Transcription
BGP Techniques for Internet ServiceProvidersPhilip Smith pfs@cisco.com APRICOT 2010Kuala Lumpur23rd February - 5th MarchAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.1
Presentation Slides Will be available -BGP-Techniques.pdfAnd on the APRICOT 2010 website Feel free to ask questions any timeAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.2
BGP Techniques for Internet ServiceProviders BGP Basics Scaling BGP Using Communities Deploying BGP in an ISP networkAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.3
BGP BasicsWhat is BGP?APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.4
Border Gateway Protocol A Routing Protocol used to exchange routinginformation between different networksExterior gateway protocol Described in RFC4271RFC4276 gives an implementation report on BGPRFC4277 describes operational experiences using BGP The Autonomous System is the cornerstone of BGPIt is used to uniquely identify networks with a common routingpolicyAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.5
Autonomous System (AS)AS 100 Collection of networks with same routing policy Single routing protocol Usually under single ownership, trust and administrative control Identified by a unique 32-bit integer (ASN)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.6
Autonomous System Number (ASN) Two ranges0-6553565536-4294967295(original 16-bit range)(32-bit range - RFC4893) Usage:0 and 65552-4294967295(reserved)(public Internet)(documentation - RFC5398)(private use only)(represent 32-bit range in 16-bit world)(documentation - RFC5398)(public Internet) 32-bit range representation specified in RFC5396Defines “asplain” (traditional format) as standard notationAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.7
Autonomous System Number (ASN) ASNs are distributed by the Regional InternetRegistriesThey are also available from upstream ISPs who are membersof one of the RIRs Current 16-bit ASN allocations up to 56319 have beenmade to the RIRsAround 33500 are visible on the Internet The RIRs also have received 1024 32-bit ASNs eachOut of 450 assignments, around 100 are visible on the Internet See www.iana.org/assignments/as-numbersAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.8
BGP BasicsPeeringACAS 100AS 101DB Runs over TCP – port 179 Path vector protocol Incremental updatesEAS 102 “Internal” & “External” BGPAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.9
Demarcation Zone (DMZ)AAS 100DMZNetworkBCAS 101DEAS 102 Shared network between ASesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.10
BGP General Operation Learns multiple paths via internal and external BGPspeakers Picks the best path and installs in the forwarding table Best path is sent to external BGP neighbours Policies are applied by influencing the best pathselectionAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.11
eBGP & iBGP BGP used internally (iBGP) and externally (eBGP) iBGP used to carrysome/all Internet prefixes across ISP backboneISP’s customer prefixes eBGP used toexchange prefixes with other ASesimplement routing policyAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.12
BGP/IGP model used in ISP networks Model representationeBGPAPRICOT 2010eBGPeBGPiBGPiBGPiBGPiBGPIGPIGPIGPIGP 2010 Cisco Systems, Inc. All rights reserved.13
External BGP Peering (eBGP)AAS 100CAS 101B Between BGP speakers in different AS Should be directly connected Never run an IGP between eBGP peersAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.14
Internal BGP (iBGP) BGP peer within the same AS Not required to be directly connectedIGP takes care of inter-BGP speaker connectivity iBGP speakers must to be fully meshed:They originate connected networksThey pass on prefixes learned from outside the ASNThey do not pass on prefixes learned from other iBGP speakersAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.15
Internal BGP Peering (iBGP)AS 100ABCD Topology independent Each iBGP speaker must peer with every other iBGPspeaker in the ASAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.16
Peering to Loopback InterfacesAS 100 Peer with loop-back interfaceLoop-back interface does not go down – ever! Do not want iBGP session to depend on state of a single interfaceor the physical topologyAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.17
BGP AttributesInformation about BGPAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.18
AS-Path Sequence of ASes aroute has traversed Used for:AS 200AS 100170.10.0.0/16180.10.0.0/16Loop detectionApplying policy180.10.0.0/16 300 200 100170.10.0.0/16 300 200AS 300AS 400150.10.0.0/16AS 500APRICOT 2010 2010 Cisco Systems, Inc. All rights 0 200 100300 200300 40019
