RST-210 3025_05_2001_c1

© 2001, Cisco Systems, Inc. All rights reserved.

1

Deploying BGP4
Marc Teichtahl Consulting Engineer – EMEA PTT2

© 2001, Cisco Systems, Inc. All rights reserved.

3

Contacts

• Speaker: Marc Teichtahl (mteichta@cisco.com)

• Slides will be available at the networks URL

© 2002, Cisco Systems, Inc. All rights reserved.

4

Prerequisites
• Understand how BGP scales Internet routing by connecting ISPs with globally unique AS numbers • Understand need for stable BGP advertisement (ie BGP dampening) • Understand difference between BGP external and internal BGP • Basic protocol knowledge: TCP port 179—incremental updates
© 2002, Cisco Systems, Inc. All rights reserved.

5

Prerequisites

• Understand BGP attributes: ASPATH, NEXT_HOP, MED, LOCAL_PREF—allow routing policy via route-map. • Understand the bestpath decision algorithm • Know why to turn off synchronisation and auto-summary!

© 2002, Cisco Systems, Inc. All rights reserved.

6

Overview
• Protocol Overview • Using BGP Attributes • Deploying IBGP • Deploying EBGP
Connecting to an ISP Being an ISP

• Focus on Stability, Scalability, and Configuration Templates

© 2002, Cisco Systems, Inc. All rights reserved.

7

Complex Network Scalability
Network routing architectures should focus on being

Scalable Stable Simple
© 2002, Cisco Systems, Inc. All rights reserved.

8

BGP Review
What Is it? Why Use it?

© 2001, Cisco Systems, Inc. All rights reserved.

9

Basic to Basics
Peering
A C

AS 100
B D

AS 101

• Runs over TCP—port 179 • Path vector protocol • Incremental updates • “Internal” and “External” BGP
© 2002, Cisco Systems, Inc. All rights reserved.

E

AS 102

10

General Operation

• Learns multiple paths via internal and external BGP speakers • Picks THE “bestpath”, installs it in the IP forwarding table, forwards to EBGP neighbors (not IBGP) • Policies are applied by influencing the bestpath selection
– Policy tools include local-pref, communities, MED, etc

© 2002, Cisco Systems, Inc. All rights reserved.

11

BGP Sessions—TCP Port 179, 4 Basic Message Types

4 BGP Messages control the opening, updates, withdrawals and BGP sessions maintenance.

© 2002, Cisco Systems, Inc. All rights reserved.

12

BGP Sessions - Control
1: OPEN MESSAGE
Exchange AS, router ID, holdtime Capability negotiation
0
1 2 3 4 5 6 7 8 9

10

11 12 13 14 15 16 17 18 19

20

21 22 23 24 25 26 27 28 29

30

31

Version (1 bytes) My Auto. System (2 bytes) Hold Time (2 bytes) BGP Identifier (4 bytes) Opt. Parm. Len. (1) Optional Parameters (as specified above)
© 2002, Cisco Systems, Inc. All rights reserved.

13

BGP Sessions - Control
2: NOTIFICATION
Example: “peer in wrong AS”
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error code | Error subcode | Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

1 = HRD Error, 2 = OPEN Error, 3= UPDATE Error 4 = Hold Time Expired, 5 = FSM Error, 6 = Cease

© 2002, Cisco Systems, Inc. All rights reserved.

14

BGP Sessions - Control
3: KEEPALIVE—when no updates

These keepalives ensure that the BGP neighbour relationship Is maintained and not the TCP level connectivity

© 2002, Cisco Systems, Inc. All rights reserved.

15

BGP Sessions - Control
4: UPDATES (incremental)
+-----------------------------------------------------+ | Unfeasible Routes Length (2 octets) | +-----------------------------------------------------+ | Withdrawn Routes (variable) | +-----------------------------------------------------+ | Total Path Attribute Length (2 octets) | +-----------------------------------------------------+ | Path Attributes (variable) | +-----------------------------------------------------+ | Network Layer Reachability Information (variable) | +-----------------------------------------------------+
0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Attr. Flags |Attr. Type Code| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +---------------------------+ | Length (1 octet) | +---------------------------+ | Prefix (variable) | +---------------------------+
16

© 2002, Cisco Systems, Inc. All rights reserved.

