Professional Documents
Culture Documents
BGBGP
BGBGP
All-Day
Tutorial
Avi Freedman
freedman@netaxs.com
Index
Index
Index
Internet
Connectivity
Overview
Multihoming
Without
BGP
Multihoming
Without BGP How it Works
Good, because 1) Because the two 207.8.195.0/24 routes are of the same
specificity, providers CAN choose btwn netaxs and uunet to get to
you; and
2) For some people who dont listen to /24s and such in new
address space, they still have the 207.8.128.0/17 route to use to
get to you.
Disadvantages of
not using BGP
You gain a bit more control of your destiny
when you speak BGP yourself. You can break
up your routes in an emergency, or to tune
traffic. You can pad your announcements to
de-prefer one or more upstreams.
Also, you lose the ability to fine-tune
outbound traffic flow to the best upstream.
Why BGP?
BGP is a multi-vendor open protocol with
multiple implementations, all mostly
interoperable. It is the only actively used EGP on
the Internet.
The main design feature of BGP was to allow
ISPs to richly express their routing policy, both in
selecting outbound paths and in announcing
internal routes. Keep this in mind as we
progress.
What is BGP?
BGP is (1)
An Exterior Gateway Protocol (EGP), used
to propagate tens or hundreds of thousands
of routes between networks (ASs).
The only protocol used to do this on the
Internet today.
BGP is (2)
The Border Gateway Protocol, currently
Version 4 - defined in RFC 1771, and
extended (with additional optional attributes)
in other RFCs.
A distance-vector routing protocol, running
over TCP port 179.
Supports modern classless routing. BGP3,
RIPv1, and some others do NOT.
Purpose of BGP
Purpose of BGP
To allow networks to tell other networks about
routes (parts of the IP address space) that they are
responsible for.
Using route advertisements, or promises - also
called NLRI or network-layer reachability
information.
Networks are Autonomous Systems.
Identified in BGP by a number, called the ASN
(Autonomous System Number)
Basic
BGP
Concepts
AS 4969
AS 6461
AS 701
AS 5000
What Is an Attribute?
...
Next
Hop
AS
Path
MED
...
...
.202
207.240.24.200/30
.201
AS 3847
B
198.32.184.42
AS3847
C
198.32.184.56
198.32.184.116
B
D
198.32.184.19
AS3561
AS1
AS6201
AS3561
AS701
204.70.0.0/15
192.67.95.0/24
G
F
D
AS3847
207.240.0.0/16
AS1673
140.222.0.0/16
B
E
192.67.95.0/24
140.222.0.0
204.70.0.0/15
207.240.0.0/16
3847 701 i
3847 1673 i
3847 3561 i
3847 i
+20
Origin Attribute
One of the mandatory, but minor, attributes of
a BGP route is the origin. It is one of (in
order of preference):
IGP (i) (from a network statement)
EGP (e) (from an external peer)
Unknown (?) (from IGP redistribution)
Weight Attribute
Cisco proprietary, not part of any spec.
Local to router.
Value 0-65535 (default if originated by
router - 32768, other - 0)
* Highest weight preferred
C
208.1.1.0/24
80
Local to AS
Used to influence BGP
path selection
Default 100
* Highest local-pref preferred
208.1.1.0/24
100
Preferred by all
AS3847 routers
B
208.1.1.0/24
AS 6201
iBGP
vs.
eBGP
iBGP
AS 3847
eBGP (1)
AS 3561
A
AS 3847
B
eBGP (2)
AS 2033
AS 7007
AS 2041
AS 4200
AS 7007
XP
AS 701
AS 6079
AS 4006
eBGP Rules
By default, only talks to directly-connected router.
Sends the one best BGP route for each
destination.
Sends all of the important attributes; omits the
local preference attribute.
Adds (prepends) the speakers ASN to the aspath attribute.
Usually rewrites the next-hop attribute.
iBGP Rules
Can talk to routers many hops away by default.
Can only send routes it injects, or routes
heard DIRECTLY from an external peer.
Thus, requires a FULL mesh.
Sends all attributes.
Leaves the as-path attribute alone.
Doesnt touch the next hop attribute.
B
AS 2828
C
AS 1239
B
AS 2828
C
AS 1239
B
AS 2828
C
AS 1239
Basic BGP
Advertising Routes
6201
A
B
3847
6202
C
Basic BGP
Selecting Routes
Shortest AS path
Lowest origin code IGP < EGP < incomplete
Lowest MED
Prefer EBGP path over IBGP path
Path with shortest next-hop metric wins
Lowest router-id
Hardware
for
BGP
Cisco Products
Cant run full BGP 2501 - 68030, 25mhz, 16mb ram max
4000/4000M/4500, 16-32mb max
Or
ip route 0.0.0.0 0.0.0.0 s4/0
ip route 0.0.0.0 0.0.0.0 s4/1 250
Gather Networks
Routes
207.8.200.0/22
198.69.44.0/24
Holdup routes keep the routes in BGP so they dont flap.
Flapping can blackhole you.
