BSCI Module 6 BGP. Configuring Basic BGP. BSCI Module 6

(1)

Configuring Basic

BGP

BSCI Module 6

BSCI Module 6 BGP

An AS is a collection of networks under a single technical administration.

(2)

3

BSCI Module 6 BGP

An AS is a group of routers that share similar routing

policies and operate within a single administrative

domain.

An AS can be a collection of routers running a single

IGP, or it can be a collection of routers running different

protocols all belonging to one organization.

In either case, the outside world views the entire

Autonomous System as a single entity.

4

BSCI Module 6 BGP

Internet Assigned Numbers Authority (IANA) is

enforcing a policy whereby organizations that connect

to a single provider and share the provider's routing

policies use an AS number from the private pool,

64.512 to 65.535.

These private AS numbers appear only within the

provider's network and are replaced by the provider's

registered number upon exiting the network.

(3)

5

Using BGP to Connect to the Internet

Single-Homed AS

When an AS has only 1 exit point to outside

Often referred to as

stub networks

, or stubs

Can rely on a default route for all traffic to nonlocal networks

Methods to advertise the network

ISP has a static entry and advertises it to Internet

IGP Both the provider and the customer use an IGP to share information regarding the customer's networks

(4)

7

Multi-homed Autonomous Systems

An AS is a multi-homed system if it has more than

one exit point to outside networks

Provides for redundancy

An AS connected to the Internet can be multi-homed to:

A single provider (AS) Multiple providers (ASs)

Same ISP

8

(5)

9

Default Routes from All Providers and Partial

Table

Multi-homed non-transit ASs

Don’t allow transit traffic to pass through it

Don’t really need to run BGP4 with their providers, although it is recommended, and often required by ISPs

BGP4 offers increased control of route propagation and

filtering

Multi-homed Non-transit Autonomous Systems

(6)

11

A multi-homed transit system

Has more than one connection to the outside world Can be used for transit traffic by other ASs

Can run BGP inside an AS IBGP

Transit traffic any traffic originating from outside

sources bound for outside destinations

EBGP External BGP: BGP between ASs

Multi-homed Transit Autonomous Systems

12

Do not use BGP if :

There’s a single connection to Internet or another AS

No concern for routing policy or routing selection

A limited understanding of route filtering and BGP path selection process

A lack of memory or processing power on your routers to handle constant BGP updates

Low BW between AS’s

Use BGP if :

There are different policy requirements than the ISP

The AS has multiple connections to other AS’s and they are active

(7)

13

BGP Basics

Functions:

Exchange routing information between AS Guarantee the selection of a loop free path

Supports CIDR and route aggregation

BGP makes routing decisions based on network

policies

BGP constructs a graph of ASs based on the

information between BGP neighbors

BGP sees only a tree of autonomous systems PATH Connection between any two systems

AS_PATH Sequence of AS numbers that forms a route

BGP Operation

BGP updates use TCP on port 179

IP connectivity must exist between BGP peers

TCP connections must be negotiated between them before updates can be exchanged

When 2 routers establish a TCP-enabled BGP

connection between each other

They are called neighborsor peers

First, they exchange their entire BGP routing tables

After that, they exchange incremental, partial updates with only the information that has changed

(8)

15

BGP Terms

16

BGP Databases

Neighbor table

List of BGP neighbors

BGP table (forwarding database)

List of all networks learned from each neighbor Can contain multiple paths to destination networks Contains BGP attributes for each path

IP routing table

(9)

17

BGP Message Types

BGP defines the following message types:

Open

Includes holdtime and BGP router ID

Keepalive

Update

Information for one path only (could be to multiple networks) Includes path attributes and networks

Notification

When error is detected

BGP connection is closed after being sent

Peers = Neighbors

A “BGP peer,” also known as a “BGP neighbor,” is a

specific term that is used for BGP speakers that have

established a neighbor relationship.

(10)

19

External BGP

When BGP is running between neighbors that belong to

different autonomous systems, it is called EBGP.

EBGP neighbors, by default, need to be directly

connected.

20

Internal BGP

When BGP is running between neighbors within the

same AS, it is called IBGP.

(11)

21

BGP

Commands

BGP Commands

router bgp autonomous-system Router(config)#

This command just enters router configuration mode; subcommands must be entered in order to activate BGP.

Only one instance of BGP can be configured on the router at a single time.

The autonomous system number identifies the autonomous system to which the router belongs.

The autonomous system number in this command is compared to the autonomous system numbers listed in neighbor statements to

(12)

23

BGP neighbor remote-as Command

neighbor {ip-address | peer-group-name}

remote-as autonomous-system Router(config-router)#

The neighbor command activates a BGP session with this neighbor.

The IP address that is specified is the destination address of BGP packets going to this neighbor.

This router must have an IP path to reach this neighbor before it can set up a BGP relationship.

The remote-as shows what AS this neighbor is in. This AS number is used to determine if the neighbor is internal or external.

This command is used for both external and internal neighbors.

24

BGP neighbor shutdown Command

neighbor {ip-address | peer-group-name} shutdown Router(config-router)#

no neighbor {ip-address | peer-group-name} shutdown Router(config-router)#

Administratively brings down a BGP neighbor

Used for maintenance and policy changes to prevent route flapping

Re-enables a BGP neighbor that has been administratively shut down

(13)

25

Example: BGP neighbor Command

BGP neighbor update-source

Command

neighbor {ip-address | peer-group-name} update-source interface-type interface-number

Router(config-router)#

This command allows the BGP process to use the IP address of a specified interface as the source IP address of all BGP updates to that neighbor.

