: The original BGP process cannot absolutely verify this network’s availability,

because it is redistributed from an IGP into the BGP process

show ip bgp rib-failure

show ip bgp rib-failure - Displays BGP routes that were not installed in the RIB (IP routing table) and the reason that they were not installed.

77

Displayed routes were not installed because a route(s) with a better administrative distance already existed in the RIB.

show ip bgp summary

show ip bgp summary – Verifies BGP neighbor relationships and other information

78

79

BGP Router ID

Increases in increments when the BGP table changes

Last version of BGP database that wasInjected into the main routing table

The IP address, used in the neighbor statement, with which this router is setting up a relationship

BGPversion

Neighbors AS

Number of BGP messages received from this neighbor

Number of BGP messages sent to this neighbor

The last version of the BGP table sent to this neighbor

The number of BGP messages from this neighbor waiting to be processed

The number of BGP messages queued and waiting to be sent to this neighbor. TCP flow control prevents a router from overwhelming its neighbor

The amount of time this neighbor has been in the current BGP state (established, active or idle)

When the session is in the established state, this value represents the number of BGP network entries received from this neighbor

The current BGP state. If established, not shown, instead a value is in the Pfx/Rcd

debug ip bgp updates

80

After the neighbor adjacency is reestablished, Router A creates and sends updates to 10.1.0.2.

Update sent about network 10.1.1.0/24, with a next hop of 10.1.0.1, which is Router A’s address

Update sent about network 10.97.97.0/24, with a next hop of 172.31.11.4, which is the address of one of Router A’s EBGP neighbors.

Router A later receives updates from 10.1.0.2. containing a path to two networks, 10.1.2.0/24 and 10.1.0.0/24

show ip bgp neighbors

show ip bgp neighbors – Displays information about the BGP connections to neighbors.

The BGP state is established, which means that the neighbors have established a TCP connection and the two peers have agreed to use BGP to communicate.

81

82

Character Description

^ Matches the beginning of the input string.

$ Matches the end of the input string.

_ Matches a space, comma, left brace, right brace, the beginning of an input string, or the ending of an input stream

. Matches any single character

* Matches 0 or more single- or multiple-character patterns.

Regular Expressions

A regular expression is a pattern to match against an input string.

83

RouterA

RouterB RouterC

12.0.0.0/8

192.10.2.0/24

11.0.0.0/8

130.1.50.32/30 200.200.200.64/30

AS 200 AS 400

AS 300

RouterC#show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 11.0.0.0 0.0.0.0 0 32768 i

*> 12.0.0.0 200.200.200.65 0 300 200 i

*> 192.10.2.0 200.200.200.65 0 0 300 i

RouterC# show ip bgp regexp ^300 Match beginning of input string, AS_PATH, = 300 Last prepended AS was 300: Routes matched: 12.0.0.0 and 192.10.2.0

84

RouterC#show ip bgp


*> 11.0.0.0 0.0.0.0 0 32768 i

*> 12.0.0.0 200.200.200.65 0 300 200 i

*> 192.10.2.0 200.200.200.65 0 0 300 i

RouterC# show ip bgp regexp ^200 Match beginning of input string, AS_PATH, = 200 Last prepended AS was 200: Routes matched : none

RouterA

RouterB RouterC

12.0.0.0/8

192.10.2.0/24

11.0.0.0/8

130.1.50.32/30 200.200.200.64/30

AS 200 AS 400

AS 300

85

RouterC#show ip bgp


*> 11.0.0.0 0.0.0.0 0 32768 i

*> 12.0.0.0 200.200.200.65 0 300 200 i

*> 192.10.2.0 200.200.200.65 0 0 300 i

RouterC# show ip bgp regexp 300$ Match end of input string, AS_PATH, = 300 Originating AS = 300: Routes matched : 192.10.2.0

RouterA

RouterB RouterC

12.0.0.0/8

192.10.2.0/24

11.0.0.0/8

130.1.50.32/30 200.200.200.64/30

AS 200 AS 400

AS 300

86

RouterC#show ip bgp


*> 11.0.0.0 0.0.0.0 0 32768 i

*> 12.0.0.0 200.200.200.65 0 300 200 i

*> 192.10.2.0 200.200.200.65 0 0 300 i

RouterC# show ip bgp regexp 200$ Match end of input string, AS_PATH, = 200 Originating AS = 200: Routes matched : 12.0.0.0

