Transcription
BGP Multihoming TutorialSANOG 22th4 August 2014Srinath BeldonaSenior Technical Consultantsrinath@apnic.netAPNIC Training and Development
AgendaSimple Multihomingp Service Provider Multihomingp Conclusionp
Simple MultihomingSANOG 24Last updated 25 July 20133
Why Multihome?p Redundancyn One connection to internet means the networkis dependent on:p p p Local router (configuration, software, hardware)WAN media (physical failure, carrier failure)Upstream Service Provider (configuration, software,hardware)4
Why Multihome?p Reliabilityn n Business critical applications demandcontinuous availabilityLack of redundancy implies lack of reliabilityimplies loss of revenue5
Why Multihome?p Supplier Diversityn n Many businesses demand supplier diversity asa matter of courseInternet connection from two or more suppliersp p p p With two or more diverse WAN pathsWith two or more exit pointsWith two or more international connectionsTwo of everything6
Why Multihome?Not really a reason, but often quoted p Leverage:p n Playing one ISP off against the other for:p p p Service QualityService OfferingsAvailability7
Why Multihome?p Summary:n n Multihoming is easy to demand as requirementof any operationBut what does it really mean:p p p n In real life?For the network?For the Internet?And how do we do it?8
Multihoming Definitionp More than one link external to the localnetworkn n p two or more links to the same ISPtwo or more links to different ISPsUsually two external facing routersn one router gives link and provider redundancyonly9
MultihomingThe scenarios described here apply equallywell to end sites being customers of ISPsand ISPs being customers of other ISPsp Implementation detail may be differentp n n end site ISPISP1 ISP2ISP controls configISPs share config10
Autonomous System Number(ASN)p Two ranges0-6553565536-4294967295p Usage:0 and 65552-41999999994200000000-4294967295p (original 16-bit range)(32-bit range – RFC6793)(reserved)(public Internet)(documentation – RFC5398)(private use only)(represent 32-bit range in 16-bit world)(documentation – RFC5398)(public Internet)(private use only)32-bit range representation specified in RFC5396n Defines “asplain” (traditional format) as standard notation11
Autonomous System Number(ASN)p ASNs are distributed by the Regional InternetRegistriesn p Current 16-bit ASN allocations up to 63487 havebeen made to the RIRsn n p Around 44500 are visible on the InternetAround 1500 left unassignedEach RIR has also received a block of 32-bit ASNsn p They are also available from upstream ISPs who aremembers of one of the RIRsOut of 4800 assignments, around 3700 are visible onthe InternetSee www.iana.org/assignments/as-numbers12
Private-AS – Applicationp Applicationsn n n An ISP with customersmultihomed on theirbackbone (RFC2270)-orA corporate networkwith several regionsbut connections to theInternet only in thecore-orWithin a /22 188013
Private-AS – Removalp Private ASNs MUST be removed from allprefixes announced to the public Internetn p As with RFC1918 address space, privateASNs are intended for internal usen p Include configuration to remove private ASNsin the eBGP templateThey should not be leaked to the publicInternetCisco IOSneighbor x.x.x.x remove-private-AS14
Transit/Peering/Defaultp Transitn n p Peeringn n n p Carrying traffic across a networkUsually for a feeExchanging locally sourced routing informationand trafficUsually for no feeSometimes called settlement free peeringDefaultn Where to send traffic when there is no explicitmatch in the routing table
Configuring Policyp Assumptions:n n p Three BASIC Principlesn n n p prefix-lists are used throughouteasier/better/faster than access-listsprefix-lists to filter prefixesfilter-lists to filter ASNsroute-maps to apply policyRoute-maps can be used for filtering, butthis is more “advanced” configuration16
Policy Toolsp Local preferencen p Metric (MED)n p inbound traffic flows (local scope)AS-PATH prependn p outbound traffic flowsinbound traffic flows (Internet scope)Communitiesn specific inter-provider peering17
