Академический Документы
Профессиональный Документы
Культура Документы
Service Providers
Philip Smith
<pfs@cisco.com>
NANOG 34
Seattle, 15-17 May 2005
NANOG 34
Presentation Slides
NANOG 34
BGP Basics
Scaling BGP
Using Communities
Deploying BGP in an ISP network
NANOG 34
BGP Basics
Reminder
NANOG 34
Described in RFC1771
work in progress to update
www.ietf.org/internet-drafts/draft-ietf-idr-bgp4-26.txt
NANOG 34
NANOG 34
NANOG 34
10
NANOG 34
11
BGP Capabilities
Extending BGP
NANOG 34
12
BGP Capabilities
Documented in RFC2842
Capabilities parameters passed in BGP open
message
Unknown or unsupported capabilities will result
in NOTIFICATION message
Codes:
0 to 63 are assigned by IANA by IETF consensus
64 to 127 are assigned by IANA first come first served
128 to 255 are vendor specific
NANOG 34
13
BGP Capabilities
Current capabilities are:
0
Reserved
[RFC3392]
[RFC2858]
[RFC2918]
[ID]
64
[ID]
65
[ID]
66
Deprecated 2003-03-06
67
[ID]
See www.iana.org/assignments/capability-codes
NANOG 34
14
BGP Capabilities
Multiprotocol extensions
This is a whole different world, allowing BGP to
support more than IPv4 unicast routes
Examples include: v4 multicast, IPv6, v6 multicast,
VPNs
Another tutorial (or many!)
15
BGP Basics
Scaling BGP
Using Communities
Deploying BGP in an ISP network
NANOG 34
16
NANOG 34
17
NANOG 34
18
Route Refresh
NANOG 34
19
Route Refresh
BGP peer reset required after every policy
change
Because the router does not store prefixes which are
rejected by policy
20
NANOG 34
21
Route Refresh
Use Route Refresh capability if supported
find out from the BGP neighbour status display
Non-disruptive, Good For the Internet
22
NANOG 34
23
Route flap
Going up and down of path or change in attribute
BGP WITHDRAW followed by UPDATE = 1 flap
eBGP neighbour peering reset is NOT a flap
24
Requirements
Fast convergence for normal route changes
History predicts future behaviour
Suppress oscillating routes
Advertise stable routes
Documented in RFC2439
NANOG 34
25
Operation
NANOG 34
26
Operation
4000
Penalty
Suppress limit
3000
Penalty
2000
Reuse limit
1000
0
0 1 2
3 4
5 6 7 8
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Time
Network
Announced
NANOG 34
Network
Not Announced
Network
Re-announced
27
Operation
28
Configuration
NANOG 34
29
NANOG 34
30
31
Route Reflectors
NANOG 34
32
n=1000 nearly
half a million
ibgp sessions!
13 Routers
78 iBGP
Sessions!
Two solutions
Route reflector simpler to deploy and run
Confederation more complex, corner case benefits
NANOG 34
33
AS 100
B
NANOG 34
34
Route Reflector
Reflector receives path
from clients and nonclients
Clients
Reflectors
A
B
AS 100
Described in RFC2796
NANOG 34
35
NANOG 34
36
Route Reflectors:
Loop Avoidance
Originator_ID attribute
Carries the RID of the originator of the route in the local
AS (created by the RR)
Cluster_list attribute
The local cluster-id is added when the update is sent by
the RR
Best to set cluster-id is from router-id (address of
loopback)
(Some ISPs use their own cluster-id assignment
strategy but needs to be well documented!)
