Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
3
Objectives• Routers
– Definition and classification of routers– IP datagram forwarding algorithm
• Basic principles of routing– Routing table analysis– Less and more specific routes– Aggregation of routing information– Troubleshooting - routing loops and black holes
• Routing information exchange– Static and dynamic routing– Routing protocols– Hierarchy in the routing architecture - interior and exterior routing– Multihoming - is BGP-4 always needed?
4
What is a Router?
• Router - a multi-interface device, used to forward IP datagramsfrom one interface to another, as well as to exchange routing information with other routers, according to:– source and destination IP address of the datagram– routing information, set manually or obtained from other routers– routing policies, set by router administrator, defined by agreements.
• Routers are basically Layer 3 (network layer) devices.• Routers must be compliant with the current standards.• Requirements for IPv4 routers are summarized in RFC 1812.• RFC 1812 is a mustmust--readread--documentdocument, prior to router purchase!• Periodic software upgrades are necessary to keep up-to-date
with the current standards and minimize effects of bugs!
5
IP Forwarding Procedure(taken from RFC 1812, simplified)
• Datagram decapsulation from a data-link layer frame (e.g. Ethernet frame).• Validation of the IP datagram header, using a checksum procedure.• Processing of any IP option (source route, record route etc.).• Examination of the destination IP address (e.g. 147.91.8.55)
– if the destination is the router itself, the datagram should be delivered locally. – if the destination is outside, it should be queued for forwarding.– a copy of the datagram should be, in the latter case, queued for local delivery.
• If the datagram is to be forwarded, the router obtains next hop address from the routing table.
• Router checks access lists, to see whether forwarding to a specific destination is allowed or not. If not, datagram is discarded.
• Router decrements TTL and checks it. If TTL=0, discard the datagram.• If necessary, the router performs datagram fragmentation.• The router determines the next-hop data link layer address, encapsulates the
datagram and sends it, using the appropriate data link protocol.
6
Addressing and Routing
• Address allocation methods has strong impact on routing.• Classful addressing:
– Initially, the address space had been divided into classes (A, B, C, D, E).– Network prefix length was derived directly from the class.– Used by EGP and RIPv1.
• Classless addressing:– In a classless environment, network prefix length may be arbitary.– Network prefix length is being transmitted along with the IP net number.– Classless addressing is a basis of classless inter-domain routing (CIDR).– Used by BGP-4, OSPF and EIGRP.
7
What is CIDR?
• By definition, CIDR comprises three elements:– Topologically significant address assignment– Consistent forwarding algorithm ("longest match rule")– Aggregation of network layer reachability information
• A route to a destination might be:– More specific– Less specific
• Example - for the destination 10.91.12.610.91.12.6:– Route 10.91.12/2410.91.12/24 is more specific than the route 10.91.8/2110.91.8/21.– Route 10.91/1610.91/16 is less specific than 10.91.12/2410.91.12/24.– Route 10.91.12.6/3210.91.12.6/32 would be the most specific in any case!
8
Longest Match Routing Rule
• The routing table may contain mutually overlapping routes.• The router will always follow the most specificmost specific route available!• Example - if the routing table contained:
DestinationDestination Next hopNext hop InterfaceInterface10.91.8.0 /21 10.91.254.9 Serial010.91.8.0 /21 10.91.254.9 Serial010.91.12.0 /22 10.91.254.13 Serial110.91.12.0 /22 10.91.254.13 Serial10.0.0.0 /0 10.91.250.1 Ethernet00.0.0.0 /0 10.91.250.1 Ethernet0
• Traffic to 10.91.8.110.91.8.1 would go to the Serial0Serial0 interface• Traffic to 10.91.14.110.91.14.1 would go to the Serial1Serial1 interface• Traffic to 10.91.1.110.91.1.1 would go to the Ethernet0Ethernet0 interface.
9
Tracing the Route ...
Destination Gateway Netmask Interface147.91.8.0 147.91.8.6 255.255.255.0 eth00.0.0.0 147.91.8.77 0.0.0.0 eth0
Destination Gateway Netmask Interface147.91.8.0 147.91.8.77 255.255.255.0 Ethernet0147.91.241.0 0.0.0.0 255.255.255.0 Serial0147.91.242.0 0.0.0.0 255.255.255.0 Serial10.0.0.0 147.91.9.1 0.0.0.0 Ethernet1
Destination Gateway Netmask Interface147.91.241.0 147.91.241.1 255.255.255.0 Ethernet00.0.0.0 0.0.0.0 0.0.0.0 Serial0
147.91.8.6
A B147.91.8.77 147.91.241.1 147.91.241.5
10
• Goals of route aggregation:– Save router memory– Minimize routing information update traffic among routers
• Principle: several more specific route entries could be glued together into a summary entry, if they have the same next hop
• Example:
Route Aggregation
10.91.8.0 10.91.8.0 -- 10.91.11.25510.91.11.255
10.91.8 10.91.8 /24/2410.91.9 10.91.9 /24/2410.91.1010.91.10 /23/23
10.91.8 /2210.91.8 /22 10.91.8/24
10.91.9/24
10.91.10/23
AA BB
11
Common Aggregation Mistake
10.91.8 /2210.91.8 /22 10.91.8/24
10.91.9/24
10.91.11/24
10.91.10/24
0.0.0.0 /00.0.0.0 /0
AABB
CC DD
Black hole:Black hole:10.91.10/2410.91.10/24
ADVICE - Do not aggregate networks notbelonging or directly reachable to you !!!
12
Correct Setup
10.91.8 /2310.91.8 /2310.91.11/2410.91.11/24 10.91.8/24
10.91.9/24
10.91.11/24
10.91.10/24
10.91.10/2410.91.10/240.0.0.0 /00.0.0.0 /0
AABB
CC DD
Don’t allow former users to hold assignedaddress space upon agreement termination!
13
Static and Dynamic Routing
• Routing tables require updates, as the network grows.• Updates may be manual (static) or learnt dynamically:• Static routes:
– Entered by the router administrator.– Excellent for ISPs, when connecting single-homed customers.– Bad in large network environments.
• Dynamic routing:– Routing table update by the information learnt from other rout– Routing protocols - used to exchange routing information among routers.– Bad in losely controlled networks, where users could announce junk data.
IMPORTANTIMPORTANT -- Routing protocols do not route traffic Routing protocols do not route traffic -- theytheyare only used to exchange routing information!are only used to exchange routing information!
Traffic routing is being performed by IP !!!Traffic routing is being performed by IP !!!
14
Static Routes
• Configured manually, by the router operator.
• Should not be avoided,if it is cost effective!
• Not always flexible, though, but - it works!
• Typical use in ISP networks.•• It is always better to describe It is always better to describe
an unskilled customer with an unskilled customer with static routes than to let them static routes than to let them announce junk to others!announce junk to others!
POPPOP--11
POPPOP--22
CustomersCustomers10.91.8 /2410.91.8 /24 10.91.9 /2610.91.9 /26 10.91.9.64 /2710.91.9.64 /27
10.91.1 /2310.91.1 /23
10.91.4 /2210.91.4 /22
Static routesStatic routes
DynamicallyDynamicallyannounceannounce10.91.8/2310.91.8/23
15
Dynamic Routing
POPPOP--11 POPPOP--22
10.91 /1610.91 /16
AnnounceAnnounce10.91/1610.91/16
AcceptAccept10.91/1610.91/16
Traffic is now allowed to:Traffic is now allowed to:10.91/1610.91/16
ANNOUNCE and ACCEPT policies are an essentialANNOUNCE and ACCEPT policies are an essentialpart of dynamic routing protocols!part of dynamic routing protocols!
16
Routing Protocols
• Routing protocols do not route packets in the network - IP does it!• Routing protocols are used for routing information - routing table
contents exchange among routers in a network.• Regarding the principle of operation, we distinguish among:
– Distance vector (e.g. RIPv1, RIPv2)– Link-state (e.g. OSPF)– Path vector (e.g. EGP, BGP)
• Regarding the dependence of the IP address class, we recognize:– Classful protocols (RIPv1; EGP, BGP-1, 2 and 3)– Classless protocols (RIPv2, OSPF, EIGRP; BGP-4)
17
Path Vector Protocols
AS 286
AS 27
AS 5377
AS 3 AS 11
147.91 /16Path: 286
147.91 /16Path: 286
147.91 /16Path: 3 - 286
147.91 /16Path: 11 - 3 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 3 - 286
18
The Need for Routing Hierarchy
• Internet is a complex system of autonomous networks, operated by various entities - ISPs, companies, universities ...
