Deployment and Analysis of BGP

Transcription

1 Deployment and Analysis of BGP Session 2 Copyright Printed in USA.

2 Agenda Intro/Basics Attributes Route Reflectors Aggregation Dampening 3 Prerequisites Good understanding of IP Basic knowledge of IGP routing protocols 4 Copyright Printed in USA.

3 Intro/Basics 5 BGP Basics Peering ISP A A B C D ISP B Enterprise A F G Customer E ISP C 100,000 Routes Many Autonomous Companies Can a Single IGP Do This? 6 Copyright Printed in USA.

4 Reasons for Using BGP 1. You need to scale your IGP 2. You re multihomed and need to implement routing policy 3. You need to transit full Internet routes 7 Interior vs. Exterior Routing Interior Automatic discovery Generally trust your IGP routers Routes go to all IGP routers Exterior Specifically configured peers Connecting with outside networks Set administrative boundaries 8 Copyright Printed in USA.

5 Why Do We Need an EGP? Scaling a large network Divide and Conquer Hierarchy Periodic IGPs/flooding Isolate network instability Complex policies Control reachability to prefixes Merge separate organizations Connect multiple IGPs 9 Concept of Autonomous System A network(s) sharing the same routing policy Possibly multiple IGPs Usually under single administrative control Contiguous internal connectivity Numbering range form 1 to 65,535 Globally unique AS Number Private range: Copyright Printed in USA.

6 IGP of Each AS Is Hidden Peering A C AS 100 AS 101 B D E AS Reasons for Using BGP 1. You need to scale your IGP 2. You re multihomed and need to implement routing policy 3. You need to transit full Internet routes 12 Copyright Printed in USA.

7 Stub Network No need for BGP ISP advertises the stub network Policy confined within ISP policy Default to the border 13 Stub Network B AS 101 (ISP) A AS 100 Don t Need BGP UNLESS You Want to Control Which Link Is Used for Which Traffic 14 Copyright Printed in USA.

8 Multihomed Network Many situations possible Multiple links to same ISP Without BGP Secondary for only backup Without BGP Loadshare between primary and secondary Without BGP Selectively use different ISPs Need BGP 15 Multihomed Network AS 100 A D AS 300 B C AS 200 Can Still Use Default, UNLESS You Want to Selectively Use Either ISP for Optimal Performance 16 Copyright Printed in USA.

9 Multiple Links to the Same ISP I Can still use default for outbound routing ISP For inbound routing: Option 1: ISP can use floating statics, or IGP to learn your routes and loadshare Option 2: Can use BGP to loadshare AS Multiple Links to the Same ISP II Simplest scheme is to use two defaults D ISP F Watershed effect Again, can use statics/igp at borders, OR use BGP A B AS Copyright Printed in USA.

10 Multiple Links to the Same ISP III ISP Again, can just use two equal cost defaults to reach ISP! Statics/IGP OR BGP to advertise your routes to ISP D F A AS Why Use BGP for Multihoming? Tier 1 ISP AS 4 Tier 1 ISP AS 5 AS 6 Tier 2 ISP AS 2 D E Tier 1 ISP AS 3 A AS 1 B Allows Per-Prefix Selection of Exit Paths C 20 Copyright Printed in USA.

11 Reasons for Using BGP You need to scale your IGP You re multihomed and need to implement routing policy You need to transit full Internet routes 21 You Need to Transit Internet Routes (i.e., You Are an ISP) Rest of the Internet AS 100 A B AS 200 C D AS 300 Your Network Full Internet Routes Your Multihomed Customer) 22 Copyright Printed in USA.

12 Basic to Basics Peering A C AS 100 AS 101 B D Runs over TCP Port 179 Path vector protocol Incremental updates Internal and External BGP E AS General Operation Learns multiple paths via internal and external BGP speakers Picks the most preferred path, installs it in the IP forwarding table, forwards to BGP neighbors Policies applied by influencing the bestpath selection 24 Copyright Printed in USA.

