BGP-v4 Theory and Practice

Transcription

1 BGP-v4 Theory and Practice Dr Nenad Krajnović 1 BGP-4 Border Gateway Protocol (Principles of Operation) 2 BGP-4 (Border Gateway Protocol - RFC 1771, 4271) Exchanges inter-as routing information, between two routers in the same or different AS (BGP speakers, border routers, peers). A TCP connection (port 179) must be established between peers. Upon startup, the whole (or partial routing table) is exchanged. Later, only incremental NLRI is exchanged, depending on inter- AS link states. Supports policy-based routing (policies). All routing policies, based on the hop-by-hop paradigm are supported by the BGP-4. Supports route aggregation, saving router memory and inter-as communication link bandwidth usage. Supports CIDR. 3 1

2 BGP-4 - Messages BGP-4 uses four standard types of messages: OPEN - used to negotiate neighbor parameters. UPDATE - used to exchange NLRI between the BGP speakers. NOTIFICATION - used to report errors. KEEPALIVE - used to check inter-bgp-speaker link availability. OPEN - contains: version, AS number, hold time, router ID (highest IP address on the router, or highest loopback address). NOTIFICATION - contains the error code. KEEPALIVE - sent periodically to assure availability of the link between BGP speakers, at rate less than hold timer. If hold timer expires, the BGP session is closed and the routes withdrawn. UPDATE - used to exchange NLRI. 4 BGP-4 Message header format Marker (16 octets) All bits must be set to 1. Length (2 octets) Type (1 octet) Type codes: 1 OPEN message 2 UPDATE message 3 NOTIFICATION message 4 KEEPALIVE message 5 How BGP-4 Works? Two BGP speakers, located in the same or different AS s establish a TCP connection (port 179). The BGP speakers exchange OPEN messages, to negotiate parameters. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Initially, the whole routing table is exchanged. Later, only incremental changes are being exchanged. Upon receiving an update, a BGP speaker decides whether to accept it or not and whether or not to announce it further. Data used in decision-making process are: Route to the destination already existing in the routing table (if it does exist). Routing policies, set locally by the network administration. Routing policies, set by the neighbor network administrators. Decision-making process might result in Installing a new route in the routing table Ignoring the update, but announcing it further. Total ignorance of the update, without announcing it further. 6 2

3 BGP-4 OPEN Message format Version (1) My Autonomous System (2) Opt Param Len (1) BGP-4 standard header (19 octets) Hold Time (2) BGP Identifier (4) Optional parameters (variable) 7 UPDATE Message Format Message header WL PL <- Widthdrawn route list length (2 bytes) Route 1 Route 2 Route 3 <- Path attributes list length (2 bytes) Path Attribute 1 Path Attribute 2 Path Attribute 3 NLRI route 1 NLRI route 2 NLRI route Route format: Prefix length Prefix address AS_PATH: Flags 2 #AS's AS BGP Path Attributes Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.). Used in decision-making process of a BGP process on the routers. Format: attribute type, attribute length, attribute value Well-known attributes - must be supported by all implementations: Well-known mandatory - must be present in each update (e.g. AS path) Well-known discretionary - may or may not be present in each update Optional attributes - not required by all BGP implementations: Optional transitive - the attribute must be passed to other BGP speakers. Optional non-transitive - should be ignored and not passed to others. 9 3

4 Review of BGP Path Attributes Code Attribute Name Cat. Short description 1 Origin WK-M Origin of info (IGP/EGP/incomplete) 2 AS_Path WK-M List of traversed AS numbers 3 Next_hop WK-M IP address of next hop to destination 4 Multi_exit_disc Opt-NT Advise other AS on path selection 5 Local_pref WK-D Used in path select. within a local AS 6 Atomic_aggr WK-D Used to control route aggregation 7 Aggregator Opt-T Used to control route aggregation 8 Community Opt-T Grouping of routes with same policies 10 Basic Mode of Operation /16 Path: 286 AS /16 Path: AS /16 Path: /16 Path: /16 Path: AS /16 Path: /16 Path: AS 2 Basic Routing Configurations Multi-homed AS Multiple neighbors, no transit AS 5377 Transit AS Transit AS Full transit AS 27 Stub AS Only one neighbor AS

5 Stub AS Customer AS / /18 ISP AS 27 Customer AS 6701 must be visible from the Internet. Thus, AS6701 has to announce its IP networks to AS 27. That will allow incoming traffic to 6701 to flow. The ISP AS27 must provide enough information to AS6701. Thus, they will have to announce ANY information they have. Alterately, they will announce a default route only. 13 Stub AS - a Better Approach Customer AS / /18 ISP AS 27 Announce 10.91/ /18 origin: AS27 AS numbers are a limited resource (only numbers). IANA has reserved the range for private AS s. Private AS numbers do not get included in the AS path attribute. Thus, the customer might want to use a private AS number (say, AS65500). The customer will announce their networks to the ISP (AS27). Since the private AS number is ignored, all routing information will look like it originated from AS Stub AS - the Best Solution ISP Customer / /18 AS 27 Running BGP-4 with a stub AS is not recommended at all. In the stub AS case, BGP-4 only wastes link bandwidth Recommended solution: place the customer s network in the ISP AS (AS 27). the customer will announce routes to the ISP using an IGP, or the ISP will use static routes to the customer. the customer will place a default ( /0) route to the ISP. 15 5

