Sie sind auf Seite 1von 55

Border Gateway Protocol (BGP4)

routes and packets flow


packets
outcoming

AS 1

accept

announce

announce
incoming

routing information
packets

accept

AS2

For communication between AS1 and AS2:


AS1 AS2 AS2 AS1 announce routes to AS2 accept routes from AS1 announce routes to AS1 accept routes from AS2

Route types
Static Routes
manually configured

Directly connected Routes


automatically created as soon as the interface is up

Interior Routes
routes within an AS routes learnt by an IGP

Exterior Routes
Learnt by an EGP routes not belonging to the local AS

Basic Principles
A C

AS 100
B

Session
D

AS 101

BGP used between AS


BGP transported by TCP (port 179)

AS 102

Vocabulary
Neighbor NLRI
NLRI - network layer reachability information Information concerning the accessibility (or not) of a remote network

Router-ID

BGP basics ...

Multiple possible paths to reach a network Attributes configuration (policy) permit to define the best one (main difference with IGP where an algorithm decides)

BGP Sessions
A C

AS 100
220.220.8.0/24

AS 101
220.220.16.0/24

BGP Routers called peers or neighbors Session between 2 different AS = External BGP

AS 102
220.220.32.0/24

eBGP peers must be directly connected

Sessions BGP
A C

AS 100
220.220.8.0/24

AS 101
220.220.16.0/24

internal peers
E

AS 102
220.220.32.0/24

iBGP peers can be not directly connected

Sessions BGP
A C

AS 100
220.220.8.0/24

AS 101
220.220.16.0/24

BGP exchange NLRI

AS 102
220.220.32.0/24

BGP sessions configuration


AS 100
A
.2

Connexion TCP eBGP


222.222.10.0/30

AS 101
.2

220.220.8.0/24

.1

.2

.1

220.220.16.0/24

.1

interface Serial 0 ip address 222.222.10.2 255.255.255.252 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101

interface Serial 0 ip address 222.222.10.1 255.255.255.252


router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 222.222.10.2 remote-as 100

BGP sessions configuration


AS 100
222.222.10.0/30

AS 101
Session TCP iBGP
.1

.2

220.220.8.0/24

.2

.1

.2

220.220.16.0/24

.1

interface Serial 1 ip address 220.220.16.2 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.1 remote-as 101
interface Serial 1 ip address 222.220.16.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.2 remote-as 101

BGP sessions configuration


AS 100
B

C
Connection TCP/IP iBGP

Each iBGP router must establish a session with all other iBGP routers of the same AS

BGP sessions configuration

215.10.7.1

AS 100

215.10.7.2

Connexion TCP/IP iBGP

215.10.7.3

use of interfaces Loopback for iBGP sessions

Configuration des sessions BGP


215.10.7.1

AS 100

215.10.7.2

215.10.7.3

C interface loopback 0 ip address 215.10.7.1 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7.3 update-source loopback0

WHY LOOPBACK ????

For iBGP, you might want to allow your BGP connections to stay up regardless of which interface is used to reach a neighbor. To enable this configuration, you first configure a loopback interface and assign it an IP address. Next, configure the BGP update source to be the loopback interface. Finally, configure your neighbor to use the address on the loopback interface. Now the iBGP session will be up as long as there is a route, regardless of any interface.

Update BGP Messages

NLRI = Network Layer Reachability Information


To announce a route or suppress routes which are no longer reachable
Each message contains attributes as : origin, AS path, Next-Hop, ... to influence the route choice

Attribute Next-Hop
AS 300 AS 200
150.10.0.0/16 B
.2 192.10.1.0/30

140.10.0.0/16
.2

.1

D E

Network Next-Hop 160.10.0.0/16 192.20.2.1

Path 100

.1

AS 100
160.10.0.0/16
Message BGP

Next router to reach a network In a session eBGP it is a local address

Attribute Next-Hop
AS 300 AS 200
150.10.0.0/16
B
.2 192.10.1.0/30

140.10.0.0/16
.2

.1

D E

Network Next-Hop 150.10.0.0/16 192.10.1.1 160.10.0.0/16 192.10.1.1

Path 200 200 100

.1

AS 100
160.10.0.0/16

the next-hop is updated for sessions eBGP

Message BGP

Attribute Next-Hop
AS 300 AS 200
150.10.0.0/16
B
.2 192.10.1.0/30

140.10.0.0/16
.2

.1

D E

Network Next-Hop 150.10.0.0/16 192.10.1.1 160.10.0.0/16 192.10.1.1

Path 200 200 100

.1

AS 100
160.10.0.0/16

the next-hop is not modified in sessions iBGP

Message BGP

Internally IGP is in charge of routing decisions

BGP updates to withdraw Routes


AS 123
.1

AS 321
192.168.10.0/24
Message BGP
.2

Withdraw Routes 192.192.25.0/24

Connection failure

192.192.25.0/24

Network Next-Hop Path 150.10.0.0/16 192.168.10.2 321 200 192.192.25.0/24 192.168.10.2 321

