Embed Size (px)
Citation preview
Università degli Studi Roma TreDipartimento di Informatica e AutomazioneComputer Networks Research Group
netkit lab
bgp: transit as
possible architectures for a transit provider, bad interactions between igp and bgp routing protocols, configuration of tunnels
Description
http://www.netkit.org/Web
Luca Cittadini, Giuseppe Di Battista, Massimo Rimondini
Author(s)
1.4Version
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
scenario
� a transit as
� receives and propagates the full bgp routing table from/to its neighbors(customers, peers, providers)
� receives and forwards traffic across its neighbors
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
scenario
transit as
isp 1 isp 2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: requirements
� problem: border routers must know each other’s routes
� solution: ibgp peerings (possibly full mesh)
transit as
isp 1 isp 2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: requirements
� problem: someone must tell bgp how to reach external next hops (recursive lookup)
� solution: igp
transit as
isp 1 isp 2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: requirements
� problem:� ibgp carries announcements between border routers
� igp carries traffic between border routers
so...� consistent routing between ibgp and igp must be guaranteed� even in the presence of bgp routing policies
� ibgp and igp should never disagree on the route to a destination
� solution: ???
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: degrees of freedom
� internal routers must support traffic flows from/to neighboring ases� choice 1: redistribute bgp routes into the igp
� overgrowth of igp routing tables
� update churn from bgp affects the igp
� choice 2: route traffic flowing through via an ad-hoc overlay� internal routers know about border routers only
� bgp updates leak into the igp only if this changes the choice of the egress routers
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
how to read
� browse through all the slides
� concentrate on specific topics� redistribution of bgp into the igp
� peering setup using loopback interfaces
� forwarding loops
� bad cross-protocol event timings
� administrative distance
� setup of an overlay network using tunnels
� asymmetric routing
Università degli Studi Roma TreDipartimento di Informatica e AutomazioneComputer Networks Research Group
network topology
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20
AS100
AS30
TRANSIT
ISP ISP
CUSTOMER
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
RIP
RIP
RIP
eBGP
eBGP
eBGP eBGP
RIP RIP
RIP
iBGP
iBGP
iBGP
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
12.0.0.y
11.0.0.x
10.0.0.w
AS10
AS20 AS30
AS100
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
eth02
AS10
AS20 AS30
AS100
eth01
A 11.0.0.0/30
eth11
eth210
eth02
eth09
eth15
eth16 eth2
5eth1
6 eth29
eth110
D 10.0.0.8/3010.0.0.0/30 E
F
10.0.0.4/30
B
11.0.0.4/30
C
11.0.0.8/30
eth02H I
eth06
eth05
eth19
eth010
eth114
eth113
eth21
M
100.0.0.0/8
lo2.2.2.2
lo3.3.3.3
lo1.1.1.1
12.0.0.0/30 12.0.0.4/30
eth01
G L
12.0.0.12/3012.0.0.8/30
© Computer Networks Research Group Roma Tre
Università degli Studi Roma TreDipartimento di Informatica e AutomazioneComputer Networks Research Group
choice 1
redistribution
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: interesting configurations
� bgp routing information is injected into rip
router ripnetwork eth1redistribute connectedredistribute bgp
router ripnetwork eth1redistribute connectedredistribute bgp
zebra rip configuration file
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: interesting configurations
� bgp routing information is injected into rip
router ripnetwork eth1redistribute connectedredistribute bgp
router ripnetwork eth1redistribute connectedredistribute bgp
zebra rip configuration file
rip speaking interfaces can be specified by their name or network
address
rip speaking interfaces can be specified by their name or network
address
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: bgp peerings
� bgp peerings are established on loopback interfaces� improved resiliency
� the peering stays up even if all the router’s physical interfaces are down
� two loopbacks for each border router of as10� ifconfig lo:1 2.2.2.2 netmask 255.255.255.255 up
� lo:1 is an ip alias used for the peerings
� the usual loopback address, lo , is still available
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: bgp peerings
� be careful when configuring peerings on the loopbacks
� bgp complains if the source address of OPEN messages from a neighbor does not match the neighbor’s address configured in the peering (in this case, the loopback address)
� bgp messages come out of a physical interface, whose address is different from the loopback’s
� need to force the source address of bgp messages� update-source
� cisco says:You only have to use the update-source command when someone is peering to your loopback address
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: bgp peerings
� note� update-source accepts an ip address or an interface
name� zebra does not allow to set the update-source to an alias
interface (e.g., lo:1 )
router bgp 10network 10.0.0.0/8network 12.0.0.0/30neighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 update-source 2.2.2.2neighbor 1.1.1.1 description as10rt1(iBGP)neighbor 3.3.3.3 remote-as 10neighbor 3.3.3.3 update-source 2.2.2.2neighbor 3.3.3.3 description as10rt3(iBGP)
router bgp 10network 10.0.0.0/8network 12.0.0.0/30neighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 update-source 2.2.2.2neighbor 1.1.1.1 description as10rt1(iBGP)neighbor 3.3.3.3 remote-as 10neighbor 3.3.3.3 update-source 2.2.2.2neighbor 3.3.3.3 description as10rt3(iBGP)
zebra bgp configuration file
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as10rt2:~# less /etc/zebra/bgpd.conf as10rt2:~# less /etc/zebra/bgpd.conf as10rt2:~# less /etc/zebra/bgpd.conf as10rt2:~# less /etc/zebra/bgpd.conf hostname as10rt2hostname as10rt2hostname as10rt2hostname as10rt2----bgpdbgpdbgpdbgpdpassword zebrapassword zebrapassword zebrapassword zebra............!!!!routerouterouteroute----map dePref permit 10map dePref permit 10map dePref permit 10map dePref permit 10
set localset localset localset local----preference 10preference 10preference 10preference 10!!!!router bgp 10router bgp 10router bgp 10router bgp 10
network 10.0.0.0/8network 10.0.0.0/8network 10.0.0.0/8network 10.0.0.0/8network 12.0.0.0/30network 12.0.0.0/30network 12.0.0.0/30network 12.0.0.0/30neighbor 1.1.1.1 remoteneighbor 1.1.1.1 remoteneighbor 1.1.1.1 remoteneighbor 1.1.1.1 remote----as 10as 10as 10as 10neighbor 1.1.1.1 updateneighbor 1.1.1.1 updateneighbor 1.1.1.1 updateneighbor 1.1.1.1 update----source losource losource losource loneighbor 1.1.1.1 description as10rt1(iBGP)neighbor 1.1.1.1 description as10rt1(iBGP)neighbor 1.1.1.1 description as10rt1(iBGP)neighbor 1.1.1.1 description as10rt1(iBGP)neighbor 3.3.3.3 remoteneighbor 3.3.3.3 remoteneighbor 3.3.3.3 remoteneighbor 3.3.3.3 remote----as 10as 10as 10as 10neighbor 3.3.3.3 updateneighbor 3.3.3.3 updateneighbor 3.3.3.3 updateneighbor 3.3.3.3 update----source losource losource losource loneighbor 3.3.3.3 description as10rt3(iBGP)neighbor 3.3.3.3 description as10rt3(iBGP)neighbor 3.3.3.3 description as10rt3(iBGP)neighbor 3.3.3.3 description as10rt3(iBGP)neighbor 12.0.0.2 remoteneighbor 12.0.0.2 remoteneighbor 12.0.0.2 remoteneighbor 12.0.0.2 remote----as 20as 20as 20as 20neighbor 12.0.0.2 description as20r1(eBGP)neighbor 12.0.0.2 description as20r1(eBGP)neighbor 12.0.0.2 description as20r1(eBGP)neighbor 12.0.0.2 description as20r1(eBGP)neighbor 12.0.0.2 routeneighbor 12.0.0.2 routeneighbor 12.0.0.2 routeneighbor 12.0.0.2 route----map dePref inmap dePref inmap dePref inmap dePref inneighbor 12.0.0.2 prefixneighbor 12.0.0.2 prefixneighbor 12.0.0.2 prefixneighbor 12.0.0.2 prefix----list noDefault inlist noDefault inlist noDefault inlist noDefault in