Test it
Do a sho ip bgp. Only your 2 routes should
show.
Do a show ip bgp neigh <neighip> adv. You
should show that you are advertising those 2 routes
to your 2 neighbors.
Go to nitrous.digex.net or another BGP looking
glass, to see that the routes are being advertised
under your AS, not the providers, and that both
paths are there.
Policy
Logistics of
becoming
Multihomed
Multihoming Logistics
Address space.
Redundant connectivity during switch.
Test configs.
Bring up outbound BGP first.
Multihoming to the
same Provider
Hot Potato
vs.
Hop-by-Hop
Routing
Quickie on Route-Maps
Route-maps are used to match and set
attributes of routes. They are a little logic
flow of ANDs and NOT ANDs.
Like a little basic program; evaluated in order
of the sequence number.
At the end of evaluation, if a route has been
permitted at some point, it passed.
A route-map is ADDITIVE to other filters.
Implementing Communities
ip comm 4 permit 4969:123
ip comm 4 permit 4959:1200
ip comm 20 permit 4969:0
ip comm 21 permit 1239:1
ip comm 22 permit 1239:2
route-map tosprint deny 20
match comm 20
route-map tosprint permit 21
match comm 21
set as pre 4969
route-map tosprint permit 22
match comm 22
set as pre 4969 4969
route-map tosprint permit 30
match comm 4
Implementing Communities
route-map set-transit
match ip address 40
set comm 4969:1200 4969:666 additive
router bgp 22222
neigh <custip> route-map set-transit in
TUNING INBOUND
BGP ANNOUNCEMENTS
TUNING OUTBOUND
BGP ANNOUNCEMENTS
And:
With a cooperative provider, using communities
PEERING WITH
OTHER ISPS
Peering
Networks should peer as widely as possible,
for better interconnectivity. The more wide
the peering, the more traffic you will use.
This is a GOOD thing.
Particularly, peering with local providers is a
very good thing.
If you are both in a frame or SMDS cloud, or
in a room, peering makes sense...
PEERING AND
next-hop-self
BGP: Next-hop-self
By default, our friend Mr. Promiscuous Q. eBGP
will pass on next-hops as imported
So, if multiple routers are at a common XP, and one
party is transitting another, you might accidentally
send routes to a 3rd party which would cause them
to send traffic to your transit customer instead of
bouncing the packet off of you.
Some people think transit over XPs is bad, but many
do it as a backup-of-last-resort. If you do, watch
your next-hops.
AS 701
192.41.177.87
XP
AS 4969
AS 6666 says to AS 4969:
Prefix
AS-Path Next-hop
10.10.10.0/24 6666
192.41.177.4
Prefix
AS-Path Next-hop
192.41.177.4
AS 6666
AS 701
192.41.177.87
XP
AS 4969
AS 6666 says to AS 4969:
Prefix
AS-Path Next-hop
10.10.10.0/24 6666
192.41.177.4
Prefix
AS-Path Next-hop
192.41.177.4
AS 6666
BACKUP TRANSIT
STABLE BGP
Stable BGP
Nail routes to loopback.
Watch out for flapping routes.
Sites think that if a site shows instability, it is
worth blackholing for some time (30-90
minutes) until it stabilizes.
Dampening hurts.
How to escape from being dampened once the
underlying problem is fixed.
BGP Dampening
BGP dampening is used to minimize instability caused by route flapping and oscillation
over the network. To accomplish this, values are defined to identify badly behaved routes.
Genuity currently uses Cisco's default values which basically say 'flap 3 times in 15
minutes and your damped':
half-life
penalty
suppress-value
reuse-value
15 minutes
1000
2000
750
But in time it can become a bit more complex. Each time a route flaps it gets a penalty
(1000). If the cumulative penalty is greater than the suppress-value (2000, so 3 flaps), the
advertisement of the route will be suppressed. The penalty will be exponentially decayed
based on the half-life. Once the penalty decreases below the predefined reuse-value, the
advertisement will be unsuppressed. The default maximum suppress time is 4 times the
half-life. This ensures that if a route flaps a lot in a very short period but quickly becomes
stable it's only suppressed for a maximum of 1 hour.
Route flap dampening is not applied to routes originated from the AS in which the router
resides.
eBGP Multihop
If you must:
neigh <remoteip> ebgp 5
[# of hops]
REALIZE that youre breaking one of the Fundamental Postulates
of Active Routing - that every box in the middle knows (within a
few seconds) how to get to a destination because it HAD to know
in order to tell the box connected to it
SUPPORTING
MULTI-HOMED
CUSTOMERS
IGP REDISTRIBUTION
SCALING WITH
CONFEDERATIONS
BGP Confederations
Or BGP done right
Makes iBGP more promiscuous
How?
(kudos to danny@genuity)
Confederations
C
C
AS 1239
AS 64512
C
AS 701
C
C
C
C
AS 64514
AS 64513
C
C
AS 4969
C
C
SCALING WITH
ROUTE REFLECTORS
Other Issues
CISCO CONFIGURATION