BGP Configuration Guide



Similar documents
APNIC elearning: Introduction to MPLS

An ADTRAN White Paper. Private IP Service BGP/MPLS VPN Networks

Using the Border Gateway Protocol for Interdomain Routing

Keep it Simple with BGP/MPLS Virtual Private Networks

NetVanta Series (with Octal T1/E1 Wide Module)

Configuring T1 and E1 WAN Interfaces

MPLS VPN Security. Intelligent Information Network. Klaudia Bakšová Systems Engineer, Cisco Systems

Configuring a Basic MPLS VPN

HughesNet and MPLS. This white paper addresses how it is possible to seamlessly integrate MPLS and HughesNet.

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Cisco Configuring Basic MPLS Using OSPF

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

How To Understand Bg

IP Routing Configuring RIP, OSPF, BGP, and PBR

MPLS-based Layer 3 VPNs

IP Routing Configuring Static Routes

Module 12 Multihoming to the Same ISP

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

Border Gateway Protocol Best Practices

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

BGP Best Path Selection Algorithm

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Border Gateway Protocol (BGP)

Multihomed BGP Configurations

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

How To Set Up A Netvanta For A Pc Or Ipad (Netvanta) With A Network Card (Netvina) With An Ipa (Net Vanta) And A Ppl (Netvi) (Netva)

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Table of Contents. Cisco Configuring a Basic MPLS VPN

Understanding Route Redistribution & Filtering

Quick Note 20. Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP)

Kingston University London

BGP-4 Case Studies. Nenad Krajnovic.

Configure ISDN Backup and VPN Connection

APNIC elearning: BGP Basics. Contact: erou03_v1.0

MPLS Implementation MPLS VPN

Frame Mode MPLS Implementation

Simple Multihoming. ISP/IXP Workshops

HP Networking BGP and MPLS technology training

Introduction to MPLS-based VPNs

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

NetVanta 3000 Series (with T1/FT1 or T1/FT1 with DSX-1 Network Interface Module)

Module 7. Routing and Congestion Control. Version 2 CSE IIT, Kharagpur

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Internet inter-as routing: BGP

Multiprotocol Label Switching Load Balancing

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

IPv6 over MPLS. Course Number Presentation_ID. Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager

Testing Juniper Networks M40 Router MPLS Interoperability with Cisco Systems 7513 and Routers

Advanced BGP Policy. Advanced Topics

BGP Link Bandwidth. Finding Feature Information. Contents

Using OSPF in an MPLS VPN Environment

RFC 2547bis: BGP/MPLS VPN Fundamentals

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

> Border Gateway Protocol (BGP-4) Technical Configuration Guide. Ethernet Routing Switch. Engineering

Task 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1.

Load balancing and traffic control in BGP

BGP Attributes and Path Selection

Configuring BGP. Cisco s BGP Implementation

Routing Protocol - BGP

CCNA2 Chapter 11 Practice

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

CCIE R&S Lab Workbook Volume I Version 5.0

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

OSPF Routing Protocol

BGP1 Multihoming and Traffic Engineering

Figure 1 - T1/E1 Internet Access

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

SSVP SIP School VoIP Professional Certification

BGP Terminology, Concepts, and Operation. Chapter , Cisco Systems, Inc. All rights reserved. Cisco Public

Configuring a Gateway of Last Resort Using IP Commands

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

BGP4 Case Studies/Tutorial

GregSowell.com. Mikrotik Routing

For internal circulation of BSNLonly

IPv6 over IPv4/MPLS Networks: The 6PE approach

Route Discovery Protocols

Leveraging Advanced Load Sharing for Scaling Capacity to 100 Gbps and Beyond

How To Import Ipv4 From Global To Global On Cisco Vrf.Net (Vf) On A Vf-Net (Virtual Private Network) On Ipv2 (Vfs) On An Ipv3 (Vv

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Brocade to Cisco Comparisons

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

Border Gateway Protocol BGP4 (2)

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

PT Activity 8.1.2: Network Discovery and Documentation Topology Diagram

Cisco CCNP Optimizing Converged Cisco Networks (ONT)

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

Managing MPLS Networks. Oleg Kupershmidt and Joel Kaufman

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

Lab 4.2 Challenge Lab: Implementing MPLS VPNs

Course Contents CCNP (CISco certified network professional)

