Académique Documents
Professionnel Documents
Culture Documents
(BGP4)
Border Gateway Protocol (BGP)
• Routing/Forwarding basics
• Building blocks
• Exercises
• BGP protocol basics
• Exercises
• BGP path attributes
• Best path computation
• Exercises
Border Gateway Protocol (BGP)...
R1 R2 R4
10/8 -> R3
10.1/16
10.1/16 -> R4
20/8 -> R5
30/8 -> R6
…..
R2’s IP routing table
IP route lookup: Longest match
routing
R3
All 10/8 except
Packet: Destination 10.1/16
IP address: 10.1.1.1
R1 R2 R4
10.1/16
10/8 -> R3 10.1.1.1 & FF.0.0.0
10.1/16 -> R4 is equal to Match!
20/8 -> R5 10.0.0.0 & FF.0.0.0
…..
R2’s IP routing table
IP route lookup: Longest match
routing
R3
All 10/8 except
Packet: Destination 10.1/16
IP address: 10.1.1.1
R1 R2 R4
10.1/16
10/8 -> R3
10.1/16 -> R4 10.1.1.1 & FF.FF.0.0
20/8 -> R5 is equal to Match as well!
10.1.0.0 & FF.FF.0.0
…..
R2’s IP routing table
IP route lookup: Longest match
routing
R3
All 10/8 except
Packet: Destination 10.1/16
IP address: 10.1.1.1
R1 R2 R4
10.1/16
10/8 -> R3
10.1/16 -> R4
20/8 -> R5 10.1.1.1 & FF.0.0.0
….. is equal to
Does not match!
20.0.0.0 & FF.0.0.0
R2’s IP routing table
IP route lookup: Longest match
routing
R3
All 10/8 except
Packet: Destination 10.1/16
IP address: 10.1.1.1
R1 R2 R4
10.1/16
10/8 -> R3
10.1/16 -> R4 Longest match, 16 bit netmask
20/8 -> R5
…..
R2’s IP routing table
IP route lookup: Longest match
routing
• default is 0.0.0.0/0
• can handle it using the normal longest
match algorithm
• matches everything. Always the shortest
match.
Forwarding
• Uses the routing table built by routing
protocols
• Performs the lookup to find next-hop and
outgoing interface
• Switches the packet with new encapsulation
as per the outgoing interface
Building Blocks
• Autonomous System (AS)
• Types of Routes
• IGP/EGP
• DMZ
• Policy
• Egress
• Ingress
Autonomous System (AS)
AS 100
accept announc
AS 1 announce
Routing flow e
accept
AS2
ingress
packet
flow
For networks in AS1 and AS2 to communicate:
AS1 must announce routes to AS2
AS2 must accept routes from AS1
AS2 must announce routes to AS1
AS1 must accept routes from AS2
Egress Traffic
• Interior • Exterior
– Automatic Specifically configured
discovery peers
– Generally trust Connecting with outside
your IGP routers networks
– Routes go to all
IGP routers Set administrative
boundaries
Hierarchy of Routing Protocols
Other ISP’s
BGP4
BGP4 / OSPF
BGP4 BGP4/Static
Local NAP
FDDI
Customers
Demilitarized Zone (DMZ)
A C
DMZ
AS 100 Network AS 101
B D
AS 102
• Terminology
• Protocol Basics
• Messages
• General Operation
• Peering relationships (EBGP/IBGP)
• Originating routes
Terminology
• Neighbor
– Configured BGP peer
• NLRI/Prefix
– NLRI - network layer reachability information
– Reachability information for a IP address & mask
• Router-ID
– Highest IP address configured on the router
• Route/Path
– NLRI advertised by a neighbor
Protocol Basics
Peering
A C
AS 100 AS 101
B D
E
• Routing protocol used between ASes
–if you aren’t connected to multiple AS 102
ASes, you don’t need BGP :)
• Runs over TCP
• Path vector protocol
• Incremental update
BGP Basics ...
