You are on page 1of 90

RST-210

3025_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 1


Deploying BGP4
Marc Teichtahl
Consulting Engineer – EMEA PTT2

© 2001, Cisco Systems, Inc. All rights reserved.


3
Contacts

• Speaker: Marc Teichtahl


(mteichta@cisco.com)

• Slides will be available at the networks


URL

© 2002, Cisco Systems, Inc. All rights reserved.


4
Prerequisites

• Understand how BGP scales Internet


routing by connecting ISPs with globally
unique AS numbers
• Understand need for stable BGP
advertisement (ie BGP dampening)
• Understand difference between BGP
external and internal BGP
• Basic protocol knowledge: TCP port
179—incremental updates

© 2002, Cisco Systems, Inc. All rights reserved.


5
Prerequisites

• Understand BGP attributes: ASPATH,


NEXT_HOP, MED, LOCAL_PREF—allow
routing policy via route-map.
• Understand the bestpath decision
algorithm
• Know why to turn off synchronisation
and auto-summary!

© 2002, Cisco Systems, Inc. All rights reserved.


6
Overview

• Protocol Overview
• Using BGP Attributes
• Deploying IBGP
• Deploying EBGP
Connecting to an ISP
Being an ISP
• Focus on Stability, Scalability, and Configuration
Templates

© 2002, Cisco Systems, Inc. All rights reserved.


7
Complex Network Scalability

Network routing architectures should focus on being

Scalable
Stable
Simple

© 2002, Cisco Systems, Inc. All rights reserved.


8
BGP Review
What Is it? Why Use it?

© 2001, Cisco Systems, Inc. All rights reserved.


9
Basic to Basics
Peering

A C

AS 100 AS 101
B D

• Runs over TCP—port 179 E

• Path vector protocol


AS 102
• Incremental updates
• “Internal” and “External” BGP

© 2002, Cisco Systems, Inc. All rights reserved.


10
General Operation

• Learns multiple paths via internal


and external BGP speakers
• Picks THE “bestpath”, installs it in
the IP forwarding table, forwards to EBGP
neighbors (not IBGP)
• Policies are applied by influencing the
bestpath selection
– Policy tools include local-pref, communities, MED, etc

© 2002, Cisco Systems, Inc. All rights reserved.


11
BGP Sessions—TCP Port 179,
4 Basic Message Types

4 BGP Messages control the opening,


updates, withdrawals and BGP sessions
maintenance.

© 2002, Cisco Systems, Inc. All rights reserved.


12
BGP Sessions - Control
1: OPEN MESSAGE
Exchange AS, router ID, holdtime
Capability negotiation
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Version (1 bytes)
My Auto. System (2 bytes)
Hold Time (2 bytes)
BGP Identifier (4 bytes)
Opt. Parm. Len. (1)

Optional Parameters (as specified above)

© 2002, Cisco Systems, Inc. All rights reserved.


13
BGP Sessions - Control
2: NOTIFICATION
Example: “peer in wrong AS”
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error code | Error subcode | Data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 = HRD Error, 2 = OPEN Error, 3= UPDATE Error
4 = Hold Time Expired, 5 = FSM Error, 6 = Cease

© 2002, Cisco Systems, Inc. All rights reserved.


14
BGP Sessions - Control

3: KEEPALIVE—when no updates

These keepalives ensure that the BGP neighbour relationship


Is maintained and not the TCP level connectivity

© 2002, Cisco Systems, Inc. All rights reserved.


15
BGP Sessions - Control
4: UPDATES (incremental)
+-----------------------------------------------------+
| Unfeasible Routes Length (2 octets) |
+-----------------------------------------------------+
| Withdrawn Routes (variable) |
+-----------------------------------------------------+
| Total Path Attribute Length (2 octets) |
+-----------------------------------------------------+
| Path Attributes (variable) |
+-----------------------------------------------------+
| Network Layer Reachability Information (variable) |
+-----------------------------------------------------+

0 1 +---------------------------+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | Length (1 octet) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +---------------------------+
| Attr. Flags |Attr. Type Code| | Prefix (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +---------------------------+

© 2002, Cisco Systems, Inc. All rights reserved.


16
BGP Routing Policy

• Defines in technical terms your business


rules
– Default to provider X
– Select paths according to cost/reliability
– Use path Y for Backup
• Tools to achieve this policy are the BGP
attribute tools

© 2002, Cisco Systems, Inc. All rights reserved.


