slides bgp basics...4271 external bgp are commonly abbreviated as ibgp and ebgp. 29 30 v1.0 internal...
TRANSCRIPT
1
5/22/20
1 v1.0
BGP BasicsW E B I N A R C O U R S E
1
2 v1.0
Overview
• What is BGP?
• BGP Features
• BGP General Operation
• BGP Attributes Overview
• Inserting Prefixes into BGP
• “Deploying BGP” Lab Demo
• Homework !
2
2
5/22/20
3 v1.0
What is BGP?
• Border Gateway Protocol• A Routing Protocol used to exchange routing information between different
networks• Described in RFC4271
• RFC4276 gives an implementation report on BGP• RFC4277 describes operational experiences using BGP• Many updates in other RFCs, i.e. RFC8212 defining the default behavior of a BGP speaker
without policies
Interior Gateway Protocol Exterior Gateway Protocol
OSPF, IS-IS … BGP
3
4 v1.0
BGP Features
• Path Vector Protocol
• Autonomous systems
• Runs on TCP (Port 179)
• Incremental updates
• Many options for policy enforcement
• Widely used for Internet backbone
• Classless Inter Domain Routing (CIDR)
4
3
5/22/20
5 v1.0
What is Path Vector Routing Protocol
• A path vector routing protocol is used to span different autonomous systems.
5
6 v1.0
What is Path Vector Routing Protocol
• A path vector routing protocol is used to span different autonomous systems.
6
4
5/22/20
7 v1.0
What is an Autonomous System?
RFC1930:
• An AS is a connected group of one or more IP prefixes run by one or more
network operators which has a SINGLE and CLEARLY DEFINED routing policy.
7
8 v1.0
What is an Autonomous System?
RFC1930:
• An AS is a connected group of one or more IP prefixes run by one or more
network operators which has a SINGLE and CLEARLY DEFINED routing policy.
Autonomous System Autonomous System
8
5
5/22/20
9 v1.0
Autonomous System Number (ASN)
• An AS has a globally unique number (sometimes referred to as an ASN, or
Autonomous System Number) associated with it; this number is used in both the
exchange of exterior routing information (between neighboring ASes), and as an
identifier of the AS itself.
• 2-byte only AS number range : 0 – 65535
• 4-byte only AS number range : 65,536 - 4,294,967,295
9
10 v1.0
What is an Autonomous System?
RFC1930:
• An AS is a connected group of one or more IP prefixes run by one or more
network operators which has a SINGLE and CLEARLY DEFINED routing policy.
AS 64502 AS 64503
10
6
5/22/20
11 v1.0
What is Path Vector Routing Protocol
• A path vector routing protocol is used to span different autonomous systems.
• It defines a route as a collection of a number of AS that it passes through from
source AS to destination AS, i.e.
64500 64501 64503
• This list of AS numbers is called AS path
AS Path example:
11
12 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16
Path Vector Routing Protocol
12
7
5/22/20
13 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16 64503
Path Vector Routing Protocol
172.16.0.0/16
13
14 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16 64501 64503
Path Vector Routing Protocol
172.16.0.0/16 64503
172.16.0.0/16
14
8
5/22/20
15 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16 64501 64503
Path Vector Routing Protocol
172.16.0.0/16 64503
172.16.0.0/16
172.16.0.0/16 64500 64501 64503
15
16 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16 64501 64503
Path Vector Routing Protocol
172.16.0.0/16 64503
172.16.0.0/16
172.16.0.0/16 64500 64501 64503 Drop route
Avoid routing loop
16
9
5/22/20
17 v1.0
AS64500 AS64501
AS64502AS64503
172.16.0.0/16
172.16.0.0/16 64501 64503
Path Vector Routing Protocol
172.16.0.0/16 64503
172.16.0.0/16
172.16.0.0/16 64500 64501 64503 Drop route
Avoid routing loop
17
18 v1.0
What is Path Vector Routing Protocol
• A path vector routing protocol is used to span different autonomous systems.
• It defines a route as a collection of a number of AS that it passes through from
source AS to destination AS, i.e.
64500 64501 64503
• This list of AS numbers is called AS path
o used to avoid routing loop
o also used to select path to destination
AS Path example:
18
10
5/22/20
19 v1.0
BGP Message Types
• Between BGP speakers, BGP messages are sent over TCP connections, port 179.
