Deploying Bgp4 Teichtahl
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Deploying Bgp4 Teichtahl as PDF for free.
More details
- Words: 4,214
- Pages: 90
RST-210 3025_05_2001_c1
© 2001, Cisco Systems, Inc. All rights reserved.
1
Deploying BGP4 Marc Teichtahl Consulting Engineer – EMEA PTT2
© 2001, Cisco Systems, Inc. All rights reserved.
3
Contacts
• Speaker: Marc Teichtahl ([email protected])
• Slides will be available at the networks URL
© 2002, Cisco Systems, Inc. All rights reserved.
4
Prerequisites • Understand how BGP scales Internet routing by connecting ISPs with globally unique AS numbers • Understand need for stable BGP advertisement (ie BGP dampening) • Understand difference between BGP external and internal BGP • Basic protocol knowledge: TCP port 179—incremental updates © 2002, Cisco Systems, Inc. All rights reserved.
5
Prerequisites
• Understand BGP attributes: ASPATH, NEXT_HOP, MED, LOCAL_PREF—allow routing policy via route-map. • Understand the bestpath decision algorithm • Know why to turn off synchronisation and auto-summary!
© 2002, Cisco Systems, Inc. All rights reserved.
6
Overview • Protocol Overview • Using BGP Attributes • Deploying IBGP • Deploying EBGP Connecting to an ISP Being an ISP
• Focus on Stability, Scalability, and Configuration Templates
© 2002, Cisco Systems, Inc. All rights reserved.
7
Complex Network Scalability Network routing architectures should focus on being
Scalable Stable Simple © 2002, Cisco Systems, Inc. All rights reserved.
8
BGP Review What Is it? Why Use it?
© 2001, Cisco Systems, Inc. All rights reserved.
9
Basic to Basics Peering A
C
AS 100
AS 101 D
B
• Runs over TCP—port 179 • Path vector protocol
E
AS 102
• Incremental updates • “Internal” and “External” BGP © 2002, Cisco Systems, Inc. All rights reserved.
10
General Operation
• Learns multiple paths via internal and external BGP speakers • Picks THE “bestpath”, installs it in the IP forwarding table, forwards to EBGP neighbors (not IBGP) • Policies are applied by influencing the bestpath selection – Policy tools include local-pref, communities, MED, etc
© 2002, Cisco Systems, Inc. All rights reserved.
11
BGP Sessions—TCP Port 179, 4 Basic Message Types
4 BGP Messages control the opening, updates, withdrawals and BGP sessions maintenance.
© 2002, Cisco Systems, Inc. All rights reserved.
12
BGP Sessions - Control 1: OPEN MESSAGE Exchange AS, router ID, holdtime Capability negotiation 0
1
2
3
4
5
6
7
8
9
10
11 12 13 14 15 16 17 18 19
20
21 22 23 24 25 26 27 28 29
30
31
Version (1 bytes) My Auto. System (2 bytes) Hold Time (2 bytes) BGP Identifier (4 bytes) Opt. Parm. Len. (1) Optional Parameters (as specified above) © 2002, Cisco Systems, Inc. All rights reserved.
13
BGP Sessions - Control 2: NOTIFICATION Example: “peer in wrong AS” 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error code | Error subcode | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 = HRD Error, 2 = OPEN Error, 3= UPDATE Error 4 = Hold Time Expired, 5 = FSM Error, 6 = Cease
© 2002, Cisco Systems, Inc. All rights reserved.
14
BGP Sessions - Control 3: KEEPALIVE—when no updates
These keepalives ensure that the BGP neighbour relationship Is maintained and not the TCP level connectivity
© 2002, Cisco Systems, Inc. All rights reserved.
15
BGP Sessions - Control 4: UPDATES (incremental) +-----------------------------------------------------+ | Unfeasible Routes Length (2 octets) | +-----------------------------------------------------+ | Withdrawn Routes (variable) | +-----------------------------------------------------+ | Total Path Attribute Length (2 octets) | +-----------------------------------------------------+ | Path Attributes (variable) | +-----------------------------------------------------+ | Network Layer Reachability Information (variable) | +-----------------------------------------------------+ 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attr. Flags |Attr. Type Code| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+---------------------------+ | Length (1 octet) | +---------------------------+ | Prefix (variable) | +---------------------------+
© 2002, Cisco Systems, Inc. All rights reserved.
16
BGP Routing Policy • Defines in technical terms your business rules – Default to provider X – Select paths according to cost/reliability – Use path Y for Backup
• Tools to achieve this policy are the BGP attribute tools
© 2002, Cisco Systems, Inc. All rights reserved.
17
BGP Attributes—Tools for Routing Policy
1: ORIGIN
7: AGGREGATOR
2: AS-PATH
8: COMMUNITY
3: NEXT-HOP
9: ORIGINATOR_ID
4: MED
10: CLUSTER_LIST
5: LOCAL_PREF
14: MP_REACH_NLRI
6: ATOMIC_AGGREGATE
15: MP_UNREACH_NLRI
We will only focus on the yellow items today © 2002, Cisco Systems, Inc. All rights reserved.
18
Why Use BGP ?
• You need to scale your IGP • You’re a multihomed ISP customer • You need to transit full Internet routes
© 2002, Cisco Systems, Inc. All rights reserved.
19
Deploying BGP
© 2001, Cisco Systems, Inc. All rights reserved.
20
BGP Template—BGP Global Settings
router bgp 1 bgp deterministic-med no synchronisation no auto-summary For BGP config templates from now on, I’ll assume you’ve already done this!
© 2002, Cisco Systems, Inc. All rights reserved.
21
Deploying Internal BGP Loopbacks, Peer-Groups, Route Reflectors and Confederations
© 2001, Cisco Systems, Inc. All rights reserved.
22
Guidelines for Stable IBGP • IBGP peer using loopback addresses neighbor { ip address | peer-group} update-source loopback0
• Independent of physical interface failure – TCP carries our BGP information – Loopbacks reachable via IGP
• IGP/CEF performs any load-sharing • IBGP only—use on RR clients with care!!! © 2002, Cisco Systems, Inc. All rights reserved.
23
Peering with Loopbacks Without Loopbacks, the TCP Session Is Always Sourced from the IP Address of the Outbound Interface— Which Can Go Down!
A
B
• Configuration: Router A
1.0.1.1
router bgp 1 neighbor 1.0.1.1 remote-as 1 Router B router bgp 1 neighbor 1.0.1.2 remote-as 1
1.0.1.2
If Redundant Paths Exist, Use Loopback Interfaces to Establish the Session
© 2002, Cisco Systems, Inc. All rights reserved.
24
Guidelines for Scaling IBGP • Carry only next-hops in IGP Aggregation at IGP level can be dangerous
• Carry full routes in BGP only if necessary Important at peering points MPLS does not have this concern
• Do not redistribute BGP into IGP • Use peer groups and RRs
© 2002, Cisco Systems, Inc. All rights reserved.
25
BGP Template—IBGP Peers
IBGP Peer Group AS1 router bgp 1 neighbor internal peer-group neighbor internal description ibgp peers neighbor internal remote-as 1 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor internal send-community neighbor internal version 4 neighbor internal password 7 03085A09 neighbor 1.0.0.1 peer-group internal neighbor 1.0.0.2 peer-group internal © 2002, Cisco Systems, Inc. All rights reserved.