17
BGP Attributes—Tools for Routing Policy

1: ORIGIN 7: AGGREGATOR
2: AS-PATH 8: COMMUNITY
3: NEXT-HOP 9: ORIGINATOR_ID
4: MED 10: CLUSTER_LIST
5: LOCAL_PREF 14: MP_REACH_NLRI
6: ATOMIC_AGGREGATE 15: MP_UNREACH_NLRI

We will only focus on the yellow items today

© 2002, Cisco Systems, Inc. All rights reserved.


18
Why Use BGP ?

• You need to scale your IGP


• You’re a multihomed ISP customer
• You need to transit full Internet routes

© 2002, Cisco Systems, Inc. All rights reserved.


19
Deploying BGP

© 2001, Cisco Systems, Inc. All rights reserved.


20
BGP Template—BGP Global Settings

router bgp 1
bgp deterministic-med
no synchronisation
no auto-summary

For BGP config templates from now on, I’ll


assume you’ve already done this!

© 2002, Cisco Systems, Inc. All rights reserved.


21
Deploying Internal BGP
Loopbacks, Peer-Groups, Route Reflectors and Confederations

© 2001, Cisco Systems, Inc. All rights reserved.


22
Guidelines for Stable IBGP
• IBGP peer using loopback addresses
neighbor { ip address | peer-group}
update-source loopback0
• Independent of physical
interface failure
– TCP carries our BGP information
– Loopbacks reachable via IGP
• IGP/CEF performs any load-sharing
• IBGP only—use on RR clients with care!!!
© 2002, Cisco Systems, Inc. All rights reserved.
23
Peering with Loopbacks

Without Loopbacks, the TCP


Session Is Always
Sourced from the IP Address
A B
of the Outbound Interface—
Which Can Go Down!

• Configuration:
Router A 1.0.1.1 1.0.1.2
router bgp 1
neighbor 1.0.1.1 remote-as 1 If Redundant Paths Exist,
Router B Use Loopback Interfaces
router bgp 1 to Establish the Session
neighbor 1.0.1.2 remote-as 1

© 2002, Cisco Systems, Inc. All rights reserved.


24
Guidelines for Scaling IBGP

• Carry only next-hops in IGP


Aggregation at IGP level can be dangerous
• Carry full routes in BGP only
if necessary
Important at peering points
MPLS does not have this concern
• Do not redistribute BGP into IGP
• Use peer groups and RRs

© 2002, Cisco Systems, Inc. All rights reserved.


25
BGP Template—IBGP Peers

IBGP Peer Group AS1


router bgp 1
neighbor internal peer-group
neighbor internal description ibgp peers
neighbor internal remote-as 1
neighbor internal update-source Loopback0
neighbor internal next-hop-self
neighbor internal send-community
neighbor internal version 4
neighbor internal password 7 03085A09
neighbor 1.0.0.1 peer-group internal
neighbor 1.0.0.2 peer-group internal
© 2002, Cisco Systems, Inc. All rights reserved.
26
What Is a Peer Group?

• Simplifies configuration
• All peer-group members have
a common outbound policy
• Updates generated once per peer group
Update replication efficiency
• Members can have different
inbound policy
Differing outbound policies will negate the value of the
peer-group and lower update replication efficiency

© 2002, Cisco Systems, Inc. All rights reserved.


27
Why Route Reflectors?

Avoid n(n-1)/2 iBGP Mesh

13 Routers =>
78 IBGP
Sessions
total
n=1000 => Nearly
Half a Million
iBGP Sessions!

© 2002, Cisco Systems, Inc. All rights reserved.


28
Using Route Reflectors

Backbone
RR
RRC RR

RR RRC
Cluster A RRC
RR
RR
Cluster C
Golden Rule Cluster B
of RR Loop Avoidance:
“RR Topology Should Follow RRC
Physical Topology”
RR
=> Be Careful with Loopback Peering!!!!
Cluster D
© 2002, Cisco Systems, Inc. All rights reserved.
29
Route Reflectors

• Provide additional control to allow


router to advertise (reflect) iBGP
learned routes to other iBGP peers
Method to reduce the size of the iBGP mesh
• Normal BGP speakers can coexist
Only the RR has to support this feature
neighbor x.x.x.x route-reflector-client
• Route reflector clients receive the “best” route
as seen by the RR – Beware this may not always
be the best route for the client

© 2002, Cisco Systems, Inc. All rights reserved.


