Sie sind auf Seite 1von 37

BGP

WHAT IS BGP?
Each AS is under separate
administrative control

Autonomous
Network A

Interdomain
Routing

BGP 4:

Autonomous
Network B

Is an interdomain routing protocol


Supports CIDR and route attributes that accommodate
complex routing policy
Is a path-vector protocol that uses incremental updates and
reliable TCP transport
Views the Internet as a collection of autonomous systems
Normally requires explicitly defined peers for added security
and control
Is an IETF standard defined in RFC 4271 (supersedes RFC
1771)

2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

JUNOS BGP SUPPORT


JUNOS supports the following BGP features:

Route refresh
Multiprotocol extensions
Authentication
Communities
Route damping
Graceful restart
Route reflection
Confederations

3
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP FUNDAMENTALS
Each BGP update contains one path advertisement and
attributes

Many prefixes can share the same path

Routes consist of a destination prefix along with an AS path


and other BGP-specific attributes
BGP compares the AS path and other attributes to choose the
best path

4
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

WHEN SHOULD I USE BGP?


BGP gives
dual-homed customer
control
of inbound and
outbound traffic

EBGP

OSPF
(IGP)

ISP-X AS
2
IBGP

Customer 1
AS 1

EBGP
EBGP

Single-homed
customer uses
default route to the
Internet

Customer
2

Static
IBGP
ISP-Y AS
3

Single-homed customers normally use a static


default route
Multihomed customers benefit from BGP route selection
intelligence and policy controls
5
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP ROUTING INFORMATION BASES


Three main routing information bases (RIB) used by the
protocol

Adjacency-RIB-In contains all the routes received from all peers


Adjacency-RIB-Local contains the best path to each received
destination
Adjacency-RIB-Out contains the routes to advertise to each
peer

You view all of these using the show route/ show route
protocol bgp command

JUNOS maintains all routes in the routing table


Internal data structures keep things straight

6
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP ACTIVE ROUTE SELECTION SUMMARY


Selection summary:
Can the BGP next hop be resolved?
2. Prefer the highest local-preference value
3. Prefer the shortest AS-path length
4. Prefer the lowest origin value
5. Prefer the lowest MED value
6. Prefer routes learned using EBGP over routes learned using IBGP
7. Prefer routes with the lowest IGP metric
8. Prefer paths with the shortest cluster length
9. For EBGP-received routes, prefer the current active route;
otherwise, prefer routes from the peer with the lowest RID
10. Prefer routes from the peer with the lowest peer ID
1.

7
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

LOOPBACK PEERING
IBGP sessions are usually established between loopback
addresses
Maintains IBGP session regardless of physical topology
Uses IGP to maintain reachability
One session per-peer, regardless of physical topology

ISP A
(AS 65001)
8
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

IBGP session stays up


over working links

BGP CONFIGURATIONS
The configuration of BGP is where many differences appear
between JUNOS and IOS

Assigning the local Autonomous System number

JUNOS places the AS within routing-options


Allows multiple process to use the same value (VPN)

IOS encodes the AS within the router command


JUNOS

routing-options {
autonomous-system 65000;
}

IOS

router bgp 65000

9
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP CONFIGURATIONS
Peer groups

JUNOS makes almost exclusive use of them


Optional within IOS (but widely used)

AS number of the peer

Can be defined for the whole group or just a peer

JUNOS

IOS

bgp {
group EXTERNAL-PEERS {
peer-as 65001;
neighbor 10.81.254.1;
neighbor 10.81.254.2
{
peer-as 65002;
}
}
}

router bgp 65000


neighbor 10.81.254.1 remote-as 65001
neighbor 10.81.254.2 remote-as 65002

10
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP CONFIGURATIONS
Synchronization

JUNOS uses no synch by default

Automatic summarization off by default


JUNOS
bgp {
group EXTERNAL-PEERS {
peer-as 65001;
neighbor 10.81.254.1;
neighbor 10.81.254.2
{
peer-as 65002;
}
}
}

11
2008 Juniper Networks, Inc. All rights reserved.