AS-Path (with 16 and 32-bit ASNs) Internet with 16-bit and32-bit ASNs32-bit ASNs are 65536and above AS-PATH lengthmaintainedAS 300AS 80000AS 70000170.10.0.0/16180.10.0.0/16180.10.0.0/16 300 23456 23456170.10.0.0/16 300 23456AS 400150.10.0.0/16AS 90000APRICOT 2010 2010 Cisco Systems, Inc. All rights 0 80000 70000300 80000300 40020
AS-Path loop detectionAS 200AS .0/16AS 300500 300500 300 200140.10.0.0/16AS 500180.10.0.0/16170.10.0.0/16140.10.0.0/16APRICOT 2010300 200 100300 200300 2010 Cisco Systems, Inc. All rights reserved. 180.10.0.0/16 is notaccepted by AS100 as theprefix has AS100 in its ASPATH – this is loopdetection in action21
Next Hop150.10.1.1AS 200150.10.0.0/16150.10.1.2iBGPAeBGPBCAS 300150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1AS 100160.10.0.0/16 eBGP – address of external neighbour iBGP – NEXT HOP from eBGP Mandatory non-transitive attributeAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.22
iBGP Next /32BCLoopback120.1.254.3/32AS 300DA Next hop is ibgp router loopback address120.1.1.0/24 120.1.254.2120.1.2.0/23 120.1.254.3 Recursive route look-upAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.23
Third Party Next HopAS 200120.68.1.0/24C150.1.1.1 eBGP between Router Aand Router C150.1.1.3150.1.1.2A150.1.1.3B120.68.1.0/24AS 201 eBGP between RouterA andRouterB 120.68.1/24 prefix has nexthop address of 150.1.1.3 –this is passed on to RouterCinstead of 150.1.1.2 More efficient No extra config neededAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.24
Next Hop Best Practice BGP default is for external next-hop to be propagatedunchanged to iBGP peersThis means that IGP has to carry external next-hopsForgetting means external network is invisibleWith many eBGP peers, it is unnecessary extra load on IGP ISP Best Practice is to change external next-hop to bethat of the local routerAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.25
Next Hop (Summary) IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physical topology Change external next hops to that of local router Allows IGP to make intelligent forwarding decisionAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.26
Origin Conveys the origin of the prefix Historical attributeUsed in transition from EGP to BGP Transitive and Mandatory Attribute Influences best path selection Three values: IGP, EGP, incompleteIGP – generated by BGP network statementEGP – generated by EGPincomplete – redistributed from another routing protocolAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.27
Aggregator Conveys the IP address of the router or BGP speakergenerating the aggregate route Optional & transitive attribute Useful for debugging purposes Does not influence best path selectionAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.28
Local PreferenceAS 100160.10.0.0/16AS 200AS 300D500800A160.10.0.0/16 160.10.0.0/16500800EBAS 400CAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.29
Local Preference Non-transitive and optional attribute Local to an AS – non-transitiveDefault local preference is 100 (IOS) Used to influence BGP path selectiondetermines best path for outbound traffic Path with highest local preference winsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.30
Multi-Exit Discriminator (MED)120.68.1.0/24 120.68.1.0/24AS 20.68.1.0/24AS 201APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.31
Multi-Exit Discriminator Inter-AS – non-transitive & optional attribute Used to convey the relative preference of entry pointsdetermines best path for inbound traffic Comparable if paths are from same ASImplementations have a knob to allow comparisons of MEDsfrom different ASes Path with lowest MED wins Absence of MED attribute implies MED value of zero(RFC4271)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.32
Multi-Exit Discriminator“metric confusion” MED is non-transitive and optional attributeSome implementations send learned MEDs to iBGP peers bydefault, others do notSome implementations send MEDs to eBGP peers by default,others do not Default metric varies according to vendorimplementationOriginal BGP spec (RFC1771) made no recommendationSome implementations said that absence of metric wasequivalent to 0Other implementations said that absence of metric wasequivalent to 232-1 (highest possible) or 232-2Potential for “metric confusion”APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.33
Community Communities are described in RFC1997Transitive and Optional Attribute 32 bit integerRepresented as two 16 bit integers (RFC1998)Common format is local-ASN :xx0:0 to 0:65535 and 65535:0 to 65535:65535 are reserved Used to group destinationsEach destination could be member of multiple communities Very useful in applying policies within and betweenASesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.34
