Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Campus Network Design
Document related concepts
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Transcript
Border Gateway Protocol
Session #
Presentation_ID
© 2000, Cisco Systems, Inc.
1
Agenda
•
BGP Fundamentals
•
BGP Attributes
•
Controlling the flow of BGP
updates
•
Practical Design Examples
Autonomous System (AS)
AS 100
A
• Collection of networks with same policy
• Single routing protocol
• Usually under single administrative control
• Identified by AS number (1 – 65535)
Private ASNs from 64512 – 65535
ARIN
ASN Registration Guidelines
• A unique routing policy (its
policy differs from its border
gateway peers)
• A multi-homed site
http://www.arin.net
What is an IGP?
• Interior Gateway Protocol
• Within an Autonomous System
• Carries information about
internal prefixes
• Examples—OSPF, RIP, EIGRP…
What is an EGP?
• Exterior Gateway Protocol
• Used to convey routing information
between Autonomous Systems
• Decoupled from the IGP
• Current EGP is BGP
Interior vs. Exterior Routing
Protocols
• Interior
• Exterior
Automatic
discovery
Specifically
configured peers
Generally trust
your IGP
routers
Connecting with
outside networks
Routes go to all
IGP routers
Set administrative
boundaries
Why do we need an EGP?
• Scaling to large network
Hierarchy
Limit scope of failure
Fast convergence
No manual reconfig (static routes) - high
maintenance
• Complex Routing Policies
Control reachability to prefixes by
selecting outbound paths and
announcing internal routes
NJEDge
NJEDge Intranet
NJEDge Internet
Alternate ISP
Verizon
ATM
Member Remote
Network
What is BGP?
• Border Gateway Protocol, currently
version 4 – defined in RFC 1771
• Distance-vector routing protocol
running over TCP port 179
• Supports classless routing
• Actually two protocols – iBGP and
eBGP
Internal BGP
AS 3847
When BGP speakers in the same
AS form a BGP connection for
the purpose of exchanging routing
information, they are said to be
running IBGP or internal BGP.
A
c
IBGP speakers are usually
fully-meshed.
B
External BGP
AS 109
131.108.0.0
.1
When BGP speakers in different
ASs form a BGP connection for
the purpose of exchanging routing
information, they are said to be
running EBGP or external BGP.
EBGP peers are usually directly
connected.
A
131.108.10.0
B
.2
150.10.0.0
AS 110
Agenda
•
BGP Fundamentals
•
BGP Attributes
•
Controlling the flow of BGP
updates
•
Practical Design Examples
BGP Attributes
•
•
•
•
•
•
•
AS-path
Origin
Next-hop
Weight
Local preference
Multi Exit Discriminator (MED)
Community
BGP Attributes
AS-Path
690
B
1. Router A sends update for
141.253.10.0/24 with AS_PATH: 1880
1880
A
2. Router B sends update
for 141.253.10.0/24 with
AS_PATH: 690 1880
C
200
141.253.10.0/24
3.Router C sends update
for 141.253.10.0/24 with
AS_PATH: 200 690 1880
4.Router A will detect its
own AS number and will
discard the update
AS-Path
AS701
192.67.95.0/24
AS3561
204.70.0.0/15
G
F
D
AS3847
207.240.0.0/16
C
AS1673
140.222.0.0/16
B
E
show ip bgp
A
AS6201
192.67.95.0/24
140.222.0.0
204.70.0.0/15
207.240.0.0/16
3847 701 i
3847 1673 i
3847 3561 i
3847 i
AS-Path
• Sequence of ASNs a route has
traversed.
• Provides a mechanism for loop detection
• Shortest AS path preferred
• Policies may be applied based on AS path
Origin
Order of preference:
• IGP (i)
Route is interior to the originating AS
Set with the Network statement under router BGP
• EGP (e)
Route learned via EGP
• Incomplete (?)