RouterA

RouterB RouterC

12.0.0.0/8

192.10.2.0/24

11.0.0.0/8

130.1.50.32/30 200.200.200.64/30

AS 200 AS 400

AS 300

87

AS50#show ip bgp

Network Path

*> 5.0.0.0 i

*> 1.0.0.0 100 i

*> 2.0.0.0 100 200 i

*> 3.0.0.0 300 i

*> 4.0.0.0 300 400 i

*> 10.0.0.0 300 400 1000 I

AS50#show ip bpg regexp 100 Match input string, AS_PATH, containing 100, including 1000 Routes matched : 1.0.0.0, 2.0.0.0, 10.0.0.0

AS 400

4.0.0.0

AS 200

2.0.0.0

AS 300

3.0.0.0

AS 100

1.0.0.0

AS 50

5.0.0.0

AS 1000

10.0.0.0

88

AS50#show ip bgp

Network Path

*> 5.0.0.0 i

*> 1.0.0.0 100 i

*> 2.0.0.0 100 200 i

*> 3.0.0.0 300 i

*> 4.0.0.0 300 400 i

*> 10.0.0.0 300 400 1000 I

AS50#show ip bpg regexp ^100_ Match beginning of input string, AS_PATH, = 100 Last prepended AS was 100: Routes matched : 1.0.0.0, 2.0.0.0

AS 400

4.0.0.0

AS 200

2.0.0.0

AS 300

3.0.0.0

AS 100

1.0.0.0

AS 50

5.0.0.0

AS 1000

10.0.0.0

89

AS50#show ip bgp

Network Path

*> 5.0.0.0 i

*> 1.0.0.0 100 i

*> 2.0.0.0 100 200 i

*> 3.0.0.0 300 i

*> 4.0.0.0 300 400 i

*> 10.0.0.0 300 400 1000 I

AS50# show ip bgp regexp _400$ Match end of input string, AS_PATH, = 400 Originating AS = 400: Routes matched : 4.0.0.0

AS 400

4.0.0.0

AS 200

2.0.0.0

AS 300

3.0.0.0

AS 100

1.0.0.0

AS 50

5.0.0.0

AS 1000

10.0.0.0

90

AS50#show ip bgp

Network Path

*> 5.0.0.0 i

*> 1.0.0.0 100 i

*> 2.0.0.0 100 200 i

*> 3.0.0.0 300 i

*> 4.0.0.0 300 400 i

*> 10.0.0.0 300 400 1000 I

AS50#show ip bpg regexp _400_ Match anywhere in input string, AS_PATH, 400 Routes matched : 4.0.0.0, 10.0.0.0

AS 400

4.0.0.0

AS 200

2.0.0.0

AS 300

3.0.0.0

AS 100

1.0.0.0

AS 50

5.0.0.0

AS 1000

10.0.0.0

91

AS50#show ip bgp

Network Path

*> 5.0.0.0 i

*> 1.0.0.0 100 i

*> 2.0.0.0 100 200 i

*> 3.0.0.0 300 i

*> 4.0.0.0 300 400 i

*> 10.0.0.0 300 400 1000 I

AS50#show ip bgp regexp ^300$ Match input string that starts and ends at 300 Routes that originated from directly connected AS 300 customer Routes matched : 3.0.0.0

AS 400

4.0.0.0

AS 200

2.0.0.0

AS 300

3.0.0.0

AS 100

1.0.0.0

AS 50

5.0.0.0

AS 1000

10.0.0.0

Configuring BGP Attributes

92










Step 10 Prefer the route with the lowest neighbor BGP router ID value.

Step 11 If the BGP router IDs are the same, prefer the route with the lowest neighbor IP address.