6 Multi-homed Non-transit AS AS 27 2 AS 5377 Task: AS12 wants to use links to AS27 and AS5377 for load balancing. AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. AS12 will announce its networks only to AS 27 and AS AS27 and AS5377 must provide full routing information they have to AS12. Full global IP routing table (has routes) is necessary for load sharing It is also possible to have partial IP routing information. Partial or full routing information must be announced by both AS27 and AS Preventing Dirty Games AS /16 Static route to / /16 AS /16 Static route to /16 Task: AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. Problem: AS27 and AS5377 may place static routes to each other and to cheat on AS12. Solution: Apply access-class class 101 in on the interfaces to both ISP s (AS27, AS5377). The access-list 101 would be of the form: access-list 101 permit ip any access-list 101 deny ip any any 17 AS 4 Transit AS AS / /16 AS /16 Transit may be full or restricted. Full transit assumes passing traffic from any AS to any other AS. Restricted transit assumes passing traffic coming from certain AS s to certain other AS s. Transit routing policies need not to be symmetrical, though it is desirable they are. Examples: Consider AS12, passing traffic between AS27 and AS5377. AS12 may want to pass traffic from AS27 to AS5377, but not in the opposite way. AS12 may want to pass traffic from AS4, coming through AS27 to AS

7 Transit AS - an Example AS 4 AS 5 AS / /16 AS /16 announce AS5377 announce AS27, AS4 Task: To AS5377, AS12 wants to provide transit service for AS27 and AS4. To AS27, AS12 wants to provide transit service for AS5377, but not for AS5. AS12 itself will use both links to AS27 and AS5377, with default to AS27. Solution: To AS5377, AS12 will announce all routes from AS27 and AS4. To AS27, AS12 will announce all routes from AS5377, but not routes from AS5. Accept anything AS27 and AS5377 announce, except default from AS5377. Accept default route from AS Basic BGP-4 Routing Configurations Review Stub AS: Standalone AS, connected to its neighbor using a single logical link. Explicitly forbidden (RFC 1930), except as a temporary solution in the initial phase of a new AS setup. If BGP is needed anyway, use a private AS number ( ) Multi-homed, non-transit AS: Customer AS X, connected to two or more different AS s. Transit from one neighbor network to another using AS X is not allowed Tranzitni AS (Transit AS): Customer AS X, connected to two or more different AS s. The customer allows partial or full transit to its neighbors. Backbone ISP s orpeate in full-transit mode, to ensure global connectivity. 20 BGP-4 Border Gateway Protocol (Setting up and Running) 21 7

8 Scope of this Section Setting up a BGP-4 connection between peer routers Passing BGP-4 information inside of the AS Injecting routing information into BGP Decision-making process BGP attributes and their usage Path Selection Criteria. 22 Establishing a BGP-4 Session AS1 AS2 AS3 BGP-4 peer routers must be directly physically connected AS1 AS2 AS3 That is not always possible: some AS s have multiple exit points some routers cannot run BGP AS1 AS3 Possible solutions: Internal BGP () External BGP (EBGP) multi-hop AS2 23 BGP basic configuration Basic commands to activate peer connection: router bgp autonomous_system_number enable BGP routing process network network_number mask network_mask define network which will be advertised neighbor neighbor_ip_address remote_as AS_number define neighbor and his AS number 24 8

9 BGP basic configuration - EBGP RTR A /24 AS RTR B /24 AS EBGP router bgp network mask neighbor remote-as router bgp network mask neighbor remote-as BGP basic configuration AS /24 router bgp neighbor remote-as BGP basic configuration Sometimes, two EBGP speakers cannot be directly connected, or we like to use IP address of the loopback interface as a next hop. In those situations, we must use multi hop option. neighbor IP_address ebgp-multihop define that neighbor is NOT directly connected neighbor IP_address update-source interface define another IP address source You must ensure visibility of other address 27 9

