Transcription
BGP TutorialPhilip Smith pfs@cisco.co m APRICOT 2004, Kuala LumpurFebruary 2004APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.1
APRICOT BGP Tutorials Two TutorialsAPRICOT 2004Part 1 – IntroductionMorningPart 2 – MultihomingAfternoon 2004, Cisco Systems, Inc. All rights reserved.2
BGP TutorialPart 1 – IntroductionPhilip Smith pfs@cisco.co m APRICOT 2004, Kuala LumpurFebruary 2004APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.3
Presentation Slides Slides are available -BGP00.pdf Feel free to ask questions any timeAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.4
BGP for Internet Service Providers Routing Basics BGP Basics BGP Attributes BGP Path Selection BGP Policy BGP Capabilities Scaling BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.5
Routing BasicsTerminology and ConceptsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.6
Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing ProtocolsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.7
IPv4 Internet uses IPv4addresses are 32 bits longrange from 1.0.0.0 to 223.255.255.2550.0.0.0 to 0.255.255.255 and 224.0.0.0 to255.255.255.255 have “special” uses IPv4 address has a network portion and ahost portionAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.8
IPv4 address format Address and subnet maskwritten as12.34.56.78 255.255.255.0 or12.34.56.78/24mask represents the number of network bits inthe 32 bit addressthe remaining bits are the host bitsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.9
What does a router do?APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.10
A day in a life of a routerfind pathforward packet, forward packet, forwardpacket, forward packet.find alternate pathforward packet, forward packet, forwardpacket, forward packet repeat until powered offAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.11
Routing versus Forwarding Routing buildingmaps and givingdirections Forwarding movingpackets betweeninterfaces accordingto the “directions”APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.12
IP Routing – finding the path Path derived from information received from arouting protocol Several alternative paths may existbest next hop stored in forwarding table Decisions are updated periodically or astopology changes (event driven) Decisions are based on:topology, policies and metrics (hop count, filtering,delay, bandwidth, etc.)APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.13
IP route lookup Based on destination IP packet “longest match” routingmore specific prefix preferred over lessspecific prefixexample: packet with destination of 10.1.1.1/32is sent to the router announcing 10.1/16 ratherthan the router announcing 10/8.APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.14
IP route lookup Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R1R210/8 R310.1/16 R420/8 R530/8 R6 .All 10/8 except10.1/16R410.1/16R2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.15
IP route lookup: Longest matchrouting Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R110/8 R310.1/16 R420/8 R530/8 R6 .R2All 10/8 except10.1/16R410.1.1.1 && FF.0.0.0vs.Match!10.0.0.0 && FF.0.0.010.1/16R2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.16
IP route lookup: Longest matchrouting Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R110/8 R310.1/16 R420/8 R530/8 R6 .R2All 10/8 except10.1/16R410.1/1610.1.1.1 && FF.FF.0.0Match as well!vs.10.1.0.0 && FF.FF.0.0R2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.17
IP route lookup: Longest matchrouting Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R110/8 R310.1/16 R420/8 R530/8 R6 .R2All 10/8 except10.1/16R410.1/1610.1.1.1 && FF.0.0.0Does not match!vs.20.0.0.0 && FF.0.0.0R2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.18
IP route lookup: Longest matchrouting Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R110/8 R310.1/16 R420/8 R530/8 R6 .R2All 10/8 except10.1/16R410.1/1610.1.1.1 && FF.0.0.0vs.Does not match!30.0.0.0 && FF.0.0.0R2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.19
IP route lookup: Longest matchrouting Based on destination IP packetR3Packet: DestinationIP address: 10.1.1.1R110/8 R310.1/16 R420/8 R530/8 R6 .R2All 10/8 except10.1/16R410.1/16Longest match, 16 bit netmaskR2’s IP routing tableAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.20
IP Forwarding Router makes decision on which interface a packetis sent to Forwarding table populated by routing process Forwarding decisions:destination addressclass of service (fair queuing, precedence, others)local requirements (packet filtering) Can be aided by special hardwareAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.21