26
What Is a Peer Group? • Simplifies configuration • All peer-group members have a common outbound policy • Updates generated once per peer group Update replication efficiency
• Members can have different inbound policy Differing outbound policies will negate the value of the peer-group and lower update replication efficiency
© 2002, Cisco Systems, Inc. All rights reserved.
27
Why Route Reflectors? Avoid n(n-1)/2 iBGP Mesh
n=1000 => Nearly Half a Million iBGP Sessions!
13 Routers => 78 IBGP Sessions total
© 2002, Cisco Systems, Inc. All rights reserved.
28
Using Route Reflectors RR
RRC
Backbone RR
RR
RRC
Cluster A
RRC
RR
RR
Cluster C Golden Rule of RR Loop Avoidance:
Cluster B
“RR Topology Should Follow Physical Topology” => Be Careful with Loopback Peering!!!! © 2002, Cisco Systems, Inc. All rights reserved.
RRC RR
Cluster D 29
Route Reflectors • Provide additional control to allow router to advertise (reflect) iBGP learned routes to other iBGP peers Method to reduce the size of the iBGP mesh
• Normal BGP speakers can coexist Only the RR has to support this feature neighbor x.x.x.x route-reflector-client
• Route reflector clients receive the “best” route as seen by the RR – Beware this may not always be the best route for the client
© 2002, Cisco Systems, Inc. All rights reserved.
30
Route Reflectors—Terminology Non-client
Route Reflector
Clusters Clients
Clients
Lines Represent Both Physical Links and BGP Logical Connections © 2002, Cisco Systems, Inc. All rights reserved.
31
Route Reflectors—Terminology (Cont.) • Route reflector Router that reflects the iBGP information
• Client Routers between which the RR reflects updates (may be fully meshed among themselves)
• Cluster Set of one or more RRs and their clients (may overlap)
• Non-client iBGP neighbour outside the cluster
© 2002, Cisco Systems, Inc. All rights reserved.
32
What Is a Route Reflector?
• Reflector receives path from clients and non clients • If best path is from a client, reflect to clients and non-clients • If best path is from a non-client, reflect to clients
© 2002, Cisco Systems, Inc. All rights reserved.
33
Route Reflectors—Hierarchy • Clusters may be configured hierarchically RRs in a cluster are clients of RRs in a higher level Provides a “natural” method to limit routing information sent to lower levels
Level 1
Level 2
Beware of segmenting the BGP layers
© 2002, Cisco Systems, Inc. All rights reserved.
34
Deploying Route Reflectors
• Divide backbone into multiple clusters • Each cluster contains at least one RR; Clients can peer with RRs in other clusters for redundancy • RRs are fully meshed via IBGP • Still use single IGP—next-hop unmodified by RR; unless via explicit inbound route-map
© 2002, Cisco Systems, Inc. All rights reserved.
35
Route Reflectors—Migration • Where to place the route reflectors? Follow the physical topology! This will guarantee that the packet forwarding won’t be affected
• Configure one RR at a time Eliminate redundant iBGP sessions Place one RR per cluster
© 2002, Cisco Systems, Inc. All rights reserved.
36
BGP Template: Peer-Group for RR Clients router bgp 1 Will this Break the neighbor rr-client peer-group “Golden Rule” neighbor rr-client description RR clients neighbor rr-client remote-as 1 neighbor rr-client update-source Loopback0 neighbor rr-client route-reflector-client This Line on RRs neighbor rr-client next-hop-self Only RRCs Use neighbor rr-client send-community Still Use Internal Peer Group neighbor rr-client version 4 neighbor rr-client password 7 03085A09 neighbor 10.0.1.1 peer-group rr-client neighbor 10.0.1.2 peer-group rr-client © 2002, Cisco Systems, Inc. All rights reserved.
37
RR Specific BGP Attributes RR 1.4.1.1
RRC Router id
A
• Example: B
RouterB>sh ip bgp 3.0.0.0
Router id 1.3.1.1
BGP routing table entry for 3.0.0.0/8
1.2.1.1
RR C RRC Router id D 1.1.1.1
3 1.0.1.2 from 1.4.1.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, internal, best
1.0.1.2
Originator: 1.1.1.1 Cluster list: 1.3.1.1, 1.2.1.1
AS3 3.0.0.0 © 2002, Cisco Systems, Inc. All rights reserved.
38
BGP Attributes: ORIGINATOR_ID
• ORIGINATOR_ID Router ID of IBGP speaker that injects route into AS—applied by RR
• Useful for troubleshooting and loop detection
© 2002, Cisco Systems, Inc. All rights reserved.
39
BGP Attributes: CLUSTER_LIST • CLUSTER_LIST String of CLUSTER_IDs through which the route has passed
• Usually CLUSTER_ID=ROUTER_ID • Overridden by: bgp cluster-id x.x.x.x—but remember: don’t do this!!!! • Useful for troubleshooting and loop detection © 2002, Cisco Systems, Inc. All rights reserved.
40
Route Reflectors—Redundancy • Multiple RRs can be configured in the same cluster—but we now advise against this Other RRs in the same cluster should be treated as iBGP peers (non-clients) All RRs in the cluster must have the same cluster-id
• A router may be a client for RRs in different clusters © 2002, Cisco Systems, Inc. All rights reserved.
41
Route Reflectors—Results
• Number of neighbors is reduced No need for full iBGP mesh
• Number of routes propagated is reduced Each RR advertises only the best path to its clients
• Stability and scalability are achieved!
© 2002, Cisco Systems, Inc. All rights reserved.
42
Confederations • Divide the AS into sub-AS eBGP between sub-AS, but some iBGP information is kept Preserve NEXT_HOP across the sub-AS (IGP carries this information) Preserve LOCAL_PREF and MED
• Usually a single IGP
© 2002, Cisco Systems, Inc. All rights reserved.
43
Confederations (Cont.) • Visible to outside world as single AS— “Confederation Identifier” Each sub-AS uses a number from the private space
• iBGP speakers in sub-AS are fully meshed The total number of neighbors is reduced by limiting the full mesh requirement to only the peers in the sub-AS © 2002, Cisco Systems, Inc. All rights reserved.
44
Confederations (Cont.) Sub-AS 65530 AS 2
B Sub-AS 65532
Sub-AS 65531
• Configuration (rtr B): router bgp 65532 confederation identifier 2 bgp confederation peers 65530 65531 neighbor 141.153.12.1 remote-as 65530 neighbor 141.153.17.2 remote-as 65531
© 2002, Cisco Systems, Inc. All rights reserved.
45
Route Propagation Decisions
• Same as with “normal” BGP: From peer in same sub-AS → only to external peers (eBGP rules) From external peers → to all neighbors (iBGP rules)
• “External peers” refers to Peers outside the confederation Peers in a different sub-AS Preserve LOCAL_PREF, MED and NEXT_HOP
© 2002, Cisco Systems, Inc. All rights reserved.