10 BGP basic configuration - using other IP address for peering Loopback Interface Serial /24 AS /24 AS router bgp neighbor remote-as neighbor update-source loopback 0 router bgp neighbor remote-as neighbor ebgp-multihop ip route serial 0 28 BGP basic configuration - BGP multihop EBGP Loopback Interface AS AS router bgp neighbor remote-as neighbor ebgp-multihop neighbor update-source loopback0 router bgp neighbor remote-as neighbor ebgp-multihop ip route serial0 29 Passing BGP Information Inside an AS An AS might have a single or (more often) multiple exit points. Information learnt via BGP-4 from one exit point must be passed along the AS to all other exit points. This can be done using two different approaches: Establish an internal BGP () session between border routers. Redistribute BGP information into an IGP on entry and back to BGP on exit. The first approach is better, since it preserves route attributes. The latter approach might result in complete loss of BGP attributes. Two basic rules are applied when passing BGP information out: Do not advertise a network without checking whether it is internally reachable within the AS. Do not advertise an external route, until all routers within AS don t learn it (the rule of Synchronization) 30 10

11 AS 2 External and Internal BGP (EBGP, )? AS 5377 AS 27 External BGP Peering between different AS s Internal BGP Peering inside of an AS 1 31 Another Solution - Use of an IGP (OSPF, RIPv1, RIPv2 ) AS 2 External BGP Peering between different AS s AS 27 AS 5377 External BGP BGP attributes received from AS2 are lost IGP (RIP, OSPF) Routing information exchange using IGP s 1 32 BGP Continuity Inside of an AS A C EBGP B EBGP EBGP To avoid routing loops inside the AS, BGP does not advertise routes learnt from other peers to other internal BGP peers. Router A will advertise its EBGP routes to B, but B won t pass them to C. Router C will advertise its EBGP routes to B, but B won t pass them to A. Router B will advertise its EBGP routes to A and C. Apparently, there is a need for an session between routers A and C The sessions must be fully-meshed inside an AS 33 11

12 EBGP 10.91/16 Synchronization Within an AS A B1 B2 D Router A receives update for 10.91/16, via EBGP from its neighbor. Router A passes the update to the router C, using the existing session. Router C passes the update to its neighbor, router D, using EBGP. Upon receiving update, router D can send traffic for 10.91/16 via router C. Router C receives this and passes it to router B3, which doesn t know of 10.91/16 C B /16 EBGP BGP must not advertise a route outside the AS, until the route is learnt by all routers within the AS, either statically or by IGP This default behaviour may be turned off, if needed 34 BGP basic configuration - synchronization BGP and IGP synchronization With no synchronization command you can turn off synchronization between BGP and IGP process. Synchronization is very important in situation where you have connection through router which is NOT running. 35 To: EBGP BGP basic configuration IGP AS IGP routing table: EBGP /24 AS router bgp neighbor remote-as neighbor remote-as no synchronization /24 AS WITHOUT synchronization 36 12

13 To: EBGP BGP basic configuration IGP AS IGP routing table: EBGP /24 AS router bgp neighbor remote-as neighbor remote-as /24 AS WITH synchronization 37 Injecting Routes into BGP Routes may be injected into BGP: Statically (redistribute static) Semidynamically (network command) Dynamically (from an IGP) Statically injected routes are stable, but it must be assured that the route goes down when the link goes down (interface-associated). Semidynamic method is more effective - it allows injection of a selected set of IGP routes. This method assures good stability Dynamical injection of the whole IGP routing table is not recommended, unless there is a substantial degree of control within the AS and there is a large number of network prefixes. 38 Common Injection Problems Injection of private IP addresses (RFC 1918) Injection of reserved and unallocated addresses Injection of small networks, filtered by some backbone ISP s Injection of a classful network - lack of ip classless command Best known case - network 62/8, upon startup of its exploatation. Unstable routes, route flapping Paperwork and procedural problems Injection without proper documenting in an Internet routing registry (IRR) Inconsistency between the data in the IRR and the applied routing policy Changing routing policy, without notificating ANS

14 BGP basic configuration - injecting information Information about networks can be injected via 3 different ways: with network command - this is only possibility to announce a network; network will be announced only if router know how to route this network with redistribute static routes with redistribute from some IGP protocol 40 BGP basic configuration - injecting information AS AS /24 router bgp neighbor remote-as network mask redistribute static redistribute ospf 16 ip route router ospf 16 network area 0 41 Backdoors Protocol Distance Direct 0 Static 1 EBGP 20 EIGRP (int.) 90 IGRP 100 OSPF 110 ISIS 115 RIP 120 EGP 140 EIGRP (ext.) BGP Local 200 Unknown 255 Learning of routing information from different routing protocols is very common. For example, the same route (say, 10.91/16) may be learnt via BGP (from another BGP speaker), OSPF (from a router inside of AS), static route etc. Table of precedence is given on the left - less distance, more preference. The values are changeable