93

The Route Selection Decision Process (ROUTE) 12

3

4

5

67

8 9

10 11

WLam

Weight

Local Preference

as path

med

Changing the Weight

Weight attribute influences only the local router. When there is more than one route to the same destination. Cisco attribute Local to the router and it is not propagated in routing updates. Default is 32768 Higher weight is preferred when there are multiple routes to the same

destination

94

WLam

Weight

Local Preference

as path

med

Routing policy dictates the selection of AS 65030 as the primary way out of AS 65040 for the traffic destined to any network originated by the AS 65020.

95

R1

This route map set-weight is linked to neighbor 10.0.0.1 (R2) as an inbound route map.

The match condition is defined by the match as-path path-list-number The path-list-number parameter is the number of the AS access-list (10) Checks the AS-path attributes of networks to see which are permitted by AS

access list 10. as-path AS access-list 10 permits networks whose:

AS-path attribute ends with 65020; these are networks originating in AS 65020. set weight 150: The route map sets these networks to a weight of 150 96

AS _65020$Weight=150

R1

Statement 20 does not have any match statements so all remaining networks are permitted.

These remaining networks have their weight set to 100, with the set weight 100 command.

When Router R1 receives updates from 10.0.0.1 (R2): It processes them through the set-weight route map Sets the weight accordingly as the networks are placed in Router R1’s

BGP table97

AS _65020$Weight=150

R1

Accepting only a default/Announcing only your locally source routes (non-transit)

The local AS is only added after processing outbound AS path access lists.

^$: Will check for an empty path if we want to announce only our locally sourced routes, then AS 99999 will be added.

98

router bgp 24 no synchronization bgp log-neighbor-changes network 257.8.8.0

neighbor 256.44.111.231 remote-as 7777 neighbor 256.44.111.231 description To ISP 1 neighbor 256.44.111.231 weight 1000 neighbor 256.44.111.231 prefix-list DEFAULTONLY in neighbor 256.44.111.231 route-map LOCALONLY out

neighbor 306.12.242.161 remote-as 8888 neighbor 306.12.242.161 description To ISP 2 neighbor 306.12.242.161 weight 2000 neighbor 306.12.242.161 prefix-list DEFAULTONLY in neighbor 306.12.242.161 route-map LOCALONLY out

ip as-path access-list 99 permit ^$

route-map LOCALONLY permit 10 match as-path 99

ip prefix-list DEFAULTONLY seq 5 permit 0.0.0.0/0

99

E1(config)#router bgp 100

E1(config-router)# neighbor 10.1.1.2 weight 2000




E1

AS 1 (ISP1) 2000

AS 100 (E2) 1000

Higher weight preferred

Routes from ISP1 get a weight of 2000 Routes from E2 and EX get a weight of 1000 Larger weight preferred

Can also set the weight in the neighbor statement (for all routes received from that neighbor)

Setting Local Preference

Local preference is used only within an AS between IBGP speakers to determine the best path to leave the AS to reach an outside network.

Default is 100 Higher values are preferred bgp default local-preference value router configuration command changes

the default local preference to the value specified All BGP routes that are advertised include this local preference value.

The value can be set to a number between 0 and 4294967295. 100

WLam

Weight

Local Preference

as path

med

Local preference for all routes on Router B to 500 and on Router A to 200 All BGP routers in AS 65001 send all traffic destined for the Internet to

Router B, causing its outbound utilization to be much higher and the utilization out Router A to be reduced to a minimal amount.

This change is probably not what the network administrator intended. We should use route maps to:

Set only certain networks to have a higher local preference through Router B

101

Each network has two paths (< best path) All routes have:

Weight of 0 Default local preference of 100

So, BGP uses the shortest AS-path to select the best routes

102

172.16.0.0: shortest AS-path is via 192.168.28.1, Router X (65002 65003) 172.24.0.0: shortest AS-path is via 172.20.50.1, Router Y (65005) 172.30.0.0: shortest AS-path is via 172.20.50.1, Router Y (65005 65004)

103

A traffic analysis reveals the following: The link going through:

Router B to 172.20.50.1 is heavily used Router A to 192.168.28.1 is hardly used at all

The three largest-volume destination networks on the Internet from AS 65001 are: 172.30.0.0, 172.24.0.0, and 172.16.0.0.