46
Confederations (Cont.) • Example (cont.): BGP table version is 78, local router ID is 141.153.17.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.0.0
141.153.14.3
0
100
0
(65531) 1 i
*> 141.153.0.0 141.153.30.2
0
100
0
(65530) i
*> 144.10.0.0
141.153.12.1
0
100
0
(65530) i
*> 199.10.10.0 141.153.29.2
0
100
0
(65530) 1 i
© 2002, Cisco Systems, Inc. All rights reserved.
47
RRs or Confederations
Internet Connectivity
Multi-Level Hierarchy
Policy Control
Scalability
Migration Complexity
Confederations
Anywhere In the Network
Yes
Yes
Medium
Medium To High
Route Reflectors
Anywhere In the Network
Yes
Yes
Very High
Very Low
© 2002, Cisco Systems, Inc. All rights reserved.
48
More Points about Confeds
• Can assist in “absorbing” other ISPs into you ISP If one ISP buys another (can use local-as feature to do a similar thing)
• You can use route-reflectors within confederation sub-as Reduce the sub-as ibgp mesh
© 2002, Cisco Systems, Inc. All rights reserved.
49
So Far…
• Is IBGP peering Stable? Use loopbacks for peering
• Will it Scale? Use peer groups Use route reflectors
• Simple, hierarchical config?
© 2002, Cisco Systems, Inc. All rights reserved.
50
COMMUNITIES They’re for Everyone!
© 2001, Cisco Systems, Inc. All rights reserved.
51
Problem: Scale Routing Policy Solution: COMMUNITY
• NOT in decision algorithm • BGP route can be a member of many communities • Typical communities: Destinations learned from customers Destinations learned from ISPs or peers Destinations in VPN—BGP community is fundamental to the operation of BGP VPNs (rfc2547)
© 2002, Cisco Systems, Inc. All rights reserved.
52
Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100—Customer Routes 1:80— ISP Routes
ISP 2 ISP 1
ISP 4
ISP 3 0.0.0.0
Customer 1 (no Default, Wants Full Routes)
Customer 2 (Uses Default, Wants Your Routes) © 2002, Cisco Systems, Inc. All rights reserved.
53
Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100—Customer Routes 1:80— ISP Routes
Set Community 1:80
ISP 2 ISP 1
Match Community 1:100 1:80
Match Community 1:100
Match Community 1:100
ISP 3 Set Community 1:100
Customer 1 (no Default, Wants Full Routes)
ISP 4 0.0.0.0
Customer 2 (Uses Default, Wants Your Routes) © 2002, Cisco Systems, Inc. All rights reserved.
54
BGP Attributes: COMMUNITY
• Activated per neighbor/peer-group: neighbor {peer-address | peer-group-name} send-community
• Carried across AS boundaries • Common convention is string of four bytes::[0-65536] 32 AS address space in coming
© 2002, Cisco Systems, Inc. All rights reserved.
55
BGP Attributes: COMMUNITY (Cont.) • Each destination can be a member of multiple communities • Using a route-map: set community <1-4294967295> community number aa:nn
community number in aa:nn format
additive
Add to the existing community
none
No community attribute
local-AS community)
Do not send to EBGP peers (well-known
no-advertise community)
Do not advertise to any peer (well-known
no-export community)
Do not export outside AS/confed (well-known
© 2002, Cisco Systems, Inc. All rights reserved.
56
Community Filters
• Filter based on Community Strings ip community-list <1-99> [permit|deny] comm ip community-list <100-199> [permit|deny] regexp
• Per neighbor Inbound or outbound route-maps match community [exact-match]
exact match only for standard lists
© 2002, Cisco Systems, Inc. All rights reserved.
57
Community Filters • Example 1: Mark some prefixes as part of the 1:120 community (+remove existing community!)
• Configuration: router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 send-community neighbor 10.0.0.1 route-map set_community out ! route-map set_community 10 permit match ip address 1 set community 1:120 ! access-list 1 permit 10.10.0.0 0.0.255.255
© 2002, Cisco Systems, Inc. All rights reserved.
58
Community Filters
• Example 2: Set LOCAL_PREF depending on the community that the prefix belongs to.
• Configuration: router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 route-map filter_on_community in ! route-map filter_on_community 10 permit match community 1 set local-preference 150 ! ip community-list 1 permit 2:150
© 2002, Cisco Systems, Inc. All rights reserved.
59
Regular Expression Syntax—URL
• Overview of IOS regular expression syntax: http://www.cisco.com/univercd/cc/td/doc/prod uct/software/ios11/arbook/arapptrn.htm
© 2002, Cisco Systems, Inc. All rights reserved.
60
Deploying External BGP for ISPs Route Aggregation, Customer Aggregation, NAPs
© 2001, Cisco Systems, Inc. All rights reserved.
61
ISP EBGP Tasks
• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service
© 2002, Cisco Systems, Inc. All rights reserved.
62
What Is Aggregation?
• Summarisation based on specifics from the BGP routing table 10.60.1.0 255.255.255.0 10.60.2.0 255.255.255.240 Aggregate would be 10.60.0.0 255.255.0.0
© 2002, Cisco Systems, Inc. All rights reserved.
63
How to Aggregate
• aggregate-address 10.60.0.0 255.255.0.0 {as-set} {summary-only} {route-map} • Use as-set to include path and community information from specifics • summary-only suppresses specifics • route-map sets other attributes
© 2002, Cisco Systems, Inc. All rights reserved.
64
Why Aggregate? • Reduce number of Internet prefixes— advertise only your CIDR block • Increase stability—aggregate stays even if specifics come and go • Stable aggregate generation: router bgp 1 aggregate-address 10.60.0.0 255.255.0.0 as-set summary-only network 10.60.1.0 255.255.255.0 : ip route 10.60.1.0 255.255.255.0 null0 254
© 2002, Cisco Systems, Inc. All rights reserved.
65
BGP Attributes: Atomic Aggregate
• Indicates loss of AS-PATH information • Must not be removed once set • Set by: aggregate-address x.x.x.x • Not set if as-set keyword is used, however, AS-SET and COMMUNITY then carries information from specifics
© 2002, Cisco Systems, Inc. All rights reserved.
66
BGP Attributes: Aggregator
• AS number and IP address of router generating aggregate • Useful for troubleshooting • Only set by aggregate-address; NOT set by the network statement
© 2002, Cisco Systems, Inc. All rights reserved.
67
Aggregate Attributes
NEXT_HOP = local (0.0.0.0) WEIGHT = 32768 LOCAL_PREF = none (assume 100) AS_PATH = AS_SET or nothing ORIGIN = IGP MED = none
© 2002, Cisco Systems, Inc. All rights reserved.
68
ISP EBGP Tasks • Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service • Propagate QoS policy
© 2002, Cisco Systems, Inc. All rights reserved.
69
Customer Aggregation Guidelines • Define at least three peer groups: cust-default—send default route only cust-cust—send customer routes only cust-full —send full Internet routes
• Tag routes via communities Use identifier and action communities 2:100=customers; 2:80=peers; 2:1000 announce to transit
• Apply passwords and an inbound prefix-list on a per neighbor basis if applicable – password management can be tricky from an operational perspective © 2002, Cisco Systems, Inc. All rights reserved.
70
Customer Aggregation Your AS CIDR Block: 10.0.0.0/8
CORE Route Reflector
Aggregation Router (RR Client) Client Peer Group
Full Routes “Default” Peer Group Peer Group
Customer Routes Peer Group
© 2002, Cisco Systems, Inc. All rights reserved.