15 10.1/16 A Backdoors - Example 10.1/16 EBGP 10.1/16 OSPF B AS /16 EBGP C Routers A, B and C learn about the same route (10.1/16) using EBGP sessions. However, a direct line between border routers A and C is established. If the routing information between A and C is exchanged using OSPF, then: Router B will announce 10.1/16 to C, distance value being 20. Router A will annoucne 10.1/16 to C, using OSPF, distance value being 110. Thus, route via AS2 and router B will always have a precedence. This can be changed used a network a.b.c.d backdoor command, which raises distance value to 200, placing it less preferred than OSPF. 43 Decision-making Process Updates Input policies BGP routing table IP routing table Output policies Updates The router receives a pool of routes from its peers, by BGP updates. Input policies are being performed to filter-out update messages. BGP routing table is being updated and the best route selected. The best route gets installed in the IP routing table. A set of output policies is being used to determine what routes should be advertised further, with what attributes. BGP attributes - play the most important role in the route selection process 44 BGP Path Attributes Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.). Used in decision-making process of a BGP process on the routers. Format: attribute type, attribute length, attribute value Well-known attributes - must be supported by all implementations: Well-known mandatory - must be present in each update (e.g. AS path) Well-known discretionary - may or may not be present in each update Optional attributes - not required by all BGP implementations: Optional transitive - the attribute must be passed to other BGP speakers. Optional non-transitive - should be ignored and not passed to others

16 NEXT_HOP Attribute With most IGPs, the next hop to a route is the IP address of the connected interface of the router that has announced the route. When speaking of BGP, the next hop is: EBGP - the IP address of the neighbor that announced the route. - For routes originated inside the AS - the IP address of the neighbor that announced the route. For routes outside the AS (that came via EBGP) - the next hop is carried unaltered (IP address of the external neighbor). On multiaccess media - the IP address of the interface connected to the media. 46 A NEXT_HOP - Example B /24 C D /24 Router C runs an EBGP session with router D and learns the route /24. Since this is an EBGP-learnt route, the next hop will be (neighbor D interface) Router A runs an session with router C and learns the route /24. Since this is an -learnt route, locally originated, the next hop will be Router A also learns the route the route /24 from the router C. Since this is an -learnt route, externally originated, the next hop will be NEXT_HOP and Multi-access Media /24 A OSPF EBGP Router C learns the route to /24 from router A, using OSPF. Router B runs an EBGP session with router C and learns the route /24. Question: What is the next hop to /24? Router C? Answer: Nope Router A ( ). B C On multi-access media (Ethernet, FDDI etc.) a router should advertise the actual source of the route as the next hop, if the source is on the same multi-access media as the router 48 16

17 NEXT_HOP and NBMA (FR, ATM) B A Frame Relay Network C /24 Router B learns the route to the network /24 from C by OSPF. If nothing specified, router B will advertise /24 to A by BGP, placing the address of router C ( ) as the next hop. Routers A and C are not directly connected by a PVC and this will fail. Solution: the router B should always install itself as the next hop for routes learnt from the router C. This is done by using next-hop-self parameter in the neighbor command. 49 BGP basic configuration - next hop attribute Next hop attribute is defining next hop interface to reach IP address (network). In BGP, next hop attribute is taking 3 different values: EBGP - the next hop is the IP address of the neighbor that announced the route - for routes originated inside the AS, the next hop is the IP address of the neighbor that announced the route - for routes injected into the AS via EBGP, the next hop is the IP address of the EBGP neighbor from which the route was learned when the route is advertised on a multiaccess media, the next hop is the IP address of interface of router, connected to that media, that originated the route 50 BGP basic configuration - next hop attribute Next hop attribute Inside an AS, in some situation it is necessary to modify value of next hop attribute. This is very important attribute for network reachability, especially if we redistribute BGP information in IGP protocol. Next hop attribute can be modified with: neighbor {ip-address peer-group-name} next-hop-self 51 17

18 BGP basic configuration - next hop attribute AS AS EBGP Serial /24 router bgp neighbor remote-as neighbor remote-as no synchronization with default next hop attribute value routing table: dest. next hop / /24 Serial /24????? 52 BGP basic configuration - next hop attribute AS AS EBGP Serial /24 router bgp neighbor remote-as neighbor remote-as neighbor next-hop-self no synchronization routing table: dest. next hop / /24 Serial 0 with modified next hop attribute value 53 AS_Path Attribute Sequence of AS numbers a route has traversed to reach a destination The AS originating the route adds its own AS number and forwards the update further. Each AS, receiving the update add (prepend) its own AS number at the beginning of the sequence and forwards the update further. At the end, each route will contain the sequence of AS numbers the update message has traversed. The shortest AS path is preferred To prevent routing loops, if an AS finds itself prior in the AS sequence (which means that update traversed it once) - it will discard the update and stop forwarding it further. When traversing through the same AS (), AS_Path is left untouched