13 Summary of Operation TCP connection established (port 179) Both peers attempt to connect There is an algorithm to resolve connection collisions Exchange messages to open and confirm the connection parameters Initial exchange of entire table Incremental updates after initial exchange Keepalive messages exchanged when there are no updates 25 What Are Incremental Updates? IGPs typically rebroadcast routes BGP runs over TCP => reliable date delivery Once BGP sends a route to a peer, it assumes the peer will keep it unless: A replacement route is sent Implicit withdraw of old route The route is withdrawn Explicit withdraw The BGP session goes down (keepalive failure) 26 Copyright Printed in USA.

14 BGP Sessions TCP Port 179, Four Basic Message Types 1. OPEN MESSAGE Exchange AS, router ID, holdtime Capability negotiation 2. NOTIFICATION Example: peer in wrong AS 3. KEEPALIVE When no updates 4. UPDATES (incremental) 27 External BGP Between BGP speakers in different AS Usually directly connected Usually sets next-hop to self Router A router bgp 1 neighbor remote-as 2 Router B router bgp 2 neighbor remote-as AS 2.1 B neighbor route-map X {in out}. route-map X permit 10 {set match} <attribute> A AS 1 28 Copyright Printed in USA.

15 Internal BGP Neighbor in same AS Next-hop unchanged May be several hops away IBGP routes are not forwarded to IBGP peers (Therefore a full IBGP mesh is required) => scaling problem! Router B: router bgp 1 neighbor remote-as 1 Router A: router bgp 1 neighbor remote-as 1 A B 29 Attributes 30 Copyright Printed in USA.

16 BGP Update Packet Withdraws Attributes Prefixes (Network-Layer Reachability Information) 31 BGP Attributes Tools for Routing Policy 1: ORIGIN 2: AS-PATH 3: NEXT-HOP 4: MED 5: LOCAL_PREF 6: ATOMIC_AGGREGATE 7: AGGREGATOR 8: COMMUNITY 9: ORIGINATOR_ID 10: CLUSTER_LIST 14: MP_REACH_NLRI 15: MP_UNREACH_NLRI 32 Copyright Printed in USA.

17 Decision Process Long answer: Read the next 4 slides Longer answer: 33 Decision Process For all paths of a prefix Compare path a to path b Flag the better path as the best path Compare that best path to path c and repeat until all paths for that prefix have been checked Path vs path comparison rules: 1st Eliminate bad paths Do not consider paths with our own AS # in the AS_PATH Do not consider received-only paths Do not consider not synchronized paths Do not consider paths whose NEXT_HOPs are inaccessible Do not consider paths that are dampened 34 Copyright Printed in USA.

18 Decision Process 2nd Compare path a to path b in the order specified below The process ends at the first step a difference can be found 1. Highest Weight 2. Highest LOCAL_PREF 3. Prefer locally originated route A locally sourced path is better than a locally aggregated path 4. Shortest AS_PATH This step is skipped if 'bgp bestpath as-path ignore is enabled 5. Lowest ORIGIN code IGP < EGP < Incomplete 6. Lowest Multi-Exit Discriminator (MED) 6a IF the path has no MED value IF bgp bestpath missing-as-worst is enabled, MED will be 4,294,967,295 ELSE MED will be 0 35 Decision Process 6b IF bgp deterministic-med is enabled, order the paths before comparing 6c MEDs are only compared if paths are from the same neighbor AS 6d IF bgp bestpath med confed is enabled, then compare paths w hose AS_PATHs consist of only Sub ASs 6e IF bgp always-compare-med is enabled then compare MED for all paths 7. Prefer an External path over an Internal path 8. Lowest IGP metric to the NEXT_HOP 9. IF multipath is enable, the router may install up to N parallel paths in the routing table when the following are true: If using multipath without confederations both routes must have the name neighbor AS If using multipath with confederations both paths must have the same neighbor sub_as 36 Copyright Printed in USA.

19 Decision Process 10. For External paths prefer the oldest path to minimize route-flap This step is skipped if any of the following are true: The bgp best path compare-routerid command is enabled The router ID is the same for multiple paths, since the routes w ere received from the same router There is no current best path; an example of losing the current best path occurs when the neighbor offering the path goes down 11. Lowest Router-ID Originator-ID is considered for reflected routes 12. Shortest Cluster-List Client must be aware of RR attributes! 13. Lowest neighbor IP address 37 Attribute Agenda Eliminate Bad Paths Local Preference AS-PATH Origin MED Router ID 38 Copyright Printed in USA.