BGP Routing Policy
• Defines in technical terms your business rules
– Default to provider X – Select paths according to cost/reliability – Use path Y for Backup

• Tools to achieve this policy are the BGP attribute tools

© 2002, Cisco Systems, Inc. All rights reserved.

17

BGP Attributes—Tools for Routing Policy

1: ORIGIN 2: AS-PATH 3: NEXT-HOP 4: MED 5: LOCAL_PREF 6: ATOMIC_AGGREGATE

7: AGGREGATOR 8: COMMUNITY 9: ORIGINATOR_ID 10: CLUSTER_LIST 14: MP_REACH_NLRI 15: MP_UNREACH_NLRI

We will only focus on the yellow items today
© 2002, Cisco Systems, Inc. All rights reserved.

18

Why Use BGP ?

• You need to scale your IGP • You’re a multihomed ISP customer • You need to transit full Internet routes

© 2002, Cisco Systems, Inc. All rights reserved.

19

Deploying BGP

© 2001, Cisco Systems, Inc. All rights reserved.

20

BGP Template—BGP Global Settings

router bgp 1 bgp deterministic-med no synchronisation no auto-summary
For BGP config templates from now on, I’ll assume you’ve already done this!

© 2002, Cisco Systems, Inc. All rights reserved.

21

Deploying Internal BGP
Loopbacks, Peer-Groups, Route Reflectors and Confederations

© 2001, Cisco Systems, Inc. All rights reserved.

22

Guidelines for Stable IBGP
• IBGP peer using loopback addresses
neighbor { ip address | peer-group} update-source loopback0

• Independent of physical interface failure
– TCP carries our BGP information – Loopbacks reachable via IGP

• IGP/CEF performs any load-sharing • IBGP only—use on RR clients with care!!!
© 2002, Cisco Systems, Inc. All rights reserved.

23

Peering with Loopbacks
Without Loopbacks, the TCP Session Is Always Sourced from the IP Address of the Outbound Interface— Which Can Go Down!
• Configuration:
Router A router bgp 1 neighbor 1.0.1.1 remote-as 1 Router B router bgp 1 neighbor 1.0.1.2 remote-as 1
1.0.1.1 1.0.1.2

A

B

If Redundant Paths Exist, Use Loopback Interfaces to Establish the Session

© 2002, Cisco Systems, Inc. All rights reserved.

24

Guidelines for Scaling IBGP
• Carry only next-hops in IGP
Aggregation at IGP level can be dangerous

• Carry full routes in BGP only if necessary
Important at peering points MPLS does not have this concern

• Do not redistribute BGP into IGP • Use peer groups and RRs

© 2002, Cisco Systems, Inc. All rights reserved.

25

BGP Template—IBGP Peers

IBGP Peer Group AS1 router bgp 1 neighbor internal peer-group neighbor internal description ibgp peers neighbor internal remote-as 1 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor internal send-community neighbor internal version 4 neighbor internal password 7 03085A09 neighbor 1.0.0.1 peer-group internal neighbor 1.0.0.2 peer-group internal
© 2002, Cisco Systems, Inc. All rights reserved.

26

What Is a Peer Group?
• Simplifies configuration • All peer-group members have a common outbound policy • Updates generated once per peer group
Update replication efficiency

• Members can have different inbound policy
Differing outbound policies will negate the value of the peer-group and lower update replication efficiency

© 2002, Cisco Systems, Inc. All rights reserved.

27

Why Route Reflectors?
Avoid n(n-1)/2 iBGP Mesh

n=1000 => Nearly Half a Million iBGP Sessions!

13 Routers => 78 IBGP Sessions total

© 2002, Cisco Systems, Inc. All rights reserved.

28

Using Route Reflectors
RR

Backbone
RR RRC

RRC RR

Cluster A

RRC RR

RR

Cluster C
Golden Rule of RR Loop Avoidance: “RR Topology Should Follow Physical Topology” => Be Careful with Loopback Peering!!!!
© 2002, Cisco Systems, Inc. All rights reserved.

Cluster B
RRC RR

Cluster D
29

Route Reflectors
• Provide additional control to allow router to advertise (reflect) iBGP learned routes to other iBGP peers
Method to reduce the size of the iBGP mesh

• Normal BGP speakers can coexist
Only the RR has to support this feature neighbor x.x.x.x route-reflector-client

• Route reflector clients receive the “best” route as seen by the RR – Beware this may not always be the best route for the client

© 2002, Cisco Systems, Inc. All rights reserved.

