Title: Border Gateway Protocol (BGP4)
1Border Gateway Protocol (BGP4)
2Border Gateway Protocol (BGP)
- Routing/Forwarding basics
- Building blocks
- Exercises
- BGP protocol basics
- Exercises
- BGP path attributes
- Best path computation
- Exercises
3Border Gateway Protocol (BGP)...
- Typical BGP topologies
- Routing Policy
- Exercises
- Redundancy/Load sharing
- Best current practices
4Routing/ForwardingBasics
5IP route lookupLongest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
6IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.0.0.0 is equal to 10.0.0.0
FF.0.0.0
Match!
7IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.FF.0.0 is equal to 10.1.0.0
FF.FF.0.0
Match as well!
8IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.0.0.0 is equal to 20.0.0.0
FF.0.0.0
Does not match!
9IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
Packet Destination IP address 10.1.1.1
R4
R2
10.1/16
Longest match, 16 bit netmask
10IP route lookup Longest match routing
- default is 0.0.0.0/0
- can handle it using the normal longest match
algorithm - matches everything. Always the shortest match.
11Forwarding
- Uses the routing table built by routing protocols
- Performs the lookup to find next-hop and outgoing
interface - Switches the packet with new encapsulation as per
the outgoing interface
12Building Blocks
- Autonomous System (AS)
- Types of Routes
- IGP/EGP
- DMZ
- Policy
- Egress
- Ingress
13Autonomous System (AS)
AS 100
- Collection of networks with same policy
- Single routing protocol
- Usually under single administrative control
- IGP to provide internal connectivity
14Autonomous System(AS)...
- Identified by AS number
- Public Private AS numbers
- Examples
- Service provider
- Multi-homed customers
- Anyone needing policy discrimination
15Routing flow and packet flow
packet flow
egress
announce
accept
AS2
AS 1
Routing flow
announce
accept
ingress
- For networks in AS1 and AS2 to communicate
- AS1 must announce routes to AS2
- AS2 must accept routes from AS1
- AS2 must announce routes to AS1
- AS1 must accept routes from AS2
packet flow
16Egress Traffic
- Packets exiting the network
- Based on
- Route availability (what others send you)
- Route acceptance (what you accept from others)
- Policy and tuning (what you do with routes from
others) - Peering and transit agreements
17Ingress Traffic
- Packets entering your network
- Ingress traffic depends on
- What information you send and to who
- Based on your addressing and ASes
- Based on others policy (what they accept from
you and what they do with it)
18Types of Routes
- Static Routes
- configured manually
- Connected Routes
- created automatically when an interface is up
- Interior Routes
- Routes within an AS
- Exterior Routes
- Routes exterior to AS
19What Is an IGP?
- Interior Gateway Protocol
- Within an Autonomous System
- Carries information about internal prefixes
- ExamplesOSPF, ISIS, EIGRP
20What Is an EGP?
- Exterior Gateway Protocol
- Used to convey routing information between ASes
- De-coupled from the IGP
- Current EGP is BGP4
21Why Do We Need an EGP?
- Scaling to large network
- Hierarchy
- Limit scope of failure
- Define administrative boundary
- Policy
- Control reachability to prefixes
22Interior vs. Exterior Routing Protocols
- Interior
- Automatic discovery
- Generally trust your IGP routers
- Routes go to all IGP routers
- Exterior
- Specifically configured peers
- Connecting with outside networks
- Set administrative boundaries
23Hierarchy of Routing Protocols
BGP4
24Demilitarized Zone (DMZ)
A
C
DMZ Network
AS 100
AS 101
B
D
E
AS 102
- Shared network between ASes
25Addressing - ISP
- Need to reserve address space for its network.
- Need to allocate address blocks to its customers.
- Need to take growth into consideration
- Upstream link address is allocated by upstream
provider
26BGP Basics
- Terminology
- Protocol Basics
- Messages
- General Operation
- Peering relationships (EBGP/IBGP)
- Originating routes
27Terminology
- Neighbor
- Configured BGP peer
- NLRI/Prefix
- NLRI - network layer reachability information
- Reachability information for a IP address mask
- Router-ID
- Highest IP address configured on the router
- Route/Path
- NLRI advertised by a neighbor
28Protocol Basics
Peering
A
C
AS 100
AS 101
B
D
E
- Routing protocol used between ASes
- if you arent connected to multiple ASes, you
dont need BGP ) - Runs over TCP
- Path vector protocol
- Incremental update
AS 102
29BGP Basics ...
