BGP Tutorial v 1.3. Dr. John S. Graham Global Research NOC, Indiana University

Similar documents
APNIC elearning: BGP Attributes

BGP Best Path Selection Algorithm

Border Gateway Protocol (BGP)

How To Understand Bg

BGP Basics. BGP Uses TCP 179 ibgp - BGP Peers in the same AS ebgp - BGP Peers in different AS's Private BGP ASN. BGP Router Processes

BGP: Frequently Asked Questions

BGP overview BGP operations BGP messages BGP decision algorithm BGP states

BGP Attributes and Path Selection

Using the Border Gateway Protocol for Interdomain Routing

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

BGP Terminology, Concepts, and Operation. Chapter , Cisco Systems, Inc. All rights reserved. Cisco Public

Border Gateway Protocol BGP4 (2)

MPLS VPN Route Target Rewrite

APNIC elearning: BGP Basics. Contact: erou03_v1.0

BGP Routing. Course Description. Students Will Learn. Target Audience. Hands-On

E : Internet Routing

Exterior Gateway Protocols (BGP)

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

--BGP 4 White Paper Ver BGP-4 in Vanguard Routers

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

HP Networking BGP and MPLS technology training

GregSowell.com. Mikrotik Routing

Understanding Virtual Router and Virtual Systems

Internet inter-as routing: BGP

Routing Protocol - BGP

Chapter 6: Implementing a Border Gateway Protocol Solution for ISP Connectivity

BGP Router Startup Message Flow

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

CS551 External v.s. Internal BGP

DD2491 p Inter-domain routing and BGP part I Olof Hagsand KTH/CSC

Module 7. Routing and Congestion Control. Version 2 CSE IIT, Kharagpur

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

Router and Routing Basics

Interdomain Routing. Outline

Examination. IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

BGP4 Case Studies/Tutorial

How To Make A Network Secure

Chapter 49 Border Gateway Protocol version 4 (BGP-4)

The ISP Column. An Introduction to BGP the Protocol

RFC 2547bis: BGP/MPLS VPN Fundamentals

basic BGP in Huawei CLI

BGP Advanced Routing in SonicOS

Border Gateway Protocol Best Practices

JUNOS Secure BGP Template

Advanced BGP Policy. Advanced Topics

netkit lab bgp: prefix-filtering Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

Configuring BGP. Cisco s BGP Implementation

Introducing Basic MPLS Concepts

BGP Link Bandwidth. Finding Feature Information. Contents

Using OSPF in an MPLS VPN Environment

- Multiprotocol Label Switching -

Understanding Route Redistribution & Filtering

JNCIA Juniper Networks Certified Internet Associate

Internet inter-as routing: BGP

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Textbook Required: Cisco Networking Academy Program CCNP: Building Scalable Internetworks v5.0 Lab Manual.

Course Contents CCNP (CISco certified network professional)

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

Border Gateway Protocol (BGP-4)

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

How Routers Forward Packets

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

Tutorial: Options for Blackhole and Discard Routing. Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia

BGP Operations and Security. Training Course

Based on Computer Networking, 4 th Edition by Kurose and Ross

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

Load balancing and traffic control in BGP

BGP Support for Next-Hop Address Tracking

Module 12 Multihoming to the Same ISP

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

Simple Multihoming. ISP/IXP Workshops

Enterprise Network Simulation Using MPLS- BGP

IK2205 Inter-domain Routing

Administra0via. STP lab due Wednesday (in BE 301a!), 5/15 BGP quiz Thursday (remember required reading), 5/16

- Border Gateway Protocol -

Distance Vector Routing Protocols. Routing Protocols and Concepts Ola Lundh

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

Understanding Route Aggregation in BGP

Lecture 18: Border Gateway Protocol"

ITRI CCL. IP Routing Primer. Paul C. Huang, Ph.D. ITRI / CCL / N300. CCL/N300; Paul Huang 1999/6/2 1

UPDATE = [Withdrawn prefixes (Optional)] + [Path Attributes] + [NLRIs].

Border Gateway Protocol, Route Manipulation, and IP Multicast

Introduction to MPLS-based VPNs

For internal circulation of BSNLonly

BGP Advanced Features and Enhancements

Table of Contents. Cisco Configuring a Basic MPLS VPN

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Today s Agenda. Note: it takes years to really master BGP Many slides stolen from Prof. Zhi-Li Zhang at Minnesota and from Avi Freedman s slides

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

BGP FORGOTTEN BUT USEFUL FEATURES. Piotr Wojciechowski (CCIE #25543)

IPv6 over IPv4/MPLS Networks: The 6PE approach

MPLS-based Layer 3 VPNs

Chapter 4. Distance Vector Routing Protocols

Simple Multihoming. ISP Workshops. Last updated 30 th March 2015

BGP Multihoming Techniques

Transcription:

BGP Tutorial v 1.3 Dr. John S. Graham Global Research NOC, Indiana University

What s Included? 1) Routing Reprise 2) BGP Basics 3) BGP Path Selection (many examples) 4) Use of Community Strings 5) Multiprotocol Extensions to BGP 1) Multicast Routing Covered 2) Layer-III VPN (aka VRF) Omitted

What s Missing? Confederations Dampening Minor Extensions 32-bit AS Extended Communities Routing Policy Implementation BGP State Machine

Part I: Routing Reprise

Cisco Architecture IP Routing Table 192.168.0.0/16 Metric: Next-Hop: 172.16.0.0/12 Metric: Next-Hop: 10.0.0.0/8 Metric: Next-Hop: BGP EIGRP Static OSPF RIP Export Import

Juniper Architecture BGP IS-IS OSPF 172.16.0.0/12 Metric 1: Metric 2: Next Hop: Area: AS-Path: Community: Level: Static Export Import RIP

BGP vs IGP IGP (OSPF or ISIS) Provides a Next-Hop address and an egress interface to any known destination address BGP Only provides a Next-Hop address to a destination prefix This has to be resolved to an egress interface using a second route lookup

Best Route Selection Longest prefix always wins regardless of routing protocol Source of routing information Connected > Static > ebgp > {IGP} > ibgp BGP ignores received prefixes if There is no route to the NEXT_HOP The AS_PATH contains: the local AS number (a private AS number) Not synchronized (Cisco IOS only)

BGP Schematic (IPv4 Unicast) 192.168.0.0/16 inet.0 < > BGP Table <> Routing Table < > < 172.16.0.0/12 BGP Path Selection Routing Policy

The Autonomous System Collection of routers under one administrative control Single internal routing protocol Identified using an AS Number AS100 AS200

AS Numbers An ASN is a 16-bit number 1 through 64511 are assigned by RIRs 64512 through 65534 are for private use and should never appear on the Internet Numbers 0 and 65535 are reserved AS 23456 used to represent 4-byte ASN to routers unable to handle the new standard All major routing platforms now support 32-bit ASN: http://www.get4byteasn.info/ Interesting contrasts between European and USbased R&E networks

Routing Components Depicted J.5 Router J J.0 A.4 A.0 A.5 Router A A.1 Circuit IS-IS Adjacency ibgp Peering ebgp Peering D.4 Router D D.0 Router B B.0 B.1 B.6 D.3 B.2 K.6 Router C C.0 C.3 C.2 Router K K.0

Routing Components Explained Interior Gateway Protocol (IGP) Internal BGP (ibgp) Routes customer prefixes around internal infrastructure Is NOT congruent with physical connectivity External BGP (ebgp) Prefix interchange with customers Most routing policy located here

The Golden Rule Never redistribute routes from the IGP into BGP Never redistribute routes from BGP into the IGP

Part 2: BGP Basics

Introducing Prefixes Into BGP 1. Use network statement 1. With auto-summary disabled 2. With auto-summary configured 2. Configure aggregate routing 3. Use route maps to redistribute 1. Prefixes learned from an IGP 2. Static routes

1.1 The network Statement (Cisco) router bgp 87 no auto-summary network 129.79.0.0! ip route 129.79.0.0 255.255.0.0 Null0 200 1. There is no mask following the prefix in the network statement as we are advertising a classful network 2. The static route serves two important purposes: 1. The prefix will not be advertised by BGP unless there is an exact match in the IP routing table 2. Traffic sent to non-existent IP addresses in the range will be silently dropped. This avoids wasting b/w sending ICMP Unreachables and is a valuable defense against scanners and DDoS attacks.

1.2 Using auto-summary (Cisco) router bgp 87 auto-summary network 129.79.0.0 1. The prefix will be advertised by BGP providing there is at least one contained prefix in the IP routing table 2. This IGP-learned prefix can be any length; it does not have to match the classful network that BGP is being asked to advertise 3. Use this command: show ip route 129.79.0.0 255.255.0.0 longer-prefixes to check whether there is an IGP-learned route. If there are none, then BGP will not advertise the 129.79/16 parent

3.2 Redistribute Static (Juniper) policy-options { policy-statement ORIGINATE { term Seed { from { protocol static; route-filter 129.79.0.0/16 exact; } then accept; } } } routing-options { static { route 129.79.0.0/16 discard; } }

Global NOC Recommendation Use a network statement to originate ARIN allocations to Internet2 Configure a supporting static route Disable the auto-summary capability Filter more specific contained prefixes using an outbound route-map applied to the peering with Internet2 or NLR

Recommended Routing Policy Should be implemented Reject any prefix with a private AS in the AS_PATH Reject bogon prefixes (following slide) Consider implementing Assign higher LOCAL_PREF to Internet2 or NLR prefixes than to commodity. Max prefixes limit on some peers