• Routing in such an environment requires hierarchy!•• Autonomous system (AS)Autonomous system (AS) -- a set of routers, running under a a set of routers, running under a
single technical administration, having a single (exterior) routsingle technical administration, having a single (exterior) routing ing policy in respect to the other autonomous systems.policy in respect to the other autonomous systems.– Interior routing - routing inside an autonomous system.– Exterior routing - routing among autonomous systems.
• Different protocols are used to exchange routing information relevant for interior and exterior routing.
• Interior routing - OSPF, RIPv1, RIPv2, IGRP, EIGRP …• Exterior routing - BGP-4, EGP, BGP-3 … (mostly BGP-4!)
19
Autonomous System (AS)
• Autonomous system (AS) - a set of routers, running under a single technical administration, having a single (exterior) routing policy in respect to the other autonomous systems.
• One IP network (e.g. 147.91/16147.91/16) may belong to only one AS !!!• One AS may comprise several IP networks (e.g. AS6700AS6700
contains 147.91 /16147.91 /16, 194.106.160 /19194.106.160 /19, 195.252.64 /18195.252.64 /18 etc.).• AS identifiers - 16-bit numbers (0-65535) - limited resource!• Like IP addresses, AS numbers are centrally distributed - IANA,
regional Internet registries and ISPs.
Separate AS number is only required for a multi-homed user,running an exterior routing protocol to its peers.
AS number assignment policy is defined in RFC 1930!
Separate AS number is only required for a multi-homed user,running an exterior routing protocol to its peers.
AS number assignment policy is defined in RFC 1930RFC 1930!
20
Autonomous System and Its Vicinity
AS5377Border router
Ethernet
193.203.18.0/23
160.99.0.0/16
BeoTelNet
TaideNet
147.91.1.0 /24
AS 5479 AS 2614
AS 1800
AS5377
21
What is Exterior Routing?
• Exchange of routing information, relevant for routing IP datagrams from one AS to another.
• Exterior routing protocols (EGP, BGP-4) “see” the whole global network as a directed graph (tree), with AS’s as its nodes.
• Using the information from the routing tables, learnt via exterior routing protocols, IP forwards datagrams from a router in one AS to the router in another one.
• Using an exterior routing protocol, router announces a list of IP networks belonging to its AS (Network-Layer ReachabilityInformation - NLRI).
• Historically, there were many exterior routing protocols (GGP, EGP, BGP), of which BGP-4 is mostly being used today.
22
When to Use Exterior Routing?
• Most answers to this question are given in the RFC 1930RFC 1930.• Exterior routing and a separate public AS number is needed when
the customer is connected to the ISP’s, belonging to different AS’s.• Exterior routing is not really needed and should be avoided if:
– the customer is single-homed, i.e. connected to a single ISP.– the customer is multi-homed, but all peer ISP’s belong to the same AS.– the customer is multi-homed, but the peer ISP’s are directly connected.
• Multi-homed user, having a small network (prefix > /19) might experience connectivity problems (Sprint’s BGP update filtering policies).
• Alternate solution: obtain address space from all ISP’s (a small IP network, say /26 or less), use private address space in your network and NAT on the router.
23
Multi-homing to the Same AS
AS 5377
AS 702
AS 3561
ISP ABackbone
ISPISP B
User AS 701
195.252.96/24
195.252.96/24
195.252.96 /24
195.
252.
96 /2
4
195.252.96 /24
195.252.96 /24
BGP-4
OSPF, EIGRP, RIP ...
24
Multi-homing to Directly Connected ISP’s
Ethernet
ISP A(AS 8400)
ISP B(AS 6700)
160.99.32 /19
160.99.32 /19 160.
99 /1
6
160.99.32 /19
AS 8400
BGP-4
OSPF, EIGRP...
160.99 /16
160.99 /16160.99 /16
ISP C(AS 5377)
ISP D(AS 8534)
26
BGP-4(Border Gateway Protocol - RFC 1771, 4271)
• Exchanges inter-AS routing information, between two routers in the same or different AS (BGP speakers, border routers, peers).
• A TCP connection (port 179) must be established between peers.• Upon startup, the whole (or partial routing table) is exchanged.• Later, only incremental NLRI is exchanged, depending on inter-
AS link states.• Supports policy-based routing (policies).• All routing policies, based on the hop-by-hop paradigm are
supported by the BGP-4.• Supports route aggregation, saving router memory and inter-AS
communication link bandwidth usage.• Supports CIDR.
27
BGP-4 - Messages
• BGP-4 uses four standard types of messages:– OPEN - used to negotiate neighbor parameters.– UPDATE - used to exchange NLRI between the BGP speakers.– NOTIFICATION - used to report errors.– KEEPALIVE - used to check inter-BGP-speaker link availability.
• OPEN - contains: version, AS number, hold time, router ID (highest IP address on the router, or highest loopback address).
• NOTIFICATION - contains the error code.• KEEPALIVE - sent periodically to assure availability of the link
between BGP speakers, at rate less than hold timer. If hold timer expires, the BGP session is closed and the routes withdrawn.
• UPDATE - used to exchange NLRI.
28
BGP-4 Message header format
MarkerMarker ((16 octets16 octets))All bits must be set to 1.All bits must be set to 1.LengthLength ((2 octets2 octets)) TypeType ((1 octet1 octet))
Type codes:1 – OPEN message2 – UPDATE message3 – NOTIFICATION message4 – KEEPALIVE message
29
How BGP-4 Works?
• Two BGP speakers, located in the same or different AS’s establish a TCP connection (port 179).
• The BGP speakers exchange OPEN messages, to negotiate parameters.• If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is
sent back.• Initially, the whole routing table is exchanged. Later, only incremental changes are
being exchanged.• Upon receiving an update, a BGP speaker decides whether to accept it or not and
whether or not to announce it further.• Data used in decision-making process are:
– Route to the destination already existing in the routing table (if it does exist).– Routing policies, set locally by the network administration.– Routing policies, set by the neighbor network administrators.
• Decision-making process might result in– Installing a new route in the routing table– Ignoring the update, but announcing it further.– Total ignorance of the update, without announcing it further.
30
BGP-4 – OPEN Message format
BGP Identifier (4)BGP Identifier (4)
My Autonomous SystemMy Autonomous System (2)(2)
OptOpt ParamParam LenLen (1)(1)
VersionVersion (1)(1)
Hold TimeHold Time (2)(2)
Optional parameters (variable)Optional parameters (variable)
BGPBGP--4 standard header4 standard header ((19 octets19 octets))
31
UPDATE Message Format
Message headerWL <- Widthdrawn route list length (2 bytes)
<- Path attributes list length (2 bytes)PLRoute 1 Route 2 Route 3
Attribute 1 Attribute 2 Attribute 3NLRI route 1 NLRI route 2 NLRI route 3
Route format: Prefix length Prefix address
...
...
...
AS_PATH: Flags 2 #AS's ...AS 1 AS 2
32
BGP Path Attributes
• Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.).
• Used in decision-making process of a BGP process on the routers.• Format: attribute typeattribute type, , attribute lengthattribute length, , attribute valueattribute value• Well-known attributes - must be supported by all implementations:
– Well-known mandatory - must be present in each update (e.g. AS path)– Well-known discretionary - may or may not be present in each update
• Optional attributes - not required by all BGP implementations:– Optional transitive - the attribute must be passed to other BGP speakers.– Optional non-transitive - should be ignored and not passed to others.
33
Review of BGP Path Attributes
Code Attribute Name Cat. Short description 1 Origin WK-M Origin of info (IGP/EGP/incomplete) 2 AS_Path WK-M List of traversed AS numbers 3 Next_hop WK-M IP address of next hop to destination 4 Multi_exit_disc Opt-NT Advise other AS on path selection 5 Local_pref WK-D Used in path select. within a local AS 6 Atomic_aggr WK-D Used to control route aggregation 7 Aggregator Opt-T Used to control route aggregation 8 Community Opt-T Grouping of routes with same policies
34
Basic Mode of Operation
AS 286
AS 27
AS 5377
AS 3 AS 11
147.91 /16Path: 286
147.91 /16Path: 286
147.91 /16Path: 3 - 286
147.91 /16Path: 11 - 3 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 3 - 286
35
Basic Routing Configurations
AS 2
AS 27
AS 5377
AS 3 AS 11
Stub ASStub ASOnly one
neighbor AS
MultiMulti--homed AShomed ASMultiple neighbors, no transit!
Transit ASTransit ASFull transit
36
Stub AS
CustomerAS 6701AS 6701
10.91 /1610.91 /16172.16.64 /18172.16.64 /18
ISPAS 27AS 27
• Customer AS 6701 must be “visible” from the Internet.• Thus, AS6701 has to announce its IP networks to AS 27.• That will allow incoming traffic to 6701 to flow.
