Inter-domain routing and BGP BGP in JunOS Olof Hagsand KTH/CSC · OSPF accept all OSPF routes reject all (OSPF uses LSAs) MPLS accept all MPLS routes export all active MPLS routes.

DD2491, p1 2008

Inter-domain routing and BGP

BGP in JunOS

Olof Hagsand KTH/CSC

DD2491 p1 2008

DD2491, p1 2008

JunOS Routing modelNeighbours

Protocols

Neighbours

Protocols

RIB

FIB

ExportImport

Note: Export policies may be applied only to active routes!

Protocol Default import action Default export action

direct and static accept all N/A

RIP accept all RIP routes reject all

BGP accept all BGP routes export all active BGP routes

IS-IS accept all IS-IS routes reject all (IS-IS uses LSAs)

OSPF accept all OSPF routes reject all (OSPF uses LSAs)

MPLS accept all MPLS routes export all active MPLS routes

DD2491, p1 2008

BGP Routing Process Model

• Pool of routes received from peers

• Import policy for filtering and attribute manipulation

• Decision process to select best routes

• Pool of routes used by router

• Export policy for filtering and attribute manipulation

• Pool of routes that the router advertises

Peer

importpolicy

decisionprocess

RIBRIB exportpolicy

Peer

Peer Peer

DD2491, p1 2008

BGP Routing Information Bases (BGP RIBs)CISCO version

Adj­RIB­In

Adj­RIB­In

Adj­RIB­In

Adj­RIB­In

BGPdecisionprocess

Loc­RIB

Adj­RIB­Out

Adj­RIB­Out

Adj­RIB­Out

Adj­RIB­Out

Input Policy Engine Output Policy Engine

© 2001 Cisco Press

DD2491, p1 2008

BGP RIBs

BGP routing table consists of three parts

• Adj-RIB-In

– One per peer BGP speaker

– Stores routing information learned from peer

– Filtered/manipulated input policy engine

• Loc-RIB

– Selected best routes by decision process to each available destination

• Adj-RIB-Out

– One per peer BGP speaker

– Stores routing information selected for advertisement to peer

– Output policy applied to Loc-RIB before going into Adj-RIB-Out

– This is redistributed if REFRESH capability is used

DD2491, p1 2008

Import/Export Policy

• Import policy

– Affects routes received from peer BGP speakers

– Filtering based on IP prefixes, AS_PATH and other BGP attributes

– Manipulates path attributes to influence its own decision process

• Export policy

– Affects routes in Loc-RIB (candidates for advertisement)

• In JunoS: only active BGP routes

– Differentiates between internal and external peers

DD2491, p1 2008

BGP example policies

AS1

importpolicy

decisionprocess

RIBRIB exportpolicy

AS3

AS2 AS4

10.0.0.0/240/0

10.0.0.0/2410.2.0.0/240/0

•Deny 0/0 from AS1•Give 10.0.0.0/24 from AS1 better pref

•Use 10.0.0.0/24 from AS1•Use 0/0  and 10.2.0.0/24 from AS2

•Do not propagate 0/0•Do not announce 10.2.0.0/24 to AS3•Give 10.0.0.0/24 metric 10 toward AS4

10.0.0.0/24

10.0.0.0/2410.2.0.0/24

0/0 AS2 BGP10.0.0.0/24 AS1 BGP

10.2.0.0/24 AS2 BGP

DD2491, p1 2008

Configuring BGP in JunOS

• Many configurations can be made on global, group and peer level.