BGP RIB
BGP RIB Network Next-Hop *>i160.10.1.0/24 192.20.2.2 *>i160.10.3.0/24 192.20.2.2 Path i i

BGP Routing Information Base

D D D R S

10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24

router bgp 100 network 160.10.1.0 255.255.255.0 network 160.10.3.0 255.255.255.0 no auto-summary

the command BGP network is used to fill the BGP RIB from the routing table (2 conditions)

Routing Table (do not depend on a routing protocol)

BGP RIB
BGP RIB Network Next-Hop *> 160.10.0.0/16 192.20.2.2 s> 160.10.1.0/24 192.20.2.2 s> 160.10.3.0/24 192.20.2.2 Path i i i

router bgp 100 network 160.10.0.0 255.255.0.0 aggregate-address 160.10.0.0 255.255.0.0 summary-only no auto-summary
D D D R S 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24

The command BGP aggregateaddress permit to insert in the BGP RIB an aggregated route if at least one subnetwork exists in the routing table

Routing Table

BGP RIB
Network Next-Hop Path

* i
*> 192.1.1.0/24

192.20.2.2
192.20.2.2

i
i

BGP RIB

D D D R S

10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24

router bgp 100 network 160.10.0.0 255.255.0.0 redistribute static route-map foo no auto-summary access-list 1 permit 192.1.1.0 0.0.0.255 route-map foo permit 10 match ip address 1

Route Table

No mistake ??

BGP RIB
Network Next-Hop Path

* i
*> 192.1.1.0/24

192.20.2.2
192.20.2.2

i
?

BGP RIB

D D D R S

10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24

router bgp 100 network 160.10.0.0 255.255.0.0 redistribute static route-map foo no auto-summary access-list 1 permit 192.1.0.0 0.0.255.255 route-map foo permit 10 match ip address 1

Route Table

BGP RIB
Process IN BGP RIB Network Next-Hop *>i160.10.1.0/24 192.20.2.2 *>i160.10.3.0/24 192.20.2.2 *>173.21.0.0/16 192.20.2.1 Process Out Path i i 100

Message

Message

Network Next-Hop 173.21.0.0/16 192.20.2.1

Path 100

Possible conditions to update the RIB

BGP RIB
Process IN
Network *>i160.10.1.0/24 *>i160.10.3.0/24 *> 173.21.0.0/16

BGP RIB
Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 Path i i 100

Process OUT

Message

Message

Network 160.10.1.0/24 160.10.3.0/24 173.21.0.0/16

Next-Hop 192.20.2.2 192.20.2.2 192.20.2.2

Path 200 200 200 100

Possible conditions to send information contained in RIB

BGP RIB
BGP RIB
Network *>i160.10.1.0/24 *>i160.10.3.0/24 *> 173.21.0.0/16 Next-Hop 192.20.2.2 192.20.2.2 192.20.2.1 Path i i 100

Result of process in

D D D R S B

10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24 173.21.0.0/16

This line is inserted in the routing table if unique or The distance is the lowest for this network

Routing Table

BGP Command
Configuration router bgp <AS-number> neighbor <ip address> remote-as <as-number> no auto-summary:Disables automatic network summarization. Consultation show ip bgp summary show ip bgp neighbors

redistribute static
Example
router bgp 109 redistribute static ip route 198.10.4.0 255.255.254.0 serial0

The static route must exist for the redistribution to be active

Redistribute risk
Very strict Control needed with the use of route-maps

Local Preference

AS 100
160.10.0.0/16

AS 200
D
500
800

AS 300
E

160.10.0.0/16 500 > 160.10.0.0/16 800

AS 400
C

Multi-Exit Discriminator

Permit to transport relative preferences between exit points The path with the lowest MED is chosen

Multi-Exit Discriminator (MED)