/etc/zebra/bgpd.conf/etc/zebra/bgpd.conf/etc/zebra/bgpd.conf/etc/zebra/bgpd.conf
transit as: some other flavouring
as10rt2as10rt2
as10rt2 prefers using the egress router as10rt3
as10rt2 prefers using the egress router as10rt3
© Computer Networks Research Group Roma Tre
B
H
FC
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: routing tables
as10r6as10r6as10r6as10r6----ripd> show ip ripripd> show ip ripripd> show ip ripripd> show ip ripCodes: R Codes: R Codes: R Codes: R ---- RIP, C RIP, C RIP, C RIP, C ---- connected, O connected, O connected, O connected, O ---- OSPF, B OSPF, B OSPF, B OSPF, B ---- BGPBGPBGPBGP
(n) (n) (n) (n) ---- normal, (s) normal, (s) normal, (s) normal, (s) ---- static, (d) static, (d) static, (d) static, (d) ---- default, (r) default, (r) default, (r) default, (r) ---- redistribute,redistribute,redistribute,redistribute,(i) (i) (i) (i) ---- interfaceinterfaceinterfaceinterface
Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From TimeTimeTimeTimeR(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 02:5802:5802:5802:58R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5802:5802:5802:58C(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfR(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5802:5802:5802:58R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 02:4302:4302:4302:43C(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfR(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55as10r6as10r6as10r6as10r6----ripd> ripd> ripd> ripd> ████
as10r6as10r6
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: routing tables
as10r6as10r6as10r6as10r6----ripd> show ip ripripd> show ip ripripd> show ip ripripd> show ip ripCodes: R Codes: R Codes: R Codes: R ---- RIP, C RIP, C RIP, C RIP, C ---- connected, O connected, O connected, O connected, O ---- OSPF, B OSPF, B OSPF, B OSPF, B ---- BGPBGPBGPBGP
(n) (n) (n) (n) ---- normal, (s) normal, (s) normal, (s) normal, (s) ---- static, (d) static, (d) static, (d) static, (d) ---- default, (r) default, (r) default, (r) default, (r) ---- redistribute,redistribute,redistribute,redistribute,(i) (i) (i) (i) ---- interfaceinterfaceinterfaceinterface
Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From TimeTimeTimeTimeR(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 02:5802:5802:5802:58R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 10.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5802:5802:5802:58C(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfR(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5802:5802:5802:58R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 02:4302:4302:4302:43C(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfR(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 R(n) 12.0.0.0/30 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.4/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.8/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 R(n) 12.0.0.12/30 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 R(n) 20.0.0.0/8 10.0.0.5 3 10.0.0.5 02:4302:4302:4302:43R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 30.0.0.0/8 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 R(n) 100.0.0.0/8 11.0.0.10 2 11.0.0.10 02:5502:5502:5502:55as10r6as10r6as10r6as10r6----ripd> ripd> ripd> ripd> ████
as10r6as10r6
routing tables of the internal routers of as10are unnecessarily large, due to redistribution of bgp routes
routing tables of the internal routers of as10are unnecessarily large, due to redistribution of bgp routes
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdTrying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Connected to as20r1.Connected to as20r1.Connected to as20r1.Connected to as20r1.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.
Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).............as20r1as20r1as20r1as20r1----bgpd> enable bgpd> enable bgpd> enable bgpd> enable as20r1as20r1as20r1as20r1----bgpd# configure terminal bgpd# configure terminal bgpd# configure terminal bgpd# configure terminal as20r1as20r1as20r1as20r1----bgpd(config)# router bgp 20bgpd(config)# router bgp 20bgpd(config)# router bgp 20bgpd(config)# router bgp 20as20r1as20r1as20r1as20r1----bgpd(configbgpd(configbgpd(configbgpd(config----router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown ████
as20r1as20r1
transit as: playing with the backup
� let’s bring as100 ’s primary link down� expected result: traffic from as20r1 to as100r1should traverse the transit as
AS20
AS100
G LAS30
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� let’s check whether things work...
as20r1:~# ping 100.0.0.1as20r1:~# ping 100.0.0.1as20r1:~# ping 100.0.0.1as20r1:~# ping 100.0.0.1PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.From 11.0.0.5 icmp_seq=1 Time to live exceededFrom 11.0.0.5 icmp_seq=1 Time to live exceededFrom 11.0.0.5 icmp_seq=1 Time to live exceededFrom 11.0.0.5 icmp_seq=1 Time to live exceededFrom 11.0.0.5 icmp_seq=2 Time to live exceededFrom 11.0.0.5 icmp_seq=2 Time to live exceededFrom 11.0.0.5 icmp_seq=2 Time to live exceededFrom 11.0.0.5 icmp_seq=2 Time to live exceeded
------------ 100.0.0.1 ping statistics 100.0.0.1 ping statistics 100.0.0.1 ping statistics 100.0.0.1 ping statistics ------------2 packets transmitted, 0 received, +2 errors, 100% packet loss, 2 packets transmitted, 0 received, +2 errors, 100% packet loss, 2 packets transmitted, 0 received, +2 errors, 100% packet loss, 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1010mstime 1010mstime 1010mstime 1010ms
as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packetssss1 12.0.0.1 (12.0.0.1) 0 ms 0 ms 0 ms1 12.0.0.1 (12.0.0.1) 0 ms 0 ms 0 ms1 12.0.0.1 (12.0.0.1) 0 ms 0 ms 0 ms1 12.0.0.1 (12.0.0.1) 0 ms 0 ms 0 ms2 11.0.0.5 (11.0.0.5) 0 ms 0 ms 0 ms2 11.0.0.5 (11.0.0.5) 0 ms 0 ms 0 ms2 11.0.0.5 (11.0.0.5) 0 ms 0 ms 0 ms2 11.0.0.5 (11.0.0.5) 0 ms 0 ms 0 ms3 12.0.0.1 (12.0.0.1) 0 ms 1 ms 8 ms3 12.0.0.1 (12.0.0.1) 0 ms 1 ms 8 ms3 12.0.0.1 (12.0.0.1) 0 ms 1 ms 8 ms3 12.0.0.1 (12.0.0.1) 0 ms 1 ms 8 ms4 11.0.0.5 (11.0.0.5) 1 ms 1 ms 0 ms4 11.0.0.5 (11.0.0.5) 1 ms 1 ms 0 ms4 11.0.0.5 (11.0.0.5) 1 ms 1 ms 0 ms4 11.0.0.5 (11.0.0.5) 1 ms 1 ms 0 ms5 * 12.0.0.1 (12.0.0.1) 1 ms 1 ms5 * 12.0.0.1 (12.0.0.1) 1 ms 1 ms5 * 12.0.0.1 (12.0.0.1) 1 ms 1 ms5 * 12.0.0.1 (12.0.0.1) 1 ms 1 ms6 11.0.0.5 (11.0.0.5) 1 ms 1 ms *6 11.0.0.5 (11.0.0.5) 1 ms 1 ms *6 11.0.0.5 (11.0.0.5) 1 ms 1 ms *6 11.0.0.5 (11.0.0.5) 1 ms 1 ms *7 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms7 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms7 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms7 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms8 11.0.0.5 (11.0.0.5) 1 ms 1 ms 1 ms8 11.0.0.5 (11.0.0.5) 1 ms 1 ms 1 ms8 11.0.0.5 (11.0.0.5) 1 ms 1 ms 1 ms8 11.0.0.5 (11.0.0.5) 1 ms 1 ms 1 ms
████
as20r1as20r1
© Computer Networks Research Group Roma Tre
these are symptoms of a forwarding loop!!
these are symptoms of a forwarding loop!!