Route redistributed from IGP
Origin
AS 300
192.208.10.5
B
A
AS 200
192.208.10.6
RouterB# show ip bgp
table version is 24, local router ID is 203.250.15.2
Status codes: s suppressed, d damped, h history, * valid, >
best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
*> 192.208.10.0
Next Hop
Metric LocPrf Weight
192.208.10.5 0
0
Path
300 i
Next Hop
150.10.1.1
150.10.1.2
AS 200
150.10.0.0/16
A
B
AS 300
150.10.0.0/16 150.10.1.1
160.10.0.0/16 150.10.1.1
AS 100
160.10.0.0/16
• Next hop IP address to
reach a network
• For EBGP usually the IP of
the neighbor specified by
the neighbor remote-as
command
Next Hop
150.10.1.1
150.10.1.2
C
AS 200
150.10.0.0/16
AS 100
160.10.0.0/16
A
B
AS 300
150.10.0.0/16 150.10.1.1
160.10.0.0/16 150.10.1.1
• With IBGP Next Hop does
not change
• Ensure that router C can
reach 150.10.1.1 via an IGP
Weight
• Cisco proprietary
• Local to router, not propagated in any
routing updates
• Value 0-65535 (default if originated by
router - 32768, other - 0)
• Highest weight preferred
• Rarely used
Weight
router bgp 300
neighbor
neighbor
neighbor
neighbor
1.1.1.1
1.1.1.1
2.2.2.2
2.2.2.2
remote-as 100
weight 2000
remote-as 200
weight 1000
Local Preference
AS 100
160.10.0.0/16
AS 200
AS 300
D
150
200
A
160.10.0.0/16
> 160.10.0.0/16
150
200
B
AS 400
C
E
Local Preference
• Path with highest local pref is
preferred (default = 100)
• Unlike weight, local pref advertised
to routers within the same AS (IBGP)
• Often used attribute
• “Powerful” attribute, comes before
AS-Path length in the BGP selection
algorithm
Local Preference
router bgp 400
neighbor 3.3.3.4 remote-as 300
neighbor 128.213.11.1 remote-as 400
bgp default local-preference 200
Multi-Exit Discriminator (MED)
AS 200
C
192.68.1.0/24
2000
192.68.1.0/24
A
B
192.68.1.0/24
AS 201
1000
Multi-Exit Discriminator (MED)
• Lowest MED preferred
• Used to convey the relative preference of entry
points into an AS (Local Pref is outbound)
• Influences best path selection – after AS_PATH
evaluation
• Comparable if paths are
from same AS. Use bgp always-compare-med
command to compare all MEDs
• Advertised to external neighbors
• Usually based on IGP metric
Multi-Exit Discriminator (MED)
router bgp 300
neighbor 3.3.3.2 remote-as 100
neighbor 3.3.3.2 route map SETMEDOUT out
neighbor 1.1.1.1 remote-as 300
route-map SETMEDOUT permit 10
set metric 200
Communities
• BGP attribute
• Used to group destinations
• Useful in applying routing policies
• Represented as number(s) that get
“stamped” on BGP routes
• Each destination could be member
of multiple communities
• Community attribute carried across
Autonomous Systems
Communities
AS 200
160.10.0.0
router bgp 200
3.3.3.2
network 160.10.0.0
neighbor 3.3.3.1 remote-as 300
neighbor 3.3.3.1 send-community
neighbor 3.3.3.1 route-map SETCOMMUNITY out
route-map SETCOMMUNITY permit 10
match ip address 1
set community no-export
route-map SETCOMMUNITY permit 20
A
B
AS 300
3.3.3.1
access list 1 permit 0.0.0.0 255.255.255.255
AS 100
C
Agenda
•
BGP Fundamentals
•
BGP Attributes
•
Controlling the flow of BGP
updates
•
Practical Design Examples
BGP Path Selection Algorithm
1. Do not consider IBGP path
if not synchronized
2. Do not consider path if no
route to next hop
3. Highest weight (local to router)
4. Highest local preference
(global within AS)
5. Shortest AS path
BGP Path Selection Algorithm
6.
Lowest origin code
IGP < EGP < incomplete
7.
Multi-Exit Discriminator
Considered only if paths are from the same AS
8.
Prefer EBGP path over IBGP path
9.
Path with shortest next hop
metric wins
10. Lowest router-id
Route Maps
router bgp 256
neighbor 3.3.3.4 remote-as 300
route-map SETLOCALIN in
neighbor 128.213.11.1 remote-as 256
ip as-path 7 permit ^300$
route-map SETLOCALIN permit 10
match as-path 7
set local-preference 200
route-map SETLOCALIN permit 20
Route Maps
route-map SETLOCALIN permit 10
match as-path 7
set local-preference 200
route-map SETLOCALIN permit 20
• Route-maps are Cisco’s mechanism to select and modify routes
with if/then style algorithms.
• For route-maps with the keyword “permit”, if the prefix being
examined passes the match statement, the set commands are
executed and the route-map is exited.
• If the match statement is not passed, the next sequence number
is executed.
• If there are no more sequence numbers, the prefix is
filtered/dropped.
Cisco Regular Expressions
ip as-path 7 permit ^300$
. Period matches any single character, including white space.
* Asterisk matches 0 or more sequences of the pattern.
+ Plus sign matches 1 or more sequences of the pattern.
? Question mark matches 0 or 1 occurrences of the pattern
^ Caret matches the beginning of the input string.
$ Dollar sign matches the end of the input string.
_ Underscore matches a comma (,), left brace ({), right brace (}) left
parenthesis, right parenthesis, the beginning or end of the input string,
or a space.
][ Square brackets designate a range of single character patterns.
- Hyphen separates the endpoints of a range.
These are much like standard vi regular expressions.
Cisco Regular Expressions
701
6201
A
F
E
B
3847
6202
C
D
G
The following configuration could be used on router B
to accept routes from AS6201 & 6202 and deny all
others.
ip as-path access-list 10 permit ^6201$
ip as-path access-list 10 permit ^6201_6202$
ip as-path access-list 10 deny .*
AS-Path Padding
AS 100
A
Router A
router bgp 100
AS 200
AS 300
network 170.10.0.0
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 route-map SETPATH out
route-map SETPATH permit 10
set as-path prepend 100 100
AS 400
Peer Groups
• A way to group in a configuration template a set of neighbors
having the same outbound policy.
