07.bgp
TRANSCRIPT
Implement an eBGP based solution, given a
network design and a set of requirements
Determine network resources needed for implementing
eBGP on a network
Create an eBGP implementation plan
Create an eBGP verification plan
Configure eBGP routing
Verify eBGP solution was implemented properly using
show and debug commands
Document results of eBGP implementation and
verification plan
1
Border Gateway Protocol
Used to exchange routes/prefix between different
autonomous systems (AS)
Use TCP port 179
Require IGP, network can’t route with only BGP
Only one process per router
Need neighbors but doesn’t run on interfaces
Neighbors doesn’t need to be directly connected
iBGP: In the same AS (AD 200)
eBGP: In different AS (AD 20)
Hello 60 seconds / Dead 180 seconds
BGP Autonomous System
Set of routers under a unique technical administration
AS range:
Public: 1 – 64511
Private: 64512 – 65535
BGP Loop Prevention
2
Design of BGP, when to use it?
Connection with multiple AS
Implement complex routing
When you are a transit AS
Multihoming
Connection to two different ISP’s via BGP
Verify that your networks are correctly advertised
Be careful not to become a transit AS
Filter networks not originated from your AS
Design of BGP, what routes should i receive?
Only a default route
Some routes plus a default
Full routes (more than 200.000)
Impact
Memory
CPU
Route selection
3
BGP Messages
OPEN
KEEPALIVE
UPDATE
NOTIFICACION
BGP Tables
Neighbor table
BGP table
IP routing table
BGP Neighbor States
IDLE: Looking for neighbors
CONNECT: TCP session complete
ACTIVE: Trying to establishing a neighborship
OPEN SENT: BGP open message has been sent
OPEN CONFIRM: Response of an open message
ESTABLISHED: Neighbor is up, routes exchange start
4
Network Topology
Configuring Neighbors
R4(config)#router eigrp 100 R4(config-router)#no auto-summary R4(config-router)#network 0.0.0.0 255.255.255.255 R4(config-router)#passive-interface fa0/0 R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 remote-as 100 R4(config-router)#neighbor 172.16.46.6 remote-as 200 R4(config-router)#network 1.1.1.1 mask 255.255.255.255 R4(config-router)#network 4.4.4.4 mask 255.255.255.255 R4(config-router)#network 10.14.0.0 mask 255.255.255.0
R6#show ip bgp neighbors 172.16.46.4 advertised-routes R6#show ip bgp summary R6#show ip bgp R6#debup ip packet detail
5
Loop Prevention
iBGP learned routes can’t be advertised to another
iBGP neighbor
iBGP full mesh peerings
Route Reflectors
Confederations
Full Mesh
Route Reflectors
Like the DR of OSPF
No (n-1)/2 peering needed
If route come from eBGP
Advertise to eBGP, route-reflector-client, non-client
If route come from route-reflector-client
Advertise to eBGP, route-reflector-client, non-client
If route come from non-client
Advertise to eBGP, route-reflector-client
6
Route Reflectors
RR
R1(config)#router bgp 100 R1(config-router)#neighbor 10.14.0.4 route-reflector-client R1(config-router)#neighbor 10.13.0.2 route-reflector-client
R1#sh ip bgp neighbors 10.13.0.2
Confederations
Sub AS’s
Usually Private AS’s
Within a sub AS, route reflector can be used
R1(config)#no router bgp 100 R1(config)#router bgp 65001 R1(config-router)#bgp confederation id 100 R1(config-router)#bgp confederation peers 65004 65035 R1(config-router)#neighbor 10.14.0.4 remote-as 65004 R1(config-router)#neighbor 10.13.0.2 remote-as 65035
7
Next Hop Processing
eBGP change the next hop
iBGP doesn’t change the next hop
How to change the next hop:
Static route
Running a IGP
Option ‘next-hop-self’
Via route-map
Option ‘next-hop-self’
R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 next-hop-self
Via Route Map
R4(config)#route-map NEXTHOP permit 10 R4(config-route-map)#set ip next-hop 10.14.0.4 R4(config-router)#neighbor 10.14.0.1 route-map NEXTHOP out
8
Redistribution
When you redistribute an IGP to BGP, BGP can
propagate to another AS. Routing loops may occur
because external IGP routes may be originated in
another AS
When redistributing from BGP to an IGP it could
cause high CPU and memory usage, there are more
than 200.000 routes in the internet
Well see an example on ‘synchronization rule’
Update Source and Multihop
By default the TCP packet is sent via the closest
interface
In some occasions it’s a good idea that the TCP
packets are originated from another interface.