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� same test from as10rt2
as10rt2:~# ping 100.0.0.1as10rt2:~# ping 100.0.0.1as10rt2:~# ping 100.0.0.1as10rt2:~# ping 100.0.0.1PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.From 11.0.0.5: icmp_seq=2 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=2 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=2 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=2 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=3 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=3 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=3 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=3 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=5 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=5 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=5 Redirect Host(New nexthop: 11.0.0.6)From 11.0.0.5: icmp_seq=5 Redirect Host(New nexthop: 11.0.0.6)
------------ 100.0.0.1 ping statistics 100.0.0.1 ping statistics 100.0.0.1 ping statistics 100.0.0.1 ping statistics ------------5 packets transmitted, 0 received, 100% packet loss, time 4016ms5 packets transmitted, 0 received, 100% packet loss, time 4016ms5 packets transmitted, 0 received, 100% packet loss, time 4016ms5 packets transmitted, 0 received, 100% packet loss, time 4016ms
as10rt2:~# as10rt2:~# as10rt2:~# as10rt2:~# ████
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� motivating the loop
as10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdzebraTrying 127.0.0.1...zebraTrying 127.0.0.1...zebraTrying 127.0.0.1...zebraTrying 127.0.0.1...Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.............as10rt2as10rt2as10rt2as10rt2----ripd> show ip ripripd> show ip ripripd> show ip ripripd> show ip ripCodes: R Codes: R Codes: R Codes: R ---- RIP, C RIP, C RIP, C RIP, C ---- connected, O connected, O connected, O connected, O ---- OSPF, B OSPF, B OSPF, B OSPF, B ---- BGPBGPBGPBGP
(n) (n) (n) (n) ---- normal, (s) normal, (s) normal, (s) normal, (s) ---- static, (d) static, (d) static, (d) static, (d) ---- default, (r) default, (r) default, (r) default, (r) ---- redistribute,redistribute,redistribute,redistribute,(i) (i) (i) (i) ---- interfaceinterfaceinterfaceinterface
Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From TimeTimeTimeTimeR(n) 1.1.1.1/32 11.0.0.5 4 11.0.0.5 R(n) 1.1.1.1/32 11.0.0.5 4 11.0.0.5 R(n) 1.1.1.1/32 11.0.0.5 4 11.0.0.5 R(n) 1.1.1.1/32 11.0.0.5 4 11.0.0.5 02:4302:4302:4302:43............B(r) 100.0.0.0/8 12.0.0.6 1 selfB(r) 100.0.0.0/8 12.0.0.6 1 selfB(r) 100.0.0.0/8 12.0.0.6 1 selfB(r) 100.0.0.0/8 12.0.0.6 1 selfas10rt2as10rt2as10rt2as10rt2----ripd> ripd> ripd> ripd> ████
as10rt2as10rt2
as10rt2 is redistributing (r ) into rip the route it has
learned via ibgp (B)
as10rt2 is redistributing (r ) into rip the route it has
learned via ibgp (B) internal routers choose the shortest path to 100.0.0.0/8
internal routers choose the shortest path to 100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� how to fix?
� tell rip not to inject information learned by ibgp
I am an egress!
I am an egress!
I am an egress!
I am an egress!
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� how to fix?
� tell rip not to inject information learned by ibgp� cisco (and juniper) say:
By default, iBGP redistribution into IGP is disabled. To enable redistribution of iBGP routes into IGP, issue thebgp redistribute-internal command. Precautions should be taken to redistribute specific routes using route maps into IGP.Note: Redistributing internal Border Gateway Protocol (iBGP) routes into an Interior Gateway Protocol may cause routing loops within the Autonomous System (AS). This is not recommended. Route filters should be set to control the information which is imported into the IGP.http://supportwiki.cisco.com/ViewWiki/index.php/Unable_to_redistribute_iBGP_learnt_routes_into_an_IGP_such_as_EIGRP,_OSPF,_and_IS-IS
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� how to fix?
� tell rip not to inject information learned by ibgp
� how to tell?
� no way in zebra to say “redistribute ebgp”but...
� ...route-map s can be applied on redistributed routes
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� fixing the loop
� restart zebra by typing/etc/init.d/zebra restart
as10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdTrying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.............as10rt2as10rt2as10rt2as10rt2----ripd> enableripd> enableripd> enableripd> enableas10rt2as10rt2as10rt2as10rt2----ripd# configure terminalripd# configure terminalripd# configure terminalripd# configure terminalas10rt2as10rt2as10rt2as10rt2----ripd(config)# ip prefixripd(config)# ip prefixripd(config)# ip prefixripd(config)# ip prefix----list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32as10rt2as10rt2as10rt2as10rt2----ripd(config)# routeripd(config)# routeripd(config)# routeripd(config)# route----map eBGP permit 10map eBGP permit 10map eBGP permit 10map eBGP permit 10as10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----routerouterouteroute----map)# match ip nextmap)# match ip nextmap)# match ip nextmap)# match ip next----hop prefixhop prefixhop prefixhop prefix----list myNeighborslist myNeighborslist myNeighborslist myNeighborsas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----routerouterouteroute----map)# exitmap)# exitmap)# exitmap)# exitas10rt2as10rt2as10rt2as10rt2----ripd(config)# router ripripd(config)# router ripripd(config)# router ripripd(config)# router ripas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# no redistribute bgprouter)# no redistribute bgprouter)# no redistribute bgprouter)# no redistribute bgpas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# redistribute bgp routerouter)# redistribute bgp routerouter)# redistribute bgp routerouter)# redistribute bgp route----map eBGPmap eBGPmap eBGPmap eBGPas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# write filerouter)# write filerouter)# write filerouter)# write file
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: playing with the backup
� fixing the loop
� restart zebra by typing/etc/init.d/zebra restart
as10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdas10rt2:~# telnet localhost ripdTrying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Connected to as10rt2.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.............as10rt2as10rt2as10rt2as10rt2----ripd> enableripd> enableripd> enableripd> enableas10rt2as10rt2as10rt2as10rt2----ripd# configure terminalripd# configure terminalripd# configure terminalripd# configure terminalas10rt2as10rt2as10rt2as10rt2----ripd(config)# ip prefixripd(config)# ip prefixripd(config)# ip prefixripd(config)# ip prefix----list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32list myNeighbors permit 12.0.0.0/30 le 32as10rt2as10rt2as10rt2as10rt2----ripd(config)# routeripd(config)# routeripd(config)# routeripd(config)# route----map eBGP permit 10map eBGP permit 10map eBGP permit 10map eBGP permit 10as10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----routerouterouteroute----map)# match ip nextmap)# match ip nextmap)# match ip nextmap)# match ip next----hop prefixhop prefixhop prefixhop prefix----list myNeighborslist myNeighborslist myNeighborslist myNeighborsas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----routerouterouteroute----map)# exitmap)# exitmap)# exitmap)# exitas10rt2as10rt2as10rt2as10rt2----ripd(config)# router ripripd(config)# router ripripd(config)# router ripripd(config)# router ripas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# no redistribute bgprouter)# no redistribute bgprouter)# no redistribute bgprouter)# no redistribute bgpas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# redistribute bgp routerouter)# redistribute bgp routerouter)# redistribute bgp routerouter)# redistribute bgp route----map eBGPmap eBGPmap eBGPmap eBGPas10rt2as10rt2as10rt2as10rt2----ripd(configripd(configripd(configripd(config----router)# write filerouter)# write filerouter)# write filerouter)# write file
as10rt2as10rt2match all the more specifics
of the 12.0.0.0/30network (next-hops are single ip addresses)
match all the more specifics of the 12.0.0.0/30network (next-hops are single ip addresses)
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: timings
� why is zebra propagating ibgp routes?