Announce10.91/16172.16.64/18
TRAFFIC
• The ISP AS27AS27 must provide enough information to AS6701.• Thus, they will have to announce ANY information they have.• Alterately, they will announce a default route only.
37
Stub AS - a Better Approach
CustomerAS 65500AS 65500
10.91 /1610.91 /16172.16.64 /18172.16.64 /18
ISPAS 27AS 27
Announce10.91/16172.16.64/18origin: AS65500origin: AS65500
• AS numbers are a limited resource (only 65535 numbers!).
• IANA has reserved the range 64512 64512 -- 6553565535 for private AS’s.• Private AS numbers do not get included in the AS path attribute.• Thus, the customer might want to use a private AS number (say, AS65500AS65500).• The customer will announce their networks to the ISP (AS27AS27).• Since the private AS number is ignored, all routing information will look like it
originated from AS27.
Announce10.91/16
172.16.64/18origin: AS27origin: AS27
38
Stub AS - the Best Solution
ISP
AS 27AS 27• Running BGP-4 with a stub AS is not recommended at all.• In the stub AS case, BGP-4 only wastes link bandwidth!• Recommended solution:
– place the customer’s network in the ISP AS (AS 27).– the customer will announce routes to the ISP using an IGP, or the ISP will
use static routes to the customer.– the customer will place a default (0.0.0.0/0) route to the ISP.
Customer10.91 /1610.91 /16
172.16.64 /18172.16.64 /18
default
static routes
39
Multi-homed Non-transit AS
AS 27 AS 12 AS 5377
Task:• AS12 wants to use links to AS27 and AS5377 for load balancing.• AS12 doesn’t want to allow traffic from AS5377 to AS27 to pass through it.•• AS12 will announce its networks only to AS 27 and AS 5377.AS12 will announce its networks only to AS 27 and AS 5377.
• AS27 and AS5377 must provide full routing information they have to AS12.• Full global IP routing table (takes about 32 MB) is necessary for load sharing!• It is also possible to have partial IP routing information.•• Partial or full routing information must be announced by both ASPartial or full routing information must be announced by both AS27 and AS5377.27 and AS5377.
40
Preventing Dirty Games
AS 27AS 2710.12/16
AS 12AS 1210.1/1610.1/16
AS 5377AS 537710.91/16
Task:• AS12 doesn’t want to allow traffic from AS5377 to AS27 to pass through it.Problem:• AS27 and AS5377 may place static routes to each other and to “cheat” on AS12.
Static route to 10.91 /16Static route to 10.91 /16
Static route to 10.12 /16Static route to 10.12 /16
Solution:• Apply “accessaccess--class 101 inclass 101 in” on the interfaces to both ISP’s (AS27, AS5377).• The access-list 101 would be of the form:
access-list 101 permit ip any 10.1.0.0 0.0.255.255access-list 101 deny ip any any
41
Transit AS
• Transit may be full or restricted.• Full transit assumes passing traffic from any AS to any other AS.• Restricted transit assumes passing traffic coming from certain AS’s to certain
other AS’s.• Transit routing policies need not to be symmetrical, though it is desirable they
are. Examples:– Consider AS12, passing traffic between AS27 and AS5377.– AS12 may want to pass traffic from AS27 to AS5377, but not in the opposite way. – AS12 may want to pass traffic from AS4, coming through AS27 to AS5377.
AS 27AS 2710.12/16
AS 12AS 1210.1/1610.1/16
AS 5377AS 537710.91/16
AS 4AS 4
42
Transit AS - an Example
Task:• To AS5377, AS12 wants to provide transit service for AS27 and AS4.• To AS27, AS12 wants to provide transit service for AS5377, but not for AS5.• AS12 itself will use both links to AS27 and AS5377, with default to AS27.
AS 27AS 2710.12/16
AS 12AS 1210.1/1610.1/16
AS 5377AS 537710.91/16
AS 4AS 4 AS 5AS 5
Solution:• To AS5377, AS12 will announce all routes from AS27 and AS4.• To AS27, AS12 will announce all routes from AS5377, but not routes from AS5.• Accept anything AS27 and AS5377 announce, except default from AS5377.• Accept default route from AS27.
announceAS27, AS4AS27, AS4
announceAS5377AS5377
43
Basic BGP-4 Routing Configurations Review
• Stub AS:– Standalone AS, connected to its neighbor using a single logical link.– Explicitly forbidden (RFC 1930RFC 1930), except as a temporary solution in the initial
phase of a new AS setup.– If BGP is needed anyway, use a private AS number (64512-65536)!
• Multi-homed, non-transit AS:– Customer AS X, connected to two or more different AS’s.– Transit from one neighbor network to another using AS X is not allowed!
• Tranzitni AS (Transit AS):– Customer AS X, connected to two or more different AS’s.– The customer allows partial or full transit to its neighbors.– Backbone ISP’s orpeate in full-transit mode, to ensure global connectivity.
45
Scope of this Section
• Setting up a BGP-4 connection between peer routers• Passing BGP-4 information inside of the AS• Injecting routing information into BGP• Decision-making process• BGP attributes and their usage• Path Selection Criteria.
46
Establishing a BGP-4 Session
• That is not always possible:– some AS’s have multiple exit points– some routers cannot run BGP
• BGP-4 peer routers must be directly physically connected!
AS1AS1 AS3AS3AS2AS2
• Possible solutions:– Internal BGP (IBGP)– External BGP (EBGP) multi-hop
AS1AS1 AS3AS3
AS2AS2
AS1AS1 AS3AS3
AS2AS2
47
BGP basic configuration
router bgp autonomous_system_numberenable BGP routing process
network network_number mask network_maskdefine network which will be advertised
neighbor neighbor_IP_address remote_as AS_numberdefine neighbor and his AS number
Basic commands to activate peer connection:
48
AS 65300 AS 65400
RTR BRTR A
router bgp 65400network 192.168.4.0 mask 255.255.255.0neighbor 192.168.5.1 remote-as 65300
192.168.4.0/24192.168.1.0/24
192.168.5.1
192.168.5.2
router bgp 65300network 192.168.1.0 mask 255.255.255.0neighbor 192.168.5.2 remote-as 65400
EBGPEBGP
BGP basic configuration - EBGP
49
AS 65300
router bgp 65300neighbor 192.168.5.2 remote-as 65300
192.168.4.0/24192.168.5.1
192.168.5.2
BGP basic configuration - IBGP
IBGPIBGP
50
Sometimes, two EBGP speakers cannot be directly connected, or we like to use IP address of the loopback interface as a next hop.
In those situations, we must use multi hop option.
neighbor IP_address ebgp-multihopdefine that neighbor is NOT directly connected
neighbor IP_address update-source interfacedefine another IP address source
You must ensure visibility of other address!You must ensure visibility of other address!
BGP basic configuration
51
AS 65400
router bgp 65100neighbor 192.168.3.2 remote-as 65400neighbor 192.168.3.2 update-source loopback 0
192.168.4.0/24AS 65100
192.168.1.0/24
Loopback Interface 0172.16.1.1
router bgp 65400neighbor 172.16.1.1 remote-as 65100neighbor 172.16.1.1 ebgp-multihop
!ip route 172.16.1.1 255.255.255.255 serial 0
Serial 0192.168.3.2
192.168.3.1
BGP basic configuration - using other IP address for peering
52
AS 65300
router bgp 65300neighbor 192.168.3.1 remote-as 65100neighbor 192.168.3.1 ebgp-multihopneighbor 192.168.3.1 update-source loopback0
192.168.5.1
192.168.5.2EBGP
AS 65100
router bgp 65100neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihop
!ip route 172.16.1.1 255.255.255.255 serial0
192.168.3.2
192.168.3.1
Loopback Interface 0172.16.1.1
!
BGP basic configuration - BGP multihop
53
Passing BGP InformationInside an AS
• An AS might have a single or (more often) multiple exit points.• Information learnt via BGP-4 from one exit point must be passed
along the AS to all other exit points.• This can be done using two different approaches:
–– Establish an internal BGP (IBGP) session between border routers.Establish an internal BGP (IBGP) session between border routers.–– Redistribute BGP information into an IGP on entry and back to BGRedistribute BGP information into an IGP on entry and back to BGP on exit.P on exit.
• The first approach is better, since it preserves route attributes.• The latter approach might result in complete loss of BGP attributes.• Two basic rules are applied when passing BGP information out:
–– Do not advertise a network without checking whether it is internDo not advertise a network without checking whether it is internally ally reachable within the AS.reachable within the AS.
–– Do not advertise an external route, until all routers within AS Do not advertise an external route, until all routers within AS dondon’’t learn it t learn it (the rule of (the rule of SynchronizationSynchronization)!)!
