Routing Protocol - BGP

BGP
Enterprise
Network
ISP
BGP is using between Autonomous Systems
AS 3000
AS 2000
BGP
BGP(cont.)
RFC 1771(BGPv4)
Support CIDR
Transfer the AS information to reach destination
Using TCP(Port 179)
Incremental Update
keepalive
Why BGP
Suitable to large network
Policy based routing
Path for IN/OUT traffic
Filtering
Autonomous System(AS)
The group of routers and networks under same routing
administration
The need of AS
Maintain independence of routing policy
Localize the errors or faults of specific network
Autonomous System(AS)
Interior Gateway Protocol
Used inside AS
RIP, OSPF, IS-IS, IGRP, etc
Exterior Gateway Protocol
Used between ASs
EGP, BGP
The scope of AS number
1-65535(64512- 65535 for private)
AS connection
Single-Homed AS
Static
IGP
BGP
AS100
AS200
A
ISP
Customer
AS connection
MultiHomed Nontransit AS
AS100
AS200
ISP
Customer 1
AS300
Customer 2
AS connection
MultiHomed Transit AS
AS100
AS200
ISP
Customer 1
AS300
Customer 2
Policy-based routing
AS100
AS200
AS300
AS500
AS400
Path-vector routing
IGP announce networks and describe the cost to reach those
networks.
BGP announces pathways and the networks that are reachable at
the end of the pathway. BGP describes the pathway by using
attributes which are similar to metrics.
The adminsitrator define routing policies.
BGP Database
Neighbor table
List of BGP neighbors
BGP forwarding table
List of all networks learned from each neighbor
IP routing table
List of best path to destination networks
BGP Message
Open
Version number
AS number
Holdtime
Router ID
Keepalive
Update
Notification
When error is detected
eBGP Peering
EBGP (External BGP)
EBGP has peering relationship between routers in different
ASs
EBGP is normally running on the same subnet
Must be connected directly
Exceptions : use multi-hop
AS100 AS200
A
EBGP neighbors
AS300
EBGP neighbors
iBGP Peering I
IBGP (Internal BGP)
IBGP has peering inside same AS
Dont have to be connected directly
AS100
AS200
A
IBGP
IBGP
AS300
IBGP
IBGP
IBGP neighbors
AS400
IBGP split horizon rule
By default, routes learned via IBGP are never propagated to
other IBGP peers
IBGP
AS100
A
BGP
BGP
AS300
BGP
BGP No IBGP
update
ospf
ospf
ospf
ospf
BGP & IGP synchrnization
AS100
AS200
A
IBGP
IBGP
IBGP
EBGP
AS300
A
10.0.0.0/24
EBGP
R1
R5
R2
R3
R4
Path Attributes
Make routing policy with adjusting Path Attribute
Types
Well-known mandatory
Origin, as-path, next-hop
Well-known discretionary : may not in update message
Local-pref
Optional transitive
Aggregator, community
Optional non-transitive
Multi-exit-disc, originator_id, cluster_list
Path Attributes(cont.)
ORIGIN(1)
AS_PATH(2)
NEXT_HOP(3)
MULTI_EXIT_DISC(4)
LOCAL_PREF(5)
ATOMIC_AGGREGATE(6)
AGGREGATOR(7)
COMMUNITY(8)
ORIGINATOR_ID(9)
Cluster List(10)
WEIGHT(CISCO ONLY)
origin
The source(origin) of a speicifi routing update.
IGP
BGP
Incomplete
Priority
IGBP > EBGP > Incomplete
AS_Path
The lists of AS which go through to get reach to
destination
Used for Loop detection
Apply routing policy to each AS path
AS_Path (cont.)
AS100 AS200
AS300
AS500 AS400
130.13.0.0/16 140.14.0.0/16
150.15.0.0/16
160.16.0.0/16 170.17.0.0/16
Network as-path
130.13.0.0/16 300 200 100
140.14.0.0/16 300 200
150.15.0.0/16 300
160.16.0.0/16 300 400
170.17.0.0/16
Network as-path
130.13.0.0/16 300 200 100
140.14.0.0/16 300 200
150.15.0.0/16 300
160.16.0.0/16 300 400
170.17.0.0/16
Network as-path
130.13.0.0/16 200 100
140.14.0.0/16 200
150.15.0.0/16
160.16.0.0/16 400
170.17.0.0/16 500
Network as-path
130.13.0.0/16 200 100
140.14.0.0/16 200
150.15.0.0/16
160.16.0.0/16 400
170.17.0.0/16 500
Network as-path
130.13.0.0/16 100
140.14.0.0/16
150.15.0.0/16 300
160.16.0.0/16 300 400
170.17.0.0/16 300 500
Network as-path
130.13.0.0/16 100
140.14.0.0/16
150.15.0.0/16 300
160.16.0.0/16 300 400
170.17.0.0/16 300 500
AS_Path Filtering
AS100
AS200
AS300
150.15.X.X
How to block 150.15.x.x via AS200 originating from AS300
on RTA?