Network Level Multihoming and BGP Challenges

Understanding Virtual Router and Virtual Systems

Department of Communications and Networking. S /3133 Networking Technology, Laboratory course A/B

Transcription:

Configuration Guide 5991-3730 August 2005 BG Configuration Guide Configuring BG for Access to rivate I Services (BG/MLS VN Networks) This Configuration Guide provides an overview of rivate I Services (BG/MLS VN networks), compares methods for conveying customer routes to and from the provider network, and provides details on how to configure rocurve Secure Routers as customer edge routers using BG on the access link. For detailed information regarding specific command syntax, refer to the SROS Command Line Interface Reference Guide on your rocurve SROS Documentation CD. This guide consists of the following sections: Understanding rivate I Services on page 2 rivate I Services: BG/MLS VN Networks on page 2 Connecting to the rivate I Service on page 4 Option 1: Static Routes on page 5 Option 2: RI V2 on page 5 Option 3: OSF on page 6 Option 4: BG on page 6 Configuration Examples on page 7 Example 1: Basic BG Connectivity on page 7 Example 2: BG Connectivity with Ingress refix Filters on page 9 Appendix A: BG Decision Logic in SROS J.03.01 on page 10 Acronyms on page 11 61195880L1-29.5A rinted in the USA 1

Understanding rivate I Services BG Configuration Guide Understanding rivate I Services rovider-based WANs have long been servicing enterprise applications (where many branch offices connect to a corporate site) and retail applications (where thousands of stores connect to one or more data centers). In the past, this type of application was often served by a Frame Relay/ATM network. As shown in Figure 1, the provider s service was Layer 2, connecting and delivering VCs to each customer site (where the customer router terminated each VC). At the corporate or data center sites, the WAN router terminated VCs from every remote. Each VC was often implemented as a separate point-to-point sub-interface on the router. As the number of sites grew, router resources and VC management became an issue. Also, since VCs represent a recurring cost, adding mesh connectivity between sites with the Layer 2 solution became very expensive after reaching a certain size. For example, since a full mesh requires n(n-1)/2 VCs, four sites require six VCs while eight sites require 28 VCs. Branch Router VC 1 Branch Router Corporate Router VC 2 Branch Router VC 3 Layer 2 WAN (Frame Relay/ATM) VC 4 Branch Router Figure 1. WAN Connectivity with a Frame Relay rovider (Layer 2) A popular solution to this problem has been network-based Layer 3 VNs (delivered as a service often called rivate I, I, Layer 3 VN, I VN, or BG/MLS VN Networks). This document briefly describes this service and discusses how customers can communicate routes to/from it. Details are then given on how to configure a rocurve Secure Router as the customer router communicating with this service using BG. rivate I Services: BG/MLS VN Networks RFC2547 [1] and updates to this RFC [1] define the popular concept of network-based Layer 3 VNs. While more complex for the provider to implement, complexity for the customer decreases significantly. In the end it is less complex for the provider because it aids in the I convergence of their core network, eliminating multiple or overlay networks. From the customer perspective, the fundamental difference between a Layer 2 and a Layer 3 implementation is as follows: With a Layer 2 WAN, the customer router views the provider as one or more Layer 2 pipes (VCs), each connecting to one other customer site. With a Layer 3 WAN, the customer router sees the provider as a peer router on a point-to-point link. That peer router can have arbitrary connectivity to any of the customer s other sites. 2 5991-3730

BG Configuration Guide Understanding rivate I Services The customer router still connects to the provider network using familiar Layer 1 and 2 technologies (ADSL with oe and T1 with Frame Relay are quite common), but this connectivity terminates at the local provider edge where the customer s I traffic enters the provider s I network. The customer packets are delivered by the network based on the provider s knowledge of the customer s I networks. How the provider gets this knowledge is key to this document and is discussed later. But first, let s look a little closer at the provider network. rovider Network Example In RFC2547 (BG/MLS VNs March 1999), the customer router is referred to as a Customer Edge (CE) router. Internal to the provider s Layer 3 network, are two types of routers: rovider Edge (E) and rovider () routers. As shown in Figure 2, E routers are located at the edge of the provider network and connect to CE and routers. routers only connect to E and other routers. They do not connect to CE routers. MLS/BG VN Core Internet CE BLUE HOST CE BLUE CE RED E1 E2 HOST CE RED ROUTER/ LAYER 3 SWITCH CE RED E3 CE RED ROUTER/ LAYER 3 SWITCH Figure 2. WAN Connectivity with a rivate I rovider (Layer 3) The following points are vital to the internal operation of an RFC2547 network. Consider the red customer in Figure 3 on page 4. Red has several geographically dispersed sites connected by a Layer 3 WAN: Each E router that connects to a red site must have knowledge of the networks at that site (at least those that are known as reachable across the WAN). Information about those networks is propagated via BG 1 directly to all other red-connecting Es. This BG is entirely separate from the BG that might run on the CE router. routers have no knowledge of this BG communication and are not aware of any customer information. They only know the location of all and E routers. and E routers often use an internal gateway protocol (such as OSF) to understand the physical connectivity of the provider s internal network. 1 RFC2547 defines additions to BG necessary to convey details about the VNs within the network. These details are beyond the scope of this document. 5991-3730 3