54
External and Internal BGP(EBGP, IBGP)
AS 2
AS 27
AS 5377
AS 11
External BGPExternal BGPPeering between different AS’s
??
Internal BGPInternal BGPPeering inside of an
AS
55
Another Solution - Use of an IGP(OSPF, RIPv1, RIPv2 …)
AS 2
AS 27
AS 5377
AS 11
External BGPExternal BGPPeering betweendifferent AS’s
IGP (RIP, OSPF)IGP (RIP, OSPF)Routing information
exchange using IGP’s
External BGPExternal BGPBGP attributes received from
AS2 are lost !!!
56
BGP Continuity Inside of an AS
• To avoid routing loops inside the AS, BGP does not advertise routes learnt from other IBGP peers to other internal BGP peers.
– Router A will advertise its EBGP routes to B, but B won’t pass them to C.– Router C will advertise its EBGP routes to B, but B won’t pass them to A.– Router B will advertise its EBGP routes to A and C.
• Apparently, there is a need for an IBGP session between routers A and C!
AA
BB
CC
IBGPIBGP IBGPIBGP
EBGPEBGP EBGPEBGP
EBGPEBGP
The IBGP sessions must be fullyThe IBGP sessions must be fully--meshed inside an AS!meshed inside an AS!
IBGPIBGP
57
Synchronization Within an AS
IBGPIBGP
• Router A receives update for 10.91/1610.91/16, via EBGP from its neighbor.• Router A passes the update to the router C, using the existing IBGP session.• Router C passes the update to its neighbor, router D, using EBGP.• Upon receiving update, router D can send traffic for 10.91/1610.91/16 via router C.• Router C receives this and passes it to router B3, which doesn’t know of 10.91/1610.91/16!
AA
B1B1
CC
EBGPEBGPEBGPEBGP
B2B2B3B3
10.91/1610.91/16
10.91/1610.91/16
DD
BGP BGP must notmust not advertise a route outside the AS, until the route isadvertise a route outside the AS, until the route islearnt by all routers within the AS, either statically or by IGPlearnt by all routers within the AS, either statically or by IGP!!
This default This default behaviourbehaviour may be turned off, if needed!may be turned off, if needed!
58
BGP and IGP synchronization
With no synchronization command you can turn off synchronization between BGP and IGP process.
Synchronization is very important in situation where you have IBGP connection through router which isNOT running IBGP.
BGP basic configuration - synchronization
59
AS 65300
AS 65400router bgp 65300
neighbor 192.168.3.2 remote-as 65100neighbor 192.168.5.9 remote-as 65300no synchronization
192.168.4.0/24
192.168.5.1
192.168.5.2
IGP IGP
IBGP
EBGP
AS 65100
EBGP
192.168.1.0/24
routing table:0.0.0.0 192.168.5.1
192.168.5.10
192.168.5.9
To:192.168.4.1
WITHOUTWITHOUT synchronization
BGP basic configuration
192.168.3.1
192.168.3.2
60
AS 65300
AS 65400router bgp 65300
neighbor 192.168.3.2 remote-as 65100neighbor 192.168.5.9 remote-as 65300
192.168.4.0/24
192.168.5.1
192.168.5.2
IGP IGP
IBGP
EBGP
AS 65100192.168.1.0/24
routing table:0.0.0.0 192.168.5.1
To:192.168.4.1
EBGP
192.168.5.10
192.168.5.9
WITHWITH synchronization
BGP basic configuration
192.168.3.1
192.168.3.2
61
Injecting Routes into BGP
• Routes may be injected into BGP:– Statically (redistribute static)– Semidynamically (network command)– Dynamically (from an IGP)
• Statically injected routes are stable, but it must be assured that the route goes down when the link goes down (interface-associated).
• Semidynamic method is more effective - it allows injection of a selected set of IGP routes. This method assures good stability!
• Dynamical injection of the whole IGP routing table is not recommended, unless there is a substantial degree of control within the AS and there is a large number of network prefixes.
62
Common Injection Problems
• Injection of private IP addresses (RFC 1918)• Injection of reserved and unallocated addresses• Injection of small networks, filtered by some backbone ISP’s• Injection of a classful network - lack of “ip classless” command
– Best known case - network 62/8, upon startup of its exploatation.
• Unstable routes, route flapping• Paperwork and procedural problems
– Injection without proper documenting in an Internet routing registry (IRR)– Inconsistency between the data in the IRR and the applied routing policy– Changing routing policy, without notificating ANS.
63
BGP basic configuration - injecting information
Information about networks can be injected via 3 different ways:
with network command - this is only possibilityonly possibility to announce a network; network will be announced only if router know how to route this network
with redistribute static routes
with redistribute from some IGP protocol
64
BGP basic configuration - injecting information
AS 65100
router bgp 65100neighbor 172.16.1.1 remote-as 65300network 192.168.2.0 mask 255.255.255.0redistribute staticredistribute ospf 16
!ip route 192.168.40.0 255.255.255.0 1.1.1.2!router ospf 16
network 1.1.0.0 255.255.0.0 area 0
1.1.1.0/24
AS 65300172.16.1.2 172.16.1.1
65
Backdoors
• Learning of routing information from different routing protocols is very common.
• For example, the same route (say, 10.91/1610.91/16) may be learnt via BGP (from another BGP speaker), OSPF (from a router inside of AS), static route etc.
• Table of precedence is given on the left - less distance, more preference. The values are changeable.
Protocol DistanceDirect 0Static 1EBGP 20EIGRP (int.) 90IGRP 100OSPF 110ISIS 115RIP 120EGP 140EIGRP (ext.) 170IBGP 200BGP Local 200Unknown 255
66
Backdoors - Example
• Routers A, B and C learn about the same route (10.1/1610.1/16) using EBGP sessions.• However, a direct line between border routers A and C is established.• If the routing information between A and C is exchanged using OSPF, then:
– Router B will announce 10.1/1610.1/16 to C, distance value being 2020.– Router A will annoucne 10.1/1610.1/16 to C, using OSPF, distance value being 110110.– Thus, route via AS2 and router B will always have a precedence.
• This can be changed used a “network a.b.c.d backdoor” command, which raises distance value to 200, placing it less preferred than OSPF.
AA
BB
CC
10.1/1610.1/16EBGPEBGP
10.1/1610.1/16EBGPEBGP
10.1/1610.1/16OSPFOSPF
AS 1AS 1 AS 3AS 3
AS 2AS 2
10.1/1610.1/16
67
Decision-making Process
• The router receives a pool of routes from its peers, by BGP updates.• Input policies are being performed to filter-out update messages.• BGP routing table is being updated and the best route selected.• The best route gets installed in the IP routing table.• A set of output policies is being used to determine what routes
should be advertised further, with what attributes.
Inputpolicies
BGPBGProutingrouting
tabletable
IProutingtable
Outputpolicies UpdatesUpdates
BGP attributes BGP attributes -- play the most important role in theplay the most important role in theroute selection process!route selection process!
68
BGP Path Attributes
• Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.).
• Used in decision-making process of a BGP process on the routers.• Format: attribute typeattribute type, , attribute lengthattribute length, , attribute valueattribute value• Well-known attributes - must be supported by all implementations:
– Well-known mandatory - must be present in each update (e.g. AS path)– Well-known discretionary - may or may not be present in each update
• Optional attributes - not required by all BGP implementations:– Optional transitive - the attribute must be passed to other BGP speakers.– Optional non-transitive - should be ignored and not passed to others.
69
NEXT_HOP Attribute
• With most IGPs, the next hop to a route is the IP address of the connected interface of the router that has announced the route.
• When speaking of BGP, the next hop is:– EBGP - the IP address of the neighbor that announced the route.– IBGP -
– For routes originated inside the AS - the IP address of the neighbor that announced the route.
– For routes outside the AS (that came via EBGP) - the next hop is carried unaltered (IP address of the external neighbor).
– On multiaccess media - the IP address of the interface connected to the media.
70
NEXT_HOP - Example
• Router C runs an EBGP session with router D and learns the route 10.91.8/2410.91.8/24.– Since this is an EBGP-learnt route, the next hop will be 1.1.1.11.1.1.1 (neighbor D interface)
• Router A runs an IBGP session with router C and learns the route 10.91.1/2410.91.1/24.– Since this is an IBGP-learnt route, locally originated, the next hop will be 2.2.2.22.2.2.2 .
• Router A also learns the route the route 10.91.8/2410.91.8/24 from the router C.– Since this is an IBGP-learnt route, externally originated, the next hop will be 1.1.1.11.1.1.1.
