Bgp

Training Tomorrow's Professional Today…

Contact details:-raghu kiran

BORDER GATEWAY PROTOCOL

BGP is most appropriate when at least one of the following conditions exists:

– An AS allows packets to transit through it to reach other Autonomous Systems (e.g., a service provider).

– An AS has multiple connections to other Autonomous Systems.– Routing policy and route selection for traffic entering and leaving

your AS must be manipulated.BGP is not always appropriate. Do not use BGP if you have

one of the following conditions:– Single connection to the Internet or other AS– Lacks memory or processor power to handle constant

updates on BGP routers – Limited understanding of route filtering and BGP path

selection process– Low bandwidth between Autonomous Systems

BGP is a path-vector protocol With the following enhancements over distance vector protocols:

Reliable updates: BGP runs on top of TCP (port 179)

Incremental, triggered updates only

Periodic keepalives messages to verify TCP connectivity (The BGP sends BGP/TCP keepalives by default every 60 seconds)

Rich metrics (called path vectors or attributes)

Designed to scale to huge internetworks (e.g., the Internet)

Connecting to two or more ISPs to increase:Reliability—If one ISP or connection fails, there is still

Internet accessPerformance—Better path selection to common Internet

destinations

Neighbor table List of BGP neighbors

BGP forwarding table/databaseList of all networks learned from each neighborCan contain multiple pathways to destination networks Database contains BGP attributes for each pathway

IP routing tableList of best paths to destination networks.

OpenIncludes hold time and BGP router ID

Keepalive

UpdateInformation for one path only (could be to multiple networks)Includes path attributes and networks

NotificationWhen error is detectedBGP connection is closed after sent

When establishing a BGP session, BGP goesthrough the following steps:

1. Idle: Router is searching routing table to see if a route exists to reach the neighbor.1. Connect: Router found route and has completed three-way TCP handshake.1. Open sent: Open message sent with the parameters for the BGP session.1. Open confirm: Router received agreement on the parameters for establishing session.

1. Established: Peering is established;

routing begins.

Idle: The router in this state cannot find the address of the neighbor in the routing table. Check for an IGP problem. Is the neighbor announcing the route?

Established: The established state is the proper state for BGP operations. In the show ip bgp summary command, if the state column is blank or has a number, then the established state is in place. The number is how many routes have been learned from this neighbor.

Active: The router has sent out an open packet and is waiting for a response. The state may cycle between active and idle. The neighbor may not know how to get back to this router because of the following reasons: Neighbor peering with the wrong addressNeighbor does not have neighbor statement for this routerNeighbor does not have a route to the source IP address of the

BGP open packet generated by this router

BGP Autonomous Systems

• An AS is a collection of networks under a single technical administration.• IGPs operate within an AS.• BGP is used between Autonomous Systems.• Exchange of loop-free routing information is guaranteed.

Peers = Neighbors

• A BGP peer, also known as a BGP neighbor, is a specific term that is used for BGP speakers that have established a neighbor relationship. • Any two routers that have formed a TCP connection to exchange BGP routing information are called peers or neighbors.

External BGP

• When BGP is running between neighbors that belong to different autonomous systems, it is called EBGP.• EBGP neighbors, by default, need to be directly connected.

Internal BGP

•When BGP is running between neighbors within the same AS, it is called IBGP.• The neighbors do not have to be directly connected.

CONFIGURING BASIC BGP OPERATIONS

router bgp autonomous-systemrouter bgp autonomous-system

Router(config)#

neighbor {ip-address | peer-group-name}

remote-as autonomous-system

neighbor {ip-address | peer-group-name}

remote-as autonomous-system

Router(config-router)#

network network-number [mask network-mask] network network-number [mask network-mask]

Router(config-router)#

Example: BGP neighbor Command

Example: BGP Using Loopback Addresses

Example: ebgp-multihop Command

BGP is an AS-by-AS routing protocol, not a router-by-router routing protocol.

In BGP, the next hop does not mean the next router; it means the IP address to reach the next AS.

For EBGP, the default next hop is the IP address of the neighbor router that sent the update.

For IBGP, the BGP protocol states that the next hop advertised by EBGP should be carried into IBGP.