• Each AS originates a set of NLRI
• NLRI is exchanged between BGP peers
• Can have multiple paths for a given prefix
• Picks the best path and installs in the IP
forwarding table
• Policies applied (through attributes)
influences BGP path selection
BGP Peers
A C
AS 100 AS 101
220.220.8.0/24 220.220.16.0/24
B D
BGP speakers E
are called peers
AS 102
Peers in different AS’s
220.220.32.0/24
are called External Peers
eBGP TCP/IP
Peer Connection
Note: eBGP Peers normally should be directly connected.
BGP Peers
A C
AS 100 AS 101
220.220.8.0/24 220.220.16.0/24
B D
A C
AS 100 AS 101
220.220.8.0/24 220.220.16.0/24
B D
Information (NLRI)
BGP Update
Messages
Configuring BGP Peers
AS 100 eBGP TCP Connection AS 101
222.222.10.0/30
A .2 220.220.8.0/24 .1 B .2 .1 C .2 220.220.16.0/24 .1 D
B
A
iBGP TCP/IP
Peer Connection
C
B
A
215.10.7.3
iBGP TCP/IP
Peer Connection
C
B
A
215.10.7.3
iBGP TCP/IP
interface loopback 0
ip address
Peer 215.10.7.1 255.255.255.255
Connection
C
router bgp 100
network 220.220.1.0
neighbor 215.10.7.2 remote-as 100
neighbor 215.10.7.2 update-source loopback0
neighbor 215.10.7.3 remote-as 100
neighbor 215.10.7.3 update-source loopback0
Configuring BGP Peers
AS 100 215.10.7.2
215.10.7.1
B
A
215.10.7.3
B
A
215.10.7.3
iBGP TCP/IP
Peer Connection
C
interface loopback 0
ip address 215.10.7.3 255.255.255.255
Network Path
AS 500 180.10.0.0/16 300 200 100
170.10.0.0/16 300 200
150.10.0.0/16 300 400
Next Hop Attribute
AS 300
AS 200 192.10.1.0/30 140.10.0.0/16
150.10.0.0/16 C .1 .2 D
E
B
.2
30
.1
• Next hop to reach a network
A
• Usually a local network is the next
AS 100 hop in eBGP session
160.10.0.0/16
BGP Update
Messages
Next Hop Attribute
AS 300
AS 200 192.10.1.0/30 140.10.0.0/16
150.10.0.0/16 C .1 .2 D
E
B
.2 Network Next-Hop Path
30
.1
hop in eBGP session
A
AS 100
160.10.0.0/16
• Next Hop updated between
eBGP Peers
BGP Update
Messages
Next Hop Attribute
AS 300
AS 200 192.10.1.0/30 140.10.0.0/16
150.10.0.0/16 C .1 .2 D
E
B
.2
30
.1
AS 100
160.10.0.0/16
BGP Update
Messages
Next Hop Attribute (more)
• IGP should carry route to next hops
• Recursive route look-up
• Unlinks BGP from actual physical topology
• Allows IGP to make intelligent forwarding
decision
BGP Updates —
Withdrawn Routes
• Used to “withdraw” network reachability
• Each Withdrawn Route is composed of:
– Network Prefix
– Mask Length
BGP Updates —
Withdrawn Routes
AS 321
AS 123
.1 192.168.10.0/24 .2
BGP Update
Message
Withdraw Routes
192.192.25.0/24
x
Connectivity lost 192.192.25.0/24
D 10.1.2.0/24
D 160.10.1.0/24
D 160.10.3.0/24
R 153.22.0.0/16
S 192.1.1.0/24
BGP ‘aggregate-address’ commands
may be used to install summary routes
Route Table in the BGP RIB
BGP Routing Information Base
BGP RIB
Network Next-Hop Path
*> 160.10.0.0/16 0.0.0.0 i
* i 192.20.2.2 i
s> 160.10.1.0/24 192.20.2.2 i
s> 160.10.3.0/24 192.20.2.2 i
*> 192.1.1.0/24 192.20.2.2 ?
