Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scaling and other new BGP Features Mark Turner Cisco Systems Queries: Unless otherwise noted, these features.

Published byEmma Cox Modified over 9 years ago

Similar presentations

Presentation on theme: "Scaling and other new BGP Features Mark Turner Cisco Systems Queries: Unless otherwise noted, these features."— Presentation transcript:

1 Scaling and other new BGP Features Mark Turner Cisco Systems markt@cisco.com Queries: cs-iprouting-bgp@cisco.com Unless otherwise noted, these features are in 11.1(19)CC1 http://www.cisco.com/univercd/cc/td/doc/product/software/ios111/cc111

2 AGENDA - Behavioral Changes - Knobs for the “Common Good” - Knobs for fun and profit (reading exercise)

3 Behavioral Changes - Peer Groups - Route Reflectors - CPU/Memory utilization improvements

4 What : Remove restrictions on BGP peer groups Why : - Allow transit between EBGP peer- group members - Allow EBGP peer groups to span multiple LIS - Allow peer-group of Router Reflector Clients How: No knob

5 CORE Route Reflector Client Peer Group Aggregation Router (RR Client) Full Routes Peer Group “Default” Peer Group Customer Routes Peer Group - Use “neighbor default-originate” for per neighbor default

6 What : Remove RR client cross-cluster peering restrictions Why : Increase scalability/reliability of RR hierarchies How: No knob - extra decision criteria Notes: To avoid loops, ensure RR-RRC topology follows the physical topology

7 X X A and D choose EBGP path for X C is RRC of A - route to X is via B to A B is RRC of D - route to X is via C to D => Loop B C A (RR) B (RRC)C (RRC) D (RR)

8 Cluster B Backbone Cluster D RR RRC RR Cluster C Cluster A RR Reflector relationships between Cluster C/Custer D and Cluster B now ok.

9 What : Remove 200 “network” command restriction Why : Customer demand. Limit now set by box resources (memory/nvram) How: No knob

10 Knobs for the “Common Good” - Prefix Counts/Overload - Prefix Lists - Overriding 3rd party NH - AS transition support - Conditional advertisements - CEF RPF - MAC Accounting

11 What : Prefix count and “overload protection” Why : - Some protection against peer “major mistakes”. - Consider applying to customer peer groups. How: neighbor maximum-prefix [warning-only ] Notes: - prefix count always shows up in “sh ip bgp sum” output - Small counting discrepancy - fix in 11.1(20)CC

12 Log output: %BGP-4-MAXPFS: No of prefix received from y.y.y.y reaches 0.75N, Max N %/BGP-4-MAXPFEXCEED: No of prefix received from y.y.y.y:N+x exceed limit N sh ip bgp output: 1.0.0.129 4 65000 37888 36523 113054 0 0 04:19:40 49938 1.0.0.129 4 65000 37992 36630 0 0 0 00:01:24 Idle (PfxCt)

13 sh ip bgp n 1.0.0.129 BGP neighbor is 1.0.0.129, remote AS 65000, external link Index 8, Offset 1, Mask 0x1 BGP version 4, remote router ID 0.0.0.0 BGP state = Idle, table version = 0 Last read 00:02:15, hold time is 180, keepalive interval is 60 seconds Neighbor NLRI negotiation: Configured for unicast routes only Minimum time between advertisement runs is 30 seconds Received 37992 messages, 0 notifications, 0 in queue Sent 36630 messages, 0 notifications, 0 in queue Connections established 2; dropped 2 Last reset 00:02:15, due to Peer exceeding maximum prefix limit Peer had exceeded the max. no. of prefixes configured. Reduce the no. of prefix and clear ip bgp 1.0.0.129 to restore peering No active TCP connection

14 What : Prefix lists Why : - Efficient handling of large route filters,eg at peering points. - Incremental configuration updates - Filtering on prefix-length How: Prefix list definition: [no] ip prefix-list [seq ] deny | permit / [ge ] [le ] Apply to Neighbor: neighbor prefix-list in|out - can also be used with route-maps

