1.53k likes | 1.73k Views
CIS 185 CCNP ROUTE Ch. 6 Border Gateway Protocol Solution for ISP Connectivity – Part 2. Rick Graziani Cabrillo College graziani@cabrillo.edu Last Updated: Fall 2010. Materials. Show configuration for not being a transit AS. Materials. Book:
E N D
CIS 185 CCNP ROUTECh. 6 Border Gateway Protocol Solution for ISP Connectivity – Part 2 Rick Graziani Cabrillo College graziani@cabrillo.edu Last Updated: Fall 2010
Materials • Show configuration for not being a transit AS
Materials • Book: • Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide: Foundation learning for the ROUTE 642-902 Exam • By Diane Teare • Book • ISBN-10: 1-58705-882-0 • ISBN-13: 978-1-58705-882-0 • eBook • ISBN-10: 0-13-255033-4 • ISBN-13: 978-0-13-255033-8
L2 PAIX Bi-lateral Settlement Free Peer Non-transit. You can get to our prefixes and we can get to your prefixes. No charge. Level 3 Transit Customer Prefixes Buy transit per Mb/s per month for routes not know from non-transit AS’s EBGP Public IP Address CENIC (non-transit AS) Cabrillo Google Static Redistribute static Default Commodity Peer SVL SAC MED LocPref SVL-Agg1 AS and Public IP Address EBGP EBGP UCSC Hurricane Elec Fully-meshed IBGP EBGP Commodity Peer AS and Public IP Address EBGP UCLA LAX RVR LAX-Agg1 Comcast Static IGP: IS-IS used for next-hop reachability Default Public IP Address Commodity Peer EBGP Cuesta Non-transit. You can get to our prefixes and we can get to your prefixes. No charge. Internet 2 NLR CUDI Cogent Buy transit per Mb/s per month for routes not know from non-transit AS’s Research Peer Research Peer Transit Note: Non-customer prefixes (networks connecting peers) are not included in EBGP updates to peers. IGP is not redistributed into IS-IS and IS-IS is not redistributed into BGP. Note: This diagram is by no means accurate but only a very simplified representation of an AS.
Path Attributes • Each route has its own set of defined attributes, which can include: • Path information • Route preference • Next-hop • Aggregation information • Administrators use these values to enforce routing policy. • Based on attribute values, you can configure BGP to: • filter routing information • prefer certain paths • customize its behavior • Every UPDATE message has a variable-length sequence of path attributes.
Path Attributes • Not all vendor implementations of BGP recognize the same attributes. • Path attributes come in four different types: • Well-known mandatory • Well-known discretionary • Optional transitive • Optional non-transitive
Path Attributes Well-known mandatory • An attribute that has to exist in the BGP UPDATE packet. • It must be recognized by all BGP implementations. • If a well-known attribute is missing, a notification error will be generated • This ensures that all BGP implementations agree on a standard set of attributes. Example: AS_PATH attribute
Path Attributes Well-known discretionary • An attribute that is recognized by all BGP implementations • But may or may not be sent in the BGP UPDATE message. Example: LOCAL_PREF
Path Attributes Optional transitive • An attribute that may or may not be, recognized by all BGP implementations (thus, optional). • Because the attribute is transitive: • BGP should accept and advertise the attribute even if it isn’t recognized. Example: COMMUNITY
Path Attributes Optional non-transitive • An attribute that may or may not be, recognized by all BGP implementations. • Whether or not the receiving BGP router recognizes the attribute, it is non-transitive: • Should NOT be passed along to other BGP peers. Example: MED