A loopback interface is usually used, because it will be available as long as the router is operational.

The IP address used in the neighbor command on the other router will be the destination IP address of all BGP updates and should be the loopback interface of this router.

(14)

27

Example: BGP Using Loopback

Addresses

Without the update-source loopback 0 command, BGP routers can use only the closest IP interface to the peer

28

IBGP and EBGP

EBGP

RTA(config)#router bgp 100

RTA(config-router)#neighbor 10.1.1.1 remote-as 200 RTB(config)#router bgp 200

RTB(config-router)#neighbor 10.1.1.2 remote-as 100

IBGP

RTB(config)#router bgp 200

RTB(config-router)#neighbor 172.16.1.2 update-source loopback 0 RTC(config)#router bgp 200

RTC(config-router)#neighbor 172.16.1.1 remote-as 200

(15)

29

BGP neighbor ebgp-multihop

Command

neighbor {ip-address | peer-group-name} ebgp-multihop [ttl] Router(config-router)#

This command increases the default of one hop for EBGP peers.

It allows routes to the EBGP loopback address (which will have a hop count greater than 1).

The neighbor ebgp multihop Command Parameters

ip-addressis the IP address of the BGP-speaking neighbor.

peer-group-nameis the Name of a BGP peer group.

ttl(Optional) TTL in the range from 1 to 255 hops

(16)

31

EBGP multihop

EBGP neighbors must be

directly connected to establish an EBGP session

EBGP multihop Cisco IOS option

It allows RTW and RTU to be logically connected in an EBGP session, although RTV does not support BGP

It is configured on each peer:

R(config-router)#neighbor IP-address ebgp-multihop [hops]

RTW(config)#router bgp 200

RTW(config-router)#neighbor 1.1.1.2 remote-as 300 RTW(config-router)#neighbor 1.1.1.2 ebgp-multihop 2 RTU(config)#router bgp 300

RTU(config-router)#neighbor 2.2.2.1 remote-as 200 RTU(config-router)#neighbor 2.2.2.1 ebgp-multihop 2

32 To begin configuring a BGP process:

Router(config)#router bgp AS-number

IOS permits only 1 BGP process to run at a time a router cannot belong to more than one AS

Router(config-router)#network network-number [mask network-mask]

networkcommand

IGPs determine the interfaces on which to send and receive updates, and which directly connected networks to advertise

BGP it does not affect what interfaces BGP runs on.

It tells the BGP process what locally learned networks to advertise Configuring just a network statement will not establish a BGP neighbor relationship

These networks must also exist in the local router’s routing table or they will not be sent out in updates

(17)

33

Verifying BGP Configuration

If the router has not installed the BGP routes, you can use the show ip bgp command to verify that BGP has learned these routes

If an expected BGP route does not appear in the BGP table, you can use the show ip bgp neighbors command to verify that your router has established a BGP connection with its neighbors

Example: BGP Peering

RouterA# show ip bgp summary

BGP router identifier 10.1.1.1, local AS number 65001 BGP table version is 124, main routing table version 124 9 network entries using 1053 bytes of memory

22 path entries using 1144 bytes of memory

12/5 BGP path/bestpath attribute entries using 1488 bytes of memory 6 BGP AS-PATH entries using 144 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 3829 total bytes of memory

BGP activity 58/49 prefixes, 72/50 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.0.2 4 65001 11 11 124 0 0 00:02:28 8

172.31.1.3 4 64998 21 18 124 0 0 00:01:13 6

(18)

35

BGP Peering

BGP does not advertise routes learned via IBGP peers to other IBGP peers

If they did, BGP routing inside the AS would present a dangerous potential for routing loops

For IBGP routers to learn about all BGP routes inside the AS, they must connect to every other IBGP router in a logical full IBGP mesh

Possible even if the routers aren’t directly connected IBGP peers can connect to each other using TCP/IP

36

(19)

37

BGP Message Types

4 BGP message types: Type 1: OPEN

Used to establish connections with peers

Includes fields for the BGP version, AS number, hold time, router ID…

Type 2: UPDATE

Contains all the information that BGP uses to construct a loop-free picture of the internetwork

Type 3: NOTIFICATION

Used to inform the receiving router of errors Includes a field for error codes

Type 4: KEEPALIVE

Sent periodically between peers to maintain connections

BGP Finite State Machine

BGP FSM includes six states:

Idle

Connect

Active

OpenSent

Open Confirm

Established

(20)

39

BGP States

When establishing a BGP session, BGP goes through

the following steps:

Idle

: Router is searching routing table to see if a route exists

to reach the neighbor.

Connect

: Router found a route to the neighbor and has

completed the three-way TCP handshake.

Open sent

: Open message sent, with the parameters for the

BGP session.

Open confirm

: Router received agreement on the

parameters for establishing session.

Alternatively, router goes into Activestate if no response to open message

Established

: Peering is established; routing begins.

40

BGP Established and Idle States

Idle:

The router in this state cannot find the address of

the neighbor in the routing table. Check for an IGP

problem. Is the neighbor announcing the route?