30

Route Reflectors—Terminology
Non-client Route Reflector

Clusters Clients Clients

Lines Represent Both Physical Links and BGP Logical Connections
© 2002, Cisco Systems, Inc. All rights reserved.

31

Route Reflectors—Terminology (Cont.)
• Route reflector
Router that reflects the iBGP information

• Client
Routers between which the RR reflects updates (may be fully meshed among themselves)

• Cluster
Set of one or more RRs and their clients (may overlap)

• Non-client
iBGP neighbour outside the cluster

© 2002, Cisco Systems, Inc. All rights reserved.

32

What Is a Route Reflector?

• Reflector receives path from clients and non clients • If best path is from a client, reflect to clients and non-clients • If best path is from a non-client, reflect to clients

© 2002, Cisco Systems, Inc. All rights reserved.

33

Route Reflectors—Hierarchy
• Clusters may be configured hierarchically
RRs in a cluster are clients of RRs in a higher level Provides a “natural” method to limit routing information sent to lower levels Beware of segmenting the BGP layers
Level 1

Level 2

© 2002, Cisco Systems, Inc. All rights reserved.

34

Deploying Route Reflectors

• Divide backbone into multiple clusters • Each cluster contains at least one RR; Clients can peer with RRs in other clusters for redundancy • RRs are fully meshed via IBGP • Still use single IGP—next-hop unmodified by RR; unless via explicit inbound route-map

© 2002, Cisco Systems, Inc. All rights reserved.

35

Route Reflectors—Migration
• Where to place the route reflectors?
Follow the physical topology! This will guarantee that the packet forwarding won’t be affected

• Configure one RR at a time
Eliminate redundant iBGP sessions Place one RR per cluster

© 2002, Cisco Systems, Inc. All rights reserved.

36

BGP Template: Peer-Group for RR Clients
router bgp 1 Will this Break the neighbor rr-client peer-group “Golden Rule” neighbor rr-client description RR clients neighbor rr-client remote-as 1 neighbor rr-client update-source Loopback0 neighbor rr-client route-reflector-client This Line on RRs neighbor rr-client next-hop-self Only RRCs Use neighbor rr-client send-community Still Use Internal Peer Group neighbor rr-client version 4 neighbor rr-client password 7 03085A09 neighbor 10.0.1.1 peer-group rr-client neighbor 10.0.1.2 peer-group rr-client
© 2002, Cisco Systems, Inc. All rights reserved.

37

RR Specific BGP Attributes
RR
1.4.1.1 Router id 1.3.1.1

A

RRC Router id
1.2.1.1

• Example:
RouterB>sh ip bgp 3.0.0.0 BGP routing table entry for 3.0.0.0/8 3 1.0.1.2 from 1.4.1.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, internal, best

B

RR C RRC Router id D
1.1.1.1

Originator: 1.1.1.1 Cluster list: 1.3.1.1, 1.2.1.1 AS3 3.0.0.0
© 2002, Cisco Systems, Inc. All rights reserved.

1.0.1.2

38

BGP Attributes: ORIGINATOR_ID

• ORIGINATOR_ID
Router ID of IBGP speaker that injects route into AS—applied by RR

• Useful for troubleshooting and loop detection

© 2002, Cisco Systems, Inc. All rights reserved.

39

BGP Attributes: CLUSTER_LIST
• CLUSTER_LIST
String of CLUSTER_IDs through which the route has passed

• Usually CLUSTER_ID=ROUTER_ID • Overridden by: bgp cluster-id x.x.x.x—but remember: don’t do this!!!! • Useful for troubleshooting and loop detection
© 2002, Cisco Systems, Inc. All rights reserved.

40

Route Reflectors—Redundancy
• Multiple RRs can be configured in the same cluster—but we now advise against this
Other RRs in the same cluster should be treated as iBGP peers (non-clients) All RRs in the cluster must have the same cluster-id

• A router may be a client for RRs in different clusters
© 2002, Cisco Systems, Inc. All rights reserved.