IOS
router bgp 65000
no synchronization
neighbor 10.81.254.1 remote-as 65001
neighbor 10.81.254.2 remote-as 65002
no auto-summary

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP CONFIGURATIONS
type command informs the router figure how to work with the
peer

external or internal defined


IOS

JUNOS
bgp {
group EXTERNAL-PEERS {
type external;
peer-as 65001;
neighbor 10.81.254.1;
neighbor 10.81.254.2
{
peer-as 65002;
}
}
group INTERNAL-PEERS {
type internal;
neighbor 10.81.254.3;
}
}
12
2008 Juniper Networks, Inc. All rights reserved.

router bgp 65000


no synchronization
neighbor 10.81.254.1 remote-as 65001
neighbor 10.81.254.2 remote-as 65002
neighbor 10.81.254.3 remote-as 65000
no auto-summary

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP CONFIGURATIONS
local-address command changes the source address of the
BGP packets

Similar to update-source

JUNOS
bgp {
group EXTERNAL-PEERS {
type external;
peer-as 65001;
neighbor 10.81.254.1;
neighbor 10.81.254.2 {
peer-as 65002;
}
}
group INTERNAL-PEERS {
type internal;
local-address 10.81.254.10;
neighbor 10.81.254.3;
}
}
13
2008 Juniper Networks, Inc. All rights reserved.

IOS
router bgp 65000
no synchronization
neighbor 10.81.254.1
neighbor 10.81.254.2
neighbor 10.81.254.3
neighbor 10.81.254.3
no auto-summary

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

remote-as 65001
remote-as 65002
remote-as 65000
update-source loop0

SHOW BGP SUMMARY


Similar looking high-level view of all peers

JUNOS adds some additional route information


Active/Received/Damped routes per peer

user@host> show bgp summary


Groups: 1 Peers: 2 Down peers: 0
Table
Tot Paths Act Paths Suppressed
History Damp State
inet.0
12
12
0
0
0
Peer
AS
InPkt
OutPkt
OutQ
Flaps Last Up/Dwn
10.81.254.1
65001
423
430
0
0
3:33:00
10.81.254.2
65002
428
430
0
0
3:32:56

Pending
0
State
4/4/0
4/4/0

IOS-RTR-1#sh ip bgp summary


BGP router identifier 10.81.254.10, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor
10.81.254.1
10.81.254.2

14
2008 Juniper Networks, Inc. All rights reserved.

V
AS MsgRcvd MsgSent
4 65001
5
22
4 65002
9
22

TblVer
1
1

Copyright 2009 Juniper Networks, Inc.

InQ OutQ Up/Down


0
0 00:01:09
0
0 00:03:02

www.juniper.net

State/PfxRcd
4
4

SHOW BGP NEIGHBOR


Detailed information regarding each BGP peer
user@host> show bgp neighbor
Peer: 10.81.254.1+179 AS 65001 Local: 10.81.254.10+1028 AS 65000
Type: External
State: Established
Flags: <>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: None
Options: <Preference HoldTime PeerAS Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.81.254.1
Local ID: 10.81.254.10
Active
Holdtime: 90
Keepalive Interval: 30
Local Interface: so-0/0/1.0
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Table inet.0 Bit: 10000
Send state: in sync
Active prefixes: 4
Received prefixes: 4
Suppressed due to damping: 0
Last traffic (seconds): Received 13
Sent 13
Checked 13
Input messages: Total 438
Updates 4
Refreshes 0
Octets 8473
Output messages: Total 440
Updates 4
Refreshes 0
Octets 8526
Output Queue[0]: 0

15
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

VIEWING ADVERTISED BGP ROUTES


All routes in JUNOS are in the routing table

Use show route advertising-protocol bgp <peer> to


see all routes sent to that peer
Similar to show ip bgp neigh <peer> advertise in IOS
Shows the effect of all export policies
Except for the default AS Path prepend action
Different than IOS, which doesnt display changed attributes

user@host> show route advertising-protocol bgp 10.81.254.1


inet.0: 21 destinations, 22 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.3.0/24
Self
0
100 I
10.20.4.0/24
Self
0
100 I

16
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

VIEWING RECEIVED BGP ROUTES


Again, routes in JUNOS are in the routing table

Use show route receive-protocol bgp <peer> to see all routes


received from that peer
Similar to show ip bgp neigh <peer> received-routes in IOS

IOS requires soft-in configuration


JUNOS defaults to soft-in and soft-out operation

Shows the routes prior to import policies

Except for rejected routes via a route-filter

user@host> show route receive-protocol bgp 10.81.254.1


inet.0: 26 destinations, 27 routes (26 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.1.0/24
10.81.40.15
0
100 I
10.20.2.0/24
10.81.40.15
0
100 I

17
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

VIEWING LOCAL BGP ROUTES


Use show route protocol bgp

Some BGP attributes are present in this output


Local Preference, AS Path, Origin, MED
Use detail or extensive to see more data

Similar to show ip bgp in IOS

JUNOS doesnt have the concepts of:

Table versions
The routing table is the routing table one entity

60-second BGP scan time


All BGP routes get processed immediately

18
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

LOCAL BGP ROUTE COMPARISON


user@host> show route protocol bgp
inet.0: 26 destinations, 27 routes (26 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.1.0/24
*[BGP/170] 00:23:21, MED 0, localpref 100
AS path: 65001 I
> to 10.81.40.15 via so-0/0/0.0
10.20.2.0/24
*[BGP/170] 00:23:21, MED 0, localpref 100
AS path: 65001 I
> to 10.81.40.15 via so-0/0/0.0
IOS-RTR-1#sh ip bgp
BGP table version is 2003, local router ID is 10.81.254.10
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
>i10.20.3.0/24
>i10.20.4.0/24
19
2008 Juniper Networks, Inc. All rights reserved.

Next Hop
10.81.254.20
10.81.254.20
Copyright 2009 Juniper Networks, Inc.

Metric LocPrf Weight Path


100
0 i
100
0 i
www.juniper.net

VIEWING DETAILED ROUTE INFORMATION


user@host> show route 10.20.3/24 detail
inet.0: 26 destinations, 27 routes (26 active, 0 holddown, 0 hidden)
10.20.3.0/24 (1 entry, 1 announced)
*BGP
Preference: 170/-101
Source: 10.81.254.20
Nexthop: via ge-0/1/0.0, selected
Protocol Nexthop: 10.81.254.20 Indirect nexthop:
8458088 44
State: <Active Int Ext>
Local AS: 65000 Peer AS: 65000
Age: 2:39:44
Metric: 0
Metric2: 1
Task: BGP_20.10.81.254.20+1127
Announcement bits (3): 0-KRT 3-BGP.0.0.0.0+179 4Resolve inet.0
AS path: I
Localpref: 100
Router ID: 10.81.254.20

20
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

IBGP ROUTE PROPAGATION


BGP speakers do not propagate IBGP-received routes to other
IBGP peers
Requires a full mesh of BGP speakers, which provides loop

prevention

This router does not


get the
announcement for
172.31.128.0/20

R2

R3
R1

21
2008 Juniper Networks, Inc. All rights reserved.

ISP A
(AS 65001)

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

IBGP NEXT-HOP PROPAGATION


By default, the BGP next-hop attribute is unchanged as a route
propagates through an AS
Put external interfaces in IGP, or
Use next-hop self in a policy to cause the router to use its own

IP address as the next hop

R2

R1 and R2 must
have routes to the
next hop

R3

R1
22
2008 Juniper Networks, Inc. All rights reserved.

ISP A
(AS 65001)

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

CHANGING THE NEXT HOP


Example (on R3):
protocols {
bgp {
group IBGP-peers {
export PEPE;
peer-as 65001;
local-address 192.168.100.3;
neighbor 192.168.100.1 {
description R1;
}
neighbor 192.168.100.2 {
description R2;
}
R2
}
[...]
}
}

policy-options {
policy-statement PEPE {
then {
next-hop self;
}
}
}

R3

R1
23
2008 Juniper Networks, Inc. All rights reserved.

ISP A
(AS 65001)

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

WHICH ROUTERS SHOULD RUN BGP?


Any router which requires an EBGP session
Any router topologically between BGP speakers that needs BGP
information to make forwarding decisions
Need enough information to make consistent forwarding decisions

without creating forwarding loops


Do not always need to run BGP

R1

R3

R2

Enterprise Network
24
2008 Juniper Networks, Inc. All rights reserved.

ISP C

R4

ISP B

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

INTERFACE PEERING
EBGP sessions are usually established between two directly
connected addresses
protocols {
bgp {
group ISPs {
export to-ISP;
neighbor 172.28.200.201 {
description ISP-C;
peer-as 65003;
}
}
[...]
}
}

.202

.201

EBGP
172.28.200.200/30

Nails, Inc.
(AS 65501)

25
2008 Juniper Networks, Inc. All rights reserved.