WLam Weight Local Preference as path med Summary of the BGP Path Selection Process • BGP uses the following criteria, in the order presented, to select a path for a destination: • NOTE: Not all of these are commonly used and will be examined in more detail later in this presentation and in the next presentation. 1. If the path specifies a next hop that is inaccessible, drop the update. 2. Prefer the path with the largest weight. 3. If the weights are the same, prefer the path with the largest local preference. 4. If the local preferences are the same, prefer the path that was originated by BGP running on this router. 5. If no route was originated, prefer the route that has the shortest AS_path. 6. If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than Incomplete). 7. If the origin codes are the same, prefer the path with the lowest MED attribute. 8. If the paths have the same MED, prefer the external path over the internal path. 9. If the paths are still the same, prefer the path through the closest IGP neighbor. 10. Prefer the path with the lowest IP address, as specified by the BGP router ID The Route Selection Decision Process (Cisco)
The AS-Path Attribute WLam Weight Local Preference as path med My path to 192.168.1.0 is (65500, 64520) • AS-path attribute – Well-known mandatory attribute • Whenever a route update passes through an AS, the AS number is prepended to that update • AS number is put at the beginning of the list when it is advertised to the next EBGP neighbor. • Router A: advertises network 192.168.1.0 in AS 64520. • Router C: prepends its own AS number to it and advertises the route to Router B. • Router B: From Router B’s perspective, the path to reach 192.168.1.0 is: • 65500, 64520
The AS-Path Attribute My path to 192.168.1.0 is (65500, 64520) My path to 192.168.1.0 is (64520) • AS numbers are prepended only by routers advertising routes to EBGP neighbors. • Routers advertising routes to IBGP neighbors do not change the AS-path attribute
show ip bpg – Shows the BGP Table • AS Path to 44.0.0.0 is via AS: 7018, 22822, 22822, 2152, 7377 • 2282 twice? • AS Path prepend (later)
The Next-Hop Attribute • Next-hop attribute - A well-known mandatory attribute • Indicates the next-hop IP address that is to be used to reach a destination. • IGPs: • hop-by-hop routing protocol • router-by-router • BGP: • hop-by-hop routing protocol (like IGPs) • AS-by-AS (not like IGPs) • By default, the next-hop is the next AS
The Next-Hop Attribute • EBGP: The next-hop is the IP address of the neighbor that sent the update. • Router A advertises (EBGP) 172.16.0.0 to Router B, with a next hop of 10.10.10.3 • IBGP: The next-hop is carried into IBGP unchanged. • Router B advertises (IBGP) 172.16.0.0 to Router C, with a next hop of 10.10.10.3. • Router B uses 10.10.10.3 as the next-hop attribute to get to 172.16.0.0 • Router C’s next hop to reach 172.16.0.0 is 10.10.10.3 not 172.20.10.1
The Next-Hop Attribute • Very important that Router C knows how to reach the 10.10.10.3 (10.0.0.0 or 10.10.10.0) • IGP • static route • Otherwise, Router C will drop packets destined for 172.16.0.0, because it will not be able to get to the next-hop address for that network. • Must either: • Advertise the next-hop network, the network between AS’s, (10.10.10.0) into the AS • Change the next-hop address (Router B’s 172.20.10.0 network) - later
The Next-Hop Attribute Recursive Lookup • IBGP router performs a recursive lookup to find out how to reach the BGP next-hop address by using its IGP entries in the routing table. • Router C has a packet to send to 172.16.100.1 • Finds the longest-match for 172.16.100.1 (172.16.0.0/16) in the routing table and finds a BGP route with a next hop of 10.10.10.3. • Does a recursive lookup in the routing table for a path to network 10.10.10.3 • If there is an IGP route to 10.10.10.3 (ex: 10.10.10.0) in the routing table with a next hop of 172.20.10.1 • Forwards the packet destined for 172.16.100.1 to 172.20.10.1 • Otherwise, drops the packet
Third-Party Next-Hop 172.30.0.0 I’m your EBGP peer but your best next-hop path to 172.30.0.0 is via Router C at 10.10.10.2 EBGP Third-party Next-Hop: • When running BGP over a multiaccess network such as Ethernet, a BGP router uses the appropriate address as the next-hop address (by changing the next-hop attribute) to avoid inserting additional hops into the path. • Because the network among the three routers A, B, and C is a multiaccess network, it makes more sense for Router A to use Router C as a next hop to reach 172.30.0.0, rather than making an extra hop via Router B.