� a.k.a. “going deep into the cause of the forwarding loop”
� the cause is to be sought in the bgp redistribution into rip
� once a bgp learned route has been installed in the rip routing table, no more rip alternatives for that route are accepted by zebra
� this has some consequences
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: timings
� we now observe in detail the effect of bgp redistribution
� backtrack to the condition causing the forwarding loop
� restart the lab
� bring link H down
� timings play a crucial role in triggering the forwarding loop
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
12. 0. 0. 4/ 303. 3. 3. 3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
12. 0. 0. 4/ 303. 3. 3. 3
12.0.0.4/303.3.3.3
rip
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
12. 0. 0. 4/ 303. 3. 3. 3
12.0.0.4/303.3.3.3
rip
12. 0. 0. 4/ 30
3. 3. 3. 3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3100.0.0.0/8
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100.0.0.0/8
as10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebra............Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8
Known via "bgp", distance 200, metric 0, bestKnown via "bgp", distance 200, metric 0, bestKnown via "bgp", distance 200, metric 0, bestKnown via "bgp", distance 200, metric 0, bestLast update 02:39:10 agoLast update 02:39:10 agoLast update 02:39:10 agoLast update 02:39:10 ago* 12.0.0.6, recursive via 11.0.0.5, eth1* 12.0.0.6, recursive via 11.0.0.5, eth1* 12.0.0.6, recursive via 11.0.0.5, eth1* 12.0.0.6, recursive via 11.0.0.5, eth1
Router> Router> Router> Router> ████
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8 100. 0. 0. 0/ 8
100.0.0.0/8
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgpwins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8 100. 0. 0. 0/ 8
100.0.0.0/8
•redistributes the route learned via ibgp
•does not receive the rip alternative
•redistributes the route learned via ibgp
•does not receive the rip alternative
selects the shortest path to 100.0.0.0/8 via as10rt2
selects the shortest path to 100.0.0.0/8 via as10rt2
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
12. 0. 0. 4/ 303. 3. 3. 3
12.0.0.4/303.3.3.3
rip
12. 0. 0. 4/ 30
3. 3. 3. 3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8as10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebra............Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8
Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Last update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 ago
12.0.0.612.0.0.612.0.0.612.0.0.6
Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Known via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 ago* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1
Router> Router> Router> Router> ████
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8as10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebra............Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8
Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Last update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 ago
12.0.0.612.0.0.612.0.0.612.0.0.6
Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Known via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 ago* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1
Router> Router> Router> Router> ████
as10rt2as10rt2
as10rt2 has learned both
alternatives but prefers using rip information
as10rt2 has learned both
alternatives but prefers using rip information
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip wins the race
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8as10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebra............Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Router> show ip route 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8
Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Known via "bgp", distance 200, metric 0Last update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 agoLast update 00:00:35 ago
12.0.0.612.0.0.612.0.0.612.0.0.6
Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Routing entry for 100.0.0.0/8Known via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestKnown via "rip", distance 120, metric 4, bestLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 agoLast update 00:01:16 ago* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1* 11.0.0.5, via eth1
Router> Router> Router> Router> ████
as10rt2as10rt2in this case there is no forwarding loop
in this case there is no forwarding loop
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
administrative distance� if different routing protocols propose alternatives for the same route, zebra picks the best route based on an administrative distance value
as10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebraas10rt2:~# telnet localhost zebra............Router> show ip routeRouter> show ip routeRouter> show ip routeRouter> show ip route............B 12.0.0.4/30 [200/0] via 3.3.3.3, 00:01:01B 12.0.0.4/30 [200/0] via 3.3.3.3, 00:01:01B 12.0.0.4/30 [200/0] via 3.3.3.3, 00:01:01B 12.0.0.4/30 [200/0] via 3.3.3.3, 00:01:01R>* 12.0.0.4/30 [120/4] via 11.0.0.5, eth1, 00:01:05R>* 12.0.0.4/30 [120/4] via 11.0.0.5, eth1, 00:01:05R>* 12.0.0.4/30 [120/4] via 11.0.0.5, eth1, 00:01:05R>* 12.0.0.4/30 [120/4] via 11.0.0.5, eth1, 00:01:05B>* 12.0.0.8/30 [20/0] via 12.0.0.2, eth0, 00:00:55B>* 12.0.0.8/30 [20/0] via 12.0.0.2, eth0, 00:00:55B>* 12.0.0.8/30 [20/0] via 12.0.0.2, eth0, 00:00:55B>* 12.0.0.8/30 [20/0] via 12.0.0.2, eth0, 00:00:55B 12.0.0.12/30 [200/0] via 12.0.0.6, 00:00:51B 12.0.0.12/30 [200/0] via 12.0.0.6, 00:00:51B 12.0.0.12/30 [200/0] via 12.0.0.6, 00:00:51B 12.0.0.12/30 [200/0] via 12.0.0.6, 00:00:51R>* 12.0.0.12/30 [120/4] via 11.0.0.5, eth1, 00:00:52R>* 12.0.0.12/30 [120/4] via 11.0.0.5, eth1, 00:00:52R>* 12.0.0.12/30 [120/4] via 11.0.0.5, eth1, 00:00:52R>* 12.0.0.12/30 [120/4] via 11.0.0.5, eth1, 00:00:52████
as10rt2as10rt2
[200/0] [200/0] [200/0] [200/0] [200/0] [200/0] [200/0] [200/0]
administrative distance
administrative distance
protocol metricprotocol metric
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
administrative distance
zebra routing tablezebra routing table
bgp routing tablebgp routing table
best
rip routing tablerip routing table
best
best
kernel routing tablekernel routing table
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
administrative distance
� some default values
� ebgp: 20
� rip: 120
� ibgp: 200
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
still about timings
� note: even after setting seasonable route-map s to avoid redistribution of ibgp into rip, as10rt2 may still select the bgp alternative depending on the timings
� see next slides...
� the forwarding loop is however prevented
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 1: bgp still wins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
case 1: bgp still wins the race
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3100.0.0.0/8
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
case 1: bgp still wins the race
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3100.0.0.0/8
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
case 1: bgp still wins the race
at this point as10rt2permanently* selects the bgp alternative...
at this point as10rt2permanently* selects the bgp alternative...
100.0.0.0/8 is marked as B(r) in as10rt2 ’s rip routing table(despite the route-map that avoids redistributing ibgp)
100.0.0.0/8 is marked as B(r) in as10rt2 ’s rip routing table(despite the route-map that avoids redistributing ibgp)
* “permanently” because the mark B(r) prevents rip from accepting future announcements about 100.0.0.0/8
* “permanently” because the mark B(r) prevents rip from accepting future announcements about 100.0.0.0/8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8
case 1: bgp still wins the race
...but does notredistribute it into rip
...but does notredistribute it into rip
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
case 2: rip still wins the race
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
100.0.0.0/8
case 2: rip still wins the race
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
case 2: rip still wins the race
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
case 2: rip still wins the race
at this point as10rt2 has learned the rip alternative
at this point as10rt2 has learned the rip alternative
100.0.0.0/8 is marked as R(n) in as10rt2 ’s rip routing table
100.0.0.0/8 is marked as R(n) in as10rt2 ’s rip routing table
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8
case 2: rip still wins the race
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
A
DE
FB C
eth02H I
eth06
eth05
M
100.0.0.0/8
12.0.0.0/30 12.0.0.4/30
eth01
G L
© Computer Networks Research Group Roma Tre
lo2.2.2.2
lo3.3.3.3
rip
bgp
100. 0. 0. 0/ 8
100.0.0.0/8
100. 0. 0. 0/ 8
100.0.0.0/8
case 2: rip still wins the race
now as10rt2 knows both alternatives and
selects rip
now as10rt2 knows both alternatives and
selects rip
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
timings may be treacherous
� there is nothing bad in choosing bgp rather than rip... or not?