BGP Messages Type Description References 1 Open RFC 4271 2 Update RFC 4271 3 Notification RFC 4271 4 Keepalive RFC 4271 5 Route-Refresh RFC 2918

The BGP Update Message Layer-II IP TCP BGP CRC Unfeasible Routes Length Withdrawn Routes Length Prefix P BGP Header Total Path Attributes Length Type Data Path Attributes Length M Value NLRI Length Prefix N

BGP Path Vector Algorithm Attribute Name LOCAL_PREF AS_PATH ORIGIN MED ebgp > ibgp IGP Metric to NEXT_HOP ROUTER_ID CLUSTER_LIST Neighbour IP Address Which Preferred? Highest Shortest Lowest Lowest Lowest Lowest Shortest Lowest

Attribute Classes Well-Known Optional Mandatory Discretionary Transitive Non-Transitive AS_PATH LOCAL_PREF COMMUNITY MED NEXT_HOP ATOMIC_ AGGREGATE AGGREGATOR CLUSTER_LIST ORIGIN ORIGINATOR_ID MP_REACH_NLRI MP_UNREACH_NLRI

The AS_PATH Attribute 172.16.0.0/12 200 100 172.16.0.0/12 100 172.16.0.0/12 300 200 100 AS100 detects its own AS in the path from AS500 and ignores the prefix 172.16.0.0/12 500 400 300 200 100 172.16.0.0/12 400 300 200 100

Which is the Better Path?

Aggregation (With AS_SET) 64512 64514 192.168.0.0/23 192.168.2.0/23 64513 192.168.0.0/23 192.168.2.0/23 192.168.0.0/22 [64513 {64512,64514} i] 192.168.0.0/23 192.168.2.0/23 64515

Aggregation (Without AS_SET) 64512 64514 192.168.0.0/23 192.168.2.0/23 64513 192.168.0.0/23 192.168.2.0/23 192.168.0.0/22 [64513 i] 192.168.0.0/23 [64512 i] 192.168.0.0/22 [64512 64513 i] 192.168.2.0/23 [64514 i] 192.168.0.0/22 [64514 64513 i] 64515

The NEXT_HOP Attribute B.2 C.2 C.3 D.3 B.1 A.1 Router SELF = NO NEXT_HOP SELF = YES A B A.1 A.1 C A.1 B.0 D C.3 C.3

Third Party Next Hop 192.168.17.0/24 A.1 B.1 C.1 A.1 192.168.17.0/24 A.1 192.168.17.0/24

ebgp and NBMA Networks 192.168.17.0/24 A.1 B.1 192.168.17.0/24 120 310 A.1 102 301 C.1 Frame Relay 192.168.17.0/24 A.1

The LOCAL_PREF Attribute Graphic used with kind permission of Philip Smith, Cisco Systems

Multi-Exit Discriminator Graphic used with kind permission of Philip Smith, Cisco Systems

MED: Metric Confusion MED is non-transitive and optional Some implementations send learned MED to ibgp peers by default and others do not Some implementations send MEDs to ebgp peers by default while others do not Default metric varies by vendor No explicit metric implies 2 32-1 or 2 32-2 No explicit metric implies zero

ebgp vs ibgp 1. Uses AS_PATH for loop avoidance 2. NEXT_HOP is modified 3. Peers must be directly connected 4. MED is reset 5. LOCAL_PREF is never advertised 1. Chinese whispers prohibited 2. NEXT_HOP is unchanged 3. Peers not necessarily directly connected 4. MED is propagated 5. LOCAL_PREF always advertised

Internal Peering Topologies Daisy Chain (Wrong) Full Mesh (Allowed) Route Reflector (Allowed)

How Are Prefixes Passed Around? On any given router only the best path for a prefix is passed to other peers Best path learned via ebgp Advertised to all other ebgp peers Advertised to ibgp peers Best path learned via ibgp Advertised onto ebgp peers Not advertised to other ibgp peers

Static ibgp; Dynamic IGP Within Internet2: 1. Next Hop for customer prefixes in RIB provided by ibgp and does not change if backbone circuit fails. 2. Entry in FIB provided by IS-IS and depends on backbone connectivity.