NANOG 34
37
Route Reflectors:
Redundancy
NANOG 34
38
Route Reflectors:
Redundancy
PoP3
AS 100
PoP1
PoP2
Cluster One
Cluster Two
NANOG 34
39
Route Reflectors:
Migration
40
Route Reflectors:
Migration
41
Route Reflector:
Migration
AS 300
A
B
AS 100
AS 200
C
D
F
42
Route Refresh
Use should be mandatory
Route Reflectors
The way to scale the iBGP mesh
NANOG 34
43
BGP Basics
Scaling BGP
Using Communities
Deploying BGP in an ISP network
NANOG 34
44
NANOG 34
45
BGP Communities
NANOG 34
46
BGP Communities
Communities are generally set at the edge of the
ISP network
Customer edge: customer prefixes belong to different
communities depending on the services they have
purchased
Internet edge: transit provider prefixes belong to
difference communities, depending on the loadsharing
or traffic engineering requirements of the local ISP, or
what the demands from its BGP customers might be
47
48
Community assignments:
IXP connection:
community 100:2100
Private peer:
community 100:2200
49
Aggregation Router
Customers
Customers
Border Router
Customers
50
NANOG 34
51
52
www.sprintlink.net/
policy/bgp.html
More info at
www.sprintlink.net/policy/bgp.html
NANOG 34
53
NANOG 34
54
NANOG 34
55
NANOG 34
56
NANOG 34
57
AS5400
BT Ignite European Backbone
Community to
Not announce
Community to
AS prepend 5400
To peer:
5400:2000
5400:1500
5400:1501
5400:1502
5400:1503
5400:1504
5400:1505
5400:2500
5400:2501
5400:2502
5400:2503
5400:2504
5400:2505
All Transits
Sprint Transit (AS1239)
SAVVIS Transit (AS3561)
Level 3 Transit (AS3356)
AT&T Transit (AS7018)
UUnet Transit (AS701)
5400:2001
5400:2002
5400:2003
And many
many more!
58
BGP Basics
Scaling BGP
Using Communities
Deploying BGP in an ISP network
NANOG 34
59
NANOG 34
60
Deploying BGP
NANOG 34
61
NANOG 34
62
NANOG 34
63
eBGP used to
exchange prefixes with other ASes
implement routing policy
NANOG 34
64
Model representation
eBGP
NANOG 34
eBGP
eBGP
iBGP
iBGP
iBGP
iBGP
IGP
IGP
IGP
IGP
65
DO NOT:
distribute BGP prefixes into an IGP
distribute IGP routes into BGP
use an IGP to carry customer prefixes
NANOG 34
66
NANOG 34
67
Aggregation
Quality or Quantity?
NANOG 34
68
Aggregation
Aggregation means announcing the address
block received from the RIR to the other ASes
connected to your network
Subprefixes of this aggregate may be:
Used internally in the ISP network
Announced to other ASes to aid with multihoming
69
Aggregation
NANOG 34
70
Announcing an Aggregate
NANOG 34
71
Aggregation Example
100.10.0.0/19
100.10.0.0/19
aggregate
customer
Internet
AS100
100.10.10.0/23
72
73
Aggregation Example
100.10.10.0/23
100.10.0.0/24
100.10.4.0/22
customer
Internet
AS100
100.10.10.0/23
74
NANOG 34
75
Aggregation Summary
NANOG 34
76
162009
94157
78129
75990
/24s announced
88342
19627
77
78
Networks
24/8
24
60/8
61/8
62/8
63/8
64/8
65/8
66/8
67/8
68/8
69/8
70/8
71/8
72/8
73/8
0
2
100
78
0
0
0
0
0
0
0
1
0
0
NANOG 34
Block
Networks
Block
Networks
Block
Networks
80/8
81/8
82/8
83/8
84/8
85/8
86/8
87/8
88/8
0
0
0
0
0
0
0
0
0
124/8
125/8
126/8
0
0
0
192/8
193/8
194/8
195/8
196/8
197/8
198/8
199/8
200/8
201/8
202/8
203/8
204/8
205/8
206/8
207/8
6287
2439
2921
1429
550
0
4015
3503
1459
0
2398
3782
3936
2694
3421
3014
208/8
209/8
210/8
211/8
212/8
213/8
214/8
215/8
216/8
217/8
218/8
219/8
220/8
221/8
222/8
223/8
2995
3083
700
0
840
1
2
4
1218
0
0
0
0
1
0
0
79
Networks
Block
Networks
Block
Networks
