* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Document 4461177
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Computer network wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Border Gateway Protocol (BGP4) Border Gateway Protocol (BGP) • • • • • • • • Routing/Forwarding basics Building blocks Exercises BGP protocol basics Exercises BGP path attributes Best path computation Exercises Border Gateway Protocol (BGP)... • • • • • Typical BGP topologies Routing Policy Exercises Redundancy/Load sharing Best current practices Routing/Forwarding Basics IP route lookup:Longest match routing R3 Packet: Destination IP address: 10.1.1.1 R1 R2 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 30/8 -> R6 ….. R2’s IP routing table All 10/8 except 10.1/16 R4 10.1/16 IP route lookup: Longest match routing R3 Packet: Destination IP address: 10.1.1.1 R1 R4 R2 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 All 10/8 except 10.1/16 10.1/16 10.1.1.1 & FF.0.0.0 is equal to 10.0.0.0 & FF.0.0.0 ….. R2’s IP routing table Match! IP route lookup: Longest match routing R3 Packet: Destination IP address: 10.1.1.1 R1 R4 R2 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 All 10/8 except 10.1/16 10.1/16 10.1.1.1 & FF.FF.0.0 is equal to 10.1.0.0 & FF.FF.0.0 ….. R2’s IP routing table Match as well! IP route lookup: Longest match routing R3 Packet: Destination IP address: 10.1.1.1 R1 R4 R2 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. All 10/8 except 10.1/16 10.1/16 10.1.1.1 & FF.0.0.0 is equal to Does not match! 20.0.0.0 & FF.0.0.0 R2’s IP routing table IP route lookup: Longest match routing R3 Packet: Destination IP address: 10.1.1.1 R1 R2 All 10/8 except 10.1/16 R4 10.1/16 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. R2’s IP routing table Longest match, 16 bit netmask IP route lookup: Longest match routing • default is 0.0.0.0/0 • can handle it using the normal longest match algorithm • matches everything. Always the shortest match. Forwarding • Uses the routing table built by routing protocols • Performs the lookup to find next-hop and outgoing interface • Switches the packet with new encapsulation as per the outgoing interface Building Blocks • • • • • • • Autonomous System (AS) Types of Routes IGP/EGP DMZ Policy Egress Ingress Autonomous System (AS) AS 100 • • • • Collection of networks with same policy Single routing protocol Usually under single administrative control IGP to provide internal connectivity Autonomous System(AS)... • Identified by ‘AS number’ • Public & Private AS numbers • Examples: – Service provider – Multi-homed customers – Anyone needing policy discrimination Routing flow and packet flow packet flow egress AS 1 accept announce announce Routing flow accept AS2 ingress packet flow For networks in AS1 and AS2 to communicate: AS1 must announce routes to AS2 AS2 must accept routes from AS1 AS2 must announce routes to AS1 AS1 must accept routes from AS2 Egress Traffic • Packets exiting the network • Based on – Route availability (what others send you) – Route acceptance (what you accept from others) – Policy and tuning (what you do with routes from others) – Peering and transit agreements Ingress Traffic • Packets entering your network • Ingress traffic depends on: – What information you send and to who – Based on your addressing and ASes – Based on others’ policy (what they accept from you and what they do with it) Types of Routes • Static Routes – configured manually • Connected Routes – created automatically when an interface is ‘up’ • Interior Routes – Routes within an AS • Exterior Routes – Routes exterior to AS What Is an IGP? • • • • Interior Gateway Protocol Within an Autonomous System Carries information about internal prefixes Examples—OSPF, ISIS, EIGRP… What Is an EGP? • Exterior Gateway Protocol • Used to convey routing information between ASes • De-coupled from the IGP • Current EGP is BGP4 Why Do We Need an EGP? • Scaling