Border Gateway Protocol (BGP4)

About This Presentation

Title:

Border Gateway Protocol (BGP4)

Description:

Border Gateway Protocol (BGP) Routing ... BGP peers Can have multiple paths for a given prefix Picks the best path and installs in the IP forwarding table Policies ... – PowerPoint PPT presentation

Number of Views:126

Avg rating:3.0/5.0

Slides: 112

Provided by: Sriha9

Category:

more less

Transcript and Presenter's Notes

Title: Border Gateway Protocol (BGP4)

1
Border Gateway Protocol (BGP4)
2
Border Gateway Protocol (BGP)

Routing/Forwarding basics
Building blocks
Exercises
BGP protocol basics
Exercises
BGP path attributes
Best path computation
Exercises

3
Border Gateway Protocol (BGP)...

Typical BGP topologies
Routing Policy
Exercises
Redundancy/Load sharing
Best current practices

4
Routing/ForwardingBasics
5
IP route lookupLongest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
6
IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.0.0.0 is equal to 10.0.0.0
FF.0.0.0
Match!
7
IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.FF.0.0 is equal to 10.1.0.0
FF.FF.0.0
Match as well!
8
IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
R4
R2
10.1/16
10.1.1.1 FF.0.0.0 is equal to 20.0.0.0
FF.0.0.0
Does not match!
9
IP route lookup Longest match routing
R3
All 10/8 except 10.1/16
Packet Destination IP address 10.1.1.1
R4
R2
10.1/16
Longest match, 16 bit netmask
10
IP route lookup Longest match routing

default is 0.0.0.0/0
can handle it using the normal longest match
algorithm
matches everything. Always the shortest match.

11
Forwarding

Uses the routing table built by routing protocols
Performs the lookup to find next-hop and outgoing
interface
Switches the packet with new encapsulation as per
the outgoing interface

12
Building Blocks

Autonomous System (AS)
Types of Routes
IGP/EGP
DMZ
Policy
Egress
Ingress

13
Autonomous System (AS)
AS 100

Collection of networks with same policy
Single routing protocol
Usually under single administrative control
IGP to provide internal connectivity

14
Autonomous System(AS)...

Identified by AS number
Public Private AS numbers
Examples
Service provider
Multi-homed customers
Anyone needing policy discrimination

15
Routing flow and packet flow
packet flow
egress
announce
accept
AS2
AS 1
Routing flow
announce
accept
ingress

For networks in AS1 and AS2 to communicate
AS1 must announce routes to AS2
AS2 must accept routes from AS1
AS2 must announce routes to AS1
AS1 must accept routes from AS2

packet flow
16
Egress Traffic

Packets exiting the network
Based on
Route availability (what others send you)
Route acceptance (what you accept from others)
Policy and tuning (what you do with routes from
others)
Peering and transit agreements

17
Ingress Traffic

Packets entering your network
Ingress traffic depends on
What information you send and to who
Based on your addressing and ASes
Based on others policy (what they accept from
you and what they do with it)

18
Types of Routes

Static Routes
configured manually
Connected Routes
created automatically when an interface is up
Interior Routes
Routes within an AS
Exterior Routes
Routes exterior to AS

19
What Is an IGP?

Interior Gateway Protocol
Within an Autonomous System
Carries information about internal prefixes
ExamplesOSPF, ISIS, EIGRP

20
What Is an EGP?

Exterior Gateway Protocol
Used to convey routing information between ASes
De-coupled from the IGP
Current EGP is BGP4

21
Why Do We Need an EGP?

Scaling to large network
Hierarchy
Limit scope of failure
Define administrative boundary
Policy
Control reachability to prefixes

22
Interior vs. Exterior Routing Protocols

Interior
Automatic discovery
Generally trust your IGP routers
Routes go to all IGP routers

Exterior
Specifically configured peers
Connecting with outside networks
Set administrative boundaries

23
Hierarchy of Routing Protocols
BGP4
24
Demilitarized Zone (DMZ)
A
C
DMZ Network
AS 100
AS 101
B
D
E
AS 102

Shared network between ASes

25
Addressing - ISP

Need to reserve address space for its network.
Need to allocate address blocks to its customers.
Need to take growth into consideration
Upstream link address is allocated by upstream
provider