71
BGP template - customers
neighbor x.x.x.x remote-as X neighbor x.x.x.x peer-group (cust-full or cust_cust or cust_default) neighbor x.x.x.x prefix-list ASXXX in ! ip prefix-list ASXXX seq 5 permit <prefix>
© 2002, Cisco Systems, Inc. All rights reserved.
72
BGP template - full routes peer-group neighbor cust-full peer-group neighbor cust-full description Send full Routes neighbor cust-full remove-private-AS neighbor cust-full version 4 neighbor cust-full route-map cust-in in neighbor cust-full route-map full-routes out
© 2002, Cisco Systems, Inc. All rights reserved.
73
BGP template: full routes route-map ip prefix-list cidr-block seq 5 deny 10.0.0.0/8 ge 9 ip prefix-list cidr-block seq 10 permit 0.0.0.0/0 le 32 ip community-list 1 permit 2:100 ip community-list 80 permit 2:80 . route-map full-routes permit 10 match ip cidr-block
; deny CIDR subnets
match community 1 80
; customer & peers
set metric-type internal
; MED = IGP metric
set ip next-hop peer-address ; our own © 2002, Cisco Systems, Inc. All rights reserved.
74
BGP template: customer inbound route-map
route-map cust-in permit 10 set metric 4294967294 ; ignore MED set ip next-hop peer-address set community 2:100
© 2002, Cisco Systems, Inc. All rights reserved.
75
BGP template: customer routes peer-group
neighbor cust-cust peer-group neighbor cust-cust description customer routes neighbor cust-cust remove-private-AS neighbor cust-cust version 4 neighbor cust-cust route-map cust-in in neighbor cust-cust route-map cust-routes out
© 2002, Cisco Systems, Inc. All rights reserved.
76
BGP Template: template: customer routes route-map
route-map cust-routes permit 10 match ip cidr-block match community 1 ; customers only set metric-type internal ; MED = igp metric set ip next-hop peer-address ; our own
© 2002, Cisco Systems, Inc. All rights reserved.
77
BGP Template: default route peer-group neighbor cust-default peer-group neighbor cust-default description Send default neighbor cust-default default-originate route-map default-route neighbor cust-default remove-private-AS neighbor cust-default version 4 neighbor cust-default route-map cust-in in neighbor cust-default prefix-list deny-all out ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32 © 2002, Cisco Systems, Inc. All rights reserved.
78
ISP EBGP Tasks
• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers
© 2002, Cisco Systems, Inc. All rights reserved.
79
Peering with other ISPs
• Similar to EBGP customer aggregation except inbound prefix filtering is rarely used (lack of global registry) • Use maximum-prefix and prefix sanity checking instead
© 2002, Cisco Systems, Inc. All rights reserved.
80
BGP Template: ISP peers peer-group
neighbor nap peer-group neighbor nap description for peer ISPs neighbor nap remove-private-AS neighbor nap version 4 neighbor nap prefix-list sanity-check in neighbor nap prefix-list cidr-block out neighbor nap route-map nap-out out neighbor nap maximum prefix 30000
© 2002, Cisco Systems, Inc. All rights reserved.
81
BGP Template: ISP peers route-
route-map nap-out permit 10 match community 1 ; customers only set metric-type internal ; MED = IGP metric set ip next-hop peer-address ; our own
© 2002, Cisco Systems, Inc. All rights reserved.
82
Peer Groups for NAPs: Sanity-Check Prefix-List # FIRST - FILTER OUT YOUR IGP ADDRESS SPACE!! ip prefix-list sanity-check seq 5 deny 0.0.0.0/32 # deny the default route ip prefix-list sanity-check seq 10 deny 0.0.0.0/8 le 32 # deny anything beginning with 0 ip prefix-list sanity-check seq 15 deny 0.0.0.0/1 ge 20 # deny masks > 20 for all class A nets (1-127) ip prefix-list sanity-check seq 20 deny 10.0.0.0/8 le 32 # deny 10/8 per RFC1918 ip prefix-list sanity-check seq 25 deny 127.0.0.0/8 le 32 # reserved by IANA - loopback address ip prefix-list sanity-check seq 30 deny 128.0.0.0/2 ge 17 deny masks >= 17 for all class B nets (129-191) ip prefix-list sanity-check seq 35 deny 128.0.0.0/16 le 32 # deny net 128.0 - reserved by IANA ip prefix-list sanity-check seq 40 deny 172.16.0.0/12 le 32 # deny 172.16 as RFC1918 © 2002, Cisco Systems, Inc. All rights reserved.
83
Peer Groups for NAPs: Sanity-Check Prefix-List ip prefix-list sanity-check seq 45 deny 192.0.2.0/24 le 32 # class C 192.0.20.0 reserved by IANA ip prefix-list sanity-check seq 50 deny 192.0.0.0/24 le 32 # class C 192.0.0.0 reserved by IANA ip prefix-list sanity-check seq 55 deny 192.168.0.0/16 le 32 # deny 192.168/16 per RFC1918 ip prefix-list sanity-check seq 60 deny 191.255.0.0/16 le 32 # deny 191.255.0.0 - IANA reserved (I think) ip prefix-list sanity-check seq 65 deny 192.0.0.0/3 ge 25 # deny masks > 25 for class C (192-222) ip prefix-list sanity-check seq 70 deny 223.255.255.0/24 le 32 # deny anything in net 223 - IANA reserved ip prefix-list sanity-check seq 75 deny 224.0.0.0/3 le 32 # deny class D/Experimental © 2002, Cisco Systems, Inc. All rights reserved.
84
Summary for Deploying EBGP • Stability through: Aggregation/summary routes Inbound prefix-filtering and passwords Apply “sanity-check” and maximum-prefix feature to ISP peering.
• Scalability of memory/CPU: Three peer-groups for customers: Default, customer routes, full routes One peer group for ISP peers
• Simplicity using “standard” solutions © 2002, Cisco Systems, Inc. All rights reserved.
85
Session Summary 1 • Scalability: Use attributes, especially community Use peer groups and route reflectors
• Stability: Use loopback addresses for IBGP Generate aggregates/summary addresses Apply passwords Always filter inbound and outbound © 2002, Cisco Systems, Inc. All rights reserved.
86
Session Summary 2
• Simplicity—standard solutions: Three multihoming options Group customers into communities Apply standard policy at the edge Avoid “special configs” Script your config generation
© 2002, Cisco Systems, Inc. All rights reserved.
87
For Further Reference:
• BGP bestpath http://www.cisco.com/warp/public/459/25.shtml
• Case studies on www.cisco.com: http://www.cisco.com/warp/public/ 459/18.html
• www.cisco.com—search “BGP” • www.nanog.org
© 2002, Cisco Systems, Inc. All rights reserved.
88
For Further Reference:
• Cisco Press: “Internet Routing Architectures” “Advanced IP Network Design” “Large-Scale IP Network Solutions”
• John Stewart, BGP4, Addison Wesley • Extra slides on BGP over simplex links
© 2002, Cisco Systems, Inc. All rights reserved.
89
RST-210 3025_05_2001_c1
© 2001, Cisco Systems, Inc. All rights reserved.