30% of Internet traffic is going to network 172.24.0.0 (via Router B) 20% of Internet traffic is going to network 172.30.0.0 (via Router B) 10% of Internet traffic is going to network 172.16.0.0 (via Router A) 40%% of Internet traffic is going to other destinations

You have decided to divert traffic to network 172.30.0.0 and send it out Router A to the next hop of 192.168.28.1 Better load balancing

104

Router A: The route map is linked to neighbor 192.168.28.1 as an inbound route map. Receives updates from 192.168.28.1 Processes them through the local_pref route map Sets the local preference accordingly and adds them to the BGP table.

The first route map statement Match condition checks all networks to see which are permitted by access list 65. Access list 65 permits 172.30.0.0 network set local-preference 400 sets these networks to a local preference of 400

The second route map statement does not have any match or set statements. Similar to a permit any statement in an access list. Because there are no match conditions for the remaining networks, they are all permitted with

their current settings. So, the local preference for networks 172.16.0.0 and 172.24.0.0 stays set at the default of 100.

105

Router A 172.30.0.0LocPref=400

Router C learns about the new local preference value (400) coming from Router A for network 172.30.0.0.

Only change: the new best route to network 172.30.0.0 is via 192.168.28.1 Local preference = 400; higher than the default local preference of 100 via 172.20.50.1. The AS-path through 172.20.50.1 is still shorter than the path through 192.168.28.1, but

AS-path but local preference takes precedence.

106

172.30.0.0LocPref=400

WLam

Weight

Local Preference

as path

med

Setting AS Path AS Prepending

It is complicated to influence other autonomous systems to select a particular path for traffic that is returning to a specific AS (can use MED)

Virtually impossible to influence another AS to select the desired path based on the weight and local preference attributes These require configuration changes in the neighboring AS Need to have the network administrator for that AS(‘s) make the change

By default, if no BGP path selection tools are configured to influence traffic flow, BGP uses the shortest AS path, regardless of available bandwidth.

107

By default, the preferred way (shortest path) to reach networks in AS65010 to reach 65040 is via R1

One way that an AS can attempt to influence incoming traffic flow is by sending out EBGP updates with an extended AS-path attribute for undesired paths Multiple copies of the AS number of the sender Known as AS-path prepending

Makes it less likely that the receiver of the update will select this as best path.

To avoid BGP loop prevention mechanisms, no other AS number, except that of the sending AS, should be prepended to the AS-path attribute. 108

This route map is linked to neighbor 172.16.1.1 as an outbound route map. Therefore, as Router R1 sends updates to 172.16.1.1, it processes them

through the set-AS-path route map Route map called set-AS-path has only one statement, a permit statement

with a sequence number of 10. All updates sent to neighbor 172.16.1.1 are prepended three times (plus the

original AS number) with the AS number of the sender (65040), making that path less preferable for the returning traffic.

109

AS Path = 65040 65040 65040 65040

I now prefer the three AS hop via 65020. I also include this complete AS path in my BGP updates to AS 65020

Setting the MED

MED is used to decide how to enter an AS when multiple paths exist between two autonomous systems and one AS is trying to influence the incoming path from the other AS.

Default MED is 0

110

WLam

Weight

Local Preference

as path

med

To change this value, use the default-metric number router configuration command.

To reach networks in AS 65001 all routers in AS 65004 see: A MED of 1001 through the next hop of Router A A MED of 99 through the next hop of Router B

If AS 65004 has no overriding policy, all routers in AS 65004 choose to exit their AS through Router Y to reach the networks in AS 65001

This could result in suboptimal bandwidth utilization.

111

Using route maps we want the preferred exit points to be: Router A to reach networks 192.168.25.0/24 and 192.168.26.0/24 Router B to reach network 192.168.24.0/24

Remember, lower MED is preferred!