41

Route Reflectors—Results

• Number of neighbors is reduced
No need for full iBGP mesh

• Number of routes propagated is reduced
Each RR advertises only the best path to its clients

• Stability and scalability are achieved!

© 2002, Cisco Systems, Inc. All rights reserved.

42

Confederations
• Divide the AS into sub-AS
eBGP between sub-AS, but some iBGP information is kept Preserve NEXT_HOP across the sub-AS (IGP carries this information) Preserve LOCAL_PREF and MED

• Usually a single IGP

© 2002, Cisco Systems, Inc. All rights reserved.

43

Confederations (Cont.)
• Visible to outside world as single AS— “Confederation Identifier”
Each sub-AS uses a number from the private space

• iBGP speakers in sub-AS are fully meshed
The total number of neighbors is reduced by limiting the full mesh requirement to only the peers in the sub-AS
© 2002, Cisco Systems, Inc. All rights reserved.

44

Confederations (Cont.)
Sub-AS 65530 AS 2

B Sub-AS 65532

Sub-AS 65531

• Configuration (rtr B):
router bgp 65532 confederation identifier 2 bgp confederation peers 65530 65531 neighbor 141.153.12.1 remote-as 65530 neighbor 141.153.17.2 remote-as 65531
45

© 2002, Cisco Systems, Inc. All rights reserved.

Route Propagation Decisions

• Same as with “normal” BGP:
From peer in same sub-AS → only to external peers (eBGP rules) From external peers → to all neighbors (iBGP rules)

• “External peers” refers to
Peers outside the confederation Peers in a different sub-AS Preserve LOCAL_PREF, MED and NEXT_HOP

© 2002, Cisco Systems, Inc. All rights reserved.

46

Confederations (Cont.)
• Example (cont.):
BGP table version is 78, local router ID is 141.153.17.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.0.0.0 Next Hop 141.153.14.3 Metric LocPrf Weight Path 0 0 0 0 100 100 100 100 0 0 0 0 (65531) 1 i (65530) i (65530) i (65530) 1 i

*> 141.153.0.0 141.153.30.2 *> 144.10.0.0 141.153.12.1

*> 199.10.10.0 141.153.29.2

© 2002, Cisco Systems, Inc. All rights reserved.

47

RRs or Confederations

Internet Connectivity Anywhere In the Network Anywhere In the Network

Multi-Level Hierarchy Yes

Policy Control Yes

Scalability

Migration Complexity Medium To High

Confederations

Medium

Route Reflectors

Yes

Yes

Very High

Very Low

© 2002, Cisco Systems, Inc. All rights reserved.

48

More Points about Confeds

• Can assist in “absorbing” other ISPs into you ISP
If one ISP buys another (can use local-as feature to do a similar thing)

• You can use route-reflectors within confederation sub-as
Reduce the sub-as ibgp mesh

© 2002, Cisco Systems, Inc. All rights reserved.

49

So Far…

• Is IBGP peering Stable?
Use loopbacks for peering

• Will it Scale?
Use peer groups Use route reflectors

• Simple, hierarchical config?

© 2002, Cisco Systems, Inc. All rights reserved.

50

COMMUNITIES
They’re for Everyone!

© 2001, Cisco Systems, Inc. All rights reserved.

51

Problem: Scale Routing Policy Solution: COMMUNITY

• NOT in decision algorithm • BGP route can be a member of many communities • Typical communities:
Destinations learned from customers Destinations learned from ISPs or peers Destinations in VPN—BGP community is fundamental to the operation of BGP VPNs (rfc2547)

© 2002, Cisco Systems, Inc. All rights reserved.

52

Problem: Scale Routing Policy Solution: COMMUNITY
Communities: 1:100—Customer Routes 1:80— ISP Routes

ISP 2 ISP 1

ISP 3
0.0.0.0

ISP 4

Customer 1 (no Default, Wants Full Routes)

Customer 2 (Uses Default, Wants Your Routes)
© 2002, Cisco Systems, Inc. All rights reserved.

53

Problem: Scale Routing Policy Solution: COMMUNITY
Communities: 1:100—Customer Routes 1:80— ISP Routes
Set Community 1:80

ISP 2 ISP 1
Match Community 1:100

Match Community 1:100 1:80

ISP 3
Set Community 1:100

Match Community 1:100 0.0.0.0

ISP 4

Customer 1 (no Default, Wants Full Routes)

Customer 2 (Uses Default, Wants Your Routes)
© 2002, Cisco Systems, Inc. All rights reserved.