APRICOT 2004Routing Information Base (RIB)Forward Table (FIB)Routing Tables Feed theForwarding Table 2004, Cisco Systems, Inc. All rights reserved.BGP 4 Routing TableOSPF – Link State DatabaseStatic Routes22
Explicit versus Default routing Default:simple, cheap (cycles, memory, bandwidth)low granularity (metric games) Explicit (default free zone)high overhead, complex, high cost, high granularity Hybridminimise overheadprovide useful granularityrequires some filtering knowledgeAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.23
Egress Traffic How packets leave your network Egress traffic depends on:route availability (what others send you)route acceptance (what you accept from others)policy and tuning (what you do with routes fromothers)Peering and transit agreementsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.24
Ingress Traffic How packets get to your network and yourcustomers’ networks Ingress traffic depends on:what information you send and to whombased on your addressing and AS’sbased on others’ policy (what they accept from youand what they do with it)APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.25
Autonomous System (AS)AS 100 Collection of networks with same routing policy Single routing protocol Usually under single ownership, trust andadministrative controlAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.26
Definition of terms NeighboursAS’s which directly exchange routing informationRouters which exchange routing information Announcesend routing information to a neighbour Acceptreceive and use routing information sent by a neighbour Originateinsert routing information into external announcements (usually asa result of the IGP) Peersrouters in neighbouring AS’s or within one AS which exchangerouting and policy informationAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.27
Routing flow and packet flowpacket flowacceptannounceAS 1routing flowannounceacceptAS 2packet flowFor networks in AS1 and AS2 to communicate:AS1 must announce to AS2AS2 must accept from AS1AS2 must announce to AS1AS1 must accept from AS2APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.28
Routing flow and Traffic flow Traffic flow is always in the oppositedirection of the flow of RoutinginformationFiltering outgoing routing information inhibitstraffic flow inboundFiltering inbound routing information inhibitstraffic flow outboundAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.29
Routing Flow/Packet Flow:With multiple ASesAS 1AS 34N1AS16AS 8N16For net N1 in AS1 to send traffic to net N16 in AS16: AS16 must originate and announce N16 to AS8. AS8 must accept N16 from AS16. AS8 must announce N16 to AS1 or AS34. AS1 must accept N16 from AS8 or AS34.For two-way packet flow, similar policies must exist for N1.APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.30
Routing Flow/Packet Flow:With multiple ASesAS 1AS 34N1AS16AS 8N16As multiple paths between sites areimplemented it is easy to see howpolicies can become quite complex.APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.31
Routing Policy Used to control traffic flow in and out of an ISPnetwork ISP makes decisions on what routing informationto accept and discard from its neighboursIndividual routesRoutes originated by specific ASesRoutes traversing specific ASesRoutes belonging to other groupingsGroupings which you define as you see fitAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.32
Routing Policy LimitationsredredAS99Internetgreengreenpacket flow AS99 uses red link for traffic to the red AS and thegreen link for remaining traffic To implement this policy, AS99 has to:Accept routes originating from the red AS on thered linkAccept all other routes on the green linkAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.33
Routing Policy LimitationsredredInternetAS99AS22greengreenpacket flow AS99 would like packets coming from the green ASto use the green link. But unless AS22 cooperates in pushing traffic fromthe green AS down the green link, there is very littlethat AS99 can do to achieve this aimAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.34
Routing Policy Issues 131000 prefixes (not realistic to set policy onall of them individually) 16500 origin AS’s (too many) routes tied to a specific AS or path may beunstable regardless of connectivity groups of AS’s are a natural abstraction forfiltering purposesAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.35
Routing ProtocolsWe now know what routing means but what do the routers get up to?APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.36
