1 / 126

Border Gateway Protocol (BGP4)

Border Gateway Protocol (BGP4). AfNOG Workshops Philip Smith. Border Gateway Protocol (BGP). Review: Routing and Forwarding Building Blocks BGP Protocol Basics BGP Path Attributes BGP Path Computation Typical BGP topologies Routing Policy Redundancy/Load sharing Best current practices.

gay-sears
Download Presentation

Border Gateway Protocol (BGP4)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Border Gateway Protocol (BGP4) AfNOG Workshops Philip Smith

  2. Border Gateway Protocol (BGP) • Review: Routing and Forwarding • Building Blocks • BGP Protocol Basics • BGP Path Attributes • BGP Path Computation • Typical BGP topologies • Routing Policy • Redundancy/Load sharing • Best current practices

  3. BGP Part 1 Routing, Forwarding and Building Blocks

  4. Routing versus Forwarding • Routing = building maps and giving directions • Forwarding = moving packets between interfaces according to the “directions”

  5. IP Routing • Each router or host makes its own routing decisions • Sending machine does not have to determine the entire path to the destination • Sending machine just determines the next-hop along the path. • This process is repeated until the destination is reached • Forwarding table consulted to determine the next-hop

  6. IP Routing • Classless routing • route entries include • destination • next-hop • mask (prefix-length) indicating size of address space described by the entry • Longest match • for a given destination, find longest prefix match in the routing table • example: destination is 35.35.66.42 • routing table entries are 35.0.0.0/8, 35.35.64.0/19 and 0.0.0.0/0

  7. IP routing • Default route • where to send packets if there is no entry for the destination in the routing table • most machines have a single default route • often referred to as a default gateway

  8. Packet: Destination IP address: 10.1.1.1 R1 10/8  R3 10.1/16  R4 20/8  R5 ….. R2’s IP routing table IP route lookup R3 All 10/8 except 10.1/16 R4 R2 Based on destination IP packet 10.1/16

  9. Packet: Destination IP address: 10.1.1.1 R1 10/8  R3 10.1/16  R4 20/8  R5 ….. IP route lookup:Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1.1.1 && FF.0.0.0 vs. 10.0.0.0 && FF.0.0.0 10.1/16 Match! R2’s IP routing table

  10. Packet: Destination IP address: 10.1.1.1 R1 10/8  R3 10.1/16  R4 20/8  R5 ….. R2’s IP routing table IP route lookup:Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16 10.1.1.1 && FF.FF.0.0 vs. 10.1.0.0 && FF.FF.0.0 Match as well!

  11. Packet: Destination IP address: 10.1.1.1 R1 10/8  R3 10.1/16  R4 20/8  R5 ….. R2’s IP routing table IP route lookup:Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16 10.1.1.1 && FF.0.0.0 vs. 20.0.0.0 && FF.0.0.0 Does not match!

  12. R1 10/8  R3 10.1/16  R4 20/8  R5 ….. R2’s IP routing table IP route lookup:Longest match routing R3 All 10/8 except 10.1/16 Packet: Destination IP address: 10.1.1.1 R4 R2 10.1/16 Longest match, 16 bit netmask

  13. IP route lookup:Longest match routing • Most specific/longest match always wins!! • Many people forget this, even experienced ISP engineers • Default route is 0.0.0.0/0 • Can handle it using the normal longest match algorithm • Matches everything. Always the shortest match.

  14. Dynamic Routing • routers compute routing tables dynamically based on information provided by other routers in the network • routers communicate topology to each other via different protocols • routers then compute one or more next hops for each destination – trying to calculate the most optimal path

  15. Forwarding Table/FIB • Forwarding table determines how packets are sent through the router • Often called the FIB – Forwarding Information Base • Made from routing table built by routing protocols • Best routes from routing tables are installed • Performs the lookup to find next-hop and outgoing interface • Switches the packet with new encapsulation as per the outgoing interface