� remember: if a bgp next-hop has been learned via bgp, the corresponding route is not selected in the routing table
� if a router picks from bgp some route containing a bgp next-hop to a network, that network becomes unreachable!
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
timings may be treacherous
� example� as10rt2 uses the bgp next-hop 12.0.0.6to reach 100.0.0.0/8
� as10rt2 might learn 12.0.0.4/30 via ibgp before learning it via rip� in this case, the rip alternative is never taken into account
� let’s see what happens in this case...
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
timings may be treacherous
� the outcome of this adverse timing is really undesirable
as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packetssss1 sendto: Network is unreachable1 sendto: Network is unreachable1 sendto: Network is unreachable1 sendto: Network is unreachable████
as20r1as20r1
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
timings may be treacherous
� solutions?
� filtering� do not announce the demarcation zone in ibgp
� do not accept incoming bgp announcements for the demarcation zone
� ...or simply do not announce the demarcation zone in bgp at all
� avoid redistributing bgp� knowing something via bgp masks any rip alternative when redistribute bgp is used
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
conclusions
� never (ever!) inject ibgp into rip
� routing table overgrowth
� update churn
� very bad interactions with unfortunate timings
� routing policies may break routing consistency� forwarding loop
Università degli Studi Roma TreDipartimento di Informatica e AutomazioneComputer Networks Research Group
choice 2
overlay
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
overlay
� ebgp is not redistributed into the igp
� smaller routing tables
� less igp churn
� ebgp next hops are reached via a direct link (tunnel)
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
(don’t forget) internal customers!
� border routers inject a statically configured default route in the igp
� ensure reachability of the external world
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as
� stop the current lab
� start the tunnel lab
user@localhost:user@localhost:user@localhost:user@localhost:~$ ~$ ~$ ~$ cd netkitcd netkitcd netkitcd netkit----lab_bgplab_bgplab_bgplab_bgp----transittransittransittransit----asasasas----forwardingforwardingforwardingforwarding----looplooplooploopuser@localhost:~/netkituser@localhost:~/netkituser@localhost:~/netkituser@localhost:~/netkit----lab_bgplab_bgplab_bgplab_bgp----transittransittransittransit----asasasas----forwardingforwardingforwardingforwarding----loop$ lcrash loop$ lcrash loop$ lcrash loop$ lcrash ████
host machinehost machine
user@localhost:user@localhost:user@localhost:user@localhost:~$ ~$ ~$ ~$ cd netkitcd netkitcd netkitcd netkit----lab_bgplab_bgplab_bgplab_bgp----transittransittransittransit----asasasas----tunneltunneltunneltunnel----ipipipipipipipipuser@localhost:~/netkituser@localhost:~/netkituser@localhost:~/netkituser@localhost:~/netkit----lab_bgplab_bgplab_bgplab_bgp----transittransittransittransit----asasasas----tunneltunneltunneltunnel----ipip$ lstart ipip$ lstart ipip$ lstart ipip$ lstart ████
host machinehost machine
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
12.0.0.y
11.0.0.x
10.0.0.w
AS10
AS20 AS30
AS100
13.0.0.z
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
© Computer Networks Research Group Roma Tre
0.0.0.0/0
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
13.0.0.0/3013.0.0.4/30
eth02
AS10
AS20 AS30
AS100
eth01
A 11.0.0.0/30
eth11
eth210
eth02
eth09
eth15
eth16 eth2
5eth1
6 eth29
eth110
D 10.0.0.8/3010.0.0.0/30 E
F
10.0.0.4/30
B
11.0.0.4/30
C
11.0.0.8/30
eth02H I
eth06
eth05
eth19
eth010
eth114
eth113
eth21
M
100.0.0.0/8
lo2.2.2.2
lo3.3.3.3
lo1.1.1.1
12.0.0.0/30 12.0.0.4/30
eth01
r2r16
r1r25
r1r32
r2r39
r3r210
r3r11
13.0.0.8/30
G L
12.0.0.12/3012.0.0.8/30
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
configuring a tunnel
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2 .2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2 .2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
configuring a tunnel
r2r3
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2. 2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
© Computer Networks Research Group Roma Tre
endpoint name(appears as a virtual interface on the router
endpoint name(appears as a virtual interface on the router
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r3
© Computer Networks Research Group Roma Tre
encapsulation type(IP in IP)
encapsulation type(IP in IP)
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2.2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r3
© Computer Networks Research Group Roma Tre
tunnel endpoints
tunnel endpoints
lo2.2.2.2
lo3.3.3.3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r3
© Computer Networks Research Group Roma Tre
tunnel interfaces are “pointopoint” ⇒default ttl is 1
tunnel interfaces are “pointopoint” ⇒default ttl is 1
lo2.2.2.2
lo3.3.3.3
as10rt2:~# ifconfig r2r3as10rt2:~# ifconfig r2r3as10rt2:~# ifconfig r2r3as10rt2:~# ifconfig r2r3r2r3 Link encap:IPIP Tunnel HWaddr r2r3 Link encap:IPIP Tunnel HWaddr r2r3 Link encap:IPIP Tunnel HWaddr r2r3 Link encap:IPIP Tunnel HWaddr
inet addr:13.0.0.9 Pinet addr:13.0.0.9 Pinet addr:13.0.0.9 Pinet addr:13.0.0.9 P----tttt----P:13.0.0.10 Mask:255.255.255.255P:13.0.0.10 Mask:255.255.255.255P:13.0.0.10 Mask:255.255.255.255P:13.0.0.10 Mask:255.255.255.255UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 MetrUP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 MetrUP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 MetrUP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 Metric:1ic:1ic:1ic:1RX packets:160 errors:0 dropped:0 overruns:0 frame:0RX packets:160 errors:0 dropped:0 overruns:0 frame:0RX packets:160 errors:0 dropped:0 overruns:0 frame:0RX packets:160 errors:0 dropped:0 overruns:0 frame:0TX packets:160 errors:4 dropped:0 overruns:0 carrier:4TX packets:160 errors:4 dropped:0 overruns:0 carrier:4TX packets:160 errors:4 dropped:0 overruns:0 carrier:4TX packets:160 errors:4 dropped:0 overruns:0 carrier:4collisions:0 txqueuelen:0 collisions:0 txqueuelen:0 collisions:0 txqueuelen:0 collisions:0 txqueuelen:0 RX bytes:8320 (8.1 KiB) TX bytes:11520 (11.2 KiB)RX bytes:8320 (8.1 KiB) TX bytes:11520 (11.2 KiB)RX bytes:8320 (8.1 KiB) TX bytes:11520 (11.2 KiB)RX bytes:8320 (8.1 KiB) TX bytes:11520 (11.2 KiB)
████
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r3
© Computer Networks Research Group Roma Tre
rip uses multicast packets
rip uses multicast packets
lo2.2.2.2
lo3.3.3.3
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r39
© Computer Networks Research Group Roma Tre
assign an ip address to the tunnel interface
assign an ip address to the tunnel interface
lo2.2.2.2
lo3.3.3.3
“13.0.0.8/30”
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r39
© Computer Networks Research Group Roma Tre
assign an ip address to the tunnel interface
assign an ip address to the tunnel interface
lo2.2.2.2
lo3.3.3.3
“13.0.0.8/30”
�note: this is a pointopoint interface
�speaking of “network”is senseless
�we do it nevertheless to simplify the graphical layout
�note: this is a pointopoint interface
�speaking of “network”is senseless
�we do it nevertheless to simplify the graphical layout
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r39
© Computer Networks Research Group Roma Tre
for a pointopoint interface we can set the address of
the other endpoint
for a pointopoint interface we can set the address of
the other endpoint
lo2.2.2.2
lo3.3.3.3
“13.0.0.8/30”
10
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
10
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r39
© Computer Networks Research Group Roma Tre
for a pointopoint interface we can set the address of