112

Setting the MED using Route Maps

Router A: Outbound route map named med_65004 is linked to neighbor 192.168.28.1

Router B: Outbound route map named med_65004 is linked to neighbor 172.20.50.1

113

Router A

Router B

Router A: Networks permitted by ACL 66

(192.168.25.0/24 and 192.168.26.0/24)

Set MED to 100 All other networks

(192.168.24.0/24) Set MED to 200

114

Router A

Router B

Router B: Networks permitted by ACL 66

(192.168.24.0/24) Set MED to 100

All other networks (192.168.25.0/24 and 192.168.26.0/24)

Set MED to 200

115

Router A

Router B

Router Z BGP table: Indicating the networks learned from AS 65001.

116

117

SVL SAC

LAX RVR

SVL-Agg1

LAX-Agg1

L2 PAIX

CUDI

Level 3

Transit

Cogent

Transit

CENIC (non-transit AS) Google

CommodityPeer

Hurricane Elec

CommodityPeer

Comcast

CommodityPeer

Customer Prefixes

Internet 2

ResearchPeer

NLR

ResearchPeer

Bi-lateralSettlementFree Peer

Note: This diagram is by no means accurate but only a very simplified representation of an AS.

Cabrillo

UCSC

UCLA

Cuesta

Public IP Address



Public IP Address

Static Default

Static

Default

EBGP

EBGP

Fully-meshed IBGP

EBGP

EBGP

EBGPMED LocPref

IGP: IS-IS used for next-hop reachability

EBGP




Note: Non-customer prefixes (networks connecting peers) are not included in EBGP updates to peers. IGP is not redistributed into IS-IS and IS-IS is not redistributed into BGP.

Redistribute static


Peer GroupsFiltering BGP UpdatesAdditional Attribute Examples

These sections are fairly straight forward. Please read this material on your own.

118

Peer Groups

In BGP, many neighbors are often configured with the same update policies (for example, they have the same filtering applied).

On a Cisco Systems router, neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient and improve performance.

Peer group – A group of BGP neighbors of the router being configured that all of the same update policies.

A neighboring router can only be a part of one peer group. When you have many peers, this approach is highly recommended. You can use neighbor peer-group-name peer-group or neighbor peer-

group command, the neighbor ip-address peer-group peer-group-name 119

AS 65100 has four routers running IBGP. All of these IBGP neighbors are peering with each others’ loopback 0 interface Router C has an outbound distribution list associated with each IBGP neighbor. the distribute-list command when used for BGP, it is linked to a specific neighbor. The ISP behind Router C might be announcing private address space to Router C,

and Router C does not want to pass these networks to other routers running BGP in AS 65100.

If Router C receives a change from AS 65101: It must generate an individual update for each IBGP neighbor and Run each update against distribute-list 20. If Router C has a large number of IBGP neighbors, the processing power needed

to inform the IBGP neighbors of the changes in AS 65101 could be extensive. 120

Router C

Router C is using a peer group called internal. These commands are all linked to peer group internal, which in turn is linked to each

of the IBGP neighbors. neighbor remote-as neighbor update-source neighbor next-hop-self neighbor distribute-list 20 out

If Router C receives a change from AS 65101 It creates a single update and Processes it through distribute-list 20 once. The update is replicated for each neighbor that is part of the internal peer group.

Saves processing time in generating the updates for all IBGP neighbors. Peer groups can improve efficiency when processing updates for BGP neighbors that

have a common outbound BGP policy. 121

Filtering BGP Updates

122

BGP may receive a high number of routing updates. To optimize BGP configuration, route filtering may be applied. Filter lists, prefix lists, and route maps can be applied to either incoming or outgoing

BGP information, or in any combination. Incoming prefix list, filter list, and route map must all permit the routes that are

received from a neighbor before they will be accepted into the BGP table. Outgoing routes must pass the outgoing filter list, prefix list, and route map

before they will be transmitted to the neighbor. Redistribution from an IGP into BGP, the routes must successfully pass any prefix list

or route map applied to the redistribution process before the route is injected into the BGP table.