Established:

The established state is the proper

state for BGP operations.

In the

show ip bgp summary

command, if the state

column has a number, then the route is in the

established state. The number is how many routes

have been learned from this neighbor.

(21)

41

RouterA#sh ip bgp neighbors

BGP neighbor is 172.31.1.3, remote AS 64998, external link BGP version 4, remote router ID 172.31.2.3

BGP state = Established, up for 00:19:10

Last read 00:00:10, last write 00:00:10, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 7 7 Notifications: 0 0 Updates: 13 38 <output omitted>

Example: show ip bgp neighbors

Command

BGP Active State Troubleshooting

Active:

The router has sent out an open packet and is

waiting for a response.

The state may cycle between active and idle. The

neighbor may not know how to get back to this router

because of the following reasons:

1. Neighbor does not have a route to the source IP address of the BGP open packet generated by this router

2. Neighbor peering with the wrong address

3. Neighbor does not have a neighbor statement for this router

(22)

43

Example: BGP Active State Troubleshooting

AS number misconfiguration:

At the router with the wrong remote-as number:

%BGP-3-NOTIFICATION: sent to neighbor 172.31.1.3 2/2 (peer in wrong AS) 2 bytes FDE6

FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 FDE6 00B4 AC1F 0203 1002 0601 0400 0100 0102 0280 0002 0202 00

At the remote router:

%BGP-3-NOTIFICATION: received from neighbor 172.31.1.1 2/2 (peer in wrong AS) 2 bytes FDE6

44

BGP Update Message

The UPDATE messages contain all the information BGP uses to construct a loop-free picture of the internetwork

Update messages advertises feasible routes, withdrawn routes, or both.

The three basic components of an UPDATE message are:

Network

Network--Layer Layer ReachabilityReachabilityInformationInformation(NLRI)(NLRI) Path Attributes

Path Attributes

Withdrawn Routes

(23)

45

Network

Network--Layer Layer ReachabilityReachabilityInformationInformation(NLRI)(NLRI)

One or more (Length, Prefix) tuples that advertise IP address prefixes and their lengths

192.168.160.0 /19 Length = /19

Prefix = 192.168.160.0

Path Attributes

Provides the information that allows BGP to choose a shortest path, detect routing loops, and determine routing policy

Withdrawn Routes

Tuples describing destination that have become unreachable and are being withdrawn from service

BGP Update Message

Path Attributes

Each route has its own set of defined attributes Path information, route preference, next-hop…

Administrators use them to enforce routing policy Filter routing information, prefer certain paths…

Every UPDATE messagehas a variable-length sequence of path attributes in the form

Types of path attributes: Well-known mandatory Well-known discretionary

(24)

47

Well-known mandatory

Attribute that must exist in the BGP UPDATE packet

It must be recognized by all BGP implementations

If a well-known attribute is missing, a notification error will be generated

Example: AS_PATH attribute

Well-known discretionary

Attribute recognized by all BGP implementations

May or may not be sent in the BGP UPDATE Example: LOCAL_PREF

Path Attributes

48

Optional transitive

Attribute that may or may not be recognized by all BGP implementations

BGP should accept and advertise the attribute even if it isn’t recognized

Example: COMMUNITY

Optional non-transitive

An attribute that may or may not be recognized by all BGP implementations.

Whether or not the receiving BGP router recognizes the attribute, it is non-transitive, and should not be passed along to other BGP peers

Example: MULTI_EXIT_DISC

(25)

49

Path Attributes

BGP Attributes

NEXT_HOP

AS_PATH

ATOMIC_AGGREGATE

AGGREGATOR

LOCAL_PREF

Weight

MULTI_EXIT_DISC (MED)

(26)

51

NEXT_HOP

Well-known mandatory attribute

For EBGPsessions IP address of the neighbor that announced the route

For IBGPsessions

For routes originated inside the AS IP address of the neighbor that announced the route

For routes injected into the AS via EBGP

The next hop learned from EBGP is carried unaltered into IBGP

The next hop is the IP address

of the EBGP neighbor from which the route was learned

When the route is advertised on a multiaccess medium, the next hop is usually the IP address of the interface of the router

52

NEXT_HOP on multiaccess media

BGP speakers should always advertise the actual source of the route if the source is on the same multiaccess link as the speaker

For example:

RTA, RTB, and RTC share a common multi-access media. RTA and RTC are running EBGP; RTC and RTB are running OSPF

RTC has learned 11.11.11.0/24 from RTB via OSPF and advertises it to RTA via EBGP

Because RTA and RTB are running different protocols, it would seem logical that RTA would consider RTC (10.10.10.2) as its next hop to reach 11.11.11.0/24, but this is incorrect. The correct behavior is for RTA

to consider RTB (10.10.10.3) as the next hop because RTB shares the same media with RTC

(27)

53

NEXT_HOP - NBMA

RTA gets a BGP routing update about 11.11.11.0/24 from RTC and would try to use RTB (10.10.10.3) as the next hop

Routing will fail: no virtual circuit exists between RTA and RTB

Cisco IOS solution: next-hop-selfkeyword

It forces the router (RTC) to advertise 11.11.11.0/24 with itself as the next hop (10.10.10.2)

RTA would then direct its traffic to RTC to reach destination 11.11.11.0/24 R(config-router)#neighbor IP-address next-hop-self