20 NEXT_HOP The next hop to reach a network ebgp ibgp IP address of the peer NEXT_HOP advertised by ebgp IGP should carry route to NEXT_HOPs Recursive route lookup Unlinks BGP from the physical topology Allows IGP to make intelligent forwarding decision AS B A AS 1 39 BGP Attributes: NEXT_HOP AS /8 EBGP Next-Hop Set to Self D E AS /8 F AS 3 B C A AS / /8 3rd Party EBGP Overriding Defaults: / / IBGP Next-Hop Unmodified EBGP NLRI only: neighbor x.x.x.x next-hop-self route-map: set ip next-hop { A.B.C.D peeraddress} 40 Copyright Printed in USA.

21 Details: Overriding Next-Hop (Cont.) Set ip next-hop peer-address If used in an inbound route-map, the next-hop of the received (matching) routes will be set to be the neighbor peering address, thus overriding any thirdparty next-hops; the same route-map can be applied to multiple BGP peers If used in an outbound route-map, the next-hop of the advertised (matching) routes will be set to be the peering address of the local router, thus disabling the next-hop calculation; this command has finer granularity than the per-neighbor next-hop-self command 41 Synchronization AS 2 A AS 1 IGP Carries All Inter AS Routes B AS 3 Relic from the dark ages, before pervasive IBGP :-) SYCHRONIZATION RULE: B only advertises prefixes from AS2 that are also know by an IGP Run IBGP, and disable synchronization: router bgp 1 no synchronization 42 Copyright Printed in USA.

22 Problem: Override AS-path/MED? Solution: LOCAL PREFERENCE AS 4 AS 3 AS 2 AS 5 AS 1 Attribute local to AS Mandatory for IBGP updates Highest LOCAL_PREF is preferred Default 100 Route-map: set local-preference 43 LOCAL_PREF: Configuration AS 4 B AS 3 AS 2 AS 5 Configuration (rtr A): router bgp 1 neighbor x.x.x.x remote-as 2 neighbor x.x.x.x route -map foo in! route-map foo permit 10 match as -path 2 set local-preference 120! ip as -path access-list 2 permit ^2_ A AS 1 bgp Regular Expression Match Any AS Path Beginning with 2 44 Copyright Printed in USA.

23 LOCAL_PREF Indication of preferred path to exit the local AS Universal inside the local AS Paths with highest LOCAL-PREF are most desirable (default = 100) bgp default local-preference value 45 Problem: Loop Detection, Policy Solution: AS-PATH AS SEQUENCE List of AS s that a route has traversed AS SET Summarizes contributing sequence Sequence ordering is lost Route-map prepend: set as-path prepend E AS /24 D AS /24 A AS /24 AS /24 A: /24, ASPATH = 4 2 B: /24, ASPATH = 4 C: /24. ASPATH = 4 1 E: /22, ASPATH = 4 {1 2 3} B C 46 Copyright Printed in USA.

24 Detail: as-set AS_SET Unordered set of al ASs traversed Helps avoid loops Advertise the prefix and the components AND include AS_SET information in the path 47 as-set (Cont.) A: / B: /24 4 C: / E: /22 4 {1 2 3} Example: Router D router bgp 4 E network mask aggregate-address as-set ip route null0 254 AS /24 D AS /24 A AS /24 B AS /24 C 48 Copyright Printed in USA.

25 AS PATH and Routing Decisions In the absence of configured policy, the BGP route with the shortest AS PATH is selected as the best path => rightly or wrongly, traffic via the Internet takes the path through the least number of ISPs BUT: Path through ISP A may actually be worse than the path through ISP B plus ISP C 49 AS_PATH Pre-Pending AS 4 B /24 AS 3 AS 2 Configuration (rtr B): router bgp 4 AS 5 neighbor x.x.x.x remote-as 5 neighbor x.x.x.x route-map prepend out! route-map prepend permit 10 match as-path 2 set as-path prepend 4 4! ip as-path access-list 2 permit ^$ AS 1 A AS 1 Sees: / / bgp Regular Expression Match Any Empty AS Path i.e. All Routes from the Local AS, AS4 50 Copyright Printed in USA.