26
BGP Basics

Terminology
Protocol Basics
Messages
General Operation
Peering relationships (EBGP/IBGP)
Originating routes

27
Terminology

Neighbor
Configured BGP peer
NLRI/Prefix
NLRI - network layer reachability information
Reachability information for a IP address mask
Router-ID
Highest IP address configured on the router
Route/Path
NLRI advertised by a neighbor

28
Protocol Basics
Peering
A
C
AS 100
AS 101
B
D
E

Routing protocol used between ASes
if you arent connected to multiple ASes, you
dont need BGP )
Runs over TCP
Path vector protocol
Incremental update

AS 102
29
BGP Basics ...

Each AS originates a set of NLRI
NLRI is exchanged between BGP peers
Can have multiple paths for a given prefix
Picks the best path and installs in the IP
forwarding table
Policies applied (through attributes) influences
BGP path selection

30
BGP Peers
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP speakers are called peers
AS 102
Peers in different ASsare called External Peers
220.220.32.0/24
Note eBGP Peers normally should be directly
connected.
31
BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP speakers are called peers
AS 102
Peers in the same ASare called Internal Peers
220.220.32.0/24
Note iBGP Peers dont have to be directly
connected.
32
BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
BGP Peers exchange Update messages containing
Network Layer Reachability Information (NLRI)
AS 102
220.220.32.0/24
33
Configuring BGP Peers
AS 101
AS 100
222.222.10.0/30
220.220.8.0/24
220.220.16.0/24
.2
.2
.1
.2
.1
.1

BGP Peering sessions are established using the
BGP neighbor configuration command

External (eBGP) is configured when AS numbers are
different

34
Configuring BGP Peers
AS 101
AS 100
222.222.10.0/30
220.220.8.0/24
220.220.16.0/24
.2
.2
.1
.2
.1
.1

BGP Peering sessions are established using the
BGP neighbor configuration command

External (eBGP) is configured when AS numbers are
different

Internal (iBGP) is configured when AS numbers are
same

35
Configuring BGP Peers
AS 100

Each iBGP speaker must peer with every other
iBGP speaker in the AS

36
Configuring BGP Peers
AS 100

Loopback interface are normally used aspeer
connection end-points

37
Configuring BGP Peers
AS 100
A
38
Configuring BGP Peers
AS 100
A
39
Configuring BGP Peers
AS 100
A
40
BGP Updates NLRI

Network Layer Reachability Information
Used to advertise feasible routes
Composed of
Network Prefix
Mask Length

41
BGP Updates Attributes

Used to convey information associated with NLRI
AS path
Next hop
Local preference
Multi-Exit Discriminator (MED)
Community
Origin
Aggregator

42
AS-Path Attribute

Sequence of ASes a route has traversed
Loop detection
Apply policy

AS 100
AS 200
170.10.0.0/16
180.10.0.0/16
Network Path 180.10.0.0/16 300 200
100 170.10.0.0/16 300 200
AS 300
AS 400
150.10.0.0/16
Network Path 180.10.0.0/16 300 200
100 170.10.0.0/16 300 200 150.10.0.0/16 300 400
AS 500
43
Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2
192.20.2.0/30
.1

Next hop to reach a network
Usually a local network is the next hop in eBGP
session

AS 100
160.10.0.0/16
44
Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2

Next hop to reach a network
Usually a local network is the next hop in eBGP
session

192.20.2.0/30
.1
AS 100
160.10.0.0/16

Next Hop updated betweeneBGP Peers

45
Next Hop Attribute
AS 300
AS 200
140.10.0.0/16
192.10.1.0/30
150.10.0.0/16
.2
.1
.2

Next hop not changedbetween iBGP peers

192.20.2.0/30
.1
AS 100
160.10.0.0/16
46
Next Hop Attribute (more)

IGP should carry route to next hops
Recursive route look-up
Unlinks BGP from actual physical topology
Allows IGP to make intelligent forwarding decision

47
BGP Updates Withdrawn Routes

Used to withdraw network reachability
Each Withdrawn Route is composed of
Network Prefix
Mask Length