So:

RTC(config-router)#neighbor 10.10.10.1 next-hop-self

RouterA RouterB RouterC 12.0.0.0/8 192.10.2.0/24 11.0.0.0/8 130.1.50.32/30 200.200.200.64/30 AS 200 AS 400 AS 300 RouterC#show ip bgp

BGP table version is 8, local router ID is 200.200.200.66

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

(28)

55 Well-known mandatory attribute

Sequence of AS numbers a route has traversed to reach a destination

The AS that originates the route adds its own AS number when sending the route to its external BGP peers

Thereafter, each AS that receives the route and passes it on to other BGP peers will prepend its own AS number

Prepending add the AS to the beginning of the list

AS_SEQUENCE AS_PATH list where the AS numbers are ordered sequentially

EBGP

BGP speakers prepend their AS numbers when advertising routing updates to other AS

IBGP

When the route is passed to a BGP speaker within the same AS, the AS_PATH information is left intact

AS_PATH

56

AS_PATH

BGP uses the AS_PATH attribute to ensure a loop-free topology In comparing different routes, given that all other attributes are identical, a shorter path is always preferred

Each route that gets passed between BGP peers will carry a list of all AS numbers that the route has already been through

If the route is advertised to the AS that originated it, that AS will see itself as part of the AS_PATH attribute list and will not accept the route

(29)

57

AS_PATH – private AS numbers

Private AS numberscannot be leaked to the Internet because they are not unique

Cisco uses remove-private-as, to strip private AS numbers out of the AS_PATH list before the routes get propagated to the Internet

RTB(config-router)#neighbor 172.16.20.2 remote-as 65001 RTB(config-router)#neighbor 192.168.6.3 remote-as 7

RTB(config-router)#neighbor 192.168.6.3 remove-private-as

ATOMIC_AGGREGATE

Well-know discretionary attribute

Set to either “True” or “False” If True,

Alerts BGP routers that multiple destinations have been grouped into a single update

The BGP router that sent the update had a more specific route to the destination, but did not send it.

It warns receiving routers that the information is not necessarily the most complete route information available

This attribute uses the aggregate-address command

Router(config-router)#aggregate-address address mask [as-set][summary-only] [suppress-map

(30)

map-name][advertise-59 By configuring all of them the

aggregate will be sent in case one of the networks goes down

RTA and RTB will have all 172.16.n.0/24 routes in its BGP table (show ip bgp), and the the aggregate address of 172.16.0.0/22 RTB router bgp 2 neighbor 10.1.1.1 remote-as 1 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask {/24} network 172.16.2.0 mask {/24} network 172.16.3.0 mask {/24} aggregate-address 172.16.0.0 255.255.252.0 172.16.0.0/24 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 10.1.1.2 10.1.1.1 RTA RTB AS 2 AS 1 172.16.0.0/24 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 172.16.0.0/22 (Aggregate)

Example: Aggregating Local Routes

60

AGGREGATOR

Well-known discretionary attribute

The router can also include its router ID and local AS number along with the supernet route if aggregation is configured

It enables ISP administrators to determine which BGP router is responsible for a particular instance of aggregation

(31)

61

The LOCAL_PREF Attribute

Well-known discretionary attribute

Degree of preference given to a route to compare it with other routes for the same destination

Higher LOCAL_PREF values are preferred

There could be two or more exit points from the local AS to any given destination

Local to the AS

Exchanged between IBGP peers only Not advertised to EBGP peers

Force BGP routers to prefer one exit point over another when routing to a particular destination

To manipulate LOCAL_PREF: bgp default local-preference route map to set local preference

(32)

63

The LOCAL_PREF Attribute

Router C router bgp 256 neighbor 1.1.1.1 remote-as 100 neighbor 128.213.11.2 remote-as 256 bgp default local-preference 150 Router D router bgp 256 neighbor 3.3.3.4 remote-as 300 neighbor 128.213.11.1 remote-as 256 bgp default local-preference 200

Result: all traffic in AS 256 destined for network 170.10.0.0 is sent by RTD

64

The LOCAL_PREF Attribute

Using a Route Map to set LOCAL_PREF on Router D specifically for updates regarding AS 300:

Router D

router bgp 256

neighbor 3.3.3.4 remote-as 300

neighbor 3.3.3.4 route-map SETLOCALIN in

ip as-path access-list 7 permit ^300$ route-map SETLOCALIN permit 10

match as-path 7

set local-preference 200

The local preferenceattribute of any update coming from AS 300 is set to 200

(33)

65

The WEIGHT attribute

Cisco proprietary attribute

Used in the path selection process when there is more than one route to the same destination

Local to the router on which it is assigned, and it is not propagated in routing updates

By default, the weight attribute is 32768 for paths that the router originates and zero for other paths

Routes with a higher weight are preferred when there are multiple routes to the same destination

The most important attribute when determining route preference

RouterA RouterB RouterC 12.0.0.0/8 192.10.2.0/24 11.0.0.0/8 130.1.50.32/30 200.200.200.64/30 AS 200 AS 400 AS 300 RouterC#show ip bgp

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

(34)

67

The MED attribute

MULTI_EXIT_DISC (Multi-Exit Discriminator)

Optional non-transitive attribute

Informs external neighbors about the preferred path into an AS that has multiple entry points

