1.4k likes | 1.73k Views
Border Gateway Protocol (BGP4). AFNOG 2001. Border Gateway Protocol (BGP). Review: Routing/Forwarding basics Building blocks Exercises BGP protocol basics Exercises BGP path attributes Best path computation Exercises. Border Gateway Protocol (BGP). Typical BGP topologies
E N D
Border Gateway Protocol (BGP4) AFNOG 2001
Border Gateway Protocol (BGP) • Review: Routing/Forwarding basics • Building blocks • Exercises • BGP protocol basics • Exercises • BGP path attributes • Best path computation • Exercises
Border Gateway Protocol (BGP)... • Typical BGP topologies • Routing Policy • Exercises • Redundancy/Load sharing • Best current practices
IP routing • Each router or host makes its own routing decisions • Sending machine does not have to determine the entire path to the destination • Sending machine just determines the next-hop along the path. • This process is repeated until the destination is reached • Forwarding table consulted to determine the next-hop
IP routing • Classless routing • route entries include • destination • next-hop • mask (prefix-length) indicating size of address space described by the entry • Longest match • for a given destination, find longest prefix match in the routing table • example: destination is 35.35.66.42 • routing table entries are 35.0.0.0/8, 35.35.64.0/19 and 0.0.0.0/0
IP routing • Default route • where to send packets if don’t have an entry for the destination in the routing table • most machines have a single default route • often referred to as a default gateway
Packet: Destination IP address: 10.1.1.1 R1 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 30/8 -> R6 ….. R2’s IP routing table IP route lookup:Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16
Packet: Destination IP address: 10.1.1.1 R1 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. R2’s IP routing table IP route lookup: Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16 10.1.1.1 & FF.0.0.0 is equal to 10.0.0.0 & FF.0.0.0 Match!
Packet: Destination IP address: 10.1.1.1 R1 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. R2’s IP routing table IP route lookup: Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16 10.1.1.1 & FF.FF.0.0 is equal to 10.1.0.0 & FF.FF.0.0 Match as well!
Packet: Destination IP address: 10.1.1.1 R1 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. R2’s IP routing table IP route lookup: Longest match routing R3 All 10/8 except 10.1/16 R4 R2 10.1/16 10.1.1.1 & FF.0.0.0 is equal to 20.0.0.0 & FF.0.0.0 Does not match!
R1 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 ….. R2’s IP routing table IP route lookup: Longest match routing R3 All 10/8 except 10.1/16 Packet: Destination IP address: 10.1.1.1 R4 R2 10.1/16 Longest match, 16 bit netmask
IP route lookup: Longest match routing • More specific/longest match always wins!! • Default route is 0.0.0.0/0 • Can handle it using the normal longest match algorithm • Matches everything. Always the shortest match.
Dynamic Routing • routers compute routing tables dynamically based on information provided by other routers in the network • routers communicate topology to each other via different protocols • routers then compute one or more next hops for each destination - trying to calculate the most optimal path
Forwarding Table/FIB • Forwarding table determines how packets are sent through the router • Made from routing table built by routing protocols • Best routes from routing tables are installed • Performs the lookup to find next-hop and outgoing interface • Switches the packet with new encapsulation as per the outgoing interface
Building Blocks • Autonomous System (AS) • Types of Routes • IGP/EGP • DMZ • Policy • Egress • Ingress
Autonomous System (AS) • Collection of networks with same policy • Single routing protocol • Usually under single administrative control • IGP to provide internal connectivity AS 100
Autonomous System(AS)... • Identified by ‘AS number’ • Public & Private AS numbers • Examples: • Service provider • Multi-homed customers • Anyone needing policy discrimination
Routing flow and packet flow packet flow egress announce accept AS2 AS 1 Routingflow announce accept ingress For networks in AS1 and AS2 to communicate: AS1 must announce routes to AS2 AS2 must accept routes from AS1 AS2 must announce routes to AS1 AS1 must accept routes from AS2 packet flow
Egress Traffic • Packets exiting the network • Based on • Route availability (what others send you) • Route acceptance (what you accept from others) • Policy and tuning (what you do with routes from others) • Peering and transit agreements
Ingress Traffic • Packets entering your network • Ingress traffic depends on: • What information you send and to who • Based on your addressing and ASes • Based on others’ policy (what they accept from you and what they do with it)
Types of Routes • Static Routes • configured manually • Connected Routes • created automatically when an interface is ‘up’ • Interior Routes • Routes within an AS • learned via IGP • Exterior Routes • Routes exterior to AS • learned via EGP
What is Policy? • Use your policy to control how you accept and send routing updates to neighbors • prefer cheaper connections, load-sharing, etc. • Accepting routes from some ISPs and not others • Sending some routes to some ISPs and not others • Preferring routes from some ISPs over others
Why Do We Need an EGP? • Scaling to large network • Hierarchy • Limit scope of failure • Define administrative boundary • Policy • Control reachability to prefixes
Interior (IGP) Automatic discovery Generally trust your IGP routers Routes go to all IGP routers Exterior (EGP) Specifically configured peers Connecting with outside networks Set administrative boundaries Interior vs. Exterior Routing Protocols
Other ISP’s BGP4 / OSPF BGP4 BGP4/Static Local NAP FDDI Customers Hierarchy of Routing Protocols BGP4
Demilitarized Zone (DMZ) • Shared network between ASes A C DMZ Network AS 100 AS 101 B D E AS 102
Addressing - ISP • Need to reserve address space for its network. • Need to allocate address blocks to its customers. • Need to take “growth” into consideration • Upstream link address is allocated by upstream provider
BGP Basics • Protocol Basics • Terminology • Messages • General Operation • Peering relationships (EBGP/IBGP) • Originating routes
Protocol Basics Peering • Routing protocol used between ASes • if you aren’t connected to multiple ASes, you don’t need BGP :) • Runs over TCP A C AS 100 AS 101 B D E AS 102
Protocol Basics • Incremental updates • Path Vector protocol • keeps track of the AS path of routing information • Many options for policy enforcement
Terminology • Neighbor • Configured BGP peer • NLRI/Prefix • NLRI - network layer reachability information • Reachability information for a IP address & mask • Router-ID • Highest IP address configured on the router • Route/Path • NLRI advertised by a neighbor
Terminology • Transit - carrying network traffic across a network, usually for a fee • Peering - exchanging routing information and traffic • your customers and your peers customers network information only • Default - where to send traffic when there is no explicit route in the routing table
BGP Basics ... • Each AS originates a set of NLRI • NLRI is exchanged between BGP peers • Can have multiple paths for a given prefix • Picks the best path and installs in the IP forwarding table • Policies applied (through attributes) influences BGP path selection
A C B D E eBGP TCP/IP Peer Connection BGP Peers AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP speakers are called peers AS 102 Peers in different AS’sare called External Peers 220.220.32.0/24 Note: eBGP Peers normally should be directly connected.
