Download Document 4461177

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
Document related concepts

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Computer network wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Airborne Networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Peering wikipedia , lookup

Routing wikipedia , lookup

Transcript 
Border Gateway Protocol (BGP4)
Border Gateway Protocol (BGP)
•
•
•
•
•
•
•
•
Routing/Forwarding basics
Building blocks
Exercises
BGP protocol basics
Exercises
BGP path attributes
Best path computation
Exercises
Border Gateway Protocol (BGP)...
•
•
•
•
•
Typical BGP topologies
Routing Policy
Exercises
Redundancy/Load sharing
Best current practices
Routing/Forwarding
Basics
IP route lookup:Longest match
routing
R3
Packet: Destination
IP address: 10.1.1.1
R1
R2
10/8 -> R3
10.1/16 -> R4
20/8 -> R5
30/8 -> R6
…..
R2’s IP routing table
All 10/8 except
10.1/16
R4
10.1/16
IP route lookup: Longest match
routing
R3
Packet: Destination
IP address: 10.1.1.1
R1
R4
R2
10/8 -> R3
10.1/16 -> R4
20/8 -> R5
All 10/8 except
10.1/16
10.1/16
10.1.1.1 & FF.0.0.0
is equal to
10.0.0.0 & FF.0.0.0
…..
R2’s IP routing table
Match!
IP route lookup: Longest match
routing
R3
Packet: Destination
IP address: 10.1.1.1
R1
R4
R2
10/8 -> R3
10.1/16 -> R4
20/8 -> R5
All 10/8 except
10.1/16
10.1/16
10.1.1.1 & FF.FF.0.0
is equal to
10.1.0.0 & FF.FF.0.0
…..
R2’s IP routing table
Match as well!
IP route lookup: Longest match
routing
R3
Packet: Destination
IP address: 10.1.1.1
R1
R4
R2
10/8 -> R3
10.1/16 -> R4
20/8 -> R5
…..
All 10/8 except
10.1/16
10.1/16
10.1.1.1 & FF.0.0.0
is equal to
Does not match!
20.0.0.0 & FF.0.0.0
R2’s IP routing table
IP route lookup: Longest match
routing
R3
Packet: Destination
IP address: 10.1.1.1
R1
R2
All 10/8 except
10.1/16
R4
10.1/16
10/8 -> R3
10.1/16 -> R4
20/8 -> R5
…..
R2’s IP routing table
Longest match, 16 bit netmask
IP route lookup: Longest match
routing
• default is 0.0.0.0/0
• can handle it using the normal longest
match algorithm
• matches everything. Always the shortest
match.
Forwarding
• Uses the routing table built by routing
protocols
• Performs the lookup to find next-hop and
outgoing interface
• Switches the packet with new encapsulation
as per the outgoing interface
Building Blocks
•
•
•
•
•
•
•
Autonomous System (AS)
Types of Routes
IGP/EGP
DMZ
Policy
Egress
Ingress
Autonomous System (AS)
AS 100
•
•
•
•
Collection of networks with same policy
Single routing protocol
Usually under single administrative control
IGP to provide internal connectivity
Autonomous System(AS)...
• Identified by ‘AS number’
• Public & Private AS numbers
• Examples:
– Service provider
– Multi-homed customers
– Anyone needing policy discrimination
Routing flow and packet flow
packet flow
egress
AS 1
accept
announce
announce
Routing flow
accept
AS2
ingress
packet
flow
For networks in AS1 and AS2 to communicate:
AS1 must announce routes to AS2
AS2 must accept routes from AS1
AS2 must announce routes to AS1
AS1 must accept routes from AS2
Egress Traffic
• Packets exiting the network
• Based on
– Route availability (what others send you)
– Route acceptance (what you accept from others)
– Policy and tuning (what you do with routes from
others)
– Peering and transit agreements
Ingress Traffic
• Packets entering your network
• Ingress traffic depends on:
– What information you send and to who
– Based on your addressing and ASes
– Based on others’ policy (what they accept from
you and what they do with it)
Types of Routes
• Static Routes
– configured manually
• Connected Routes
– created automatically when an interface is ‘up’
• Interior Routes
– Routes within an AS
• Exterior Routes
– Routes exterior to AS
What Is an IGP?
