Nowoczesne Sieci IP

Next Generation IP Networks

P i o t r P a c y n a, K T A G H

Aleje Mickiewicza 30, 30-059 Kraków

pacyna@kt.agh.edu.pl
Nowoczesne Sieci IP
Next Generation IP Networks
tel. (012) 617 40 40
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 1

 Traffic engineering
with BGP
Inbound/outbound
traffic control
Piotr Pacyna
Katarzyna Kosek
Szymon Szott

Kraków, April 2006.

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 2

 BGP protocol
BGP advertises network prefixes, detailed path to reach these prefixes and attributes
of the path.

A path is a list of ASs that need to be traversed to reach the network(s).

BGP decision process selects a single path – the best path.

This path is installed in routing table.

Path attributes convey additional information that can be considered by BGP decision
process when selecting the best path.

A path selected by BGP decision process can be advertised to other domains

(depending on policy).

Every AS is autonomous – it has the right to advertise a path to a known remote

network(s), but it should be ready to accept and forward traffic to that network(s).

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 3

 General goal of BGP

• Select the best path* towards destination across several transit

domains

* the best path has a different meaning for diferent ISPs but it often
means the cheapest path (cheapest for the service provider)

• When selecting ‘the best path’ BGP takes into account various
information it has about the path,
• The internal topology of transit domains is usually unknown

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 4

 BGP Update Message

withdrawn attributes prefixes

withdrawn multiproto.
AS Path NextHop MED Loc. Pref. aggregation
Origin multiproto. pref.
info.
pref.

Origin AS Path NextHop

• Prefixes = list of pairs length - prefix , eg. 10.10.1.0 / 24

• atributes = ”AS PATH attributes”
( list of ASs on the path to remote network, and other attributes)
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 5

 Objective of this exercise

The objective of this laboratory exercise is to show exchange of

reachability information between ISPs in multi-provider scenario,
and that the ISPs can manipulate the advertisements to satisfy their
own goals related to traffic engineering.

In the exercise we show that an ISP can influence routing decisions

of his own BGP routers regarding selection of routes leading to
networks in remote domains.

We also show that the ISP can try to influence decisions that other ISPs
make to reach local networks.

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 6

 Outline of the solution
The general idea is to insert auxiliary information into BGP Update
messages.

This information will be propagated with BGP UPDATE and evaluated

by BGP speakers in BGP decision process.

As a result appropriate routes will be installed in routing tables of

BGP speakers. Inter-domain traffic will be routed accordingly.

In the exercise we first change the routes for outbound traffic.

We also try to influence the path over which traffic arrives into our
local domain (inbound traffic).

The exercise is split into two parts.

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 7

 Example of attribute manipulation:
AS PATH pre-pending
AS 65100 AS 65200 AS 65400
eBGP iBGP
net 10.10.1.0 / 24 iBGP eBGP

A B C F
D
net-pref: 10.10.1.0/24
AS path: empty
next-hop: A

net-pref: 10.10.1.0/24
AS path: 65100
next-hop: B

net-pref: 10.10.1.0/24
AS path: 65100 net-pref: 10.10.1.0/24
next-hop: B AS path: 65100, 65200
next-hop: D

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 8

 Part I Outbound traffic

In Part I we influence selection of routes for traffic originated in our

domain (outbound traffic).

method:
Local selection of routes can be impacted by modifying attributes of
BGP UPDATE messages received from neighbouring ASs which
advertise reachability of remote network(s).

AS PATH with modified path attributes is announced into our AS.

As a result local routers select the path that the local ISP prefers
over other path(s).

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 9

 Use of Local Preference attribute
for controlling outbound traffic with RPSL
Import: from AS2 RX at R1 set localpref=300;
from AS2 RX at R2 set localpref=100;
accept AS2
AS 1
Export: to AS2 RX at R1 announce ANY R1 R2
to AS2 RX at R2 announce ANY 155 2

Import: from AS1 R1 at RX set localpref=100;

RX
from AS1 R2 at RX set localpref=200;
AS 2
accept ANY

Export: to AS1 R1 at RX announce AS2

to AS1 R2 at RX announce AS2

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 10

 Example for Local Preference
Example:
In the following figure LocPref is set in AS2
on prefix 10.10.1.0 / 24 received from AS1
and AS3.

It indicates that BGP speakers in AS2

”should prefer” path via AS3 to network
AS3
10.10.1.0 / 24.