19 AS_Path - Example /16 Path: 286 AS /16 Path: AS /16 Path: /16 Path: /16 Path: AS /16 Path: /16 Path: AS_Path Prepending / AS / / AS / From AS12, there are two paths to AS300. Path is better. However, the administrator might want to prefer the other path. There are many ways to do so, of which AS number prepending is the most simple one. 56 AS_Path Prepending / AS / / AS / When an update wants to leave the AS, AS number is prepended. That number might be prepended multiple times. For example, let s prepend AS300 three times ( ). Now, instead of , at AS12 we have Automatically, the other path ( ) will be shorter

20 Local Preference Attribute Degree of preference given to a route to compare it with other routes for the same destination. The highest local preference is preferred This attribute is defined locally in the AS. This attribute is valid for all BGP speakers within the same AS. It is being exchanged normally via, but not via EBGP. Used to set the exit point from the AS for a certain destination. It affects outgoing traffic from the AS only. Incoming traffic will still have a possibility to reach from an arbitary AS entry/exit point (unless AS path prepending or similar technique is not applied). Cisco Systems have defined a similar attribute, but valid for the local BGP speaker only - not exchanged even with other speakers in the same AS. It s called WEIGHT attribute. 58 A B 2 Local preference - Example /16 Local pref = / / /16 Local pref = 300 ISP A 00 ISP B 00 N A P AS /16 Both AS200 and AS300 offer the route 10.91/16. However, the path to AS300 may be preferred (higher bandwidth). The administrator of the router A sets local_pref 200 for that route. The administrator of the router B sets local_pref 300 for that route. A and B exchange local_pref attributes and agree on preference. Incoming traffic may go via either link - local_pref doesn t have any impact on it 59 BGP basic configuration - attributes Local preference attribute can be modified through route map with: set local-preference value or with bgp default local-preference value Local preference attribute is part of the routing update and is exchanged among routers in the same AS

21 BGP basic configuration - local preference attribute AS 6 AS / router bgp 3 neighbor remote-as 6 neighbor remote-as 3 bgp default local-preference router# show ip bgp BGP table version 9, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete router bgp 3 neighbor remote-as 5 neighbor remote-as 3 bgp default local-preference 150 Network Next Hop Metric LocPrf Weight Path * / i *> / i 61 BGP basic configuration - local preference attribute AS 6 AS / router bgp 3 neighbor remote-as 3 neighbor remote-as neighbor route-map SD in ip as-path 7 permit ^6?[0-9]*$ route-map SD permit match as-path 7 set local-preference 300 route-map SD permit 20 router# show ip bgp BGP table version 9, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * / i *> / i Formati za regular expression Function Examples. Matches any single character. 0.0 matches 0x0 and 020 t..t matches strings such as test, text, and tart \ Matches the character following the backslash. Also matches (escapes) special characters. [ ] Matches the characters or a range of characters separated by a hyphen, within left and right square brackets. 172\.1\.. matches but not \. allows a period to be matched as a period [02468a-z] matches 0, 4, and w, but not 1, 9, or K ^ Matches the character or null string at the beginning of an input string. ^123 matches 1234, but not 01234? Matches zero or one occurrence of the pattern. (Precede the question mark with Ctrl-V sequence to prevent it from being interpreted as a help command.) ba?b matches bb and bab $ Matches the character or null string at the end of an input string. 123$ matches 0123, but not 1234 * Matches zero or more sequences of the character preceding the asterisk. Also acts as a wildcard for matching any number of characters. 5* matches any occurrence of the number 5 including none 18\..* matches the characters 18. and any characters that follow Matches one or more sequences of the character preceding the plus sign. 8+ requires there to be at least one number 8 in the string to be matched () Nest characters for matching. Separate endpoints of a range with a dash [ (-). ] (17)* matches any number of the two-character string 17 ([A-Za-z][0-9])+ matches one or more instances of letterdigit pairs: b8 and W4, as examples Concatenates constructs. Matches one of the characters or character patterns on either side of the vertical bar. A(B C)D matches ABD and ACD, but not AD, ABCD, ABBD, or ACCD _ Replaces a long regular expression list by matching a comma (,), left brace ({), right brace (}), the beginning of the input string, the end of the input string, or a space. The characters _1300_ can match any of the following strings: ^1300$,1300, ^1300space {1300} space1300 {1300, 63 21

22 BGP basic configuration - local-preference attribute AS AS EBGP Serial /24 router bgp neighbor remote-as neighbor remote-as bgp default local-preference 200 BGP table: dest. local preference / Multi-exit Discriminator (MED) Hint to external neighbors about the preferred path into an AS with multiple exit points. The lowest MED is preferred Exchanged between AS s. Not transitive - once it enters an AS it doesn t get transmitted in the further updates to other neighbors When the route is originated by the AS itself, MED for it follows its IGP metric, which is useful for multiple connections to the same ISP. At the same time, MED s reflect the internal topology of an AS. Only MED s for paths from the same neighbor AS are compared. This behaviour may be changed by using always-compare-med. 65 A MED=120 AS10 C MED - Example MED=50 AS500 B AS20 D 10.91/16 Routers C and D (AS500), as well as router B (AS20) offer the route to 10.91/16. Normally, router A will compare MED s from routers C and D (AS500 only). The router A will chose MED=120 and, therefore, the route via the router C. If always-compare-med is used, it will also take into account router B MED. In that case the router A will chose MED=50 and, thus, the route via the router B