48
BGP Updates Withdrawn Routes
AS 321
AS 123
192.168.10.0/24
.1
.2
x
192.192.25.0/24
49
BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP network commands are normally used to
populate the BGP RIB with routes from the Route
Table
Route Table
50
BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gt 160.10.0.0/16 0.0.0.0 i i
192.20.2.2 i sgt 160.10.1.0/24 192.20.2.2
i sgt 160.10.3.0/24 192.20.2.2 i
router bgp 100 network 160.10.0.0
255.255.0.0 aggregate-address 160.10.0.0
255.255.0.0 summary-only no auto-summary
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP aggregate-address commands may be used to
install summary routes in the BGP RIB
Route Table
51
BGP Routing Information Base
BGP RIB
Network Next-Hop Path
gt 160.10.0.0/16 0.0.0.0 i i
192.20.2.2 i sgt 160.10.1.0/24 192.20.2.2
i sgt 160.10.3.0/24 192.20.2.2 i
gt 192.1.1.0/24 192.20.2.2 ?
router bgp 100 network 160.10.0.0
255.255.0.0 redistribute static route-map foo
no auto-summary access-list 1 permit 192.1.0.0
0.0.255.255 route-map foo permit 10 match ip
address 1
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24
BGP redistribute commands can also be used to
populate the BGP RIB with routes from the Route
Table
Route Table
52
BGP Routing Information Base
IN Process
OUT Process
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
173.21.0.0/16 192.20.2.1 100
gt

BGP in process
receives path information from peers

results of BGP path selection placed in the BGP
table

best path flagged (denoted by gt)

53
BGP Routing Information Base
OUT Process
IN Process
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i
gt 173.21.0.0/16 192.20.2.1 100

192.20.2.1

BGP out process
builds update using info from RIB

may modify update based on config

Sends update to peers

54
BGP Routing Information Base
BGP RIB
Network Next-Hop
Path gti160.10.1.0/24 192.20.2.2
i gti160.10.3.0/24 192.20.2.2 i gt
173.21.0.0/16 192.20.2.1 100
D 10.1.2.0/24 D 160.10.1.0/24 D
160.10.3.0/24 R 153.22.0.0/16 S 192.1.1.0/24

Best paths installed in routing table if

prefix and prefix length are unique
lowest protocol distance

B 173.21.0.0/16
Route Table
55
The Bible other resources

Route-views.oregon-ix.net
Internet Routing Architectures
Bassam Halabi
pg. 168 BGP Decision Process Summary

56
Types of BGP Messages

OPEN
To negotiate and establish peering
UPDATE
To exchange routing information
KEEPALIVE
To maintain peering session
NOTIFICATION
To report errors (results in session reset)

57
Internal BGP Peering (IBGP)

BGP peer within the same AS
Not required to be directly connected
Maintain full IBGP mesh or use Route Reflection

58
External BGP Peering (EBGP)
A
AS 100
AS 101
C
B

Between BGP speakers in different AS
Directly connected or peering address is reachable

59
An Example
35.0.0.0/8
AS3561
A
AS200
F
B
AS21
C
D
AS101
AS675
E
Learns about 35.0.0.0/8 from F D
60
Basic BGP commands

Configuration commands
router bgp ltAS-numbergt
neighbor ltip addressgt remote-as ltas-numbergt
Show commands
show ip bgp summary
show ip bgp neighbors

61
Originating routes...

Using network command or redistribution
network ltipaddressgt
redistribute ltprotocol namegt
Requires the route to be present in the routing
table

62
Originating routes/Inserting prefixes into BGP

network command
network 198.10.4.0 mask 255.255.254.0
ip route 198.10.0.0 255.255.254.0 serial 0
matching route must exist in the routing table
before network is announced!
Origin IGP

63
Update message

Withdrawn routes
Path Attributes
Advertised routes

64
Stable IBGP peering

Unlinks IBGP peering from physical topology.
Carry loopback address in IGP
router ospf ltIDgt
passive-interface loopback0
Unlink peering from physical topology
router bgp ltAS1gt
neighbor ltx.x.x.xgt remote-as ltAS1gt
neighbor ltx.x.x.xgt update-source loopback0

65
BGP4 continued...
66
BGP Path Attributes Why ?

Encoded as Type, Length Value (TLV)
Transitive/Non-Transitive attributes
Some are mandatory
Used in path selection
To apply policy for steering traffic

67
BGP Path Attributes...

Origin
AS-path
Next-hop
Multi-Exit Discriminator (MED)
Local preference
BGP Community
Others...