  16. Routing Tables Feed the Forwarding Table BGP 4 Routing Table Forward Table OSPF – Link State Database Static Routes

  17. Building Blocks • Autonomous System (AS) • Types of Routes • IGP/EGP • DMZ • Policy • Egress • Ingress

  18. Autonomous System (AS) • Collection of networks with same policy • Single routing protocol • Usually under single administrative control • IGP to provide internal connectivity AS 100

  19. Autonomous System (AS)... • Identified by ‘AS number’ • Public & Private AS numbers • Examples: • Service provider • Multi-homed customers • Anyone needing policy discrimination

  20. Routing flow and packet flow packet flow • For networks in AS1 and AS2 to communicate: • AS1 must announce routes to AS2 • AS2 must accept routes from AS1 • AS2 must announce routes to AS1 • AS1 must accept routes from AS2 egress announce accept AS2 AS 1 Routingflow announce accept ingress packet flow

  21. Egress Traffic • Packets exiting the network • Based on: • Route availability (what others send you) • Route acceptance (what you accept from others) • Policy and tuning (what you do with routes from others) • Peering and transit agreements

  22. Ingress Traffic • Packets entering your network • Ingress traffic depends on: • What information you send and to whom • Based on your addressing and ASes • Based on others’ policy (what they accept from you and what they do with it)

  23. Types of Routes • Static Routes • configured manually • Connected Routes • created automatically when an interface is ‘up’ • Interior Routes • Routes within an AS • learned via IGP • Exterior Routes • Routes exterior to AS • learned via EGP

  24. What is Policy? • Use your policy to control how you accept and send routing updates to neighbors • prefer cheaper connections, load-sharing, etc. • Accepting routes from some ISPs and not others • Sending some routes to some ISPs and not others • Preferring routes from some ISPs over others

  25. Interior (IGP) Automatic neighbour discovery Generally trust your IGP routers Routes go to all IGP routers Exterior (EGP) Specifically configured peers Connecting with outside networks Set administrative boundaries Interior vs. Exterior Routing Protocols

  26. Hierarchy of Routing Protocols Other ISPs BGP4 BGP4 and OSPF/ISIS Static/BGP4 BGP4 Local NAP Customers

  27. DeMarcation Zone (DMZ) • Shared network between ASes A C DMZ Network AS 100 AS 101 B D E AS 102

  28. Addressing – ISP • Need to reserve address space for its network. • Need to allocate address blocks to its customers. • Need to take “growth” into consideration • Upstream link address is allocated by upstream provider

  29. BGP Part 2 The Basics

  30. BGP Basics • Protocol Basics • Terminology • Messages • General Operation • Peering relationships (eBGP/iBGP) • Originating routes

  31. Protocol Basics Peering • Routing Protocol used between ASes • If you aren’t connected to multiple ASes you don’t need BGP • Runs over TCP A C AS 100 AS 101 B D E AS 102

  32. Protocol Basics • Uses Incremental updates • Path Vector protocol • keeps track of the AS path of routing information • Many options for policy enforcement

  33. Terminology • Neighbour • Configured BGP peer • NLRI/Prefix • NLRI – network layer reachability information • Reachability information for an IP address & mask • Router-ID • 32 bit integer to uniquely identify router • Comes from Loopback or Highest IP address configured on the router • Route/Path • NLRI advertised by a neighbor

  34. Terminology • Transit – carrying network traffic across a network, usually for a fee • Peering – exchanging routing information and traffic • your customers and your peers customers network information only • Default – where to send traffic when there is no explicit route in the routing table

  35. BGP Basics … • Each AS originates a set of NLRI • NLRI is exchanged between BGP peers • Can have multiple paths for a given prefix • Picks the best path and installs in the IP forwarding table • Policies applied (through attributes) influences BGP path selection

  36. A C B D E eBGP TCP/IP Peer Connection BGP Peers AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP speakers are called peers Peers in different AS’sare called External Peers AS 102 220.220.32.0/24 Note: eBGP Peers normally should be directly connected.

  37. A C B D E iBGP TCP/IP Peer Connection BGP Peers AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP speakers are called peers Peers in the same ASare called Internal Peers AS 102 220.220.32.0/24 Note: iBGP Peers don’t have to be directly connected.