54

BGP Attributes: COMMUNITY

• Activated per neighbor/peer-group:
neighbor {peer-address | peer-group-name} send-community

• Carried across AS boundaries • Common convention is string of four bytes: <AS>:[0-65536]
32 AS address space in coming

© 2002, Cisco Systems, Inc. All rights reserved.

55

BGP Attributes: COMMUNITY (Cont.)
• Each destination can be a member of multiple communities • Using a route-map: set community
<1-4294967295> community number aa:nn additive none local-AS community) no-advertise community) no-export community) community number in aa:nn format Add to the existing community No community attribute Do not send to EBGP peers (well-known Do not advertise to any peer (well-known Do not export outside AS/confed (well-known

© 2002, Cisco Systems, Inc. All rights reserved.

56

Community Filters

• Filter based on Community Strings
ip community-list <1-99> [permit|deny] comm ip community-list <100-199> [permit|deny] regexp

• Per neighbor
Inbound or outbound route-maps
match community <number> [exact-match]

exact match only for standard lists

© 2002, Cisco Systems, Inc. All rights reserved.

57

Community Filters
• Example 1:
Mark some prefixes as part of the 1:120 community (+remove existing community!)

• Configuration:
router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 send-community neighbor 10.0.0.1 route-map set_community out ! route-map set_community 10 permit match ip address 1 set community 1:120 ! access-list 1 permit 10.10.0.0 0.0.255.255

© 2002, Cisco Systems, Inc. All rights reserved.

58

Community Filters

• Example 2:
Set LOCAL_PREF depending on the community that the prefix belongs to.

• Configuration:
router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 route-map filter_on_community in ! route-map filter_on_community 10 permit match community 1 set local-preference 150 ! ip community-list 1 permit 2:150

© 2002, Cisco Systems, Inc. All rights reserved.

59

Regular Expression Syntax—URL

• Overview of IOS regular expression syntax:
http://www.cisco.com/univercd/cc/td/doc/prod uct/software/ios11/arbook/arapptrn.htm

© 2002, Cisco Systems, Inc. All rights reserved.

60

Deploying External BGP for ISPs
Route Aggregation, Customer Aggregation, NAPs

© 2001, Cisco Systems, Inc. All rights reserved.

61

ISP EBGP Tasks

• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service

© 2002, Cisco Systems, Inc. All rights reserved.

62

What Is Aggregation?

• Summarisation based on specifics from the BGP routing table
10.60.1.0 255.255.255.0 10.60.2.0 255.255.255.240 Aggregate would be 10.60.0.0 255.255.0.0

© 2002, Cisco Systems, Inc. All rights reserved.

63

How to Aggregate

• aggregate-address 10.60.0.0 255.255.0.0 {as-set} {summary-only} {route-map} • Use as-set to include path and community information from specifics • summary-only suppresses specifics • route-map sets other attributes

© 2002, Cisco Systems, Inc. All rights reserved.

64

Why Aggregate?
• Reduce number of Internet prefixes— advertise only your CIDR block • Increase stability—aggregate stays even if specifics come and go • Stable aggregate generation:
router bgp 1 aggregate-address 10.60.0.0 255.255.0.0 as-set summary-only network 10.60.1.0 255.255.255.0 : ip route 10.60.1.0 255.255.255.0 null0 254
65

© 2002, Cisco Systems, Inc. All rights reserved.

BGP Attributes: Atomic Aggregate

• Indicates loss of AS-PATH information • Must not be removed once set • Set by: aggregate-address x.x.x.x • Not set if as-set keyword is used, however, AS-SET and COMMUNITY then carries information from specifics

© 2002, Cisco Systems, Inc. All rights reserved.

66

BGP Attributes: Aggregator

• AS number and IP address of router generating aggregate • Useful for troubleshooting • Only set by aggregate-address; NOT set by the network statement

© 2002, Cisco Systems, Inc. All rights reserved.

67

Aggregate Attributes

NEXT_HOP = local (0.0.0.0) WEIGHT = 32768 LOCAL_PREF = none (assume 100) AS_PATH = AS_SET or nothing ORIGIN = IGP MED = none

© 2002, Cisco Systems, Inc. All rights reserved.

