Basic BGP Review

By Ajay Kalra & Amit Sharma

Border Gateway Protocol

Routing Protocol used to exchange routing information between networks Exterior gateway protocol Currently Version 4 Runs over TCP

Border Gateway Protocol

Path Vector Protocol BGP uses TCP as the transport layer protocol Full routing tables are exchanged only during the initial BGP sessions. Incremental Updates. Updates are sent over TCP Port 179. BGP has its own BGP table. Any network entry must reside in the BGP table first. Classless Inter Domain Routing (CIDR) Widely used for Internet backbone BGP has a complex array of metrics called attributes.

BGP Basics
Peering
A C

AS 100
B D

AS 101

BGP speakers are called peers when they form BGP TCP Sessions

AS 102

Path Vector Protocol

BGP is called a path vector protocol because BGP carries a sequence of AS numbers that indicate the path taken to a remote network. This information is stored so that routing loops can be avoided. Routers configured for BGP are called BGP speakers and any two BGP routers that form a BGP session are called BGP peers or neighbors.

BGP Messages
Open : These messages are used when establishing BGP peers. Keepalive : These messages are sent periodically to ensure that connections are still active or established. Update : Any change that occurs, such as loss of network results in an update message. availability,

Notification : These messages are used only to notify BGP peers of receiving errors.

Autonomous System (AS)

AS 100

Collection of networks with same routing policy Single routing protocol Usually under single ownership, trust and administrative control

Autonomous system
An AS is a set of routers under one or more administrations that presents a common routing policy to the internet . Inside AS networks, interior routing protocols called IGP are used to discover the connectivity among a set of IP subnets. IGP are well known protocols such as RIP,IGRP,OSPF,EIGRP. There are 65,535 available AS numbers that can be assigned, from 1 to 65,535.(16-Bit integers). Of these 65,535 64,512 to 65,535 are reserved for private use. IANA(Internet Assigned Numbers Authority) is the organization that assigns BGP autonomous system numbers. The IANA allows the American Registry for Internet Number(ARIN) to assign ASN for North America, South America the Caribbean, and Africa. RIPE-NIC(Reseaux IP Eurpeennes for Europe) and the Asia Pacific-NIC (APNIC) assigns for ASIA RFC-1771

AS continued
Stub As :

A stub AS is a single-homed network with only one entry and exit point, the stub network does not need to learn internet routes. Because the the Local service provider or Internet service provider is the next hop and all the traffic is sent to one exit interface to the provider.
Transit AS : A transit AS is an AS through which data from one AS must travel to get to another AS. Example (Local service provider) A non-transit AS is an AS that does not pass through to another AS.

Ibgp vs Ebgp
Internal BGP and External BGP are inter-domain routing protocols. Ibgp is a connection between two BGP speakers in the same AS,Ebgp is a connection between two BGP speakers in different AS. Before any BGP route information can be exchanged between two routers, a TCP connection has to be established . The TCP connection is made by a three-way handshake using a SYN,ACK,SYN sequence. Once a TCP connection has been established, route information can be exchanged.

External BGP Peering (eBGP)

AS 100
B

AS 101

Between BGP speakers in different AS

Should be directly connected

Do not run an IGP between eBGP peers

Internal BGP Peering (iBGP)

AS 100
D
A B

Topology independent Each iBGP speaker must peer with every other iBGP speaker in the AS

Internal BGP (iBGP)

BGP peer within the same AS Not required to be directly connected iBGP speakers need to be fully meshed
they originate connected networks

they do not pass on prefixes learned from other iBGP speakers

BGP States
Idle : Before a session between two or more BGP routers has been initiated, the endpoints are considered to be in the Idle State. Connection State : As soon as one endpoint tries to open a TCP session,the endpoints is considered to be in the Connection state. Active State : When there is problem in establishing a connection between two endpoints, the router trying to initiate the session will transition to the active state, where it will periodically try to establish a TCP connection. Open Sent : Once the TCP connection has been established,BGP sends messages back and forth in a specific format. The first message is an identification message from the endpoints. As soon as this message is sent, the router is in the Open sent state. Open confirm state : When the router receives a reply to the identification message,it come in the Open confirm state.

BGP States contEstablished state : This is the final stage of BGP peer negotiation during which both peers exchange their BGP table Endpoints typically stay in the Established state until there is a loss of the session or an error. If this occurs, then the connection returns to the Idle state and all the information that the BGP endpoints have learned from neighboring endpoint will be purged from the routing table.