90
© 2001, Cisco Systems, Inc. All rights reserved.
1
Deploying BGP4 Marc Teichtahl Consulting Engineer – EMEA PTT2
© 2001, Cisco Systems, Inc. All rights reserved.
3
Contacts
• Speaker: Marc Teichtahl ([email protected])
• Slides will be available at the networks URL
© 2002, Cisco Systems, Inc. All rights reserved.
4
Prerequisites • Understand how BGP scales Internet routing by connecting ISPs with globally unique AS numbers • Understand need for stable BGP advertisement (ie BGP dampening) • Understand difference between BGP external and internal BGP • Basic protocol knowledge: TCP port 179—incremental updates © 2002, Cisco Systems, Inc. All rights reserved.
5
Prerequisites
• Understand BGP attributes: ASPATH, NEXT_HOP, MED, LOCAL_PREF—allow routing policy via route-map. • Understand the bestpath decision algorithm • Know why to turn off synchronisation and auto-summary!
© 2002, Cisco Systems, Inc. All rights reserved.
6
Overview • Protocol Overview • Using BGP Attributes • Deploying IBGP • Deploying EBGP Connecting to an ISP Being an ISP
• Focus on Stability, Scalability, and Configuration Templates
© 2002, Cisco Systems, Inc. All rights reserved.
7
Complex Network Scalability Network routing architectures should focus on being
Scalable Stable Simple © 2002, Cisco Systems, Inc. All rights reserved.
8
BGP Review What Is it? Why Use it?
© 2001, Cisco Systems, Inc. All rights reserved.
9
Basic to Basics Peering A
C
AS 100
AS 101 D
B
• Runs over TCP—port 179 • Path vector protocol
E
AS 102
• Incremental updates • “Internal” and “External” BGP © 2002, Cisco Systems, Inc. All rights reserved.
10
General Operation
• Learns multiple paths via internal and external BGP speakers • Picks THE “bestpath”, installs it in the IP forwarding table, forwards to EBGP neighbors (not IBGP) • Policies are applied by influencing the bestpath selection – Policy tools include local-pref, communities, MED, etc
© 2002, Cisco Systems, Inc. All rights reserved.
11
BGP Sessions—TCP Port 179, 4 Basic Message Types
4 BGP Messages control the opening, updates, withdrawals and BGP sessions maintenance.
© 2002, Cisco Systems, Inc. All rights reserved.
12
BGP Sessions - Control 1: OPEN MESSAGE Exchange AS, router ID, holdtime Capability negotiation 0
1
2
3
4
5
6
7
8
9
10
11 12 13 14 15 16 17 18 19
20
21 22 23 24 25 26 27 28 29
30
31
Version (1 bytes) My Auto. System (2 bytes) Hold Time (2 bytes) BGP Identifier (4 bytes) Opt. Parm. Len. (1) Optional Parameters (as specified above) © 2002, Cisco Systems, Inc. All rights reserved.
13
BGP Sessions - Control 2: NOTIFICATION Example: “peer in wrong AS” 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error code | Error subcode | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 = HRD Error, 2 = OPEN Error, 3= UPDATE Error 4 = Hold Time Expired, 5 = FSM Error, 6 = Cease
© 2002, Cisco Systems, Inc. All rights reserved.
14
BGP Sessions - Control 3: KEEPALIVE—when no updates
These keepalives ensure that the BGP neighbour relationship Is maintained and not the TCP level connectivity
© 2002, Cisco Systems, Inc. All rights reserved.
15
BGP Sessions - Control 4: UPDATES (incremental) +-----------------------------------------------------+ | Unfeasible Routes Length (2 octets) | +-----------------------------------------------------+ | Withdrawn Routes (variable) | +-----------------------------------------------------+ | Total Path Attribute Length (2 octets) | +-----------------------------------------------------+ | Path Attributes (variable) | +-----------------------------------------------------+ | Network Layer Reachability Information (variable) | +-----------------------------------------------------+ 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attr. Flags |Attr. Type Code| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+---------------------------+ | Length (1 octet) | +---------------------------+ | Prefix (variable) | +---------------------------+
© 2002, Cisco Systems, Inc. All rights reserved.
16
BGP Routing Policy • Defines in technical terms your business rules – Default to provider X – Select paths according to cost/reliability – Use path Y for Backup
• Tools to achieve this policy are the BGP attribute tools
© 2002, Cisco Systems, Inc. All rights reserved.
17
BGP Attributes—Tools for Routing Policy
1: ORIGIN
7: AGGREGATOR
2: AS-PATH
8: COMMUNITY
3: NEXT-HOP
9: ORIGINATOR_ID
4: MED
10: CLUSTER_LIST
5: LOCAL_PREF
14: MP_REACH_NLRI
6: ATOMIC_AGGREGATE
15: MP_UNREACH_NLRI
We will only focus on the yellow items today © 2002, Cisco Systems, Inc. All rights reserved.
18
Why Use BGP ?
• You need to scale your IGP • You’re a multihomed ISP customer • You need to transit full Internet routes
© 2002, Cisco Systems, Inc. All rights reserved.
19
Deploying BGP
© 2001, Cisco Systems, Inc. All rights reserved.
20
BGP Template—BGP Global Settings
router bgp 1 bgp deterministic-med no synchronisation no auto-summary For BGP config templates from now on, I’ll assume you’ve already done this!
© 2002, Cisco Systems, Inc. All rights reserved.
21
Deploying Internal BGP Loopbacks, Peer-Groups, Route Reflectors and Confederations
© 2001, Cisco Systems, Inc. All rights reserved.
22
Guidelines for Stable IBGP • IBGP peer using loopback addresses neighbor { ip address | peer-group} update-source loopback0
• Independent of physical interface failure – TCP carries our BGP information – Loopbacks reachable via IGP
• IGP/CEF performs any load-sharing • IBGP only—use on RR clients with care!!! © 2002, Cisco Systems, Inc. All rights reserved.
23
Peering with Loopbacks Without Loopbacks, the TCP Session Is Always Sourced from the IP Address of the Outbound Interface— Which Can Go Down!
A
B
• Configuration: Router A
1.0.1.1
router bgp 1 neighbor 1.0.1.1 remote-as 1 Router B router bgp 1 neighbor 1.0.1.2 remote-as 1
1.0.1.2
If Redundant Paths Exist, Use Loopback Interfaces to Establish the Session
© 2002, Cisco Systems, Inc. All rights reserved.
24
Guidelines for Scaling IBGP • Carry only next-hops in IGP Aggregation at IGP level can be dangerous
• Carry full routes in BGP only if necessary Important at peering points MPLS does not have this concern
• Do not redistribute BGP into IGP • Use peer groups and RRs
© 2002, Cisco Systems, Inc. All rights reserved.
25
BGP Template—IBGP Peers
IBGP Peer Group AS1 router bgp 1 neighbor internal peer-group neighbor internal description ibgp peers neighbor internal remote-as 1 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor internal send-community neighbor internal version 4 neighbor internal password 7 03085A09 neighbor 1.0.0.1 peer-group internal neighbor 1.0.0.2 peer-group internal © 2002, Cisco Systems, Inc. All rights reserved.