B D E iBGP TCP/IP Peer Connection BGP Peers A C AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP speakers are called peers AS 102 Peers in the same ASare called Internal Peers 220.220.32.0/24 Note: iBGP Peers don’t have to be directly connected.
B D E BGP Update Messages BGP Peers A C AS 101 AS 100 220.220.16.0/24 220.220.8.0/24 BGP Peers exchange Update messages containing Network Layer Reachability Information (NLRI) AS 102 220.220.32.0/24
eBGP TCP Connection B A C D interface Serial 0 ip address 222.222.10.2 255.255.255.252 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101 interface Serial 0 ip address 222.222.10.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 222.222.10.2 remote-as 100 Configuring BGP Peers AS 101 AS 100 222.222.10.0/30 220.220.8.0/24 220.220.16.0/24 .2 .1 .2 .1 .2 .1 • BGP Peering sessions are established using the BGP “neighbor” configuration command • External (eBGP) is configured when AS numbers are different
iBGP TCP Connection B A D C interface Serial 1 ip address 222.220.16.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.2 remote-as 101 interface Serial 1 ip address 220.220.16.2 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.1 remote-as 101 Configuring BGP Peers AS 101 AS 100 222.222.10.0/30 220.220.8.0/24 220.220.16.0/24 .2 .1 .2 .1 .2 .1 • BGP Peering sessions are established using the BGP “neighbor” configuration command • External (eBGP) is configured when AS numbers are different • Internal (iBGP) is configured when AS numbers are same
B A C iBGP TCP/IP Peer Connection Configuring BGP Peers AS 100 • Each iBGP speaker must peer with every other iBGP speaker in the AS
215.10.7.2 215.10.7.1 B A 215.10.7.3 C iBGP TCP/IP Peer Connection Configuring BGP Peers AS 100 • Loopback interface are normally used aspeer connection end-points
215.10.7.2 215.10.7.1 B A 215.10.7.3 interface loopback 0 ip address 215.10.7.1 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7.3 update-source loopback0 C iBGP TCP/IP Peer Connection Configuring BGP Peers AS 100 A
215.10.7.2 215.10.7.1 B A 215.10.7.3 interface loopback 0 ip address 215.10.7.2 255.255.255.255 router bgp 100 network 220.220.5.0 neighbor 215.10.7.1 remote-as 100 neighbor 215.10.7.1 update-source loopback0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7.3 update-source loopback0 C iBGP TCP/IP Peer Connection Configuring BGP Peers AS 100 A
215.10.7.2 215.10.7.1 B A 215.10.7.3 C interface loopback 0 ip address 215.10.7.3 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.1 remote-as 100 neighbor 215.10.7.1 update-source loopback0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback0 iBGP TCP/IP Peer Connection Configuring BGP Peers AS 100 A
A BGP update is used to advertise a single feasible route to a peer, or to withdraw multiple unfeasible routes Each update message contains attributes, like origin, AS-Path, Next-Hop, ……. BGP Update Messages The BGP UPDATE Message Length (I Octet) Prefix (Variable) Unfeasible Routes Length (2 Octets) Withdrawn Routes (Variable) Attribute Type Total path Attribute Length (2 Octets) Attribute Length Path Attributes (Variable) Attribute Value Network Layer Reachability Information (Variable) Length (I Octet) Prefix (Variable)
BGP Updates — NLRI • Network Layer Reachability Information • Used to advertise feasible routes • Composed of: • Network Prefix • Mask Length
BGP Updates — Attributes • Used to convey information associated with NLRI • AS path • Next hop • Local preference • Multi-Exit Discriminator (MED) • Community • Origin • Aggregator
Sequence of ASes a route has traversed Loop detection Apply policy AS-Path Attribute AS 200 AS 100 170.10.0.0/16 180.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 AS 300 AS 400 150.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 150.10.0.0/16 300 400 AS 500
A C B D E Network Next-Hop Path 160.10.0.0/16 192.20.2.1 100 BGP Update Messages Next Hop Attribute AS 300 AS 200 140.10.0.0/16 192.10.1.0/30 150.10.0.0/16 .1 .2 .2 192.20.2.0/30 .1 • Next hop to reach a network • Usually a local network is the next hop in eBGP session AS 100 160.10.0.0/16