Third-Party Next-Hop 172.30.0.0 I’m your EBGP peer but since this is a multicaccess network I know your best next-hop path to 172.30.0.0 is via Router C at 10.10.10.2 PVC EBGP PVC Thanks but I don’t have a PVC or a Frame Relay map entry to 10.10.10.2 • However, if the common medium between routers is a nonbroadcast multiaccess (NBMA) medium, complications might occur. • Routers A, B, and C are connected by Frame Relay. • Router B can reach network 172.30.0.0 via 10.10.10.2 (PVC). • When Router B sends a BGP update to Router A about 172.30.0.0, it uses 10.10.10.2 as the next hop, not its own IP address (10.10.10.1). • A problem arises if Routers A and C do not know how to communicate directly • Routers A and C do not have a Frame Relay map entry to reach each other • Solution: Router B could advertise itself as the next-hop address for routes sent to Router A like a non-multiaccess network (later)
The Origin Attribute • The origin attribute is a well-known mandatory attribute • Defines the origin of the path information. • The origin attribute can be one of three values: • IGP • The route is interior to the originating AS. • Normally when the network command is used (coming) • Indicated with an “i” in the BGP table (coming) • EGP • The route is learned via EGP • EGP is legacy and no longer supported in the Internet • Indicated with an “e” in the BGP table. • Incomplete • The route’s origin is unknown or is learned via some other means. • This usually occurs when a route is redistributed into BGP. • Indicated with a “?” in the BGP table.
The Local Preference Attribute 172.16.0.0 WLam Weight Local Preference as path med IBGP • Local preference - A well-known discretionary attribute • Indicates to routers in the AS which path is preferred to exit the AS • Path with the higher local preference is preferred. • Configured on a router • Exchanged only among routers within the same AS • Passed only via IBGP not via EBGP • Default value on a Cisco router is 100 • Local Preference takes precedence over AS_PATH • WLam: Weight, Local preference, as path, med
The Local Preference Attribute 172.16.0.0 My Local Preference is higher so I am the preferred exit point. IBGP • AS 64520 receives updates about network 172.16.0.0 from two directions: • via AS 65500 (65500, 65350) • via 65000 (65000, 65250, 65350) • Router A and Router B are IBGP neighbors. • Local preference: • On Router A for network 172.16.0.0 is set to 200 • On Router B for network 172.16.0.0 is set to 150 • Local preference information is exchanged within AS 64520 via IBGP • All traffic in AS 64520 addressed to network 172.16.0.0 is sent to Router A as an exit point from AS 64520.
The MED Attribute 172.20.0.0 WLam Weight Local Preference as path med • The MED attribute - An optional nontransitive attribute. • Also called the metric • Displayed in the metric column in the BGP table. • Indicates to external neighbors the preferred path into an autonomous system. • A way for an AS to try to influence another AS as to which way it should send its traffic when there are multiple entry points. • MED is sent to EBGP peers: • Those routers propagate the MED within their AS • But do not pass it on to the next AS
The MED Attribute 172.20.0.0 My MED is 200 for 172.20.0.0 so send those packets this way. My MED is 150 for 172.20.0.0 so send those packets this way. Which path is most attractive? • By default, a router compares the MED attribute only for paths from neighbors in the same AS. • By using the MED attribute, BGP is the only protocol that can affect how routes are sent into an AS. • Router B has set the MED attribute to 150 for 172.20.0.0 • Router C has set the MED attribute to 200 for 172.20.0.0 • Router A receives EBGP updates from Routers B and C • Chooses Router B as the best next hop to get to AS 65500
