1 / 78

--- CCIE R&S Advanced Lab ---

--- CCIE R&S Advanced Lab ---. --- Session 5 BGP, Multicast ---. BGP Topics Covered. BGP Confederation Order/Preference Aggregation Security Peer Groups Dampening. BGP. Know where BGP is located on the DOC CD How can BGP be manipulated. BGP Confederations. Remove private AS.

elvis
Download Presentation

--- CCIE R&S Advanced Lab ---

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. --- CCIE R&S Advanced Lab --- --- Session 5 BGP, Multicast ---

  2. BGP Topics Covered • BGP Confederation • Order/Preference • Aggregation • Security • Peer Groups • Dampening

  3. BGP • Know where BGP is located on the DOC CD • How can BGP be manipulated

  4. BGP Confederations

  5. Remove private AS • Uses private AS for internal • Need to remove the private AS information

  6. BGP Path Selection • If the path specifies a next hop that is inaccessible, drop the update. • Prefer the path with the largest weight. • If the weights are the same, prefer the path with the largest local preference. • If the local preferences are the same, prefer the path that was originated by BGP running on this router. • If no route was originated, prefer the route that has the shortest AS_path. • If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than incomplete). • If the origin codes are the same, prefer the path with the lowest MED attribute. • If the paths have the same MED, prefer the external path over the internal path. • If the paths are still the same, prefer the path through the closest IGP neighbor. • Prefer the path with the lowest IP address, as specified by the BGP router ID.

  7. Aggregating BGP Networks • Aggregating BGP Networks • Aggregation creates summary routes (called aggregates) from networks already in BGP table • Individual networks could be announced or suppressed Summarization is called aggregation in BGP • Aggregation creates summary routes (called aggregates) from networks already in BGP table • Individual networks could be announced or suppressed

  8. Configuring Aggregation • router bgp as-number • aggregate-address address-prefixmask • Specify aggregation range in BGP routing process • The aggregate will be announced if there is at least one network in the specified range in the BGP table • Individual networks will still be announced in outgoing BGP updates

  9. Configuring BGP Communities • BGP communities are configured in the following steps: • Configure BGP community propagation • Define BGP community-lists to match BGP communities • Configure route-maps that match on community-lists and filter routes or set other BGP attributes • Apply route-maps to incoming or outgoing updates

  10. Community Setting Through Route-Map • route-map name • match condition • set community value [ value … ] [additive] • Any number of communities can be specified • Communities specified in the set keyword overwrites existing communities unless you specify the additive option

  11. router(config-router)# neighbor ip-address route-map map in | out router(config-router)# redistribute protocol route-map map • Applies a route-map to redistributed routes Attaching Communities to a Route • Applies a route-map to inbound or outbound BGP updates • The route-map can set BGP communities or other BGP attributes

  12. router(config-router)# neighbor ip-addresssend-community Configure Community Propagation • By default, communities are stripped in outgoing BGP updates • Community propagation to BGP neighbors has to be manually configured

  13. Related Commands • Set community none – Removes all community attributes • Set comm-list delete – Removes specific communities ip community-list 1 permit 200:100 route map REM_COM permit 10 set comm-list 1 delete • Set community additive – Appends to existing communities set community 450 additive • ip community-list 1 permit 200:10 – Matches any route that has 200:10 • ip community-list 3 permit 200:10 100:10 - Matches any route that has either or both communities

  14. AS Path Filtering • Several scenarios require BGP route filtering based on AS-path • Announce only local routes to the ISP - AS-path needs to be empty • Select routes based on a specific AS-number in the AS-path • Accept routes for specific AS only from some BGP neighbors • AS-path filters use regular expressions

  15. Regular Expressions - Matching Delimiters • ^ matches beginning of string • $ matches end of string • _ matches any delimiter (beginning, end, white space, tab, comma)

  16. Regular Expressions - Operators • * matches zero or more instances • ? matches zero or one instances • + matches one or more instances • . Matches any single character • [ ] Matches characters or a range of characters

  17. Sample Regular Expressions • Going through AS 100 • Directly connected to AS 100 • Originated in AS 100 • networks behind AS 100 • AS paths one AS long • networks originated in local AS • matches everything • _100_ • ^100$ • _100$ • ^100_.* • ^ [0-9]+$ • ^$ • .*

  18. Configuring BGP AS-path Filters R1(config)# ip as-path access-list number permit | deny regexp • Configures AS-path access list R1(config-router)# neighbor ip-address filter-list as-path-filter in | out • Configures inbound or outbound AS-path filter for specified BGP neighbor

  19. Conditional Route Injection • Used to inject more specific routes into BGP based on existence of certain routes • R1(config)# router bgp 50000 • R1(config-router)# bgp inject-map ORIGIN exist-map LEARNED copy-attributes • R1(config)# ip prefix-list ROUTE permit 10.1.1.0/24 • R1(config)# ip prefix-list ROUTE_SOURCE permit 10.2.1.1/32 • R1(config)# ip prefix-list ORIGINATED_ROUTES permit 10.1.1.0/25 • R1(config)# route-map LEARNED permit 10 • R1(config-route-map)# match ip address prefix-list ROUTE • R1(config-route-map)# match ip route-source prefix-list ROUTE_SOURCE • R1(config)# route-map ORIGIN permit 10 • R1(config-route-map)# set ip address prefix-list ORIGINATED_ROUTES