Originating Prefixes: AssumptionsMUST announce assigned address block toInternetp MAY also announce subprefixes –reachability is not guaranteedp Current minimum allocation is from /20to /24 depending on the RIRp n n n Several ISPs filter RIR blocks on this boundarySeveral ISPs filter the rest of address spaceaccording to the IANA assignmentsThis activity is called “Net Police” by some18
Originating Prefixesp The RIRs publish their minimum allocation sizes per /8 address blockn n n n n n p IANA publishes the address space it has assigned to end-sites andallocated to the RIRs:n p N:www.arin.net/reference/ip lRIPE mlNote that AfriNIC only publishes its current minimum allocation size, notthe allocation size for its address everal ISPs use this published information to filter prefixes on:n n What should be routed (from IANA)The minimum allocation size from the RIRs
“Net Police” prefix list issuesp p p p p Meant to “punish” ISPs who pollute the routing table withspecifics rather than announcing aggregatesImpacts legitimate multihoming especially at the Internet’sedgeImpacts regions where domestic backbone is unavailable orcosts compared with international bandwidthHard to maintain – requires updating when RIRs startallocating from new address blocksDon’t do it unless consequences understood and you areprepared to keep the list currentn n Consider using the Team Cymru or other reputable bogon rver.html20
How to MultihomeSome choices 21
Transitsp Transit provider is another autonomous system whichis used to provide the local network with access toother networksn n p Might be local or regional onlyBut more usually the whole InternetTransit providers need to be chosen wisely:n Only onep n Too manyp p p p no redundancymore difficult to load balanceno economy of scale (costs more per Mbps)hard to provide service qualityRecommendation: at least two, no more thanthree
Common Mistakesp ISPs sign up with too many transit providersn n n p Lots of small circuits (cost more per Mbps than largerones)Transit rates per Mbps reduce with increasing transitbandwidth purchasedHard to implement reliable traffic engineering thatdoesn’t need daily fine tuning depending on customeractivitiesNo diversityn n Chosen transit providers all reached over same satelliteor same submarine cableChosen transit providers have poor onward transit andpeering
Peersp p A peer is another autonomous system with whichthe local network has agreed to exchange locallysourced routes and trafficPrivate peern p Public peern p Private link between two providers for the purpose ofinterconnectingInternet Exchange Point, where providers meet andfreely decide who they will interconnect withRecommendation: peer as much as possible!
Common MistakesMistaking a transit provider’s “Exchange”business for a no-cost public peering pointp Not working hard to get as much peeringas possiblep n n p Physically near a peering point (IXP) but notpresent at it(Transit sometimes is cheaper than peering!!)Ignoring/avoiding competitors becausethey are competitionn Even though potentially valuable peeringpartner to give customers a better experience
Multihoming ScenariosStub networkp Multi-homed stub networkp Multi-homed networkp Multiple Sessions to another ASp 26
Stub NetworkAS101AS100p p p p No need for BGPPoint static default to upstream ISPUpstream ISP advertises stub networkPolicy confined within upstream ISP’s policy
Multi-homed Stub NetworkAS65530AS100p p p p Use BGP (not IGP or static) to loadshareUse private AS (ASN 64511)Upstream ISP advertises stub networkPolicy confined within upstream ISP’s policy
Multi-homed NetworkGlobal InternetAS200AS300AS100p Many situations possiblen n n n multiple sessions to same ISPsecondary for backup onlyload-share between primary and secondaryselectively use different ISPs
Multiple Sessions to an ISPp Several optionsn n n n ebgp multihopbgp multipathcef loadsharingbgp attribute manipulationISPAS 20130