AS-Path loop detection

AS 200
[Link]/16

AS 100
[Link]/16

[Link]/16 [Link]/16

500 300 500 300 200

AS 300
[Link]/16

AS 500
[Link]/16 [Link]/16 [Link]/16 300 200 100 300 200 300

[Link]/16 is not announced to AS100 as AS500 sees that it is originated from AS100, and that AS100 is the neighbouring AS loop detection in action

BGP General Operation

Learns multiple paths via internal and external BGP speakers Picks the best path and installs in the forwarding table Policies applied by influencing the best path selection

Configuration of BGP / Parameter to be necessary for neighbor ship

1. RID should not be match

2. Router must receive the TCP connection request a source address that a router finds in a bgp neighbor Command 3. ASN should be same which is configured in remote as command
4. MD5 authentication should be passed

BGP Attributes

By Amit Sharma / Ajay Kalra

BGP ATTRIBUTES

BGP has a number of complex attributes used to determine a path to a remote network. These attributes allow greater flexibility and enable a complex routing decision to ensure that the path to a remote network is the best possible path.
AS_Path : This attribute describes the sequence of AS that the packet has travaersed.

Origin : This attribute is mandatory and defines the origin of the path and can have three different values
IGP IGP indicates the remote path originated from within the AS EGP- EGP means learned through an External Gateway Protocol

Incomplete Incomplete means the BGP route was discovered using redistribution or static routes. Next Hop : This attribute describes the next hop address taken to a remote path, typically the BGP peer.

BGP ATTRIBUTES CONT-

Local Preference : This attribute indicates to the AS the preferred path to exit the AS. A higher local preference is always preferred. MED : Multi exit discriminator BGP peers in other AS which path to take to a remoter network . A lower MED is always preferred. Weight : This is Cisco proprietary is used in local router selection. Weight is not sent to other BGP peers, and a higher weight value is always preferred. (0-294967295) By Default weight is 32768 for the path which is originate from router .

AS-Path
Sequence of ASes a route has traversed
Loop detection

AS 200
[Link]/16

AS 100
[Link]/16

Apply policy

[Link]/16 300 200 100 [Link]/16 300 200

AS 300 AS 400
[Link]/16

AS 500

[Link]/16 [Link]/16 [Link]/16

300 200 100 300 200 300 400

Next Hop
[Link] [Link]

AS 200
[Link]/16

AS 300

[Link]/16 [Link] [Link]/16 [Link]

AS 100
[Link]/16

Next hop to reach a network Usually a local network is the next hop in eBGP session
20

Local Preference

AS 100
[Link]/16

AS 200
D
500 800

AS 300
E

A
[Link]/16 > [Link]/16 500 800

AS 400
C

Local Preference

Local to an AS
local preference set to 100 when heard from neighbouring AS

Used to influence BGP path selection

determines best path for outbound traffic

Path with highest local preference wins

Multi-Exit Discriminator (MED)

AS 200
C
[Link]/24 2000 [Link]/24 1000

B
[Link]/24

AS 201

BGP ROUTING DECISION

If the next hop is reachable, consider it.

Prefer the route with the highest weight(CISCO IOS only).

If the weight is same, prefer the largest local preference attribute. If the local preference is the same, prefer the route this local rouer originated. Prefer the route with shortest AS path. If this is equal prefer the route with the origin set to be originated through BGP,IGP is preferred to EGP followed by incomplete. If the origin codes are the same, prefer the route with the lowest MED. If the MED is the same, prefer EBGP over IBGP. Prefer the closest path. Finally, if all paths are equal select the path with lowest BGP router ID

Community

BGP attribute
Used to group destinations Represented as two 16bit integers Each destination could be member of multiple communities

Useful in applying policies

Community

ISP 2
X
[Link]/16 [Link]/16 300:9

[Link]/16 [Link]/16

300:1 300:1

AS 400

ISP 1
C

AS 300
[Link]/16 300:1 [Link]/16 300:1

AS 100

AS 200
[Link]/16

[Link]/16

Recommended BGP commands for everyone

no auto-summary

no synchronization
Bgp log-neighbor-changes

BGP Scaling Techniques

How to scale iBGP mesh beyond a few peers?

How to implement new policy without causing flaps and route churning?
How to reduce the overhead on the routers?

