1 / 152

Deployment and Operation of BGP

TECRST-2310. Deployment and Operation of BGP. Agenda. Introduction to BGP BGP General Operation BGP Attributes and Policy Control BGP Path Selection Algorithm Applying Policy with BGP Multi-Protocol BGP BGP Load Balancing Full Mesh IBGP BGP Route-Reflectors Scaling BGP Updates

chidi
Download Presentation

Deployment and Operation of BGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TECRST-2310 Deployment and Operation of BGP

  2. Agenda Introduction to BGP BGP General Operation BGP Attributes and Policy Control BGP Path Selection Algorithm Applying Policy with BGP Multi-Protocol BGP BGP Load Balancing Full Mesh IBGP BGP Route-Reflectors Scaling BGP Updates BGP Fast Convergence A Little BGP “Show and Tell”

  3. Introduction to BGP

  4. Autonomous System A network sharing the same routing policy Possibly multiple IGPs Usually under single administrative control Contiguous internal connectivity Numbering range form 1 to 65,535—Globally unique—“AS Number” Private range: 64512–65534 Reserved: 0 and 65535

  5. Border Gateway Protocol - BGP BGP is classified as a path vector routing protocol (see RFC 1322) A path vector protocol defines a route as a pairing between a destination and the attributes of the path to that destination. BGP used internally (iBGP) and externally (eBGP) iBGP used to carry Some/all Internet prefixes across ISP backbone ISP’s customer prefixes eBGP used to Exchange prefixes with other Autonomous Systems (ASes) Implement routing policy

  6. BGP Basics eBGP Peering A C AS 101 AS 100 iBGP D B BGP speakers are called peers or neighbors E AS 102

  7. External BGP - eBGP Between BGP speakers in different AS Usually directly connected Usually sets next-hop to self Router A router bgp 1 neighbor 2.0.1.1 remote-as 2 Router B router bgp 2 neighbor 2.0.1.2 remote-as 1 AS 2 2.0.0.0 A .1 2.0.1.0 • neighbor 2.0.1.2 route-map X {in|out} • . • . • route-map X permit 10 • {set | match} <attribute> .2 1.0.0.0 B AS 1

  8. Internal BGP - iBGP Neighbor in same AS Next-hop unchanged…usually May be several hops away Don’t forward iBGP learned routes to other iBGP peers n*(n-1)/2 peering mesh – scaling problem! Route-Reflectors relax this constraint B A • Router B: • router bgp 1 neighbor 1.0.1.1 remote-as 1 • Router A: • router bgp 1 • neighbor 1.0.2.1 remote-as 1

  9. iBGP and Loopback Interfaces RtrA RtrB interface loopback0 interface loopback0 ip address 1.1.1.254 255.255.255.255 ip address 1.1.2.254 255.255.255.255 ! ! Router bgp 100 router bgp 100 neighbor 1.1.2.254 remote-as 100 neighbor 1.1.1.254 remote-as 100 neighbor 1.1.2.254 update-source loopback0 neighbor 1.1.1.254 update-source loopback0 AS 100 RtrB RtrA Why not peer to the address assigned to a physical interface?

  10. Reasons for Using BGP You need to scale your IGP You’re a multihomed ISP customer and need to implement routing policy You’re an MPLS/VPN subscriber to an SP service and want to run dynamic routing between CE and PE routers

  11. Using BGP to Scale Your IGP Scaling a large network—“Divide and Conquer” Hierarchy Periodic IGPs/flooding Isolate network instability Complex policies Control reachability to prefixes Merge separate organizations Connect multiple IGPs

  12. Best Path Selection for Cisco RoutersWhich Route Is Best? First, always take the next-hop advertising the longest prefix (most specific route to destination) Choose next-hop advertising 10.1.1.0/24 over the next-hop advertising 10.1.0.0/16 If two next-hop routers advertising exact same route, refer to Default Administrative distances as index of believability See table on the right Lower is more believable Defaults can be modified if necessary (with caution)

  13. General Operation

  14. BGP General Operation Learns multiple paths via internal and external BGP speakers Picks the best path and installs in the forwarding table Policies applied by influencing the best path selection

  15. Summary of Operation TCP connection established (port 179) Both peers attempt to connect—There is an algorithm to resolve “connection collisions” Exchange messages to open and confirm the connection parameters Initial exchange of entire table Incremental updates after initial exchange Keepalive messages exchanged when there are no updates

  16. What Are Incremental Updates? IGPs typically rebroadcast routes BGP runs over TCP => reliable date delivery Once BGP sends a route to a peer, it assumes the peer will keep it unless: A replacement route is sent—Implicit withdraw of old route The route is withdrawn—Explicit withdraw The BGP session goes down (keepalive failure)

  17. Inserting Prefixes into BGP Two ways to insert/originate prefixes into BGP Redistribute (static or dynamic) Network command Always necessary for default route Default rules for re-advertising BGP learned prefixes to other BGP neighbors eBGP learned routes are sent to all eBGP and iBGP peers ee, ei iBGP learned routes are sent to all eBGP but NO iBGP peers ie Exception: iBGP Route-Reflectors

