SlideShare ist ein Scribd-Unternehmen logo

07.bgp

Juan Carlos Añazco Millar
Juan Carlos Añazco Millar
1 von 19
Downloaden Sie, um offline zu lesen
Implement an eBGP based solution, given a network design and a set of requirements Determine network resources needed for implementing eBGP on a network Create an eBGP implementation plan Create an eBGP verification plan Configure eBGP routing Verify eBGP solution was implemented properly using show and debug commands Document results of eBGP implementation and verification plan 1
Border Gateway Protocol Used to exchange routes/prefix between different autonomous systems (AS) Use TCP port 179 Require IGP, network can’t route with only BGP Only one process per router Need neighbors but doesn’t run on interfaces Neighbors doesn’t need to be directly connected iBGP: In the same AS (AD 200) eBGP: In different AS (AD 20) Hello 60 seconds / Dead 180 seconds BGP Autonomous System Set of routers under a unique technical administration AS range: Public: 1 – 64511 Private: 64512 – 65535 BGP Loop Prevention 2
Design of BGP, when to use it? Connection with multiple AS Implement complex routing When you are a transit AS Multihoming Connection to two different ISP’s via BGP Verify that your networks are correctly advertised Be careful not to become a transit AS Filter networks not originated from your AS Design of BGP, what routes should i receive? Only a default route Some routes plus a default Full routes (more than 200.000) Impact Memory CPU Route selection 3
BGP Messages OPEN KEEPALIVE UPDATE NOTIFICACION BGP Tables Neighbor table BGP table IP routing table BGP Neighbor States IDLE: Looking for neighbors CONNECT: TCP session complete ACTIVE: Trying to establishing a neighborship OPEN SENT: BGP open message has been sent OPEN CONFIRM: Response of an open message ESTABLISHED: Neighbor is up, routes exchange start 4
Network Topology Configuring Neighbors R4(config)#router eigrp 100 R4(config-router)#no auto-summary R4(config-router)#network 0.0.0.0 255.255.255.255 R4(config-router)#passive-interface fa0/0 R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 remote-as 100 R4(config-router)#neighbor 172.16.46.6 remote-as 200 R4(config-router)#network 1.1.1.1 mask 255.255.255.255 R4(config-router)#network 4.4.4.4 mask 255.255.255.255 R4(config-router)#network 10.14.0.0 mask 255.255.255.0 R6#show ip bgp neighbors 172.16.46.4 advertised-routes R6#show ip bgp summary R6#show ip bgp R6#debup ip packet detail 5
Loop Prevention iBGP learned routes can’t be advertised to another iBGP neighbor iBGP full mesh peerings Route Reflectors Confederations Full Mesh Route Reflectors Like the DR of OSPF No (n-1)/2 peering needed If route come from eBGP Advertise to eBGP, route-reflector-client, non-client If route come from route-reflector-client Advertise to eBGP, route-reflector-client, non-client If route come from non-client Advertise to eBGP, route-reflector-client 6
Route Reflectors RR R1(config)#router bgp 100 R1(config-router)#neighbor 10.14.0.4 route-reflector-client R1(config-router)#neighbor 10.13.0.2 route-reflector-client R1#sh ip bgp neighbors 10.13.0.2 Confederations Sub AS’s Usually Private AS’s Within a sub AS, route reflector can be used R1(config)#no router bgp 100 R1(config)#router bgp 65001 R1(config-router)#bgp confederation id 100 R1(config-router)#bgp confederation peers 65004 65035 R1(config-router)#neighbor 10.14.0.4 remote-as 65004 R1(config-router)#neighbor 10.13.0.2 remote-as 65035 7
Next Hop Processing eBGP change the next hop iBGP doesn’t change the next hop How to change the next hop: Static route Running a IGP Option ‘next-hop-self’ Via route-map Option ‘next-hop-self’ R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 next-hop-self Via Route Map R4(config)#route-map NEXTHOP permit 10 R4(config-route-map)#set ip next-hop 10.14.0.4 R4(config-router)#neighbor 10.14.0.1 route-map NEXTHOP out 8
Redistribution When you redistribute an IGP to BGP, BGP can propagate to another AS. Routing loops may occur because external IGP routes may be originated in another AS When redistributing from BGP to an IGP it could cause high CPU and memory usage, there are more than 200.000 routes in the internet Well see an example on ‘synchronization rule’ Update Source and Multihop By default the TCP packet is sent via the closest interface In some occasions it’s a good idea that the TCP packets are originated from another interface. eBGP must be directly connected, if not, use multihop R4(config)#neighbor 6.6.6.6 remote-as 200 R4(config)#neighbor 6.6.6.6 ebgp-multihop 255 R4(config)#neighbor 6.6.6.6 update-source Loopback0 R4(config)#ip route 6.6.6.6 255.255.255.255 172.16.46.6 9
Peer Groups Easier administration In occasions a more efficient way to configure BGP Lot of neighbors with the same configuration Locally significant R3(config)#router bgp 100 R3(config-router)#neighbor GROUP peer-group R3(config-router)#neighbor GROUP remote-as 100 R3(config-router)#neighbor GROUP route-reflector-client R3(config-router)#neighbor 10.35.0.5 peer-group GROUP Summarization Used in AS border Advertise a single route CPU Memory Cisco way says that is better to aggregate than redistribute static routes connected to null R4(config)#ip route 10.0.0.0 255.0.0.0 null 0 R4(config)#router bgp 100 R4(config-router)#network 10.0.0.0 mask 255.0.0.0 R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 or R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 summary-only 10