to large network – Hierarchy – Limit scope of failure • Define administrative boundary • Policy – Control reachability to prefixes Interior vs. Exterior Routing Protocols • Interior – Automatic discovery – Generally trust your IGP routers – Routes go to all IGP routers • Exterior Specifically configured peers Connecting with outside networks Set administrative boundaries Hierarchy of Routing Protocols Other ISP’s BGP4 BGP4 / OSPF BGP4 Local NAP FDDI BGP4/Static Customers Demilitarized Zone (DMZ) A C DMZ Network AS 100 B AS 101 D E AS 102 • Shared network between ASes Addressing - ISP • Need to reserve address space for its network. • Need to allocate address blocks to its customers. • Need to take “growth” into consideration • Upstream link address is allocated by upstream provider BGP Basics • • • • • • Terminology Protocol Basics Messages General Operation Peering relationships (EBGP/IBGP) Originating routes Terminology • Neighbor – Configured BGP peer • NLRI/Prefix – NLRI - network layer reachability information – Reachability information for a IP address & mask • Router-ID – Highest IP address configured on the router • Route/Path – NLRI advertised by a neighbor Protocol Basics Peering A C AS 100 AS 101 B • Routing protocol used between ASes –if you aren’t connected to multiple ASes, you don’t need BGP :) • Runs over TCP • Path vector protocol D E AS 102 BGP Basics ... • • • • Each AS originates a set of NLRI NLRI is exchanged between BGP peers Can have multiple paths for a given prefix Picks the best path and installs in the IP forwarding table • Policies applied (through attributes) influences BGP path selection BGP Peers A C AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 B BGP speakers are called peers Peers in different AS’s are called External Peers D E AS 102 220.220.32.0/24 eBGP TCP/IP Peer Connection Note: eBGP Peers normally should be directly connected. BGP Peers A C AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 B BGP speakers are called peers Peers in the same AS are called Internal Peers iBGP TCP/IP Peer Connection D E AS 102 220.220.32.0/24 Note: iBGP Peers don’t have to be directly connected. BGP Peers A C AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 B BGP Peers exchange Update messages containing Network Layer Reachability Information (NLRI) BGP Update Messages D E AS 102 220.220.32.0/24 Configuring BGP Peers AS 100 AS 101 eBGP TCP Connection 222.222.10.0/30 A .2 220.220.8.0/24 .1 B .2 .1 C .2 220.220.16.0/24 .1 D interface Serial 0 ip address 222.222.10.2 255.255.255.252 interface Serial 0 ip address 222.222.10.1 255.255.255.252 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 222.222.10.2 remote-as 100 • BGP Peering sessions are established using the BGP “neighbor” configuration command – External (eBGP) is configured when AS numbers are different Configuring BGP Peers AS 101 AS 100 iBGP TCP Connection 222.222.10.0/30 A .2 220.220.8.0/24 .1 B .2 .1 C .2 220.220.16.0/24 .1 D interface Serial 1 ip address 220.220.16.2 255.255.255.252 interface Serial 1 ip address 222.220.16.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.1 remote-as 101 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.2 remote-as 101 • BGP Peering sessions are established using the BGP “neighbor” configuration command – External (eBGP) is configured when AS numbers are different – Internal (iBGP) is configured when AS numbers are same Configuring BGP Peers AS 100 B A iBGP TCP/IP Peer Connection C • Each iBGP speaker must peer with every other iBGP speaker in the AS Configuring BGP Peers 215.10.7.1 AS 100 B A 215.10.7.3 iBGP TCP/IP Peer Connection 215.10.7.2 C • Loopback interface are normally used as peer connection end-points Configuring BGP Peers 215.10.7.1 AS 100 B A 215.10.7.3 iBGP TCP/IP interface loopback 0 ip address 215.10.7.1 255.255.255.255 Peer Connection router bgp 100 network 220.220.1.0 neighbor 215.10.7.2 neighbor 215.10.7.2 neighbor 