Part 3: BGP Path Selection

ibgp Tracks the IGP Metric 278 978 2363 2363 3019 3932 4068 WASH ATLA HOUS KANS SALT SEAT LOSA 1000 128.122.0.0/16 128.122.0.0/16 BUFF CHIC NEWY NEWY 1000 LOSA SEAT SALT KANS HOUS ATLA WASH 3212 2932 2019 689 1507 1045 905

NREN and Internet2 External Peering Internal Peering Circuit Metric 2 = 2932 Metric 2 = 2019

Possible Layer-II Connectivity Internet2 and NREN routers directly connected Connection through a VLAN on a single peering switch Connection via VLAN that traverses multiple Layer-II and optical devices

Internet2 Connection to NGIX-W GE OC192 VLAN 166 10GE 10GE OC192 10GE VLAN 166 OC192

Prefer the 10G-Connected Path Internet2 router in Seattle Associate a high LOCAL_PREF with prefixes received on external peering with NREN Internet2 router in Salt Lake City Receives NREN prefixes over ibgp peering with Seattle with high LOCAL_PREF Now prefers ibgp to SEAT over ebgp via NGIX-W

LOCAL_PREF Gotcha LOCAL_PREF = 200 149.165.128.0/17 149.165.128.0/17 Indiana Gigapop 149.165.240.64/26

Hot Potato Routing 1/2 FERMI UPenn

Hot Potato Routing 2/2 Upenn Fermi

Result: Asymmetric Routing! Fermi UPenn UPenn Fermi

Cold Potato Routing with MED 1000 128.175/16 [0] 128.175/16 [1001] FERMI UPenn 278 128.175/16 [1000] 128.175/16 [278] 905

Steering Inbound Traffic (1/2) [210 11537 19782 87 I] [19401 19782 19782 19782 87 I] 129.79/16 [19782 87 I] 129.79/16 [19782 19782 19782 87 I]

Steering Inbound Traffic (2/2) LOCAL_PREF = 100 LOCAL_PREF = 200 129.79/16 129.79.9/24 129.79/16

Part 4: Community Strings

Functions Served by Communities 1. Assign prefixes to pre-defined groups (local significance only) 2. Control how prefix is advertised by peer 3. Control your peer s LOCAL_PREF for the specific prefix 4. Signal peer to prepend multiple AS numbers to AS_PATH 5. Blackhole all traffic to specific prefix

Expressing A Community JunOS & Cisco New Format 11537:260 Cisco Old Format 756089092 1. A community is just a 32-bit number 2. By convention, the most-significant 16 bits represent an AS number 3. To convert from new to old formats 1. Multiply the high 16-bits by 2 16 2. Add the low 16-bits to the result

NO-EXPORT Community 172.16.0.0/12 172.16.1.0/24 +NO-EXPORT 172.16.0.0/16 172.16.0.0/12 172.16.2.0/24 +NO-EXPORT

Using Communities to Create Prefix Sets 128.169.0.0/16 141.225.0.0/16 192.55.208.0/24 +14048:10 +14048:10 96.4.0.0/15 192.55.208.0/24 128.169.0.0/16

Security Diversion Routing Table Interface Inbound Packet A C L Null 0 Routers are optimized for packet forwarding; not packet filtering Routing to Null saves valuable CPU cycles

Customer-Triggered Blackhole Inbound Prefix Static Route 11537:911 No 11537:911 Yes Prefix > /24 Prefix > /24 Yes Discard No Forward Redistribute Into BGP ISP Customer

Customer-Triggered Blackhole (ISP interface Null0 no ip unreachables Perspective; Cisco IOS) ip policy-list BLACKHOLE permit match ip address prefix-list 24_TO_32 match community 10! ip community-list 10 permit 756089743!! ip prefix-list 24_TO_32 seq 5 permit 0.0.0.0/0 ge 24!! route-map CUSTOMER_IN permit 10 match policy-list BLACKHOLE set community no-export set interface Null0

Customer-Triggered Blackhole (Customer Perspective; JunOS) routing-options { static { route 192.168.17.15/32 { discard; community 11537:911; } } } policy-options { policy-statement ORIGINATE { term BLACKHOLE { from { protocol static; route-filter 0.0.0.0/0 prefix-length-range /24-/32; community BLACKHOLE; } then accept; } term { } } }

Customer-Side Policy: IOS vs JunOS Juniper Blackhole prefix statically routed to Discard Attach a community tag to the static route Cisco IOS Blackhole prefix statically routed to Null0 Add the new prefix to the blackhole prefix list Existing route-map Redistributes blackhole prefix list into BGP Attaches the correct community

Part 5: Multiprotocol BGP

Uses of MBGP Divergent multicast routing for IPv4 Layer-III VPNs (aka Virtual Routing and Forwarding) Routing Layer-III Protocols Other Than IPv4

Multiprotocol Extensions to BGP AFI SAFI Length of Next Hop Address Network Address of Next Hop NLRI This diagram has been deliberately simplified with the SNPA fields omitted

Multicast Routing Unicast traffic AS400 <> AS200 Multicast traffic AS400 <> AS200 Unicast and Multicast IPv4 Prefixes Unicast IPv4 Prefixes

Source-Specific Multicast (S,G) Join (S,G) Join S G IGMPv3 Join G R

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information