26
What Is a Peer Group? • Simplifies configuration • All peer-group members have a common outbound policy • Updates generated once per peer group Update replication efficiency
• Members can have different inbound policy Differing outbound policies will negate the value of the peer-group and lower update replication efficiency
© 2002, Cisco Systems, Inc. All rights reserved.
27
Why Route Reflectors? Avoid n(n-1)/2 iBGP Mesh
n=1000 => Nearly Half a Million iBGP Sessions!
13 Routers => 78 IBGP Sessions total
© 2002, Cisco Systems, Inc. All rights reserved.
28
Using Route Reflectors RR
RRC
Backbone RR
RR
RRC
Cluster A
RRC
RR
RR
Cluster C Golden Rule of RR Loop Avoidance:
Cluster B
“RR Topology Should Follow Physical Topology” => Be Careful with Loopback Peering!!!! © 2002, Cisco Systems, Inc. All rights reserved.
RRC RR
Cluster D 29
Route Reflectors • Provide additional control to allow router to advertise (reflect) iBGP learned routes to other iBGP peers Method to reduce the size of the iBGP mesh
• Normal BGP speakers can coexist Only the RR has to support this feature neighbor x.x.x.x route-reflector-client
• Route reflector clients receive the “best” route as seen by the RR – Beware this may not always be the best route for the client
© 2002, Cisco Systems, Inc. All rights reserved.
30
Route Reflectors—Terminology Non-client
Route Reflector
Clusters Clients
Clients
Lines Represent Both Physical Links and BGP Logical Connections © 2002, Cisco Systems, Inc. All rights reserved.
31
Route Reflectors—Terminology (Cont.) • Route reflector Router that reflects the iBGP information
• Client Routers between which the RR reflects updates (may be fully meshed among themselves)
• Cluster Set of one or more RRs and their clients (may overlap)
• Non-client iBGP neighbour outside the cluster
© 2002, Cisco Systems, Inc. All rights reserved.
32
What Is a Route Reflector?
• Reflector receives path from clients and non clients • If best path is from a client, reflect to clients and non-clients • If best path is from a non-client, reflect to clients
© 2002, Cisco Systems, Inc. All rights reserved.
33
Route Reflectors—Hierarchy • Clusters may be configured hierarchically RRs in a cluster are clients of RRs in a higher level Provides a “natural” method to limit routing information sent to lower levels
Level 1
Level 2
Beware of segmenting the BGP layers
© 2002, Cisco Systems, Inc. All rights reserved.
34
Deploying Route Reflectors
• Divide backbone into multiple clusters • Each cluster contains at least one RR; Clients can peer with RRs in other clusters for redundancy • RRs are fully meshed via IBGP • Still use single IGP—next-hop unmodified by RR; unless via explicit inbound route-map
© 2002, Cisco Systems, Inc. All rights reserved.
35
Route Reflectors—Migration • Where to place the route reflectors? Follow the physical topology! This will guarantee that the packet forwarding won’t be affected
• Configure one RR at a time Eliminate redundant iBGP sessions Place one RR per cluster
© 2002, Cisco Systems, Inc. All rights reserved.
36
BGP Template: Peer-Group for RR Clients router bgp 1 Will this Break the neighbor rr-client peer-group “Golden Rule” neighbor rr-client description RR clients neighbor rr-client remote-as 1 neighbor rr-client update-source Loopback0 neighbor rr-client route-reflector-client This Line on RRs neighbor rr-client next-hop-self Only RRCs Use neighbor rr-client send-community Still Use Internal Peer Group neighbor rr-client version 4 neighbor rr-client password 7 03085A09 neighbor 10.0.1.1 peer-group rr-client neighbor 10.0.1.2 peer-group rr-client © 2002, Cisco Systems, Inc. All rights reserved.
37
RR Specific BGP Attributes RR 1.4.1.1
RRC Router id
A
• Example: B
RouterB>sh ip bgp 3.0.0.0
Router id 1.3.1.1
BGP routing table entry for 3.0.0.0/8
1.2.1.1
RR C RRC Router id D 1.1.1.1
3 1.0.1.2 from 1.4.1.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, internal, best
1.0.1.2
Originator: 1.1.1.1 Cluster list: 1.3.1.1, 1.2.1.1
AS3 3.0.0.0 © 2002, Cisco Systems, Inc. All rights reserved.
38
BGP Attributes: ORIGINATOR_ID
• ORIGINATOR_ID Router ID of IBGP speaker that injects route into AS—applied by RR
• Useful for troubleshooting and loop detection
© 2002, Cisco Systems, Inc. All rights reserved.
39
BGP Attributes: CLUSTER_LIST • CLUSTER_LIST String of CLUSTER_IDs through which the route has passed
• Usually CLUSTER_ID=ROUTER_ID • Overridden by: bgp cluster-id x.x.x.x—but remember: don’t do this!!!! • Useful for troubleshooting and loop detection © 2002, Cisco Systems, Inc. All rights reserved.
40
Route Reflectors—Redundancy • Multiple RRs can be configured in the same cluster—but we now advise against this Other RRs in the same cluster should be treated as iBGP peers (non-clients) All RRs in the cluster must have the same cluster-id
• A router may be a client for RRs in different clusters © 2002, Cisco Systems, Inc. All rights reserved.
41
Route Reflectors—Results
• Number of neighbors is reduced No need for full iBGP mesh
• Number of routes propagated is reduced Each RR advertises only the best path to its clients
• Stability and scalability are achieved!
© 2002, Cisco Systems, Inc. All rights reserved.
42
Confederations • Divide the AS into sub-AS eBGP between sub-AS, but some iBGP information is kept Preserve NEXT_HOP across the sub-AS (IGP carries this information) Preserve LOCAL_PREF and MED
• Usually a single IGP
© 2002, Cisco Systems, Inc. All rights reserved.
43
Confederations (Cont.) • Visible to outside world as single AS— “Confederation Identifier” Each sub-AS uses a number from the private space
• iBGP speakers in sub-AS are fully meshed The total number of neighbors is reduced by limiting the full mesh requirement to only the peers in the sub-AS © 2002, Cisco Systems, Inc. All rights reserved.
44
Confederations (Cont.) Sub-AS 65530 AS 2
B Sub-AS 65532
Sub-AS 65531
• Configuration (rtr B): router bgp 65532 confederation identifier 2 bgp confederation peers 65530 65531 neighbor 141.153.12.1 remote-as 65530 neighbor 141.153.17.2 remote-as 65531
© 2002, Cisco Systems, Inc. All rights reserved.
45
Route Propagation Decisions
• Same as with “normal” BGP: From peer in same sub-AS → only to external peers (eBGP rules) From external peers → to all neighbors (iBGP rules)
• “External peers” refers to Peers outside the confederation Peers in a different sub-AS Preserve LOCAL_PREF, MED and NEXT_HOP
© 2002, Cisco Systems, Inc. All rights reserved.
46
Confederations (Cont.) • Example (cont.): BGP table version is 78, local router ID is 141.153.17.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.0.0
141.153.14.3
0
100
0
(65531) 1 i
*> 141.153.0.0 141.153.30.2
0
100
0
(65530) i
*> 144.10.0.0
141.153.12.1
0
100
0
(65530) i
*> 199.10.10.0 141.153.29.2
0
100
0
(65530) 1 i
© 2002, Cisco Systems, Inc. All rights reserved.