Next-Hop Behavior

•Router A advertises network 172.16.0.0 to router B in EBGP, with a next hop of 10.10.10.3

•Router B advertises 172.16.0.0 in IBGP to router C, keeping 10.10.10.3 as the next-hop address.

neighbor {ip-address | peer-group-name} next-hop-selfneighbor {ip-address | peer-group-name} next-hop-self

Router(config-router)#

• Forces all updates for this neighbor to be advertised with this router as the next hop.• The IP address used for the next-hop-self will be the same as the source IP address of the BGP packet.

neighbor [peer-group-name] peer-group neighbor [peer-group-name] peer-group

Router(config-router)#

Creates peer group

neighbor [ip-address] peer-group [peer-group-name]neighbor [ip-address] peer-group [peer-group-name]

Router(config-router)#

• Defines a template with parameters set for a group of neighbors instead of individually• Useful when many neighbors have the same outbound policies• Members can have a different inbound policy• Updates generated once per peer group• Simplifies configuration

Example: Peer Group

Router C Using a Peer GroupRouter C Without a Peer Group

router bgp 65100neighbor 192.168.24.1 remote-as 65100neighbor 192.168.24.1 update-source loopback 0neighbor 192.168.24.1 next-hop-selfneighbor 198.101.24.1 distribute-list 20 outneighbor 192.168.25.1 remote-as 65100neighbor 192.168.25.1 update-source loopback 0neighbor 192.168.25.1 next-hop-selfneighbor 198.101.25.1 distribute-list 20 outneighbor 192.168.26.1 remote-as 65100neighbor 192.168.26.1 update-source loopback 0neighbor 192.168.26.1 next-hop-selfneighbor 198.101.26.1 distribute-list 20 out

router bgp 65100neighbor internal peer-groupneighbor internal remote-as 65100neighbor internal update-source loopback 0neighbor internal next-hop-selfneighbor internal distribute-list 20 outneighbor 192.168.24.1 peer-group internalneighbor 192.168.25.1 peer-group internalneighbor 192.168.26.1 peer-group internal

Synchronization rule: Do not use or advertise to an external neighbor a route learned by IBGP until a matching route has been learned from an IGP.Ensures consistency of information throughout the ASAvoids black holes within the ASSafe to turn off if all routers in the AS are running full-mesh IBGP

no synchronization no synchronization

Router(config-router)#

•Disables BGP synchronization so that a router will advertise routes in BGP without learning them in IGP

When policies such as access lists, timers, or attributes are changed, the BGP session must be reset. The change takes effect immediately, and the next time a prefix or pathway is advertised or received, the new policy will be used. It can take a long time for the policy to be applied to all networks. The session should be reset to ensure the policy is immediately applied to all affected prefixes and pathways.

Ways to trigger an update -Hard reset -Soft reset -Route refresh

clear ip bgp * clear ip bgp *

router#

• Resets all BGP connections with this router• Entire BGP forwarding table is discarded• BGP session transitions from established to idle; everything

must be relearned

clear ip bgp [ip-address]clear ip bgp [ip-address]

router#

• Resets only a single neighbor• BGP session transitions from established to idle; everything

from this neighbor must be relearned• Better than the clear ip bgp *

clear ip bgp {*|address} [soft out]clear ip bgp {*|address} [soft out]

Router#

• Routes learned from this neighbor are not lost.• This router resends all BGP information to the neighbor without

resetting the connection.• The connection remains established.• This option is highly recommended when changing outbound

policy.• The soft out option does not help if changing

inbound policy.

clear ip bgp {*|address} [soft in] clear ip bgp {*|address} [soft in]

Router#

• Routes advertised to this neighbor are not withdrawn.• This router stores all updates sent from this neighbor so new

inbound policies can be evaluated without resetting the BGP session.

• The connection remains established.

neighbor [ip-address] soft-reconfiguration inboundneighbor [ip-address] soft-reconfiguration inbound

Router(config-router)#

• A router BGP subcommand that notifies this router to store all updates from this neighbor in case the inbound policy is changed.

• The command is memory-intensive.

SELECTING A BGP PATH

BGP ATTRIBUTES

WELL-KNOWN OPTIONAL

MANDATORY DISCRETIONARY TRANSITIVE NON-TRANSITIVE

AS-PATH

NEXT-HOP

ORIGIN

i

e

?

LOCAL PREFERENCE

AUTOMIC AGGREGATE

AGGREGATOR

COMMUNITY

MED

ORIGINATOR

CLUSTER-IDno-export

no-advertise

internet

local-as

Must be recognized by all compliant BGP implementations

Are propagated to other neighbors

Well-known mandatory attributes

Must be present in all update messages

Well-known discretionary attributes

May be present in update messages

Recognized by some implementations (could be private), expected not to be recognized by everyone

Recognized optional attributes are propagated to other neighbors based on their meaning

Optional transitive attributesIf not recognized, are marked as partial and

propagated to other neighbors Optional nontransitive attributesDiscarded if not recognized

1) Prefer highest weight (local to router)2) Prefer highest local preference (global within AS)3) Prefer route originated by the local router (next hop =

0.0.0.0)4) Prefer shortest AS path5) Prefer lowest origin code (IGP < EGP < incomplete)6) Prefer lowest MED (exchanged between autonomous

systems)7) Prefer EBGP path over IBGP path8) Prefer the path through the closest IGP neighbor9) Prefer oldest route for EBGP paths10) Prefer the path with the lowest neighbor BGP router ID11) Prefer the path with the lowest neighbor IP address.