215.10.7.3 neighbor 215.10.7.3 remote-as 100 update-source loopback0 remote-as 100 update-source loopback0 215.10.7.2 C Configuring BGP Peers 215.10.7.1 AS 100 215.10.7.2 B A 215.10.7.3 iBGP TCP/IP Peer Connection interface loopback 0 ip address 215.10.7.2 255.255.255.255 C router bgp 100 network 220.220.5.0 neighbor 215.10.7.1 neighbor 215.10.7.1 neighbor 215.10.7.3 neighbor 215.10.7.3 remote-as 100 update-source loopback0 remote-as 100 update-source loopback0 Configuring BGP Peers 215.10.7.1 AS 100 B A 215.10.7.3 iBGP TCP/IP Peer Connection C interface loopback 0 ip address 215.10.7.3 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.1 neighbor 215.10.7.1 neighbor 215.10.7.2 neighbor 215.10.7.2 remote-as 100 update-source loopback0 remote-as 100 update-source loopback0 215.10.7.2 BGP Updates — NLRI • Network Layer Reachability Information • Used to advertise feasible routes • Composed of: – Network Prefix – Mask Length BGP Updates — Attributes • Used to convey information associated with NLRI – – – – – – – AS path Next hop Local preference Multi-Exit Discriminator (MED) Community Origin Aggregator AS-Path Attribute • Sequence of ASes a route has traversed • Loop detection • Apply policy AS 300 AS 200 AS 100 170.10.0.0/16 180.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 AS 400 150.10.0.0/16 AS 500 Network 180.10.0.0/16 170.10.0.0/16 150.10.0.0/16 Path 300 200 100 300 200 300 400 Next Hop Attribute AS 300 AS 200 150.10.0.0/16 140.10.0.0/16 192.10.1.0/30 C .1 .2 D E B .2 .1 A AS 100 160.10.0.0/16 BGP Update Messages Network Next-Hop 160.10.0.0/16 192.20.2.1 Path 100 • Next hop to reach a network • Usually a local network is the next hop in eBGP session Next Hop Attribute AS 300 AS 200 150.10.0.0/16 140.10.0.0/16 192.10.1.0/30 C .1 .2 D E B .2 .1 A Network Next-Hop 150.10.0.0/16 192.10.1.1 160.10.0.0/16 192.10.1.1 Path 200 200 100 • Next hop to reach a network • Usually a local network is the next hop in eBGP session AS 100 160.10.0.0/16 BGP Update Messages • Next Hop updated between eBGP Peers Next Hop Attribute AS 300 AS 200 150.10.0.0/16 140.10.0.0/16 192.10.1.0/30 C .1 .2 D E B .2 .1 A AS 100 160.10.0.0/16 BGP Update Messages Network Next-Hop 150.10.0.0/16 192.10.1.1 160.10.0.0/16 192.10.1.1 • Next hop not changed between iBGP peers Path 200 200 100 Next Hop Attribute (more) • • • • IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physical topology Allows IGP to make intelligent forwarding decision BGP Updates — Withdrawn Routes • Used to “withdraw” network reachability • Each Withdrawn Route is composed of: – Network Prefix – Mask Length BGP Updates — Withdrawn Routes AS 321 AS 123 .1 192.168.10.0/24 .2 BGP Update Message Withdraw Routes 192.192.25.0/24 x Connectivity lost Network Next-Hop Path 150.10.0.0/16 192.168.10.2 321 200 192.192.25.0/24 192.168.10.2 321 192.192.25.0/24 BGP Routing Information Base BGP RIB Network *>i160.10.1.0/24 *>i160.10.3.0/24 Next-Hop 192.20.2.2 192.20.2.2 Path i i router bgp 100 network 160.10.0.0 255.255.0.0 no auto-summary D D D R S 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24 Route Table BGP ‘network’ commands are normally used to populate the BGP RIB with routes from the Route Table BGP Routing Information Base BGP RIB Network *> 160.10.0.0/16 * i s> 160.10.1.0/24 s> 160.10.3.0/24 Next-Hop 0.0.0.0 192.20.2.2 192.20.2.2 192.20.2.2 Path i i i i router bgp 100 network 160.10.0.0 255.255.0.0 aggregate-address 160.10.0.0 255.255.0.0 summary-only no auto-summary D D D R S 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24 Route Table BGP ‘aggregate-address’ commands may be used to install summary routes in the BGP RIB BGP Routing Information Base BGP RIB Network *> 160.10.0.0/16 * i s> 160.10.1.0/24 s> 160.10.3.0/24 *> 192.1.1.0/24 Next-Hop 0.0.0.0 192.20.2.2 192.20.2.2 192.20.2.2 192.20.2.2 Path i i i i ? router bgp 100 network 160.10.0.0 255.255.0.0 redistribute static route-map foo no auto-summary D D D