D 10.1.2.0/24
D 160.10.1.0/24 • Best paths installed in routing table if:
D 160.10.3.0/24
R 153.22.0.0/16 • prefix and prefix length are unique
S 192.1.1.0/24 • lowest “protocol distance”
B 173.21.0.0/16
Route Table
The ‘Bible’ & other resources
• Route-views.oregon-ix.net
• OPEN
– To negotiate and establish peering
• UPDATE
– To exchange routing information
• KEEPALIVE
– To maintain peering session
• NOTIFICATION
– To report errors (results in session reset)
Internal BGP Peering (IBGP)
AS 100
D
A
B
AS 100 AS 101
C
AS200
F
B AS21
C
D
AS101 AS675
E
Configuration commands
router bgp <AS-number>
neighbor <ip address> remote-as <as-number>
Show commands
show ip bgp summary
show ip bgp neighbors
Originating routes...
• Using network command or redistribution
network <ipaddress>
redistribute <protocol name>
• Requires the route to be present in the
routing table
Originating routes/Inserting
prefixes into BGP
• network command
• network 198.10.4.0 mask 255.255.254.0
• ip route 198.10.0.0 255.255.254.0 serial 0
• matching route must exist in the routing
table before network is announced!
• Origin: IGP
Update message
• Withdrawn routes
• Path Attributes
• Advertised routes
Stable IBGP peering
• Origin
• AS-path
• Next-hop
• Multi-Exit Discriminator (MED)
• Local preference
• BGP Community
• Others...
AS-PATH
• Updated by the sending router with its AS
number
• Contains the list of AS numbers the update
traverses.
• Used to detect routing loops
– Each time the router receives an update, if it
finds its AS number, it discards the update
AS-Path
AS 200 AS 100
170.10.0.0/16 180.10.0.0/16
• Sequence of ASes a route has
traversed 180.10.0.0/16
dropped
• Loop detection AS 300
AS 400
150.10.0.0/16
AS 200
150.10.0.0/16 AS 300
A B
150.10.0.0/16 150.10.1.1
160.10.0.0/16 150.10.1.1
AS 100
160.10.0.0/16
• Next hop router to reach a network
• Advertising router/Third party in EBGP
• Unmodified in IBGP
AS 200
192.68.1.0/24 150.1.1.3
C
150.1.1.1
peering
150.1.1.2 150.1.1.3
A B
192.68.1.0/24
AS 201
AS 100
160.10.0.0/16
AS 200 AS 300
D 500 800 E
A B
160.10.0.0/16 500
AS 400
> 160.10.0.0/16 800
C
Multi-Exit Discriminator
• Non-transitive
• Represented as a numeric value (0-0xffffffff)
• Used to convey the relative preference of entry points
• Comparable if paths are from the same AS
• Path with lower MED wins
• IGP metric can be conveyed as MED
Multi-Exit Discriminator (MED)
AS 200
C
preferred
192.68.1.0/24 2000 192.68.1.0/24 1000
A B
192.68.1.0/24
AS 201
Origin
• Transitive, Non-mandatory
• Represented as a numeric value (0-0xffffffff)
• Used to group destinations
• Each destination could be member of multiple
communities
• Flexibility to scope a set of prefixes within or
across AS for applying policy
Community...
C D
Community:201:110 Community:201:120
A B
192.68.1.0/24
Customer AS 201
Synchronization
1880
C
A
D OSPF
690 35/8
• C not running BGP (non-pervasive BGP) 209
• A won’t advertise 35/8 to D until the IGPBis in sync
• Turn synchronization off!
– Run pervasive BGP
• Largest weight
Local to the router
• Locally sourced
Via redistribute or network statement
BGP Route Selection ...