•
•
•
•
Interior Gateway Protocol
Within an Autonomous System
Carries information about internal prefixes
Examples—OSPF, ISIS, EIGRP…
What Is an EGP?
• Exterior Gateway Protocol
• Used to convey routing information between
ASes
• De-coupled from the IGP
• Current EGP is BGP4
Why Do We Need an EGP?
• Scaling to large network
– Hierarchy
– Limit scope of failure
• Define administrative boundary
• Policy
– Control reachability to prefixes
Interior vs. Exterior
Routing Protocols
• Interior
– Automatic
discovery
– Generally trust
your IGP routers
– Routes go to all
IGP routers
• Exterior
Specifically configured
peers
Connecting with outside
networks
Set administrative
boundaries
Hierarchy of Routing Protocols
Other ISP’s
BGP4
BGP4 / OSPF
BGP4
Local NAP
FDDI
BGP4/Static
Customers
Demilitarized Zone (DMZ)
A
C
DMZ
Network
AS 100
B
AS 101
D
E
AS 102
• Shared network between ASes
Addressing - ISP
• Need to reserve address space for its
network.
• Need to allocate address blocks to its
customers.
• Need to take “growth” into consideration
• Upstream link address is allocated by
upstream provider
BGP Basics
•
•
•
•
•
•
Terminology
Protocol Basics
Messages
General Operation
Peering relationships (EBGP/IBGP)
Originating routes
Terminology
• Neighbor
– Configured BGP peer
• NLRI/Prefix
– NLRI - network layer reachability information
– Reachability information for a IP address &
mask
• Router-ID
– Highest IP address configured on the router
• Route/Path
– NLRI advertised by a neighbor
Protocol Basics
Peering
A
C
AS 100
AS 101
B
• Routing protocol used
between ASes
–if you aren’t connected
to multiple ASes, you
don’t need BGP :)
• Runs over TCP
• Path vector protocol
D
E
AS 102
BGP Basics ...
•
•
•
•
Each AS originates a set of NLRI
NLRI is exchanged between BGP peers
Can have multiple paths for a given prefix
Picks the best path and installs in the IP
forwarding table
• Policies applied (through attributes)
influences BGP path selection
BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
B
BGP speakers
are called peers
Peers in different AS’s
are called External Peers
D
E
AS 102
220.220.32.0/24
eBGP TCP/IP
Peer Connection
Note: eBGP Peers normally should be directly connected.
BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
B
BGP speakers are
called peers
Peers in the same AS
are called Internal Peers
iBGP TCP/IP
Peer Connection
D
E
AS 102
220.220.32.0/24
Note: iBGP Peers don’t have to be directly connected.
BGP Peers
A
C
AS 101
AS 100
220.220.16.0/24
220.220.8.0/24
B
BGP Peers exchange
Update messages
containing Network
Layer Reachability
Information (NLRI)
BGP Update
Messages
D
E
AS 102
220.220.32.0/24
Configuring BGP Peers
AS 100
AS 101
eBGP TCP Connection
222.222.10.0/30
A
.2
220.220.8.0/24
.1
B
.2
.1
C
.2
220.220.16.0/24
.1
D
interface Serial 0
ip address 222.222.10.2 255.255.255.252
interface Serial 0
ip address 222.222.10.1 255.255.255.252
router bgp 100
network 220.220.8.0 mask 255.255.255.0
neighbor 222.222.10.1 remote-as 101
router bgp 101
network 220.220.16.0 mask 255.255.255.0
neighbor 222.222.10.2 remote-as 100
• BGP Peering sessions are established using the BGP
“neighbor” configuration command
– External (eBGP) is configured when AS numbers are different