130.13.1.6/30
130.13.1.5/30
RTA
AS_Path Filtering(cont.)
RTA#
router bgp 100
neighbor 130.13.1.6 remote-as 200
neighbor 130.13.1.6 filter-list 10 in
ip as-path access-list 10 deny 300
ip as-path access-list 10 permit .*
Next hop behavior
BGP is an AS-by-AS routing protocol, not router-by-router
routing protocol
In BGP, the next hop means the IP address to reach the next
AS
EBGP Next-Hop
AS200 AS100
140.14.0.0/16 130.13.0.0/16
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1 AS300
150.15.0.0/16
140.14.1.1
140.14.1.1
140.14.1.2
140.14.1.2
Next_Hop
R2
R1
AS200
AS100
140.14.0.0/16
130.13.0.0/16
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1
AS300
150.15.0.0/16
140.14.1.1
140.14.1.1
140.14.1.2
140.14.1.2
B
130.13.1.1
130.13.1.1
130.13.1.2
130.13.1.2
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1
Network Next-hop
140.14.0.0/16 140.14.1.1
150.15.0.0/16 140.14.1.1
IBGP Next-Hop
Next_Hop (cont.)
R2
R3
R1
BGP Command
Neighbor {ip-address | peer-group-name} next-hop-self
Neighbor {ip-address | peer-group-name} next-hop-self
Router(config-router)#
Next-hop-self
Forces all updates for this neighbor to be advertised with this router as
the next hop
The ip address used for the next-hop-self will be the same as the
source IP address of the BGP packet.
Multi_Exit_Discriminator
AS100
130.13.0.0
130.13.0.0
MED 120
130.13.0.0
MED 120
AS200
130.13.0.0
MED 200
130.13.0.0
MED 200
Network Metric
130.13.0.0 200
>130.13.0.0 120
Network Metric
130.13.0.0 200
>130.13.0.0 120
Local_Preference
AS200
AS400
160.16.0.0/16
AS300
AS100
local-pref
500
local-pref
500
network local-pref
160.16.0.0/16 500
>160.16.0.0/16 700
network local-pref
160.16.0.0/16 500
>160.16.0.0/16 700
local-pref
700
local-pref
700
Weight
RTA#
router bgp 100
neighbor 203.250.14.1 remote-as 200
neighbor 203.250.14.1 weight 20000
neighbor 203.250.15.2 remote-as 300
neighbor 203.250.15.2 weight 45000
AS100
AS200
AS300
RTA
AS400 160.16.0.0
RTC RTD RTB
203.250.14.1
203.250.15.2
Network Weight
160.16.0.0 20000
>160.16.0.0 45000
Network Weight
160.16.0.0 20000
>160.16.0.0 45000
A router running IBGP doesnt relay routing updates from
another IBGP router
This characteristic require full IBGP mesh between IBGP routers
Problems : If there exists n peers, then [n(n-1)/2] session is
needed
Solutions
Route Reflector
Confederation
IBGP Mesh Solution
Route Reflector(RR)
Terminology
Route Reflector(RR)
Rout Reflector Client
Cluster : RR + Clients
Cluster ID
Configuration
On RR : make neighbor relationship with clients
On clients : make neighbor relationship with only RR
Route Reflector(cont.)
RTB#
router bgp 100
neighbor 203.250.15.2 remote-as 100
neighbor 203.250.15.2 route-reflector-client
neighbor 203.250.14.1 remote-as 100
neighbor 203.250.14.1 route-reflector-client
AS200 AS100
RTA
RTB(RR)
RTC
203.250.14.1
203.250.15.2
Cluster Cluster
NON-Route Reflector
AS200
AS100
RTA
RTB(RR)
RTC
203.250.14.1
203.250.15.2
Cluster Cluster
RTD
NON route reflector client NON route reflector client
When the non-RRC send update information to RR, the RR send it only to RRC
When RRC sends update information to RR, RR send it to other RRC and non-RRC
When RR gets the update information through EBGP, RR sends it to all routers.