Routing Protocols Routers use “routing protocols” toexchange routing information with eachotherIGP is used to refer to the process running onrouters inside an ISP’s networkEGP is used to refer to the process runningbetween routers bordering directly connectedISP networksAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.37
What Is an IGP? Interior Gateway Protocol Within an Autonomous System Carries information aboutinternal infrastructure prefixes Examples – OSPF, ISIS, EIGRPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.38
Why Do We Need an IGP? ISP backbone scalingHierarchyLimiting scope of failureOnly used for ISP’s infrastructure addresses,not customersDesign goal is to minimise number of prefixesin IGP to aid scalability and rapid convergenceAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.39
What Is an EGP? Exterior Gateway Protocol Used to convey routing informationbetween Autonomous Systems De-coupled from the IGP Current EGP is BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.40
Why Do We Need an EGP? Scaling to large networkHierarchyLimit scope of failure Define Administrative Boundary PolicyControl reachability of prefixesMerge separate organizationsConnect multiple IGPsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.41
Interior versus ExteriorRouting Protocols InteriorAPRICOT 2004 Exteriorautomatic neighbourdiscoveryspecifically configuredpeersgenerally trust your IGProutersconnecting with outsidenetworksprefixes go to all IGProutersset administrativeboundariesbinds routers in one AStogetherbinds AS’s together 2004, Cisco Systems, Inc. All rights reserved.42
Interior versus ExteriorRouting Protocols InteriorCarries ISPinfrastructureaddresses onlyISPs aim to keep theIGP small for efficiencyand scalabilityAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved. ExteriorCarries customerprefixesCarries Internet prefixesEGPs are independentof ISP network topology43
Hierarchy of Routing ProtocolsOther ISPsBGP4BGP4and OSPF/ISISBGP4IXPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.Static/BGP4Customers44
Default Administrative DistancesRoute SourceDefault DistanceConnected InterfaceStatic RouteEnhanced IGRP Summary RouteExternal BGPInternal Enhanced IGRPIGRPOSPFIS-ISRIPEGPExternal Enhanced IGRPInternal BGPUnknownAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.015209010011011512014017020025545
BGP for Internet Service Providers Routing Basics BGP Basics BGP Attributes BGP Path Selection BGP Policy BGP Capabilities Scaling BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.46
BGP BasicsWhat is this BGP thing?APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.47
Border Gateway Protocol Routing Protocol used to exchange routinginformation between networksexterior gateway protocol Described in RFC1771work in progress to bgp4-23.txt The Autonomous System is BGP’s fundamentaloperating unitIt is used to uniquely identify networks with commonrouting policyAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.48
Autonomous System (AS)AS 100 Collection of networks with same routing policy Single routing protocol Usually under single ownership, trust andadministrative control Identified by a unique numberAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.49
Autonomous System Number (ASN) An ASN is a 16 bit number1-64511 are assigned by the RIRs64512-65534 are for private use and should never appear onthe Internet0 and 65535 are reserved 32 bit ASNs are coming 4bytes-07.txt ASNs are distributed by the Regional Internet RegistriesAlso available from upstream ISPs who are members of oneof the RIRsCurrent ASN allocations up to 32767 have been made to theRIRsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.50
BGP BasicsPeeringACAS 100AS 101DB Runs over TCP – port 179 Path vector protocolEAS 102 Incremental updates “Internal” & “External” BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.51
Demarcation Zone (DMZ)ACDMZNetworkAS 100BAS 101DEAS 102 Shared network between ASesAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.52
BGP General Operation Learns multiple paths via internaland external BGP speakers Picks the best path and installs inthe forwarding table Best path is sent to external BGPneighbours Policies applied by influencing thebest path selectionAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.53
eBGP & iBGP BGP used internally (iBGP) and externally(eBGP) iBGP used to carrysome/all Internet prefixes across ISP backboneISP’s customer prefixes eBGP used toexchange prefixes with other ASesimplement routing policyAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.54
BGP/IGP model used in ISP networks Model representationeBGPAPRICOT 2004eBGPeBGPiBGPiBGPiBGPiBGPIGPIGPIGPIGP 2004, Cisco Systems, Inc. All rights reserved.55