R S 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24 Route Table access-list 1 permit 192.1.0.0 0.0.255.255 route-map foo permit 10 match ip address 1 BGP ‘redistribute’ commands can also be used to populate the BGP RIB with routes from the Route Table BGP Routing Information Base IN Process Update Update Network Next-Hop 173.21.0.0/16 192.20.2.1 OUT Process BGP RIB Network *>i160.10.1.0/24 *>i160.10.3.0/24 * > 173.21.0.0/16 Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 Path i i 100 Path 100 • BGP “in” process • receives path information from peers • results of BGP path selection placed in the BGP table • “best path” flagged (denoted by “>”) BGP Routing Information Base IN Process OUT Process BGP RIB Network *>i160.10.1.0/24 *>i160.10.3.0/24 *> 173.21.0.0/16 Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 Path i i 100 Update Network 160.10.1.0/24 160.10.3.0/24 173.21.0.0/16 Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 192.20.2.2 Update Path 200 200 200 100 • BGP “out” process • builds update using info from RIB • may modify update based on config • Sends update to peers Next-Hop changed BGP Routing Information Base BGP RIB Network *>i160.10.1.0/24 *>i160.10.3.0/24 *> 173.21.0.0/16 D D D R S B 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24 173.21.0.0/16 Route Table Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 Path i i 100 • Best paths installed in routing table if: • prefix and prefix length are unique • lowest “protocol distance” The ‘Bible’ & other resources • Route-views.oregon-ix.net • Internet Routing Architectures – Bassam Halabi – pg. 168 BGP Decision Process Summary Types of BGP Messages • OPEN – To negotiate and establish peering • UPDATE – To exchange routing information • KEEPALIVE – To maintain peering session • NOTIFICATION – To report errors (results in session reset) Internal BGP Peering (IBGP) AS 100 D A B E • BGP peer within the same AS • Not required to be directly connected • Maintain full IBGP mesh or use Route Reflection External BGP Peering (EBGP) A AS 100 C AS 101 B • Between BGP speakers in different AS • Directly connected or peering address is reachable An Example… 35.0.0.0/8 AS3561 A AS200 F B AS21 C D AS101 E AS675 Learns about 35.0.0.0/8 from F & D Basic BGP commands Configuration commands router bgp <AS-number> neighbor <ip address> remote-as <as-number> Show commands show ip bgp summary show ip bgp neighbors Originating routes... • Using network command or redistribution network <ipaddress> redistribute <protocol name> • Requires the route to be present in the routing table • • • • Originating routes/Inserting prefixes into BGP network command network 198.10.4.0 mask 255.255.254.0 ip route 198.10.0.0 255.255.254.0 serial 0 matching route must exist in the routing table before network is announced! • Origin: IGP Update message • Withdrawn routes • Path Attributes • Advertised routes Stable IBGP peering • Unlinks IBGP peering from physical topology. • Carry loopback address in IGP router ospf <ID> passive-interface loopback0 • Unlink peering from physical topology router bgp <AS1> neighbor <x.x.x.x> remote-as <AS1> neighbor <x.x.x.x> update-source loopback0 BGP4 continued... BGP Path Attributes: Why ? • • • • • Encoded as Type, Length & Value (TLV) Transitive/Non-Transitive attributes Some are mandatory Used in path selection To apply policy for steering traffic BGP Path Attributes... • • • • • • • Origin AS-path Next-hop Multi-Exit Discriminator (MED) Local preference BGP Community Others... AS-PATH • Updated by the sending router with its AS number • Contains the list of AS numbers the update traverses. • Used to detect routing loops – Each time the router receives an update, if it finds its AS number, it discards the update AS-Path AS 200 AS 100 170.10.0.0/16 180.10.0.0/16 • Sequence of ASes a route has traversed AS 300 • Loop detection 180.10.0.0/16 dropped AS 400 150.10.0.0/16 AS 500 180.10.0.0/16 