23 ORIGIN Attribute Indicates the origin of the routing update, with respect to the AS that originated it. BGP considers three types of origins: IGP - the NLRI at the originating AS is learnt by an IGP and was advertised with a network router configuration command EGP - the NLRI is on the origin learnt by the EGP protocol INCOMPLETE - NLRI is learnt by some other means (e.g. redistribute static) Each type of origin is associated a number: IGP=0, EGP=1, INCOMPLETE=2. The lowest ORIGIN value is preferred 67 Community Attribute Group of destination, sharing some common property. Communities have no physical boundaries - they are not restricted to a network or an AS A group of IP networks and/or AS s may form a community, for which separate routing policies may be set. Community is a transitive attributes (passed to other AS s). Well-known communities with global meaning (reserved values); From 0x to 0x0000FFFF and from 0xFFFF0000 to 0xFFFFFFFF. NO_ADVERTISE (0xFFFFFF02) - route in this community - not to be adv. Usually, first two bytes are AS number and last is community in AS. Example: in AS256, good choice is to use 256:1 (0x ) A route may have multiple community attributes. A BGP speaker may follow one, some or all community attributes in the route. 68 AS55 London office Community Attribute - Example Internet ISP ISP Bahrain office AS6505 AS6711 Muscat office Regional multi-homed ISP s (AS6505, AS6711), connect two single-homed branch offices (Bahrain, Muscat). The ISP s announce their routes to their peers, using community attribute: 55:22. London office is multi-homed (AS55) - we may decide to: Use one link for general Internet traffic (but not for traffic to our offices). Use another link for the traffic to our offices only Solution: set the router in the London office to: Accept all routes with community set to 55:22 on the interface Serial0. Accept any other route on the interface Serial

24 NO_EXPORT Community - Example AS / / / /24 Bahrain NO_EXPORT Muscat NO_EXPORT AS /20 N A P A customer AS100 with two offices, connected to a WAN is multi-homed. The customer has two links - each one near one of the offices. Both links are capable of routing the whole traffic, however this is not efficient. On the other hand, if we let Bahrain and Muscat offices to announce all more specific routes, they will be propagated to the NAP. Solution: set NO_EXPORT community to all routes from AS100 to AS200. Advertise only the aggregated route to the NAP. 70 BGP Path Selection Criteria BGP bases its decision on path selection on the attribute values. When multiple routes to a same destination exist, the following sequence of operations is being performed: If the next hop is inaccessible, the route is ignored. Prefer the path with the largest WEIGHT parameter. If the weights are same, prefer the route with the largest local preference. If the local pref s are same, prefer the routes with the shortest AS paths. If AS path length is the same, prefer the route with the loweset ORIGIN. If origins are the same, prefer the route with the lowest MED. If the routes have the same MED, prefer EBGP-learnt over -learnt. If that fails too, try to find the route with the shortest path to its next hop. If nothing other helps, the router with lower router ID will be preferred 71 BGP-4 Basic Routing Policies 72 24

25 Objectives Redundancy Building stability by providing alternate default routes in the case of link failure. How to do it? Symmetry Configuring routes in such manner that certain traffic enters and exits an AS at the same point. Load balancing Capability to divide traffic optimally over multiple links. Typical scenarios Controlling inbound and outbound traffic when multihoming to single and different ISP s. 73 Redundancy Redundancy - possibility to use a backup link to the global network if the main link fails. Redundancy is one of the major goals of BGP. The most simple technique to achieve redundancy is to introduce multiple default routes inside the AS. Default route /0 - is the least specific route in the router forwarding table, that is used if more specific route for a destination does not exist (Cisco term: gateway of last resort). Default route can be learnt: Dynamically, via BGP or some IGP. Statically - manually entered by the operator - it can point to a next hop IP address, specific router interface or a remote IP network. 74 Dynamically Learnt Default Routes set local-pref 100 set local-pref 50 AS EBGP EBGP Primary AS2 Backup To achieve redundancy, default routes from multiple sources will be received. One route will always be primary, while other will be backup. Using local preference, we can always prefer one route over the other

26 AS1 Statically Set Default Routes Serial0 Default route pointing to the next hop AS /18 AS /16 AS /16 N A P Default route pointing to a router interface Default route pointing to a remote IP network 76 Usage of Static Default Routes set local-pref 100 set local-pref 50 AS1 0/ / /16 0/0 Primary AS2 Backup The customer sets a separate default route to AS2 on each router. Each static route will point to the remote IP network 38.2 /16. Using local preference, the customer can always prefer one route over the other. 77 following defaults inside an AS Border routers HAVE physical connection. NAP AS / AS IGP RTG IGP