Understanding rivate I Services BG Configuration Guide Red s packets are kept entirely separate from the packets of other customers. This is where the term VN is earned. On the access link from CE to E, this separation is performed by separate physical interfaces or by separate logical (virtual) interfaces (where multiple customers might share an access link such as VCs or Vs). Internal to the E router, separation is performed by VRFs (Virtual Routing and Forwarding Instances). A VRF can be thought of as a logically separate route table within the E that holds a single customer s routes and cannot intermingle with another customer s VRF in the same router. While moving from E router to E router across routers, separation is performed using MLS Label Switch aths (LSs). LSs provide a dynamic VC-like connection through the network that can quickly recalculate should a failure occur within the provider cloud. E routers are MLS label edge routers in that they are the beginning and ending of MLS LSs used to switch customer packets through the provider network. routers are MLS label switch routers. They simply switch customer packets on the LSs. MLS/BG VN Core Internet CE BLUE HOST CE BLUE CE RED E1 VRF VRF LS VRF VRF E2 HOST CE RED ROUTER/ LAYER 3 SWITCH CE RED VRF E3 VRF CE RED ROUTER/ LAYER 3 SWITCH Figure 3. Customer Separation within a rivate I rovider Connecting to the rivate I Service Using the basics of a Layer 3 VN service, how does a E learn about a connected customer s networks in order to propagate that information to the Es connecting the customer s other sites? And, how does that E convey customer network information learned from distant Es to the connected CE? Is a routing protocol required on the CE-E link? Many people are under the impression that the CE router MUST use BG to communicate this information to the E. This is absolutely not true. However, there are reasons why BG is sometimes the best option. The following pages explore the pros and cons of several options. The ultimate decision depends on the requirements of the customer and the provider. 4 5991-3730

BG Configuration Guide Understanding rivate I Services Option 1: Static Routes The E router has static routes configured representing the networks of a connected customer site. The next-hop gateway is typically the connected CE. The CE router may have discrete static routes or a static default route with the next hop gateway set to the E. ros Simple to configure and operate. No protocol bandwidth overhead. No protocol processing overhead. Scales well on E routers with many customers. Cons Except for local link failure (Layer 1 or 2), there is no dynamic detection of a failure in the provider or customer network (whether used for basic detection of liveliness or for resolving routes). Alternate paths and dynamic detection are not provided. Requires redistribution to/from BG at the E router. This increases the chance of errors in the E configuration. Customer site changes that alter the network information representing that site require the provider to make manual modifications on the local E router. This requires provider interaction, takes time, and increases the chance of errors in the E configuration. Option 2: RI V2 CE and E routers exchange customer network information over the CE-E link using RI V2. Many people forget that this protocol runs only on the CE-E link. Unlike Layer 2 WANs, the hub router is not concerned with periodic updates from each remote due to concentration of VCs. In Layer 3 WANS, the periodic updates are local to each CE-E link. ros Simple to configure and operate. Low protocol bandwidth overhead; one packet in each direction every 30 seconds (compared to hello packets used by other protocols that are typically sent every 10 seconds). Low protocol processing overhead. Scales reasonably well on E routers with many customers. erfectly suitable for indicating basic liveliness in both directions. Can be suitable for resolving mutually exclusive paths such as dial backup. Customer site changes are propagated dynamically to the E router. Cons Not recommended for non-stub applications where there are multiple paths active at one time between customer and provider, or directly between customer sites. Note: A backup scheme where either a primary or backup link is active at one time can be considered a stub. May have to consider how routing information is managed in the primary and backup network during failure. Requires redistribution to/from BG at the E router. Increases the chance of errors in the E configuration. 5991-3730 5