Multiple Sessions to an AS– ebgp multihopp Use ebgp-multihopn n p Run eBGP between loopback addresseseBGP prefixes learned with loopback address asnext hopCisco IOSrouter bgp 100neighbor 1.1.1.1neighbor 1.1.1.1!ip route 1.1.1.1ip route 1.1.1.1ip route 1.1.1.1p AS 2001.1.1.1remote-as 200ebgp-multihop 2B255.255.255.255 serial 1/0255.255.255.255 serial 1/1255.255.255.255 serial 1/2Common error made is to point remoteloopback route at IP address rather thanspecific linkAAS 100
Multiple Sessions to an AS– ebgp multihopp One serious eBGP-multihopcaveat:n n R1 and R3 are eBGP peersthat are loopback peeringConfigured with:neighbor x.x.x.x ebgp-multihop 2n p If the R1 to R3 link goesdown the session couldestablish via R2Usually happens whenrouting to remote loopbackis dynamic, rather thanstatic pointing at a linkR1R3AS 100AS 200R2Desired PathUsed Path
Multiple Sessions to an ISP– ebgp multihopp Try and avoid use of ebgp-multihopunless:n n p It’s absolutely necessary –or–Loadsharing across multiple linksMany ISPs discourage its use, forexample:We will run eBGP multihop, but do not support it as a standard offeringbecause customers generally have a hard time managing it due to: routing loops failure to realise that BGP session stability problems are usually dueconnectivity problems between their CPE and their BGP speaker33
Multiple Sessions to an AS– bgp multi pathp p p Three BGP sessions requiredPlatform limit on number of paths(could be as little as 6)Full BGP feed makes this unwieldyn AS 2003 copies of Internet Routing Tablegoes into the FIBrouter bgp 100neighbor 1.1.2.1 remote-as 200neighbor 1.1.2.5 remote-as 200neighbor 1.1.2.9 remote-as 200maximum-paths 3AS 100
Multiple Sessions to an AS– bgp attributes & filtersp p p Simplest scheme is to usedefaultsLearn/advertise prefixes forbetter controlPlanning and some workrequired to achieve loadsharingn n n p Point default towards one ISPLearn selected prefixes fromsecond ISPModify the number of prefixeslearnt to achieve acceptable loadsharingNo magic solutionAS 200CDABAS 201
Basic Principles ofMultihomingLet’s learn to walk before we tryrunning 36
The Basic Principlesp Announcing address space attracts trafficn (Unless policy in upstream providersinterferes)Announcing the ISP aggregate out a linkwill result in traffic for that aggregatecoming in that linkp Announcing a subprefix of an aggregateout a link means that all traffic for thatsubprefix will come in that link, even if theaggregate is announced somewhere elsep n The most specific announcement wins!37
The Basic Principlesp To split traffic between two links:n n n p Announce the aggregate on both links - ensuresredundancyAnnounce one half of the address space on each link(This is the first step, all things being equal)Results in:n n n Traffic for first half of address space comes in first linkTraffic for second half of address space comes in secondlinkIf either link fails, the fact that the aggregate isannounced ensures there is a backup path38
The Basic Principlesp The keys to successful multihomingconfiguration:n n n n n Keeping traffic engineering prefixannouncements independent of customer iBGPUnderstanding how to announce aggregatesUnderstanding the purpose of announcingsubprefixes of aggregatesUnderstanding how to manipulate BGPattributesToo many upstreams/external paths makesmultihoming harder (2 or 3 is enough!)39
IP Addressing &MultihomingHow Good IP Address Plansassist with Multihoming40
IP Addressing & Multihomingp p IP Address planning is an important part ofMultihomingPreviously have discussed separating:n n n n Customer address spaceCustomer p-t-p link address spaceInfrastructure p-t-p link address spaceLoopback address space101.10.0.0/21101.10.0.1101.10.5.255Customer Address & p-t-p links101.10.6.255 /24Infrastructure Loopbacks41
IP Addressing & Multihomingp ISP Router loopbacks and backbone point to pointlinks make up a small part of total address spacen p Links from ISP Aggregation edge to customerrouter needs one /30n n p And they don’t attract traffic, unlike customer addressspaceSmall requirements compared with total address spaceSome ISPs use IP unnumberedPlanning customer assignments is a veryimportant part of multihomingn Traffic engineering involves subdividing aggregate intopieces until load balancing works42