Community Example(before)ISP 2permit 160.10.0.0/16 outpermit 170.10.0.0/16 outX100.10.0.0/16FEpermit 100.10.0.0/16 inAS 400ISP 1DAS 300Cpermit 160.10.0.0/16 inAS 100A160.10.0.0/16APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.permit 170.10.0.0/16 inBAS 200170.10.0.0/1635
Community Example(after)ISP 6100.10.0.0/16FE300:9AS 400ISP 1DAS 300160.10.0.0/16C300:1AS 100A160.10.0.0/16APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.170.10.0.0/16B300:1AS 200170.10.0.0/1636
Well-Known Communities Several well known -communities no-export65535:65281do not advertise to any eBGP peers no-advertise65535:65282do not advertise to any BGP peer no-export-subconfed65535:65283do not advertise outside local AS (only used withconfederations) no-peer65535:65284do not advertise to bi-lateral peers (RFC3765)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.37
No-Export AS 100BCEAS 200105.7.0.0/16GF AS100 announces aggregate and subprefixesIntention is to improve loadsharing by leaking subprefixes Subprefixes marked with no-export community Router G in AS200 does not announce prefixes with no-exportcommunity setAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.38
No-Peer E arepeers e.g.Tier-1s105.7.0.0/16CAEupstreamBupstream Sub-prefixes marked with no-peer community are not sent to bi-lateralpeersThey are only sent to upstream providersAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.39
CommunityImplementation details Community is an optional attributeSome implementations send communities to iBGP peers bydefault, some do notSome implementations send communities to eBGP peers bydefault, some do not Being careless can lead to community “confusion”ISPs need consistent community policy within their own networksAnd they need to inform peers, upstreams and customers abouttheir community expectationsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.40
BGP Path Selection AlgorithmWhy Is This the Best Path?APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.41
BGP Path Selection Algorithm for IOSPart One Do not consider path if no route to next hop Do not consider iBGP path if not synchronised (CiscoIOS only) Highest weight (local to router) Highest local preference (global within AS) Prefer locally originated route Shortest AS pathAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.42
BGP Path Selection Algorithm for IOSPart Two Lowest origin codeIGP EGP incomplete Lowest Multi-Exit Discriminator (MED)If bgp deterministic-med, order the paths before comparing(BGP spec does not specify in which order the paths shouldbe compared. This means best path depends on order inwhich the paths are compared.)If bgp always-compare-med, then compare for all pathsotherwise MED only considered if paths are from the same AS(default)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.43
BGP Path Selection Algorithm for IOSPart Three Prefer eBGP path over iBGP path Path with lowest IGP metric to next-hop Lowest router-id (originator-id for reflected routes) Shortest Cluster-ListClient must be aware of Route Reflector attributes! Lowest neighbour IP addressAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.44
BGP Path Selection Algorithm In multi-vendor environments:Make sure the path selection processes are understood foreach brand of equipmentEach vendor has slightly different implementations, extra steps,extra features, etcWatch out for possible MED confusionAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.45
Applying Policy with BGPControlling Traffic Flow & Traffic EngineeringAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.46
Applying Policy in BGP:Why? Network operators rarely “plug in routers and go” External relationships:Control who they peer withControl who they give transit toControl who they get transit from Traffic flow control:Efficiently use the scarce infrastructure resources (external linkload balancing)Congestion avoidanceTerminology: Traffic EngineeringAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.47
Applying Policy in BGP:How? Policies are applied by:Setting BGP attributes (local-pref, MED, AS-PATH, community),thereby influencing the path selection processAdvertising or Filtering prefixesAdvertising or Filtering prefixes according to ASN and ASPATHsAdvertising or Filtering prefixes according to CommunitymembershipAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.48
Applying Policy with BGP:Tools Most implementations have tools to apply policies toBGP:Prefix manipulation/filteringAS-PATH manipulation/filteringCommunity Attribute setting and matching Implementations also have policy language which cando various match/set constructs on the attributes ofchosen BGP routesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.49