26 Problem: Indicate Best Path into AS Solution: MED CITY A AS 6 AS 3 CITY A AS 5 AS 1 AS 2 AS 4 Conveys relative preference of entry points Lowest MED is best Default is no MED==0 Comparable only if paths are from same AS Non-transitive Do not pass MED from one AS to another Route-map: set metric set metric-type internal CITY B 51 Setting MED to Match IGP Cost AS 6 A Configuration: router bgp 1 neighbor x.x.x.x remote-as 2 neighbor x.x.x.x route-map set_med out! route-map set_med permit 10 match as-path 2 set metric-type internal AS 1 B AS 2 AS 52 Copyright Printed in USA.

27 MED and IGP Metric set metric-type internal Enable BGP to advertise a MED which corresponds to the IGP metric values Changes are monitored (and re-advertised if needed) every 600s bgp dynamic-med-interval <secs> 53 deterministic-med Prevents inconsistent decision by BGP in some corner cases (mostly for large ISP) Should always be enabled on new network rollouts: router bgp 1 bgp deterministic-med 54 Copyright Printed in USA.

28 Least Useful Attribute Award: ORIGIN IGP network statement under router bgp EGP Redistributed from EGP Incomplete redistribute <IGP process> under router bgp To avoid confusion BGP bestpath decisions, use a route-map to: set origin igp for all BGP routes 55 BGP Attributes 75k1#sh ip bgp BGP routing table entry for /24, version Paths: (1 available, best #1) Not advertised to any peer! AS-PATH AS ID {10 20}, (aggregated by )! NEXT-HOP IGP METRIC PEER-IP PEER-ID (metric 10) from ( ) Origin IGP, metric 100, localpref 230, valid, aggregated internal (or external or local), atomic-aggregate, best Community: 64:3 10:0 20:10 Originator: , Cluster list: , Copyright Printed in USA.

29 Summary: The Decision Algorithm Consider Only (synchronized) Routes with No AS Loops and Valid Next-Hop, then Prefer: Highest WEIGHT Highest LOCAL PREFERENCE LOCALLY ORIGINATED (e.g. Network/Aggregate) Shortest AS-PATH Lowest ORIGIN (IGP < EGP < Incomplete) Lowest MED EBGP IBGP Lowest IGP METRIC to Next-Hop Neighbor with Lowest ROUTE_ID Full Story See: 57 Distance AS 2 A AS 1 IGP Carries All Inter AS Routes B AS 3 B only advertises prefixes from AS2 also in IGP (=>admin distance of EBGP must be < all IGPs) However, if synchronization is disabled: Do you really EVER want to prefer EBGP over your IGP? If no, then: router bgp 1 no synchronization distance EBGP IBGP LOCAL (e.g. Network Command) 58 Copyright Printed in USA.

30 The Decision Algorithm Where Is Distance? Consider Only (synchronized) Routes with No AS Loops and Valid Next-Hop, then Prefer: Highest WEIGHT Highest LOCAL PREFERENCE LOCALLY ORIGINATED (e.g. Network/aggregate) Shortest AS-PATH Lowest ORIGIN (IGP < EGP < Incomplete) Lowest MED EBGP IBGP Lowest IGP METRIC to Next-Hop Neighbor with Lowest ROUTE_ID DISTANCE: Does not effect BGP bestpath selection Is applied to the bestpath prior to insertion in the IP routing table Lowest DISTANCE is chosen when multiple routing protocols have the same route; not part of BGP 59 So Far BGP scales Internet routing Connects ISPs with AS numbers Not required to connect to the Internet May be useful for multihomed customers Useful to scale enterprise routing External and Internal BGP modes TCP port 179 Incremental updates 60 Copyright Printed in USA.

31 So Far BGP attributes: ASPATH, NEXT_HOP MED, LOCAL_PREF Allow routing policy via route-map Understand the bestpath decision in order to understand BGP! 61 BGP Template BGP Global Settings router bgp 1 bgp deterministic-med no synchronization no auto-summary distance For BGP Config Templates from Now on, I ll Assume You ve Already Done This! 62 Copyright Printed in USA.

32 Communities 63 Problem: Scale Routing Policy Solution: COMMUNITY NOT in decision algorithm BGP route can be a member of many communities Typical communities: Destinations learned from customers Destinations learned from ISPs or peers Destinations in VPN BGP community is fundamental to the operation of BGP VPNs 64 Copyright Printed in USA.