Router1 Router2
BGP Messages
19
20 v1.0
BGP Message Types
• BGP messages are sent over TCP connections, port 179.
Message Function
OPEN Message After a TCP connection is established, the first message sent by each side is an OPEN message.
KEEPALIVE Message KEEPALIVE messages are exchanged between peers often enough not to cause the Hold Timer to expire
UPDATE MessageAn UPDATE message is used to advertise feasible routes that share common path attributes to a peer, or to withdraw multiple unfeasible routes from service
NOTIFICATION Message A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
20
11
5/22/20
21 v1.0
BGP Message Types
• BGP messages are sent over TCP connections, port 179.
Message Function
OPEN Message After a TCP connection is established, the first message sent by each side is an OPEN message.
KEEPALIVE Message KEEPALIVE messages are exchanged between peers often enough not to cause the Hold Timer to expire
UPDATE MessageAn UPDATE message is used to advertise feasible routes that share common path attributes to a peer, or to withdraw multiple unfeasible routes from service
NOTIFICATION Message A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
21
22 v1.0
BGP Message Types
• BGP messages are sent over TCP connections, port 179.
Message Function
OPEN Message After a TCP connection is established, the first message sent by each side is an OPEN message.
KEEPALIVE Message KEEPALIVE messages are exchanged between peers often enough not to cause the Hold Timer to expire
UPDATE MessageAn UPDATE message is used to advertise feasible routes that share common path attributes to a peer, or to withdraw multiple unfeasible routes from service
NOTIFICATION Message A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
22
12
5/22/20
23 v1.0
BGP Message Types
• BGP messages are sent over TCP connections, port 179.
Message Function
OPEN Message After a TCP connection is established, the first message sent by each side is an OPEN message.
KEEPALIVE Message KEEPALIVE messages are exchanged between peers often enough not to cause the Hold Timer to expire
UPDATE MessageAn UPDATE message is used to advertise feasible routes that share common path attributes to a peer, or to withdraw multiple unfeasible routes from service
NOTIFICATION Message A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
23
24 v1.0
BGP Message Types
• BGP messages are sent over TCP connections, port 179.
Message Function
OPEN Message After a TCP connection is established, the first message sent by each side is an OPEN message.
KEEPALIVE Message KEEPALIVE messages are exchanged between peers often enough not to cause the Hold Timer to expire
UPDATE MessageAn UPDATE message is used to advertise feasible routes that share common path attributes to a peer, or to withdraw multiple unfeasible routes from service
NOTIFICATION Message A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after it is sent.
24
13
5/22/20
25 v1.0
BGP Finite State Machine
Idle
Connect Active
Open Sent
Open ConfirmEstablished
25
26 v1.0
BGP Finite State Machine
Idle
• The router is looking for a route to its neighbor
Connect
• BGP router moves from Idle to Connect state if it has found a route to its neighbor, and has started the TCP handshake
• If the TCP session successful, sends an Open message (and transitions to OpenSent)
• Else, move to Active state
Active
• A router transitions to Active state if the initial TCP connection was not successful (in Connect state)
• Restarts the TCP connection
• If successful, sends an Open message
• Else, falls back to Idle state
OpenSent
• An Open message has been sent to the neighbour
• Waiting for Open message from neighbour
• If it receives an Open message and there are no mismatches (version, source addr same as TCP addr, ASN, router-ID, TTL, md5), sends KeepAlive, moves to OpenConfirm
• Else (if mismatches/errors), sent Notification and falls back to Idle
OpenConfirm
• waiting for the initial KeepAlive
• If received, transitions to Established
• If holdtimer expires or Notification received, moves to Idle
Established
• The BGP neighbor relationship (session) is established!
• Routing information can now be exchanged
• If holdtimer expires/error, moves back to Idle
26
14
5/22/20
27 v1.0
BGP Finite State Machine
Idle
Connect Active
Open Sent
Open ConfirmEstablished
Figure 1: The BGP Finite State Machine
27
28 v1.0
Example of BGP Neighbors
• Here is an example of one router’s IPv4 BGP neighbors:
Example on Cisco IOS
28
15
5/22/20
29 v1.0
Internal & External BGP
A peer in a different AS is referred to as an external peer, while a peer in the same AS is referred to as an internal peer. Internal BGP and external BGP are commonly abbreviated as IBGP and EBGP.4271
29
30 v1.0
Internal & External BGP
AS64501
R1 R2IBGPpeer
A peer in a different AS is referred to as an external peer, while a peer in the same AS is referred to as an internal peer. Internal BGP and external BGP are commonly abbreviated as IBGP and EBGP.