Configuring BGP Peers
AS 101
AS 100
iBGP TCP Connection
222.222.10.0/30
A
.2
220.220.8.0/24
.1
B
.2
.1
C
.2
220.220.16.0/24
.1
D
interface Serial 1
ip address 220.220.16.2 255.255.255.252
interface Serial 1
ip address 222.220.16.1 255.255.255.252
router bgp 101
network 220.220.16.0 mask 255.255.255.0
neighbor 220.220.16.1 remote-as 101
router bgp 101
network 220.220.16.0 mask 255.255.255.0
neighbor 220.220.16.2 remote-as 101
• BGP Peering sessions are established using the BGP
“neighbor” configuration command
– External (eBGP) is configured when AS numbers are different
– Internal (iBGP) is configured when AS numbers are same
Configuring BGP Peers
AS 100
B
A
iBGP TCP/IP
Peer Connection
C
• Each iBGP speaker must peer with every other
iBGP speaker in the AS
Configuring BGP Peers
215.10.7.1
AS 100
B
A
215.10.7.3
iBGP TCP/IP
Peer Connection
215.10.7.2
C
• Loopback interface are normally used as
peer connection end-points
Configuring BGP Peers
215.10.7.1
AS 100
B
A
215.10.7.3
iBGP TCP/IP
interface
loopback 0
ip
address
215.10.7.1 255.255.255.255
Peer
Connection
router bgp 100
network 220.220.1.0
neighbor 215.10.7.2
neighbor 215.10.7.2
neighbor 215.10.7.3
neighbor 215.10.7.3
remote-as 100
update-source loopback0
remote-as 100
update-source loopback0
215.10.7.2
C
Configuring BGP Peers
215.10.7.1
AS 100
215.10.7.2
B
A
215.10.7.3
iBGP TCP/IP
Peer Connection
interface loopback 0
ip address 215.10.7.2 255.255.255.255
C
router bgp 100
network 220.220.5.0
neighbor 215.10.7.1
neighbor 215.10.7.1
neighbor 215.10.7.3
neighbor 215.10.7.3
remote-as 100
update-source loopback0
remote-as 100
update-source loopback0
Configuring BGP Peers
215.10.7.1
AS 100
B
A
215.10.7.3
iBGP TCP/IP
Peer Connection
C
interface loopback 0
ip address 215.10.7.3 255.255.255.255
router bgp 100
network 220.220.1.0
neighbor 215.10.7.1
neighbor 215.10.7.1
neighbor 215.10.7.2
neighbor 215.10.7.2
remote-as 100
update-source loopback0
remote-as 100
update-source loopback0
215.10.7.2
BGP Updates — NLRI
• Network Layer Reachability Information
• Used to advertise feasible routes
• Composed of:
– Network Prefix
– Mask Length
BGP Updates — Attributes
• Used to convey information associated with
NLRI
–
–
–
–
–
–
–
AS path
Next hop
Local preference
Multi-Exit Discriminator (MED)
Community
Origin
Aggregator
AS-Path Attribute
• Sequence of ASes a route
has traversed
• Loop detection
• Apply policy
AS 300
AS 200
AS 100
170.10.0.0/16
180.10.0.0/16
Network
Path
180.10.0.0/16 300 200 100
170.10.0.0/16 300 200
AS 400
150.10.0.0/16
AS 500
Network
180.10.0.0/16
170.10.0.0/16
150.10.0.0/16
Path
300 200 100
300 200
300 400
Next Hop Attribute
AS 300
AS 200
150.10.0.0/16
140.10.0.0/16
192.10.1.0/30
C
.1
.2
D
E
B
.2
.1
A
AS 100
160.10.0.0/16
BGP Update
Messages
Network
Next-Hop
160.10.0.0/16 192.20.2.1
Path
100
• Next hop to reach a network
• Usually a local network is the next
hop in eBGP session
Next Hop Attribute
AS 300
AS 200
150.10.0.0/16
140.10.0.0/16
192.10.1.0/30
C
.1
.2
D
E
B
.2
.1
A
Network
Next-Hop
150.10.0.0/16 192.10.1.1
160.10.0.0/16 192.10.1.1
Path
200
200 100
• Next hop to reach a network
• Usually a local network is the next
hop in eBGP session
AS 100
160.10.0.0/16
BGP Update
Messages