33 Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100 Customer Routes 1:80 ISP Routes ISP 2 ISP 1 ISP 3 ISP Customer 1 (No Default, Wants Full Routes) Customer 2 (Uses Default, Wants Your Routes) 65 Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100 Customer Routes 1:80 ISP Routes Set Community 1:80 ISP 2 ISP 1 Match Community 1:100 Match Community 1:100 1:80 Match Community 1:100 ISP 3 Set Community 1: ISP 4 Customer 1 (No Default, Wants Full Routes) Customer 2 (Uses Default, Wants Your Routes) 66 Copyright Printed in USA.

34 BGP Attributes: COMMUNITY Activated per neighbor/peer-group: neighbor {peer-address peer-group-name} send-community Carried across AS boundaries Common convention is string of four bytes: <AS>:[ ] 67 BGP Attributes: COMMUNITY (Cont.) Each destination can be a member of multiple communities Using a route-map: set community < > community number aa:nn community number in aa:nn format additive Add to the existing community none No community attribute local-asdo not send to EBGP peers (well-known community) no-advertise Do not advertise to any peer (well-known community) no-export Do not export outside AS/confed (well-known community) 68 Copyright Printed in USA.

35 Community Filters Filter based on Community Strings ip community-list <1-99> [permit deny] comm ip community-list < > [permit deny] regexp Per neighbor Inbound or outbound route-maps Match community <number> [exact-match] Exact match only for standard lists 69 Community Filters Example 1: Mark some prefixes as part of the 1:120 community (+remove existing community!) Configuration: router bgp 1 neighbor remote-as 2 neighbor send-community neighbor route-map set_community out! route-map set_community 10 permit match ip address 1 set community 1:120! access-list 1 permit Copyright Printed in USA.

36 Community Filters Example 2: Set LOCAL_PREF depending on the community that the prefix belongs to Configuration: router bgp 1 neighbor remote-as 2 neighbor route-map filter_on_community in! route-map filter_on_community 10 permit match community 1 set local-preference 150! ip community-list 1 permit 2: Regular Expression Syntax URL Overview of IOS regular expression syntax: t/software/ios11/arbook/arapptrn.htm 72 Copyright Printed in USA.

37 BGP Route Reflectors 73 Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID Comparison Redundancy 74 Copyright Printed in USA.

38 Why Route Reflectors? Avoid n(n-1)/2 ibgp Mesh N=1000 => Nearly Half a Million ibgp Sessions! n(n-1)/2 ibgp Sessions! 75 Route Reflectors RFC 2796 Relaxes rule which says a route from one ibgp peer cannot be advertised to another ibgp peer A Route Reflector (RR) can advertise a route from an ibgp peer to a Route Reflector Client (RRC) The ORIGINATOR_ID and CLUSTER_LIST attributes are used to perform loop detection Provides a scalable alternative to the ibgp full mesh problem neighbor x.x.x.x route-reflector-client 76 Copyright Printed in USA.

39 Route Reflectors Terminology Non-client Route Reflector Clients Clusters Clients Lines Represent Both Physical Links and BGP Logical Connections 77 Route Reflectors Terminology (Cont.) Route reflector Client Router that reflects the ibgp information Routers between which the RR reflects updates (may be fully meshed among themselves) Cluster Set of one or more RRs and their clients (may overlap) Non-client ibgp neighbour outside the cluster 78 Copyright Printed in USA.

40 Route Propagation What does a RR do with the best path? It depends on who sent us the path: From an ebgp peer, send the path to everyone From a RRC, reflect the path to RRCs and ibgp peers, send the path to ebgp peers From a regular ibgp peer, reflect the path to RRCs and send the path to ebgp peers When a route is reflected the RR appends his ROUTER_ID or bgp cluster-id to the CLUSTER_LIST 79 Route Reflectors Deploying Divide network into multiple clusters Each cluster contains at least one RR; clients can peer with RRs in other clusters for redundancy RRs are fully meshed via ibgp Still use single IGP next-hop unmodified by RR unless via explicit route-map 80 Copyright Printed in USA.