AS 65000 172.20.0.0 AS 65002 AS 65001 The MED Attribute My MED is 200 for 172.20.0.0 so send those packets this way to AS 65002. My MED is 150 for 172.20.0.0 so send those packets this way to AS 65001. Different AS’s so I won’t use the MED unless configured with “bgp always compare med” • By default, a router compares the MED attribute only for paths from neighbors in the same AS. • If these were two different AS’s then Router A would use MED for best path selection
The Weight Attribute (Cisco Only) WLam Weight Local Preference as path med • Weight attribute - a Cisco-defined attribute used for the path-selection process. • Configured locally and not propagated to any other routers • Higher weight is preferred when there are multiple routes to the same network. • Weight takes precedence over Local Preference • Value from 0 to 65535. • Default of 32768
The Weight Attribute (Cisco Only) AS 65500 150 AS 65000 200 Router A • Router A has two ways to reach 172.20.0.0 • via Router B (AS 65000) • via Router C (AS 65500) • Router A is configured to set the weight of updates coming from: • Router B to 200 • Router C to 150 • Weight for Router B is higher so Router A uses Router B as a next hop to reach 172.20.0.0
The Path-Selection Decision Process with a Multihomed Connection • An AS rarely implements BGP with only one EBGP connection, so generally multiple paths exist for each network in the BGP forwarding database. • Using the 11-step route selection process as outlined in Diane Teare’s book…
Summary of the BGP Path Selection Process • BGP uses the following criteria, in the order presented, to select a path for a destination: • NOTE: Not all of these are commonly used and will be examined in more detail later in this presentation and in the next presentation. 1. If the path specifies a next hop that is inaccessible, drop the update. 2. Prefer the path with the largest weight. 3. If the weights are the same, prefer the path with the largest local preference. 4. If the local preferences are the same, prefer the path that was originated by BGP running on this router. 5. If no route was originated, prefer the route that has the shortest AS_path. 6. If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than Incomplete). 7. If the origin codes are the same, prefer the path with the lowest MED attribute. 8. If the paths have the same MED, prefer the external path over the internal path. 9. If the paths are still the same, prefer the path through the closest IGP neighbor. 10. Prefer the path with the lowest IP address, as specified by the BGP router ID The Route Selection Decision Process (Cisco) WLam Weight Local Preference as path med
The Route Selection Decision Process (ROUTE) • Step 1 Prefer the route with the highest weight. (Recall that the weight is Cisco-proprietary and is local to the router only.) • Step 2 If multiple routes have the same weight, prefer the route with the highest local preference. (Recall that the local preference is used within an AS.) • Step 3 If multiple routes have the same local preference, prefer the route that was originated by the local router. (network command) • Step 4 If none of the routes were originated by the local router, prefer the route with the shortest AS-path. • Step 5 If the AS-path length is the same, prefer the lowest origin code (IGP < EGP < incomplete). • Step 6 If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is exchanged between autonomous systems.) The MED comparison is done only if the neighboring AS is the same for all routes considered, unless the bgp always-compare-med router configuration command is enabled. • Step 7 If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). • Step 8 If synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means that the router prefers the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). • Step 9 For EBGP paths, select the oldest route, to minimize the effect of routes going up and down (flapping). • Step 10 Prefer the route with the lowest neighbor BGP router ID value. • Step 11 If the BGP router IDs are the same, prefer the route with the lowest neighbor IP address.