External BGP Peering (eBGP)AAS 100CAS 101B Between BGP speakers in different AS Should be directly connected Never run an IGP between eBGP peersAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.56
Configuring External BGPip address onethernet interfaceRouter A in AS100interface ethernet 5/0ip address 222.222.10.2 255.255.255.240!Local ASNrouter bgp 100network 220.220.8.0 mask 255.255.252.0Remote ASNneighbor 222.222.10.1 remote-as 101neighbor 222.222.10.1 prefix-list RouterC inneighbor 222.222.10.1 prefix-list RouterC out!ip address of Router Cethernet interfaceAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.Inbound andoutbound filters57
Configuring External BGPip address onethernet interfaceRouter C in AS101interface ethernet 1/0/0ip address 222.222.10.1 255.255.255.240!Local ASNrouter bgp 101network 220.220.8.0 mask 255.255.252.0Remote ASNneighbor 222.222.10.2 remote-as 100neighbor 222.222.10.2 prefix-list RouterA inneighbor 222.222.10.2 prefix-list RouterA out!ip address of Router Aethernet interfaceAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.Inbound andoutbound filters58
Internal BGP (iBGP) BGP peer within the same AS Not required to be directly connectedIGP takes care of inter-BGP speakerconnectivity iBGP speakers need to be fully meshedthey originate connected networksthey do not pass on prefixes learned fromother iBGP speakersAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.59
Internal BGP Peering (iBGP)AS 100BACD Topology independent Each iBGP speaker must peer withevery other iBGP speaker in the ASAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.60
Peering to Loop-back AddressAS 100 Peer with loop-back addressLoop-back interface does not go down – ever! iBGP session is not dependent on state of a singleinterface iBGP session is not dependent on physical topologyAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.61
Configuring Internal BGPip address onloopback interfaceRouter A in AS100interface loopback 0ip address 215.10.7.1 255.255.255.255!Local ASNrouter bgp 100network 220.220.1.0Local ASNneighbor 215.10.7.2 remote-as 100neighbor 215.10.7.2 update-source loopback0neighbor 215.10.7.3 remote-as 100neighbor 215.10.7.3 update-source loopback0!ip address of Router Bloopback interfaceAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.62
Configuring Internal BGPip address onloopback interfaceRouter B in AS100interface loopback 0ip address 215.10.7.2 255.255.255.255!Local ASNrouter bgp 100network 220.220.1.0Local ASNneighbor 215.10.7.1 remote-as 100neighbor 215.10.7.1 update-source loopback0neighbor 215.10.7.3 remote-as 100neighbor 215.10.7.3 update-source loopback0!ip address of Router Aloopback interfaceAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.63
BGP for Internet Service Providers Routing Basics BGP Basics BGP Attributes BGP Path Selection BGP Policy BGP Capabilities Scaling BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.64
BGP AttributesInformation about BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.65
AS-Path Sequence of ASes aroute has traversedAS 200AS 100170.10.0.0/16180.10.0.0/16 Loop detection Apply policy180.10.0.0/16 300 200 100170.10.0.0/16 300 200AS 300AS 400150.10.0.0/16AS 500APRICOT 2004 2004, Cisco Systems, Inc. All rights 0 200 100300 200300 40066
AS-Path loop detectionAS 200AS .0/16500 300500 300 200AS 300140.10.0.0/16AS 500180.10.0.0/16170.10.0.0/16140.10.0.0/16APRICOT 2004300 200 100300 200300 2004, Cisco Systems, Inc. All rights reserved.180.10.0.0/16 is notaccepted by AS100 as theprefix has AS100 in itsAS-PATH attribute – thisis loop detection in action67
Next Hop150.10.1.1150.10.1.2iBGPAS 200150.10.0.0/16AeBGPBCAS 300150.10.0.0/16 150.10.1.1160.10.0.0/16 150.10.1.1AS 100160.10.0.0/16eBGP – address of external neighbouriBGP – NEXT HOP from eBGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.68
iBGP Next /32CLoopback220.1.254.3/32BAS 300DA220.1.1.0/24 220.1.254.2220.1.2.0/23 220.1.254.3Next hop is ibgp router loopback addressRecursive route look-upAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.69
Next Hop (summary) IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physicaltopology Allows IGP to make intelligent forwardingdecisionAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.70
Origin Conveys the origin of the prefix “Historical” attribute Influences best path selection Three values: IGP, EGP, incompleteIGP – generated by BGP network statementEGP – generated by EGPincomplete – redistributed from another routingprotocolAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.71
Aggregator Conveys the IP address of the router/BGPspeaker generating the aggregate route Useful for debugging purposes Does not influence best path selectionAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.72