BGP Scaling Techniques

Dynamic reconfiguration Peer groups

Route flap damping

Route reflectors

Soft Reconfiguration
Problem:

Hard BGP peer clear required after every policy change because the router does not store prefixes that are denied by a filter
Hard BGP peer clearing consumes CPU and affects connectivity for all networks

Solution:
Soft-reconfiguration

Soft Reconfiguration

New policy is activated without tearing down and restarting the peering session Per-neighbour basis

Configuring Soft reconfiguration

router bgp 100 neighbor [Link] remote-as 101 neighbor [Link] soft-reconfiguration in

Then when we change the policy, we issue an exec command

clear ip bgp [Link] soft in

Managing Policy Changes

clear ip bgp <addr> [soft] in

<addr> may be any of the following

x.x.x.x
* ASN

IP address of a peer
all peers all peers in an AS

external

all external peers

Peer Groups

Without peer groups iBGP neighbours receive same update Large iBGP mesh slow to build Router CPU wasted on repeat calculations

Solution peer groups!

Group peers with same outbound policy Updates are generated once per group

Peer Groups - Advantages

Makes configuration easier Makes configuration less prone to error

Makes configuration more readable

Lower router CPU load iBGP mesh builds more quickly Can be used for eBGP neighbours too!

Configuring Peer Group

router bgp 100 neighbor ibgp-peer peer-group neighbor ibgp-peer remote-as 100 <<<<<<< <<<<<<<

neighbor ibgp-peer update-source loopback 1 neighbor [Link] peer-group ibgp-peer neighbor [Link] peer-group ibgp-peer

neighbor [Link] peer-group ibgp-peer

Route Flap Damping

Route flap
Going up and down of path or change in attribute Ripples through the entire Internet Wastes CPU

Damping aims to reduce scope of route flap propagation

Route Flap Damping (Continued)

Requirements
Fast convergence for normal route changes

History predicts future behaviour

Suppress oscillating routes Advertise stable routes

Operation

Add penalty (1000) for each flap

Change in attribute gets penalty of 500

Penalty above suppress-limit

do not advertise route to BGP peers

Penalty decayed below reuse-limit

re-advertise route to BGP peers penalty reset to zero when it is half of reuse-limit

Operation
4000 Suppress limit 3000

Penalty
2000 Reuse limit 1000

0
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Time

Network Announced

Network Not Announced

Network Re-announced

Configuration

router bgp 100 bgp dampening [<half-life> <reuse-value> <suppresspenalty> <maximum suppress time>]

Configuration
Examples -
bgp dampening 15 500 2500 30
reuse-limit of 500 means maximum possible penalty is 2000 no prefixes suppressed as penalty cannot exceed suppress-limit

Examples -
bgp dampening 15 750 3000 45
reuse-limit of 750 means maximum possible penalty is 6000 suppress limit is easily reached

Scaling iBGP mesh

Avoid n(n-1)/2 iBGP mesh

n=1000 nearly half a million ibgp sessions!

13 Routers 78 iBGP Sessions!

Two solutions
Route reflector simpler to deploy and run Confederation more complex, corner case benefits

Route Reflector: Principle

Route Reflector

AS 100
B C

Route Reflector

Clients
Reflector receives path from clients and non-clients Selects best path If best path is from client, reflect to other clients and non-clients Non-meshed clients
B A C

Reflectors

AS 100

Route Reflector Topology

Divide the backbone into multiple clusters

At least one route reflector and few clients per cluster

Route reflectors are fully meshed

Clients in a cluster could be fully meshed

Route Reflectors: Loop Avoidance

Originator_ID attribute
Carries the RID of the originator of the route in the local AS (created by the RR)

Cluster_list attribute
The local cluster-id is added when the update is sent by the RR

Cluster-id is router-id (address of loopback)

Do NOT use bgp cluster-id x.x.x.x

Route Reflector: Benefits

Solves iBGP mesh problem Packet forwarding is not affected

Normal BGP speakers co-exist

Multiple reflectors for redundancy

Easy migration
Multiple levels of route reflectors

Configuring a Route Reflector

router bgp 100 neighbor [Link] remote-as 100

neighbor [Link] route-reflector-client

neighbor [Link] remote-as 100 neighbor [Link] route-reflector-client neighbor [Link] remote-as 100 neighbor [Link] route-reflector-client

Multi- Homing

To increase the reliability of the connection to the internet

If one connection is failed ,the another connection remains available

To increase the performance of the connection

Better path can be used to certain destinations.

Connection with Multiple Service Providers

Benefits :

Has redundancy with the multiple connections

Is not tiedthe routing policy of the single ISP

Has more path to the same networks for the better policy manipuation .

Thanks

To Keep patience while presentation

Also for not asking queries.

Amit / Ajay