4271
30
16
5/22/20
31 v1.0
Internal & External BGP
AS64500AS64501
R1 R2IBGPpeerR3
EBGP peer
A peer in a different AS is referred to as an external peer, while a peer in the same AS is referred to as an internal peer. Internal BGP and external BGP are commonly abbreviated as IBGP and EBGP.
4271
31
32 v1.0
Internal & External BGP
AS64500AS64501
R1 R2IBGPpeerR3
EBGP peer
A peer in a different AS is referred to as an external peer, while a peer in the same AS is referred to as an internal peer. Internal BGP and external BGP are commonly abbreviated as IBGP and EBGP.
4271
AS64504
R4
EBGP peer
32
17
5/22/20
33 v1.0
Internal & External BGP
IBGP is used to:
• Carry customer networks/prefixes
• Internet routes (some or all) across the AS backbone
EBGP is used to:
• Exchange networks/routes between ASes• Aggregates and sub-
aggregates• Implement routing policies
• To manipulate inbound and outbound traffic
33
34 v1.0
EBGP Peer
• EBGP peers
o Generally directly connected!
- Session established using directly connected interface IP
- Peering address must match the TCP session!
o Else, we need a static route to reach the neighbor and change the eBGP TTL value
(default 1)
34
18
5/22/20
35 v1.0
EBGP Peer
• EBGP peers example:
AS 65000 AS 65001172.20.0.4/30
.5 .6
35
36 v1.0
EBGP Peer
• EBGP peers example:
AS 65000 AS 65001
router bgp 65000bgp router-id 172.16.0.1neighbor 172.20.0.6 remote-as 65001
address-family ipv4 unicastneighbor 172.20.0.6 activate
172.20.0.4/30.5 .6
router bgp 65001bgp router-id 172.24.0.1neighbor 172.20.0.5 remote-as 65000
address-family ipv4 unicastneighbor 172.20.0.5 activate
Example on Cisco IOS
36
19
5/22/20
37 v1.0
IBGP Peer
• IBGP peers
o Does not need to be directly connected
▸ IGP ensure reachability (TCP connection)
o Generally using loopback addresses
37
38 v1.0
IBGP Peer
• IBGP peers example:
AS 64512
R1 R2
38
20
5/22/20
39 v1.0
IBGP Peer
• IBGP peers example:
AS 64512
R1 R2
router bgp 64512bgp router-id 10.0.0.1neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 remote-as 64512
address-family ipv4 unicastneighbor 10.0.0.2 activate
router bgp 64512bgp router-id 10.0.0.2neighbor 10.0.0.1 update-source Loopback0neighbor 10.0.0.1 remote-as 64512
address-family ipv4 unicastneighbor 10.0.0.1 activate
Example on Cisco IOS
39
40 v1.0
Sourcing IGP from Loopback for IBGP
• By default, routers use the exit-interface address as the source address for locally
originated packets (updates)
o If the BGP TCP session was established using any other interface (loopbacks) addresses, the
source address for BGP updates must match!
• In Cisco IOS, the update-source loopback command achieves this
router bgp 64512bgp router-id 10.0.0.1neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 remote-as 64512
address-family ipv4 unicastneighbor 10.0.0.2 activate
Example on Cisco IOS
40
21
5/22/20
41 v1.0
IBGP Operation
• Carry routes learned from outside the AS to all routers within the AS
o Fully-meshed instead of redistributing!
o Advertise routes learned from eBGP peers to all iBGP peers!
• To prevent routing loops (in a fully-meshed network)
o IBGP routers are not allowed to advertise IBGP learned routes to other IBGP peers!
41
42 v1.0
IBGP Full-mesh
router bgp 64512neighbor 10.0.0.2 remote-as 64512neighbor 10.0.0.3 remote-as 64512neighbor 10.0.0.4 remote-as 64512!