68

ISP EBGP Tasks
• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers • Provide a backup service • Propagate QoS policy

© 2002, Cisco Systems, Inc. All rights reserved.

69

Customer Aggregation Guidelines
• Define at least three peer groups:
cust-default—send default route only cust-cust—send customer routes only cust-full —send full Internet routes

• Tag routes via communities
Use identifier and action communities 2:100=customers; 2:80=peers; 2:1000 announce to transit

• Apply passwords and an inbound prefix-list on a per neighbor basis
if applicable – password management can be tricky from an operational perspective
© 2002, Cisco Systems, Inc. All rights reserved.

70

Customer Aggregation
Your AS CIDR Block: 10.0.0.0/8

CORE
Route Reflector

Aggregation Router (RR Client) Client Peer Group

Full Routes “Default” Peer Group Peer Group

Customer Routes Peer Group

© 2002, Cisco Systems, Inc. All rights reserved.

71

BGP template - customers

neighbor x.x.x.x remote-as X neighbor x.x.x.x peer-group (cust-full or cust_cust or cust_default) neighbor x.x.x.x prefix-list ASXXX in ! ip prefix-list ASXXX seq 5 permit <prefix>

© 2002, Cisco Systems, Inc. All rights reserved.

72

BGP template - full routes peer-group
neighbor cust-full peer-group neighbor cust-full description Send full Routes neighbor cust-full remove-private-AS neighbor cust-full version 4 neighbor cust-full route-map cust-in in neighbor cust-full route-map full-routes out

© 2002, Cisco Systems, Inc. All rights reserved.

73

BGP template: full routes route-map
ip prefix-list cidr-block seq 5 deny 10.0.0.0/8 ge 9 ip prefix-list cidr-block seq 10 permit 0.0.0.0/0 le 32 ip community-list 1 permit 2:100 ip community-list 80 permit 2:80 . route-map full-routes permit 10 match ip cidr-block match community 1 80 set metric-type internal ; deny CIDR subnets ; customer & peers ; MED = IGP metric

set ip next-hop peer-address ; our own
© 2002, Cisco Systems, Inc. All rights reserved.

74

BGP template: customer inbound route-map

route-map cust-in permit 10 set metric 4294967294 ; ignore MED set ip next-hop peer-address set community 2:100

© 2002, Cisco Systems, Inc. All rights reserved.

75

BGP template: customer routes peer-group

neighbor cust-cust peer-group neighbor cust-cust description customer routes neighbor cust-cust remove-private-AS neighbor cust-cust version 4 neighbor cust-cust route-map cust-in in neighbor cust-cust route-map cust-routes out

© 2002, Cisco Systems, Inc. All rights reserved.

76

BGP Template: template: customer routes route-map

route-map cust-routes permit 10 match ip cidr-block match community 1 ; customers only set metric-type internal ; MED = igp metric set ip next-hop peer-address ; our own

© 2002, Cisco Systems, Inc. All rights reserved.

77

BGP Template: default route peer-group
neighbor cust-default peer-group neighbor cust-default description Send default neighbor cust-default default-originate route-map default-route neighbor cust-default remove-private-AS neighbor cust-default version 4 neighbor cust-default route-map cust-in in neighbor cust-default prefix-list deny-all out ip prefix-list deny-all seq 5 deny 0.0.0.0/0 le 32
© 2002, Cisco Systems, Inc. All rights reserved.

78

ISP EBGP Tasks

• Configure stable aggregates • Scale BGP customer aggregation • Offer a choice of route-feeds • Peer with other providers

© 2002, Cisco Systems, Inc. All rights reserved.

79

Peering with other ISPs

• Similar to EBGP customer aggregation except inbound prefix filtering is rarely used (lack of global registry) • Use maximum-prefix and prefix sanity checking instead

© 2002, Cisco Systems, Inc. All rights reserved.

80

BGP Template: ISP peers peer-group

neighbor nap peer-group neighbor nap description for peer ISPs neighbor nap remove-private-AS neighbor nap version 4 neighbor nap prefix-list sanity-check in neighbor nap prefix-list cidr-block out neighbor nap route-map nap-out out neighbor nap maximum prefix 30000

© 2002, Cisco Systems, Inc. All rights reserved.