AS 200

C
192.68.1.0/24 2000

Selected path
192.68.1.0/24 1000

B
192.68.1.0/24

AS 201

Origin (route origin)


Indicates the NLRI origin
3 values
IGP -exemple : network 35.0.0.0 EGP - Redistributed by an EGP Incomplete

IGP < EGP < INCOMPLETE

Administrative Distance
Routes can be learnt by different routing protocols
classification

Default Distances for BGP:


eBGP : 20, iBGP : 200

Attributes classification
All attributes are classified from highest priority to lowest priority

Synchronization
IOS Cisco Specific : a BGP router will not announce a route if each router of its AS has not previously learnt it by the IGP

Synchronization
1880

C OSPF
35.0.0.0/8 209

D
690

C is not a BGP speaker A will not announce 35.0.0.0/8 to D if it has not learnt this network by its own IGP We can deactivate synchronization to supress this condition:

router bgp 1880 no synchronization

We want to be sure that C will be able to route usefull data to network 35.0.0.0 !!

Policy prefix list


Access-list (in and/or out) Implicit deny or permit

Prefix list - Examples


prefix 35.0.0.0/8 permitted
ip prefix-list Example permit 35.0.0.0/8

prefix 172.16.0.0/12 denied


ip prefix-list Example deny 172.16.0.0/12

In network 192/8 permit till /24


ip prefix-list Example permit 192.0.0.0/8 le 24

Any route permitted in 192.0.0.0/8, except /25, /26, /27, /28, /29, /30, /31 and /32

Prefix list - Examples


ip prefix-list Exemple deny 192.0.0.0/8 ge 25 Very similar with the previous one
ip prefix-list Exemple permit 192.0.0.0/8 ge 12 le 20

Use of prefix list


configuration Example
router bgp 200 network 215.7.0.0 neighbor 220.200.1.1 remote-as 210 neighbor 220.200.1.1 prefix-list PEER-IN in neighbor 220.200.1.1 prefix-list PEER-OUT out ! ip prefix-list PEER-IN deny 218.10.0.0/16 ip prefix-list PEER-IN permit 0.0.0.0/0 le 32 ip prefix-list PEER-OUT permit 215.7.0.0/16 ip prefix-list PEER-OUT deny 0.0.0.0/0 le 32

All is accepted from neighbor except 218.10.0.0 We only send our network to the neighbor

Distribute list with ACL IP


access-list 1 deny 10.0.0.0 access-list 1 permit any access-list 2 permit 20.0.0.0

router bgp neighbor neighbor neighbor

100 171.69.233.33 remote-as 33 171.69.233.33 distribute-list 1 in 171.69.233.33 distribute-list 2 out

Filter list
ip as-path access-list 1 permit 3561 ip as-path access-list 2 deny 35 ip as-path access-list 2 permit any router bgp neighbor neighbor neighbor 100 171.69.233.33 remote-as 33 171.69.233.33 filter-list 1 in 171.69.233.33 filter-list 2 out

Accept only routes with origin AS 3561 (deny implicit).

Do Not announce routes from AS 35 (implicit permit all)

Policy Control Route Maps


route-map
if match then do expression and exit else if match then do expression and exit else etc

Route-map : clauses match & set for policy control Match


AS-path IP address

Set
AS-path prepend Local-Preference MED Origin ...

Regular expression

[]

Matches the characters or a range of characters separated by a hyphen, within left and right square brackets.

[02468a-z] matches 0, 4, and w, but not 1, 9, or K

Matches the character or null string at the beginning of an input string.

^123 matches 1234, but not 01234

Matches zero or one occurrence of the pattern. (Precede the question mark with Ctrl-V sequence to prevent it from being interpreted as a help command.)

ba?b matches bb and bab

Matches the character or null string at the end of an input string.

123$ matches 0123, but not 1234

Route Map:Example
configuration with AS-PATH prepend
router bgp 300 network 215.7.0.0 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 route-map SETPATH out route-map SETPATH permit 10 set as-path prepend 300 300

Use your own AS number to Prepend


otherwise loop detection can stop your announce

Stub AS

B A

AS 101
ISP

AS 100
Client

stub AS

BGP not needed

Default Route to the ISP ISP announce your networks ISP policy is your policy

AS multi-homed
AS 100
ISP

AS 300
A B C D
ISP

AS 200
client

Full meshed iBGP required

ISP AS
AS 100
A
B C

AS 200

AS 300
D

FAI
E

AS 400

Das könnte Ihnen auch gefallen