15 Exact match ip prefix-list aaa permit 35.0.0.0/8 Prefix Length match In 192/8, accept up to /24 ip prefix-list aaa permit 192.0.0.0/8 le 24 In 192/8, deny /25+ ip prefix-list aaa deny 192.0.0.0/8 ge 25 In all address space, deny /0 - /7 ip prefix-list aaa deny 0.0.0.0/0 le 7

16 Notes: - prefix-list and distribute-list cannot be applied to single neighbor at the same time - Improvements to the CLI parser led to a ~4 times speed increase - which is just as well!!!!

17 What : Override inbound/outbound third-party NH Why : - Force neighbor to transit traffic at NAP - Set next-hop per prefix, based on route-map => more granularity than “neighbor x.x.x.x next-hop-self” How: route-map nukeNH permit 10 set ip next-hop | peer-address

18 What : “OR” capability for peer AS number Why : Smooth transition between AS numbers (providers) for customers. How: remote-as xxx or yyy or zzz Caveats: Coming in 12.0 :-)

19 What : Conditional Advertisements Why : For dual homed sites - limit sub- provider CIDR block prefix announcements to failure condition only. (Yakov’s ‘96 Nanog talk) How: neighbor advertise-map non-exist-map

20 ISP1 ISP2 R1 R2 R3 R4 24.10.6/24 140.15.7/24 24.10.6.14 140.15.7.4 24.10.6/24140.15.7/24 24.10/16 140.15.7/24 (auto-injected) 140.15/16 neighbor advertise-map amap non-exist-map backbone route-map amap permit 10 match ip address 1 route-map backbone permit 10 match ip address 2 access-list 1 permit 140.15.7.0!Advertise this when... access-list 2 permit 140.15.0.0!... this is not present.

21 What : RPF for CEF Why : Efficient protection against your customers sourcing ip spoof attacks How: global ip cef [distributed] Per interface interface xyz ip verify unicast reverse-path

22 To Internet Customer Incoming packets 10/8 -> S0 20/8 -> S1 Router A’s routing table S0S1 Src IP 10.1.1.1 Src IP 20.1.1.1 RPF for CEF

23 What : MAC accounting: 512 addresses/direction. Why : eg NAP peer-flows without netflow analysis - USEFUL FOR DEBUGGING How: int fddi x ip accounting mac-address input ip accounting mac-address output Notes: 512 MAC entries; ip only; CEF/dCEF(11.1(20)CC only)/flow/optimum ethernet, fastethernet, fddi only SNMP Access http://www.cisco.com/public/mibs/supportlists/c7505/supp ortlist.html (look for CISCO-IP-STAT-MIB)

24 Example show output: sh int Ethernet0/1/3 mac Input (511 free) 0000.0c04.7ad5(167): 9 packets,1026 bytes, last: 20512ms ago Total: 9 packets, 1026 bytes Output (510 free) ffff.ffff.ffff(0 ): 16 packets, 960 bytes, last: 58108ms ago 0000.0c04.7ad5(167): 9 packets,1026 bytes, last: 21060ms ago Total: 25 packets, 1986 byte

25 Knobs for Fun and Profit - MBGP (BGP+) - Per neighbor bgp timers - Clear all peers in single AS - Always strip private AS - bgp logging - per neighbor timers, description, shutdown - community regexp match - bgp policy propagation - IP precedence accounting

26 What : Multicast NLRI support in BGP Why : Support incongruent multicast and unicast policy routing in the Internet How: ftp://ftpeng.cisco.com/ipmulticast/mbgp_deployment_overview.txt ftp://ftpeng.cisco.com/ipmulticast/mbgp_configuration_examples.txt ftp://ftpeng.cisco.com/ipmulticast/html/ipmulticast.html Notes: 11.1(20)CC only

27 What : Per neighbor bgp timers Why : Allow fast-fall over of specific peering sessions (eg for backup purposes) How: neighbor x.x.x.x times