Confederation
Make sub(mini) AS inside public AS
It appears just one public AS outside the AS
IBGP peering inside sub AS
Pseudo EBGP peering between sub ASs
Advantages
can minimize the number of IBGP sessions dramatically
Confederation
RTB
sub-AS
65200
RTA
sub-AS
65100
RTC
sub-AS
65300
RTB#
router bgp 65200
bgp confederationidentifier 100
bgp confederation peers 65100 65300
neighbor 203.250.14.1 remote-as 65100
neighbor 203.250.15.2 remote-as 65300
AS 100
BGP Decision Process
route with a reachable next hop
route with largest weight
route with largest local preference
route locally originated
route with shortest as-path
BGP Decision Process(cont.)
Route with lowest origin type
- igp>egp>incomplete
Route with lowest MED
EBGP, next Confederation External, next IBGP
Route with nearest IGP neighbor
Route with the lowest BGP router ID
Neighboring negotiation
Idle
Searching routing table to see if a route exists to reach the
neighbor
Connect
Opensent
Sent open message
Active
When no response for 5sec, go back to idle
Openconfirm
established
Neighboring negotiation
BGP Operation
Establish TCP connection
Negotiate parameter(ex: version number) between peers
Exchange entire routing table at initial phase
Exchange incremental updates after initial phase
Send keepalives to confirm connectivity between peers
Get path information about destination prefix from internal and
external BGP peers
Register the best route in the routing table
Can use routing policy when select the best route
BGP Operation(cont.)
BGP Command
router bgp autonomous-system
router bgp autonomous-system
Router(config)#
Enable BGP routing protocol
neighbor ip-address remote-as autonomous-system
neighbor ip-address remote-as autonomous-system
Router(config-router)#
A Activate the BGP session
BGP Command(cont.)
Router#
clear ip bgp { * | address }
R Reset BGP connection to update BGP information,
but be cautious
Router(config-router)#
network network-number
D Declare network to advertise
BGP Command(cont.)
no synchronization
no synchronization
Router(config-router)#
D Disable synchronization
BGP Configuration Example
AS 100
AS 200
19.0.0.0
15.0.0.0
15.1.1.0
15.1.1.1
15.1.1.2
A
B
Router A
Router B
router bgp 100
network 19.0.0.0
neighbor 15.1.1.2 remote-as 200
router bgp 200
network 15.0.0.0
neighbor 15.1.1.1 remote-as 100
Source IP address
Neighboring process
Receive BGP pkt
Compare the source address of the packet with the list of neighbor
statements
Match: neighboring is established
No match: the packet is ignored
The source IP address of BGP must be listed in the neighbor statement of the
other routers
IBGP peering: source address
To Establish the IBGP sesseion between R1 and R4
R1: ip address in the neighbor statement ?
R4: ip address in the neighbor statement ?
AS200
L0 1.1.1.1
L0 3.3.3.3
L0 4.4.4.4
L0 2.2.2.2
10.1.1.1
R1
R2
R3
R4
10.1.1.2
10.3..3.1
10.3.3.2
10.2.2.2
10.2.2.4
10.4.4.4
10.4.4.3
BGP Command
Neighbor {ip-address | peer-group-name} update-source
Interface-type interface-number
Neighbor {ip-address | peer-group-name} update-source
Interface-type interface-number
Router(config-router)#
override source IP addr for BGP pkt
Loopback interface is usually used
Normally used only with IBGP neighbors
EBGP-multihop
Need to use loopback address for neighbor
Static route for loopback address
Ebgp-multihop
AS200
R2 R1
AS100
L0 1.1.1.1 L0 2.2.2.2
10.2.2.2
10.2.2.1
Neighbor {ip-address | peer-group-name} ebgp-multihop 2
Neighbor {ip-address | peer-group-name} ebgp-multihop 2
Router(config-router)#
10.2.3.1 10.2.3.2
Monitoring BGP
show ip bgp
show ip bgp neighbor
show ip bgp paths
show ip bgp summary
show ip route
BGP peering
Command
Show ip bgp summary
Show ip BGP command
Command
Show ip bgp
BGP session establishment
Debug ip bgp events
Debug ip bgp events
Router#
BGP idle and established states
Idle
The router cannot find the address of the neighbor in the
routing table.
Check for an IGP problem.
Established
The proper state for BGP
In the Show ip bgp summary, the state column is blank or
number.
BGP active state troubleshooting
Active
The router sent out an open packet and is waiting for a
response.
This state may cycle between active and idle.
Reasons maybe :
Neighbor peering with the wrong ip address
Neighbor does not have neighbor statement for this router
Neighbor does not have a route to the source ip address of
the BGP open packet generated by this router