A lower MED is preferred over a higher MED

The MED attribute is exchanged between ASs A MED that comes into an AS does not leave the AS

When BGP forwards the routing update to another AS, the MED is reset to zero

The router compares MED attributes for paths from external neighbors that are in the same AS

To compare MED attributes from neighbors in other ASs, configure bgp always-compare-med 68 Router A router bgp 100 neighbor 2.2.2.1 remote-as 300 neighbor 3.3.3.3 remote-as 300 neighbor 4.4.4.3 remote-as 400 Router B router bgp 400 neighbor 4.4.4.4 remote-as 100

neighbor 4.4.4.4 route-map SETMEDOUTout neighbor 5.5.5.4 remote-as 300

route-map SETMEDOUTpermit 10

set metric 50

The MED attribute

AS100 receives updates regarding 180.10.0.0 from B, C, and D

C & D are in AS300, B is in AS400

A can only compare the MED coming from C to the MED coming from D, even though B has the lowest MED value

A will choose C as the best path for reaching network 180.10.0.0

To force A to include updates for 180.10.0.0 from B in the comparison, use the bgp always-compare-med command

Now, Router A will choose Router B as the best next hop for reaching network 180.10.0.0

Router C router bgp 300

neighbor 2.2.2.2 route-map SETMEDOUTout neighbor 5.5.5.5 remote-as 400

neighbor 1.1.1.2 remote-as 300 route-map SETMEDOUT permit 10

set metric 120

Router D router bgp 300

neighbor 3.3.3.2 route map SETMEDOUTout neighbor 1.1.1.1 remote-as 300

route-map SETMEDOUT permit 10

(35)

69

The ORIGIN attribute

Well-known mandatory attribute

Indicates the origin of the routing update IGP

The prefix is internal to the originating AS EGP

The prefix was learned via some EGP INCOMPLETE

The prefix was learned by some other means, probably redistribution

BGP prefers the path with the lowest origin type, where IGP is lower than EGP, and EGP is lower than INCOMPLETE

(36)

71

Resetting BGP

Sessions

72

Clearing the BGP Session

When policies such as access lists or attributes are

changed, the change takes effect immediately, and the

next time that a prefix or path is advertised or received,

the new policy will be used. It can take a long time for

the policy to be applied to all networks.

You must trigger an update to ensure that the policy is

immediately applied to all affected prefixes and paths.

Ways to trigger an update:

Hard reset Soft reset Route refresh

(37)

73

clear ip bgp * Router#

Resets all BGP connections with this router.

Entire BGP forwarding table is discarded.

BGP session makes the transition from established to idle; everything must be relearned.

Hard Reset of BGP Sessions

clear ip bgp [neighbor-address] Router#

Resets only a single neighbor.

BGP session makes the transition from established to idle; everything from this neighbor must be relearned.

Less severe than clear ip bgp *.

Soft Reset Outbound

clear ip bgp {*|neighbor-address} soft out Router#

Routes learned from this neighbor are not lost.

This router resends all BGP information to the neighbor without resetting the connection.

The connection remains established.

This option is highly recommended when you are changing outbound policy.

The soft outoption does not help if you are changing inbound policy.

(38)

75

Inbound Soft Reset

neighbor [ip-address] soft-reconfiguration inbound Router(config-router)#

This command stores all updates from this neighbor in case the inbound policy is changed.

The command is memory-intensive.

clear ip bgp {*|neighbor-address} soft in Router#

Uses the stored information to generate new inbound updates.

76

clear ip bgp {*|neighbor-address} [soft in | in] Router#

Routes advertised to this neighbor are not withdrawn.

Does not store update information locally.

The connection remains established.

Introduced in IOS 12.0(2)S and 12.0(6)T

Route Refresh: Dynamic Inbound Soft

Reset

(39)

77

debug ip bgp updates Command

RouterA#debug ip bgp updates

Mobile router debugging is on for address family: IPv4 Unicast

RouterA#clear ip bgp 10.1.0.2

*Feb 24 11:06:41.309: %BGP-5-ADJCHANGE: neighbor 10.1.0.2 Up *Feb 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 10.1.1.0/24, next 10.1.0.1, metric 0, path Local

*Feb 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (prepend, chgflags: 0x0) 10.1.0.0/24, next 10.1.0.1, metric 0, path Local

*Feb 24 11:06:41.309: BGP(0): 10.1.0.2 NEXT_HOP part 1 net 10.97.97.0/24, next 172.31.11.4

*Feb 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 10.97.97.0/24, next 172.31.11.4, metric 0, path 64999 64997 *Feb 24 11:06:41.309: BGP(0): 10.1.0.2 NEXT_HOP part 1 net 172.31.22.0/24, next 172.31.11.4

*Feb 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 172.31.22.0/24, next 172.31.11.4, metric 0, path 64999 <output omitted>

*Feb 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd UPDATE w/ attr: nexthop

10.1.0.2, origin i, localpref 100, metric 0

*Feb 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd 10.1.2.0/24

*Feb 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd 10.1.0.0/24

BGP Peer Groups

& Neighbors

(40)

79

neighbor peer-group-name peer-group Router(config-router)#

This command creates a peer group.

Using a Peer Group

neighbor ip-address peer-group peer-group-name Router(config-router)#

This command defines a template with parameters set for a group of neighbors instead of individually.