27 following defaults inside an AS NAP AS / AS IGP RTG IGP Routing policies RTG is an interior router in AS3 that is running an OSPF; RTG is following the default route 0/0 to reach networks outside AS3 AS3 is multihomed to two different providers. 79 following defaults inside an AS router ospf 16 passive-interface Serial0 network area 0 default-information originate always router bgp 3 no synchronization network mask network mask network mask neighbor remote-as 1 neighbor filter-list 10 out neighbor remote-as 3 no auto-summary ip as-path access-list 10 permit ^$ NAP AS / AS IGP RTG IGP following defaults inside an AS NAP /16 AS AS IGP RTG IGP router ospf 16 passive-interface Serial0 network area 0 default-information originate always router bgp 3 no synchronization network mask network mask neighbor remote-as 1 neighbor next-hop-self neighbor remote-as 2 neighbor filter-list 10 out no auto-summary ip as-path access-list 10 permit ^$ router ospf 16 network area

28 Border routers DON T HAVE physical connection. following defaults inside an AS NAP /16 AS AS IGP RTG IGP following defaults inside an AS router ospf 16 passive-interface Serial0 network area 0 default-information originate route-map send_default router bgp 3 no synchronization network mask network mask neighbor remote-as 1 neighbor filter-list 10 out neighbor remote-as 3 neighbor route-map setlocalpref in no auto-summary ip as-path access-list 10 permit ^$ access-list 1 permit access-list 2 permit route-map setlocalpref permit 10 set local-preference route-map send_default permit 10 match ip address match ip next-hop 2 IGP NAP AS RTG / IGP AS 2 following defaults inside an AS IGP NAP AS 7 RTG / IGP router ospf 16 network area 0 AS 2 router ospf 16 passive-interface Serial0 network area 0 default-information originate route-map send_default router bgp 3 no synchronization network mask neighbor remote-as 3 neighbor net-hop-self neighbor remote-as 2 neighbor filter-list 10 out no auto-summary ip as-path access-list 10 permit ^$ access-list 1 permit access-list 2 permit route-map send_default permit 10 match ip address 1 match ip next-hop

29 Symmetry Symmetry: traffic leaving the AS from an exit point comes back through the same point. In multi-homed environment symmetry is hardly achievable. In some configurations asymmetry is preferred: Satellite ISP Customer network 85 Load Balancing Capability to divide data traffic over multiple connections. Load balancing does not mean equal distribution of the load. Perfectly equal load distribution is rarely achievable. Load balancing might be done on: Outbound traffic ISP A Inbound traffic ISP A Customer ISP B Customer ISP B ISP C ISP C 86 Outbound Traffic Load Balancing ISP A Customer ISP B ISP C Outbound traffic load balancing mostly depends on what we ll receive from our peers. By applying appropriate attributes and route filters we can the effect of their updates. Outbound traffic will depend on the results of decision-making process of our router

30 Inbound Traffic Load Balancing ISP A Customer ISP B ISP C Inbound traffic mostly depends on what we ll announce to our peers. What we announce is what traffic we ll get For example, we may decide to announce 10.1/16 to ISP A, 10.2/16 to ISP B and 10.3/16 to ISP C. Traffic to 10.1/16 will flow from the link to ISP A, traffic to 10.2/16 from ISP B and traffic to 10.3/16 from ISP C. 88 load balancing over multiple links Loopback Interface /24 AS Loopback Interface /24 AS We like to load balance over all tree links between AS and AS load balancing over multiple links Loopback Interface / AS Loopback Interface /24 AS interface ethernet 0 ip address interface serial 0 ip address interface serial 1 ip address interface serial 2 ip address Interface loopback 0 ip address router bgp network mask neighbor remote-as neighbor ebgp-multihop neighbor update-source loopback 0 no auto-summary ip route ip route ip route

31 load balancing over multiple links Loopback Interface interface ethernet 0 ip address /24 interface serial 0 ip address AS interface serial 1 ip address interface serial 2 ip address Interface loopback 0 ip address router bgp network mask neighbor remote-as neighbor ebgp-multihop neighbor update-source loopback 0 no auto-summary ip route ip route ip route Loopback Interface /24 AS Basic Topology Scenarios Cases: One customer, multihoming to a single ISP. One customer, multihoming to different ISP s. Two customers of the same ISP, with a mutual backup link. Configurations: Minimal configuration - default routes only. Primary/backup configuration. Routing with partial BGP routing table ( customer routes ). Routing with full BGP routing table (cca routes). 92 Customer oubound traffic: The customer sets two separate default routes to AS2 on its router. One default will be preferred, using local preference. One default will be primary, other one backup. Multihoming to a Single ISP Default Only, Primary/Backup A B ISP AS2 Customer AS1 The user may want to apply different MED s when advertising routes. Customer inbound traffic: Customer announces its IP networks to the ISP AS2. If nothing applied by the customer, traffic will flow according to the distance between destination and POP