• Shortest AS-path length
number of ASes in the AS-path attribute
• Lowest origin
IGP < EGP < INCOMPLETE
• Lowest MED
between paths from same AS
• External over internal
closest exit from a router
• Closest next-hop
Lower IGP metric, closer exit from as AS
• Lowest router-id
• Lowest IP address of neighbor
BGP Route Selection...
AS 100
AS 200 AS 300
D
Increase AS path attribute
length by at least 1
A B
AS 400
AS 400’s Policy to reach AS100
AS 200 preferred path
AS 300 backup
Stub AS
• Typically no need for BGP
• Point default towards the ISP
• ISP advertises the stub network to
Internet
• Policy confined within ISP policy
Stub AS
B
AS 101
Provider
A
AS 100
Customer
Multi-homed AS
• Only border routers speak BGP
• IBGP only between border routers
• Exterior routes must be redistributed in
a controlled fashion into IGP or use
defaults
Multi-homed AS
AS 100 AS 300
provider
A D provider
B C
AS 200
customer
Service Provider Network
AS 100 A H AS 200
B C
AS 300
provider
D F
AS 400
Routing Policy
• Why?
– To steer traffic through preferred paths
– Inbound/Outbound prefix filtering
– To enforce Customer-ISP agreements
• How ?
– AS based route filtering - filter list
– Prefix based route filtering - distribute list
– BGP attribute modification - route maps
Distribute list - using IP access lists
Match Clauses
• AS-path Set Clauses
• Community
• AS-path prepend
• IP address
• Community
• Local-Preference
• MED
• Origin
• Weight
• Others...
Route-map Configuration Example
ISP3
neighbor <x.x.x.x> route-map AS100_IN in
!
Inbound route-map route-map AS100_IN permit 10
to set community set community 100:200
ethH ethH
H H
C31 C32
Load Sharing & Redundancy
using BGP
Load-sharing - single path
Router A:
interface loopback 0
ip address 20.200.0.1 255.255.255.255
!
router bgp 100
neighbor 10.200.0.2 remote-as 200
neighbor 10.200.0.2 update-source loopback0
neighbor 10.200.0.2 ebgp-multi-hop 2
!
ip route 10.200.0.2 255.255.255.255 <DMZ-link1, link2>
Loopback 0
A 10.200.0.2
AS100 AS200
Loopback 0
20.200.0.1
Load Sharing - Multiple paths
from the same AS
Router A:
router bgp 100
neighbor 10.200.0.1 remote-as 200
neighbor 10.300.0.1 remote-as 200
maximum-paths 2
A
100 200
Provider Provider
AS 200 AS 300
D E
A B
AS 400
C
Customer + default from all
providers
• Medium memory and CPU solution
• Granular routing for customer routes and
default for the rest
• Inbound traffic decided by providers’ policy
– Can influence using outbound policy
Customer routes from all
providers
Customer
AS 100
160.10.0.0/16
Provider Provider
AS 200 AS 300
D E
A B
C chooses shortest AS
path
AS 400
C
Full routes from all providers
• More memory/CPU
• Full granular routing
• Usually transit ASes take full routes
• Usually pervasive BGP
Full routes from all providers
AS 100 AS 500
AS 200 AS 300
D E
A B
C chooses shortest AS
path
AS 400
C
Best Practices
IGP in Backbone
• IGP connects your backbone together, not
your client’s routes
• IGP must converge quickly
• IGP should carry netmask information -
OSPF, IS-IS, EIGRP
Best Practices...
Connecting to a customer
• Static routes
– You control directly
– No route flaps
• Shared routing protocol or leaking
– You must filter your customers info
– Route flaps
• BGP for multi-homed customers
Best Practices...
Connecting to other ISPs
• Use BGP4
• Advertise only what you serve
• Take back as little as you can
• Take the shortest exit
Best Practices...
The Internet Exchange