AS64512
R1
R2
R3
R4
R1:
router bgp 64512neighbor 10.0.0.1 remote-as 64512neighbor 10.0.0.3 remote-as 64512neighbor 10.0.0.4 remote-as 64512
!
R2:
Example configuration on R1 and R2
Example on Cisco IOS
42
22
5/22/20
43 v1.0
IBGP Full-mesh
AS64512
R1
R2
R3
R4
Example configuration on R1 and R2
Another solution: Route Reflection
router bgp 64512neighbor 10.0.0.2 remote-as 64512neighbor 10.0.0.3 remote-as 64512neighbor 10.0.0.4 remote-as 64512!
R1:
router bgp 64512neighbor 10.0.0.1 remote-as 64512neighbor 10.0.0.3 remote-as 64512neighbor 10.0.0.4 remote-as 64512
!
R2:
Example on Cisco IOS
43
44 v1.0
BGP Path Attributes
• Path attributes, some examples are shown below:
ORIGIN
AS_PATH
NEXT_HOP LOCAL_PREF
ATOMIC_AGGREGATE
COMMUNITY
MULTI_EXIT_DISC
ORIGINATOR_ID
CLUSTER_LIST
44
23
5/22/20
45 v1.0
BGP Path Attributes
• Path attributes fall into four separate categories:
Well-knownmandatory
• ORIGIN• AS_PATH• NEXT_HOP
Well-knowndiscretionary
• LOCAL_PREF• ATOMIC_AGGREGA
TE
Optionaltransitive
• AGGREGATOR• COMMUNITY
Optionalnon-transitive
• MULTI_EXIT_DISC• ORIGINATOR_ID• CLUSTER_LIST
45
46 v1.0
Example of BGP Routing Table
• Part of an example BGP routing table on one router
Example on Cisco IOS
46
24
5/22/20
47 v1.0
Example of BGP Routing Table
• Part of an example BGP routing table on one router
AS Path and Origin
47
48 v1.0
Example of BGP Routing Table
• Part of an example BGP routing table on one router
Next Hop
48
25
5/22/20
49 v1.0
Example of BGP Routing Table
• Part of an example BGP routing table on one router
Local Preference
49
50 v1.0
Example of BGP Routing Table
• Part of an example BGP routing table on one router
MED(MULTI_EXIT_
DISC)
50
26
5/22/20
51 v1.0
Insert Prefixes into BGP
Examples in Cisco IOS Functionnetwork 192.168.1.0 mask 255.255.255.0 Add the specific route
192.168.1.0/24 into BGP routing table.
redistribute OSPF redistribute all the routes in OSPF routing table into BGP routing table.
Example on Cisco IOS
51
52 v1.0
Inserting prefixes into BGP – network command
• Configuration Example
• A matching route must exist in the routing table before the network is announced
• Forces origin to be “IGP”
router bgp 64512bgp router-id 10.0.0.1address-family ipv4 unicastnetwork 10.0.0.0 mask 255.0.0.0
ip route 10.0.0.0 255.0.0.0 Null0
52
27
5/22/20
53 v1.0
Lab Demo
• I will demo some configuration and results of BGP on the virtual lab “Deploying
BGP (Cisco IOS)” ”
• If you also want to try, here is the information:
o Access https://academy.apnic.net/en/virtual-labs/
o Click “Launch” on the “Deploying BGP (Cisco IOS)” lab
• We will add the BGP labs on Junos OS and Mikrotik RouterOS in a month.
53
54 v1.0
Homework
• 1. Please try to complete the “Deploying BGP (Cisco IOS)” lab
o Access https://academy.apnic.net/en/virtual-labs/
o Click “Launch” on the “Deploying BGP (Cisco IOS)” lab
• 2. Complete the quizzes on “https://academy.apnic.net/en/quizz/bgp-basics/”, then
get your certificate
• Any issue? Contact us: [email protected]
54
28
5/22/20
55 v1.0
Acknowledgements
• Figure 1: Adapted from Jeff Doyle and Jennifer DeHaven Carroll (2001). Routing TCP/IP, Volume
II (CCIE Professional Development). USA: Cisco Press, Figure 2-20. The BGP Finite State
Machine
55
56 v1.0
Wish you and your family stay safe and healthy!
Last but not least
56
29
5/22/20
57
57