28 What : A way to clear all sessions to a single AS Why : Operations How: clear ip bgp Caveats: none known

29 What : A way to always strip private -AS Why : Allows pre-append of private-AS (before only adjacent private AS was stripped) How: neighbor remove-private-as always Caveats: none known

30 What : Neighbor/peer group description Why : Operational How: neighbor description

31 What : Neighbor/peergroup shutdown command sho ip bgp sum: 1.0.0.1 4 1001 2810 353 0 0 0 00:00:02 Idle (Admin) Why : Remove need to cut-and-paste config in order to deactivate neighbor How: neighbor / shutdown

32 What : Regular expression match for communities Why : Community pattern matching in route-maps How: ip community-list permit|deny regexp Notes: cisco regexp - not full perl/unix regexp!

33 What : Log neighbor up/down %BGP-5-RESET: neighbor 1.0.0.79 reset (Peer closing down the session) %BGP-5-ADJCHANGE: neighbor 1.0.0.131 Down %BGP-5-ADJCHANGE: neighbor 1.0.0.131 Up Why : Operational How: bgp log-neighbor-changes Caveats: none known

34 What : BGP policy propagation Why :Communicate QoS policy based on BGP attributes within and between ASs. How: - allows IP precedence or (11.1.20(CC) onwards) internal QoS Flag to be set based on AS list, community list, or IP address. Can then use CAR/WRED etc to enforce QoS policy. See: http://www.cisco.com/univercd/cc/td/doc/product/software/io s111/cc111/bgpprop.htm Notes: must enable CEF on interface

35 ! router bgp 210 table-map as-path-precedence-map neighbor “R1” remote-as 200 ! ip as-path access-list 101 permit $200^ ! route-map as-path-precedence-map match ip as-path 101 set precedence 3 ! interface hssi/0/0/0 bgp-policy ip-prec-map ! AS200 AS210 R1 R2 AS Path Example Set ip precedence to 3 for traffic from traffic originating in AS200

36 router bgp 200 table-map qos-class neighbor... ! ip community-list 100 permit ^100:0$ ! route-map as qos-class match community 100 set ip qos-group 2! “2” is the internal QoS classifier !! of which there are 100 ! interface serial 0/0/0 !outgoing interface to AS400 rate output qos 2 8000 8000 8000 conform drop exceed drop interface serial 0/0/1!incoming interface from AS100 bgp-policy input ip-qos-class AS200 AS300 Unusual CAR Example - block traffic from community 100:0 to AS400 AS100 AS400

37 What : IP Precedence accounting (8 levels) sh int fddi 5/0/0 precedence Fddi5/0/0 Input Precedence 0: 439 packets, 39846 bytes Precedence 6: 10 packets, 745 bytes Output Precedence 6: 80 packets, 17302 bytes http://www.cisco.com/public/mibs/supportlists/c7505/supportlist.html CISCO-IP-STAT-MIB Why :non-netflow billing on precedence How: int fddi x ip precedence accounting input ip precedence accounting output Caveats: CEF/DCEF/Flow/Optimum only

Download ppt "Scaling and other new BGP Features Mark Turner Cisco Systems Queries: Unless otherwise noted, these features."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
BGP. 2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net BGP Overview Is an inter-domain routing protocol that communicates prefix reachablility.

BGP. 2 Copyright © 2009 Juniper Networks, Inc. BGP Overview Is an inter-domain routing protocol that communicates prefix reachablility.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Best Practices for ISPs

Best Practices for ISPs
Implementing an EIGRP-Based Solution

Implementing an EIGRP-Based Solution
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
CS 672 1 Summer 2003 Lecture 4. CS 672 2 Summer 2003 Route Aggregation The process of representing a group of prefixes with a single prefix is known as.

CS Summer 2003 Lecture 4. CS Summer 2003 Route Aggregation The process of representing a group of prefixes with a single prefix is known as.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)

Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

Similar presentations

Ads by Google