Professional Documents
Culture Documents
BGP Tutorial: APRICOT 2004, Kuala Lumpur February 2004
BGP Tutorial: APRICOT 2004, Kuala Lumpur February 2004
• Two Tutorials
Part 1 – Introduction Morning
Part 2 – Multihoming Afternoon
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 5
Routing Basics
Terminology and Concepts
• IPv4
• Routing
• Forwarding
• Some definitions
• Policy options
• Routing Protocols
find path
forward packet, forward packet, forward
packet, forward packet...
find alternate path
forward packet, forward packet, forward
packet, forward packet…
repeat until powered off
• Routing = building
maps and giving
directions
• Forwarding = moving
packets between
interfaces according
to the “directions”
R1 R2 R4
10/8 → R3
10.1/16
10.1/16 → R4
20/8 → R5
30/8 → R6
…..
R2’s IP routing table
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 15
IP route lookup: Longest match
routing
R1 R2 R4
R1 R2 R4
10/8 → R3 10.1/16
10.1.1.1 && FF.FF.0.0
10.1/16 → R4 Match as well!
vs.
20/8 → R5
10.1.0.0 && FF.FF.0.0
30/8 → R6
…..
R2’s IP routing table
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 17
IP route lookup: Longest match
routing
R1 R2 R4
10/8 → R3 10.1/16
10.1/16 → R4
20/8 → R5 10.1.1.1 && FF.0.0.0
vs. Does not match!
30/8 → R6
….. 20.0.0.0 && FF.0.0.0
R2’s IP routing table
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 18
IP route lookup: Longest match
routing
R1 R2 R4
10/8 → R3 10.1/16
10.1/16 → R4
20/8 → R5 10.1.1.1 && FF.0.0.0
30/8 → R6 vs. Does not match!
….. 30.0.0.0 && FF.0.0.0
R2’s IP routing table
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 19
IP route lookup: Longest match
routing
R1 R2 R4
10/8 → R3 10.1/16
10.1/16 → R4 Longest match, 16 bit netmask
20/8 → R5
30/8 → R6
…..
R2’s IP routing table
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 20
IP Forwarding
Static Routes
• Default:
simple, cheap (cycles, memory, bandwidth)
low granularity (metric games)
• Hybrid
minimise overhead
provide useful granularity
requires some filtering knowledge
AS 100
packet flow
accept announce
AS 1 announce
routing flow
accept AS 2
packet flow
AS 1
AS 34
N1
AS16
AS 8
N16
AS 1
AS 34
N1
AS16
AS 8
N16
red
red
Internet AS99
green green
packet flow
• AS99 uses red link for traffic to the red AS and the
green link for remaining traffic
• To implement this policy, AS99 has to:
Accept routes originating from the red AS on the
red link
Accept all other routes on the green link
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 33
Routing Policy Limitations
red
red Internet
AS22
AS99
green green
packet flow
• Interior • Exterior
automatic neighbour specifically configured
discovery peers
generally trust your IGP connecting with outside
routers networks
prefixes go to all IGP set administrative
routers boundaries
binds routers in one AS binds AS’s together
together
• Interior • Exterior
Carries ISP Carries customer
infrastructure prefixes
addresses only
Carries Internet prefixes
ISPs aim to keep the
EGPs are independent
IGP small for efficiency
of ISP network topology
and scalability
Other ISPs
BGP4
BGP4
and OSPF/ISIS
BGP4 Static/BGP4
Customers
IXP
Connected Interface 0
Static Route 1
Enhanced IGRP Summary Route 5
External BGP 20
Internal Enhanced IGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
External Enhanced IGRP 170
Internal BGP 200
Unknown 255
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 45
BGP for Internet Service Providers
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 46
BGP Basics
What is this BGP thing?