Unplanned IP addressingp ISP fills up customer IP addressing from one endof the range:101.10.0.0/2112345Customer Addressesp ISPCustomers generate trafficn n n Dividing the range into two pieces will result in one /22with all the customers, and one /22 with just the ISPinfrastructure the addressesNo loadbalancing as all traffic will come in the first /22Means further subdivision of the first /22 harder work43
Planned IP addressingp If ISP fills up customer addressing from bothends of the range:101.10.0.0/21p 135792 4 6 810Customer AddressesCustomer AddressesScheme then is:n p ISPFirst customer from first /22, second customer fromsecond /22, third from first /22, etcThis works also for residential versus commercialcustomers:n n Residential from first /22Commercial from second /2244
Planned IP AddressingThis works fine for multihoming betweentwo upstream links (same or differentproviders)p Can also subdivide address space to suitmore than two upstreamsp n p Follow a similar scheme for populating eachportion of the address spaceDon’t forget to always announce anaggregate out of each link45
Basic MultihomingLet’s try some simple workedexamples 46
Basic MultihomingNo frills multihomingp Will look at two cases:p n n p Multihoming with the same ISPMultihoming to different ISPsWill keep the examples easyn n Understanding easy concepts will make themore complex scenarios easier to comprehendAll assume that the site multihoming has a /19address block47
Basic Multihomingp This type is most commonplace at theedge of the Internetn n p Networks here are usually concerned withinbound traffic flowsOutbound traffic flows being “nearest exit” isusually sufficientCan apply to the leaf ISP as well asEnterprise networks48
Two links to the same ISPOne link primary, the other linkbackup only49
Two links to the same ISP(one as backup only)p Applies when end-site has bought a largeprimary WAN link to their upstream asmall secondary WAN link as the backupn For example, primary path might be an E1,backup might be 64kbps50
Two links to the same ISP(one as backup only)primaryCAAS 100Ep AS 65534DBbackupAS100 removes private AS and anycustomer subprefixes from Internetannouncement51
Two links to the same ISP(one as backup only)p Announce /19 aggregate on each linkn primary link:p p n backup link:p p p Outbound – announce /19 unalteredInbound – receive default routeOutbound – announce /19 with increased metricInbound – received default, and reduce localpreferenceWhen one link fails, the announcement ofthe /19 aggregate via the other linkensures continued connectivity52
Two links to the same ISP(one as backup only)p Router A Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 description RouterCneighbor 122.102.10.2 prefix-list aggregate outneighbor 122.102.10.2 prefix-list default in!ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!ip route 121.10.0.0 255.255.224.0 null053
Two links to the same ISP(one as backup only)p Router B Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 description RouterDneighbor 122.102.10.6 prefix-list aggregate outneighbor 122.102.10.6 route-map routerD-out outneighbor 122.102.10.6 prefix-list default inneighbor 122.102.10.6 route-map routerD-in in!.next slide54
Two links to the same ISP(one as backup only)ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!ip route 121.10.0.0 255.255.224.0 null0!route-map routerD-out permit 10set metric 10!route-map routerD-in permit 10set local-preference 90!55
Two links to the same ISP(one as backup only)p Router C Configuration (main link)router bgp 100neighbor 122.102.10.1 remote-as 65534neighbor 122.102.10.1 default-originateneighbor 122.102.10.1 prefix-list Customer inneighbor 122.102.10.1 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/056
Two links to the same ISP(one as backup only)p Router D Configuration (backup link)router bgp 100neighbor 122.102.10.5 remote-as 65534neighbor 122.102.10.5 default-originateneighbor 122.102.10.5 prefix-list Customer inneighbor 122.102.10.5 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/057