- Each AS originates a set of NLRI
- NLRI is exchanged between BGP peers
- Can have multiple paths for a given prefix
- Picks the best path and installs in the IP
forwarding table - Policies applied (through attributes) influences
BGP path selection
30BGP Peers
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP speakers are called peers
AS 102
Peers in different ASsare called External Peers
220.220.32.0/24
Note eBGP Peers normally should be directly
connected.
31BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP speakers are called peers
AS 102
Peers in the same ASare called Internal Peers
220.220.32.0/24
Note iBGP Peers dont have to be directly
connected.
32BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP Peers exchange Update messages containing
Network Layer Reachability Information (NLRI)
AS 102
220.220.32.0/24
33Configuring BGP Peers
AS 101
AS 100
222.222.10.0/30
220.220.8.0/24
220.220.16.0/24
.2
.2
.1
.2
.1
.1
- BGP Peering sessions are established using the
BGP neighbor configuration command
- External (eBGP) is configured when AS numbers are
different
34Configuring BGP Peers
AS 101
AS 100
222.222.10.0/30
220.220.8.0/24
220.220.16.0/24
.2
.2
.1
.2
.1
.1
- BGP Peering sessions are established using the
BGP neighbor configuration command
- External (eBGP) is configured when AS numbers are
different
- Internal (iBGP) is configured when AS numbers are
same
35Configuring BGP Peers
AS 100
- Each iBGP speaker must peer with every other
iBGP speaker in the AS
36Configuring BGP Peers
AS 100
- Loopback interface are normally used aspeer
connection end-points
37Configuring BGP Peers
AS 100
A
38Configuring BGP Peers
AS 100
A
39Configuring BGP Peers
AS 100
A
40BGP Updates NLRI
- Network Layer Reachability Information
- Used to advertise feasible routes
- Composed of
- Network Prefix
- Mask Length
41BGP Updates Attributes
- Used to convey information associated with NLRI
- AS path
- Next hop
- Local preference
- Multi-Exit Discriminator (MED)
- Community
- Origin
- Aggregator
42AS-Path Attribute
- Sequence of ASes a route has traversed
- Loop detection
- Apply policy
AS 100
AS 200
170.10.0.0/16
180.10.0.0/16
Network Path 180.10.0.0/16 300 200
100 170.10.0.0/16 300 200
AS 300
AS 400
150.10.0.0/16
Network Path 180.10.0.0/16 300 200
100 170.10.0.0/16 300 200 150.10.0.0/16 300 400
AS 500
43Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2
192.20.2.0/30
.1
- Next hop to reach a network
- Usually a local network is the next hop in eBGP
session
AS 100
160.10.0.0/16
44Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2
- Next hop to reach a network
- Usually a local network is the next hop in eBGP
session
192.20.2.0/30
.1
AS 100
160.10.0.0/16
- Next Hop updated betweeneBGP Peers
45Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2
- Next hop not changedbetween iBGP peers
192.20.2.0/30
.1
AS 100
160.10.0.0/16
46Next Hop Attribute (more)
- IGP should carry route to next hops
- Recursive route look-up
- Unlinks BGP from actual physical topology
- Allows IGP to make intelligent forwarding decision
47BGP Updates Withdrawn Routes
- Used to withdraw network reachability
- Each Withdrawn Route is composed of
- Network Prefix
- Mask Length
48BGP Updates Withdrawn Routes
AS 321
AS 123
192.168.10.0/24
.1
.2
x
192.192.25.0/24
49BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP network commands are normally used to
populate the BGP RIB with routes from the Route
Table
Route Table
50BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gt 160.10.0.0/16 0.0.0.0 i i
192.20.2.2 i sgt 160.10.1.0/24 192.20.2.2
i sgt 160.10.3.0/24 192.20.2.2 i
router bgp 100 network 160.10.0.0
255.255.0.0 aggregate-address 160.10.0.0
255.255.0.0 summary-only no auto-summary
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP aggregate-address commands may be used to
install summary routes in the BGP RIB
Route Table
51BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gt 160.10.0.0/16 0.0.0.0 i i
192.20.2.2 i sgt 160.10.1.0/24 192.20.2.2
i sgt 160.10.3.0/24 192.20.2.2 i
gt 192.1.1.0/24 192.20.2.2 ?