the other endpoint
for a pointopoint interface we can set the address of
the other endpoint
lo2.2.2.2
lo3.3.3.3
“13.0.0.8/30”note: failure to set the peer’s address causes rip
to be unable to recognize packets coming from the tunnel
2007/10/30 11:27:25 RIP: RECV packet from 13.0.0.10 port 520 on unknown
2007/10/30 11:27:25 RIP: packet comes from unknown interface
note: failure to set the peer’s address causes rip to be unable to recognize packets coming from the tunnel
2007/10/30 11:27:25 RIP: RECV packet from 13.0.0.10 port 520 on unknown
2007/10/30 11:27:25 RIP: packet comes from unknown interface
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
ip tunnel add r2r3 mode ipip remote 3.3.3.3 local 2.2 .2.2 ttl 10ip link set r2r3 multicast onip addr add dev r2r3 13.0.0.9 peer 13.0.0.10ifconfig r2r3 upip tunnel add r2r1 mode ipip remote 1.1.1.1 local 2 .2.2.2 ttl 10ip link set r2r1 multicast onip addr add dev r2r1 13.0.0.6 peer 13.0.0.5ifconfig r2r1 up
as10rt2 configuration
configuring a tunnel
r2r39
© Computer Networks Research Group Roma Tre
switch the tunnel interface on
switch the tunnel interface on
lo2.2.2.2
lo3.3.3.3
“13.0.0.8/30”
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
talk rip even on tunnel interfaces
talk rip even on tunnel interfaces
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
propagate a statically configured default route inside the
transit as
propagate a statically configured default route inside the
transit as
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
beware of what you say to whom
beware of what you say to whom
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� we cannot announce the tunnel’s endpoints inside the tunnel
lo3.3.3.3
lo2.2.2.2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� we cannot announce the tunnel’s endpoints inside the tunnel
� that would tear down the tunnel!
lo3.3.3.3
lo2.2.2.2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� we shouldn’t announce the tunnel’s interfaces outside the tunnel
r2r39
r3r210
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� we shouldn’t announce the tunnel’s interfaces outside the tunnel
� traffic might flow outside the tunnel
r2r39
r3r210
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
access-list s instruct rip about what to propagate
access-list s instruct rip about what to propagate
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
ebgp next hops (in this case as20r1 ) are announced
inside the tunnel
ebgp next hops (in this case as20r1 ) are announced
inside the tunnel
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
ebgp next hops (in this case as20r1 ) are not announced
outside the tunnel
ebgp next hops (in this case as20r1 ) are not announced
outside the tunnel
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
router ripredistribute connectednetwork eth1network r2r3network r2r1distribute-list externalNetworks out r2r1distribute-list externalNetworks out r2r3distribute-list internalNetworks out eth1route 0.0.0.0/0
!access-list externalNetworks permit 12.0.0.0/30access-list externalNetworks deny anyaccess-list internalNetworks deny 13.0.0.0/24access-list internalNetworks deny 12.0.0.0/24access-list internalNetworks permit any
as10rt2 ripd configuration
note: the same routing behavior could be obtained using static routes
note: the same routing behavior could be obtained using static routes
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing� check the zebra routing table on as10rt3
Router> show ip routeRouter> show ip routeRouter> show ip routeRouter> show ip routeCodes: K Codes: K Codes: K Codes: K ---- kernel route, C kernel route, C kernel route, C kernel route, C ---- connected, S connected, S connected, S connected, S ---- static, R static, R static, R static, R ---- RIP, O RIP, O RIP, O RIP, O ---- OSPF,OSPF,OSPF,OSPF,
B B B B ---- BGP, > BGP, > BGP, > BGP, > ---- selected route, * selected route, * selected route, * selected route, * ---- FIB routeFIB routeFIB routeFIB route
R>* 1.1.1.1/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 1.1.1.1/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 1.1.1.1/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 1.1.1.1/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 2.2.2.2/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 2.2.2.2/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 2.2.2.2/32 [120/4] via 11.0.0.9, eth1, 03:27:03R>* 2.2.2.2/32 [120/4] via 11.0.0.9, eth1, 03:27:03C>* 3.3.3.3/32 is directly connected, loC>* 3.3.3.3/32 is directly connected, loC>* 3.3.3.3/32 is directly connected, loC>* 3.3.3.3/32 is directly connected, loR>* 10.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.4/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.4/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.4/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.4/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.8/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.8/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.8/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 10.0.0.8/30 [120/2] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.0/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.4/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.4/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.4/30 [120/3] via 11.0.0.9, eth1, 03:27:03R>* 11.0.0.4/30 [120/3] via 11.0.0.9, eth1, 03:27:03C>* 11.0.0.8/30 is directly connected, eth1C>* 11.0.0.8/30 is directly connected, eth1C>* 11.0.0.8/30 is directly connected, eth1C>* 11.0.0.8/30 is directly connected, eth1R>* 12.0.0.0/30 [120/2] via 13.0.0.9, r3r2, 03:26:44R>* 12.0.0.0/30 [120/2] via 13.0.0.9, r3r2, 03:26:44R>* 12.0.0.0/30 [120/2] via 13.0.0.9, r3r2, 03:26:44R>* 12.0.0.0/30 [120/2] via 13.0.0.9, r3r2, 03:26:44B 12.0.0.0/30 [200/0] via 2.2.2.2, recursive via 11.0.0.9, ethB 12.0.0.0/30 [200/0] via 2.2.2.2, recursive via 11.0.0.9, ethB 12.0.0.0/30 [200/0] via 2.2.2.2, recursive via 11.0.0.9, ethB 12.0.0.0/30 [200/0] via 2.2.2.2, recursive via 11.0.0.9, eth1, 03:26:581, 03:26:581, 03:26:581, 03:26:58C>* 12.0.0.4/30 is directly connected, eth0C>* 12.0.0.4/30 is directly connected, eth0C>* 12.0.0.4/30 is directly connected, eth0C>* 12.0.0.4/30 is directly connected, eth0B>* 12.0.0.8/30 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3B>* 12.0.0.8/30 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3B>* 12.0.0.8/30 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3B>* 12.0.0.8/30 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3r2, 03:26:38r2, 03:26:38r2, 03:26:38r2, 03:26:38B>* 12.0.0.12/30 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 12.0.0.12/30 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 12.0.0.12/30 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 12.0.0.12/30 [20/0] via 12.0.0.6, eth0, 03:26:24C>* 13.0.0.2/32 is directly connected, r3r1C>* 13.0.0.2/32 is directly connected, r3r1C>* 13.0.0.2/32 is directly connected, r3r1C>* 13.0.0.2/32 is directly connected, r3r1C>* 13.0.0.9/32 is directly connected, r3r2C>* 13.0.0.9/32 is directly connected, r3r2C>* 13.0.0.9/32 is directly connected, r3r2C>* 13.0.0.9/32 is directly connected, r3r2B>* 20.0.0.0/8 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3rB>* 20.0.0.0/8 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3rB>* 20.0.0.0/8 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3rB>* 20.0.0.0/8 [200/0] via 12.0.0.2, recursive via 13.0.0.9, r3r2, 03:26:382, 03:26:382, 03:26:382, 03:26:38B>* 30.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 30.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 30.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 30.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 100.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 100.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 100.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24B>* 100.0.0.0/8 [20/0] via 12.0.0.6, eth0, 03:26:24C>* 127.0.0.0/8 is directly connected, loC>* 127.0.0.0/8 is directly connected, loC>* 127.0.0.0/8 is directly connected, loC>* 127.0.0.0/8 is directly connected, lo