  38. A C B D E BGP Update Messages BGP Peers AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP Peers exchange Update messages containing Network Layer Reachability Information (NLRI) AS 102 220.220.32.0/24

  39. AS 101 AS 100 eBGP TCP Connection 222.222.10.0/30 220.220.8.0/24 220.220.16.0/24 .2 .1 .2 .1 .2 .1 B A C D interface Serial 0 ip address 222.222.10.2 255.255.255.252 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101 interface Serial 0 ip address 222.222.10.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 222.222.10.2 remote-as 100 Configuring BGP Peers • BGP peering sessions are established using the BGP “neighbor” command • eBGP is configured when AS numbers are different

  40. AS 101 AS 100 iBGP TCP Connection 222.222.10.0/30 220.220.8.0/24 220.220.16.0/24 .2 .1 .2 .1 .2 .1 B A C D interface Serial 1 ip address 222.220.16.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.2 remote-as 101 interface Serial 1 ip address 220.220.16.2 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.1 remote-as 101 Configuring BGP peers • BGP peering sessions are established using the BGP “neighbor” command • iBGP is configured when AS numbers are the same

  41. B A C iBGP TCP/IP Peer Connection Configuring BGP peers AS 100 • Each iBGP speaker must peer with every other iBGP speaker in the AS

  42. 215.10.7.2 215.10.7.1 B A 215.10.7.3 C iBGP TCP/IP Peer Connection Configuring BGP peers AS 100 • Loopback interfaces are normally used as the iBGP peer connection end-points

  43. 215.10.7.2 215.10.7.1 B A 215.10.7.3 interface loopback 0 ip address 215.10.7.1 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7.3 update-source loopback0 C Configuring BGP peers AS 100

  44. 215.10.7.2 215.10.7.1 B A 215.10.7.3 C interface loopback 0 ip address 215.10.7.2 255.255.255.255 router bgp 100 network 220.220.5.0 neighbor 215.10.7.1 remote-as 100 neighbor 215.10.7.1 update-source loopback0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7.3 update-source loopback0 iBGP TCP/IP Peer Connection Configuring BGP peers AS 100

  45. 215.10.7.2 215.10.7.1 B A 215.10.7.3 C interface loopback 0 ip address 215.10.7.3 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.1 remote-as 100 neighbor 215.10.7.1 update-source loopback0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback0 Configuring BGP peers AS 100

  46. A BGP update is used to advertise a single feasible route to a peer, or to withdraw multiple unfeasible routes Each update message contains attributes, like origin, AS-Path, Next-Hop, ……. BGP Update Messages The BGP UPDATE Message Length (I Octet) Prefix (Variable) Unfeasible Routes Length (2 Octets) Withdrawn Routes (Variable) Attribute Type Total path Attribute Length (2 Octets) Attribute Length Path Attributes (Variable) Attribute Value Network Layer Reachability Information (Variable) Length (I Octet) Prefix (Variable)

  47. BGP Updates — NLRI • Network Layer Reachability Information • Used to advertise feasible routes • Composed of: • Network Prefix • Mask Length

  48. BGP Updates — Attributes • Used to convey information associated with NLRI • AS path • Next hop • Local preference • Multi-Exit Discriminator (MED) • Community • Origin • Aggregator

  49. Sequence of ASes a route has traversed Loop detection Apply policy AS-Path Attribute AS 200 AS 100 170.10.0.0/16 180.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 AS 300 AS 400 150.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 150.10.0.0/16 300 400 AS 500

  50. B A C D E Network Next-Hop Path 160.10.0.0/16 192.20.2.1 100 BGP Update Messages Next Hop Attribute AS 300 AS 200 140.10.0.0/16 192.10.1.0/30 150.10.0.0/16 .1 .2 .2 192.20.2.0/30 .1 • Next hop to reach a network • Usually a local network is the next hop in eBGP session AS 100 160.10.0.0/16

More Related