router bgp 100 network 160.10.0.0
255.255.0.0 redistribute static route-map foo
no auto-summary access-list 1 permit 192.1.0.0
0.0.255.255 route-map foo permit 10 match ip
address 1
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP redistribute commands can also be used to
populate the BGP RIB with routes from the Route
Table
Route Table
52BGP Routing Information Base
IN Process
OUT Process
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
173.21.0.0/16 192.20.2.1 100
gt
- BGP in process
- receives path information from peers
- results of BGP path selection placed in the BGP
table
- best path flagged (denoted by gt)
53BGP Routing Information Base
OUT Process
IN Process
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
gt 173.21.0.0/16 192.20.2.1 100
192.20.2.1
- BGP out process
- builds update using info from RIB
- may modify update based on config
54BGP Routing Information Base
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i gt
173.21.0.0/16 192.20.2.1 100
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
- Best paths installed in routing table if
- prefix and prefix length are unique
- lowest protocol distance
B 173.21.0.0/16
Route Table
55The Bible other resources
- Route-views.oregon-ix.net
- Internet Routing Architectures
- Bassam Halabi
- pg. 168 BGP Decision Process Summary
56Types of BGP Messages
- OPEN
- To negotiate and establish peering
- UPDATE
- To exchange routing information
- KEEPALIVE
- To maintain peering session
- NOTIFICATION
- To report errors (results in session reset)
57Internal BGP Peering (IBGP)
- BGP peer within the same AS
- Not required to be directly connected
- Maintain full IBGP mesh or use Route Reflection
58External BGP Peering (EBGP)
A
AS 100
AS 101
C
B
- Between BGP speakers in different AS
- Directly connected or peering address is reachable
59An Example
35.0.0.0/8
AS3561
A
AS200
F
B
AS21
C
D
AS101
AS675
E
Learns about 35.0.0.0/8 from F D
60Basic BGP commands
- Configuration commands
- router bgp ltAS-numbergt
- neighbor ltip addressgt remote-as ltas-numbergt
- Show commands
- show ip bgp summary
- show ip bgp neighbors
61Originating routes...
- Using network command or redistribution
- network ltipaddressgt
- redistribute ltprotocol namegt
- Requires the route to be present in the routing
table
62Originating routes/Inserting prefixes into BGP
- network command
- network 198.10.4.0 mask 255.255.254.0
- ip route 198.10.0.0 255.255.254.0 serial 0
- matching route must exist in the routing table
before network is announced! - Origin IGP
63Update message
- Withdrawn routes
- Path Attributes
- Advertised routes
64Stable IBGP peering
- Unlinks IBGP peering from physical topology.
- Carry loopback address in IGP
- router ospf ltIDgt
- passive-interface loopback0
- Unlink peering from physical topology
- router bgp ltAS1gt
- neighbor ltx.x.x.xgt remote-as ltAS1gt
- neighbor ltx.x.x.xgt update-source loopback0
65BGP4 continued...
66BGP Path Attributes Why ?
- Encoded as Type, Length Value (TLV)
- Transitive/Non-Transitive attributes
- Some are mandatory
- Used in path selection
- To apply policy for steering traffic
67BGP Path Attributes...
- Origin
- AS-path
- Next-hop
- Multi-Exit Discriminator (MED)
- Local preference
- BGP Community
- Others...
68AS-PATH
- Updated by the sending router with its AS number
- Contains the list of AS numbers the update
traverses. - Used to detect routing loops
- Each time the router receives an update, if it
finds its AS number, it discards the update
69AS-Path
- Sequence of ASes a route has traversed
- Loop detection
AS 100
AS 200
170.10.0.0/16
180.10.0.0/16
180.10.0.0/16 dropped
AS 300
AS 400
150.10.0.0/16
180.10.0.0/16 300 200 100 170.10.0.0/16 300
200 150.10.0.0/16 300 400
AS 500
70Next-Hop
150.10.1.1
150.10.1.2
AS 200
AS 300
150.10.0.0/16
A
B
150.10.0.0/16 150.10.1.1 160.10.0.0/16
150.10.1.1
AS 100
- Next hop router to reach a network
- Advertising router/Third party in EBGP
- Unmodified in IBGP
160.10.0.0/16
Cisco Systems Confidential
20
0799_04F7_c2
71Third Party Next Hop
AS 200
192.68.1.0/24 150.1.1.3
C
150.1.1.1
peering
150.1.1.3
150.1.1.2
A
B
192.68.1.0/24
AS 201
- More efficient, but bad idea!