Authentication Only MD5 is supported Very little ISP’s wants to run authentication with its clients R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 password cisco Filter Access list Prefix list Route maps Access Lists Send only summary route to R6 R4(config)#access-list 10 permit 10.0.0.0 0.255.255.255 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 distribute-list 10 out Prefix Lists Send only summary route to R6 R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 prefix-list SUMMARY out 11
Route Maps Deny only summary route to R6 and permit all other routes R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8 R4(config)#route-map FILTER deny 10 R4(config-route-map)#match ip address prefix-list SUMMARY R4(config)#route-map FILTER permit 20 R4(config-router)#neighbor 172.16.46.6 route-map FILTER out What are BGP Attributes The BGP metric is not simple Attributes are ways that you can ‘tag’ incoming or outgoing BGP routes Some attributes are WELL KNOWN (everyone supports) while others are OPTIONAL Some attributes are MANDATORY (must be in the update) while others are DISCRETIONARY Some attributes are TRANSITIVE (travel from router to router) while others are NON-TRANSITIVE 12
‘WELL KNOW’ Attributes Autonomous system path AS_PATH (Mandatory) Next-hop-address (Mandatory) Origin (Mandatory) Local Preference (Discretionary) Atomic Aggregate (Discretionary) ‘OPTIONAL’ Attributes Aggregator (Transitive) Multi-exit Discriminator (Non-Transitive) BGP Path Selection 13
BGP Path Selection Influence BGP Path Select ion: Weight Influence the OUTBOUND traffic Apply INBOUND Local to the router Default value 0 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 weight 200 R4(config)#ip prefix-list LOOBACK2 permit 2.2.2.2/32 R4(config)#route-map WEIGHT permit 10 R4(config-route-map)#match ip address prefix-list LOOBACK2 R4(config-route-map)#set weight 200 R4(config)#route-map WEIGHT permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map WEIGHT in 14
Influence BGP Path Select ion: Local Preference Influence the OUTBOUND traffic Apply INBOUND Local to AS Default value 100 R4(config)#router bgp 100 R4(config-router)#bgp default local-preference 150 R4(config)#ip prefix-list LOOPBACK2 permit 2.2.2.2/32 R4(config)#route-map LOCAL_PREFERENCE permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK2 R4(config-route-map)#set local-preference 150 R4(config)#route-map LOCAL_PREFERENCE permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map LOCAL_PREFERENCE in Influence BGP Path Select ion: AS Path Influence the INBOUND traffic Apply OUTBOUND Shortest is better R4(config)#ip prefix-list LOOPBACK4 permit 4.4.4.4/32 R4(config)#route-map AS_PATH permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK4 R4(config-route-map)#set as-path prepend 100 100 100 100 R4(config)#route-map AS_PATH permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map AS_PATH out 15
Influence BGP Path Select ion: MED Influence the INBOUND traffic Apply OUTBOUND Only compare MED if prefix is advertised from two sources from the same AS, if not: (config-router)#bgp always-compare-med R3(config)#ip prefix-list LOOPBACK3 permit 3.3.3.3/32 R3(config)#route-map MED permit 10 R3(config-route-map)#match ip address prefix-list LOOPBACK3 R3(config-route-map)#set metric 2300418 R3(config)#route-map MED permit 100 R3(config)#router bgp 100 R3(config-router)#neighbor 172.16.32.2 route-map MED out R3(config-router)#default-metric x Synchronizat ion Rule Prevents traffic to be black holed Reduces traffic that will be drop / Ensure consistency Turn off when Redistribute BGP into IGP BGP is running in all routers of the AS ‘Routes learned via BGP must be validated by the interior routing table before they can be advertised to remote peers’ 16
Synchronizat ion Rule R3(config)#router bgp 100 R3(config-router)#synchronization R4(config)#router bgp 100 R4(config-router)#synchronization How to fix it 1. BGP running in all routers of the AS or 1. Turn off synchronization on R3 and R4 and: R4(config-router)#router eigrp 100 R4(config-router)#redistribute bgp 100 metric 1 1 1 1 1 Communities To tag routes in the BGP topology Consistent filtering in the AS domain se n d t ag r ou t es R5(config)#route-map COMMUNITY permit 10 R5(config-route-map)#set community 123456 local-AS R5(config)#router eigrp 100 R5(config-router)#no network 5.5.5.5 0.0.0.0 R5(config-router)#router bgp 100 R5(config-router)#network 5.5.5.5 mask 255.255.255.255 R5(config-router)#neighbor 10.35.0.3 route-map COMMUNITY out R5(config-router)#neighbor 10.35.0.3 send-community 17
Verifying and Troubleshooting BGP ACL blocking TCP 179 eBGP not directly connected, use multihop AS mismatch Troubleshooting R1#show ip bgp R1#show ip bgp summary R1#show ip neighbors R1#clear ip bgp * R1#clear ip bgp * in R1#clear ip bgp * out R1#debug ip bgp BGP Design Peer Review Implementation Plan Detail (configuration and notes) Based on the network topology, configuration of peers, route reflectors, filters BGP Implementation Peer Review Question that can be Asked Why route reflectors and no confederations? Possible Answers There is only one route reflector in the network, the solution is simple 18
07.bgp