as10rt3as10rt3
© Computer Networks Research Group Roma Tre
destinations routed through the tunnel
destinations routed through the tunnel
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� as10rt2 prefers the egress point as10rt3
as10rt2:~# traceroute as10rt2:~# traceroute as10rt2:~# traceroute as10rt2:~# traceroute ----s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, 40 40 40 40 byte packetsbyte packetsbyte packetsbyte packets1 13.0.0.10 (13.0.0.10) 3 ms 3 ms 2 ms1 13.0.0.10 (13.0.0.10) 3 ms 3 ms 2 ms1 13.0.0.10 (13.0.0.10) 3 ms 3 ms 2 ms1 13.0.0.10 (13.0.0.10) 3 ms 3 ms 2 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms
as10rt2as10rt2
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� as10rt2 prefers the egress point as10rt3
� now as10rt3 is directly reached via the tunnel
as10rt2:~# traceroute as10rt2:~# traceroute as10rt2:~# traceroute as10rt2:~# traceroute ----s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1s 12.0.0.1 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, traceroute to 100.0.0.1 (100.0.0.1) from 12.0.0.1, 64 hops max, 40 40 40 40 byte packetsbyte packetsbyte packetsbyte packets1 1 1 1 13.0.0.1013.0.0.1013.0.0.1013.0.0.10 (13.0.0.10) 3 ms 3 ms 2 ms(13.0.0.10) 3 ms 3 ms 2 ms(13.0.0.10) 3 ms 3 ms 2 ms(13.0.0.10) 3 ms 3 ms 2 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms2 12.0.0.6 (12.0.0.6) 2 ms 4 ms 5 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms3 100.0.0.1 (100.0.0.1) 2 ms 2 ms 2 ms
as10rt2as10rt2
did we already mention you should use a source address
that is reachable from outside the transit as?
did we already mention you should use a source address
that is reachable from outside the transit as?
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing
� a look outside the tunnel
as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 as10rt2:~# ip link show eth0as10rt2:~# ip link show eth0as10rt2:~# ip link show eth0as10rt2:~# ip link show eth01: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000100010001000
link/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:ffas10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r37: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc noqueue queue queue queue
link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3as10rt2:~# as10rt2:~# as10rt2:~# as10rt2:~# ████
as10rt2as10rt2
the tunnel is activethe tunnel is active
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3as10rt2:~# ip tunnel show r2r3r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 r2r3: ip/ip remote 3.3.3.3 local 2.2.2.2 ttl 10 as10rt2:~# ip link show eth0as10rt2:~# ip link show eth0as10rt2:~# ip link show eth0as10rt2:~# ip link show eth01: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000100010001000
link/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:fflink/ether fe:fd:0c:00:00:01 brd ff:ff:ff:ff:ff:ffas10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r3as10rt2:~# ip link show r2r37: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc no7: r2r3@NONE: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1480 qdisc noqueue queue queue queue
link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3link/ipip 2.2.2.2 peer 3.3.3.3as10rt2:~# as10rt2:~# as10rt2:~# as10rt2:~# ████
as10rt2as10rt2
tunnels and routing
� a look outside the tunnel
the tunnel’s mtu is 20 bytes smaller because of the
additional ip header
the tunnel’s mtu is 20 bytes smaller because of the
additional ip header
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing� a look inside the tunnel
as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping ----I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms████
as10rt2as10rt2
as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump ----i eth1i eth1i eth1i eth1tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use ----v or v or v or v or ----vv for full protocol vv for full protocol vv for full protocol vv for full protocol decodedecodedecodedecodelistening on eth1, linklistening on eth1, linklistening on eth1, linklistening on eth1, link----type EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytes14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip----protoprotoprotoproto----4)4)4)4)14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip----protoprotoprotoproto----4)4)4)4)████
as10r5as10r5
packets are encapsulated
packets are encapsulated
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing� a look inside the tunnel
as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping ----I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms████
as10rt2as10rt2
as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump ----i eth1i eth1i eth1i eth1tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use ----v or v or v or v or ----vv for full protocol vv for full protocol vv for full protocol vv for full protocol decodedecodedecodedecodelistening on eth1, linklistening on eth1, linklistening on eth1, linklistening on eth1, link----type EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytes14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip----protoprotoprotoproto----4)4)4)4)14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip----protoprotoprotoproto----4)4)4)4)████
as10r5as10r5
outer ip addresses correspond to the tunnel endpoints
outer ip addresses correspond to the tunnel endpoints
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
tunnels and routing� a look inside the tunnel
as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping as10rt2:~# ping ----I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1I 12.0.0.1 100.0.0.1PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.PING 100.0.0.1 (100.0.0.1) from 12.0.0.1 : 56(84) bytes of data.64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=1 ttl=63 time=1.43 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms64 bytes from 100.0.0.1: icmp_seq=3 ttl=63 time=1.41 ms████
as10rt2as10rt2
as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump as10r5:~# tcpdump ----i eth1i eth1i eth1i eth1tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use tcpdump: verbose output suppressed, use ----v or v or v or v or ----vv for full protocol vv for full protocol vv for full protocol vv for full protocol decodedecodedecodedecodelistening on eth1, linklistening on eth1, linklistening on eth1, linklistening on eth1, link----type EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytestype EN10MB (Ethernet), capture size 96 bytes14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:30.602023 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip64: echo request seq 27 (ipip----protoprotoprotoproto----4)4)4)4)14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: i14:58:31.612680 IP 2.2.2.2 > 3.3.3.3: IP 12.0.0.1 > 100.0.0.1: icmp cmp cmp cmp 64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip64: echo request seq 28 (ipip----protoprotoprotoproto----4)4)4)4)████
as10r5as10r5
inner ip addresses correspond to the real source and destination
inner ip addresses correspond to the real source and destination
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: routing tables
as10r6as10r6as10r6as10r6----ripd> show ip ripripd> show ip ripripd> show ip ripripd> show ip ripCodes: R Codes: R Codes: R Codes: R ---- RIP, C RIP, C RIP, C RIP, C ---- connected, O connected, O connected, O connected, O ---- OSPF, B OSPF, B OSPF, B OSPF, B ---- BGPBGPBGPBGP
(n) (n) (n) (n) ---- normal, (s) normal, (s) normal, (s) normal, (s) ---- static, (d) static, (d) static, (d) static, (d) ---- default, (r) default, (r) default, (r) default, (r) ---- redistribute,redistribute,redistribute,redistribute,(i) (i) (i) (i) ---- interfaceinterfaceinterfaceinterface
Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From TimeTimeTimeTimeR(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 02:4802:4802:4802:48R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 02:5902:5902:5902:59R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 02:4902:4902:4902:49R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 02:4802:4802:4802:48R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 02:4902:4902:4902:49C(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfR(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5902:5902:5902:59R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 02:4902:4902:4902:49C(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfas10r6as10r6as10r6as10r6----ripd> ripd> ripd> ripd> ████
as10r6as10r6
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
transit as: routing tables
as10r6as10r6as10r6as10r6----ripd> show ip ripripd> show ip ripripd> show ip ripripd> show ip ripCodes: R Codes: R Codes: R Codes: R ---- RIP, C RIP, C RIP, C RIP, C ---- connected, O connected, O connected, O connected, O ---- OSPF, B OSPF, B OSPF, B OSPF, B ---- BGPBGPBGPBGP
(n) (n) (n) (n) ---- normal, (s) normal, (s) normal, (s) normal, (s) ---- static, (d) static, (d) static, (d) static, (d) ---- default, (r) default, (r) default, (r) default, (r) ---- redistribute,redistribute,redistribute,redistribute,(i) (i) (i) (i) ---- interfaceinterfaceinterfaceinterface
Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From Network Next Hop Metric From TimeTimeTimeTimeR(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 R(n) 0.0.0.0/0 11.0.0.10 2 11.0.0.10 02:4802:4802:4802:48R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 R(n) 1.1.1.1/32 10.0.0.10 3 10.0.0.10 02:5902:5902:5902:59R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 R(n) 2.2.2.2/32 10.0.0.5 3 10.0.0.5 02:4902:4902:4902:49R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 R(n) 3.3.3.3/32 11.0.0.10 2 11.0.0.10 02:4802:4802:4802:48R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 R(n) 10.0.0.0/30 10.0.0.5 2 10.0.0.5 02:4902:4902:4902:49C(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.4/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfC(i) 10.0.0.8/30 0.0.0.0 1 selfR(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 R(n) 11.0.0.0/30 10.0.0.10 2 10.0.0.10 02:5902:5902:5902:59R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 R(n) 11.0.0.4/30 10.0.0.5 2 10.0.0.5 02:4902:4902:4902:49C(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfC(i) 11.0.0.8/30 0.0.0.0 1 selfas10r6as10r6as10r6as10r6----ripd> ripd> ripd> ripd> ████
as10r6as10r6
injecting a default route from the border routers reduces the size of the routing tables of internal routers
injecting a default route from the border routers reduces the size of the routing tables of internal routers
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdas20r1:~# telnet localhost bgpdTrying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Trying 127.0.0.1...Connected to as20r1.Connected to as20r1.Connected to as20r1.Connected to as20r1.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.Escape character is '^]'.
Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).Hello, this is zebra (version 0.94).............as20r1as20r1as20r1as20r1----bgpd> enable bgpd> enable bgpd> enable bgpd> enable as20r1as20r1as20r1as20r1----bgpd# configure terminal bgpd# configure terminal bgpd# configure terminal bgpd# configure terminal as20r1as20r1as20r1as20r1----bgpd(config)# router bgp 20bgpd(config)# router bgp 20bgpd(config)# router bgp 20bgpd(config)# router bgp 20as20r1as20r1as20r1as20r1----bgpd(configbgpd(configbgpd(configbgpd(config----router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown router)# neighbor 12.0.0.10 shutdown ████
as20r1as20r1
transit as: playing with the backup
� let’s bring as100 ’s primary link down (again!)� expected result: traffic from as20r1 to as100r1should traverse the transit as
AS20
AS100
G LAS30
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packetssss1 12.0.0.1 (12.0.0.1) 2 ms 2 ms 1 ms1 12.0.0.1 (12.0.0.1) 2 ms 2 ms 1 ms1 12.0.0.1 (12.0.0.1) 2 ms 2 ms 1 ms1 12.0.0.1 (12.0.0.1) 2 ms 2 ms 1 ms2 13.0.0.10 (13.0.0.10) 2 ms 3 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 3 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 3 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 3 ms 2 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms4 100.0.0.1 (100.0.0.1) 3 ms 3 ms 3 ms4 100.0.0.1 (100.0.0.1) 3 ms 3 ms 3 ms4 100.0.0.1 (100.0.0.1) 3 ms 3 ms 3 ms4 100.0.0.1 (100.0.0.1) 3 ms 3 ms 3 msas20r1:~# as20r1:~# as20r1:~# as20r1:~# ████
as20r1as20r1
transit as: playing with the backup
� wait for the routing to converge
� fingers crossed...
� check the reachability of 100.0.0.0/8
� traffic is now traversing the transit as!
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
© Computer Networks Research Group Roma Treactual traffic path
path seen by routers
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
as10r5:~# ifconfig eth2 downas10r5:~# ifconfig eth2 downas10r5:~# ifconfig eth2 downas10r5:~# ifconfig eth2 down
as10r5:~# traceroute 10.0.0.6as10r5:~# traceroute 10.0.0.6as10r5:~# traceroute 10.0.0.6as10r5:~# traceroute 10.0.0.6traceroute to 10.0.0.6 (10.0.0.6), 64 hops max, 40 byte packetstraceroute to 10.0.0.6 (10.0.0.6), 64 hops max, 40 byte packetstraceroute to 10.0.0.6 (10.0.0.6), 64 hops max, 40 byte packetstraceroute to 10.0.0.6 (10.0.0.6), 64 hops max, 40 byte packets1 10.0.0.1 (10.0.0.1) 1 ms 1 ms 1 ms1 10.0.0.1 (10.0.0.1) 1 ms 1 ms 1 ms1 10.0.0.1 (10.0.0.1) 1 ms 1 ms 1 ms1 10.0.0.1 (10.0.0.1) 1 ms 1 ms 1 ms2 10.0.0.6 (10.0.0.6) 1 ms 2 ms 2 ms2 10.0.0.6 (10.0.0.6) 1 ms 2 ms 2 ms2 10.0.0.6 (10.0.0.6) 1 ms 2 ms 2 ms2 10.0.0.6 (10.0.0.6) 1 ms 2 ms 2 msas10r5:~# as10r5:~# as10r5:~# as10r5:~# ████
as10r5as10r5
transit as: “rubbery” tunnels
� breaking an internal link does not tear the tunnels down
� (as long as the transit as is not partitioned)
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
AS10
AS20 AS30
AS100
© Computer Networks Research Group Roma Tre
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
� wait for the routing to converge
� be really patient
� check the reachability of 100.0.0.0/8
� traffic is still able to traverse the transit as
as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1as20r1:~# traceroute 100.0.0.1traceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packettraceroute to 100.0.0.1 (100.0.0.1), 64 hops max, 40 byte packetssss1 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms1 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms1 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms1 12.0.0.1 (12.0.0.1) 1 ms 1 ms 1 ms2 13.0.0.10 (13.0.0.10) 2 ms 4 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 4 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 4 ms 2 ms2 13.0.0.10 (13.0.0.10) 2 ms 4 ms 2 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms3 12.0.0.6 (12.0.0.6) 3 ms 3 ms 3 ms4 100.0.0.1 (100.0.0.1) 6 ms 3 ms 4 ms4 100.0.0.1 (100.0.0.1) 6 ms 3 ms 4 ms4 100.0.0.1 (100.0.0.1) 6 ms 3 ms 4 ms4 100.0.0.1 (100.0.0.1) 6 ms 3 ms 4 msas20r1:~# as20r1:~# as20r1:~# as20r1:~# ████
as20r1as20r1
transit as: “rubbery” tunnels
last update: Jan 2009netkit – [ lab: bgp-transit-as ]© Computer Networks Research Group Roma Tre
conclusions
� an overlay network is better� smaller routing tables on internal routers� less churn� predictable interplay between igp and egp
� sample implementation: tunnels� directed to the egress points
� support internal customers� static default route injected into rip
� observations� bgp peerings could be established on the tunnel interfaces
� tunnels are as robust as the underlying igp