Local PreferenceAS 100160.10.0.0/16AS 200AS 300D500800A160.10.0.0/16 160.10.0.0/16500800EBAS 400CAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.73
Local Preference Local to an AS – non-transitiveDefault local preference is 100 (IOS) Used to influence BGP path selectiondetermines best path for outbound traffic Path with highest local preference winsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.74
Local Preference Configuration of Router B:router bgp 400neighbor 220.5.1.1 remote-as 300neighbor 220.5.1.1 route-map local-pref in!route-map local-pref permit 10match ip address prefix-list MATCHset local-preference 800!ip prefix-list MATCH permit 160.10.0.0/16APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.75
Multi-Exit Discriminator (MED)AS /24AS 201APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.76
Multi-Exit Discriminator Inter-AS – non-transitive Used to convey the relative preference of entrypointsdetermines best path for inbound traffic Comparable if paths are from same AS IGP metric can be conveyed as MEDset metric-type internal in route-mapAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.77
Multi-Exit Discriminator Configuration of Router B:router bgp 400neighbor 220.5.1.1 remote-as 200neighbor 220.5.1.1 route-map set-med out!route-map set-med permit 10match ip address prefix-list MATCHset metric 1000!ip prefix-list MATCH permit 192.68.1.0/24APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.78
Weight Not really an attribute – local to routerAllows policy control, similar to local preference Highest weight wins Applied to all routes from a neighbourneighbor 220.5.7.1 weight 100 Weight assigned to routes based on filterneighbor 220.5.7.3 filter-list 3 weight 50APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.79
Weight – Used to help Deploy RPFAS4Link to use for most traffic from AS1AS4, LOCAL PREF 200CBBackup link, but RPFstill needs to workAS4, LOCAL PREF100, weight 100AAS1 Best path to AS4 from AS1 is always via B due to local-pref But packets arriving at A from AS4 over the direct C to A linkwill pass the RPF check as that path has a priority due to theweight being setIf weight was not set, best path back to AS4 would be via B, and theRPF check would failAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.80
Community Communities are described in RFC1997 32 bit integerRepresented as two 16 bit integers (RFC1998)Common format is local-ASN :xx Used to group destinationsEach destination could be member of multiplecommunities Community attribute carried across AS’s Very useful in applying policiesAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.81
CommunityISP 6200.10.0.0/16FAS 400E300:9DISP 1AS 300160.10.0.0/16C300:1AS 100A160.10.0.0/16APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.170.10.0.0/16B300:1AS 200170.10.0.0/1682
Well-Known Communities no-exportdo not advertise to eBGP peers no-advertisedo not advertise to any peer local-ASdo not advertise outside local AS (only used withconfederations)APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.83
No-Export Community170.10.0.0/16170.10.X.X No-Export170.10.X.XDAAS 100BCEAS 200170.10.0.0/16GF AS100 announces aggregate and subprefixesaim is to improve loadsharing by leaking subprefixes Subprefixes marked with no-export community Router G in AS200 does not announce prefixes with no-exportcommunity setAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.84
BGP for Internet Service Providers Routing Basics BGP Basics BGP Attributes BGP Path Selection BGP Policy BGP Capabilities Scaling BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.85
BGP Path Selection AlgorithmWhy Is This the Best Path?APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.86
BGP Path Selection AlgorithmPart One Do not consider path if no route to next hop Do not consider iBGP path if notsynchronised (Cisco IOS) Highest weight (local to router) Highest local preference (global within AS) Prefer locally originated route Shortest AS pathAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.87
BGP Path Selection AlgorithmPart Two Lowest origin codeIGP EGP incomplete Lowest Multi-Exit Discriminator (MED)If bgp deterministic-med, order the paths beforecomparingIf bgp always-compare-med, then compare for allpathsotherwise MED only considered if paths are fromthe same AS (default)APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.88
BGP Path Selection AlgorithmPart Three Prefer eBGP path over iBGP path Path with lowest IGP metric to next-hop Lowest router-id (originator-id for reflectedroutes) Shortest Cluster-ListClient must be aware of Route Reflector attributes! Lowest neighbour IP addressAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.89