81

BGP Template: ISP peers route-

route-map nap-out permit 10 match community 1 ; customers only set metric-type internal ; MED = IGP metric set ip next-hop peer-address ; our own

© 2002, Cisco Systems, Inc. All rights reserved.

82

Peer Groups for NAPs: Sanity-Check Prefix-List
# FIRST - FILTER OUT YOUR IGP ADDRESS SPACE!! ip prefix-list sanity-check seq 5 deny 0.0.0.0/32 # deny the default route ip prefix-list sanity-check seq 10 deny 0.0.0.0/8 le 32 # deny anything beginning with 0 ip prefix-list sanity-check seq 15 deny 0.0.0.0/1 ge 20 # deny masks > 20 for all class A nets (1-127) ip prefix-list sanity-check seq 20 deny 10.0.0.0/8 le 32 # deny 10/8 per RFC1918 ip prefix-list sanity-check seq 25 deny 127.0.0.0/8 le 32 # reserved by IANA - loopback address ip prefix-list sanity-check seq 30 deny 128.0.0.0/2 ge 17 deny masks >= 17 for all class B nets (129-191) ip prefix-list sanity-check seq 35 deny 128.0.0.0/16 le 32 # deny net 128.0 - reserved by IANA ip prefix-list sanity-check seq 40 deny 172.16.0.0/12 le 32 # deny 172.16 as RFC1918
© 2002, Cisco Systems, Inc. All rights reserved.

83

Peer Groups for NAPs: Sanity-Check Prefix-List
ip prefix-list sanity-check seq 45 deny 192.0.2.0/24 le 32 # class C 192.0.20.0 reserved by IANA ip prefix-list sanity-check seq 50 deny 192.0.0.0/24 le 32 # class C 192.0.0.0 reserved by IANA ip prefix-list sanity-check seq 55 deny 192.168.0.0/16 le 32 # deny 192.168/16 per RFC1918 ip prefix-list sanity-check seq 60 deny 191.255.0.0/16 le 32 # deny 191.255.0.0 - IANA reserved (I think) ip prefix-list sanity-check seq 65 deny 192.0.0.0/3 ge 25 # deny masks > 25 for class C (192-222) ip prefix-list sanity-check seq 70 deny 223.255.255.0/24 le 32 # deny anything in net 223 - IANA reserved ip prefix-list sanity-check seq 75 deny 224.0.0.0/3 le 32 # deny class D/Experimental
© 2002, Cisco Systems, Inc. All rights reserved.

84

Summary for Deploying EBGP
• Stability through:
Aggregation/summary routes Inbound prefix-filtering and passwords Apply “sanity-check” and maximum-prefix feature to ISP peering.

• Scalability of memory/CPU:
Three peer-groups for customers: Default, customer routes, full routes One peer group for ISP peers

• Simplicity using “standard” solutions
© 2002, Cisco Systems, Inc. All rights reserved.

85

Session Summary 1
• Scalability:
Use attributes, especially community Use peer groups and route reflectors

• Stability:
Use loopback addresses for IBGP Generate aggregates/summary addresses Apply passwords Always filter inbound and outbound
© 2002, Cisco Systems, Inc. All rights reserved.

86

Session Summary 2

• Simplicity—standard solutions:
Three multihoming options Group customers into communities Apply standard policy at the edge Avoid “special configs” Script your config generation

© 2002, Cisco Systems, Inc. All rights reserved.

87

For Further Reference:

• BGP bestpath
http://www.cisco.com/warp/public/459/25.shtml

• Case studies on www.cisco.com:
http://www.cisco.com/warp/public/ 459/18.html

• www.cisco.com—search “BGP <feature>” • www.nanog.org

© 2002, Cisco Systems, Inc. All rights reserved.

88

For Further Reference:

• Cisco Press:
“Internet Routing Architectures” “Advanced IP Network Design” “Large-Scale IP Network Solutions”

• John Stewart, BGP4, Addison Wesley • Extra slides on BGP over simplex links

© 2002, Cisco Systems, Inc. All rights reserved.

89

RST-210 3025_05_2001_c1

© 2001, Cisco Systems, Inc. All rights reserved.

90

Sign up to vote on this title
UsefulNot useful