eBGP must be directly connected, if not, use multihop
R4(config)#neighbor 6.6.6.6 remote-as 200 R4(config)#neighbor 6.6.6.6 ebgp-multihop 255 R4(config)#neighbor 6.6.6.6 update-source Loopback0
R4(config)#ip route 6.6.6.6 255.255.255.255 172.16.46.6
9
Peer Groups
Easier administration
In occasions a more efficient way to configure BGP
Lot of neighbors with the same configuration
Locally significant
R3(config)#router bgp 100 R3(config-router)#neighbor GROUP peer-group R3(config-router)#neighbor GROUP remote-as 100 R3(config-router)#neighbor GROUP route-reflector-client
R3(config-router)#neighbor 10.35.0.5 peer-group GROUP
Summarization
Used in AS border
Advertise a single route
CPU
Memory
Cisco way says that is better to aggregate than
redistribute static routes connected to null
R4(config)#ip route 10.0.0.0 255.0.0.0 null 0 R4(config)#router bgp 100 R4(config-router)#network 10.0.0.0 mask 255.0.0.0
R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 or R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 summary-only
10
Authentication
Only MD5 is supported
Very little ISP’s wants to run authentication with its
clients
R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 password cisco
Filter
Access list
Prefix list
Route maps
Access Lists
Send only summary route to R6 R4(config)#access-list 10 permit 10.0.0.0 0.255.255.255 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 distribute-list 10 out
Prefix Lists
Send only summary route to R6 R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 prefix-list SUMMARY out
11
Route Maps
Deny only summary route to R6 and permit all other routes R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8
R4(config)#route-map FILTER deny 10 R4(config-route-map)#match ip address prefix-list SUMMARY R4(config)#route-map FILTER permit 20
R4(config-router)#neighbor 172.16.46.6 route-map FILTER out
What are BGP Attributes
The BGP metric is not simple
Attributes are ways that you can ‘tag’ incoming or
outgoing BGP routes
Some attributes are WELL KNOWN (everyone
supports) while others are OPTIONAL
Some attributes are MANDATORY (must be in the
update) while others are DISCRETIONARY
Some attributes are TRANSITIVE (travel from router
to router) while others are NON-TRANSITIVE
12
‘WELL KNOW’ Attributes
Autonomous system path AS_PATH (Mandatory)
Next-hop-address (Mandatory)
Origin (Mandatory)
Local Preference (Discretionary)
Atomic Aggregate (Discretionary)
‘OPTIONAL’ Attributes
Aggregator (Transitive)
Multi-exit Discriminator (Non-Transitive)
BGP Path Selection
13
BGP Path Selection
Influence BGP Path Select ion: Weight
Influence the OUTBOUND traffic
Apply INBOUND
Local to the router
Default value 0
R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 weight 200
R4(config)#ip prefix-list LOOBACK2 permit 2.2.2.2/32 R4(config)#route-map WEIGHT permit 10 R4(config-route-map)#match ip address prefix-list LOOBACK2 R4(config-route-map)#set weight 200 R4(config)#route-map WEIGHT permit 100
R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map WEIGHT in
14
Influence BGP Path Select ion: Local Preference
Influence the OUTBOUND traffic
Apply INBOUND
Local to AS
Default value 100
R4(config)#router bgp 100 R4(config-router)#bgp default local-preference 150
R4(config)#ip prefix-list LOOPBACK2 permit 2.2.2.2/32 R4(config)#route-map LOCAL_PREFERENCE permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK2 R4(config-route-map)#set local-preference 150 R4(config)#route-map LOCAL_PREFERENCE permit 100
R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map LOCAL_PREFERENCE in
Influence BGP Path Select ion: AS Path
Influence the INBOUND traffic
Apply OUTBOUND
Shortest is better
R4(config)#ip prefix-list LOOPBACK4 permit 4.4.4.4/32 R4(config)#route-map AS_PATH permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK4 R4(config-route-map)#set as-path prepend 100 100 100 100 R4(config)#route-map AS_PATH permit 100
R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map AS_PATH out
15
Influence BGP Path Select ion: MED
Influence the INBOUND traffic
Apply OUTBOUND
Only compare MED if prefix is advertised from two
sources from the same AS, if not:
(config-router)#bgp always-compare-med
R3(config)#ip prefix-list LOOPBACK3 permit 3.3.3.3/32 R3(config)#route-map MED permit 10 R3(config-route-map)#match ip address prefix-list LOOPBACK3 R3(config-route-map)#set metric 2300418 R3(config)#route-map MED permit 100
R3(config)#router bgp 100 R3(config-router)#neighbor 172.16.32.2 route-map MED out
R3(config-router)#default-metric x
Synchronizat ion Rule
Prevents traffic to be black holed
Reduces traffic that will be drop / Ensure consistency
Turn off when
Redistribute BGP into IGP
BGP is running in all routers of the AS
‘Routes learned via BGP must be validated by the
interior routing table before they can be advertised to
remote peers’
16
Synchronizat ion Rule
R3(config)#router bgp 100 R3(config-router)#synchronization R4(config)#router bgp 100 R4(config-router)#synchronization
How to fix it
1. BGP running in all routers of the AS
or
1. Turn off synchronization on R3 and R4 and:
R4(config-router)#router eigrp 100 R4(config-router)#redistribute bgp 100 metric 1 1 1 1 1
Communities
To tag routes in the BGP topology
Consistent filtering in the AS domain
se n d t ag r ou t es
R5(config)#route-map COMMUNITY permit 10 R5(config-route-map)#set community 123456 local-AS
R5(config)#router eigrp 100 R5(config-router)#no network 5.5.5.5 0.0.0.0 R5(config-router)#router bgp 100 R5(config-router)#network 5.5.5.5 mask 255.255.255.255 R5(config-router)#neighbor 10.35.0.3 route-map COMMUNITY out R5(config-router)#neighbor 10.35.0.3 send-community
17
Verifying and Troubleshooting BGP
ACL blocking TCP 179
eBGP not directly connected, use multihop
AS mismatch
Troubleshooting
R1#show ip bgp R1#show ip bgp summary R1#show ip neighbors R1#clear ip bgp * R1#clear ip bgp * in R1#clear ip bgp * out R1#debug ip bgp
BGP Design Peer Review
Implementation Plan Detail (configuration and notes)
Based on the network topology, configuration of
peers, route reflectors, filters
BGP Implementation Peer Review
Question that can be Asked
Why route reflectors and no confederations?
Possible Answers
There is only one route reflector in the network, the
solution is simple
18