123

BGP Filtering Using Prefix Lists

prefix-list ANY-8to24-NET is applied to the incoming advertisements from the BGP neighbor 172.16.1.2

Permits routes from: 0.0.0.0/0: any network ge 8 le 24: with a mask length from 8 to 24 bits 124

BGP Filtering with Route Maps

To apply a route map to filter incoming or outgoing BGP routes, use:

neighbor ip address route-map name {in | out}

125

Router A is configured for BGP with two neighbors: 10.2.3.4 and 10.4.5.6 Both neighbors are configured with the neighbor route-map command to filter the

incoming routing update traffic according to the route-map named filter. The route map filter:

Matches default route AND from AS 65387 Assigned a weight value of 150

Matches default route (from all other AS’s) Assigned a weight value of 100

Since a higher weight value is preferred, the link to ISP AS 65387 is preferred 126

Matches all routes

0.0.0.0/0 Weight=100

0.0.0.0/0 Weight=150

100

Other Attribute Examples (FYI)

127

128

neighbor weight command

Modify WEIGHT E1 so it prefers the longer AS_PATH through ISP1. E2 and EX will still prefer the shorter AS_PATH through ISP2 because of

equal WEIGHTs but shorter AS_PATH.

129

E1#show ip bgp


* 99.0.0.0 10.1.1.2 0 0 1 10 11 12 13 14 i

* 10.1.1.6 0 0 1 10 11 12 13 14 i

*>i 128.107.2.1 0 100 0 2 10 14 i

E1#show ip route

B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:39:01

Before modifying WEIGHT. With WEIGHTs equal, E1 prefers ISP2

because of shorter AS_PATH

130






E1

AS 1 (ISP1) 2000

AS 100 (E2) 1000

Higher weight preferred

Routes from ISP1 get a weight of 2000 Routes from E2 and EX get a weight of 1000 Larger weight preferred

131

E1#show ip bgp


* 99.0.0.0 10.1.1.6 0 2000 1 10 11 12 13 14 i

*> 10.1.1.2 0 2000 1 10 11 12 13 14 i

* i 128.107.2.1 0 100 1000 2 10 14 i

*> 128.107.0.0/19 0.0.0.0 32768 i

* i 128.107.2.1 0 100 1000 i

s> 128.107.1.0/24 0.0.0.0 0 32768 i

s> 128.107.2.0/24 128.107.1.2 2 32768 i

* 180.0.0.0 10.1.1.6 0 2000 1 i

*> 10.1.1.2 0 2000 1 i

*>i200.0.0.0 128.107.2.1 0 100 1000 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:00:12

B 99.0.0.0/8 [20/0] via 10.1.1.2, 00:00:12

128.107.0.0/16 is variably subnetted, 3 subnets, 2 masks

O 128.107.2.0/24 [110/2] via 128.107.1.2, 00:48:24, FastEthernet0/0

C 128.107.1.0/24 is directly connected, FastEthernet0/0

B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:00:12, Null0

10.0.0.0/30 is subnetted, 2 subnets

C 10.1.1.0 is directly connected, Serial0/0


B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:00:14

Only the BGP routes from E2 have the WEIGHT of 2000. The BGP routes from ISP1 have a WEIGHT of 1000.

132

E2#show ip bgp

BGP table version is 11, local router ID is 192.168.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


* i99.0.0.0 128.107.1.1 0 100 0 1 10 11 12 13 14 i

*> 192.168.1.2 0 0 2 10 14 i

* i128.107.0.0/19 128.107.1.1 0 100 0 i

*> 0.0.0.0 32768 i

s> 128.107.1.0/24 128.107.2.2 2 32768 ?

s> 128.107.2.0/24 0.0.0.0 0 32768 ?

*>i180.0.0.0 128.107.1.1 0 100 0 1 i

*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 99.0.0.0/8 [20/0] via 192.168.1.2, 00:49:40

WEIGHT is not included in BGP updates. E1 prefers longer path (larger WEIGHT) via ISP1 but… E2 and EX are unchanged with WEIGHTs remaining equal

preferring shorter AS_PATH.

133

LOCAL PREFERENCE Attribute

Configuration of WEIGHT removed. Multiple routes to the same destination (99.0.0.0), AS 100 Enterprise routers prefer

shorter AS_PATH to ISP2 via E2. The weight attribute was local to the router on which it is assigned, and it is not

propagated in routing updates. Multiple routes to the same destination (99.0.0.0/8), we want ALL AS 100 Enterprise

routers to prefer ISP1 - not just E1 (WEIGHT). The path with the higher preference is preferred (the default value of the local

preference attribute is 100).