72Next Hop...
- IGP should carry route to next hops
- Recursive route look-up
- Unlinks BGP from actual physical topology
- Allows IGP to make intelligent forwarding decision
73Local Preference
- Not for EBGP, mandatory for IBGP
- Default value is 100 on Ciscos
- Local to an AS
- Used to prefer one exit over another
- Path with highest local preference wins
74Local Preference
AS 100
160.10.0.0/16
AS 200
AS 300
500
800
E
D
B
A
AS 400
160.10.0.0/16 500 gt 160.10.0.0/16 800
C
75Multi-Exit Discriminator
- Non-transitive
- Represented as a numeric value (0-0xffffffff)
- Used to convey the relative preference of entry
points - Comparable if paths are from the same AS
- Path with lower MED wins
- IGP metric can be conveyed as MED
76Multi-Exit Discriminator (MED)
AS 200
C
preferred
192.68.1.0/24 1000
192.68.1.0/24 2000
A
B
192.68.1.0/24
AS 201
77Origin
- Conveys the origin of the prefix
- Three values
- IGP - Generated using network statement
- ex network 35.0.0.0
- EGP - Redistributed from EGP
- Incomplete - Redistribute IGP
- ex redistribute ospf
- IGP lt EGP lt INCOMPLETE
78Communities
- Transitive, Non-mandatory
- Represented as a numeric value (0-0xffffffff)
- Used to group destinations
- Each destination could be member of multiple
communities - Flexibility to scope a set of prefixes within or
across AS for applying policy
79Community...
Service Provider AS 200
C
D
Community201110
Community201120
A
B
192.68.1.0/24
Customer AS 201
80Synchronization
1880
C
A
D
OSPF
690
35/8
209
- C not running BGP (non-pervasive BGP)
- A wont advertise 35/8 to D until the IGP is in
sync - Turn synchronization off!
- Run pervasive BGP
- router bgp 1880
- no sync
B
81BGP Route Selection (bestpath)Only one path as
the bestpath !
- Route has to be synchronized
- Prefix in forwarding table
- Next-hop has to be accessible
- Next-hop in forwarding table
- Largest weight
- Local to the router
- Largest local preference
- Spread within AS
- Locally sourced
- Via redistribute or network statement
82BGP Route Selection ...
- Shortest AS-path length
- number of ASes in the AS-path attribute
- Lowest origin
- IGP lt EGP lt INCOMPLETE
- Lowest MED
- between paths from same AS
- External over internal
- closest exit from a router
- Closest next-hop
- Lower IGP metric, closer exit from as AS
- Lowest router-id
- Lowest IP address of neighbor
83BGP Route Selection...
AS 100
AS 200
AS 300
D
- Increase AS path attribute length by at least 1
B
A
AS 400s Policy to reach AS100 AS 200 preferred
path AS 300 backup
AS 400
84Stub AS
- Typically no need for BGP
- Point default towards the ISP
- ISP advertises the stub network to Internet
- Policy confined within ISP policy
85Stub AS
AS 101
B
Provider
A
AS 100
Customer
86Multi-homed AS
- Only border routers speak BGP
- IBGP only between border routers
- Exterior routes must be redistributed in a
controlled fashion into IGP or use defaults
87Multi-homed AS
provider
provider
customer
88Service Provider Network
- IBGP used to carry exterior routes
- IGP keeps track of topology
- Full IBGP mesh is required
89Common Service Provider Network
AS 100
AS 200
H
A
B
C
AS 300
provider
D
F
E
G
AS 400
90Routing Policy
- Why?
- To steer traffic through preferred paths
- Inbound/Outbound prefix filtering
- To enforce Customer-ISP agreements
- How ?
- AS based route filtering - filter list
- Prefix based route filtering - distribute list
- BGP attribute modification - route maps
91Distribute list - using IP access lists
-
- access-list 1 deny 10.0.0.0
- access-list 1 permit any
- access-list 2 permit 20.0.0.0
- more access-lists as prefixes are added ...