This command is useful when many neighbors have the same outbound policies.

Members can have a different inbound policy.

Updates are generated once per peer group.

Configuration is simplified.

80

(41)

81

Example: Using a Peer Group

BGP Neighbor Authentication

BGP authentication uses MD5.

Configure a “key” (password); router generates a

message digest, or hash, of the key and the message.

Message digest is sent; key is not sent.

Router generates and checks the MD5 digest of every

segment sent on the TCP connection. Router

authenticates the source of each routing update packet

neighbor {ip-address | peer-group-name} password string Router(config-router)#

(42)

83

Example: BGP Neighbor Authentication

84

Example: show ip bgp Command

RouterA# show ip bgp

Status codes: s suppressed, d damped, h history, * valid, > best, i -internal, r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path *> 10.1.0.0/24 0.0.0.0 0 32768 i * i 10.1.0.2 0 100 0 i *> 10.1.1.0/24 0.0.0.0 0 32768 i *>i10.1.2.0/24 10.1.0.2 0 100 0 i *> 10.97.97.0/24 172.31.1.3 0 64998 64997 i * 172.31.11.4 0 64999 64997 i * i 172.31.11.4 0 100 0 64999 64997 i *> 10.254.0.0/24 172.31.1.3 0 0 64998 i * 172.31.11.4 0 64999 64998 i * i 172.31.1.3 0 100 0 64998 i r> 172.31.1.0/24 172.31.1.3 0 0 64998 i r 172.31.11.4 0 64999 64998 i r i 172.31.1.3 0 100 0 64998 i *> 172.31.2.0/24 172.31.1.3 0 0 64998 i <output omitted>

(43)

85

BGP Local

Preference

Case Study

Local Preference Attribute

Paths with highest local preference value are preferred:

Local preference is used to advertise to IBGP neighbors about how to leave their AS.

(44)

87

Changing BGP Local Preference For All

Routes

bgp default local-preference value Router(config-router)#

Changes the default local preference value.

All routes advertised to an IBGP neighbor have the

local preference set to the value specified.

Local preference is used in these ways:

Within an AS between IBGP speakers.

To determine the best path to exit the

AS to reach an outside network.

Set to 100 by default; higher values are preferred.

88

What is the best path for router C to 65003, 65004, and

65005?

(45)

89

Router C BGP Table With Default

Settings

RouterC# show ip bgp

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale

Network Next Hop Metric LocPrf Weight Path

* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i *>i 192.168.28.1 100 0 65002 65003 i *>i172.24.0.0 172.20.50.1 100 0 65005 i * i 192.168.28.1 100 0 65002 65003 65004 65005 i *>i172.30.0.0 172.20.50.1 100 0 65005 65004 i * i 192.168.28.1 100 0 65002 65003 65004i By default, BGP selects the shortest AS path as the best (>) path.

In AS 65001, the percent of traffic going to 172.24.0.0 is 30%, 172.30.0.0 is 20%, and 172.16.0.0 is 10%.

50% of all traffic will go to the next hop of 172.20.50.1 (AS 65005), and 10% of all traffic will go to the next hop of 192.168.28.1 (AS 65002).

Make traffic to 172.30.0.0 select the next hop of 192.168.28.1 to achieve load sharing where both external links get approximately 30% of the load.

Route Map for Router A

router bgp 65001

neighbor 2.2.2.2 remote-as 65001 neighbor 3.3.3.3 remote-as 65001

neighbor 2.2.2.2 remote-as 65001 update-source loopback0 neighbor 3.3.3.3 remote-as 65001 update-source loopback0 neighbor 192.168.28.1 remote-as 65002

neighbor 192.168.28.1 route-map local_pref in !

access-list 65 permit 172.30.0.0 0.0.255.255 !

route-map local_pref permit 10 match ip address 65

set local-preference 400 !

(46)

91

Router C BGP Table with Local

Preference Learned

RouterC# show ip bgp

Network Next Hop Metric LocPrf Weight Path

* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i *>i 192.168.28.1 100 0 65002 65003 i *>i172.24.0.0 172.20.50.1 100 0 65005 i * i 192.168.28.1 100 0 65002 65003 65004 65005 i * i172.30.0.0 172.20.50.1 100 0 65005 65004 i *>i 192.168.28.1 400 0 65002 65003 65004i

Best (>) paths for networks 172.16.0.0/16 and 172.24.0.0/16 have not changed.

Best (>) path for network 172.30.0.0 has changed to a new next hop of 192.168.28.1 due to the next hop of 192.168.28.1 having a higher local preference, 400.

In AS 65001, the percentage of traffic going to 172.24.0.0 is 30%, 172.30.0.0 is 20%, and 172.16.0.0 is 10%.

30% of all traffic will go to the next hop of 172.20.50.1 (AS 65005), and 30% of all traffic will go to the next hop of 192.168.28.1 (AS 65002).

92

(47)

93

The paths with the lowest MED (also called the metric)

value are the most desirable:

MED is used to advertise to EBGP neighbors how to exit their AS to reach networks owned by this AS.

MED Attribute

The MED attribute is

optional and nontransitive.

Changing BGP MED For All Routes

default-metric number Router(config-router)#

MED is considered the metric of BGP.

MED is used when multiple paths exist between two

autonomous systems.