41 Route Reflectors Topology RR topology should follow physical topology A RRC should not peer through RR1 to get to RR2 unless RRC is also peering with RR1 Defining two RRs in a POP and having every router in that POP peer to those RRs is ok Black holes and routing loops can occur otherwise RRC Cluster A Backbone RR RR RR RR Cluster C RRC RR RRC Cluster B RR Cluster D RRC 81 Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID Comparison Redundancy 82 Copyright Printed in USA.

42 Route Reflectors Attributes ORIGINATOR_ID Router ID of IBGP speaker that injects route into AS applied by RR Useful for troubleshooting and loop detection 83 Route Reflectors Attributes CLUSTER_LIST String of CLUSTER_IDs through which the route has passed Usually CLUSTER_ID = ROUTER_ID CLUSTER_ID is overridden by bgp cluster-id x.x.x.x Useful for troubleshooting and loop detection 84 Copyright Printed in USA.

43 Route Reflectors Attributes Example: RouterB>sh ip bgp BGP routing table entry for / from ( ) RR Origin IGP, metric 0, localpref 100, valid, internal, best B A Router id RRC Router id RR C RRC Router id D Originator: Cluster list: , AS Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID comparison Redundancy 86 Copyright Printed in USA.

44 Route Reflector Multiple Tiers RRs are required to maintain a full mesh among themselves Multiple levels or tiers of route-reflectors can be used to ease the pain of maintaining a full mesh among RRs Unlimited number of tiers that can be used 87 Route Reflectors Hierarchy Clusters may be configured hierarchically RRs in a cluster are clients of RRs in a higher level Provides a natural method to limit routing information sent to lower levels Level 1 Level 2 88 Copyright Printed in USA.

45 Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID comparison Redundancy 89 Deploying Route Reflectors Divide backbone into multiple clusters Each cluster contains at least one RR; Clients can peer with RRs in other clusters for redundancy RRs are fully meshed via IBGP Still use single IGP next-hop unmodified by RR; unless via explicit inbound route-map 90 Copyright Printed in USA.

46 Route Reflectors Migration Where to place the route reflectors? Follow the physical topology! This will guarantee that the packet forwarding won t be affected Configure one RR at a time Eliminate redundant ibgp sessions Place one RR per cluster 91 Route Reflectors Migration Migration is easy Configure one RR at a time Eliminate redundant ibgp sessions Place one RR per cluster Repeat as needed 92 Copyright Printed in USA.

47 Route Reflectors Migration Step 0: ibgp full mesh A B C E D Logical Links Physical AND Logical Links 93 Route Reflectors Migration Step 1: Configure D as a RR; E is the client A B C E D RR Logical Links Physical AND Logical Links 94 Copyright Printed in USA.

48 Route Reflectors Migration Step 2: Eliminate unnecessary ibgp links A B C E D RR Logical Links Physical AND Logical Links 95 Route Reflectors Migration Step 3: Repeat for other clusters and ibgp links A Finished!! RR B C RR E D RR Logical Links Physical AND Logical Links 96 Copyright Printed in USA.

49 Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID comparison Redundancy 97 Route Reflectors Redundancy A RRC may peer with more than one reflector, in different clusters A RRC that peers to only one RR has a single point of failure RRC should peer to at least two RRs to provide redundancy The million dollar question Should redundant RRs be in the same cluster or should they be in separate clusters? 98 Copyright Printed in USA.

50 Same Cluster-ID RRs A and C have the same Cluster-ID C will deny routes reflected from A due to cluster-list loop detection If session from C to D fails, C will not be able to reach /8 If session from B to A fails, B will not be able to reach /8 D has some redundancy, but not 100% cluster-id 10 C A RR2 RR1 B D ebgp /8 Lines Represent Both Physical Links and BGP Logical Connections 99 Same Cluster-ID Technically not 100% redundant If loopback peering is used then the chances of C D or B A failure are greatly reduced Using same Cluster-ID with loopback peering is fine cluster-id 10 C RR2 B A RR1 D ebgp /8 100 Copyright Printed in USA.