47
RRs or Confederations
Internet Connectivity
Multi-Level Hierarchy
Policy Control
Scalability
Migration Complexity
Confederations
Anywhere In the Network
Yes
Yes
Medium
Medium To High
Route Reflectors
Anywhere In the Network
Yes
Yes
Very High
Very Low
© 2002, Cisco Systems, Inc. All rights reserved.
48
More Points about Confeds
• Can assist in “absorbing” other ISPs into you ISP If one ISP buys another (can use local-as feature to do a similar thing)
• You can use route-reflectors within confederation sub-as Reduce the sub-as ibgp mesh
© 2002, Cisco Systems, Inc. All rights reserved.
49
So Far…
• Is IBGP peering Stable? Use loopbacks for peering
• Will it Scale? Use peer groups Use route reflectors
• Simple, hierarchical config?
© 2002, Cisco Systems, Inc. All rights reserved.
50
COMMUNITIES They’re for Everyone!
© 2001, Cisco Systems, Inc. All rights reserved.
51
Problem: Scale Routing Policy Solution: COMMUNITY
• NOT in decision algorithm • BGP route can be a member of many communities • Typical communities: Destinations learned from customers Destinations learned from ISPs or peers Destinations in VPN—BGP community is fundamental to the operation of BGP VPNs (rfc2547)
© 2002, Cisco Systems, Inc. All rights reserved.
52
Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100—Customer Routes 1:80— ISP Routes
ISP 2 ISP 1
ISP 4
ISP 3 0.0.0.0
Customer 1 (no Default, Wants Full Routes)
Customer 2 (Uses Default, Wants Your Routes) © 2002, Cisco Systems, Inc. All rights reserved.
53
Problem: Scale Routing Policy Solution: COMMUNITY Communities: 1:100—Customer Routes 1:80— ISP Routes
Set Community 1:80
ISP 2 ISP 1
Match Community 1:100 1:80
Match Community 1:100
Match Community 1:100
ISP 3 Set Community 1:100
Customer 1 (no Default, Wants Full Routes)
ISP 4 0.0.0.0
Customer 2 (Uses Default, Wants Your Routes) © 2002, Cisco Systems, Inc. All rights reserved.
54
BGP Attributes: COMMUNITY
• Activated per neighbor/peer-group: neighbor {peer-address | peer-group-name} send-community
• Carried across AS boundaries • Common convention is string of four bytes:
© 2002, Cisco Systems, Inc. All rights reserved.
55
BGP Attributes: COMMUNITY (Cont.) • Each destination can be a member of multiple communities • Using a route-map: set community <1-4294967295> community number aa:nn
community number in aa:nn format
additive
Add to the existing community
none
No community attribute
local-AS community)
Do not send to EBGP peers (well-known
no-advertise community)
Do not advertise to any peer (well-known
no-export community)
Do not export outside AS/confed (well-known
© 2002, Cisco Systems, Inc. All rights reserved.
56
Community Filters
• Filter based on Community Strings ip community-list <1-99> [permit|deny] comm ip community-list <100-199> [permit|deny] regexp
• Per neighbor Inbound or outbound route-maps match community
exact match only for standard lists
© 2002, Cisco Systems, Inc. All rights reserved.
57
Community Filters • Example 1: Mark some prefixes as part of the 1:120 community (+remove existing community!)
• Configuration: router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 send-community neighbor 10.0.0.1 route-map set_community out ! route-map set_community 10 permit match ip address 1 set community 1:120 ! access-list 1 permit 10.10.0.0 0.0.255.255
© 2002, Cisco Systems, Inc. All rights reserved.
58
Community Filters
• Example 2: Set LOCAL_PREF depending on the community that the prefix belongs to.
• Configuration: router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 route-map filter_on_community in ! route-map filter_on_community 10 permit match community 1 set local-preference 150 ! ip community-list 1 permit 2:150
© 2002, Cisco Systems, Inc. All rights reserved.
59
Regular Expression Syntax—URL
• Overview of IOS regular expression syntax: http://www.cisco.com/univercd/cc/td/doc/prod uct/software/ios11/arbook/arapptrn.htm
© 2002, Cisco Systems, Inc. All rights reserved.
60
Deploying External BGP for ISPs Route Aggregation, Customer Aggregation, NAPs
© 2001, Cisco Systems, Inc. All rights reserved.
61
ISP EBGP Tasks
• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service
© 2002, Cisco Systems, Inc. All rights reserved.
62
What Is Aggregation?
• Summarisation based on specifics from the BGP routing table 10.60.1.0 255.255.255.0 10.60.2.0 255.255.255.240 Aggregate would be 10.60.0.0 255.255.0.0
© 2002, Cisco Systems, Inc. All rights reserved.
63
How to Aggregate
• aggregate-address 10.60.0.0 255.255.0.0 {as-set} {summary-only} {route-map} • Use as-set to include path and community information from specifics • summary-only suppresses specifics • route-map sets other attributes
© 2002, Cisco Systems, Inc. All rights reserved.
64
Why Aggregate? • Reduce number of Internet prefixes— advertise only your CIDR block • Increase stability—aggregate stays even if specifics come and go • Stable aggregate generation: router bgp 1 aggregate-address 10.60.0.0 255.255.0.0 as-set summary-only network 10.60.1.0 255.255.255.0 : ip route 10.60.1.0 255.255.255.0 null0 254
© 2002, Cisco Systems, Inc. All rights reserved.
65
BGP Attributes: Atomic Aggregate
• Indicates loss of AS-PATH information • Must not be removed once set • Set by: aggregate-address x.x.x.x • Not set if as-set keyword is used, however, AS-SET and COMMUNITY then carries information from specifics
© 2002, Cisco Systems, Inc. All rights reserved.
66
BGP Attributes: Aggregator
• AS number and IP address of router generating aggregate • Useful for troubleshooting • Only set by aggregate-address; NOT set by the network statement
© 2002, Cisco Systems, Inc. All rights reserved.
67
Aggregate Attributes
NEXT_HOP = local (0.0.0.0) WEIGHT = 32768 LOCAL_PREF = none (assume 100) AS_PATH = AS_SET or nothing ORIGIN = IGP MED = none
© 2002, Cisco Systems, Inc. All rights reserved.
68
ISP EBGP Tasks • Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service • Propagate QoS policy
© 2002, Cisco Systems, Inc. All rights reserved.
69
Customer Aggregation Guidelines • Define at least three peer groups: cust-default—send default route only cust-cust—send customer routes only cust-full —send full Internet routes
• Tag routes via communities Use identifier and action communities 2:100=customers; 2:80=peers; 2:1000 announce to transit
• Apply passwords and an inbound prefix-list on a per neighbor basis if applicable – password management can be tricky from an operational perspective © 2002, Cisco Systems, Inc. All rights reserved.
70
Customer Aggregation Your AS CIDR Block: 10.0.0.0/8
CORE Route Reflector
Aggregation Router (RR Client) Client Peer Group
Full Routes “Default” Peer Group Peer Group
Customer Routes Peer Group
© 2002, Cisco Systems, Inc. All rights reserved.