BGP CapabilitiesExtending BGPAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.50
BGP Capabilities Documented in RFC2842 Capabilities parameters passed in BGP open message Unknown or unsupported capabilities will result inNOTIFICATION message Codes:0 to 63 are assigned by IANA by IETF consensus64 to 127 are assigned by IANA “first come first served”128 to 255 are vendor specificAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.51
BGP CapabilitiesCurrent capabilities are:0Reserved[RFC3392]1Multiprotocol Extensions for BGP-4[RFC4760]2Route Refresh Capability for BGP-4[RFC2918]3Outbound Route Filtering Capability[RFC5291]4Multiple routes to a destination capability[RFC3107]5Extended Next Hop Encoding[RFC5549]64Graceful Restart Capability[RFC4724]65Support for 4 octet ASNs[RFC4893]66Deprecated67Support for Dynamic Capability[ID]68Multisession BGP[ID]See www.iana.org/assignments/capability-codesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.52
BGP Capabilities Multiprotocol extensionsThis is a whole different world, allowing BGP to support morethan IPv4 unicast routesExamples include: v4 multicast, IPv6, v6 multicast, VPNsAnother tutorial (or many!) Route refresh is a well known scaling technique –covered shortly 32-bit ASNs have recently arrived The other capabilities are still in development or notwidely implemented or deployed yetAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.53
BGP for Internet Service Providers BGP Basics Scaling BGP Using Communities Deploying BGP in an ISP networkAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.54
BGP Scaling TechniquesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.55
BGP Scaling Techniques How does a service provider:Scale the iBGP mesh beyond a few peers?Implement new policy without causing flaps and route churning?Keep the network stable, scalable, as well as simple?APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.56
BGP Scaling Techniques Route Refresh Route Reflectors Confederations Deploying 4-byte ASNsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.57
Dynamic ReconfigurationRoute RefreshAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.58
Route Refresh BGP peer reset required after every policy changeBecause the router does not store prefixes which are rejectedby policy Hard BGP peer reset:Terminates BGP peering & Consumes CPUSeverely disrupts connectivity for all networks Soft BGP peer reset (or Route Refresh):BGP peering remains activeImpacts only those prefixes affected by policy changeAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.59
Route Refresh Capability Facilitates non-disruptive policy changes For most implementations, no configuration is neededAutomatically negotiated at peer establishment No additional memory is used Requires peering routers to support “route refreshcapability” – RFC2918APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.60
Dynamic Reconfiguration Use Route Refresh capability if supportedfind out from the BGP neighbour status displayNon-disruptive, “Good For the Internet” If not supported, see if implementation has aworkaround Only hard-reset a BGP peering as a last resortConsider the impact to beequivalent to a router rebootAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.61
Route ReflectorsScaling the iBGP meshAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.62
Scaling iBGP mesh Avoid ½n(n-1) iBGP meshn 1000 nearlyhalf a millionibgp sessions!13 Routers 78 iBGPSessions! Two solutionsRoute reflector – simpler to deploy and runConfederation – more complex, has corner case advantagesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.63
Route Reflector: PrincipleRoute ReflectorAAS 100BAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.C64
Route Reflector Reflector receives path fromclients and non-clientsClients Selects best path If best path is from client,reflect to other clients andnon-clients If best path is fromnon-client, reflect to clientsonlyABReflectorsC Non-meshed clients Described in RFC4456APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.AS 10065
Route Reflector: Topology Divide the backbone into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed Clients in a cluster could be fully meshed Single IGP to carry next hop and local routesAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.66
Route Reflector: Loop Avoidance Originator ID attributeCarries the RID of the originator of the route in the local AS(created by the RR) Cluster list attributeThe local cluster-id is added when the update is sent by the RRBest to set cluster-id is from router-id (address of loopback)(Some ISPs use their own cluster-id assignment strategy – butneeds to be well documented!)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.67