AS 100
Peering
A C
AS 100 AS 101
B D
E
• Runs over TCP – port 179
• Path vector protocol AS 102
• Incremental updates
• “Internal” & “External” BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 51
Demarcation Zone (DMZ)
A C
DMZ
AS 100 Network AS 101
B D
AS 102
• Model representation
AS 100 AS 101
C
ip address on
ethernet interface
Router A in AS100
ip address on
ethernet interface
Router C in AS101
AS 100
B
A
C
D
• Topology independent
• Each iBGP speaker must peer with
every other iBGP speaker in the AS
AS 100
ip address on
loopback interface
Router A in AS100
interface loopback 0
ip address 215.10.7.1 255.255.255.255
!
router bgp 100 Local ASN
network 220.220.1.0
neighbor 215.10.7.2 remote-as 100 Local ASN
neighbor 215.10.7.2 update-source loopback0
neighbor 215.10.7.3 remote-as 100
neighbor 215.10.7.3 update-source loopback0
!
ip address of Router B
loopback interface
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 62
Configuring Internal BGP
ip address on
loopback interface
Router B in AS100
interface loopback 0
ip address 215.10.7.2 255.255.255.255
!
router bgp 100 Local ASN
network 220.220.1.0
neighbor 215.10.7.1 remote-as 100 Local ASN
neighbor 215.10.7.1 update-source loopback0
neighbor 215.10.7.3 remote-as 100
neighbor 215.10.7.3 update-source loopback0
!
ip address of Router A
loopback interface
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 63
BGP for Internet Service Providers
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 64
BGP Attributes
Information about BGP
AS 200 AS 100
170.10.0.0/16 180.10.0.0/16
150.10.1.1 150.10.1.2
iBGP C
AS 200
150.10.0.0/16 A B
eBGP AS 300
150.10.0.0/16 150.10.1.1
160.10.0.0/16 150.10.1.1
220.1.2.0/23
220.1.1.0/24
iBGP Loopback
C 220.1.254.3/32
Loopback B
220.1.254.2/32
AS 300
D
220.1.1.0/24 220.1.254.2
220.1.2.0/23 220.1.254.3
Next hop is ibgp router loopback address
Recursive route look-up
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 69
Next Hop (summary)
AS 100
160.10.0.0/16
AS 200 AS 300
D 500 800 E
A B
160.10.0.0/16 500
AS 400
> 160.10.0.0/16 800
C
• Local to an AS – non-transitive
Default local preference is 100 (IOS)
• Used to influence BGP path selection
determines best path for outbound traffic
• Path with highest local preference wins
• Configuration of Router B:
router bgp 400
neighbor 220.5.1.1 remote-as 300
neighbor 220.5.1.1 route-map local-pref in
!
route-map local-pref permit 10
match ip address prefix-list MATCH
set local-preference 800
!
ip prefix-list MATCH permit 160.10.0.0/16
AS 200
A B
192.68.1.0/24
AS 201
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 76
Multi-Exit Discriminator
• Inter-AS – non-transitive
• Used to convey the relative preference of entry
points
determines best path for inbound traffic
• Configuration of Router B:
router bgp 400
neighbor 220.5.1.1 remote-as 200
neighbor 220.5.1.1 route-map set-med out
!
route-map set-med permit 10
match ip address prefix-list MATCH
set metric 1000
!
ip prefix-list MATCH permit 192.68.1.0/24
B
AS4, LOCAL_PREF
Backup link, but RPF 100, weight 100
still needs to work A AS1
ISP 2
160.10.0.0/16 300:1
X 170.10.0.0/16 300:1
200.10.0.0/16 AS 400
F
E
200.10.0.0/16 300:9
D ISP 1
AS 300
160.10.0.0/16 300:1 C 170.10.0.0/16 300:1
A B
AS 100 AS 200
160.10.0.0/16 170.10.0.0/16
• no-export
do not advertise to eBGP peers
• no-advertise
do not advertise to any peer
• local-AS
do not advertise outside local AS (only used with
confederations)
170.10.0.0/16
170.10.X.X No-Export
170.10.X.X D
A
170.10.0.0/16
AS 100 AS 200 G
B E
C F
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 85
BGP Path Selection Algorithm
Why Is This the Best Path?
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 90
Applying Policy with BGP
Control!