• Peer-groups allow:
easier configuration (and maintenance) of BGP
neighbors
better cpu/memory usage when generating updates
• By grouping neighbors with common policy together, routers
can save CPU by creating once a route object and then
advertising that object to multiple peers.
• Also, saves typing :)
Peer Groups
router bgp 300
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
EXTERNALMAP peer-group
EXTERNALMAP route-map SETMED
EXTERNALMAP filter-list 1 out
EXTERNALMAP filter-list 2 in
2.2.2.2 remote-as 100
2.2.2.2 peer-group EXTERNALMAP
4.4.4.2 remote-as 600
4.4.4.2 peer-group EXTERNALMAP
1.1.1.2 remote-as 200
1.1.1.2 peer-group EXTERNALMAP
1.1.1.2 filter-list 3 in
Aggregation
• Three ways to configure route
aggregation
Redistribute static
Network mask command
Aggregate-address command
Aggregation
Redistribute Static
router bgp 200
neighbor 3.3.3.1 remote-as 300
redistribute static
ip route 160.0.0.0 255.0.0.0 null 0
Aggregation
Network Mask
router bgp 200
network 160.0.0.0 mask 255.0.0.0
neighbor 3.3.3.1 remote-as 300
ip route 160.0.0.0 255.0.0.0 null 0
Aggregation
Aggregate-address
router bgp 200
network 160.0.0.0
neighbor 3.3.3.1 remote-as 300
aggregate-address 160.0.0.0 255.0.0.0
Aggregation
Suppress-map
router bgp 300
neighbor 3.3.3.3 remote-as 200
neighbor 2.2.2.2 remote-as 100
network 160.10.0.0
aggregate-address 160.0.0.0 255.0.0.0 suppress-map CHECK
route-map CHECK permit 10
match ip address 1
access-list 1 deny 160.20.0.0 0.0.255.255
access-list 1 permit 0.0.0.0 255.255.255.255
Agenda
•
BGP Fundamentals
•
BGP Attributes
•
Controlling the flow of BGP
updates
•
Practical Design Examples
Multi-homing with two ISPs
AS 100
B
10.10.10.10
ISP A
AS 300
A
141.253.10.0/24
1.0.0.0 / 8
2.0.0.0 / 8
20.20.20.20
AS 200
C
NJEDge Internet
Risk of your AS becoming a transit AS
Configuration to Receive Full
Internet Routing Table
router bgp 300
network 1.0.0.0
network 2.0.0.0
neighbor 10.10.10.10
neighbor 10.10.10.10
neighbor 20.20.20.20
neighbor 20.20.20.20
remote-as
route-map
remote-as
route-map
100
localonly out
200
localonly out
ip as-path access-list 10 permit ^$
route-map localonly permit 10
match as-path 10
Load Sharing when
Multi-homed to Two ISPs
Internet
AS 300
AS 400
ISP A Network
NJEDge Internet
D
E
IBGP
A
B
AS 100
Member Network
C
10.10.10.0/24
10.10.20.0/24
Redistributing IGP into BGP
router eigrp 10
network 175.220.0.0
router bgp 200
neighbor 1.1.1.1 remote-as 300
neighbor 2.2.2.2 remote-as 200
neighbor 1.1.1.1 distribute-list 1 out
redistribute eigrp 10
access-list 1 permit 175.220.0.0 0.0.255.255
Requires careful use of access lists to prevent routes
from being injected back into BGP
Redistributing IGP into BGP
(Preferred)
router bgp 200
network 175.220.0.0
neighbor 1.1.1.1 remote-as 300
neighbor 2.2.2.2 remote-as 200
• Works for networks learned through IGP or static routes
• Use with aggregate-address command if necessary
Redistributing BGP into IGP
• Normally avoided because too many routes would
be injected into the IGP
• Common design is to redistribute one or two
routes and make them exterior routes
• Or, have your BGP router generate default for
your autonomous system
• When redistributing from BGP into IGP, only
routes learned using EBGP get redistributed
Cisco Routers
• Can’t run full BGP 2500
4000/4000M/4500/4500M
• Can run full BGP (64 MB)2600
3620/3640/3660
4700M
7206
7000
7500
Best Practices
• Peer IBGP routers using loopback address
neighbor 1.1.1.1 update-source loopback0
• BGP soft-reconfig
Allows config changes w/o clearing neighbor
Inbound: neighbor 1.1.1.1 soft-reconfiguration inbound
Outbound: no configuration necessary
clear ip bgp 1.1.1.1 soft (in/out)
Route Refresh Capability IOS 12.0(1.0.4)S and later
• bgp dampening command
Suppress flapping routes (high CPU utilization)
For EBGP only
Alternate paths still usable
Use judiciously!
• bgp log-neighbor-changes
Used to log neighbor up/down events and resets