DD
AA
BB
CC
IBGPIBGP
10.91.1/2410.91.1/24
10.91.8/2410.91.8/24
1.1.1.11.1.1.1
2.2.2.22.2.2.2
3.3.3.33.3.3.3
EBGPEBGP
71
NEXT_HOP and Multi-access Media
• Router C learns the route to 11.1.2/2411.1.2/24 from router A, using OSPF.• Router B runs an EBGP session with router C and learns the route 11.1.2/2411.1.2/24.• Question: What is the next hop to 11.1.2/2411.1.2/24? Router C?• Answer: Nope! Router A (10.91.8.310.91.8.3!).
CC
10.91.8.110.91.8.1
EBGPEBGP
11.1.2/2411.1.2/24
10.91.8.310.91.8.3
BBAA
10.91.8.210.91.8.2
OSPFOSPF
On multi-access media (Ethernet, FDDI etc.) a router shouldadvertise the actual source of the route as the next hop, if
the source is on the same multi-access media as the router!
72
NEXT_HOP and NBMA (FR, ATM)
• Router B learns the route to the network 11.11.11/2411.11.11/24 from C by OSPF.• If nothing specified, router B will advertise 11.11.11/2411.11.11/24 to A by BGP, placing the
address of router C (10.91.1.310.91.1.3) as the next hop.• Routers A and C are not directly connected by a PVC and this will fail.• Solution: the router B should always install itself as the next hop for routes
learnt from the router C. This is done by using “next-hop-self”parameter in the “neighbor” command.
CC
10.91.1.210.91.1.2
10.91.1.110.91.1.1
BB
AA
11.11.11/2411.11.11/24
Frame RelayNetwork
10.91.1.310.91.1.3EBGPEBGP
OSPFOSPF
73
BGP basic configuration - next hop attribute
Next hopNext hop attribute is defining next hop interface to reach IP address (network).In BGP, next hop attribute is taking 3 different values:
EBGP - the next hop is the IP address of the neighbor that announced the route
IBGP - for routes originated inside the AS, the next hop is the IP address of the neighbor that announced the route
IBGP - for routes injected into the AS via EBGP, the next hop is the IP address of the EBGP neighbor from which the route was learned
when the route is advertised on a multiaccess media, the next hop is the IP address of interface of router, connected to that media, that originated the route
74
BGP basic configuration - next hop attribute
Inside an AS, in some situation it is necessary to modify value of next hop attribute. This is very important attribute for network reachability, especially if we redistribute BGP information in IGP protocol.
Next hopNext hop attribute can be modified through route mapwith:neighbor {ip-address | peer-group-name} next-hop-self
Next hopNext hop attribute
75
BGP basic configuration - next hop attribute
AS 65100
1.1.1.0/241.1.1.0/24
AS 65300
172.16.1.1
172.16.1.2
EBGP IBGP
192.168.3.1Serial 0192.168.3.2
with defaultwith default next hop attribute value
router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300no synchronization
routing table:dest. next hop1.1.1.0/24 172.16.1.2192.168.3.0/24 Serial 0172.16.1.0/24 ?????
76
BGP basic configuration - next hop attribute
AS 65100
1.1.1.0/241.1.1.0/24
AS 65300
172.16.1.1
172.16.1.2
EBGP IBGP
192.168.3.1Serial 0192.168.3.2
with modifiedwith modified next hop attribute value
router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300neighbor 192.168.3.2 nextneighbor 192.168.3.2 next--hophop--selfselfno synchronization
routing table:dest. next hop1.1.1.0/24 192.168.3.1192.168.3.1192.168.3.0/24 Serial 0
77
AS_Path Attribute
• Sequence of AS numbers a route has traversed to reach a destination• The AS originating the route adds its own AS number and forwards
the update further.• Each AS, receiving the update add (prepend) its own AS number at
the beginning of the sequence and forwards the update further.• At the end, each route will contain the sequence of AS numbers the
update message has traversed. The shortest AS path is preferredThe shortest AS path is preferred!• To prevent routing loops, if an AS finds itself prior in the AS
sequence (which means that update traversed it once) - it will discard the update and stop forwarding it further.
• When traversing through the same AS (IBGP), AS_Path is left untouched.
78
AS_Path - Example
AS 286
AS 27
AS 5377
AS 3 AS 11
147.91 /16Path: 286
147.91 /16Path: 286
147.91 /16Path: 3 - 286
147.91 /16Path: 11 - 3 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 286
147.91 /16Path: 27 - 3 - 286
79
AS_Path Prepending
• From AS12, there are two paths to AS300. Path 400 - 300 is better.• However, the administrator might want to prefer the other path.• There are many ways to do so, of which AS number prepending is
the most simple one.
AS 12AS 12
AS 100AS 100
AS 400AS 400
AS 200AS 200
AS 300AS 300
10.91 /1610.91 /16300300
10.91 /1610.91 /1630030010.91 /1610.91 /16
400 300400 300
10.91 /1610.91 /16200 300200 300
10.91 /1610.91 /16
100 200 300
100 200 300
80
AS_Path Prepending
• When an update wants to leave the AS, AS number is prepended.• That number might be prepended multiple times.• For example, let’s prepend AS300 three times (300 300 300 300 300300).• Now, instead of 400 300400 300, at AS12 we have 400 300400 300 300300 300300 300300.• Automatically, the other path (100 200 300100 200 300) will be shorter.
AS 12AS 12
AS 100AS 100
AS 400AS 400
AS 200AS 200
AS 300AS 300
10.91 /1610.91 /16300300
10.91 /1610.91 /16300 300 300300 300300 300300
10.91 /1610.91 /16200 300200 300
10.91 /1610.91 /16
100 200 300
100 200 300
10.91 /1610.91 /16400 300 400 300 300300 300300 300300
81
Local Preference Attribute
• Degree of preference given to a route to compare it with other routes for the same destination. The highest local preference is preferredThe highest local preference is preferred!
• This attribute is defined locally in the AS.• This attribute is valid for all BGP speakers within the same AS.• It is being exchanged normally via IBGP, but not via EBGP.• Used to set the exit point from the AS for a certain destination.• It affects outgoingoutgoing traffic from the AS only. Incoming traffic will
still have a possibility to reach from an arbitary AS entry/exit point (unless AS path prepending or similar technique is not applied).
• Cisco Systems have defined a similar attribute, but valid for the local BGP speaker only - not exchanged even with other speakers in the same AS. It’s called WEIGHT attribute.
82
Local preference - Example
• Both AS200 and AS300 offer the route 10.91/1610.91/16.• However, the path to AS300 may be preferred (higher bandwidth).• The administrator of the router A sets local_pref 200 for that route.• The administrator of the router B sets local_pref 300 for that route.• A and B exchange local_pref attributes and agree on preference.• Incoming traffic may go via either link - local_pref doesn’t have any impact on it!
AS 12AS 12
ISP AAS 100AS 100
ISP BAS 300AS 300
NNAAPP
AS500AS50010.91/1610.91/1610.91 /1610.91 /16
Local Local prefpref = 200= 200
10.91 /1610.91 /16Local Local prefpref = 300= 300
10.91/1610.91/16
10.91/1610.91/16
10.91/1610.91/16
10.91/1610.91/16
AA
BB
83
BGP basic configuration - attributes
Local preferenceLocal preference attribute can be modified through routemap with: set local-preference valueor withbgp default local-preference value
Local preference attribute is part of the routing update and is exchanged among routers in the samein the same AS.
84
BGP basic configuration - local preference attribute
AS 1
10.4.4.0/24
AS 5AS 6
AS 3
1.1.1.11.1.2.1
1.1.1.21.1.2.2
1.1.3.1
router bgp 3neighbor 1.1.2.1 remote-as 6neighbor 1.1.3.1 remote-as 3bgp default local-preference 200
router bgp 3neighbor 1.1.1.1 remote-as 5neighbor 1.1.3.2 remote-as 3bgp default local-preference 150router# show ip bgp
BGP table version 9, local router ID is 1.1.3.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 150 5 1 i*> 10.4.4.0/24 1.1.2.1 0 200 6 1 i
1.1.3.2
85
BGP basic configuration - local preference attribute
AS 1
10.4.4.0/24
AS 5AS 6
AS 3
1.1.1.11.1.2.1
1.1.1.21.1.2.2
1.1.3.1
router bgp 3neighbor 1.1.3.1 remote-as 3neighbor 1.1.2.1 remote-as 6 neighbor 1.1.2.1 route-map SD in
ip as-path 7 permit ^6 ?[0-9]*$route-map SD permit 10
match as-path 7set local-preference 300
route-map SD permit 20
1.1.3.2
router# show ip bgpBGP table version 9, local router ID is 1.1.3.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 100 5 1 i*> 10.4.4.0/24 1.1.2.1 0 300 6 1 i
86
BGP basic configuration - local-preference attribute
AS 65100
1.1.1.0/241.1.1.0/24
AS 65300
172.16.1.1
172.16.1.2
EBGP IBGP
192.168.3.1Serial 0192.168.3.2
router bgp 65300neighbor 172.16.1.2 remote-as 65100neighbor 192.168.3.2 remote-as 65300bgpbgp default localdefault local--preference 200preference 200
BGP table:dest. local preference1.1.1.0/24 200200
87
Multi-exit Discriminator (MED)
• Hint to external neighbors about the preferred path into an AS with multiple exit points. The lowest MED is preferredThe lowest MED is preferred!