Understanding rivate I Services BG Configuration Guide Option 3: OSF CE and E routers exchange customer network information over the CE-E link using OSF. ros Suitable for indicating liveliness in both directions. rotocol bandwidth overhead is low with the proper design. Suitable for complex non-stub applications where there are multiple paths active at one time. Customer site changes are propagated dynamically to the E router. Cons Not simple to configure. OSF settings must be coordinated with the provider. rotocol bandwidth can be large during topology changes, depending on the network design and number of routes to propagate. rotocol processing overhead can be significant, especially on E routers with many customers. (Some providers refuse OSF for this reason.) Requires redistribution to/from BG at the E router. Increases the chance of errors in the E configuration. Widely agreed that this protocol is overkill for the application. Option 4: BG CE and E routers exchange customer network information over the CE-E link using BG. ros Medium protocol bandwidth overhead. Medium protocol processing overhead. Scales well on E routers with many customers. Suitable for indicating liveliness in both directions. Suitable for complex applications where there are numerous paths active at one time. Customer site changes are propagated dynamically to the E router. Is the native protocol of the provider router (no concern over protocol redistribution). olicy-based, providing robust policy control over what is sent and received. Though manual configuration could be viewed as a negative, the tight policy controls allowed by the protocol help customers protect themselves from provider misconfiguration and failure. With proper subnet design, the need to change BG network settings over time can be eliminated. Cons Not simple to configure. Certain settings must be coordinated with the provider. olicy controls can require significant manual configuration on each router. The more policy controls in use, the more configuration required. 6 5991-3730

BG Configuration Guide Configuration Examples Configuration Examples This section provides configuration examples for deploying a rocurve Secure Router as the customer-located CE router when connecting to a private I network service (Layer 3 VN), using BG as the CE-E routing protocol. These examples represent any of the rocurve Secure Router 7000dl Series units. Slight modifications may be required for use on specific platforms. Example 1: Basic BG Connectivity This example illustrates basic BG connectivity with a Layer 3 provider over a single link. The provider s BG AS is 65000. The customer AS is 65001. BG allows all sites to know when other sites are available. The customer has assigned each customer site a /24 prefix from 10.10.x.0, where x represents the site number. In this example, the site number is 1. At each site, the /24 prefix is variably subnetted on local s. Only the /24 prefix is advertised to the provider network for propagation to other sites. The provider delivers each customer /24 prefix to the other customer sites. BG AS 65001 10.10.1.0/24 Variable subnetting on local s 64.19.120.1 BG AS 65000 XYZ Router XYZ Router Customer Site 1 64.19.120.2 E 1 Layer 2 WAN (BG/MLS VN) E n Customer Site n 10.10.1.193/27 Figure 4. Single Connection to a rivate I rovider Network Some configuration items not directly related to BG connectivity are omitted. Customer Site 1 CE Router: hostname "Site 1" ip routing interface loop 1 rovide a consistent ip description Management Interface address for management. ip address 10.10.1.254 255.255.255.255 Loopback interface never no shutdown goes down. interface eth 0/1 eth 0/1 is a local description Local interface. Other ip address 10.10.1.193 255.255.255.224 interfaces exist (not shown) no shutdown that are variably subnetted from the same /24 prefix allocated to this site. 5991-3730 7