170.10.0.0/16 150.10.0.0/16 300 200 100 300 200 300 400 Next-Hop 150.10.1.1 150.10.1.2 AS 200 150.10.0.0/16 A B AS 300 150.10.0.0/16 150.10.1.1 160.10.0.0/16 150.10.1.1 AS 100 160.10.0.0/16 • Next hop router to reach a network • Advertising router/Third party in EBGP • Unmodified in IBGP 0799_04F7_c2 Cisco Systems Confidential 20 Third Party Next Hop AS 200 192.68.1.0/24 C 150.1.1.1 peering 150.1.1.3 150.1.1.2 A B 192.68.1.0/24 AS 201 • More efficient, but bad idea! 150.1.1.3 Next Hop... • • • • IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physical topology Allows IGP to make intelligent forwarding decision Local Preference • Not for EBGP, mandatory for IBGP • Default value is 100 on Ciscos • Local to an AS • Used to prefer one exit over another • Path with highest local preference wins Local Preference AS 100 160.10.0.0/16 AS 200 AS 300 D 500 800 A 160.10.0.0/16 > 160.10.0.0/16 500 800 B AS 400 C E Multi-Exit Discriminator • Non-transitive • Represented as a numeric value (0-0xffffffff) • Used to convey the relative preference of entry points • Comparable if paths are from the same AS • Path with lower MED wins • IGP metric can be conveyed as MED Multi-Exit Discriminator (MED) AS 200 C preferred 192.68.1.0/24 2000 192.68.1.0/24 A B 192.68.1.0/24 AS 201 1000 Origin • Conveys the origin of the prefix • Three values: – IGP - Generated using “network” statement • ex: network 35.0.0.0 – EGP - Redistributed from EGP – Incomplete - Redistribute IGP • ex: redistribute ospf • IGP < EGP < INCOMPLETE Communities • • • • Transitive, Non-mandatory Represented as a numeric value (0-0xffffffff) Used to group destinations Each destination could be member of multiple communities • Flexibility to scope a set of prefixes within or across AS for applying policy Community... Service Provider AS 200 C Community 201:110 201:120 D Community:201:110 Community:201:120 A B 192.68.1.0/24 Customer AS 201 Local Preference 110 120 Synchronization 1880 C A D 690 OSPF 35/8 • C not running BGP (non-pervasive BGP) B is in sync • A won’t advertise 35/8 to D until the IGP • Turn synchronization off! – Run pervasive BGP router bgp 1880 no sync 209 BGP Route Selection (bestpath) Only one path as the bestpath ! • Route has to be synchronized Prefix in forwarding table • Next-hop has to be accessible Next-hop in forwarding table • Largest weight Local to the router • Largest local preference Spread within AS • Locally sourced Via redistribute or network statement BGP Route Selection ... • Shortest AS-path length number of ASes in the AS-path attribute • Lowest origin IGP < EGP < INCOMPLETE • Lowest MED between paths from same AS • External over internal closest exit from a router • Closest next-hop Lower IGP metric, closer exit from as AS • Lowest router-id • Lowest IP address of neighbor BGP Route Selection... AS 100 AS 200 AS 300 D Increase AS path attribute length by at least 1 A B AS 400 AS 400’s Policy to reach AS100 AS 200 preferred path AS 300 backup Stub AS • Typically no need for BGP • Point default towards the ISP • ISP advertises the stub network to Internet • Policy confined within ISP policy Stub AS B A AS 100 Customer AS 101 Provider Multi-homed AS • Only border routers speak BGP • IBGP only between border routers • Exterior routes must be redistributed in a controlled fashion into IGP or use defaults Multi-homed AS AS 100 provider AS 300 D A C B AS 200 customer provider Service Provider Network • IBGP used to carry exterior routes • IGP keeps track of topology • Full IBGP mesh is required Common Service Provider Network AS 100 A H B C AS 300 D provider E G AS 400 F AS 200 Routing Policy • Why? – To steer traffic through preferred paths – Inbound/Outbound prefix filtering – To enforce Customer-ISP agreements • How ? – AS based route filtering - filter list – Prefix based route filtering - distribute list – BGP attribute modification - route maps Distribute list - using IP access lists access-list 1 deny 10.0.0.0 access-list 1 permit any access-list 2 permit 20.0.0.0 … more access-lists as prefixes are added ... router bgp 100 neighbor 171.69.233.33 remote-as 33 neighbor 171.69.233.33 distribute-list 1 in neighbor 171.69.233.33 distribute-list 2 out Filter list rules Regular Expressions • RE is a pattern to match against an input string • Used to match against AS-path attribute • ex: ^3561.