Two links to the same ISP(one as backup only)p Router E Configurationrouter bgp 100neighbor 122.102.10.17neighbor 122.102.10.17neighbor 122.102.10.17!ip prefix-list Customerp p remote-as 110remove-private-ASprefix-list Customer outpermit 121.10.0.0/19Router E removes the private AS and customer’ssubprefixes from external announcementsPrivate AS still visible inside AS10058
Two links to the same ISPWith Loadsharing59
Loadsharing to the same ISPMore common casep End sites tend not to buy circuits andleave them idle, only used for backup asin previous examplep This example assumes equal capacitycircuitsp n Unequal capacity circuits requires morerefinement – see later60
Loadsharing to the same ISPLink oneCAAS 100Ep AS 65534DBLink twoBorder router E in AS100 removes private AS and anycustomer subprefixes from Internet announcement61
Loadsharing to the same ISP(with redundancy)p p Announce /19 aggregate on each linkSplit /19 and announce as two /20s, one on eachlinkn n p p basic inbound loadsharingassumes equal circuit capacity and even spread of trafficacross address blockVary the split until “perfect” loadsharing achievedAccept the default from upstreamn n basic outbound loadsharing by nearest exitokay in first approx as most ISP and end-site traffic isinbound62
Loadsharing to the same ISP(with redundancy)p Router A Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.0.0 mask 255.255.240.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 prefix-list routerC outneighbor 122.102.10.2 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerC permit 121.10.0.0/20ip prefix-list routerC permit 121.10.0.0/19!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null063
Loadsharing to the same ISP(with redundancy)p Router B Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 prefix-list routerD outneighbor 122.102.10.6 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerD permit 121.10.16.0/20ip prefix-list routerD permit 121.10.0.0/19!ip route 121.10.16.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null064
Loadsharing to the same ISP(with redundancy)p Router C Configurationrouter bgp 100neighbor 122.102.10.1 remote-as 65534neighbor 122.102.10.1 default-originateneighbor 122.102.10.1 prefix-list Customer inneighbor 122.102.10.1 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19 le 20ip prefix-list default permit 0.0.0.0/0p p Router C only allows in /19 and /20 prefixes fromcustomer blockRouter D configuration is identical65
Loadsharing to the same ISP(with redundancy)p Router E Configurationrouter bgp 100neighbor 122.102.10.17neighbor 122.102.10.17neighbor 122.102.10.17!ip prefix-list Customerp remote-as 110remove-private-ASprefix-list Customer outpermit 121.10.0.0/19Private AS still visible inside AS10066
Loadsharing to the same ISP(with redundancy)p Default route for outbound traffic?n n Use default-information originate for the IGPand rely on IGP metrics for nearest exite.g. on router A:router ospf 65534default-information originate metric 2 metric-type 1Orrouter isis as65534default-information originate67
Loadsharing to the same ISP(with redundancy)Loadsharing configuration is only oncustomer routerp Upstream ISP has top n n p remove customer subprefixes from externalannouncementsremove private AS from externalannouncementsCould also use BGP communities68
Two links to the same ISPMultiple Dualhomed Customers(RFC2270)69
Multiple Dualhomed Customers(RFC2270)p Unusual for an ISP just to have onedualhomed customern n p Valid/valuable service offering for an ISP withmultiple PoPsBetter for ISP than having customer multihomewith another provider!Look at scaling the configurationn n n Simplifying the configurationUsing templates, peer-groups, etcEvery customer has the same configuration(basically)70
Multiple Dualhomed Customers(RFC2270)CAS 100EA1AS 65534B1DA2AS 65534B2A3p Border router E in AS100 removesprivate AS and any customersubprefixes from InternetannouncementAS 65534B371