• Next Hop updated between
eBGP Peers
Next Hop Attribute
AS 300
AS 200
150.10.0.0/16
140.10.0.0/16
192.10.1.0/30
C
.1
.2
D
E
B
.2
.1
A
AS 100
160.10.0.0/16
BGP Update
Messages
Network
Next-Hop
150.10.0.0/16 192.10.1.1
160.10.0.0/16 192.10.1.1
• Next hop not changed
between iBGP peers
Path
200
200 100
Next Hop Attribute (more)
•
•
•
•
IGP should carry route to next hops
Recursive route look-up
Unlinks BGP from actual physical topology
Allows IGP to make intelligent forwarding
decision
BGP Updates —
Withdrawn Routes
• Used to “withdraw” network reachability
• Each Withdrawn Route is composed of:
– Network Prefix
– Mask Length
BGP Updates —
Withdrawn Routes
AS 321
AS 123
.1
192.168.10.0/24
.2
BGP Update
Message
Withdraw Routes
192.192.25.0/24
x
Connectivity lost
Network
Next-Hop
Path
150.10.0.0/16
192.168.10.2 321 200
192.192.25.0/24 192.168.10.2 321
192.192.25.0/24
BGP Routing Information Base
BGP RIB
Network
*>i160.10.1.0/24
*>i160.10.3.0/24
Next-Hop
192.20.2.2
192.20.2.2
Path
i
i
router bgp 100
network 160.10.0.0 255.255.0.0
no auto-summary
D
D
D
R
S
10.1.2.0/24
160.10.1.0/24
160.10.3.0/24
153.22.0.0/16
192.1.1.0/24
Route Table
BGP ‘network’ commands are normally
used to populate the BGP RIB with
routes from the Route Table
BGP Routing Information Base
BGP RIB
Network
*> 160.10.0.0/16
* i
s> 160.10.1.0/24
s> 160.10.3.0/24
Next-Hop
0.0.0.0
192.20.2.2
192.20.2.2
192.20.2.2
Path
i
i
i
i
router bgp 100
network 160.10.0.0 255.255.0.0
aggregate-address 160.10.0.0 255.255.0.0 summary-only
no auto-summary
D
D
D
R
S
10.1.2.0/24
160.10.1.0/24
160.10.3.0/24
153.22.0.0/16
192.1.1.0/24
Route Table
BGP ‘aggregate-address’ commands
may be used to install summary routes
in the BGP RIB
BGP Routing Information Base
BGP RIB
Network
*> 160.10.0.0/16
* i
s> 160.10.1.0/24
s> 160.10.3.0/24
*> 192.1.1.0/24
Next-Hop
0.0.0.0
192.20.2.2
192.20.2.2
192.20.2.2
192.20.2.2
Path
i
i
i
i
?
router bgp 100
network 160.10.0.0 255.255.0.0
redistribute static route-map foo
no auto-summary
D
D
D
R
S
10.1.2.0/24
160.10.1.0/24
160.10.3.0/24
153.22.0.0/16
192.1.1.0/24
Route Table
access-list 1 permit 192.1.0.0 0.0.255.255
route-map foo permit 10
match ip address 1
BGP ‘redistribute’ commands can also
be used to populate the BGP RIB with
routes from the Route Table
BGP Routing Information Base
IN Process
Update
Update
Network
Next-Hop
173.21.0.0/16 192.20.2.1
OUT Process
BGP RIB
Network
*>i160.10.1.0/24
*>i160.10.3.0/24
* > 173.21.0.0/16
Next-Hop
192.20.2.2
192.20.2.2
192.20.2.1
Path
i
i
100
Path
100
• BGP “in” process
• receives path information from peers
• results of BGP path selection placed in the BGP table
• “best path” flagged (denoted by “>”)
BGP Routing Information Base
IN Process
OUT Process
BGP RIB
Network
*>i160.10.1.0/24
*>i160.10.3.0/24
*> 173.21.0.0/16
Next-Hop
192.20.2.2
192.20.2.2
192.20.2.1
Path
i
i
100
Update
Network
160.10.1.0/24
160.10.3.0/24
173.21.0.0/16
Next-Hop
192.20.2.2
192.20.2.2
192.20.2.1
192.20.2.2
Update
Path
200
200
200 100
• BGP “out” process
• builds update using info from RIB
• may modify update based on config
• Sends update to peers
Next-Hop changed
BGP Routing Information Base
BGP RIB
Network
*>i160.10.1.0/24
*>i160.10.3.0/24
*> 173.21.0.0/16
D
D
D