100200

Local Preference

134


E1(config-router)#bgp default local-preference 200


E2(config-router)#bgp default local-preference 100

100200

135

E1#show ip bgp


* 99.0.0.0 10.1.1.6 0 0 1 10 11 12 13 14 i

*> 10.1.1.2 0 0 1 10 11 12 13 14 i

* i128.107.0.0/19 128.107.2.1 0 100 0 i

*> 0.0.0.0 32768 i

s> 128.107.1.0/24 0.0.0.0 0 32768 i

s> 128.107.2.0/24 128.107.1.2 2 32768 i

* 180.0.0.0 10.1.1.6 0 0 1 i

*> 10.1.1.2 0 0 1 i

*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:01:01

B 99.0.0.0/8 [20/0] via 10.1.1.2, 00:01:46




B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:18:34, Null0




B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:18:21

136

E2#show ip bgp


* 99.0.0.0 192.168.1.2 0 0 2 10 14 i

*>i 128.107.1.1 0 200 0 1 10 11 12 13 14 i

*> 128.107.0.0/19 0.0.0.0 32768 i

* i 128.107.1.1 0 200 0 i

s> 128.107.1.0/24 128.107.2.2 2 32768 ?

s> 128.107.2.0/24 0.0.0.0 0 32768 ?

*>i180.0.0.0 128.107.1.1 0 200 0 1 i

*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:01:46

B 99.0.0.0/8 [200/0] via 128.107.1.1, 00:01:46




B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:01:31, Null0



B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:01:47

137

EX#show ip bgp


*>i99.0.0.0 128.107.1.1 0 200 0 1 10 11 12 13 14 i

* i128.107.0.0/19 128.107.2.1 0 100 0 i

*>i 128.107.1.1 0 100 0 i

*>i180.0.0.0 128.107.1.1 0 100 0 1 i

*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:02:32

B 99.0.0.0/8 [200/0] via 128.107.1.1, 00:03:18




B 128.107.0.0/19 [200/0] via 128.107.1.1, 00:20:06

B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:19:51

138

MED (Multi-Exit Discriminator) Attribute

New Topology No ISP2 ISP1 prefers path to 128.0.0.0/7 via E1 AS 100 wants ISP1 to prefer path to 128.0.0.0/7 via E2

WLam

Weight

Local Preference

as path

med

139

MED (Multi-Exit Discriminator) Attribute

The multi-exit discriminator (MED) attribute is a hint to external neighbors about the preferred path into an AS when there are multiple entry points into the AS.

A lower MED value is preferred over a higher MED value. The default value of the MED attribute is 0. Unlike local preference, the MED attribute is exchanged between AS’s, but a MED

attribute that comes into an AS does not leave the AS.

WLam

Weight

Local Preference

as path

med

140

ISP1#show ip bgp


*> 99.0.0.0 0.0.0.0 0 32768 i

* 128.107.0.0/19 10.1.1.5 0 0 100 i

*> 10.1.1.1 0 0 100 i

*> 180.0.0.0 0.0.0.0 0 32768 i

ISP1#show ip route

C 99.0.0.0/8 is directly connected, Loopback99


B 128.107.0.0 [20/0] via 10.1.1.1, 01:01:26





Currently…

141


E1(config-router)#neighbor 10.1.1.2 route-map SETMEDOUT out

E1(config)#route-map SETMEDOUT permit 10

E1(config-route-map)#set metric 50


E2(config-router)#neighbor 10.1.1.6 route-map SETMEDOUT out

E2(config)#route-map SETMEDOUT permit 10

E2(config-route-map)#set metric 10

MED 50MED 10

The multi-exit discriminator (MED) attribute is a hint to external neighbors about the preferred path into an AS when there are multiple entry points into the AS.

