Académique Documents
Professionnel Documents
Culture Documents
Practices
ISP Workshops
Configuring BGP
Where do we start?
All best paths on the local router are passed to the neighbour
All routes announced by the neighbour are received by the
local router
Can have disastrous consequences
is used
Internally (iBGP)
n Externally (eBGP)
n
p iBGP
is used to carry:
p eBGP
is used to:
NOT:
p YOUR
Aggregation
Aggregation
p
p
10
11
Aggregation
p Address
p Aggregate
n
12
Example
13
Announcing an Aggregate
p
p
For IPv4:
p
p
p
For IPv6:
p
Aggregation Example
100.10.10.0/23
100.10.0.0/24
100.10.4.0/22
customer
Internet
p
p
AS100
100.10.10.0/23
15
n
n
n
n
n
n
n
Aggregation Example
100.10.0.0/19
100.10.0.0/19
aggregate
customer
Internet
p
p
AS100
100.10.10.0/23
p
p
Aggregation Summary
p Good
do!
p Bad
19
n
n
579519
213882
282120
189985
317953
52493
n
n
www.cidr-report.org
(covers both IPv4 and IPv6 BGP tables)
24
25
26
Importance of Aggregation
p
This is a problem
Bigger table takes longer for CPU to process
BGP updates take longer to deal with
BGP Instability Report tracks routing system update
activity
bgpupdates.potaroo.net/instability/bgpupd.html
27
28
29
Receiving Prefixes
30
Receiving Prefixes
p There
p Each
31
Receiving Prefixes:
From Customers
p
Receiving Prefixes:
From Customers
p
Receiving Prefixes:
From Customers
p
For Example:
n
n
n
Configuration on upstream
router bgp 100
neighbor 102.102.10.1 remote-as 101
neighbor 102.102.10.1 prefix-list customer in
neighbor 102.102.10.1 prefix-list default out
!
ip prefix-list customer permit 100.50.0.0/20
!
ip prefix-list default permit 0.0.0.0/0
35
Receiving Prefixes:
From Peers
p A
36
Receiving Prefixes:
From Peers
p Agreeing
other:
https://github.com/irrtoolset/irrtoolset
37
For Example:
n
remote-as 101
prefix-list my-peer in
permit 220.50.0.0/16
permit 61.237.64.0/18
permit 81.250.128.0/17
deny 0.0.0.0/0 le 32
38
Receiving Prefixes:
From Upstream/Transit Provider
p
p
originate a default-route
OR
announce one prefix you can use as default
39
Receiving Prefixes:
From Upstream/Transit Provider
p Downstream
Router Configuration
40
Receiving Prefixes:
From Upstream/Transit Provider
p Upstream
Router Configuration
41
Receiving Prefixes:
From Upstream/Transit Provider
p
For IPv4:
n
For IPv6:
n
42
Receiving Prefixes:
From Upstream/Transit Provider
p
43
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
Default
RFC1122 local host
RFC1918
RFC6598 shared addr
Local prefix
Loopback
Auto-config
RFC1918
RFC6598 IETF proto
TEST1
RFC1918
Benchmarking
TEST2
TEST3
Multicast & Expmnt
44
Prefixes >/24
!
!
!
!
!
!
!
!
!
!
!
RFC6052 v4v6trans
Teredo
RFC2928 IETF prot
Benchmarking
ORCHID
Documentation
6to4
6to4 subnets
Local Prefix
Old 6bone
Global Unicast
45
Receiving Prefixes
p Paying
p Responsibility
46
47
p Point
48
Router Configuration:
network statement
p Example:
interface loopback 0
ip address 215.17.3.1 255.255.255.255
!
interface Serial 5/0
ip unnumbered loopback 0
ip verify unicast reverse-path
!
ip route 215.34.10.0 255.255.252.0 Serial 5/0
!
router bgp 100
network 215.34.10.0 mask 255.255.252.0
!
49
p Many
50
Router Configuration:
redistribute static
p Example:
ip route 215.34.10.0 255.255.252.0 Serial 5/0
!
router bgp 100
redistribute static route-map static-to-bgp
<snip>
!
route-map static-to-bgp permit 10
match ip address prefix-list ISP-block
set origin igp
set community 100:1000
<snip>
!
ip prefix-list ISP-block permit 215.34.10.0/22 le 30
51
p Be
n
52
Summary
p Best
Practices Covered:
53
Configuration Tips
Of passwords, tricks and
templates
p Make
iBGP: Next-hop-self
p BGP
p Even
*> 3FFE:1600::/24
22 11537 145 12199 10318 10566 13193 1930 2200
3425 293 5609 5430 13285 6939 14277 1849 33 15589 25336 6830 8002 2042
7610 i
*>i193.105.15.0
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404 50404 50404
50404
50404
50404
50404
50404
50404
50404
50404
2516 3257
50404 50404
50404 50404
50404 50404
50404 50404
50404 50404
50404 50404
50404 50404
50404 50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
50404
i
p
p
ISP
TTL 254
R1
Attacker
AS 100
R2
TTL 253
TTL 254
TTL Hack:
n
n
n
Templates
p
iBGP Template
Example
p
p
iBGP Template
Example continued
p
eBGP Template
Example
p
BGP damping
n
n
eBGP Template
Example continued
p
p
p
p
Summary
p
p
p
p
p
68