Empfohlen

08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 2408 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24legasu zemene
 
Bgp 6 advanced transit as issues
Bgp 6 advanced transit as issuesBgp 6 advanced transit as issues
Bgp 6 advanced transit as issuesAuguste Behe
 
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26legasu zemene
 
Bgp For Presentation
Bgp For PresentationBgp For Presentation
Bgp For PresentationAlp isik
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)KHNOG
 
Per VRF tunnel Seclection IOS-XR
Per VRF tunnel Seclection IOS-XRPer VRF tunnel Seclection IOS-XR
Per VRF tunnel Seclection IOS-XRGoerge Micheal Gerges
 
Bgp Toc
Bgp TocBgp Toc
Bgp Tocbigb0206
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGPPrivate
 

Empfohlen

08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 2408 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24
08 ip oc304 2_e1_1 zxr10 m6000 bgp configuration 24legasu zemene
 
Bgp 6 advanced transit as issues
Bgp 6 advanced transit as issuesBgp 6 advanced transit as issues
Bgp 6 advanced transit as issuesAuguste Behe
 
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26legasu zemene
 
Bgp For Presentation
Bgp For PresentationBgp For Presentation
Bgp For PresentationAlp isik
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)KHNOG
 
Per VRF tunnel Seclection IOS-XR
Per VRF tunnel Seclection IOS-XRPer VRF tunnel Seclection IOS-XR
Per VRF tunnel Seclection IOS-XRGoerge Micheal Gerges
 