30
Route Reflectors—Terminology

Non-client Route Reflector

Clusters
Clients Clients
Lines Represent Both Physical Links and BGP Logical Connections
© 2002, Cisco Systems, Inc. All rights reserved.
31
Route Reflectors—Terminology (Cont.)

• Route reflector
Router that reflects the iBGP information
• Client
Routers between which the RR reflects updates (may
be fully meshed among themselves)
• Cluster
Set of one or more RRs and their clients
(may overlap)
• Non-client
iBGP neighbour outside the cluster

© 2002, Cisco Systems, Inc. All rights reserved.


32
What Is a Route Reflector?

• Reflector receives path from clients and


non clients
• If best path is from a client, reflect to
clients and non-clients
• If best path is from a non-client, reflect
to clients

© 2002, Cisco Systems, Inc. All rights reserved.


33
Route Reflectors—Hierarchy

• Clusters may be
configured hierarchically
RRs in a cluster are clients
of RRs in a higher level Level 1
Provides a
“natural”
method to limit routing Level 2
information sent to lower
levels
Beware of segmenting the
BGP layers

© 2002, Cisco Systems, Inc. All rights reserved.


34
Deploying Route Reflectors

• Divide backbone into multiple clusters


• Each cluster contains at least one
RR; Clients can peer with RRs in other clusters
for redundancy
• RRs are fully meshed via IBGP
• Still use single IGP—next-hop unmodified by RR;
unless via explicit inbound route-map

© 2002, Cisco Systems, Inc. All rights reserved.


35
Route Reflectors—Migration

• Where to place the route reflectors?


Follow the physical topology!
This will guarantee that the packet forwarding
won’t be affected
• Configure one RR at a time
Eliminate redundant iBGP sessions
Place one RR per cluster

© 2002, Cisco Systems, Inc. All rights reserved.


36
BGP Template: Peer-Group for RR Clients
router bgp 1
Will this Break the
neighbor rr-client peer-group “Golden Rule”

neighbor rr-client description RR clients


neighbor rr-client remote-as 1
neighbor rr-client update-source Loopback0
neighbor rr-client route-reflector-client
neighbor rr-client next-hop-self This Line on RRs
Only RRCs Use
neighbor rr-client send-community Still Use Internal
Peer Group
neighbor rr-client version 4
neighbor rr-client password 7 03085A09
neighbor 10.0.1.1 peer-group rr-client
neighbor 10.0.1.2 peer-group rr-client
© 2002, Cisco Systems, Inc. All rights reserved.
37
RR Specific BGP Attributes

Router id
RR
1.3.1.1

1.4.1.1 RRC Router id


A 1.2.1.1
RR
• Example: C
RRC
RouterB>sh ip bgp 3.0.0.0 B Router id D
BGP routing table entry for 3.0.0.0/8 1.1.1.1
3
1.0.1.2 from 1.4.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best

Originator: 1.1.1.1 1.0.1.2


Cluster list: 1.3.1.1, 1.2.1.1
AS3
3.0.0.0

© 2002, Cisco Systems, Inc. All rights reserved.


38
BGP Attributes: ORIGINATOR_ID

• ORIGINATOR_ID
Router ID of IBGP speaker that injects
route into AS—applied by RR
• Useful for troubleshooting and
loop detection

© 2002, Cisco Systems, Inc. All rights reserved.


39
BGP Attributes: CLUSTER_LIST

• CLUSTER_LIST
String of CLUSTER_IDs through which the
route has passed
• Usually CLUSTER_ID=ROUTER_ID
• Overridden by: bgp cluster-id x.x.x.x—but
remember: don’t do this!!!!
• Useful for troubleshooting and
loop detection

© 2002, Cisco Systems, Inc. All rights reserved.


40
Route Reflectors—Redundancy

• Multiple RRs can be configured in the


same cluster—but we now advise
against this
Other RRs in the same cluster should
be treated as iBGP peers (non-clients)
All RRs in the cluster must have the same
cluster-id
• A router may be a client for RRs
in different clusters

© 2002, Cisco Systems, Inc. All rights reserved.


41
Route Reflectors—Results

• Number of neighbors is reduced


No need for full iBGP mesh
• Number of routes propagated is reduced
Each RR advertises only the best path
to its clients
• Stability and scalability are achieved!