Route Reflector: Redundancy Multiple RRs can be configured in the same cluster –not advised!All RRs in the cluster must have the same cluster-id (otherwiseit is a different cluster) A router may be a client of RRs in different clustersCommon today in ISP networks to overlay two clusters –redundancy achieved that way Each client has two RRs redundancyAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.68
Route Reflector: RedundancyPoP3AS 100PoP1PoP2Cluster OneCluster TwoAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.69
Route Reflector: Benefits Solves iBGP mesh problem Packet forwarding is not affected Normal BGP speakers co-exist Multiple reflectors for redundancy Easy migration Multiple levels of route reflectorsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.70
Route Reflector: Deployment Where to place the route reflectors?Always follow the physical topology!This will guarantee that the packet forwarding won’t be affected Typical ISP network:PoP has two core routersCore routers are RR for the PoPTwo overlaid clustersAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.71
Route Reflector: Migration Typical ISP network:Core routers have fully meshed iBGPCreate further hierarchy if core mesh too bigSplit backbone into regions Configure one cluster pair at a timeEliminate redundant iBGP sessionsPlace maximum one RR per clusterEasy migration, multiple levelsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.72
Route Reflector: MigrationAS 300ABAS 100AS 200ECDFG Migrate small parts of the network, one part at a timeAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.73
BGP ConfederationsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.74
Confederations Divide the AS into sub-ASeBGP between sub-AS, but some iBGP information is keptPreserve NEXT HOP across thesub-AS (IGP carries this information)Preserve LOCAL PREF and MED Usually a single IGP Described in RFC5065APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.75
Confederations (Cont.) Visible to outside world as single AS – “ConfederationIdentifier”Each sub-AS uses a number from the private AS range (6451265534) iBGP speakers in each sub-AS are fully meshedThe total number of neighbours is reduced by limiting the fullmesh requirement to only the peers in the sub-ASCan also use Route-Reflector within sub-ASAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.76
ConfederationsSub-AS65530ASub-AS65532CAS 200Sub-AS65531B Configuration (Router C):router bgp 65532bgp confederation identifier 200bgp confederation peers 65530 65531neighbor 141.153.12.1 remote-as 65530neighbor 141.153.17.2 remote-as 65531APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.77
Confederations: 16{65004 65002} 200B180.10.0.0/16{65002} 200CSub-AS65004HSub-AS65003180.10.0.0/16APRICOT 2010GDEF100 2010 Cisco Systems, Inc. All rights reserved.Sub-AS65001Confederation10020078
Route Propagation Decisions Same as with “normal” BGP:From peer in same sub-AS only to external peersFrom external peers to all neighbors “External peers” refers toPeers outside the confederationPeers in a different sub-ASPreserve LOCAL PREF, MED and NEXT HOPAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.79
RRs or n theNetworkYesYesMediumMediumto HighAnywherein theNetworkYesYesVery HighVery LowInternetConnectivityRouteReflectorsMost new service provider networks now deploy Route Reflectors from Day OneAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.80
More points about Confederations Can ease “absorbing” other ISPs into you ISP – e.g., ifone ISP buys anotherOr can use AS masquerading feature available in someimplementations to do a similar thing Can use route-reflectors with confederation sub-AS toreduce the sub-AS iBGP meshAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.81
Deploying 32-bit ASNsHow to support customers using the extended ASN rangeAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.82
32-bit ASNs Standards documentsDescription of 32-bit ASNswww.rfc-editor.org/rfc/rfc4893.txtTextual w extended communitywww.rfc-editor.org/rfc/rfc5668.txt AS 23456 is reserved as interface between 16-bit and32-bit ASN worldAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.83
32-bit ASNs – terminology 16-bit ASNsRefers to the range 0 to 65535 32-bit ASNsRefers to the range 65536 to 4294967295(or the extended range) 32-bit ASN poolRefers to the range 0 to 4294967295APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.84
Getting a 32-bit ASN Sample RIR policywww.apnic.net/docs/policy/asn-policy.html From 1st January 200732-bit ASNs were available on request From 1st January 200932-bit ASNs were assigned by default16-bit ASNs were only available on request From 1st January 2010No distinction – ASNs assigned from the 32-bit poolAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.85