Bgp Toc
Bgp TocBgp Toc
Bgp Tocbigb0206
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGPPrivate
 
Inter as vpn option c
Inter as vpn option c Inter as vpn option c
Inter as vpn option c Goerge Micheal Gerges
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.ripfarhanica
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring ProtocolBertrand Duvivier
 
CCNP Lab Guide CCIE University
CCNP Lab Guide CCIE UniversityCCNP Lab Guide CCIE University
CCNP Lab Guide CCIE UniversitySalachudin Emir
 
Ccnpswitch
CcnpswitchCcnpswitch
CcnpswitchSiddhartha Rajbhatt
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPROIDEA
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
BGP
BGPBGP
BGPKHNOG
 
Juniper Bgp
Juniper BgpJuniper Bgp
Juniper BgpHussein Elmenshawy
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notesKrunal Shah
 
Cisco vs juniper
Cisco vs juniperCisco vs juniper
Cisco vs juniperElshaday Gelaye
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsAlejandro Marin
 
EBGP MultiHop
EBGP MultiHopEBGP MultiHop
EBGP MultiHopNetProtocol Xpert
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop materialKae Hsu
 
Ccna command
Ccna commandCcna command
Ccna commandSiddhartha Rajbhatt
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source NetProtocol Xpert
 
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPFirst Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPIT Tech
 
First hop redundancy
First hop redundancyFirst hop redundancy
First hop redundancyMohamed Gamel
 
Dynamic routing OSPF 1
Dynamic routing OSPF 1Dynamic routing OSPF 1
Dynamic routing OSPF 1Kishore Kumar
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocolSmriti Tikoo
 
Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Networks
 
bgp features presentation routing protocle
bgp features presentation routing protoclebgp features presentation routing protocle
bgp features presentation routing protocleBadr Belhajja
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.ripfarhanica
 
CCNP Lab Guide CCIE University
CCNP Lab Guide CCIE UniversityCCNP Lab Guide CCIE University
CCNP Lab Guide CCIE UniversitySalachudin Emir
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPROIDEA
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsAlejandro Marin
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop materialKae Hsu
 
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPFirst Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPIT Tech
 
First hop redundancy
First hop redundancyFirst hop redundancy
First hop redundancyMohamed Gamel
 
Dynamic routing OSPF 1
Dynamic routing OSPF 1Dynamic routing OSPF 1
Dynamic routing OSPF 1Kishore Kumar
 

Was ist angesagt? (20)

Inter as vpn option c
Inter as vpn option c Inter as vpn option c
Inter as vpn option c
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
 
CCNP Lab Guide CCIE University
CCNP Lab Guide CCIE UniversityCCNP Lab Guide CCIE University
CCNP Lab Guide CCIE University
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to hero
 
BGP
BGPBGP
BGP
 
Juniper Bgp
Juniper BgpJuniper Bgp
Juniper Bgp
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
Cisco vs juniper
Cisco vs juniperCisco vs juniper
Cisco vs juniper
 
IOS Cisco - Cheat sheets
IOS Cisco - Cheat sheetsIOS Cisco - Cheat sheets
IOS Cisco - Cheat sheets
 
EBGP MultiHop
EBGP MultiHopEBGP MultiHop
EBGP MultiHop
 
4 byte AS number workshop material
4 byte AS number workshop material4 byte AS number workshop material
4 byte AS number workshop material
 
Ccna command
Ccna commandCcna command
Ccna command
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source
 
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPFirst Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
 
First hop redundancy
First hop redundancyFirst hop redundancy
First hop redundancy
 
Dynamic routing OSPF 1
Dynamic routing OSPF 1Dynamic routing OSPF 1
Dynamic routing OSPF 1
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 

Ähnlich wie 07.bgp

bgp features presentation routing protocle
bgp features presentation routing protoclebgp features presentation routing protocle
bgp features presentation routing protocleBadr Belhajja
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccnarobertoxe
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfGhulamIbneGhulam
 
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...PROIDEA
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
CCNP Route 642 902 BGP
CCNP Route 642 902 BGPCCNP Route 642 902 BGP
CCNP Route 642 902 BGPIT Tech
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikKHNOG
 