Configuration Examples BG Configuration Guide interface t1 1/1 description NtwkT1 CktID 54321 tdm-group 1 timeslots 1-24 speed 64 no shutdown interface fr 1 point-to-point description WANFR CktID 67890 frame-relay lmi-type ansi no shutdown bind 1 t1 1/1 1 frame-relay 1 interface fr 1.17 point-to-point description VC17 frame-relay interface-dlci 17 frame-relay bc 768000 description Frame Relay 1.17 DLCI-17 ip address 64.19.120.2 255.255.255.252 bandwidth 768 router bgp 65001 BG AS number for this customer site. no auto-summary All network prefixes are explicit. no synchronization Advertisements independent of IGsync. bgp router-id 10.10.1.254 Use mgt ip address as BG RID (lo 1). network 10.10.1.0 mask 255.255.255.0 Inject /24 allocated for this site. neighbor 64.19.120.3 Address of the E router. no default-originate Do not send default route TO provider. description BG AS-65001 eer-65000 soft-reconfiguration inbound Allow BG softresets w/out flapping E. update-source loop 1 Use mgt iface(lo 1) as BG src I addr. remote-as 65000 rovider s BG AS number. ip route 10.10.1.0 255.255.255.0 null 0 This is the /24 prefix allocated to this site. Since all local interfaces are variably subnetted from this address (longer prefixes), this exact prefix does not exist in the route table. A static route to null0 allows the prefix to exist so that the BG network statement will inject the /24 route into BG. ackets received will be routed to the interface with the more specific matching prefix. Any packets to a non-existing more specific prefix will be dropped by this static route. no ip http server no ip http secure-server ip ftp source-interface loopback 1 all mgt functions use mgt addr (lo 1). 8 5991-3730

BG Configuration Guide Configuration Examples ip radius source-interface loopback 1 ip tftp source-interface loopback 1 ip sntp source-interface loopback 1 logging forwarding source-interface loopback 1 line con 0 no login line-timeout 60 line telnet 0 4 login line-timeout 60 end Example 2: BG Connectivity with Ingress refix Filters This configuration builds on Example 1 and adds ingress prefix filters to control which routes are accepted from the provider. The filters allow routes from a specific address range (those of other customer sites) to be accepted by the CE router. (Only the sections changed from Example 1 are shown here.) router bgp 65001 no auto-summary no synchronization bgp router-id 10.10.1.254 network 10.10.1.0 mask 255.255.255.0 neighbor 64.19.120.1 no default-originate description BG AS-65001 eer-65000 prefix-list Corp_Nets in soft-reconfiguration inbound update-source loop 1 remote-as 65000 To guard against provider errors that might breach corporate security, filter networks received from provider to only allowed networks. The following prefix list is used to limit the prefixes allowed from the provider. Routes from other site subnets (10.10.x.0 with a /24 prefix length) are allowed. ip prefix-list Corp_Nets description "Customer VN Connections" ip prefix-list Corp_Nets seq 20 permit 10.10.0.0/16 ge 24 le 24 5991-3730 9

Appendix A: BG Decision Logic in SROS J.03.01 BG Configuration Guide Appendix A: BG Decision Logic in SROS J.03.01 The following is the BG decision logic used by rocurve Secure Routers in release J.03.01 when comparing two BG routes: Ignore route if next hop is unreachable. refer route with largest local preference. refer route with shortest AS_ATH. refer route injected by this router via network command, then redistribute (future) command, then aggregate (future) command. refer route with lowest origin type. Routes originally injected by the network command or aggregation (IG) will be of lower origin than those originally injected by redistribution into BG (incomplete). refer routes with lowest MED value. refer ebg over ibg. Equivalent routes at this point are considered multipath candidates if in same AS. Compare IG metric (administrative distance). Compare other, generic-route metrics. Compare incoming router ID. Compare neighbor I address. 10 5991-3730

BG Configuration Guide Acronyms Acronyms ADSL...Asymmetric Digital Subscriber Line AS...Autonomous System ATM...Asynchronous Transfer Mode BG...Boarder Gateway rotocol CE...Customer Edge ebg...external BG ibg...internal BG IG...Interior Gateway rotocol I...Internet rotocol...local Area Network LS...Label Switch ath MED...Multi-Exit Discriminator MLS...Multiprotocol Label Switching OSF...Open Shortest ath First...rovider E...rovider Edge I...rivate Internet rotocol oe...oint-to-oint rotocol over Ethernet VC...ermanent Virtual Circuit RI...Routing Information rotocol SROS...Secure Router Operating System VC...Virtual Circuit V...Virtual Local Area Network VN...Virtual rivate Network VRF...Virtual Routing and Forwarding WAN...Wide Area Network References [1] E. Rosen, Y. Rekhter, BG/MLS VNs, RFC2547, March 1999. [2] Rosen, et al., BG/MLS I VNs, Work in rogress (draft-ietf-ppvpn-rfc2547bis-04.txt, update to RFC2547). 5991-3730 11

References BG Configuration Guide Copyright 2005 Hewlett-ackard Development Company, L. The information contained herein is subject to change without notice. 12 5991-3730

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information