AS Path Attribute

“A list of Autonomous Systems that a route has traversed”

• For example, on router B, the path to 192.168.1.0 is the AS sequence(65500, 64520).

• The AS path attribute is well-known, mandatory.

• The shortest AS-PATH is preferred for the best path.

Next-Hop Attribute

“The IP address of the next AS to reach a given network”

• Router A advertises network 172.16.0.0 to router B in EBGP, with a next hop of 10.10.10.3

• Router B advertises 172.16.0.0 in IBGP to router C, keeping 10.10.10.3 as the next-hop address

• The next-hop attribute is well-known, mandatory.

IGP (i) network command

EGP (e) Redistributed from EGP

Incomplete (?) Redistributed from IGP or static

• The origin attribute informs all Autonomous Systems in the internetwork how the prefixes were introduced into BGP.

• The origin attribute is well-known, mandatory.

Local Preference Attribute

The local preference attribute is well-known, discretionary, and is passed only within the AS.

Paths with highest preference value are most desirable:• Local preference is used to advertise to IBGP neighbors about

how to leave their AS.• The local preference is sent to IBGP neighbors only.

Route Aggregation in BGP

With BGP4, routes can be aggregated by any AS on any BGP router.

BGP4 is classless, supports VLSM and longest match routing, and carries a network mask for each network in the update.

There is a wide range of aggregate commands

(config-router) # aggregate-address address mask This command advertises the prefix route and all the more

specific routes.(config-router) # aggregate-address address mask

summary-only This command advertises the prefix only . The command

suppresses all the more specific routes.(config-router) # aggregate-address address mask as-set This command advertises the prefix and the more specific

routes , but the command includes as-set information in the path information of the routing updates.

Community attribute is a transitive optional attribute. Community attribute is a way to group destinations in a

certain community and apply routing decisions to those communities.

We can use route-maps to set the community attributes.

NOTE : When a community attribute is set, no matter what the

community attribute specification is the update is sent to one hop (BGP default rule) and from there the community attribute is implemented.

no-export : Do not advertise to ebgp peers, keep this route within an AS only.

no-advertise : Do not advertise this route to any peer, internal or external.

Internet : Advertise this route to the internet community, any router belongs to this community.

local-as : use in confederation scenarios to prevent the transmit of packets outside the local AS.

BGP Split Horizon rule states that a route learned via IBGP will not be propagated to another IBGP.

Solutions:-

1.BGP Full Mesh2.Route Reflectors3.Confederations

“Route reflector is a solution for the explosion of iBGP peering within an AS”.

The RR scheme has a few methods to avoid the loop:

originator-id—This is an optional, nontransitive BGP attribute that is 4 bytes long. An RR creates this attribute. The attribute carries the router ID (RID) of the originator of the route in the local AS. If, due to poor configuration, the routing information comes back to the originator, the information is ignored.

cluster-list— A cluster list is a sequence of cluster IDs that the route has passed. When an RR reflects a route from the RR clients to nonclients outside of the cluster, the RR appends the local cluster ID to the cluster list.. If the local cluster ID is found in the cluster list, the advertisement is ignored.

Multi-exit Discriminator (MED) Attribute

“MED is used to advertise to EBGP neighbors how to exit their AS to reach networks owned by this AS”

• MED is sent to EBGP neighbors only.

“The paths with the lowest MED (also called the metric) value are the most desirable”

The MED attribute is optional and nontransitive.

In addition, CISCO uses a weight attribute for BGP.

The weight attribute is an attribute that is defined by CISCO.

The weight attribute is configured locally on a router and is not propagated to any other BGP routers.

Paths with highest weight value are most desirable.

Weight Attribute (Cisco-Only)

• Weight not sent to any BGP neighbors

Using Route Maps to Manipulate Basic BGP Paths

BGP is Designed to Implement Policy Routing

• BGP is designed for manipulating routing pathways.

Setting the Local Preference using Route Maps

bgp default local-preference valuebgp default local-preference value

Router(config-router)#

• Changes the default local preference value• All routes advertised to an IBGP neighbor are set

to the value specified using this command

“Within an AS between IBGP speakers Used to determine the best pathway to leave the AS to reach an outside network”

Set to 100 by default; higher values are preferred

Setting a Default Local Preference

• All routers are running BGP.• Router B is announcing local preference of 500 for all routes.• Router A is announcing local preference of 200 for all routes.• BGP path selection chooses step 2 for all routes causing all

traffic to exit through router B, which was not the intention.