EBGP session between


.202 and .201
Copyright 2009 Juniper Networks, Inc.

www.juniper.net

ISP C
(AS 65003)

MULTIPLE CONNECTIONS BETWEEN EBGP PEERS


Two options:
One EBGP session per physical connection + multipath
One loopback-loopback session + static routes

Remember, no per-flow load balancing by default

172.28.200.204/30
172.28.200.200/30

ISP C
(AS 65003)

Nails, Inc.
(AS 65501)

26
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

EBGP EXPORT POLICY


Unlike IBGP sessions, you usually want to apply an export policy
Advertise aggregates
Block provider routes
Block internal details
Implement inbound routing policy

Export policy should define what you want to send, not what you
do not want to send

27
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

EBGP IMPORT POLICY


Unlike IBGP sessions, you usually want to apply an import policy
Implement outbound routing policy

Generally, you do not want to filter routes from your ISP, but you
do want to filter routes from non-ISPs
Exceptions:
Default-only from ISP
Partial routes from ISP

Limited resources
Transition

28
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP INTERACTION OVERVIEW


Problem: You have a few routers with great routing information
How do the other routers know about these routes?

R2

R1

ISP C

ISP B

R3
R6

R4

R5

Enterprise Network
29
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP INTERACTIONGENERAL PRINCIPLES


Do not export all BGP routes into the IGP
Can export specific routes, if necessary

If multiple paths, use generated routes


Only generate routes when local session is up
Use least-specific routes possible (for example, default route)
Export only generated routes to IGP
Purpose is to draw traffic to BGP-speaking core that has full routes

30
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP OSPF EXAMPLE: OVERVIEW


Overview of example:
Traffic flow: R1-R2
No requirement to support R1-R3-R2

R1 and R2 receive full routes from their ISPs


R1

ISP B
(AS 65002)

Area 0

R2

ISP C
(AS 65003)

Area 1

R3
R6

R4

R5

Enterprise Network
31
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP OSPF EXAMPLE: SOLUTION


IBGP between R1 and R2
Both R1 and R2 generate default routes and export them into
OSPF
R1

ISP B
(AS 65002)

R2

IBGP

0.0.0.0/0
External Type 1
Metric: 0

ISP C
(AS 65003)

0.0.0.0/0
External Type 1
Metric: 0

R3
R6

R4

R5

Enterprise Network
32
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP OSPF EXAMPLE: CONFIGURATION


R1 sample configuration excerpts:
routing-options {
generate {
route 0.0.0.0/0 {
policy [ ISPB-routes reject-all ];
}
}
[...]
}
protocols {
bgp {
group isp {
[...]
neighbor 172.17.55.45 {
description ISP-B;
peer-as 65002;
}
}
[...]
}
ospf {
export default-to-ospf;
[...]
}
}
33
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

policy-options {
policy-statement ISPB-routes {
term match-ISPB-routes {
from {
protocol bgp;
neighbor 172.17.55.45;
}
then accept;
}
}
policy-statement default-to-ospf {
term match-default {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then {
metric 0;
external {
type 1;
}
accept;
}
}
}
policy-statement reject-all {
then reject;
}
}
www.juniper.net

BGP-IGP RIP EXAMPLE: OVERVIEW


Overview of example:
R1 and R2 receive full routes from their ISPs
R1 and R2 traffic flow

R2

R1

ISP B
(AS 65002)

ISP C
(AS 65003)

R3
R6

R4

R5

Enterprise Network
34
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP RIP EXAMPLE: SOLUTION


IBGP between R1, R2, and R3
Both R1 and R2 generate default routes and export them into
RIP
R1

ISP B
(AS 65002)

IBGP

0.0.0.0/0
Metric: 0

IBGP

R2

ISP C
(AS 65003)

0.0.0.0/0
Metric: 0

R3
R6

R4

R5

Enterprise Network
35
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net

BGP-IGP RIP EXAMPLE: CONFIGURATION


R1 sample configuration excerpts:
routing-options {
generate {
route 0.0.0.0/0 {
policy [ ISPB-routes reject-all ];
}
}
[...]
}
protocols {
bgp {
group isp {
[...]
neighbor 172.17.55.45 {
description ISP-B;
peer-as 65002;
}
}
[...]
}
rip {
group peer-routers {
export [ default-to-rip rip-routes ];
[...]
}
}
}
36
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

policy-options {
policy-statement ISPB-routes {
term match-ISPB-routes {
from {
protocol bgp;
neighbor 172.17.55.45;
}
then accept;
}
}
policy-statement default-to-rip {
term match-default {
from {
protocol aggregate;
route-filter 0.0.0.0/0 exact;
}
then {
metric 0;
accept;
}
}
}
policy-statement reject-all {
then reject;
}
}
www.juniper.net

37
2008 Juniper Networks, Inc. All rights reserved.

Copyright 2009 Juniper Networks, Inc.

www.juniper.net