  18. Inserting Prefixes into BGP - Redistribute Configuration Examples: router bgp 109 redistribute static ip route 198.10.4.0 255.255.254.0 serial0 router bgp 109 redistribute eigrp 100

  19. Inserting Prefixes into BGP - Network Used to tell BGP which networks to advertise to neighbors; unlike IGPs, the network command is not used to determine which interfaces will be active for the protocol; networks must be in the IP routing table in order for them to be advertised Network router bgp 100 neighbor x.x.x.x remote-as Y network 172.16.0.0 If auto-summary is on then a specific route from 172.16.0.0 must be in the routing table; if auto-summary is off then the prefix 172.16.0.0/16 must be in the IP routing table network 172.17.1.0 mask 255.255.255.0 Must be an exact match in the IP routing table

  20. Inserting Prefixes into BGP – Network Command Configuration Example router bgp 109 network 198.10.4.0 mask 255.255.254.0 network 0.0.0.0 A matching route must exist in the routing table before the network is announced Exact prefix length “show ip route x.x.x.x” must return exact route before BGP will advertise Static route can be real next hop or null0 interface ip route 198.10.4.0 255.255.254.0 192.168.1.1 ip route 192.10.4.0 255.255.254.0 null0 ip route 0.0.0.0 0.0.0.0 null0 250

  21. BGP Attributes and Policy Control

  22. Route Metrics OSPF has a dimensionless metric based on interface speed EIGRP has a 5-tuple [(K1 * BW + K2 * BW/(256 – Load) + K3 * Delay) * K5/(K4 + Reliability] * 256 RIP has a hop count BGP has …

  23. BGP Attributes(More Than Just Route Cost…) AS path Next hop Weight Local preference Multi-Exit Discriminator (MED) Community Atomic Origin Originator ID Cluster list

  24. What Is an Attribute? Properties associated with a prefix/route Used to determine the best path to a destination when multiple paths exist Attribute Categories Well-known, mandatory Well-know, discretionary Optional, transitive Optional, non-transitive Next Hop AS Path ... ... ... MED

  25. AS-Path Sequence of ASes a route has traversed Loop detection Apply policy Well-known, Mandatory, Code = 2 AS 200 AS 100 170.10.0.0/16 180.10.0.0/16 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 AS 300 AS 400 150.10.0.0/16 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 150.10.0.0/16 300 400 AS 500

  26. Next Hop Next hop to reach a network Usually a local network is the next hop in eBGP session Well-known, Mandatory, Code = 3 150.10.1.1 150.10.1.2 AS 200 AS 300 150.10.0.0/16 A B 150.10.0.0/16 150.10.1.1 160.10.0.0/16 150.10.1.1 AS 100 160.10.0.0/16

  27. Next Hop Next hop not changed 150.10.1.2 150.10.1.1 C iBGP AS 200 A B 150.10.0.0/16 eBGP AS 300 150.10.0.0/16 150.10.1.1 160.10.0.0/16 150.10.1.1 AS 100 160.10.0.0/16

  28. Local Preference Well-known, Code = 5 AS 100 160.10.0.0/16 AS 200 AS 300 E 500 D 800 B A AS 400 160.10.0.0/16 500 > 160.10.0.0/16 800 C

  29. Local Preference Local to an AS Local preference set to 100 when heard from neighbouring AS Used to influence BGP path selection Determines best path for outbound traffic Path with highest local preference wins

  30. Local Preference Configuration of Router B: router bgp 400 neighbor 220.5.1.1 remote-as 300 neighbor 220.5.1.1 route-map local-pref in ! route-map local-pref permit 10 match ip address prefix-list MATCH set local-preference 800 ! ip prefix-list MATCH permit 160.10.0.0/16 ip prefix-list MATCH deny 0.0.0.0/0 le 32

  31. MULTI_EXIT_DISC (MED or Metric) 4 octets Used by a BGP speaker’s Decision Process to discriminate among multiple entry points into a neighboring autonomous system. If MED is missing, it is assumed MED=0 If bgp bestpath missing-as-worst then it is assumed the MAXIMUM value Optional, Non-transitive, Code = 5

  32. MULTI_EXIT_DISC (MED or Metric) 192.0.1.0 /24 MED = 10 Route with lowest MED wins!! MED 20

  33. How to Scale Routing Policy Communities! NOT in decision algorithm BGP route can be a member of many communities Really just a number for grouping prefixes. Typical communities: Destinations learned from customers Destinations learned from ISPs or peers Destinations in VPN—BGP community is fundamental to the operation of BGP VPNs

  34. BGP Attributes: COMMUNITY Activated per neighbor/peer-group: neighbor {peer-address | peer-group-name} send-community Carried across AS boundaries BGP community values are configured as a 32-bit number (old format) or as a 2x2 byte number (new format). Common convention is stringof four bytes: <AS>:[0-65536]