*100.*1$ • Flexible enough to generate complex filter list rules Filter list - using as-path access list ip as-path access-list 1 permit 3561 ip as-path access-list 2 deny 35 ip as-path access-list 2 permit .* router bgp 100 neighbor 171.69.233.33 remote-as 33 neighbor 171.69.233.33 filter-list 1 in neighbor 171.69.233.33 filter-list 2 out Route Maps router bgp 300 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 route-map SETCOMMUNITY out ! route-map SETCOMMUNITY permit 10 match ip address 1 match community 1 set community 300:100 ! access-list 1 permit 35.0.0.0 ip community-list 1 permit 100:200 Route-map match & set clauses Match Clauses • AS-path • Community • IP address Set Clauses • • • • • • • AS-path prepend Community Local-Preference MED Origin Weight Others... Route-map Configuration Example ISP2 C21 H ethH C22 H eth H ISP3 Inbound route-map to set community H C31 eth H C32 H eth H neighbor <y.y.y.y> route-map AS200_IN in ! route-map AS200_IN permit 10 match community 1 set local-preference 200 ! ip community-list 1 permit 100:200 neighbor <x.x.x.x> route-map AS100_IN in ! route-map AS100_IN permit 10 set community 100:200 Load Sharing & Redundancy using BGP Load-sharing - single path Router A: interface loopback 0 ip address 20.200.0.1 255.255.255.255 ! router bgp 100 neighbor 10.200.0.2 remote-as 200 neighbor 10.200.0.2 update-source loopback0 neighbor 10.200.0.2 ebgp-multi-hop 2 ! ip route 10.200.0.2 255.255.255.255 <DMZ-link1, link2> A AS100 Loopback 0 10.200.0.2 AS200 Loopback 0 20.200.0.1 Load Sharing - Multiple paths from the same AS Router A: router bgp 100 neighbor 10.200.0.1 remote-as 200 neighbor 10.300.0.1 remote-as 200 maximum-paths 2 A 100 Note:A still only advertises one “best” path to ibgp peers 200 Redundancy - Multi-homing • Reliable connection to Internet • 3 common cases of multi-homing: - default from all providers - customer + default routes from all - full routes from all Default from all providers • Low memory/CPU solution • Provider sends BGP default – provider is selected based on IGP metric • Inbound traffic decided by providers’ policy – Can influence using outbound policy, example: AS-path prepend Default from all providers Provider Provider AS 200 AS 300 D E A B AS 400 C Customer + default from all providers • Medium memory and CPU solution • Granular routing for customer routes and default for the rest • Inbound traffic decided by providers’ policy – Can influence using outbound policy Customer routes from all providers Customer AS 100 160.10.0.0/16 Provider Provider AS 200 AS 300 D C chooses shortest AS path E A B AS 400 C Full routes from all providers • More memory/CPU • Full granular routing • Usually transit ASes take full routes • Usually pervasive BGP Full routes from all providers AS 100 AS 500 AS 200 AS 300 D C chooses shortest AS path E A B AS 400 C Best Practices IGP in Backbone • IGP connects your backbone together, not your client’s routes • IGP must converge quickly • IGP should carry netmask information OSPF, IS-IS, EIGRP Best Practices... Connecting to a customer • Static routes – You control directly – No route flaps • Shared routing protocol or leaking – You must filter your customers info – Route flaps • BGP for multi-homed customers Best Practices... Connecting to other ISPs • • • • Use BGP4 Advertise only what you serve Take back as little as you can Take the shortest exit Best Practices... The Internet Exchange • Long distance connectivity is expensive • Connect to several providers at a single point Q &A