- router bgp 100
- neighbor 171.69.233.33 remote-as 33
- neighbor 171.69.233.33 distribute-list 1 in
- neighbor 171.69.233.33 distribute-list 2 out
92Filter list rules Regular Expressions
- RE is a pattern to match against an input string
- Used to match against AS-path attribute
- ex 3561.100.1
- Flexible enough to generate complex filter list
rules
93Filter list - using as-path access list
-
- ip as-path access-list 1 permit 3561
- ip as-path access-list 2 deny 35
- ip as-path access-list 2 permit .
- router bgp 100
- neighbor 171.69.233.33 remote-as 33
- neighbor 171.69.233.33 filter-list 1 in
- neighbor 171.69.233.33 filter-list 2 out
94Route Maps
router bgp 300 neighbor 2.2.2.2 remote-as
100 neighbor 2.2.2.2 route-map SETCOMMUNITY
out ! route-map SETCOMMUNITY permit 10 match ip
address 1 match community 1 set community
300100 ! access-list 1 permit 35.0.0.0 ip
community-list 1 permit 100200
95Route-map match set clausesMatch Clauses
Set Clauses
- AS-path
- Community
- IP address
- AS-path prepend
- Community
- Local-Preference
- MED
- Origin
- Weight
- Others...
96Route-map Configuration Example
neighbor lty.y.y.ygt route-map AS200_IN
in ! route-map AS200_IN permit 10 match
community 1 set local-preference 200 ! ip
community-list 1 permit 100200
ISP2
C21
C22
ISP3
neighbor ltx.x.x.xgt route-map AS100_IN
in ! route-map AS100_IN permit 10 set community
100200
Inbound route-map to set community
C32
C31
97Load Sharing Redundancyusing BGP
98Load-sharing - single path
Router A interface loopback 0 ip address
20.200.0.1 255.255.255.255 ! router bgp 100
neighbor 10.200.0.2 remote-as 200 neighbor
10.200.0.2 update-source loopback0 neighbor
10.200.0.2 ebgp-multi-hop 2 ! ip route 10.200.0.2
255.255.255.255 ltDMZ-link1, link2gt
Loopback 0 10.200.0.2
A
AS100
AS200
Loopback 0 20.200.0.1
99Load Sharing - Multiple paths from the same AS
- Router A
- router bgp 100
- neighbor 10.200.0.1 remote-as 200
- neighbor 10.300.0.1 remote-as 200
- maximum-paths 2
A
100
200
NoteA still only advertises one best path to
ibgp peers
100Redundancy - Multi-homing
- Reliable connection to Internet
- 3 common cases of multi-homing
- - default from all providers
- - customer default routes from all
- - full routes from all
101Default from all providers
- Low memory/CPU solution
- Provider sends BGP default
- provider is selected based on IGP metric
- Inbound traffic decided by providers policy
- Can influence using outbound policy, example
AS-path prepend
102Default from all providers
Provider AS 200
Provider AS 300
E
D
B
A
AS 400
C
103Customer default from all providers
- Medium memory and CPU solution
- Granular routing for customer routes and default
for the rest - Inbound traffic decided by providers policy
- Can influence using outbound policy
104Customer routes from all providers
Customer AS 100160.10.0.0/16
Provider AS 200
Provider AS 300
E
D
B
A
C chooses shortest AS path
AS 400
C
105Full routes from all providers
- More memory/CPU
- Full granular routing
- Usually transit ASes take full routes
- Usually pervasive BGP
106Full routes from all providers
AS 100
AS 500
AS 200
AS 300
E
D
B
A
C chooses shortest AS path
AS 400
C
107Best PracticesIGP in Backbone
- IGP connects your backbone together, not your
clients routes - IGP must converge quickly
- IGP should carry netmask information - OSPF,
IS-IS, EIGRP
108Best Practices...Connecting to a customer
- Static routes
- You control directly
- No route flaps
- Shared routing protocol or leaking
- You must filter your customers info
- Route flaps
- BGP for multi-homed customers
109Best Practices...Connecting to other ISPs
- Use BGP4
- Advertise only what you serve
- Take back as little as you can
- Take the shortest exit
110Best Practices...The Internet Exchange
- Long distance connectivity is expensive
- Connect to several providers at a single point
111Q A