68
AS-PATH

Updated by the sending router with its AS number
Contains the list of AS numbers the update
traverses.
Used to detect routing loops
Each time the router receives an update, if it
finds its AS number, it discards the update

69
AS-Path

Sequence of ASes a route has traversed
Loop detection

AS 100
AS 200
170.10.0.0/16
180.10.0.0/16
180.10.0.0/16 dropped
AS 300
AS 400
150.10.0.0/16
180.10.0.0/16 300 200 100 170.10.0.0/16 300
200 150.10.0.0/16 300 400
AS 500
70
Next-Hop
150.10.1.1
150.10.1.2
AS 200
AS 300
150.10.0.0/16
A
B
150.10.0.0/16 150.10.1.1 160.10.0.0/16
150.10.1.1
AS 100

Next hop router to reach a network
Advertising router/Third party in EBGP
Unmodified in IBGP

160.10.0.0/16
Cisco Systems Confidential
20
0799_04F7_c2
71
Third Party Next Hop
AS 200
192.68.1.0/24 150.1.1.3
C
150.1.1.1
peering
150.1.1.3
150.1.1.2
A
B
192.68.1.0/24
AS 201

More efficient, but bad idea!

72
Next Hop...

IGP should carry route to next hops
Recursive route look-up
Unlinks BGP from actual physical topology
Allows IGP to make intelligent forwarding decision

73
Local Preference

Not for EBGP, mandatory for IBGP
Default value is 100 on Ciscos
Local to an AS
Used to prefer one exit over another
Path with highest local preference wins

74
Local Preference
AS 100
160.10.0.0/16
AS 200
AS 300
500
800
E
D
B
A
AS 400
160.10.0.0/16 500 gt 160.10.0.0/16 800
C
75
Multi-Exit Discriminator

Non-transitive
Represented as a numeric value (0-0xffffffff)
Used to convey the relative preference of entry
points
Comparable if paths are from the same AS
Path with lower MED wins
IGP metric can be conveyed as MED

76
Multi-Exit Discriminator (MED)
AS 200
C
preferred
192.68.1.0/24 1000
192.68.1.0/24 2000
A
B
192.68.1.0/24
AS 201
77
Origin

Conveys the origin of the prefix
Three values
IGP - Generated using network statement
ex network 35.0.0.0
EGP - Redistributed from EGP
Incomplete - Redistribute IGP
ex redistribute ospf
IGP lt EGP lt INCOMPLETE

78
Communities

Transitive, Non-mandatory
Represented as a numeric value (0-0xffffffff)
Used to group destinations
Each destination could be member of multiple
communities
Flexibility to scope a set of prefixes within or
across AS for applying policy

79
Community...
Service Provider AS 200
C
D
Community201110
Community201120
A
B
192.68.1.0/24
Customer AS 201
80
Synchronization
1880
C
A
D
OSPF
690
35/8
209

C not running BGP (non-pervasive BGP)
A wont advertise 35/8 to D until the IGP is in
sync
Turn synchronization off!
Run pervasive BGP
router bgp 1880
no sync

B
81
BGP Route Selection (bestpath)Only one path as
the bestpath !

Route has to be synchronized
Prefix in forwarding table
Next-hop has to be accessible
Next-hop in forwarding table
Largest weight
Local to the router
Largest local preference
Spread within AS
Locally sourced
Via redistribute or network statement

82
BGP Route Selection ...

Shortest AS-path length
number of ASes in the AS-path attribute
Lowest origin
IGP lt EGP lt INCOMPLETE
Lowest MED
between paths from same AS
External over internal
closest exit from a router
Closest next-hop
Lower IGP metric, closer exit from as AS
Lowest router-id
Lowest IP address of neighbor

83
BGP Route Selection...
AS 100
AS 200
AS 300
D

Increase AS path attribute length by at least 1

B
A
AS 400s Policy to reach AS100 AS 200 preferred
path AS 300 backup
AS 400
84
Stub AS