© 2002, Cisco Systems, Inc. All rights reserved.


42
Confederations

• Divide the AS into sub-AS


eBGP between sub-AS, but some iBGP
information is kept
Preserve NEXT_HOP across the
sub-AS (IGP carries this information)
Preserve LOCAL_PREF and MED
• Usually a single IGP

© 2002, Cisco Systems, Inc. All rights reserved.


43
Confederations (Cont.)

• Visible to outside world as single AS—


“Confederation Identifier”
Each sub-AS uses a number from the
private space
• iBGP speakers in sub-AS are
fully meshed
The total number of neighbors is reduced by
limiting the full mesh requirement to only the
peers in the sub-AS

© 2002, Cisco Systems, Inc. All rights reserved.


44
Confederations (Cont.)

Sub-AS
65530

AS 2

B Sub-AS
65531
Sub-AS
65532

• Configuration (rtr B):


router bgp 65532
confederation identifier 2
bgp confederation peers 65530 65531
neighbor 141.153.12.1 remote-as 65530
neighbor 141.153.17.2 remote-as 65531

© 2002, Cisco Systems, Inc. All rights reserved.


45
Route Propagation Decisions

• Same as with “normal” BGP:


From peer in same sub-AS → only to
external peers (eBGP rules)
From external peers → to all neighbors (iBGP rules)
• “External peers” refers to
Peers outside the confederation
Peers in a different sub-AS
Preserve LOCAL_PREF, MED and NEXT_HOP

© 2002, Cisco Systems, Inc. All rights reserved.


46
Confederations (Cont.)

• Example (cont.):
BGP table version is 78, local router ID is 141.153.17.1
Status codes: s suppressed, d damped, h history,
* valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 141.153.14.3 0 100 0 (65531) 1 i
*> 141.153.0.0 141.153.30.2 0 100 0 (65530) i
*> 144.10.0.0 141.153.12.1 0 100 0 (65530) i
*> 199.10.10.0 141.153.29.2 0 100 0 (65530) 1 i

© 2002, Cisco Systems, Inc. All rights reserved.


47
RRs or Confederations

Internet Multi-Level Policy Migration


Scalability
Connectivity Hierarchy Control Complexity

Anywhere
Medium
Confederations In the Yes Yes Medium
To High
Network

Route Anywhere
Reflectors In the Yes Yes Very High Very Low
Network

© 2002, Cisco Systems, Inc. All rights reserved.


48
More Points about Confeds

• Can assist in “absorbing” other ISPs into


you ISP
If one ISP buys another (can use local-as
feature to do a similar thing)
• You can use route-reflectors within
confederation sub-as
Reduce the sub-as ibgp mesh

© 2002, Cisco Systems, Inc. All rights reserved.


49
So Far…

• Is IBGP peering Stable?


Use loopbacks for peering
• Will it Scale?
Use peer groups
Use route reflectors
• Simple, hierarchical config?

© 2002, Cisco Systems, Inc. All rights reserved.


50
COMMUNITIES
They’re for Everyone!

© 2001, Cisco Systems, Inc. All rights reserved.


51
Problem: Scale Routing Policy
Solution: COMMUNITY

• NOT in decision algorithm


• BGP route can be a member of many
communities
• Typical communities:
Destinations learned from customers
Destinations learned from ISPs or peers
Destinations in VPN—BGP community is fundamental
to the operation of BGP VPNs (rfc2547)

© 2002, Cisco Systems, Inc. All rights reserved.


52
Problem: Scale Routing Policy
Solution: COMMUNITY

Communities:
1:100—Customer Routes
1:80— ISP Routes ISP 2

ISP 1

ISP 3 ISP 4

0.0.0.0

Customer 1 Customer 2
(no Default, (Uses Default,
Wants Full Routes) Wants Your Routes)

© 2002, Cisco Systems, Inc. All rights reserved.


53
Problem: Scale Routing Policy
Solution: COMMUNITY

Communities: Set Community


1:100—Customer Routes 1:80
1:80— ISP Routes ISP 2

ISP 1 Match Community


1:100

Match Community
1:100 1:80 Match Community
ISP 3 1:100 ISP 4

Set Community 0.0.0.0


1:100

Customer 1 Customer 2
(no Default, (Uses Default,
Wants Full Routes) Wants Your Routes)

© 2002, Cisco Systems, Inc. All rights reserved.