• Exchanged between AS’s.• Not transitive - once it enters an AS it doesn’t get transmitted in the
further updates to other neighbors!• When the route is originated by the AS itself, MED for it follows its
IGP metric, which is useful for multiple connections to the same ISP.• At the same time, MED’s reflect the internal topology of an AS.• Only MED’s for paths from the same neighbor AS are compared.
This behaviour may be changed by using “always-compare-med”.
88
MED - Example
• Routers C and D (AS200AS200), as well as router B (AS20AS20) offer the route to 10.91/1610.91/16.• Normally, router A will compare MED’s from routers C and D (AS200AS200 only!).• The router A will chose MED=120 and, therefore, the route via the router C.• If “always-compare-med” is used, it will also take into account router B MED.• In that case the router A will chose MED=50 and, thus, the route via the router B.
AS10AS1000
AS500AS500
AS20AS20MED=50MED=50
MED=200MED=200MED=120MED=120
AABB
CC DD
10.91/1610.91/16
89
ORIGIN Attribute
• Indicates the origin of the routing update, with respect to the AS that originated it.
• BGP considers three types of origins:– IGP - the NLRI at the originating AS is learnt by an IGP– EGP - the NLRI is on the origin learnt by the EGP protocol– INCOMPLETE - NLRI is learnt by some other means (e.g. static)
• Each type of origin is associated a number: IGP=0, EGP=1, INCOMPLETE=2. The lowest ORIGIN value is preferredThe lowest ORIGIN value is preferred!
90
Community Attribute
• Group of destination, sharing some common property.• Communities have no physical boundaries - they are not restricted to
a network or an AS!• A group of IP networks and/or AS’s may form a community, for
which separate routing policies may be set.• Community is a transitive atttributes (passed to other AS’s).• Well-known communities with global meaning (reserved values);
– From 0x00000000 to 0x0000FFFF and from 0xFFFF0000 to 0xFFFFFFFF.– NO_ADVERTISE (0xFFFFFF02) - route in this community - not to be adv.
• Usually, first two bytes are AS number and last is community in AS.• Example: in AS256, good choice is to use 256:1 (0x01000001)• A route may have multiple community attributes. A BGP speaker
may follow one, some or all community attributes in the route.
91
Community Attribute - Example
• Regional multi-homed ISP’s (AS6505AS6505, AS6711AS6711), connect two single-homed branch offices (Bahrain, Muscat).
• The ISP’s announce their routes to their peers, using community attribute: 55:2255:22.• London office is multi-homed (AS55AS55) - we may decide to:
– Use one link for general Internet traffic (but not for traffic to our offices!).– Use another link for the traffic to our offices only!
• Solution: set the router in the London office to: – Accept all routes with community set to 55:2255:22 on the interface Serial0Serial0.– Accept any other route on the interface Serial1Serial1.
Internet
Bahrainoffice
ISPISP
Muscatoffice
ISPISP
AS6505AS6505
AS6711AS6711London office
AS55AS55
92
NO_EXPORT Community - Example
• A customer AS100AS100 with two offices, connected to a WAN is multi-homed.• The customer has two links - each one near one of the offices.• Both links are capable of routing the whole traffic, however this is not efficient.• On the other hand, if we let Bahrain and Muscat offices to announce all more
specific routes, they will be propagated to the NAP.• Solution: set NO_EXPORT community to all routes from AS100 to AS200.• Advertise only the aggregated route to the NAP.
10.91.0/2410.91.0/2410.91.1/2410.91.1/2410.91.2/2410.91.2/24……10.91.15/2410.91.15/24
NNAAPP
10.16/22
AS100AS100AS200AS200
Bahrain
Muscat
NO_EXPORTNO_EXPORT
NO_EXPORTNO_EXPORT
93
BGP Path Selection Criteria
• BGP bases its decision on path selection on the attribute values.• When multiple routes to a same destination exist, the following
sequence of operations is being performed:– If the next hop is inaccessible, the route is ignored.– Prefer the path with the largest WEIGHT parameter.– If the weights are same, prefer the route with the largest local preference.– If the local pref’s are same, prefer the routes with the shortest AS paths.– If AS path length is the same, prefer the route with the loweset ORIGIN.– If origins are the same, prefer the route with the lowest MED.– If the routes have the same MED, prefer EBGP-learnt over IBGP-learnt.– If that fails too, try to find the route with the shortest path to its next hop.– If nothing other helps, the router with lower router ID will be preferred!
95
Objectives• Redundancy
– Building stability by providing alternate default routes in the case of link failure. How to do it?
• Symmetry– Configuring routes in such manner that certain traffic enters and exits an
AS at the same point.
• Load balancing– Capability to divide traffic optimally over multiple links.
• Typical scenarios– Controlling inbound and outbound traffic when multihoming to single
and different ISP’s.
96
Redundancy
• Redundancy - possibility to use a backup link to the global network if the main link fails.
• Redundancy is one of the major goals of BGP.• The most simple technique to achieve redundancy is to introduce
multiple default routes inside the AS.• Default route - 0.0.0.0 /00.0.0.0 /0 - is the least specific route in the router
forwarding table, that is used if more specific route for a destination does not exist (Cisco term: gateway of last resort).
• Default route can be learnt:– Dynamically, via BGP or some IGP.– Statically - manually entered by the operator - it can point to a next hop
IP address, specific router interface or a remote IP network.
97
Dynamically Learnt Default Routes
• To achieve redundancy, default routes from multiple sources will be received.
• One route will always be primary, while other will be backup.• Using local preference, we can always prefer one route over the
other.
Primary
Backup
1.1.1.11.1.1.1
2.2.2.22.2.2.2
EBGPEBGP
EBGPEBGP
IBGPIBGP AS2AS2AS1AS1
set localset local--prefpref100100
set localset local--prefpref5050
98
Statically Set Default Routes
1.1.1.11.1.1.1AS1AS1AS10AS10
10.212/1610.212/16 NNAAPP
AS2AS224.32.64/1824.32.64/18
AS5AS538.2 /1638.2 /16
Serial0Serial0
Default routepointing to a
router interfacerouter interface
Default routepointing to the
next hopnext hop
Default routepointing to a
remote IP networkremote IP network
99
Usage of Static Default Routes
• The customer sets a separate default route to AS2AS2 on each router.• Each static route will point to the remote IP network 38.2 /1638.2 /16.• Using local preference, the customer can always prefer one route
over the other.
Primary
Backup
38.2 /1638.2 /16
38.2 /1638.2 /16
0/00/0
IBGPIBGP AS2AS2AS1AS1
set localset local--prefpref100100
set localset local--prefpref5050
0/00/0
100
Symmetry
• Symmetry: traffic leaving the AS from an exit point comes back trhough the same point.
• In multi-homed environment symmetry is hardly achievable.• In some configurations asymmetry is preferred:
Customernetwork
Satellite
ISPISP
OutboundOutbound
traffictraffic
InboundInbound
traffictraffic
101
Load Balancing
• Capability to divide data traffic over multiple connections.• Load balancing does not mean equal distribution of the load.• Perfectly equal load distribution is rarely achievable.• Load balancing might be done on:
Customer
ISP AISP A
ISP BISP B
ISP CISP C
Outbound trafficOutbound traffic
Customer
ISP AISP A
ISP BISP B
ISP CISP C
Inbound trafficInbound traffic
102
Outbound Traffic Load Balancing
Customer
ISP AISP A
ISP BISP B
ISP CISP C
Outbound traffic load balancing mostly depends on what we’llreceive from our peers.By applying appropriate attributes and route filters we canthe effect of their updates.Outbound traffic will depend on the results of decision-makingprocess of our router.
103
Inbound Traffic Load Balancing
Customer
ISP AISP A
ISP BISP B
ISP CISP C
Inbound traffic mostly depends on what we’ll announce to ourpeers. What we announce is what traffic we’ll get!For example, we may decide to announce 10.1/1610.1/16 to ISP A,10.2/1610.2/16 to ISP B and 10.3/1610.3/16 to ISP C. Traffic to 10.1/1610.1/16 will flow from the link to ISP A, traffic to10.2/1610.2/16 from ISP B and traffic to 10.3/1610.3/16 from ISP C.