Ähnlich wie 07.bgp (20)

Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Linux 2.5.3
Cumulus Linux 2.5.3
 
bgp features presentation routing protocle
bgp features presentation routing protoclebgp features presentation routing protocle
bgp features presentation routing protocle
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
 
Bgp
BgpBgp
Bgp
 
Bgp
BgpBgp
Bgp
 
Bgp
BgpBgp
Bgp
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdf
 
BGP
BGP BGP
BGP
 
Bgp attribute-case study
Bgp attribute-case studyBgp attribute-case study
Bgp attribute-case study
 
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...
PLNOG 6: Rafał Szarecki - Routing w Sieci - Praktyczne aspekty implementacji ...
 
B G P Part2
B G P Part2B G P Part2
B G P Part2
 
B G P Part2
B G P Part2B G P Part2
B G P Part2
 
Bgp
BgpBgp
Bgp
 
Eigrp
EigrpEigrp
Eigrp
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
CCNP Route 642 902 BGP
CCNP Route 642 902 BGPCCNP Route 642 902 BGP
CCNP Route 642 902 BGP
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 

07.bgp

  • 1. Implement an eBGP based solution, given a network design and a set of requirements Determine network resources needed for implementing eBGP on a network Create an eBGP implementation plan Create an eBGP verification plan Configure eBGP routing Verify eBGP solution was implemented properly using show and debug commands Document results of eBGP implementation and verification plan 1
  • 2. Border Gateway Protocol Used to exchange routes/prefix between different autonomous systems (AS) Use TCP port 179 Require IGP, network can’t route with only BGP Only one process per router Need neighbors but doesn’t run on interfaces Neighbors doesn’t need to be directly connected iBGP: In the same AS (AD 200) eBGP: In different AS (AD 20) Hello 60 seconds / Dead 180 seconds BGP Autonomous System Set of routers under a unique technical administration AS range: Public: 1 – 64511 Private: 64512 – 65535 BGP Loop Prevention 2
  • 3. Design of BGP, when to use it? Connection with multiple AS Implement complex routing When you are a transit AS Multihoming Connection to two different ISP’s via BGP Verify that your networks are correctly advertised Be careful not to become a transit AS Filter networks not originated from your AS Design of BGP, what routes should i receive? Only a default route Some routes plus a default Full routes (more than 200.000) Impact Memory CPU Route selection 3
  • 4. BGP Messages OPEN KEEPALIVE UPDATE NOTIFICACION BGP Tables Neighbor table BGP table IP routing table BGP Neighbor States IDLE: Looking for neighbors CONNECT: TCP session complete ACTIVE: Trying to establishing a neighborship OPEN SENT: BGP open message has been sent OPEN CONFIRM: Response of an open message ESTABLISHED: Neighbor is up, routes exchange start 4
  • 5. Network Topology Configuring Neighbors R4(config)#router eigrp 100 R4(config-router)#no auto-summary R4(config-router)#network 0.0.0.0 255.255.255.255 R4(config-router)#passive-interface fa0/0 R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 remote-as 100 R4(config-router)#neighbor 172.16.46.6 remote-as 200 R4(config-router)#network 1.1.1.1 mask 255.255.255.255 R4(config-router)#network 4.4.4.4 mask 255.255.255.255 R4(config-router)#network 10.14.0.0 mask 255.255.255.0 R6#show ip bgp neighbors 172.16.46.4 advertised-routes R6#show ip bgp summary R6#show ip bgp R6#debup ip packet detail 5
  • 6. Loop Prevention iBGP learned routes can’t be advertised to another iBGP neighbor iBGP full mesh peerings Route Reflectors Confederations Full Mesh Route Reflectors Like the DR of OSPF No (n-1)/2 peering needed If route come from eBGP Advertise to eBGP, route-reflector-client, non-client If route come from route-reflector-client Advertise to eBGP, route-reflector-client, non-client If route come from non-client Advertise to eBGP, route-reflector-client 6