54
BGP Attributes: COMMUNITY

• Activated per neighbor/peer-group:


neighbor {peer-address | peer-group-name}
send-community
• Carried across AS boundaries
• Common convention is string
of four bytes: <AS>:[0-65536]
32 AS address space in coming

© 2002, Cisco Systems, Inc. All rights reserved.


55
BGP Attributes: COMMUNITY (Cont.)
• Each destination can be a member of
multiple communities
• Using a route-map: set community
<1-4294967295> community number
aa:nn community number in aa:nn format
additive Add to the existing community
none No community attribute
local-AS Do not send to EBGP peers (well-known
community)
no-advertise Do not advertise to any peer (well-known
community)
no-export Do not export outside AS/confed (well-known
community)

© 2002, Cisco Systems, Inc. All rights reserved.


56
Community Filters

• Filter based on Community Strings


ip community-list <1-99> [permit|deny] comm
ip community-list <100-199> [permit|deny] regexp

• Per neighbor
Inbound or outbound route-maps
match community <number> [exact-match]
exact match only for standard lists

© 2002, Cisco Systems, Inc. All rights reserved.


57
Community Filters

• Example 1:
Mark some prefixes as part of the 1:120 community (+remove existing
community!)
• Configuration:
router bgp 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 send-community
neighbor 10.0.0.1 route-map set_community out
!
route-map set_community 10 permit
match ip address 1
set community 1:120
!
access-list 1 permit 10.10.0.0 0.0.255.255

© 2002, Cisco Systems, Inc. All rights reserved.


58
Community Filters

• Example 2:
Set LOCAL_PREF depending on the community that the prefix belongs to.
• Configuration:
router bgp 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 route-map filter_on_community in
!
route-map filter_on_community 10 permit
match community 1
set local-preference 150
!
ip community-list 1 permit 2:150

© 2002, Cisco Systems, Inc. All rights reserved.


59
Regular Expression Syntax—URL

• Overview of IOS regular expression


syntax:
http://www.cisco.com/univercd/cc/td/doc/prod
uct/software/ios11/arbook/arapptrn.htm

© 2002, Cisco Systems, Inc. All rights reserved.


60
Deploying External BGP
for ISPs
Route Aggregation, Customer Aggregation, NAPs

© 2001, Cisco Systems, Inc. All rights reserved.


61
ISP EBGP Tasks

• Configure stable aggregates


• Scale BGP customer aggregation
• Offer a choice of route-feeds
• Peer with other providers
• Provide a backup service

© 2002, Cisco Systems, Inc. All rights reserved.


62
What Is Aggregation?

• Summarisation based on specifics from


the BGP routing table
10.60.1.0 255.255.255.0
10.60.2.0 255.255.255.240
Aggregate would be 10.60.0.0 255.255.0.0

© 2002, Cisco Systems, Inc. All rights reserved.


63
How to Aggregate

• aggregate-address 10.60.0.0 255.255.0.0


{as-set} {summary-only} {route-map}
• Use as-set to include path and community
information from specifics
• summary-only suppresses specifics
• route-map sets other attributes

© 2002, Cisco Systems, Inc. All rights reserved.


64
Why Aggregate?

• Reduce number of Internet prefixes—


advertise only your CIDR block
• Increase stability—aggregate stays
even if specifics come and go
• Stable aggregate generation:

router bgp 1
aggregate-address 10.60.0.0 255.255.0.0 as-set summary-only
network 10.60.1.0 255.255.255.0
:
ip route 10.60.1.0 255.255.255.0 null0 254

© 2002, Cisco Systems, Inc. All rights reserved.


65
BGP Attributes: Atomic Aggregate

• Indicates loss of AS-PATH information


• Must not be removed once set
• Set by: aggregate-address x.x.x.x
• Not set if as-set keyword is used, however,
AS-SET and COMMUNITY then carries
information from specifics

© 2002, Cisco Systems, Inc. All rights reserved.


66
BGP Attributes: Aggregator

• AS number and IP address of router


generating aggregate
• Useful for troubleshooting
• Only set by aggregate-address; NOT set
by the network statement

© 2002, Cisco Systems, Inc. All rights reserved.