104
Basic Topology Scenarios
Cases:• One customer, multihoming to a single ISP.• One customer, multihoming to different ISP’s.• Two customers of the same ISP, with a mutual backup link.Configurations:• Minimal configuration - default routes only.• Primary/backup configuration.• Routing with partial BGP routing table (“customer routes”).• Routing with full BGP routing table (cca 50000 routes!).
105
Multihoming to a Single ISPDefault Only, Primary/Backup
Customer Customer ouboundoubound traffic:traffic:• The customer sets two
separate default routes to AS2AS2 on its router.
• One default will be preferred, using local preference.
• One default will be primary, other one backup.
AS2AS2ISPISP
CustomerCustomerAS1AS1
Customer inbound traffic:Customer inbound traffic:• Customer announces
its IP networks to the ISP AS2AS2.
• If nothing applied by the customer, traffic will flow according to the distance between destination and POP.
AA BB
The user may wantThe user may wantto apply differentto apply different
MEDMED’’ss whenwhenadvertising routes.advertising routes.
106
Multihoming to a Single ISPDefault Only, Primary/Backup + Partial Routing
AS2AS2
ISPISP
AS1AS1
AA BB
YYXX ZZ
C1C1 C2C2 C3C3 C4C4
AA BB
Outbound:Outbound: prefer link via A to reach C1 and C2, link B for others.Inbound:Inbound: prefer link via A to reach X, Y; link via B to reach Z.Default route:Default route: link to the location B is primary, with backup to A.
Local_prefLocal_pref::C1, C2: 300C1, C2: 300other: 200other: 200
Local_prefLocal_pref::C3, C4: 300C3, C4: 300other: 250other: 250
MEDMEDX, Y: 200X, Y: 200other: 300other: 300
MEDMEDZ: 200Z: 200other: 250other: 250
107
Multihoming to Multiple ISP’sDefault only, Primary/Backup
Customer Customer ouboundoubound traffic:traffic:• The customer sets
default routes to AS2AS2and AS3AS3 on its router.
• The default should point to a remote network out of ISP A and ISP B network.
• One default will be preferred, using local preference.
AS2AS2
CustomerCustomerAS1AS1
Customer inbound traffic:Customer inbound traffic:• Customer announces
its IP networks to the ISP AS2AS2.
• If nothing applied by the customer, traffic will flow according to the distance between destination and POP.
AA
MEDMED’’ss cannot becannot beused here! Anotherused here! Anotherapproach must beapproach must be
used !!!used !!!
BB AS3AS3
108
Multihoming to Multiple ISP’sDefault only, Primary/Backup + Partial Routing
AS1AS1
AA
YYXX ZZ
C1C1 C2C2
AA BB
Outbound:Outbound: prefer link via A to reach C1 and C2, link B for others.Default route:Default route: link to the location B is primary, with backup to A.
Local_prefLocal_pref::C1, C2: 300C1, C2: 300other: 200other: 200
Local_prefLocal_pref::C3, C4: 300C3, C4: 300other: 250other: 250
AS2AS2BB
C3C3 C4C4AS3AS3
109
Multihoming to Multiple ISP’sInbound Traffic (AS_Path Prepending Technique)
Task: Use AS2AS2 to reach network X, while AS3AS3 to reach network Y and others.
CustomerCustomerAS21AS21
AS23AS23AS22AS22
XX YY
AS50AS50
AS_PathAS_Path::X: 21X: 21Y: 21Y: 21
AS_PathAS_Path::X: 21X: 21Y: 21Y: 21
AS_PathAS_Path::X: 21X: 21Y: 21 Y: 21 2121 2121 2121
AS_PathAS_Path::X: 21 X: 21 2121 2121 2121Y: 21Y: 21
AS_PathAS_Path::X: 22 21X: 22 21Y: 22 21 Y: 22 21 2121 2121 2121
AS100AS100
AS_PathAS_Path::X: 23 21 X: 23 21 2121 2121 2121
23 50 22 2123 50 22 21Y: 23 21Y: 23 21
23 50 22 21 23 50 22 21 2121 2121 2121
110
Customers of the Same ISP + Mutual Backup
CustomerAS1
ISPISPAS10AS10
CustomerAS2
Task:• From AS1AS1 and AS2AS2 use links to AS10AS10 to access all sites.• If any of the links to AS10AS10 fails, allow transit through the remaining link.AS1 - outbound traffic:• Use two default routes, with preference set for default to AS10AS10. AS1 - inbound traffic:• To AS10AS10 announce routes from AS1AS1, without prepending anything.• To AS2AS2 announce routes from AS1AS1, but prepend AS1AS1 at least 3 times.
AS1: 1 1 1AS1: 1 1 1
AS1: 1AS1: 1 AS1: 1 1AS1: 1 11 2 1 1 11 2 1 1 1
111
BGP maintenance commands
BGP maintenance commands
Beside configuration of BGP process, we must maintain BGP process. For this purpose, there is group of commands for maintaining. We can divide this commands in three groups:
show commands - for checking BGP statusfor checking BGP status
clear commands - for accepting changesfor accepting changes
debug commands - for troubleshootingfor troubleshooting
112
BGP maintenance commands
Show commands
show ip bgp [ cidr-only | community | community-list | filter-list | neighbors | paths | inconsistent-as | peer-group | regexp | summary]
With show ip bgp we can get information about BGP routing table.
router# show ip bgpBGP table version 9, local router ID is 1.1.3.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.4.4.0/24 1.1.1.1 0 150 150 5 1 i*> 10.4.5.0/26 1.1.2.1 0 100 200 23 252 6 1 i
113
BGP maintenance commands
Router# show ip bgpBGP table version is 716977, local router ID is 193.0.32.1Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?*>i 193.0.16.1 0 100 0 1800 1239 ?* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?*>i 193.0.16.1 0 100 0 1800 690 568 ?* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?*>i 193.0.16.1 0 100 0 1800 701 35 ?* 198.92.72.24 0 1878 704 701 35 ?* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?*>i 193.0.16.1 0 100 0 1800 690 560 ?* 198.92.72.24 0 1878 704 701 560 ?* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?*>i 193.0.16.1 0 100 0 1800 690 200 ?* 198.92.72.24 0 1878 704 701 200 ?* i15.0.0.0 193.0.22.1 0 100 0 1800 174 ?*>i 193.0.16.1 0 100 0 1800 174 ?* i16.0.0.0 193.0.22.1 0 100 0 1800 701 i*>i 193.0.16.1 0 100 0 1800 701 i* 198.92.72.24 0 1878 704 701 i
114
BGP maintenance commands
With show ip bgp cidr-only we can get information about non-standard networks in BGP routing table. This is network CIDR network masks.
Router# show ip bgp cidr-onlyBGP table version is 220, local router ID is 198.92.73.131Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path*> 192.0.0.0/8 198.92.72.24 0 1878 ?*> 198.92.0.0/16 198.92.72.30 0 108 ?
115
BGP maintenance commands
To get information about networks which belongs to specified BGP community, we can use
show ip bgp community community-number [exact]
Router# show ip bgp community 10BGP table version is 716977, local router ID is 193.0.32.1Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?*>i 193.0.16.1 0 100 0 1800 1239 ?* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?*>i 193.0.16.1 0 100 0 1800 690 568 ?* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?*>i 193.0.16.1 0 100 0 1800 701 35 ?* 198.92.72.24 0 1878 704 701 35 ?* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?*>i 193.0.16.1 0 100 0 1800 690 560 ?* 198.92.72.24 0 1878 704 701 560 ?* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?*>i 193.0.16.1 0 100 0 1800 690 200 ?* 198.92.72.24 0 1878 704 701 200 ?
116
BGP maintenance commands
To display routes that are permitted by the BGP community list, we use:
show ip bgp community-list community-list-number [exact]
To display routes that conform to a specified filter list, we use:
show ip bgp filter-list access-list-number
If we have next filter list:
ip as-path access-list ^109 108$
then we will get next results:
117
BGP maintenance commands
Router# show ip bgp filter-list 2BGP table version is 1738, local router ID is 198.92.72.24Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* 198.92.0.0 198.92.72.30 0 109 108 ?* 198.92.1.0 198.92.72.30 0 109 108 ?* 198.92.11.0 198.92.72.30 0 109 108 ?* 198.92.14.0 198.92.72.30 0 109 108 ?* 198.92.15.0 198.92.72.30 0 109 108 ?* 198.92.16.0 198.92.72.30 0 109 108 ?* 198.92.17.0 198.92.72.30 0 109 108 ?* 198.92.18.0 198.92.72.30 0 109 108 ?* 198.92.19.0 198.92.72.30 0 109 108 ?* 198.92.24.0 198.92.72.30 0 109 108 ?* 198.92.29.0 198.92.72.30 0 109 108 ?* 198.92.30.0 198.92.72.30 0 109 108 ?