BGP for Internet Service Providers Routing Basics BGP Basics BGP Attributes BGP Path Selection BGP Policy BGP Capabilities Scaling BGPAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.90
Applying Policy with BGPControl!APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.91
Applying Policy with BGP Applying PolicyDecisions based on AS path, community or the prefixRejecting/accepting selected routesSet attributes to influence path selection Tools:Prefix-list (filter prefixes)Filter-list (filter ASes)Route-maps and communitiesAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.92
Policy ControlPrefix List Filter routes based on prefix Inbound and Outboundrouter bgp 200neighbor 220.200.1.1 remote-as 210neighbor 220.200.1.1 prefix-list PEER-IN inneighbor 220.200.1.1 prefix-list PEER-OUT out!ip prefix-list PEER-IN deny 218.10.0.0/16ip prefix-list PEER-IN permit 0.0.0.0/0 le 32ip prefix-list PEER-OUT permit 215.7.0.0/16APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.93
Policy ControlFilter List Filter routes based on AS path Inbound and Outboundrouter bgp 100neighbor 220.200.1.1 remote-as 210neighbor 220.200.1.1 filter-list 5 outneighbor 220.200.1.1 filter-list 6 in!ip as-path access-list 5 permit 200 ip as-path access-list 6 permit 150 APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.94
Policy ControlRegular Expressions Like Unix regular expressionsAPRICOT 2004.Match one character*Match any number of preceding expression Match at least one of preceding expression Beginning of line End of lineBeginning, end, white-space, brace Or()brackets to contain expression 2004, Cisco Systems, Inc. All rights reserved.95
Policy ControlRegular Expressions Simple ExamplesAPRICOT 2004.*Match anything. Match at least one character Match routes local to this AS1800 Originated by 1800 1800Received from 18001800Via 1800790 1800Passing through 1800 then 790(1800 ) Match at least one of 1800 in sequence\(65350\)Via 65350 (confederation AS) 2004, Cisco Systems, Inc. All rights reserved.96
Policy ControlRegular Expressions Not so simple Examples [0-9] Match AS PATH length of one [0-9] [0-9] Match AS PATH length of two [0-9]* [0-9] Match AS PATH length of one or two [0-9]* [0-9]* Match AS PATH length of one or two(will also match zero) [0-9] [0-9] [0-9] Match AS PATH length of three(701 1800)Match anything which has gonethrough AS701 or AS18001849( . )12163 Match anything of origin AS12163and passed through AS1849APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.97
Policy ControlRegular Expressions What does this example do?denypermitdenypermit \(6(451[2-9] 4[6-9]. 5.)( 6(451[2-9] 4[6-9]. 5.))*\) .*\( \(6(451[2-9] 4[6-9]. 5.)( 6(451[2-9] 4[6-9]. 5.))*\)\(.* Thanks to Dorian Kim & John Heasley ofVerio/NTTAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.98
Policy ControlRoute Maps A route-map is like a “programme” for IOS Has “line” numbers, like programmes Each line is a separate condition/action Concept is basically:if match then do expression and exitelseif match then do expression and exitelse etcAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.99
Policy ControlRoute Maps Example using prefix-listsrouter bgp 100neighbor 1.1.1.1 route-map infilter in!route-map infilter permit 10match ip address prefix-list HIGH-PREFset local-preference 120!route-map infilter permit 20match ip address prefix-list LOW-PREFset local-preference 80!route-map infilter permit 30!ip prefix-list HIGH-PREF permit 10.0.0.0/8ip prefix-list LOW-PREF permit 20.0.0.0/8APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.100
Policy ControlRoute Maps Example using filter listsrouter bgp 100neighbor 220.200.1.2 route-map filter-on-as-path in!route-map filter-on-as-path permit 10match as-path 1set local-preference 80!route-map filter-on-as-path permit 20match as-path 2set local-preference 200!route-map filter-on-as-path permit 30!ip as-path access-list 1 permit 150 ip as-path access-list 2 permit 210APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.101
Policy ControlRoute Maps Example configuration of AS-PATH prependrouter bgp 300network 215.7.0.0neighbor 2.2.2.2 remote-as 100neighbor 2.2.2.2 route-map SETPATH out!route-map SETPATH permit 10set as-path prepend 300 300 Use your own AS number when prependingOtherwise BGP loop detection may causedisconnectsAPRICOT 2004 2004, Cisco Systems, Inc. All rights reserved.102
Policy ControlSetting Communities Example Configurationrouter bgp 100neighbor 220.200.1.1 re
APRICOT 2004 2004, Cisco Systems, Inc. All rights reserved. 2 APRICOT BGP Tutorials Two Tutorials Part 1 - Introduction Morning Part 2 - Multihoming Afternoon
