1 © 2000, Cisco Systems, Inc. Session # Presentation_ID Border Gateway Protocol
Agenda BGP Fundamentals BGP Attributes Controlling the flow of BGP updates Practical Design Examples
Autonomous System (AS) AS 100 A Collection of networks with same policy Single routing protocol Usually under single administrative control Identified by AS number (1 – 65535) Private ASNs from – 65535
ARIN A unique routing policy (its policy differs from its border gateway peers) A multi-homed site ASN Registration Guidelines
What is an IGP? Interior Gateway Protocol Within an Autonomous System Carries information about internal prefixes Examples—OSPF, RIP, EIGRP…
What is an EGP? Exterior Gateway Protocol Used to convey routing information between Autonomous Systems Decoupled from the IGP Current EGP is BGP
Interior vs. Exterior Routing Protocols Interior Automatic discovery Generally trust your IGP routers Routes go to all IGP routers Exterior Specifically configured peers Connecting with outside networks Set administrative boundaries
Why do we need an EGP? Scaling to large network Hierarchy Limit scope of failure Fast convergence No manual reconfig (static routes) - high maintenance Complex Routing Policies Control reachability to prefixes by selecting outbound paths and announcing internal routes
NJEDge Member Remote Network Alternate ISP NJEDge Intranet NJEDge Internet Verizon ATM
What is BGP? Border Gateway Protocol, currently version 4 – defined in RFC 1771 Distance-vector routing protocol running over TCP port 179 Supports classless routing Actually two protocols – iBGP and eBGP
Internal BGP AS 3847 When BGP speakers in the same AS form a BGP connection for the purpose of exchanging routing information, they are said to be running IBGP or internal BGP. IBGP speakers are usually fully-meshed. B A c
External BGP When BGP speakers in different ASs form a BGP connection for the purpose of exchanging routing information, they are said to be running EBGP or external BGP. EBGP peers are usually directly connected. AS 109 AS A B
Agenda BGP Fundamentals BGP Attributes Controlling the flow of BGP updates Practical Design Examples
BGP Attributes AS-path Origin Next-hop Weight Local preference Multi Exit Discriminator (MED) Community
BGP Attributes 1880 AS-Path /24 A 690 B 200 C 1. Router A sends update for /24 with AS_PATH: Router B sends update for /24 with AS_PATH: Router C sends update for /24 with AS_PATH: Router A will detect its own AS number and will discard the update
AS-Path AS /16 AS /16 AS /24 AS / / i i / i / i AS6201 E C F G D B A show ip bgp
AS-Path Sequence of ASNs a route has traversed. Provides a mechanism for loop detection Shortest AS path preferred Policies may be applied based on AS path
Origin Order of preference: IGP (i) Route is interior to the originating AS Set with the Network statement under router BGP EGP (e) Route learned via EGP Incomplete (?) Route redistributed from IGP
RouterB# show ip bgp table version is 24, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> i Origin AS 300 AS A B
Next Hop / / AS 100 AS 300 AS / / AB Next hop IP address to reach a network For EBGP usually the IP of the neighbor specified by the neighbor remote-as command
Next Hop / / AS 100 AS 300 AS 200 A B C / / With IBGP Next Hop does not change Ensure that router C can reach via an IGP
Weight Cisco proprietary Local to router, not propagated in any routing updates Value (default if originated by router , other - 0) Highest weight preferred Rarely used
router bgp 300 neighbor remote-as 100 neighbor weight 2000 neighbor remote-as 200 neighbor weight 1000 Weight
Local Preference AS 400 AS /16 AS 100 AS / > / E B C A D
Path with highest local pref is preferred (default = 100) Unlike weight, local pref advertised to routers within the same AS (IBGP) Often used attribute “Powerful” attribute, comes before AS-Path length in the BGP selection algorithm Local Preference