  35. IP BGP-Community New-Format Specifies that communities be displayed in a 4-byte AA:NN format AA identifies the autonomous system NN is a number that identifies the community within the autonomous system. r2#show ip bgp 10.10.1.0/24 BGP routing table entry for 65001:100:10.10.1.0/24, version 9 <snip> Community: 6553700 r2 (config)#ip bgp-community new-format r2#show ip bgp 10.10.1.0/24 BGP routing table entry for 65001:100:10.10.1.0/24, version 9 <snip> Community: 100:100

  36. BGP Attributes: COMMUNITY (Cont.) Each destination can be a member of multiple communities Using a route-map: set community <1-4294967295> community number aa:nn community number in aa:nn format additive Add to the existing community none No community attribute local-AS Do not send to EBGP peers (well-known community) no-advertise Do not advertise to any peer (well-known community) no-export Do not export outside AS/confed (well-known community)

  37. BGP Path Selection Algorithm

  38. BGP Path Selection Algorithm Do not consider path if no route to next hop Example: Router learns a route from an eBGP peer and then advertises to an iBGP peer. If the iBGP peer does not know how to reach the next hop the route is rejected. iBGP usually does not change the next hop. Do not consider iBGP path if not synchronized

  39. Synchronization A BGP Router Will Not Accept a Route from an iBGP Neighbor Unless the Route Is Already in the IP Routing Table Rtr B Rtr A Rtr C iBGP eBGP eBGP • Rtr B does not know about 172.16.0.0; therefore, Rtr C should not advertise 172.16.0.0 to Rtr D • Redistribute 172.16.0.0 into IGP, use a full iBGP mesh or disable synchronization if iBGP path = physical path. Rtr D 172.16.0.0

  40. BGP Path Selection Algorithm Highest weight (local to router) Highest local preference (global within AS) Prefer locally originated route (aggregate address) Shortest AS path

  41. BGP Path Selection Algorithm (Cont.) Lowest origin code IGP < EGP < incomplete IGP – network command EGP – from an eBGP neighbor Incomplete - redistribution Lowest Multi-Exit Discriminator (MED) If bgp deterministic-med, order the paths before comparing (not the default but recommend using it) If bgp always-compare-med, then compare for all paths otherwise MED only considered if paths are from the same AS (default)

  42. BGP Path Selection Algorithm (Cont.) Prefer eBGP path over iBGP path Path with lowest IGP metric to next-hop For eBGP paths If multipath enabled, install N parallel paths in routing table If router-ID is the same, go to next step If router-ID not the same, select “oldest”

  43. BGP Path Selection Algorithm (Cont.) Lowest router-id (originator-id for reflected routes) Shortest Cluster-List Client must be aware of Route Reflector attributes! Lowest neighbor IP address

  44. Applying Policy with BGP

  45. Constructing the Forwarding Table Input policies discarded BGP in process in accepted everything bgp peer BGP table forwarding table best paths BGP out process out output policies

  46. Applying Policy with BGP Policy based on various attributes: AS path Community Destination prefix Many, many others… Reject/accept selected routes Set attributes to influence path selection Tools (IOS): Distribute-list or prefix-list Filter-list (as-path access-list) Community-list Route-maps (the Swiss army knife)

  47. Policy Control - Prefix List Per-peer prefix filter, inbound or outbound Allows coverage for ranges of prefix lengths (ge, le) Based upon network numbers in NLRI (using familiar IPv4 address/mask format) Example configuration: router bgp 200 neighbor 220.200.1.1 remote-as 210 neighbor 220.200.1.1 prefix-list PEER-IN in neighbor 220.200.1.1 prefix-list PEER-OUT out ! ip prefix-list PEER-IN deny 218.10.0.0/16 ip prefix-list PEER-IN permit 0.0.0.0/0 le 32 ip prefix-list PEER-OUT permit 215.7.0.0/16 ip prefix-list PEER-OUT deny 0.0.0.0/0 le 32

  48. Policy Control - Prefix List a.b.c.d/x [ge | eq | le] y • care vs. don’t care bits • base prefix length to match • operator • operand ip prefix-list PEER-IN permit 10.0.0.0/8 le 32 • 10.0.0.8/8 le 32 = all 10.x.x.x subnets, regardless of mask length • (e.g. 10.1.2.4/24, 10.1.1.1/32, 10.1.0.0/16)

  49. Policy Control - Prefix List More Examples: 0.0.0.0/0 eq 32 = all /32 prefixes (e.g. 1.2.3.4/32) 192.168.1.0/24 = 192.168.1.0/24 eq 24 (ONLY 192.168.1.0/24) 172.16.0.0/16 ge 28 = all subnets from 172.16.0.0/16 that have a mask length of /28 or greater (e.g. 172.16.4.0/28)

  50. Policy Control - Filter List Filter routes based on AS path Inbound or Outbound Example Configuration: router bgp 100 neighbor 220.200.1.1 filter-list 5 out neighbor 220.200.1.1 filter-list 6 in ! ip as-path access-list 5 permit ^200$ ip as-path access-list 6 permit ^150$

More Related