  20. BGP Authentication • Authentication is MD5 • Configured on a per neighbor basis • R1(config)# router bgp 10 • R1(config-router)# neighbor 10.1.1.2 remote-as 10 • R1(config-router)# neighbor 10.1.1.2 password CISCO • R2(config)# router bgp 10 • R2(config-router)# neighbor 10.1.1.1 remote-as 10 • R2(config-router)# neighbor 10.1.1.1 password CISCO

  21. Route Flap Dampening • Every time an eBGP route flaps it gets 1000 penalty points (only for eBGP) • The penalty placed on a route is decayed using the exponential decay algorithm • When the penalty exceeds “suppress limit”, the route is dampened (no longer used or propagated to other neighbors) • A dampened route is propagated when the penalty points drops below “reuse limit”

  22. Configuring BGP Route Flap Dampening R1(config-router)# bgp dampening [half-timereuse-limitsuppress-limit max-suppress] [route-map route-map] • Parameter meaning: • Half-time Exponential decay half-time (time in which the penalty is halved) • Suppress-limit Penalty value where the route is starting to be dampened • Reuse-limit Penalty value where the dampened route is reused • Max-suppress Maximum suppression time • Route-map controls where BGP route dampening is enabled

  23. Default BGP Dampening Parameter Values • The following default dampening parameter values are used if you don’t specify them: • half-time 15 minutes • per-flap penalty 1,000 (non-configurable) • suppress limit 2,000 • reuse limit 750 • max-suppress-time 60 minutes

  24. Limiting the Number of Routes Received from a Neighbor • Problem definition: • A misconfigured BGP neighbor can send a huge number of prefixes that exhaust router’s memory or overload the CPU • All other filtering mechanisms only specify what we’re willing to accept but not how much • Need to control the number of prefixes received from a neighbor

  25. Maximum-Prefix Command R1(config-router)# neighbor ip-address maximum-prefix maximum [threshold] [warning-only] • Controls how many prefixes can be received from a neighbor • Optional threshold parameter specifies the percentage where a warning message is logged (default is 75%) • Optional warning-only keyword specifies the action on exceeding the maximum number (default is to drop neighborship)

  26. --- CCIE R&S Advanced Lab --- --- Session 5 continued, Multicast ---

  27. Multicast • Address • RPF • Dense / Sparse mode • Source / shared tree • Static RP • Auto-RP • BSR • B-M-B • MSDP / Anycast

  28. Multicast Address Range

  29. Reverse Path Forwarding

  30. RPF Calculation

  31. RPF with two paths

  32. Multicast Distribution Trees Dense Mode uses Source Push Technology

  33. Shared Distribution Tree Sparse mode uses Shared Pull Technology

  34. Characteristics of Distribution Trees Characteristics of Distribution Trees

  35. Multicast Tree Creation

  36. PIM Sparse Mode

  37. How does the network know about the RP?

  38. Static RPs

  39. Auto RP • Uses • Intended for PIMv1 • C_RP Candidates • Mapping Agent (Collects announcements and sends RP discovery messages on 224.0.1.40) • The RPs announce on 224.0.1.39 • Recommended to locate C_RP and Mapping Agent on same router • Uses dense mode to find the RP

  40. Auto-RP configured

  41. BSR Overview PIM join messages that might inadvertently cross the border ip pim bsr-border

  42. Configuring BSR Hash Mask Priority

  43. Anycast – RP Overview

  44. MSDP MSDP

  45. Anycast RP

  46. Anycast RP - cont.

  47. Broadcast-Multicast-Broadcast interface serial 0 ip pim sparse-mode ip multicast helper-map 239.1.1.1 131.1.1.255 105 interface ethernet 1 ip directed-broadcast access-list 105 permit udp host 126.1.22.1 any eq 4000 ip forward-protocol udp 4000 126.1.22.1 126.1.22.255 interface ethernet 0 ip pim sparse-mode ip multicast helper-map broadcast 239.1.1.1 105 access-list 105 permit udp host 126.1.22.1 host 126.1.22.255 eq 4000 ip forward-protocol udp 4000

  48. --- CCIE R&S Advanced Lab --- --- Session 6 QOS, Security ---

  49. QOS • Modular QoS CLI (MQC) • LLQ • CAR – Committed Access Rate • WRED, CBWRED • Marking • Shaping, FRTS • Fragmenting • NBAR – Network Based Application Recognition

  50. MQC Class-maps • class-map [match-all | match-any] Lab (match all is the default) • match xxx • match yyy • match ? Classify • input interface f0/0 • destination Mac address • source Mac address • fr-de, fr-dlci • cos, dscp, IP-prec • any • access-group • protocol NBAR(download PDLMs) • CEF requires • Can run ip protocol NBAR protocol discovery • packet length min or max

More Related