142

ISP1#show ip bgp


*> 99.0.0.0 0.0.0.0 0 32768 i

* 128.107.0.0/19 10.1.1.1 50 0 100 i

*> 10.1.1.5 10 0 100 i

*> 180.0.0.0 0.0.0.0 0 32768 i

ISP1#show ip route



B 128.107.0.0 [20/10] via 10.1.1.5, 00:00:12





Note: If you want MED attributes from neighbors in other AS’s to be compared, you must configure the bgp subcommand bgp always-compare-med.

MED is sometimes referred to as the metric

MED 50MED 10

143

AS_PATH and Prepending an AS

We want to make it look as if the 99.0.0.0/8 in AS 14 network can be reached via ISP1 and ISP2.

We will add this network to both routers and prepend some AS numbers to make it look like it originated in AS 14 from several AS’s away.

Sometimes used by ISPs to prepend their own AS number several times to make a path look less desirable.

99.0.0.0/8

AS1410 11 12 13 10

WLam

Weight

Local Preference

as path

med

With all else equal shortest AS_PATH is best

144

ISP1(config)#inter loop 99

ISP1(config-if)#ip add 99.0.0.1 255.0.0.0

ISP1(config)#router bgp 1

ISP1(config-router)#network 99.0.0.0

ISP1(config-router)#neighbor 10.1.1.1 route-map set-99 out


ISP1(config)#route-map set-99 permit 10

ISP1(config-route-map)#match ip address prefix-list only-99

ISP1(config-route-map)#set as-path prepend 10 11 12 13 14


! All other routes sent as normal

ISP1(config)#ip prefix-list only-99 seq 5 permit 99.0.0.0/8

145

ISP2(config)#inter loop 99

ISP2(config-if)#ip add 99.0.0.1 255.0.0.0

ISP2(config)#router bgp 1

ISP2(config-router)#network 99.0.0.0



ISP2(config-route-map)#match ip address prefix-list only-99

ISP2(config-route-map)#set as-path prepend 10 14


!All other routes sent as normal

ISP2(config)#ip prefix-list only-99 seq 5 permit 99.0.0.0/8

146

E1#show ip bgp


* 99.0.0.0 10.1.1.2 0 0 1 10 11 12 13 14 i

* 10.1.1.6 0 0 1 10 11 12 13 14 i

*>i 128.107.2.1 0 100 0 2 10 14 i

* i128.107.0.0/19 128.107.2.1 0 100 0 i

*> 0.0.0.0 32768 i

s> 128.107.1.0/24 0.0.0.0 0 32768 i

s> 128.107.2.0/24 128.107.1.2 2 32768 i

*> 180.0.0.0 10.1.1.2 0 0 1 i

* 10.1.1.6 0 0 1 i

*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:39:01

B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:39:01




B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:39:12, Null0




B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:38:54

E1 does not send this longer path to E2 and EX because it heard better path from both.

Best Path via E2

147

E2#show ip bgp


*> 99.0.0.0 192.168.1.2 0 0 2 10 14 i

* i128.107.0.0/19 128.107.1.1 0 100 0 i

*> 0.0.0.0 32768 i

s> 128.107.1.0/24 128.107.2.2 2 32768 ?

s> 128.107.2.0/24 0.0.0.0 0 32768 ?

*>i180.0.0.0 128.107.1.1 0 100 0 1 i

*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:39:30

B 99.0.0.0/8 [20/0] via 192.168.1.2, 00:39:30




B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:39:40, Null0



B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:39:26

148

EX#show ip bgp


*>i99.0.0.0 128.107.2.1 0 100 0 2 10 14 i

* i128.107.0.0/19 128.107.2.1 0 100 0 i

*>i 128.107.1.1 0 100 0 i

*>i180.0.0.0 128.107.1.1 0 100 0 1 i

*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:18:20

B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:18:20




B 128.107.0.0/19 [200/0] via 128.107.1.1, 00:18:21

B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:18:21

EX#

CIS 185 CCNP ROUTECh. 6 Border Gateway Protocol Solution

for ISP Connectivity – Part 2

Rick Graziani

Cabrillo College

[email protected]

Last Updated: Fall 2010

Documents

CIS 185 CCNP ROUTE Ch. 6 Border Gateway Protocol Solution for ISP Connectivity – Part 2