router bgp 400 neighbor remote-as 300 neighbor remote-as 400 bgp default local-preference 200 Local Preference
Multi-Exit Discriminator (MED) AS 201 AS /24 C AB / /
Lowest MED preferred Used to convey the relative preference of entry points into an AS (Local Pref is outbound) Influences best path selection – after AS_PATH evaluation Comparable if paths are from same AS. Use bgp always-compare-med command to compare all MEDs Advertised to external neighbors Usually based on IGP metric Multi-Exit Discriminator (MED)
router bgp 300 neighbor remote-as 100 neighbor route map SETMEDOUT out neighbor remote-as 300 route-map SETMEDOUT permit 10 set metric 200 Multi-Exit Discriminator (MED)
BGP attribute Used to group destinations Useful in applying routing policies Represented as number(s) that get “stamped” on BGP routes Each destination could be member of multiple communities Community attribute carried across Autonomous Systems Communities
router bgp 200 network neighbor remote-as 300 neighbor send-community neighbor route-map SETCOMMUNITY out route-map SETCOMMUNITY permit 10 match ip address 1 set community no-export route-map SETCOMMUNITY permit 20 access list 1 permit Communities AS 200 AS A B AS C
Agenda BGP Fundamentals BGP Attributes Controlling the flow of BGP updates Practical Design Examples
BGP Path Selection Algorithm 1.Do not consider IBGP path if not synchronized 2.Do not consider path if no route to next hop 3.Highest weight (local to router) 4.Highest local preference (global within AS) 5.Shortest AS path
BGP Path Selection Algorithm 6.Lowest origin code IGP < EGP < incomplete 7.Multi-Exit Discriminator Considered only if paths are from the same AS 8.Prefer EBGP path over IBGP path 9.Path with shortest next hop metric wins 10.Lowest router-id
router bgp 256 neighbor remote-as 300 route-map SETLOCALIN in neighbor remote-as 256 ip as-path 7 permit ^300$ route-map SETLOCALIN permit 10 match as-path 7 set local-preference 200 route-map SETLOCALIN permit 20 Route Maps
Route-maps are Cisco’s mechanism to select and modify routes with if/then style algorithms. For route-maps with the keyword “permit”, if the prefix being examined passes the match statement, the set commands are executed and the route-map is exited. If the match statement is not passed, the next sequence number is executed. If there are no more sequence numbers, the prefix is filtered/dropped. Route Maps route-map SETLOCALIN permit 10 match as-path 7 set local-preference 200 route-map SETLOCALIN permit 20
ip as-path 7 permit ^300$.Period matches any single character, including white space. *Asterisk matches 0 or more sequences of the pattern. +Plus sign matches 1 or more sequences of the pattern. ?Question mark matches 0 or 1 occurrences of the pattern ^Caret matches the beginning of the input string. $Dollar sign matches the end of the input string. _Underscore matches a comma (,), left brace ({), right brace (}) left parenthesis, right parenthesis, the beginning or end of the input string, or a space. ][Square brackets designate a range of single character patterns. -Hyphen separates the endpoints of a range. These are much like standard vi regular expressions. Cisco Regular Expressions
D A C B E 701 F 6202 G The following configuration could be used on router B to accept routes from AS6201 & 6202 and deny all others. ip as-path access-list 10 permit ^6201$ ip as-path access-list 10 permit ^6201_6202$ ip as-path access-list 10 deny.*
Router A router bgp 100 network neighbor remote-as 200 neighbor route-map SETPATH out route-map SETPATH permit 10 set as-path prepend AS-Path Padding AS 400 AS 200 AS 100 AS 300 A
A way to group in a configuration template a set of neighbors having the same outbound policy. Peer-groups allow: easier configuration (and maintenance) of BGP neighbors better cpu/memory usage when generating updates By grouping neighbors with common policy together, routers can save CPU by creating once a route object and then advertising that object to multiple peers. Also, saves typing :) Peer Groups