51 Different Cluster-ID RRs A and C have different Cluster-IDs C will not deny routes reflected from A C will know about /8 from A and D If C to D session fails, C can still reach /8 via A If B to A session fails, B can still reach /8 via C D has true redundancy cluster-id 10 cluster-id 20 C A RR2 RR1 B D ebgp /8 Lines Represent Both Physical Links and BGP Logical Connections 101 Different Cluster-ID C has two paths to /8 but only had one path in Same Cluster-ID topology Unique Cluster-IDs mean more paths on RRs which translates to more memory cluster-id 10 C RR2 B cluster-id 20 A RR1 D ebgp /8 102 Copyright Printed in USA.

52 Cluster-ID Comparison Redundancy Admin Factors Attribute Combos RR Memory Consumption Same Cluster-ID ~100% with Loopback Peering Easy to ID POPs Based on Cluster-ID Medium One Path from Each RRC Different Cluster-ID 100% Easy to ID Router Based on Cluster-ID High One Path from Each RRC and One from Each RR 103 Route Reflectors Basics Attributes Multiple Tiers Migration Cluster ID comparison Redundancy 104 Copyright Printed in USA.

53 Route Reflectors Redundancy Can a RRC have too much redundancy? RRC will receive an additional view for each extra RR it peers with, which will consume extra memory RRC RRs 105 Route Reflectors Redundancy Each RR in Cluster A has 4 paths to /8 Only one exit point for this prefix but we learn about it from 4 peers Increases memory consumption on RRs Cluster A Cluster B /8 RRC - A RRC - B RRs RRs 106 Copyright Printed in USA.

54 Route Reflectors Redundancy Some redundancy is needed Too much burns memory on RRCs because the client learns the same information from each RR Also burns memory on the RRs because they learn multiple paths for each route introduced by a RRC Two or three reflectors peer cluster should be plenty 107 Route Reflectors Summary ORIGINATOR_ID and CLUSTER_LIST provide loop detection mechanism; allows BGP to advertise a route from one ibgp speaker to another Migration from ibgp full mesh to Route Reflectors is painless If one tier is not enough additional tiers of RRs can be used Too much redundancy can be a bad thing Remember: Follow the physical topology 108 Copyright Printed in USA.

55 RR Alternative (Confederations) RFC 3065 Autonomous System Confederations for BGP Another alternative to ibgp full mesh An AS is split into multiple Sub-AS s but still looks like a single AS to ebgp peers Sub-AS numbers should come from private AS range BGP between each Sub-AS is similar to ebgp Preserve NEXT_HOP across the Sub-AS (IGP carries this information) Preserve LOCAL_PREF and MED 109 RR Alternative (Confederations) AS_CONFED_SEQUENCE provides loop detection mechanism; allows BGP to advertise a route from one ibgp speaker to another Transition from ibgp full mesh to Confederations is difficult; same story when moving away from Confeds For more info: wk/ics/icsbgp4.htm# Copyright Printed in USA.

56 RRs or Confederations External Connectivity Multi-Level Hierarchy Policy Control Scalability Migration Complexity Confederations Anywhere in the Network Yes Yes Medium Medium To High Route Reflectors Anywhere in the Network Yes Yes Very High Very Low 111 BGP Aggregation 112 Copyright Printed in USA.

57 What Is Aggregation? Summarization based on specifics from the BGP table, not the routing table => How to Aggregate aggregate-address {asset} {summary-only} {route-map} Use as-set to include AS_PATH and community info from components summary-only suppresses component routes of /16 route-map sets other attributes 114 Copyright Printed in USA.

58 Why Aggregate? Reduce number of Internet prefixes advertise only your CIDR block Increase stability aggregate stays even if specifics come and go Stable aggregate generation: Nail down a component route ( /32) router bgp 100 aggregate-address network ! ip route Null BGP Attribute: Atomic Aggregate Indicates loss of AS-PATH information Must not be removed once set Only present when an aggregate route is created without the as-set keyword Informational attribute only It doesn t really do anything 116 Copyright Printed in USA.

59 BGP Attribute: Aggregator AS number and IP address of router generating aggregate Useful for troubleshooting Only set by aggregate-address; NOT set by the network statement 117 Dampening 118 Copyright Printed in USA.