R
S
B
10.1.2.0/24
160.10.1.0/24
160.10.3.0/24
153.22.0.0/16
192.1.1.0/24
173.21.0.0/16
Route Table
Next-Hop
192.20.2.2
192.20.2.2
192.20.2.1
Path
i
i
100
• Best paths installed in routing table if:
• prefix and prefix length are unique
• lowest “protocol distance”
The ‘Bible’ & other resources
• Route-views.oregon-ix.net
• Internet Routing Architectures
– Bassam Halabi
– pg. 168 BGP Decision Process Summary
Types of BGP Messages
• OPEN
– To negotiate and establish peering
• UPDATE
– To exchange routing information
• KEEPALIVE
– To maintain peering session
• NOTIFICATION
– To report errors (results in session reset)
Internal BGP Peering (IBGP)
AS 100
D
A
B
E
• BGP peer within the same AS
• Not required to be directly connected
• Maintain full IBGP mesh or use Route Reflection
External BGP Peering (EBGP)
A
AS 100
C
AS 101
B
• Between BGP speakers in different AS
• Directly connected or peering address is reachable
An Example…
35.0.0.0/8
AS3561
A
AS200
F
B
AS21
C
D
AS101
E
AS675
Learns about 35.0.0.0/8 from F & D
Basic BGP commands
Configuration commands
router bgp <AS-number>
neighbor <ip address> remote-as <as-number>
Show commands
show ip bgp summary
show ip bgp neighbors
Originating routes...
• Using network command or redistribution
network <ipaddress>
redistribute <protocol name>
• Requires the route to be present in the
routing table
•
•
•
•
Originating routes/Inserting
prefixes into BGP
network command
network 198.10.4.0 mask 255.255.254.0
ip route 198.10.0.0 255.255.254.0 serial 0
matching route must exist in the routing
table before network is announced!
• Origin: IGP
Update message
• Withdrawn routes
• Path Attributes
• Advertised routes
Stable IBGP peering
• Unlinks IBGP peering from physical
topology.
• Carry loopback address in IGP
router ospf <ID>
passive-interface loopback0
• Unlink peering from physical topology
router bgp <AS1>
neighbor <x.x.x.x> remote-as <AS1>
neighbor <x.x.x.x> update-source loopback0
BGP4 continued...
BGP Path Attributes: Why ?
•
•
•
•
•
Encoded as Type, Length & Value (TLV)
Transitive/Non-Transitive attributes
Some are mandatory
Used in path selection
To apply policy for steering traffic
BGP Path Attributes...
•
•
•
•
•
•
•
Origin
AS-path
Next-hop
Multi-Exit Discriminator (MED)
Local preference
BGP Community
Others...
AS-PATH
• Updated by the sending router with its AS
number
• Contains the list of AS numbers the update
traverses.
• Used to detect routing loops
– Each time the router receives an update, if it
finds its AS number, it discards the update
AS-Path
AS 200
AS 100
170.10.0.0/16
180.10.0.0/16
• Sequence of ASes a route has
traversed
AS 300
• Loop detection
180.10.0.0/16
dropped
AS 400
150.10.0.0/16
AS 500
180.10.0.0/16
170.10.0.0/16
150.10.0.0/16
300 200 100
300 200
300 400
Next-Hop
150.10.1.1
150.10.1.2
AS 200
150.10.0.0/16
A
B
AS 300
150.10.0.0/16 150.10.1.1
160.10.0.0/16 150.10.1.1
AS 100
160.10.0.0/16
• Next hop router to reach a network
• Advertising router/Third party in EBGP
• Unmodified in IBGP
0799_04F7_c2
Cisco Systems Confidential
20
Third Party Next Hop
AS 200
192.68.1.0/24
C
150.1.1.1
peering
150.1.1.3
150.1.1.2
A
B
192.68.1.0/24
AS 201
• More efficient, but
bad idea!
150.1.1.3
Next Hop...