router bgp 300 neighbor EXTERNALMAP peer-group neighbor EXTERNALMAP route-map SETMED neighbor EXTERNALMAP filter-list 1 out neighbor EXTERNALMAP filter-list 2 in neighbor remote-as 100 neighbor peer-group EXTERNALMAP neighbor remote-as 600 neighbor peer-group EXTERNALMAP neighbor remote-as 200 neighbor peer-group EXTERNALMAP neighbor filter-list 3 in Peer Groups
Three ways to configure route aggregation Redistribute static Network mask command Aggregate-address command Aggregation
router bgp 200 neighbor remote-as 300 redistribute static ip route null 0 Aggregation Redistribute Static
router bgp 200 network mask neighbor remote-as 300 ip route null 0 Aggregation Network Mask
router bgp 200 network neighbor remote-as 300 aggregate-address Aggregation Aggregate-address
router bgp 300 neighbor remote-as 200 neighbor remote-as 100 network aggregate-address suppress-map CHECK route-map CHECK permit 10 match ip address 1 access-list 1 deny access-list 1 permit Aggregation Suppress-map
Agenda BGP Fundamentals BGP Attributes Controlling the flow of BGP updates Practical Design Examples
Multi-homing with two ISPs /24 A AS 100 ISP A AS 200 C NJEDge Internet B AS / / 8 Risk of your AS becoming a transit AS
router bgp 300 network network neighbor remote-as 100 neighbor route-map localonly out neighbor remote-as 200 neighbor route-map localonly out ip as-path access-list 10 permit ^$ route-map localonly permit 10 match as-path 10 Configuration to Receive Full Internet Routing Table
router bgp 300 network network neighbor remote-as 100 neighbor route-map localonly out neighbor route-map as100only in neighbor remote-as 200 neighbor route-map localonly out neighbor route-map as200only in ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit ^100$ ip as-path access-list 30 permit ^200$ route-map localonly permit 10 match as-path 10 route-map as100only permit 10 match as-path 20 Route-map as200only permit 10 match as-path 30 ip route ip route Configuration to Receive Directly- Connected Routes
router bgp 300 network network neighbor remote-as 100 neighbor route-map localonly out neighbor prefix-list ABC in neighbor remote-as 200 neighbor route-map localonly out neighbor prefix-list ABC in ip prefix-list ABC seq 5 permit /0 ip as-path access-list 10 permit ^$ route-map localonly permit 10 match as-path 10 Configuration to Receive Default Routes Only
Load Sharing when Multi-homed to Two ISPs AS 100 AS 300 ISP A Network Internet AS / /24 E B C A D IBGP NJEDge Internet Member Network
router eigrp 10 network router bgp 200 neighbor remote-as 300 neighbor remote-as 200 neighbor distribute-list 1 out redistribute eigrp 10 access-list 1 permit Redistributing IGP into BGP Requires careful use of access lists to prevent routes from being injected back into BGP
router bgp 200 network neighbor remote-as 300 neighbor remote-as 200 Redistributing IGP into BGP (Preferred) Works for networks learned through IGP or static routes Use with aggregate-address command if necessary
Redistributing BGP into IGP Normally avoided because too many routes would be injected into the IGP Common design is to redistribute one or two routes and make them exterior routes Or, have your BGP router generate default for your autonomous system When redistributing from BGP into IGP, only routes learned using EBGP get redistributed
Cisco Routers Can’t run full BGP /4000M/4500/4500M Can run full BGP (64 MB) /3640/ M
Best Practices Peer IBGP routers using loopback address neighbor update-source loopback0 BGP soft-reconfig Allows config changes w/o clearing neighbor Inbound: neighbor soft-reconfiguration inbound Outbound: no configuration necessary clear ip bgp soft (in/out) Route Refresh Capability IOS 12.0(1.0.4)S and later bgp dampening command Suppress flapping routes (high CPU utilization) For EBGP only Alternate paths still usable Use judiciously! bgp log-neighbor-changes Used to log neighbor up/down events and resets