60 Route Dampening Route flap The bouncing up and down of a path A flap ripples through the entire Internet Consumes CPU cycles, causes instability Solution: Reduce scope of route flap propagation History predicts future behavior Suppress oscillating routes Advertise stable suppressed routes 119 Route Dampening: Operation Add penalty for each flap Exponentially decay penalty Penalty above suppress-limit do not advertise up route Penalty decayed below reuse-limit advertise route Maintain a history for flapping paths Dampening is only for external paths Alternate paths still usable Suppress-limit, reuse-limit and half-life time give control 120 Copyright Printed in USA.

61 Penalty Route Dampening 4 Suppress-Limit 3 2 Reuse-Limit Time 121 Selective Dampening Selective dampening based on AS-PATH Community Prefix Variable dampening 122 Copyright Printed in USA.

62 Dampening Configuration bgp damping <halflife-time> <reuse> <suppress> <maximumsuppress-time> Example: router bgp 109 bgp dampening route -map SELECTIVE _DAMPENING! access-list 110 permit ip any access-list 111 permit ip any any! route-map SELECTIVE_DAMPENING permit 10 match ip address 110 set dampening ! route-map SELECTIVE_DAMPENING permit 20 match ip address 111 set dampening ! 123 Dampening A route can only be suppressed when receiving an advertisement Not when receiving a WITHDRAW Attribute changes count as a flap (1/2 penalty) In order for a route to be suppressed the following must be true: The penalty must be greater than the suppress-limit An advertisement for the route must be received while the penalty is greater than the suppress-limit A route will not automatically be suppressed if the suppresslimit is 1000 and the penalty reaches 1200; the route will only be suppressed if an advertisement is received while the penalty is decaying from 1200 down to Copyright Printed in USA.

63 Dampening Deployment Configurable parameters: Half-life The number of minutes it takes for the penalty to decay by 1/2 Reuse-limit If a route is suppressed the penalty must decay to this value to be unsuppressed Suppress-limit The penalty must be greater than this threshold when an advertisement is received for a route to be suppressed Max-suppress-time The maximum number of minutes a route may be suppressed 125 Dampening Deployment Calculated parameters: Max-penalty The maximum penalty a route may have that will allow the penalty to decay to reuse -limit within maxsuppress-time max-penalty = reuse -limit * 2^(max-suppress-time/half-life) If half-life is 30, reuse-limit is 800, and max-suppress-time is 60 then the max-penalty would be 3200; if we allowed the penalty to reach 3201 it would be impossible for the penalty to decay to 800 within 60 minutes Cisco IOS Will Generate a Warning Message if the Max-Penalty Is above 20,000 or Less Than the Suppress-Limit 126 Copyright Printed in USA.

64 Dampening Example Small suppress window: Half-life of 30 minutes, reuse-limit of 800, suppresslimit of 3000, and max-suppress-time of 60 Max-penalty is 3200 Advertisement must be received while penalty is decaying from 3200 down to 3000 for the route to be suppressed A 3 min 45 second (rough numbers) window exist for an advertisement to be received while decaying from 3200 to Dampening Example II No window: Half-life of 30 minutes, reuse-limit of 750, suppresslimit of 3000, and max-suppress-time of 60 Max-penalty = 750 * 2^(60/30) = 3000 Here the max-penalty is equal to the suppress-limit The penalty can only go as high as 3000 The decay begins immediately, so the penalty will be lower than 3000 by the time an advertisement is received A route could consistently flap several times a minute and never be suppressed 128 Copyright Printed in USA.

65 Summary BGP is used to interconnect AS and to scale enterprise routing Consists of both external and internal BGP modes Uses attributes to carry information about routes: ASPATH, NEXT_HOP, MED, LOCAL_PREF The bestpath decision algorithm is used to determine route preference 129 Summary (Cont.) Communities are useful for implementing policy Route Reflectors help ibgp mesh scaling Aggregation reduces the number of prefixes and adds stability Dampening suppresses route flapping 130 Copyright Printed in USA.

66 Recommended Reading Internet Routing Architectures, Second Ed. ISBN: X Routing TCP/IP Vol II ISBN: Available on-site at the Cisco Company Store 131 Recommended Reading Troubleshooting IP Routing Protocols ISBN: Cisco BGP-4 Command and Configuration Handbook ISBN: X Available on-site at the Cisco Company Store 132 Copyright Printed in USA.

67 Please Complete Your Evaluation Form Session Copyright Printed in USA.