Multiple Dualhomed Customers(RFC2270)Customer announcements as per previousexamplep Use the same private AS for eachcustomerp n n n p documented in RFC2270address space is not overlappingeach customer hears default onlyRouter An and Bn configuration same asRouter A and B previously72
Multiple Dualhomed Customers(RFC2270)p Router A1 Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.0.0 mask 255.255.240.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 prefix-list routerC outneighbor 122.102.10.2 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerC permit 121.10.0.0/20ip prefix-list routerC permit 121.10.0.0/19!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null073
Multiple Dualhomed Customers(RFC2270)p Router B1 Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 prefix-list routerD outneighbor 122.102.10.6 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerD permit 121.10.16.0/20ip prefix-list routerD permit 121.10.0.0/19!ip route 121.10.0.0 255.255.224.0 null0ip route 121.10.16.0 255.255.240.0 null074
Multiple Dualhomed Customers(RFC2270)p Router C Configurationrouter bgp 100neighbor bgp-customers peer-groupneighbor bgp-customers remote-as 65534neighbor bgp-customers default-originateneighbor bgp-customers prefix-list default outneighbor 122.102.10.1 peer-group bgp-customersneighbor 122.102.10.1 description Customer Oneneighbor 122.102.10.1 prefix-list Customer1 inneighbor 122.102.10.9 peer-group bgp-customersneighbor 122.102.10.9 description Customer Twoneighbor 122.102.10.9 prefix-list Customer2 in75
Multiple Dualhomed Customers(RFC2270)neighbor 122.102.10.17 peer-group bgp-customersneighbor 122.102.10.17 description Customer Threeneighbor 122.102.10.17 prefix-list Customer3 in!ipipipipp er1 permit 121.10.0.0/19 le 20Customer2 permit 121.16.64.0/19 le 20Customer3 permit 121.14.192.0/19 le 20default permit 0.0.0.0/0Router C only allows in /19 and /20 prefixes fromcustomer block76
Multiple Dualhomed Customers(RFC2270)p Router D Configurationrouter bgp 100neighbor bgp-customers peer-groupneighbor bgp-customers remote-as 65534neighbor bgp-customers default-originateneighbor bgp-customers prefix-list default outneighbor 122.102.10.5 peer-group bgp-customersneighbor 122.102.10.5 description Customer Oneneighbor 122.102.10.5 prefix-list Customer1 inneighbor 122.102.10.13 peer-group bgp-customersneighbor 122.102.10.13 description Customer Twoneighbor 122.102.10.13 prefix-list Customer2 in77
Multiple Dualhomed Customers(RFC2270)neighbor 122.102.10.21 peer-group bgp-customersneighbor 122.102.10.21 description Customer Threeneighbor 122.102.10.21 prefix-list Customer3 in!ipipipipp er1 permit 121.10.0.0/19 le 20Customer2 permit 121.16.64.0/19 le 20Customer3 permit 121.14.192.0/19 le 20default permit 0.0.0.0/0Router D only allows in /19 and /20 prefixes fromcustomer block78
Multiple Dualhomed Customers(RFC2270)p Router E Configurationassumes customer address space is not part ofupstream’s address blockrouter bgp 100neighbor 122.102.10.17 remote-as 110neighbor 122.102.10.17 remove-private-ASneighbor 122.102.10.17 prefix-list Customers out!ip prefix-list Customers permit 121.10.0.0/19ip prefix-list Customers permit 121.16.64.0/19ip prefix-list Customers permit 121.14.192.0/19n p Private AS still visible inside AS10079
Multiple Dualhomed Customers(RFC2270)p If customers’ prefixes come from ISP’s addressblockn n p do NOT announce them to the Internetannounce ISP aggregate onlyRouter E configuration:router bgp 100neighbor 122.102.10.17 remote-as 110neighbor 122.102.10.17 prefix-list my-aggregate out!ip prefix-list my-aggregate permit 121.8.0.0/1380
Multihoming SummaryUse private AS for multihoming to thesame upstreamp Leak subprefixes to upstream only to aidloadsharingp Upstream router E configuration isidentical across all situationsp 81
Basic MultihomingMultihoming to Different ISPs82
Two links to different ISPsp Use a Public ASn n p Address space comes fromn n p Or use private AS if agreed with the other ISPBut some people don’t like the “inconsistentAS” which results from use of a private-ASboth upstreams orRegional Internet RegistryConfiguration concepts very similar83