Router A’s Configuration:

router bgp 65001

neighbor 2.2.2.2 remote-as 65001

neighbor 3.3.3.3 remote-as 65001

neighbor 2.2.2.2 remote-as 65001 update-source loopback0

neighbor 3.3.3.3 remote-as 65001 update-source loopback0

neighbor 192.168.28.1 remote-as 65002

neighbor 192.168.28.1 route-map local_pref in

!

route-map local_pref permit 10

match ip address 65

set local-preference 400

!

route-map local_pref permit 20

!

access-list 65 permit 172.30.0.0 0.0.255.255

RouterC# show ip bgp

BGP table version is 7, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i

*>i 192.168.28.1 100 0 65002 65003 i

*>i172.24.0.0 172.20.50.1 100 0 65005 i

* i 192.168.28.1 100 0 65002 65003 65004 65005 i

* i172.30.0.0 172.20.50.1 100 0 65005 65004 i

*>i 192.168.28.1 400 0 65002 65003 65004i

Best (>) pathways for networks 172.16.0.0/16 and 172.24.0.0/16 have not changed.

Best (>) pathway for network 172.30.0.0 has changed to a new next hop of 192.168.28.1 due to the next hop of 192.168.28.1 having a higher local preference, 400.

Setting the MED with Route Maps

default-metric numberdefault-metric number

Router(config-router)#

• MED is considered the metric of BGP.• All routes advertised to an EBGP neighbor are set to

the value specified using this command.

“MED is used when multiple pathways exist between two Autonomous Systems”

lower MED value is preferred. The default setting for Cisco is MED= 0.

The metric is nontransitive.

default-metric numberdefault-metric number

Router(config-router)#

• MED is considered the metric of BGP.• All routes advertised to an EBGP neighbor are set to

the value specified using this command.

“MED is used when multiple pathways exist between two Autonomous Systems”

lower MED value is preferred. The default setting for Cisco is MED= 0.

The metric is nontransitive.

BGP Using Default MED

• Router B is announcing a MED of 99 for routes originating in AS 65001.

• Router A is announcing a MED of 1001 for routes originating in AS 65001.

• If AS 65004 does not have any overriding policy, AS 65004 will choose router Y as its exit point to get to all networks in AS 65001 because of step 6—prefer lowest MED (from other AS).

Configuring MED using Route maps

Router A’s Configuration:

router bgp 65001

neighbor 2.2.2.2 remote-as 65001

neighbor 3.3.3.3 remote-as 65001

neighbor 2.2.2.2 update-source loopback0

neighbor 3.3.3.3 update-source loopback0

neighbor 192.168.28.1 remote-as 65004

neighbor 192.168.28.1 route-map med_65004 out

!

route-map med_65004 permit 10

match ip address 66

set metric 100

route-map med_65004 permit 100

set metric 200

!

access-list 66 permit 192.168.25.0.0 0.0.0.255

access-list 66 permit 192.168.26.0.0 0.0.0.255

Router B’s Configuration:

router bgp 65001neighbor 1.1.1.1 remote-as 65001

neighbor 3.3.3.3 remote-as 65001

neighbor 1.1.1.1 update-source loopback0

neighbor 3.3.3.3 update-source loopback0

neighbor 172.20.50.1 remote-as 65004

neighbor 172.20.50.1 route-map med_65004 out

!

route-map med_65004 permit 10

match ip address 66

set metric 100

route-map med_65004 permit 100

set metric 200

!

access-list 66 permit 192.168.24.0.0 0.0.0.255

RouterZ# show ip bgp

BGP table version is 7, local router ID is 122.30.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i192.168.24.0 172.20.50.2 100 100 0 65001 i

* i 192.168.28.2 200 100 0 65001 i

* i192.168.25.0 172.20.50.2 200 100 0 65001 i

*>i 192.168.28.2 100 100 0 65001 i

* i192.168.26.0 172.20.50.2 200 100 0 65001 i

*>i 192.168.28.2 100 100 0 65001 i

Examine the networks learned from AS 65001 on Router Z in AS 65004.

For all networks: Weight is equal (0); local preference is equal (100); routes are not originated in this AS; AS path is equal (65001); origin code is equal (i).

192.168.24.0 has a lower metric (MED) through 172.20.50.2 (100) than 192.168.28.2 (200).

192.168.25.0 has a lower metric (MED) through 192.168.28.2 (100) than 172.20.50.2 (200).

192.168.26.0 has a lower metric (MED) through 192.168.28.2 (100) than 172.20.50.2 (200).