71
BGP template - customers
neighbor x.x.x.x remote-as X neighbor x.x.x.x peer-group (cust-full or cust_cust or cust_default) neighbor x.x.x.x prefix-list ASXXX in ! ip prefix-list ASXXX seq 5 permit <prefix>
© 2002, Cisco Systems, Inc. All rights reserved.
72
BGP template - full routes peer-group neighbor cust-full peer-group neighbor cust-full description Send full Routes neighbor cust-full remove-private-AS neighbor cust-full version 4 neighbor cust-full route-map cust-in in neighbor cust-full route-map full-routes out
© 2002, Cisco Systems, Inc. All rights reserved.
73
BGP template: full routes route-map ip prefix-list cidr-block seq 5 deny 10.0.0.0/8 ge 9 ip prefix-list cidr-block seq 10 permit 0.0.0.0/0 le 32 ip community-list 1 permit 2:100 ip community-list 80 permit 2:80 . route-map full-routes permit 10 match ip cidr-block
; deny CIDR subnets
match community 1 80
; customer & peers
set metric-type internal
; MED = IGP metric
set ip next-hop peer-address ; our own © 2002, Cisco Systems, Inc. All rights reserved.
74
BGP template: customer inbound route-map
route-map cust-in permit 10 set metric 4294967294 ; ignore MED set ip next-hop peer-address set community 2:100
© 2002, Cisco Systems, Inc. All rights reserved.
75
BGP template: customer routes peer-group
neighbor cust-cust peer-group neighbor cust-cust description customer routes neighbor cust-cust remove-private-AS neighbor cust-cust version 4 neighbor cust-cust route-map cust-in in neighbor cust-cust route-map cust-routes out
© 2002, Cisco Systems, Inc. All rights reserved.
76
BGP Template: template: customer routes route-map
route-map cust-routes permit 10 match ip cidr-block match community 1 ; customers only set metric-type internal ; MED = igp metric set ip next-hop peer-address ; our own
© 2002, Cisco Systems, Inc. All rights reserved.
77
BGP Template: default route peer-group neighbor cust-default peer-group neighbor cust-default description Send default neighbor cust-default default-originate route-map default-route neighbor cust-default remove-private-AS neighbor cust-default version 4 neighbor cust-default route-map cust-in in neighbor cust-default prefix-list deny-all out ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32 © 2002, Cisco Systems, Inc. All rights reserved.
78
ISP EBGP Tasks
• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers
© 2002, Cisco Systems, Inc. All rights reserved.
79
Peering with other ISPs
• Similar to EBGP customer aggregation except inbound prefix filtering is rarely used (lack of global registry) • Use maximum-prefix and prefix sanity checking instead
© 2002, Cisco Systems, Inc. All rights reserved.
80
BGP Template: ISP peers peer-group
neighbor nap peer-group neighbor nap description for peer ISPs neighbor nap remove-private-AS neighbor nap version 4 neighbor nap prefix-list sanity-check in neighbor nap prefix-list cidr-block out neighbor nap route-map nap-out out neighbor nap maximum prefix 30000
© 2002, Cisco Systems, Inc. All rights reserved.
81
BGP Template: ISP peers route-
route-map nap-out permit 10 match community 1 ; customers only set metric-type internal ; MED = IGP metric set ip next-hop peer-address ; our own
© 2002, Cisco Systems, Inc. All rights reserved.
82
Peer Groups for NAPs: Sanity-Check Prefix-List # FIRST - FILTER OUT YOUR IGP ADDRESS SPACE!! ip prefix-list sanity-check seq 5 deny 0.0.0.0/32 # deny the default route ip prefix-list sanity-check seq 10 deny 0.0.0.0/8 le 32 # deny anything beginning with 0 ip prefix-list sanity-check seq 15 deny 0.0.0.0/1 ge 20 # deny masks > 20 for all class A nets (1-127) ip prefix-list sanity-check seq 20 deny 10.0.0.0/8 le 32 # deny 10/8 per RFC1918 ip prefix-list sanity-check seq 25 deny 127.0.0.0/8 le 32 # reserved by IANA - loopback address ip prefix-list sanity-check seq 30 deny 128.0.0.0/2 ge 17 deny masks >= 17 for all class B nets (129-191) ip prefix-list sanity-check seq 35 deny 128.0.0.0/16 le 32 # deny net 128.0 - reserved by IANA ip prefix-list sanity-check seq 40 deny 172.16.0.0/12 le 32 # deny 172.16 as RFC1918 © 2002, Cisco Systems, Inc. All rights reserved.
83
Peer Groups for NAPs: Sanity-Check Prefix-List ip prefix-list sanity-check seq 45 deny 192.0.2.0/24 le 32 # class C 192.0.20.0 reserved by IANA ip prefix-list sanity-check seq 50 deny 192.0.0.0/24 le 32 # class C 192.0.0.0 reserved by IANA ip prefix-list sanity-check seq 55 deny 192.168.0.0/16 le 32 # deny 192.168/16 per RFC1918 ip prefix-list sanity-check seq 60 deny 191.255.0.0/16 le 32 # deny 191.255.0.0 - IANA reserved (I think) ip prefix-list sanity-check seq 65 deny 192.0.0.0/3 ge 25 # deny masks > 25 for class C (192-222) ip prefix-list sanity-check seq 70 deny 223.255.255.0/24 le 32 # deny anything in net 223 - IANA reserved ip prefix-list sanity-check seq 75 deny 224.0.0.0/3 le 32 # deny class D/Experimental © 2002, Cisco Systems, Inc. All rights reserved.
84
Summary for Deploying EBGP • Stability through: Aggregation/summary routes Inbound prefix-filtering and passwords Apply “sanity-check” and maximum-prefix feature to ISP peering.
• Scalability of memory/CPU: Three peer-groups for customers: Default, customer routes, full routes One peer group for ISP peers
• Simplicity using “standard” solutions © 2002, Cisco Systems, Inc. All rights reserved.
85
Session Summary 1 • Scalability: Use attributes, especially community Use peer groups and route reflectors
• Stability: Use loopback addresses for IBGP Generate aggregates/summary addresses Apply passwords Always filter inbound and outbound © 2002, Cisco Systems, Inc. All rights reserved.
86
Session Summary 2
• Simplicity—standard solutions: Three multihoming options Group customers into communities Apply standard policy at the edge Avoid “special configs” Script your config generation
© 2002, Cisco Systems, Inc. All rights reserved.
87
For Further Reference:
• BGP bestpath http://www.cisco.com/warp/public/459/25.shtml
• Case studies on www.cisco.com: http://www.cisco.com/warp/public/ 459/18.html
• www.cisco.com—search “BGP
© 2002, Cisco Systems, Inc. All rights reserved.
88
For Further Reference:
• Cisco Press: “Internet Routing Architectures” “Advanced IP Network Design” “Large-Scale IP Network Solutions”
• John Stewart, BGP4, Addison Wesley • Extra slides on BGP over simplex links
© 2002, Cisco Systems, Inc. All rights reserved.
89
RST-210 3025_05_2001_c1
© 2001, Cisco Systems, Inc. All rights reserved.
90
Related Documents
Deploying Bgp4 Teichtahl
December 2019 1
Deploying Bgp4 (rst-243)
December 2019 1
Deploying Ias
November 2019 12
Deploying Wins
November 2019 19
Deploying Dhcp
November 2019 9