•
•
•
•
IGP should carry route to next hops
Recursive route look-up
Unlinks BGP from actual physical topology
Allows IGP to make intelligent forwarding
decision
Local Preference
• Not for EBGP, mandatory for IBGP
• Default value is 100 on Ciscos
• Local to an AS
• Used to prefer one exit over another
• Path with highest local preference wins
Local Preference
AS 100
160.10.0.0/16
AS 200
AS 300
D
500
800
A
160.10.0.0/16
> 160.10.0.0/16
500
800
B
AS 400
C
E
Multi-Exit Discriminator
• Non-transitive
• Represented as a numeric value (0-0xffffffff)
• Used to convey the relative preference of entry points
• Comparable if paths are from the same AS
• Path with lower MED wins
• IGP metric can be conveyed as MED
Multi-Exit Discriminator (MED)
AS 200
C
preferred
192.68.1.0/24
2000
192.68.1.0/24
A
B
192.68.1.0/24
AS 201
1000
Origin
• Conveys the origin of the prefix
• Three values:
– IGP - Generated using “network” statement
• ex: network 35.0.0.0
– EGP - Redistributed from EGP
– Incomplete - Redistribute IGP
• ex: redistribute ospf
• IGP < EGP < INCOMPLETE
Communities
•
•
•
•
Transitive, Non-mandatory
Represented as a numeric value (0-0xffffffff)
Used to group destinations
Each destination could be member of multiple
communities
• Flexibility to scope a set of prefixes within or
across AS for applying policy
Community...
Service Provider AS 200
C
Community
201:110
201:120
D
Community:201:110
Community:201:120
A
B
192.68.1.0/24
Customer AS 201
Local Preference
110
120
Synchronization
1880
C
A
D
690
OSPF
35/8
• C not running BGP (non-pervasive BGP)
B is in sync
• A won’t advertise 35/8 to D until the IGP
• Turn synchronization off!
– Run pervasive BGP
router bgp 1880
no sync
209
BGP Route Selection (bestpath)
Only one path as the bestpath !
• Route has to be synchronized
Prefix in forwarding table
• Next-hop has to be accessible
Next-hop in forwarding table
• Largest weight
Local to the router
• Largest local preference
Spread within AS
• Locally sourced
Via redistribute or network statement
BGP Route Selection ...
• Shortest AS-path length
number of ASes in the AS-path attribute
• Lowest origin
IGP < EGP < INCOMPLETE
• Lowest MED
between paths from same AS
• External over internal
closest exit from a router
• Closest next-hop
Lower IGP metric, closer exit from as AS
• Lowest router-id
• Lowest IP address of neighbor
BGP Route Selection...
AS 100
AS 200
AS 300
D
Increase AS path attribute
length by at least 1
A
B
AS 400
AS 400’s Policy to reach AS100
AS 200 preferred path
AS 300 backup
Stub AS
• Typically no need for BGP
• Point default towards the ISP
• ISP advertises the stub network to
Internet
• Policy confined within ISP policy
Stub AS
B
A
AS 100
Customer
AS 101
Provider
Multi-homed AS
• Only border routers speak BGP
• IBGP only between border routers
• Exterior routes must be redistributed in
a controlled fashion into IGP or use
defaults
Multi-homed AS
AS 100
provider
AS 300
D
A
C
B
AS 200
customer
provider
Service Provider Network
• IBGP used to carry exterior routes
• IGP keeps track of topology
• Full IBGP mesh is required
Common Service Provider
Network
AS 100
A
H
B
C
AS 300
D
provider
E
G
AS 400
F
AS 200
Routing Policy
• Why?
– To steer traffic through preferred paths
– Inbound/Outbound prefix filtering
– To enforce Customer-ISP agreements
• How ?
– AS based route filtering - filter list
– Prefix based route filtering - distribute list
– BGP attribute modification - route maps
Distribute list - using IP access lists
access-list 1 deny 10.0.0.0
access-list 1 permit any
access-list 2 permit 20.0.0.0
… more access-lists as prefixes are added ...
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 distribute-list 1 in
neighbor 171.69.233.33 distribute-list 2 out
Filter list rules
Regular Expressions
• RE is a pattern to match against an input
string
• Used to match against AS-path attribute
• ex: ^3561.*100.*1$
• Flexible enough to generate complex filter
list rules
Filter list - using as-path access list
ip as-path access-list 1 permit 3561
ip as-path access-list 2 deny 35
ip as-path access-list 2 permit .*
router bgp 100
neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 filter-list 1 in
neighbor 171.69.233.33 filter-list 2 out
Route Maps
router bgp 300
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 route-map SETCOMMUNITY out
!
route-map SETCOMMUNITY permit 10
match ip address 1
match community 1
set community 300:100
!
access-list 1 permit 35.0.0.0
ip community-list 1 permit 100:200
Route-map match & set clauses
Match Clauses
• AS-path
• Community
• IP address
Set Clauses
•
•
•
•
•
•
•
AS-path prepend
Community
Local-Preference
MED
Origin
Weight
Others...