118
BGP maintenance commands
To display routes with inconsistent originating autonomous systems, we use:
show ip bgp inconsistent-as
Router# show ip bgp inconsistent-asBGP table version is 87, local router ID is 172.19.82.53Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* 11.0.0.0 171.69.232.55 0 0 300 88 90 99 ?*> 171.69.232.52 2222 0 400 ?* 171.69.0.0 171.69.232.55 0 0 300 90 99 88 200 ?*> 171.69.232.52 2222 0 400 ?* 200.200.199.0 171.69.232.55 0 0 300 88 90 99 ?*> 171.69.232.52 2222 0 400 ?
119
BGP maintenance commands
To display information about the TCP and BGP connections to neighbors, we use:show ip bgp neighbors address [received routes]
Router# show ip bgp neighborsBGP neighbor is 134.24.127.3, remote AS 1740, external linkIndex 1, Offset 0, Mask 0x2ebgp peer-group memberBGP version 4, remote router ID 134.24.99.3BGP state = Established, table version = 2185429, up for 2d11hLast read 00:00:19, hold time is 180, keepalive interval is 60 secondsMinimum time between advertisement runs is 30 secondsReceived 277877 messages, 0 notifications, 0 in queueSent 9826 messages, 0 notifications, 0 in queueOutgoing update network filter list is 100Connections established 3; dropped 2Last reset 2d12h, due to Peer closing down the sessionNo. of prefix received 48809External BGP neighbor may be up to 255 hops away.
BGP maintenance commandsConnection state is ESTAB, I/O status: 1, unread input bytes: 0Local host: 198.32.162.100, Local port: 14958Foreign host: 134.24.127.3, Foreign port: 179
Enqueued packets for retransmit: 0, input: 0, saved: -37
Event Timers (current time is 0x2388D21C):Timer Starts Wakeups NextRetrans 3625 22 0x0TimeWait 0 0 0x0AckHold 23590 17252 0x0SendWnd 0 0 0x0KeepAlive 0 0 0x0GiveUp 0 0 0x0PmtuAger 0 0 0x0
iss: 460572470 snduna: 460640919 sndnxt: 460640919 sndwnd: 16251irs: 460628140 rcvnxt: 465343152 rcvwnd: 32614 delrcvwnd: 154
SRTT: 405 ms, RTTO: 1290 ms, RTV: 240 ms, KRTT: 0 msminRTT: 28 ms, maxRTT: 1248 ms, ACK hold: 300 msFlags: higher precedence, nagle, path mtu capable
Datagrams (max data segment is 536 bytes):Rcvd: 29668 (out of order: 806), with data: 26160, total data bytes: 4715011Sent: 29316 (retransmit: 22), with data: 3602, total data bytes: 68448
121
BGP maintenance commands
To display all the BGP paths in the database, we use:show ip bgp paths
Router# show ip bgp pathsAddress Hash Refcount Metric Path0x297A9C 0 2 0 i0x30BF84 1 0 0 702 701 ?0x2F7BC8 2 235 0 ?0x2FA1D8 3 0 0 702 701 i
122
BGP maintenance commands
To display information about BGP peer groups, we use:show ip bgp peer-group [tag] [summary]
Router# show ip bgp peer-group0 internalBGP neighbor is internal, peer-group leader
BGP version 4Minimum time between advertisement runs is 5 secondsIncoming update AS path filter list is 2Outgoing update AS path filter list is 1Route map for outgoing advertisements is set-med
123
BGP maintenance commands
To display routes matching the regular expression, we use:show ip bgp regexp regular-expression
Router# show ip bgp regexp 108$BGP table version is 1738, local router ID is 198.92.72.24Status codes: s suppressed, * valid, > best, i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path* 198.92.0.0 198.92.72.30 0 109 108 ?* 198.92.1.0 198.92.72.30 0 109 108 ?* 198.92.11.0 198.92.72.30 0 109 108 ?* 198.92.14.0 198.92.72.30 0 109 108 ?* 198.92.15.0 198.92.72.30 0 109 108 ?* 198.92.16.0 198.92.72.30 0 109 108 ?* 198.92.17.0 198.92.72.30 0 109 108 ?* 198.92.18.0 198.92.72.30 0 109 108 ?* 198.92.19.0 198.92.72.30 0 109 108 ?* 198.92.24.0 198.92.72.30 0 109 108 ?* 198.92.29.0 198.92.72.30 0 109 108 ?
124
BGP maintenance commands
To display the status of all BGP connections, we use:show ip bgp summary
Router# show ip bgp summaryBGP table version is 717029, main routing table version 71702919073 network entries (37544 paths) using 3542756 bytes of memory691 BGP path attribute entries using 57200 bytes of memoryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State193.0.16.1 4 1755 32642 2973 717029 0 0 1:27:11 193.0.17.1 4 1755 4790 2973 717029 0 0 1:27:51 193.0.18.1 4 1755 7722 3024 717029 0 0 1:28:13 193.0.19.1 4 1755 0 0 0 0 0 2d02 Active193.0.20.1 4 1755 3673 3049 717029 0 0 2:50:10 193.0.21.1 4 1755 3741 3048 717029 0 0 12:24:43 193.0.22.1 4 1755 33129 3051 717029 0 0 12:24:48 193.0.23.1 4 1755 0 0 0 0 0 2d02 Active193.0.24.1 4 1755 0 0 0 0 0 2d02 Active193.0.25.1 4 1755 0 0 0 0 0 2d02 Active193.0.26.1 4 1755 0 0 0 0 0 2d02 Active193.0.27.1 4 1755 4269 3049 717029 0 0 12:39:33 193.0.28.1 4 1755 3037 3050 717029 0 0 2:08:15 198.92.72.24 4 1878 11635 13300 717028 0 0 0:50:39
125
BGP maintenance commands
After each changes, it is necessary to reset BGP TCP connection to the peer. This can be done with:
clear ip bgp {* | address | peer-group name} [soft [in | out]]
If we use soft argument, then TCP connection will NOT be reset. Instead of this, router will send only update messages.
126
BGP maintenance commands
In order to generate new inbound updates without resetting the BGP session, the local BGP speaker should store all the receivedupdates without modification regardless of whether it is accepted or denied by the current inbound policy.
To allow inbound reconfiguration, BGP should be informed to store all received updates. Outbound reconfiguration does not require pre-configuration.
To configure BGP soft configuration, we use:
neighbor {ip-address | peer-group-name} soft reconfiguration
127
BGP maintenance commands
To adjust BGP network timers, we use:
timers bgp keepalive holdtime
where:keepalive - Frequency, in seconds, with which the
Cisco IOS software sends keepalive messages to its peer. The default is 60 seconds.
holdtime - Interval, in seconds, after not receiving a keepalive message that the software declares a peer dead. The default is 180 seconds.
128
BGP maintenance commands
For troubleshooting, on the Internet exist few servers which is offering BGP related information. One of them is
route-views.oregon-ix.net
which is CISCO 2500 series router with BGP. Access to this router is unlimited.
129
Route flap dampening
Route Flap Dampening
is a mechanism for minimizing the instability caused by route flapping.
The following terms are used to describe route flap dampening:
Penalty - A numeric values that is assigned to a route when it flaps.
Half-life time - A configurable numeric value that describes the time required to reduce the penalty by one half (default 15 min).
130
Route flap dampening
Suppress limit - A numeric values that is compared with the penalty. If the penalty is greater than the suppress limit, the route is suppressed (default is 2000).Suppressed - A route that is not advertised even though it is up. A route is suppressed if the penalty is more than the suppressed limit.Reuse limit - A configurable numeric value that is compared with the penalty. If the penalty is less than the limit, a suppressed route that is up will no longer be suppressed (default is 750).History entry - An entry that is used to store flap information about a route that is down.
131
Route flap dampening
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
0
1
2
3
4
Suppress-Limit
Reuse-Limit
Pena
lty
Time
132
Route flap dampening
To enable BGP route dampening or change various BGP route dampening factors, we use:
bgp dampening [half-life reuse suppress max-suppress-time] [route-map map]
To clear route dampening statistics, we use:
clear ip bgp flap-statistics [{regexp regexp} | {filter-list list} | {address mask}]
133
Route flap dampening
For maintenance purpose, we must see information about router flap dampening. To display BGP dampened routes, we use:
show ip bgp dampened-paths
To display BGP flap statistics, we use:
show ip bgp flap-statistics [{regexp regexp} | {filter-listlist} | {address mask [longer-prefix]}]