Inconsistent-AS?p Viewing the prefixesoriginated by AS65534 inthe Internet shows theyappear to be originatedby both AS210 andAS200n n p This is NOT badNor is it illegalIOS command isAS 65534AS 200AS 210show ip bgp inconsistent-asInternet84
Two links to differentISPsOne link primary, the other linkbackup only85
Two links to different ISPs(one as backup only)InternetAS 100AS 120CDAnnounce /19 blockABAnnounce /19 blockwith longer AS PATHAS 13086
Two links to different ISPs(one as backup only)p Announce /19 aggregate on each linkn n p primary link makes standard announcementbackup link lengthens the AS PATH by usingAS PATH prependWhen one link fails, the announcement ofthe /19 aggregate via the other linkensures continued connectivity87
Two links to different ISPs(one as backup only)p Router A Configurationrouter bgp 130network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.1 remote-as 100neighbor 122.102.10.1 prefix-list aggregate outneighbor 122.102.10.1 prefix-list default in!ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!ip route 121.10.0.0 255.255.224.0 null088
Two links to different ISPs(one as backup only)p Router B Configurationrouter bgp 130network 121.10.0.0 mask 255.255.224.0neighbor 120.1.5.1 remote-as 120neighbor 120.1.5.1 prefix-list aggregate outneighbor 120.1.5.1 route-map routerD-out outneighbor 120.1.5.1 prefix-list default inneighbor 120.1.5.1 route-map routerD-in in!ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!route-map routerD-out permit 10set as-path prepend 130 130 130!route-map routerD-in permit 10set local-preference 8089
Two links to different ISPs(one as backup only)p Not a common situation as most sites tendto prefer using whatever capacity theyhaven p (Useful when two competing ISPs agree toprovide mutual backup to each other)But it shows the basic concepts of usinglocal-prefs and AS-path prepends forengineering traffic in the chosen direction90
Two links to differentISPsWith Loadsharing91
Two links to different ISPs(with loadsharing)InternetAS 100AS 120CAnnounce first/20 and /19 blockDABAnnounce second/20 and /19 blockAS 13092
Two links to different ISPs(with loadsharing)Announce /19 aggregate on each linkp Split /19 and announce as two /20s, oneon each linkp n p basic inbound loadsharingWhen one link fails, the announcement ofthe /19 aggregate via the other ISPensures continued connectivity93
Two links to different ISPs(with loadsharing)p Router A Configurationrouter bgp 130network 121.10.0.0 mask 255.255.224.0network 121.10.0.0 mask 255.255.240.0neighbor 122.102.10.1 remote-as 100neighbor 122.102.10.1 prefix-list firstblock outneighbor 122.102.10.1 prefix-list default in!ip prefix-list default permit 0.0.0.0/0!ip prefix-list firstblock permit 121.10.0.0/20ip prefix-list firstblock permit 121.10.0.0/1994
Two links to different ISPs(with loadsharing)p Router B Configurationrouter bgp 130network 121.10.0.0 mask 255.255.224.0network 121.10.16.0 mask 255.255.240.0neighbor 120.1.5.1 remote-as 120neighbor 120.1.5.1 prefix-list secondblock outneighbor 120.1.5.1 prefix-list default in!ip prefix-list default permit 0.0.0.0/0!ip prefix-list secondblock permit 121.10.16.0/20ip prefix-list secondblock permit 121.10.0.0/1995
Two links to different ISPs(with loadsharing)Loadsharing in this case is very basicp But shows the first steps in designing aload sharing solutionp n n Start with a simple conceptAnd build on it !96
Two links to differentISPsMore Controlled Loadsharing97
Loadsharing with different ISPsInternetAS 100AS 120CDAnnounce /19 blockABAnnounce /20 subprefix,and /19 block withlonger AS pathAS 13098
Loadsharing with different ISPsp A
BGP Multihoming Tutorial SANOG 22 4th August 2014 Srinath Beldona Senior Technical Consultant srinath@apnic.net APNIC Training and Development . Agenda ! Simple Multihoming ! Service Provider Multihoming ! Conclusion . Simple Multihoming SANOG 24 Last updated 25 July 2013 3 .