1 2 The Route Selection Decision Process (ROUTE) 3 5 4 7 6 • Step 1 Prefer the route with the highest weight. (Recall that the weight is Cisco-proprietary and is local to the router only.) • Step 2 If multiple routes have the same weight, prefer the route with the highest local preference. (Recall that the local preference is used within an AS.) • Step 3 If multiple routes have the same local preference, prefer the route that was originated by the local router. (network command) • Step 4 If none of the routes were originated by the local router, prefer the route with the shortest AS-path. • Step 5 If the AS-path length is the same, prefer the lowest origin code (IGP < EGP < incomplete). • Step 6 If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is exchanged between autonomous systems.) The MED comparison is done only if the neighboring AS is the same for all routes considered, unless the bgp always-compare-med router configuration command is enabled. • Step 7 If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). • Step 8 If synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means that the router prefers the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). • Step 9 For EBGP paths, select the oldest route, to minimize the effect of routes going up and down (flapping). • Step 10 Prefer the route with the lowest neighbor BGP router ID value. • Step 11 If the BGP router IDs are the same, prefer the route with the lowest neighbor IP address. 9 8 10 11
R1(config)#router bgp 65201 R1(config-router)# maximum-paths 2 Multiple Path Selection (BGP Multipath) • BGP chooses only a single best path for each destination. • The maximum-paths paths affects only the number of routes kept in the IP routing table, not the number of paths selected as best by BGP. • Defaults to one. • R2 and R3 are advertising network 10.0.0.0. • With maximum-paths 2: both paths appear in the IP routing table • Without maximum-paths 2: only one path to 10.0.0.0 in R1’s routing table • Only one path is still selected as the best in the BGP table “>” (offered to the IP routing table) and advertised to its BGP neighbors.
Entering BGP Configuration Mode RTA(config)#router bgp 100 RTA(config-router)# RTB(config)#router bgp 200 RTB(config-router)# • Use the router bgp autonomous-system global configuration command • autonomous-system identifies the local AS. • AS determines whether IBGP or EBGP neighbors. • The router bgp command alone does not activate BGP on a router. • Must enter at least one subcommand. • Only one instance of BGP can be configured on a router
Defining BGP Neighbors and Activating BGP Sessions RTA(config)#router bgp 100 RTA(config-router)#neighbor 10.1.1.1 remote-as 200 RTB(config)#router bgp 200 RTB(config-router)#neighbor 10.1.1.2 remote-as 100 • neighbor {ip-address | peer-group-name} remote-as autonomous-system • This address must be reachable (for TCP session) and exchanging BGP updates. • autonomous-system field of the neighbor remote-as: • EBGP: different AS numbers • IBGP: same AS number • Note: We will discuss peer groups later.
router bgp 65101 neighbor 10.2.2.2 remote-as 65101 neighbor 10.1.1.2 remote-as 65101 EBGP and fully meshed IBGP
Router(config)# router bgp as Router(config-router)# neighbor {ip-address | peer-group-name} shutdown • Shutting Down a BGP Neighbor • To disable (administratively shut down) an existing BGP neighbor or peer group • This command not only terminates the session but also removes all associated routing information. • Use the “no neighbor…” to enable a neighbor previously shutdown • If you want to implement major policy changes to a neighboring you must: • Administratively shut down the neighboring router • Implement the changes (attributes, route filtering, etc.) • Administratively bring the neighboring router back up
Defining the Source IP Address RTA(config)#router bgp 100 RTA(config-router)#neighbor 10.1.1.1 remote-as 200 I will only accept BGP updates with a source IP address of 10.1.1.1 • The BGP neighbor statement tells the BGP process the destination IP address of each update packet. • The source IP address must match the address in the corresponding neighbor statement on the other router. • BGP does not accept unsolicited updates.
RouterD(config)#router bgp 65102 RouterD(config-router)#neighbor 10.3.3.1 remote-as 650102 • Router D has the configuration above. • If Router A is sending the BGP packets to Router D via Router B • The source IP address of the packets will be 10.1.1.1 • Router D: • Does not recognize the sender of the BGP packet (10.1.1.1) • 10.1.1.1 is not configured as a neighbor of Router D. • The IBGP session between Router A and D will not be established.