32 ISP Multihoming to a Single ISP Default Only, Primary/Backup + Partial Routing Outbound: prefer link via A to reach C1 and C2, link B for others. Inbound: prefer link via A to reach X, Y; link via B to reach Z. Default route: link to the location B is primary, with backup to A. C1 A MED X, Y: 200 other: 300 A C2 Local_pref: C1, C2: 300 other: 200 C3 MED Z: 200 other: 250 B B C4 Local_pref: C3, C4: 300 other: 250 AS2 AS1 X Y Z 94 multihomed to a single provider - default only, one primary and one backup link /24 E E S S S /24 E E S0 AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP. Outbound traffic from AS30 should always go on the link unless that link fails, in which case it should switch to the other link. Inbound traffic toward AS30 should always come on the link unless that link fails, in which case is should switch to the other link. Prevent any BGP updates from coming into AS S /24 E S /24 E0 multihomed to a single provider - default only, one primary and one backup link E S E S0 router bgp 30 network mask neighbor remote-as 10 neighbor route-map BLOCK in neighbor route-map SETMETRIC1 out neighbor remote-as 10 neighbor route-map BLOCK in neighbor route-map SETMETRIC2 out no auto-summary ip route ip route route-map SETMETRIC1 permit 10 set metric 100 route-map SETMETRIC2 permit 10 set metric 50 route-map BLOCK deny

33 S1 0 multihomed to a single provider - default only, one primary and one backup link /24 E S S /24 E E0 0 router# show ip route E S0 router# show ip bgp BGP table version 11, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i / i * i *> / i Gateway of last resort is to network is subnetted, 2 subnets C is directly connected, Serial 0 C is directly connected, Serial 1 C is directly connected, Ethernet0 S* [40/0] via multihomed to a single provider - default, primary and backup plus partial routing /16 AS S E E L E NAP AS /16 multihomed to a single provider - default, primary and backup plus partial routing AS NAP AS S E E L E Routing policies AS3 will only accept AS1 s local routes and its customers routes such as AS6. AS3 will also accept one route from the Internet to set its default toward the provider AS1. For all outbound traffic toward AS1 and AS6 (the partial routes), AS3 should use the link. In case of failure, the other link is used. For all other outbound traffic toward the Internet, AS3 should use the link as the primary link by following a default route. In case of failure, the default via other link should be used. For inbound traffic, AS3 will instruct AS1 to use the link for /24. For all other inbound traffic, the link is the primary

34 AS S E E L0 multihomed to a single provider - default, primary and backup plus partial routing router bgp /16 no sunchronization network mask NAP network mask AS 7 network mask network mask neighbor remote-as neighbor update-source loopback0 neighbor next-hop-self neighbor remote-as 1 neighbor route-map SET_OUTBOUND_TRAFFIC in neighbor route-map SET_INBOUND_TRAFFIC out E1 neighbor filter-list 10 out no auto-summary ip route ip as-path access-list 10 permit ^$ ip as-path access-list 4 permit ^1 6$ ip as-path access-list 4 permit ^1$ access-list 2 permit access-list 101 permit ip route-map SET_OUTBOUND_TRAFFIC permit 10 match ip address 101 set local-preference 200 route-map SET_OUTBOUND_TRAFFIC permit 20 match as-path 4 set local-preference 300 route-map SET_INBOUND_TRAFFIC permit 10 match ip address 2 set local-preference 200 route-map SET_INBOUND_TRAFFIC permit 20 set metric multihomed to a single provider - default, primary and backup plus partial routing /16 AS 6 NAP S E E E L router bgp 3 no sunchronization network mask AS 7 network mask network mask network mask neighbor remote-as 3 neighbor next-hop-self neighbor remote-as 1 neighbor route-map SET_OUTBOUND_TRAFFIC in neighbor route-map SET_INBOUND_TRAFFIC out neighbor filter-list 10 out no auto-summary ip route ip as-path access-list 10 permit ^$ ip as-path access-list 4 permit ^1 6$ ip as-path access-list ^1?[0-9]*$ ip as_path access-list 4 permit ^1$ access-list 101 permit ip route-map SET_OUTBOUND_TRAFFIC permit 10 match ip address 101 set local-preference 250 route-map SET_OUTBOUND_TRAFFIC permit 20 match as-path 4 set local-preference 250 route-map SET_INBOUND_TRAFFIC permit 10 set metric multihomed to a single provider - automatic load balancing AS AS1 will load balancing traffic over two links between AS1 and AS S RTA L E