Typically no need for BGP
Point default towards the ISP
ISP advertises the stub network to Internet
Policy confined within ISP policy

85
Stub AS
AS 101
B
Provider
A
AS 100
Customer
86
Multi-homed AS

Only border routers speak BGP
IBGP only between border routers
Exterior routes must be redistributed in a
controlled fashion into IGP or use defaults

87
Multi-homed AS
provider
provider
customer
88
Service Provider Network

IBGP used to carry exterior routes
IGP keeps track of topology
Full IBGP mesh is required

89
Common Service Provider Network
AS 100
AS 200
H
A
B
C
AS 300
provider
D
F
E
G
AS 400
90
Routing Policy

Why?
To steer traffic through preferred paths
Inbound/Outbound prefix filtering
To enforce Customer-ISP agreements
How ?
AS based route filtering - filter list
Prefix based route filtering - distribute list
BGP attribute modification - route maps

91
Distribute list - using IP access lists

access-list 1 deny 10.0.0.0
access-list 1 permit any
access-list 2 permit 20.0.0.0
more access-lists as prefixes are added ...
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 distribute-list 1 in
neighbor 171.69.233.33 distribute-list 2 out

92
Filter list rules Regular Expressions

RE is a pattern to match against an input string
Used to match against AS-path attribute
ex 3561.100.1
Flexible enough to generate complex filter list
rules

93
Filter list - using as-path access list

ip as-path access-list 1 permit 3561
ip as-path access-list 2 deny 35
ip as-path access-list 2 permit .
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 filter-list 1 in
neighbor 171.69.233.33 filter-list 2 out

94
Route Maps
router bgp 300 neighbor 2.2.2.2 remote-as
100 neighbor 2.2.2.2 route-map SETCOMMUNITY
out ! route-map SETCOMMUNITY permit 10 match ip
address 1 match community 1 set community
300100 ! access-list 1 permit 35.0.0.0 ip
community-list 1 permit 100200
95
Route-map match set clausesMatch Clauses
Set Clauses

AS-path
Community
IP address

AS-path prepend
Community
Local-Preference
MED
Origin
Weight
Others...

96
Route-map Configuration Example
neighbor lty.y.y.ygt route-map AS200_IN
in ! route-map AS200_IN permit 10 match
community 1 set local-preference 200 ! ip
community-list 1 permit 100200
ISP2
C21
C22
ISP3
neighbor ltx.x.x.xgt route-map AS100_IN
in ! route-map AS100_IN permit 10 set community
100200
Inbound route-map to set community
C32
C31
97
Load Sharing Redundancyusing BGP
98
Load-sharing - single path
Router A interface loopback 0 ip address
20.200.0.1 255.255.255.255 ! router bgp 100
neighbor 10.200.0.2 remote-as 200 neighbor
10.200.0.2 update-source loopback0 neighbor
10.200.0.2 ebgp-multi-hop 2 ! ip route 10.200.0.2
255.255.255.255 ltDMZ-link1, link2gt
Loopback 0 10.200.0.2
A
AS100
AS200
Loopback 0 20.200.0.1
99
Load Sharing - Multiple paths from the same AS

Router A
router bgp 100
neighbor 10.200.0.1 remote-as 200
neighbor 10.300.0.1 remote-as 200
maximum-paths 2

A
100
200
NoteA still only advertises one best path to
ibgp peers
100
Redundancy - Multi-homing

Reliable connection to Internet
3 common cases of multi-homing
- default from all providers
- customer default routes from all
- full routes from all

101
Default from all providers

Low memory/CPU solution
Provider sends BGP default
provider is selected based on IGP metric
Inbound traffic decided by providers policy
Can influence using outbound policy, example
AS-path prepend

102
Default from all providers
Provider AS 200
Provider AS 300
E
D
B
A
AS 400
C
103
Customer default from all providers

Medium memory and CPU solution
Granular routing for customer routes and default
for the rest
Inbound traffic decided by providers policy
Can influence using outbound policy

104
Customer routes from all providers
Customer AS 100160.10.0.0/16
Provider AS 200
Provider AS 300
E
D
B
A
C chooses shortest AS path
AS 400
C
105
Full routes from all providers