• Applying Policy
Decisions based on AS path, community or the prefix
Rejecting/accepting selected routes
Set attributes to influence path selection
• Tools:
Prefix-list (filter prefixes)
Filter-list (filter ASes)
Route-maps and communities
• Simple Examples
.* Match anything
.+ Match at least one character
^$ Match routes local to this AS
_1800$ Originated by 1800
^1800_ Received from 1800
_1800_ Via 1800
_790_1800_ Passing through 1800 then 790
_(1800_)+ Match at least one of 1800 in sequence
_\(65350\)_ Via 65350 (confederation AS)
deny ^\(6(451[2-9]|4[6-9]..|5...)(_6(451[2-9]|4[6-9]..|5...))*\)_.*\(
permit ^\(6(451[2-9]|4[6-9]..|5...)(_6(451[2-9]|4[6-9]..|5...))*\)
deny \(
permit .*
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 100
Policy Control
Route Maps
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 101
Policy Control
Route Maps
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 102
Policy Control
Setting Communities
• Example Configuration
router bgp 100
neighbor 220.200.1.1 remote-as 200
neighbor 220.200.1.1 send-community
neighbor 220.200.1.1 route-map set-community out
!
route-map set-community permit 10
match ip address prefix-list NO-ANNOUNCE
set community no-export
!
route-map set-community permit 20
!
ip prefix-list NO-ANNOUNCE permit 172.168.0.0/16 ge 17
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 103
BGP for Internet Service Providers
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 104
BGP Capabilities
Extending BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 105
BGP Capabilities
• Documented in RFC2842
• Capabilities parameters passed in BGP open
message
• Unknown or unsupported capabilities will
result in NOTIFICATION message
• Codes:
0 to 63 are assigned by IANA by IETF consensus
64 to 127 are assigned by IANA “first come first served”
128 to 255 are vendor specific
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 106
BGP Capabilities
See http://www.iana.org/assignments/capability-codes
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 107
BGP Capabilities Negotiation
192.168.100.0/24
BGP:
BGP: 192.168.100.2
192.168.100.2 open
open active,
active, local
local address
address 192.168.100.1
192.168.100.1
BGP:
BGP: 192.168.100.2
192.168.100.2 went
went from
from Active
Active to
to OpenSent
OpenSent
BGP:
BGP: 192.168.100.2
192.168.100.2 sending
sending OPEN,
OPEN, version
version 44
BGP:
BGP: 192.168.100.2
192.168.100.2 OPEN
OPEN rcvd,
rcvd, version
version 44
BGP:
BGP: 192.168.100.2
192.168.100.2 rcv
rcv OPEN
OPEN w/
w/ option
option parameter
parameter type:
type: 2,
2, len:
len: 66
BGP:
BGP: 192.168.100.2
192.168.100.2 OPEN
OPEN has
has CAPABILITY
CAPABILITY code:
code: 1,
1, length
length 44
BGP:
BGP: 192.168.100.2
192.168.100.2 OPEN
OPEN has
has MP_EXT
MP_EXT CAP
CAP for
for afi/safi:
afi/safi: 1/1
1/1
BGP:
BGP: 192.168.100.2
192.168.100.2 rcv
rcv OPEN
OPEN w/
w/ option
option parameter
parameter type:
type: 2,
2, len:
len: 66
BGP:
BGP: 192.168.100.2
192.168.100.2 OPEN
OPEN has
has CAPABILITY
CAPABILITY code:
code: 1,
1, length
length 44
BGP:
BGP: 192.168.100.2
192.168.100.2 OPEN
OPEN has
has MP_EXT
MP_EXT CAP
CAP for
for afi/safi:
afi/safi: 1/2
1/2
BGP:
BGP: 192.168.100.2
192.168.100.2 went
went from
from OpenSent
OpenSent toto OpenConfirm
OpenConfirm
BGP:
BGP: 192.168.100.2
192.168.100.2 went
went from
from OpenConfirm
OpenConfirm to to Established
Established
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 108
BGP for Internet Service Providers
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 109
BGP Scaling Techniques
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 110
BGP Scaling Techniques
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 111
BGP Scaling Techniques
• Route Refresh
• Peer groups
• Route flap damping
• Route Reflectors & Confederations
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 112
Route Refresh
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 113
Route Refresh
Problem:
• Hard BGP peer reset required after every policy
change because the router does not store
prefixes that are rejected by policy
• Hard BGP peer reset:
Tears down BGP peering
Consumes CPU
Severely disrupts connectivity for all networks
Solution:
• Route Refresh
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 114
Route Refresh Capability
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 115
Dynamic Reconfiguration
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 116
Soft Reconfiguration
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 118
Peer Groups
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 119
Peer Groups
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 120
Peer Groups – Advantages
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 121
Configuring Peer Group
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 123
Peer Groups
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 124