• More specific is preferred (peer before group before global)

protocol bgp {

mtu-discovery Global properties

group external-peers {

type external; Group properties

peer-as 42;

neighbor 192.168.200.13;

neighbor 192.168.200.14;

neighbor 192.168.200.14{

peer-as 93; Peer properties

}

}

}

See: http://www.juniper.net/techpubs/software/junos/junos90/

DD2491, p1 2008

BGP commands in JunOS (1)  advertise­inactive   Advertise inactive routes

  advertise­peer­as    Advertise routes received from the same autonomous  

                       system

  authentication­algorithm  Authentication algorithm name

  authentication­key   MD5 authentication key

  authentication­key­chain  Key chain name

  cluster              Cluster identifier

  damping              Enable route flap damping

  description          Text description

  disable              Disable BGP

+ export               Export policy

> family               Protocol family for NLRIs in updates

> graceful­restart     BGP graceful restart options

> group                Define a peer group

  hold­time            Hold time used when negotiating with a peer

+ import               Import policy

  include­mp­next­hop  Include NEXT­HOP attribute in multiprotocol updates

  ipsec­sa             IPSec SA name

  keep                 How to retain routes in the routing table

DD2491, p1 2008

BGP commands in JunOS (2)

  local­address        Address of local end of BGP session

> local­as             Local autonomous system number

  local­preference     Value of LOCAL_PREF path attribute

  log­updown           Log a message for peer state transitions

> metric­out           Route metric sent in MED

  mtu­discovery        Enable TCP path MTU discovery

> multihop             Configure an EBGP multihop session

  no­advertise­peer­as Don't advertise routes received from the same 

autonomous system

  no­aggregator­id     Set router ID in aggregator path attribute to 0

  out­delay            How long before exporting routes from routing table

  passive              Do not send open messages to a peer

> path­selection       Configure path selection strategy

  peer­as              Peer autonomous system number (1..65535)

  preference           Preference value

  remove­private       Remove well­known private AS numbers

  tcp­mss              Maximum TCP segment size (1..4096)

> traceoptions         Trace options for BGP

DD2491, p1 2008

Routing policy: syntax and flow

• Changing the default routing policy

• Syntax:

policy-options {

policy-statement name {

term term-name {

from {

match;

}

then {

action;

}

}

}

}term1 term2

defaultpolicy

term3

term1 term2 term3

Policy 1

Policy 2

term

accept

reject

nextroute

DD2491, p1 2008

Applying policies

• Export policy evaluation order: p4->p2->p0

• If verdict (accept, reject) policy chain is terminated

• Side-effects may still apply

protocol bgp {

export p0; Global properties

import p1;

group external-peers {

type external; Group properties

export p2;

import p3;

neighbor 192.168.200.14{

export p4; Peer properties

import p5;

}

}

}

DD2491, p1 2008

Policy-options statements

• as-path name reg-exp

– Create a named AS-PATH regular expression

– Example: as-path asp0 “65000{4}”

• as-path-group { [as-path] }

• community name members [ ids ]

– Example: community c0 members 701:555

• damping name [options]

• policy-statement

• prefix-list name { ip-addresses }

– Create a named list of prefixes

– Example: prefix-list p0 {10.0.0.1; 192.168.1.0/24;}

# set policy-options ?

DD2491, p1 2008

Policy-statement matches

– as­path– community– family– local­preference– metric– neighbor– next­hop– origin– preference– prefix­list– protocol– route­filter– ...

# set policy-options policy-statement <name> term <name> from ?

DD2491, p1 2008

Policy-statement actions

• accept

• reject

• next policy

• next term

• trace

Side­effects with accept:– as-path-prepend– community– color– external– load-balance per-packet– local-preference– metric– next-hop– origin– preference

# set policy-options policy-statement <name> term <name> then ?

DD2491, p1 2008

Lab overview

RTX3

RTX2

RTX1

RTX4

Tier1

ASX ASX+1

10.X.8.0/2410.X.9.0/2410.X.10.0/2410.X.11.0/24

AS65500

0/0/0 0/0/0

0/0/0

1/0/1

1/0/1

1/0/1

1/0/1 1/0/0

1/0/0

1/0/0

1/0/0

172.16.10X.0/30

172.16.X+1.0/30

172.16.X.0/30

.1

.1.1 .2 .2

.2

ASX­1