Route-map Configuration Example
ISP2
C21
H
ethH
C22
H
eth H
ISP3
Inbound route-map
to set community
H
C31
eth
H
C32
H
eth
H
neighbor <y.y.y.y> route-map AS200_IN in
!
route-map AS200_IN permit 10
match community 1
set local-preference 200
!
ip community-list 1 permit 100:200
neighbor <x.x.x.x> route-map AS100_IN in
!
route-map AS100_IN permit 10
set community 100:200
Load Sharing & Redundancy
using BGP
Load-sharing - single path
Router A:
interface loopback 0
ip address 20.200.0.1 255.255.255.255
!
router bgp 100
neighbor 10.200.0.2 remote-as 200
neighbor 10.200.0.2 update-source loopback0
neighbor 10.200.0.2 ebgp-multi-hop 2
!
ip route 10.200.0.2 255.255.255.255 <DMZ-link1, link2>
A
AS100
Loopback 0
10.200.0.2
AS200
Loopback 0
20.200.0.1
Load Sharing - Multiple paths
from the same AS
Router A:
router bgp 100
neighbor 10.200.0.1 remote-as 200
neighbor 10.300.0.1 remote-as 200
maximum-paths 2
A
100
Note:A still only advertises one “best” path to ibgp peers
200
Redundancy - Multi-homing
• Reliable connection to Internet
• 3 common cases of multi-homing:
- default from all providers
- customer + default routes from all
- full routes from all
Default from all providers
• Low memory/CPU solution
• Provider sends BGP default
– provider is selected based on IGP metric
• Inbound traffic decided by providers’ policy
– Can influence using outbound policy, example:
AS-path prepend
Default from all providers
Provider
Provider
AS 200
AS 300
D
E
A
B
AS 400
C
Customer + default from all
providers
• Medium memory and CPU solution
• Granular routing for customer routes and
default for the rest
• Inbound traffic decided by providers’ policy
– Can influence using outbound policy
Customer routes from all
providers
Customer
AS 100
160.10.0.0/16
Provider
Provider
AS 200
AS 300
D
C chooses shortest AS
path
E
A
B
AS 400
C
Full routes from all providers
• More memory/CPU
• Full granular routing
• Usually transit ASes take full routes
• Usually pervasive BGP
Full routes from all providers
AS 100
AS 500
AS 200
AS 300
D
C chooses shortest AS
path
E
A
B
AS 400
C
Best Practices
IGP in Backbone
• IGP connects your backbone together, not
your client’s routes
• IGP must converge quickly
• IGP should carry netmask information OSPF, IS-IS, EIGRP
Best Practices...
Connecting to a customer
• Static routes
– You control directly
– No route flaps
• Shared routing protocol or leaking
– You must filter your customers info
– Route flaps
• BGP for multi-homed customers
Best Practices...
Connecting to other ISPs
•
•
•
•
Use BGP4
Advertise only what you serve
Take back as little as you can
Take the shortest exit
Best Practices...
The Internet Exchange
• Long distance connectivity is expensive
• Connect to several providers at a single
point
Q &A
Related documents
Internet Traffic Engineering
Internet Traffic Engineering
Solutions
Solutions
Document
Document
25routing
25routing
Slides - Duke Computer Science
Slides - Duke Computer Science
HW2
HW2
A Survey of BGP Security: Issues and Solutions
A Survey of BGP Security: Issues and Solutions
Poster_ppt_version - Simon Fraser University
Poster_ppt_version - Simon Fraser University
BGP messages - ece.virginia.edu
BGP messages - ece.virginia.edu
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
pptx
pptx
Measuring BGP
Measuring BGP
Powerpoint - Workshops
Powerpoint - Workshops
Powerpoint
Powerpoint