A lower MED value is preferred.

The default setting for Cisco is MED = 0.

The metric is optional, nontransitive attribute.

Usually, MED is shared only between two autonomous

systems that have multiple EBGP connections with each

other.

(48)

95

BGP Using Route Maps and the MED

96

Route Map for Router A

Router A’s Configuration: router bgp 65001

neighbor 2.2.2.2 remote-as 65001 neighbor 3.3.3.3 remote-as 65001 neighbor 2.2.2.2 update-source loopback0 neighbor 3.3.3.3 update-source loopback0 neighbor 192.168.28.1 remote-as 65004

neighbor 192.168.28.1 route-map med_65004 out !

access-list 66 permit 192.168.25.0.0 0.0.0.255 access-list 66 permit 192.168.26.0.0 0.0.0.255 !

route-map med_65004 permit 10 match ip address 66

set metric 100 !

route-map med_65004 permit 100 set metric 200

(49)

97

Route Map for Router B

Router B’s Configuration: router bgp 65001

neighbor 1.1.1.1 remote-as 65001 neighbor 3.3.3.3 remote-as 65001 neighbor 1.1.1.1 update-source loopback0 neighbor 3.3.3.3 update-source loopback0 neighbor 172.20.50.1 remote-as 65004 neighbor 172.20.50.1 route-map med_65004 out !

access-list 66 permit 192.168.24.0.0 0.0.0.255 !

route-map med_65004 permit 10 match ip address 66

set metric 100 !

route-map med_65004 permit 100 set metric 200

MED Learned by Router Z

RouterZ# show ip bgp

Network Next Hop Metric LocPrf Weight Path *>i192.168.24.0 172.20.50.2 100 100 0 65001 i * i 192.168.28.2 200 100 0 65001 i * i192.168.25.0 172.20.50.2 200 100 0 65001 i *>i 192.168.28.2 100 100 0 65001 i * i192.168.26.0 172.20.50.2 200 100 0 65001 i *>i 192.168.28.2 100 100 0 65001 i

Examine the networks that have been learned from AS 65001 on Router Z in AS 65004.

For all networks: Weight is equal (0); local preference is equal (100); routes are not originated in this AS; AS path is equal (65001); origin code is equal (i).

(50)

99

Consider only (synchronized) routes with no AS loops

and a valid next hop, and then:

Prefer highest weight (local to router).

Prefer highest local preference (global within AS).

Prefer route originated by the local router (next hop = 0.0.0.0).

Prefer shortest AS path.

Prefer lowest origin code (IGP < EGP < incomplete).

Prefer lowest MED (exchanged between autonomous systems).

Prefer EBGP path over IBGP path.

Prefer the path through the closest IGP neighbor.

Prefer oldest route for EBGP paths.

Prefer the path with the lowest neighbor BGP router ID.

Prefer the path with the lowest neighbor IP address.

Route Selection Decision Process

100

(51)

101

Route filtering

A BGP speaker can choose what routes to exchange with any of its BGP peers

Incoming route advertisements influence outgoing traffic, and outgoing advertisements influence your incoming traffic

Inbound filtering

At the peer level, the BGP speaker is filtering routing updates coming from other peers

At the protocol level, limits the routing updates being redistributed into BGP

Outbound filtering

At the peer level, filters the routing updates advertised from this BGP speaker towards other peers

At the protocol level, limits the routing updates redistributed from BGP into an IGP

2 steps:

Identify the network number and subnet mask of the route to which the policies are to be applied NLRI (prefix)

It relies on route maps Implement the policies

Filter prefixes

Manipulate attributes…

(52)

103

Distribute-list to filter updates

To restrict the routing information that the router learns or advertises, filter routing updates

Distribute-listcommand can be used

To prevent an AS become a transit AS Distribute-listcommand can be used

Router A router bgp 3

neighbor 172.16.1.2 remote-as 3 neighbor 172.16.20.1 remote-as 1

neighbor 172.16.20.1 distribute-list 1 out

access-list 1 deny 192.168.10.0 0.0.0.255 access-list 1 permit 0.0.0.0 255.255.255.255

104 ip prefix-list

Alternative to access-lists with many BGP route filtering commands Advantages:

Significant performance improvement in loading and route lookup of large lists

Support for incremental updates

A more user friendly command-line interface Greater flexibility

R(config)#ip prefix-list list-name [seq seq-val] deny|permit network/len [ge ge-val] [le le-val]

Example: applied to outgoing EBGP updates to 192.168.1.1

R(config)# ip prefix-list ELMO permit 172.16.0.0/16 R(config)# router bgp 100

R(config-router)# neighbor 192.168.1.1 remote-as 200 R(config-router)# neighbor 192.168.1.1 prefix-list ELMO out

(53)

105

IP prefix-list command

ip prefix-list

Optional parameters: ge and le

Specify the range of the prefix length to be matched for prefixes that are more specific than the network/len value

len < ge-value <= le-value <= 32 Ex:

Accept a mask length of up to 24 bits in routes with the prefix 192.0.0.0/8, and to deny more specific routes

RTA(config)#ip prefix-list GROVER permit 192.0.0.0/8 le 24 RTA(config)#ip prefix-list GROVER deny 192.0.0.0/8 ge 25 192.168.32.0/19 and 192.168.1.0/24 match the permit, but 192.168.1.32/27 doesn’t