67
Aggregate Attributes

NEXT_HOP = local (0.0.0.0)


WEIGHT = 32768
LOCAL_PREF = none (assume 100)
AS_PATH = AS_SET or nothing
ORIGIN = IGP
MED = none

© 2002, Cisco Systems, Inc. All rights reserved.


68
ISP EBGP Tasks

• Configure stable aggregates


• Scale BGP customer aggregation
• Offer a choice of route-feeds
• Peer with other providers
• Provide a backup service
• Propagate QoS policy

© 2002, Cisco Systems, Inc. All rights reserved.


69
Customer Aggregation Guidelines
• Define at least three peer groups:
cust-default—send default route only
cust-cust—send customer routes only
cust-full —send full Internet routes
• Tag routes via communities
Use identifier and action communities
2:100=customers; 2:80=peers; 2:1000 announce to
transit
• Apply passwords and an inbound prefix-list on a
per neighbor basis
if applicable – password management can be tricky
from an operational perspective

© 2002, Cisco Systems, Inc. All rights reserved.


70
Customer Aggregation

Your AS CORE
CIDR Block: 10.0.0.0/8

Route Reflector
Aggregation Router
(RR Client)
Client Peer Group

Full Routes “Default” Customer Routes


Peer Group Peer Group Peer Group

© 2002, Cisco Systems, Inc. All rights reserved.


71
BGP template - customers

neighbor x.x.x.x remote-as X


neighbor x.x.x.x peer-group (cust-full or cust_cust
or cust_default)
neighbor x.x.x.x prefix-list ASXXX in
!
ip prefix-list ASXXX seq 5 permit <prefix>

© 2002, Cisco Systems, Inc. All rights reserved.


72
BGP template - full routes peer-group

neighbor cust-full peer-group


neighbor cust-full description Send full
Routes
neighbor cust-full remove-private-AS
neighbor cust-full version 4
neighbor cust-full route-map cust-in in
neighbor cust-full route-map
full-routes out

© 2002, Cisco Systems, Inc. All rights reserved.


73
BGP template: full routes route-map

ip prefix-list cidr-block seq 5 deny 10.0.0.0/8 ge 9


ip prefix-list cidr-block seq 10 permit 0.0.0.0/0 le 32
ip community-list 1 permit 2:100
ip community-list 80 permit 2:80
.
route-map full-routes permit 10
match ip cidr-block ; deny CIDR subnets
match community 1 80 ; customer & peers
set metric-type internal ; MED = IGP metric
set ip next-hop peer-address ; our own

© 2002, Cisco Systems, Inc. All rights reserved.


74
BGP template: customer inbound
route-map

route-map cust-in permit 10


set metric 4294967294 ; ignore MED
set ip next-hop peer-address
set community 2:100

© 2002, Cisco Systems, Inc. All rights reserved.


75
BGP template: customer routes
peer-group

neighbor cust-cust peer-group


neighbor cust-cust description customer routes
neighbor cust-cust remove-private-AS
neighbor cust-cust version 4
neighbor cust-cust route-map cust-in in
neighbor cust-cust route-map cust-routes out

© 2002, Cisco Systems, Inc. All rights reserved.


76
BGP Template: template: customer
routes route-map

route-map cust-routes permit 10


match ip cidr-block
match community 1 ; customers only
set metric-type internal ; MED = igp metric
set ip next-hop peer-address ; our own

© 2002, Cisco Systems, Inc. All rights reserved.


77
BGP Template: default route
peer-group

neighbor cust-default peer-group


neighbor cust-default description Send default
neighbor cust-default default-originate
route-map default-route
neighbor cust-default remove-private-AS
neighbor cust-default version 4
neighbor cust-default route-map cust-in in
neighbor cust-default prefix-list deny-all out

ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32


© 2002, Cisco Systems, Inc. All rights reserved.
78
ISP EBGP Tasks

• Configure stable aggregates


• Scale BGP customer aggregation
• Offer a choice of route-feeds
• Peer with other providers

© 2002, Cisco Systems, Inc. All rights reserved.


79
Peering with other ISPs

• Similar to EBGP customer aggregation


except inbound prefix filtering is rarely
used (lack of global registry)
• Use maximum-prefix and prefix sanity
checking instead

© 2002, Cisco Systems, Inc. All rights reserved.


80
BGP Template: ISP peers peer-group

neighbor nap peer-group


neighbor nap description for peer ISPs
neighbor nap remove-private-AS
neighbor nap version 4
neighbor nap prefix-list sanity-check in
neighbor nap prefix-list cidr-block out
neighbor nap route-map nap-out out
neighbor nap maximum prefix 30000

© 2002, Cisco Systems, Inc. All rights reserved.