  • 7. Route Reflectors RR R1(config)#router bgp 100 R1(config-router)#neighbor 10.14.0.4 route-reflector-client R1(config-router)#neighbor 10.13.0.2 route-reflector-client R1#sh ip bgp neighbors 10.13.0.2 Confederations Sub AS’s Usually Private AS’s Within a sub AS, route reflector can be used R1(config)#no router bgp 100 R1(config)#router bgp 65001 R1(config-router)#bgp confederation id 100 R1(config-router)#bgp confederation peers 65004 65035 R1(config-router)#neighbor 10.14.0.4 remote-as 65004 R1(config-router)#neighbor 10.13.0.2 remote-as 65035 7
  • 8. Next Hop Processing eBGP change the next hop iBGP doesn’t change the next hop How to change the next hop: Static route Running a IGP Option ‘next-hop-self’ Via route-map Option ‘next-hop-self’ R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 next-hop-self Via Route Map R4(config)#route-map NEXTHOP permit 10 R4(config-route-map)#set ip next-hop 10.14.0.4 R4(config-router)#neighbor 10.14.0.1 route-map NEXTHOP out 8
  • 9. Redistribution When you redistribute an IGP to BGP, BGP can propagate to another AS. Routing loops may occur because external IGP routes may be originated in another AS When redistributing from BGP to an IGP it could cause high CPU and memory usage, there are more than 200.000 routes in the internet Well see an example on ‘synchronization rule’ Update Source and Multihop By default the TCP packet is sent via the closest interface In some occasions it’s a good idea that the TCP packets are originated from another interface. eBGP must be directly connected, if not, use multihop R4(config)#neighbor 6.6.6.6 remote-as 200 R4(config)#neighbor 6.6.6.6 ebgp-multihop 255 R4(config)#neighbor 6.6.6.6 update-source Loopback0 R4(config)#ip route 6.6.6.6 255.255.255.255 172.16.46.6 9
  • 10. Peer Groups Easier administration In occasions a more efficient way to configure BGP Lot of neighbors with the same configuration Locally significant R3(config)#router bgp 100 R3(config-router)#neighbor GROUP peer-group R3(config-router)#neighbor GROUP remote-as 100 R3(config-router)#neighbor GROUP route-reflector-client R3(config-router)#neighbor 10.35.0.5 peer-group GROUP Summarization Used in AS border Advertise a single route CPU Memory Cisco way says that is better to aggregate than redistribute static routes connected to null R4(config)#ip route 10.0.0.0 255.0.0.0 null 0 R4(config)#router bgp 100 R4(config-router)#network 10.0.0.0 mask 255.0.0.0 R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 or R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 summary-only 10
  • 11. Authentication Only MD5 is supported Very little ISP’s wants to run authentication with its clients R4(config)#router bgp 100 R4(config-router)#neighbor 10.14.0.1 password cisco Filter Access list Prefix list Route maps Access Lists Send only summary route to R6 R4(config)#access-list 10 permit 10.0.0.0 0.255.255.255 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 distribute-list 10 out Prefix Lists Send only summary route to R6 R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 prefix-list SUMMARY out 11
  • 12. Route Maps Deny only summary route to R6 and permit all other routes R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8 R4(config)#route-map FILTER deny 10 R4(config-route-map)#match ip address prefix-list SUMMARY R4(config)#route-map FILTER permit 20 R4(config-router)#neighbor 172.16.46.6 route-map FILTER out What are BGP Attributes The BGP metric is not simple Attributes are ways that you can ‘tag’ incoming or outgoing BGP routes Some attributes are WELL KNOWN (everyone supports) while others are OPTIONAL Some attributes are MANDATORY (must be in the update) while others are DISCRETIONARY Some attributes are TRANSITIVE (travel from router to router) while others are NON-TRANSITIVE 12
  • 13. ‘WELL KNOW’ Attributes Autonomous system path AS_PATH (Mandatory) Next-hop-address (Mandatory) Origin (Mandatory) Local Preference (Discretionary) Atomic Aggregate (Discretionary) ‘OPTIONAL’ Attributes Aggregator (Transitive) Multi-exit Discriminator (Non-Transitive) BGP Path Selection 13