Representation Representation of 0-4294967295 ASN rangeMost operators favour traditional format (asplain)A few prefer dot notation (X.Y):asdot for 65536-4294967295, e.g 2.4asdot for 0-4294967295, e.g 0.64513But regular expressions will have to be completely rewritten forasdot and asdot !!! For example: [0-9] matches any ASN (16-bit and asplain)This and equivalents extensively used in BGP multihomingconfigurations for traffic engineering Equivalent regexp for asdot is: ([0-9] ) ([0-9] \.[0-9] ) Equivalent regexp for asdot is: [0-9] \.[0-9] APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.86
Changes 32-bit ASNs are backwardly compatible with 16-bit ASNs There is no flag day You do NOT need to:Throw out your old routersReplace your 16-bit ASN with a 32-bit ASN You do need to be aware that:Your customers will come with 32-bit ASNsASN 23456 is not a bogon!You will need a router supporting 32-bit ASNs to use a 32-bit ASNlocally If you have a proper BGP implementation, 32-bit ASNs will betransported silently across your networkAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.87
How does it work? If local router and remote router supports 32-bit ASNsBGP peering is configured as normal using the 32-bit ASN If local router and remote router does not support 32-bitASNsBGP peering can only use a 16-bit ASN If local router only supports 16-bit ASN and remoterouter/network has a 32-bit ASNCompatibility mode is initiated APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.88
Compatibility Mode: Local router only supports 16-bit ASN and remote router uses 32bit ASN BGP peering initiated:Remote asks local if 32-bit supported (BGP capability negotiation)When local says “no”, remote then presents AS23456Local needs to be configured to peer with remote using AS23456 BGP peering initiated (cont):BGP session established using AS2345632-bit ASN included in a new BGP attribute called AS4 PATH(as opposed to AS PATH for 16-bit ASNs) Result:16-bit ASN world sees 16-bit ASNs and 23456 standing in for 32-bitASNs32-bit ASN world sees 16 and 32-bit ASNsAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.89
Example: Internet with 32-bit and16-bit ASNs AS-PATH lengthmaintainedAS 123AS 70000AS 80000170.10.0.0/16180.10.0.0/16180.10.0.0/16 123 23456 23456170.10.0.0/16 123 23456AS 321150.10.0.0/16AS 90000APRICOT 2010 2010 Cisco Systems, Inc. All rights 3 70000 80000123 70000123 32190
What has changed? Two new BGP attributes:AS4 PATHCarries 32-bit ASN path infoAS4 AGGREGATORCarries 32-bit ASN aggregator infoWell-behaved BGP implementations will simply pass thesealong if they don’t understand them AS23456 (AS TRANS)APRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.91
What do they look like? IPv4 prefix originated by AS196613as4-7200#sh ip bgp 145.125.0.0/20BGP routing table entry for 145.125.0.0/20, version 58734Paths: (1 available, best #1, table default)asplain 131072 12654 196613format204.69.200.25 from 204.69.200.25 (204.69.200.25)Origin IGP, localpref 100, valid, internal, best IPv4 prefix originated by AS3.5as4-7200#sh ip bgp 145.125.0.0/20BGP routing table entry for 145.125.0.0/20, version 58734Paths: (1 available, best #1, table default)asdot2.0 12654 3.5format204.69.200.25 from 204.69.200.25 (204.69.200.25)Origin IGP, localpref 100, valid, internal, bestAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.92
What do they look like? IPv4 prefix originated by AS196613But 16-bit AS world view:BGP-view1 sh ip bgp 145.125.0.0/20BGP routing table entry for 145.125.0.0/20, version 113382Paths: (1 available, best #1, table Default-IP-RoutingTable)23456 12654 23456204.69.200.25 from 204.69.200.25 (204.69.200.25)Origin IGP, localpref 100, valid, external, bestTransitionASAPRICOT 2010 2010 Cisco Systems, Inc. All rights reserved.93
If 32-bit ASN not supported: Inability to distinguish between peer ASes using 32-bit ASNsThey will all be represented by AS23456Could be problematic for transit provider’s policy Inability to distinguish prefix’s origin ASHow to tell whether origin is real or fake?The real and fake both represented by AS23456(There should be a better solution here!) Incorrect NetFlow summaries:Prefixes from 32-bit ASNs will all be summarised under AS2345
Internal BGP (iBGP) BGP peer within the same AS Not required to be directly connected IGP takes care of inter-BGP speaker connectivity iBGP speakers must to be fully meshed: They originate connected networks They pass on prefixes learned from outside the ASN They do not pass on prefixes learned from other iBGP speakers