81
BGP Template: ISP peers route-

route-map nap-out permit 10


match community 1 ; customers only
set metric-type internal ; MED = IGP metric
set ip next-hop peer-address ; our own

© 2002, Cisco Systems, Inc. All rights reserved.


82
Peer Groups for NAPs:
Sanity-Check Prefix-List
# FIRST - FILTER OUT YOUR IGP ADDRESS SPACE!!
ip prefix-list sanity-check seq 5 deny 0.0.0.0/32
# deny the default route
ip prefix-list sanity-check seq 10 deny 0.0.0.0/8 le 32
# deny anything beginning with 0
ip prefix-list sanity-check seq 15 deny 0.0.0.0/1 ge 20
# deny masks > 20 for all class A nets (1-127)
ip prefix-list sanity-check seq 20 deny 10.0.0.0/8 le 32
# deny 10/8 per RFC1918
ip prefix-list sanity-check seq 25 deny 127.0.0.0/8 le 32
# reserved by IANA - loopback address
ip prefix-list sanity-check seq 30 deny 128.0.0.0/2 ge 17
deny masks >= 17 for all class B nets (129-191)
ip prefix-list sanity-check seq 35 deny 128.0.0.0/16 le 32
# deny net 128.0 - reserved by IANA
ip prefix-list sanity-check seq 40 deny 172.16.0.0/12 le 32
# deny 172.16 as RFC1918

© 2002, Cisco Systems, Inc. All rights reserved.


83
Peer Groups for NAPs:
Sanity-Check Prefix-List
ip prefix-list sanity-check seq 45 deny 192.0.2.0/24 le 32
# class C 192.0.20.0 reserved by IANA
ip prefix-list sanity-check seq 50 deny 192.0.0.0/24 le 32
# class C 192.0.0.0 reserved by IANA
ip prefix-list sanity-check seq 55 deny 192.168.0.0/16 le 32
# deny 192.168/16 per RFC1918
ip prefix-list sanity-check seq 60 deny 191.255.0.0/16 le 32
# deny 191.255.0.0 - IANA reserved (I think)
ip prefix-list sanity-check seq 65 deny 192.0.0.0/3 ge 25
# deny masks > 25 for class C (192-222)
ip prefix-list sanity-check seq 70 deny 223.255.255.0/24 le 32
# deny anything in net 223 - IANA reserved
ip prefix-list sanity-check seq 75 deny 224.0.0.0/3 le 32
# deny class D/Experimental

© 2002, Cisco Systems, Inc. All rights reserved.


84
Summary for Deploying EBGP
• Stability through:
Aggregation/summary routes
Inbound prefix-filtering and passwords
Apply “sanity-check” and maximum-prefix
feature to ISP peering.

• Scalability of memory/CPU:
Three peer-groups for customers: Default,
customer routes, full routes
One peer group for ISP peers

• Simplicity using “standard” solutions

© 2002, Cisco Systems, Inc. All rights reserved.


85
Session Summary 1

• Scalability:
Use attributes, especially community
Use peer groups and route reflectors
• Stability:
Use loopback addresses for IBGP
Generate aggregates/summary addresses
Apply passwords
Always filter inbound and outbound

© 2002, Cisco Systems, Inc. All rights reserved.


86
Session Summary 2

• Simplicity—standard solutions:
Three multihoming options
Group customers into communities
Apply standard policy at the edge
Avoid “special configs”
Script your config generation

© 2002, Cisco Systems, Inc. All rights reserved.


87
For Further Reference:

• BGP bestpath
http://www.cisco.com/warp/public/459/25.shtml

• Case studies on www.cisco.com:


http://www.cisco.com/warp/public/
459/18.html

• www.cisco.com—search “BGP <feature>”


• www.nanog.org

© 2002, Cisco Systems, Inc. All rights reserved.


88
For Further Reference:

• Cisco Press:
“Internet Routing Architectures”
“Advanced IP Network Design”
“Large-Scale IP Network Solutions”
• John Stewart, BGP4, Addison Wesley
• Extra slides on BGP over simplex links

© 2002, Cisco Systems, Inc. All rights reserved.


89
RST-210
3025_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 90

You might also like