Route Flap Damping
Stabilising the Network
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 125
Route Flap Damping
• Route flap
Going up and down of path or change in attribute
BGP WITHDRAW followed by UPDATE = 1 flap
eBGP neighbour peering reset is NOT a flap
Ripples through the entire Internet
Wastes CPU
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 126
Route Flap Damping (continued)
• Requirements
Fast convergence for normal route changes
History predicts future behaviour
Suppress oscillating routes
Advertise stable routes
• Documented in RFC2439
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 127
Operation
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 128
Operation
4000
Penalty
2000
Reuse limit
1000
0
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Time
Fixed damping
router bgp 100
bgp dampening [<half-life> <reuse-value> <suppress-
penalty> <maximum suppress time>]
Variable damping
recommendations for ISPs
http://www.ripe.net/docs/ripe-229.html
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 131
Operation
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 132
Configuration
• Examples - û
bgp dampening 30 750 3000 60
reuse-limit of 750 means maximum possible
penalty is 3000 – no prefixes suppressed as
penalty cannot exceed suppress-limit
• Examples - ü
bgp dampening 30 2000 3000 60
reuse-limit of 2000 means maximum possible
penalty is 8000 – suppress limit is easily
reached
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 133
Maths!
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 134
Route Reflectors
and Confederations
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 135
Scaling iBGP mesh
Two solutions
Route reflector – simpler to deploy and run
Confederation – more complex, corner case benefits
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 136
Route Reflector: Principle
Route Reflector
AS 100
B C
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 137
Route Reflector
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 139
Route Reflectors:
Loop Avoidance
• Originator_ID attribute
Carries the RID of the originator of the route in the local
AS (created by the RR)
• Cluster_list attribute
The local cluster-id is added when the update is sent by
the RR
Cluster-id is automatically set from router-id (address
of loopback)
Do NOT use bgp cluster-id x.x.x.x
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 140
Route Reflectors:
Redundancy
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 141
Route Reflectors:
Redundancy
PoP3
AS 100
PoP1
PoP2
Cluster One
Cluster Two
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 142
Route Reflectors: Migration
AS 300
A
B C
AS 100
D
E G
F
AS 200
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 146
Confederations
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 147
Confederations (Cont.)
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 148
Confederations (cont.)
Sub-AS
65530
AS 200
A
Sub-AS
65531
B C
• Configuration (rtr B): Sub-AS
65532
router bgp 65532
bgp confederation identifier 200
bgp confederation peers 65530 65531
neighbor 141.153.12.1 remote-as 65530
neighbor 141.153.17.2 remote-as 65531
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 149
Confederations: AS-Sequence
180.10.0.0/16 200
A
Sub-AS
65002
B
180.10.0.0/16 (65004 65002) 200 180.10.0.0/16 (65002) 200
Sub-AS
65004
Sub-AS G D E Sub-AS
H 65003 F 65001
Confederation
180.10.0.0/16 100 200
100
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 150
Route Propagation Decisions
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 151
Confederations (cont.)
• Example (cont.):
BGP table version is 78, local router ID is 141.153.17.1
Status codes: s suppressed, d damped, h history, * valid, >
best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 141.153.14.3 0 100 0 (65531) 1 i
*> 141.153.0.0 141.153.30.2 0 100 0 (65530) i
*> 144.10.0.0 141.153.12.1 0 100 0 (65530) i
*> 199.10.10.0 141.153.29.2 0 100 0 (65530) 1 i
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 152
Route Reflectors or Confederations?
Anywhere Medium
Confederations in the Yes Yes Medium
to High
Network
Route Anywhere
Reflectors in the Yes Yes High Very Low
Network
Most new service provider networks now deploy Route Reflectors from Day One
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 153
More points about confederations
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 154
BGP Scaling Techniques
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 155
BGP for Internet Service Providers
• Routing Basics
• BGP Basics
• BGP Attributes
• BGP Path Selection
• BGP Policy
• BGP Capabilities
• Scaling BGP
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 156
BGP Tutorial
End of Part 1 – Introduction
Part 2 – Multihoming Techniques is this afternoon
APRICOT 2004 © 2004, Cisco Systems, Inc. All rights reserved. 157