  • 14. BGP Path Selection Influence BGP Path Select ion: Weight Influence the OUTBOUND traffic Apply INBOUND Local to the router Default value 0 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 weight 200 R4(config)#ip prefix-list LOOBACK2 permit 2.2.2.2/32 R4(config)#route-map WEIGHT permit 10 R4(config-route-map)#match ip address prefix-list LOOBACK2 R4(config-route-map)#set weight 200 R4(config)#route-map WEIGHT permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map WEIGHT in 14
  • 15. Influence BGP Path Select ion: Local Preference Influence the OUTBOUND traffic Apply INBOUND Local to AS Default value 100 R4(config)#router bgp 100 R4(config-router)#bgp default local-preference 150 R4(config)#ip prefix-list LOOPBACK2 permit 2.2.2.2/32 R4(config)#route-map LOCAL_PREFERENCE permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK2 R4(config-route-map)#set local-preference 150 R4(config)#route-map LOCAL_PREFERENCE permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map LOCAL_PREFERENCE in Influence BGP Path Select ion: AS Path Influence the INBOUND traffic Apply OUTBOUND Shortest is better R4(config)#ip prefix-list LOOPBACK4 permit 4.4.4.4/32 R4(config)#route-map AS_PATH permit 10 R4(config-route-map)#match ip address prefix-list LOOPBACK4 R4(config-route-map)#set as-path prepend 100 100 100 100 R4(config)#route-map AS_PATH permit 100 R4(config)#router bgp 100 R4(config-router)#neighbor 172.16.46.6 route-map AS_PATH out 15
  • 16. Influence BGP Path Select ion: MED Influence the INBOUND traffic Apply OUTBOUND Only compare MED if prefix is advertised from two sources from the same AS, if not: (config-router)#bgp always-compare-med R3(config)#ip prefix-list LOOPBACK3 permit 3.3.3.3/32 R3(config)#route-map MED permit 10 R3(config-route-map)#match ip address prefix-list LOOPBACK3 R3(config-route-map)#set metric 2300418 R3(config)#route-map MED permit 100 R3(config)#router bgp 100 R3(config-router)#neighbor 172.16.32.2 route-map MED out R3(config-router)#default-metric x Synchronizat ion Rule Prevents traffic to be black holed Reduces traffic that will be drop / Ensure consistency Turn off when Redistribute BGP into IGP BGP is running in all routers of the AS ‘Routes learned via BGP must be validated by the interior routing table before they can be advertised to remote peers’ 16
  • 17. Synchronizat ion Rule R3(config)#router bgp 100 R3(config-router)#synchronization R4(config)#router bgp 100 R4(config-router)#synchronization How to fix it 1. BGP running in all routers of the AS or 1. Turn off synchronization on R3 and R4 and: R4(config-router)#router eigrp 100 R4(config-router)#redistribute bgp 100 metric 1 1 1 1 1 Communities To tag routes in the BGP topology Consistent filtering in the AS domain se n d t ag r ou t es R5(config)#route-map COMMUNITY permit 10 R5(config-route-map)#set community 123456 local-AS R5(config)#router eigrp 100 R5(config-router)#no network 5.5.5.5 0.0.0.0 R5(config-router)#router bgp 100 R5(config-router)#network 5.5.5.5 mask 255.255.255.255 R5(config-router)#neighbor 10.35.0.3 route-map COMMUNITY out R5(config-router)#neighbor 10.35.0.3 send-community 17
  • 18. Verifying and Troubleshooting BGP ACL blocking TCP 179 eBGP not directly connected, use multihop AS mismatch Troubleshooting R1#show ip bgp R1#show ip bgp summary R1#show ip neighbors R1#clear ip bgp * R1#clear ip bgp * in R1#clear ip bgp * out R1#debug ip bgp BGP Design Peer Review Implementation Plan Detail (configuration and notes) Based on the network topology, configuration of peers, route reflectors, filters BGP Implementation Peer Review Question that can be Asked Why route reflectors and no confederations? Possible Answers There is only one route reflector in the network, the solution is simple 18