Router(config)#router bgp as Router(config-router)# neighbor {ip-address | peer-group-name} update-source loopback interface-number RouterA(config)#router bgp 65102 RouterA(config-router)#neighbor 192.168.4.4 remote-as 650102 RouterA(config-router)#neighbor 192.168.4.4 update-source loopback0 • Solution: Establish the IBGP session using a loopback interface when there are multiple paths between the IBGP neighbors. • Causes the router to use the address of the specified loopback interface as the source address for BGP connections to this neighbor. • Need to make sure loopback address is reachable (TCP session) RouterD(config)#router bgp 65102 RouterD(config-router)#neighbor 192.168.1.1 remote-as 650102 RouterD(config-router)#neighbor 192.168.1.1 update-source loopback0
Router B has Router A as an EBGP neighbor • Only reachable via directly connected address 172.16.1.1 • Router C has Router D as an EBGP neighbor • Only reachable via directly connected address 192.168.1.1
However, Router B has multiple paths to reach Router C (IBGP neighbor) • Router B and C: All networks are reachable via IGP EIGRP including loopback interfaces • Neighbor relationship between Routers B and C are loopback interfaces • If one of the links between Router B and C goes down the BGP peering is not affected. • Without the loopbacks as source interfaces If one of the links between Router B and C goes down the BGP neighbor relationship would be lost.
EBGP Multihop • Because IGP routing information is not exchanged with external peers: • The router must point to a directly connected address for external neighbors. • A loopback interface is never directly connected. • So, if you want to peer with a loopback interface instead: • Must add a static route to the loopback pointing to the physical address of the directly connected network (the next-hop address) • Must also enable multihop EBGP, with the router configuration command: neighbor {ip-address | peer-group-name} ebgp-multihop [ttl] • This command increases the default of one hop for EBGP peers by changing the default Time to Live (TTL) value of 1 and therefore allowing routes to the EBGP loopback address. • By default, the TTL is set to 255 with this command. • This command is of value when redundant paths exist between EBGP neighbors.
EBGP Multihop RTA(config)#router bgp 65102 RTA(config-router)#neighbor 192.168.1.18 remote-as 65101 RTA(config-router)#neighbor 192.168.1.34 remote-as 65101 Alternative but less desirable • Router A in AS 65102 has two paths to Router B in AS 65101. • Primary • Backup • Router A can use two neighbor statements pointing to 192.168.1.18 and 192.168.1.34 on Router B. • Disadvantage: Router A will send duplicate (two) BGP updates to Router B because of the two neighbor statements.
EBGP Multihop EBGP Multihop • Each router instead: • Uses its loopback address as the source IP address for its BGP updates • Points to the loopback address of the other router • IGP is not used between autonomous systems, so neither router can reach the loopback of the other router without assistance. • Assistance: Each router needs to use two static routes: • A path to reach the loopback address of the other router. • neighbor ebgp-multihop: Must also be configured to change the default setting of BGP and inform the BGP process that this neighbor IP address is more than one hop away (2 hops in this example).
Changing the Next-Hop Attribute • An internal protocol, such as RIP, EIGRP, or OSPF, always uses the source IP address of a routing update as the next-hop address for each network from that update that is placed in the routing table. • IBGP: The next-hop is carried into IBGP unchanged. • neighbor {ip-address | peer-group-name} next-hop-self router configuration command • Used to force BGP to use the source IP address of the update as the next hop for each network it advertises to the neighbor • Rather than using the next-hop AS IP address (default).
192.168.15.0 • EBGP: The next-hop is the IP address of the neighbor that sent the update. • Router A advertises (EBGP) 192.168.15.0 to Router B, with a next hop of 172.16.1.1 • Router C advertises (EBGP) 192.168.15.0 to Router B, with a next hop of 192.168.1.1 • IBGP: The next-hop is carried into IBGP unchanged. • Router B advertises (IBGP) 192.168.15.0 to Router C, with a next hop of 172.16.1.1 • Router B uses 172.16.1.1 as the next-hop attribute to get to 192.168.15.0 and • Router C uses 172.16.1.1 as the next-hop attribute to get to 192.168.15.0 • Router C’s next hop to reach 192.168.15.0 is 172.16.1.1 not one of it’s local interfaces • Very important that Router C knows how to reach the 172.16.1.1: • IGP • Static route • Otherwise, Router C will drop packets destined for 192.168.15.0, because it will not be able to get to the next-hop address for that network. • Must either: • Advertise the next-hop network, the network between AS’s, (172.16.0.0) into the AS • Change the next-hop address to Router B’s local interface