All prefixes in 10.0.0.0/8 that have a mask length from 16 to 24 bits

RTA(config)#ip prefix-list OSCAR permit 10.0.0.0/8 ge 16 le 24

Each prefix list entry is assigned a sequence number new entries can be inserted at any point in the list automatically generated in increments of five

Redundancy, Symmetry and Load Balancing

Redundancy

Achieved by providing multiple alternate paths Having multiple connections to one or more ASs

Problem the more redundant links a network has, the more unpredictable the entrance and exit points become

Alternate routes imply additional information in the routing tables Solution default routing

Symmetry

If traffic leaves the AS from a certain exit point and returns through the same point

Choose a primary path and configure routing policies that force traffic to flow along this path

(54)

107

Redundancy

Default routes

Minimize the size of a routing table

Provide networks with redundancy in the event of failures and connectivity interruptions

In BGP

Local Preference attribute can be manipulated on the various default routes

One default route is the primary the highest Local Preference

108

BGP Redistribution

Relationship between Internet route stability and the method used to inject routes into BGP

Information can be injected into BGP Dynamically

Routes come and go from the BGP routing table, depending on the status of the networks

Purely dynamic redistribution

All the IGP routes are redistributed into BGP using the redistribute command

Semi-dynamic redistribution

Only certain IGP routes are injected into BGP using the BGP network command

More selective than a completely dynamic method Networkcommand is necessary for each route prefix Statically

(55)

109

Synchronization

BGP does not advertise routes learned via IBGP peers to other IBGP peers.

If they did, BGP routing inside the AS would present a dangerous potential for routing loops.

(56)

111 When an IBGP router receives an update about a destination

from an IBGP peer, it tries to verify reachability to that destination via an IGP, such as RIP or OSPF.

If the IBGP router can’t findthe destination network in it’s IGP routing table, it will notadvertise the destination to other BGP peers.

AS Synchronization

112 If the IBGP router does have an IGProute to this destination, the route is considered synchronized, and the router will announce it to other BGP peers.

Otherwise, the router will treat the route as not being synchronized with the IGPand will not advertise it.

(57)

113 The Cisco IOS offers an optional command called “no

synchronization”.

This command enables BGP to override the synchronization requirement, allowing the router to advertise routes learned via IBGP irrespective of an existence of an IGProute.

AS Synchronization

Usually a BGP speaker does not advertise a route to an external neighbor unless that route is local or exists in the IGP.

“no synchronization command”

It permits BGP to advertise networks without caring whether the IGP (OSPF, IS-IS, EIGRP, etc.) has the route.

(58)

115

In practice, two situations exist where synchronization can be safely turned off on border routers:

1. When all transit routers inside the AS are running fully meshed IBGP. Internal reachability is guaranteed because a route that is learned via EBGP on any of the border routers will automatically be passed on via IBGP to all other transit routers.

2. When the AS is not a transit AS.

AS Synchronization

116

BGP Configuration

Finally, whenever configuring BGP, you will notice that changes you make to an existing configuration may not appear

immediately.

To force BGP to clear its table and reset BGP sessions, use the clear ip bgp command. The easiest way to enter this command is as follows:

(59)

117

BGP Routing

Routes are exchanged between BGP peers via UPDATE messages

BGP routers

Receive the UPDATE messages

Run some policies or filters over the updates Pass on the routes to other BGP peers

BGP Cisco implementation has a BGP table separate from the IP routing table

For example, the following command will match any AS_PATH that includes 364:

Router(config)#ip as-path access-list 1 permit 364

Unfortunately, the regular expression, 364, will match not only AS 364, but also 1364, 2364, 3364, etc.

Because policy routing demands a certain degree of precision, you will typically use one or more these special characters when creating a regular expression.

(60)

119

Regular Expressions

Character Description

^

Matches the beginning of the input string.

$

Matches the end of the input string.

_

Matches a space, comma, left brace, right brace, the beginning of an input string, or the

ending of an input stream

.

Matches any single character

*

Matches 0 or more single- or multiple-character patterns. Router(config)#ip as-path access-list 1 permit ^364$

120

BGP Redistribution

Information can be injected into BGP Dynamically

Routes come and go from the BGP routing table, depending on the status of the networks

Purely dynamic redistribution

All the IGP routes are redistributed into BGP using the redistributecommand

Semi-dynamic redistribution

Only certain IGP routes are injected into BGP using the BGP networkcommand

More selective than a completely dynamic method Networkcommand is necessary for each route prefix Statically

(61)

121

Redistribute BGP

RTB(config-router)#neighbor 10.1.1.2 route-mapBLOCK-BAD-ADDRESSESout RTB(config-router)#redistribute ospf 1 match internal metric 50

RTB(config-router)#redistribute static RTB(config)#router bgp 200

RTB(config-router)#neighbor 10.1.1.2 route-mapBLOCK-BAD-ADDRESSESout RTB(config-router)#network 192.168.1.0

RTB(config-router)#network 192.168.2.0

(62)

123

Resources

BGP Case Studies

http://cisco.com/en/US/partner/tech/tk365/technologies_tech_no te09186a00800c95bb.shtml

Troubleshooting BGP

http://cisco.com/en/US/partner/tech/tk365/technologies_tech_no te09186a008009478a.shtml 124