Block
Networks
24/8
2989
60/8
61/8
62/8
63/8
64/8
65/8
66/8
67/8
68/8
69/8
70/8
71/8
72/8
73/8
249
2419
1628
2782
4768
3586
5953
1731
2474
2632
869
250
479
0
80/8
81/8
82/8
83/8
84/8
85/8
86/8
87/8
88/8
1522
1258
1158
1653
642
806
35
2
2
192/8
193/8
194/8
195/8
196/8
197/8
198/8
199/8
200/8
201/8
202/8
203/8
204/8
205/8
206/8
207/8
6867
4818
3776
3168
965
0
4977
4184
6445
654
8659
8629
5252
2834
3990
4162
208/8
209/8
210/8
211/8
212/8
213/8
214/8
215/8
216/8
217/8
218/8
219/8
220/8
221/8
222/8
223/8
3297
5124
3622
2355
2731
2776
316
356
6217
2495
1114
948
1273
618
731
0
NANOG 34
124/8
125/8
126/8
0
0
7
80
NANOG 34
81
82
BGP Report
(bgp.potaroo.net)
93000 prefixes
After aggregating by Origin AS
i.e. ignoring each ASNs traffic engineering
83
The excuses
NANOG 34
84
85
NANOG 34
86
NANOG 34
87
NANOG 34
88
NANOG 34
89
NANOG 34
90
NANOG 34
91
NANOG 34
92
Aggregation Potential
(source: bgp.potaroo.net/as4637/)
AS Path
AS Origin
NANOG 34
93
Aggregation
Summary
NANOG 34
94
Receiving Prefixes
NANOG 34
95
Receiving Prefixes
NANOG 34
96
Receiving Prefixes:
From Customers
97
Receiving Prefixes:
From Customers
Example use of whois to check if customer is entitled to
announce address space:
pfs-pc$ whois
inetnum:
netname:
descr:
descr:
descr:
descr:
country:
admin-c:
tech-c:
mnt-by:
changed:
status:
source:
NANOG 34
-h whois.apnic.net 202.12.29.0
202.12.29.0 - 202.12.29.255
APNIC-AP-AU-BNE
APNIC Pty Ltd - Brisbane Offices + Servers
Level 1, 33 Park Rd
PO Box 2131, Milton
Brisbane, QLD.
AU
Portable means its an assignment
HM20-AP
to the customer, the customer can
announce it to you
NO4-AP
APNIC-HM
hm-changed@apnic.net 20030108
ASSIGNED PORTABLE
APNIC
98
Receiving Prefixes:
From Customers
NANOG 34
193.128.0.0/14
PIPEX-BLOCK1
AS1849
routing@uk.uu.net
AS1849-MNT
beny@uk.uu.net 20020321
RIPE
99
Receiving Prefixes:
From Peers
NANOG 34
100
Receiving Prefixes:
From Peers
101
Receiving Prefixes:
From Upstream/Transit Provider
102
Receiving Prefixes:
From Upstream/Transit Provider
If necessary to receive prefixes from any provider,
care is required
dont accept RFC1918 etc prefixes
ftp://ftp.rfc-editor.org/in-notes/rfc3330.txt
103
Receiving Prefixes
NANOG 34
104
Configuration Tips
Of templates, passwords, tricks, and more templates
NANOG 34
105
NANOG 34
106
Next-hop-self
Used by many ISPs on edge routers
Preferable to carrying DMZ /30 addresses in
the IGP
Reduces size of IGP to just core infrastructure
Alternative to using unnumbered interfaces
Helps scale network
BGP speaker announces external network
using local address (loopback) as next-hop
NANOG 34
107
Templates
NANOG 34
108
iBGP Template
Example
iBGP between loopbacks!
So IGP can do intelligent re-route
Next-hop-self
Keep DMZ and external point-to-point out of IGP
109
eBGP Template
Example
BGP damping
Do NOT use it unless you understand why
Use RIPE-229 parameters, or something even weaker
Do NOT use the vendor defaults without thinking
110
eBGP Template
Example continued
Consider using maximum-prefix tracking
Router will warn you if there are sudden increases in
BGP table size, bringing down eBGP if desired
111
112
113
ISP
TTL 254
R1
AS 100
R2
TTL 253
NANOG 34
Attacker
TTL 254
114
115
116
Using Communities
Use communities to:
Scale iBGP management
Ease iBGP management
NANOG 34
117
Summary
NANOG 34
118
<pfs@cisco.com>
NANOG 34
Seattle, 15-17 May 2005
NANOG 34
119