AS1 Net 10.10.1.0 ¨24

LocPref 200
Nowoczesne Sieci IP LocPref 70
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005 AS2
Unauthorised copying or use is prohibited 11
 Part I. Local preference
PC
net. Z.
e0=.1
10.10.5.0/24
Pre-configured e2=.3
R23
network topology: e0=.3
e1=.3
10 n
AS 2LocPref . 1 e t.

10. 10.2.0/24
0. D
4.

net. G
0/ LocPref
- zebra is ‘up and running’ =70
24
=200
- interfaces are up e1=.2
e1=.1
R21
net. C.
- networks are configured R22
e0=.2
e0=.1
192.168.3.0/30
e0=.2

0
19 2.16 8.2.0 /3
R12

ne t. B
Need to configure: R11 AS 1
10.10.1.0/24
-R21 and R22 e1=.1
e0=.2
e0=.1
net. A.
R31 192.168.1.0/30 Notice:
e0 = eth0
AS 3 10.10.3.0/24 e1 = eth1
Nowoczesne Sieci IP etc.
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 12

 Check configuration of R31 (1)

Step 1. Check Zebra routing daemon (general config.)

view file: /etc/zebra/zebra.conf

hostname zebra
pasword zebra
interface eth0
bandwidth 100000
log file /var/log/zebra/zebra.log

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 13

 Check configuration of R31 (2)

Step 2. Check if routing daemon is properly configured

in Zebra on R31
view file: /etc/zebra/daemons

zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 14

 Check configuration of R31 (3)
Step 3. Verify if the BGP daemon is properly
configured.
view file: /etc/zebra/bgpd.conf

hostname bgpd
password zebra
enable password zebra
[...]
debug bgp
debug bgp events
debug bgp filters
debug bgp fsm
debug bgp keepalives
debug bgp updates
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 15

 Reachability over BGP

Run traceroute 10.10.3.1 on PC

to check reachability of that network.

Check if the route goes via AS2 over a shorter AS path.

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 16

 Route map – command syntax

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 17

 Route map
– generic example
Use the following example to configure R21 and R22:

router bgp 100

network nn.nn.nn.nn/mm
neighbor aa.bb.cc.dd remote-as nnnn
neighbor aa.bb.cc.dd route-map myRouteMap in
!
route-map myRouteMap permit 10
set local-preference xx
!
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 18

 Changing the router configuration

In order to configure R21 and R22 do one of the following:

1. Edit the bgpd.conf file, add what is needed and restart
zebra

or

2. Telnet to bgpd, configure what is needed and issue the

clear ip bgp * command

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 19

 Configuration of R21
Expected configuration on router R21
hostname bgpd
password zebra
enable password zebra
!
route-map as1-in permit 10
set local-preference 200
router bgp 2
!
neighbor 192.168.3.1 remote-as 1
neighbor 192.168.3.1 description Router12
neighbor 192.168.3.1 route-map as1-in in
neighbor 10.10.4.3 remote-as 2
neighbor 10.10.4.3 next-hop-self
!
log file /var/log/zebra/bgpd.log
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 20

 Configuration of R22
Expected configuration on router R22
hostname bgpd
password zebra
enable password zebra
!
route-map as3-in permit 10
set local-preference 70
router bgp 2
network 192.168.2.0/30
neighbor 192.168.2.1 remote-as 3
neighbor 192.168.2.1 description Router31
neighbor 192.168.2.1 route-map as3-in in
neighbor 10.10.2.3 remote-as 2
neighbor 10.10.2.3 next-hop-self
!
log file /var/log/zebra/bgpd.log
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 21

 Testing routes from PC to R31

Execute traceroute again from PC to 10.10.3.1/24

............
............
............

Note that traffic is routed over AS1

(because of higher local-pref on R21)

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 22

 Part II Inbound traffic

In Part II we will try to change the paths via which traffic

arrives into our ISP domain (inbound traffic).

method: it can be done by modifying attributes of AS Path

messages advertised by our BGP speakers to
neighbouring Autonomous Systems.

By doing this we will try to influence decisions of

neighbouring BGP routers when selecting (and advertising)
best routes to networks located in our AS.

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 23

 Lab. Part II: Insertion of Multiple Exit
Discriminator (MED)
AS 2

MED value is set

on prefixes related to the network
advertised by AS3 in order to ”tell” AS2
MED=100 MED=50 routers that AS3 ’would like’ to receive
traffic directed to this network over the
high bandwidth link.
AS 3
net.
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 24

 Lab. Part II: Insertion of Multiple Exit
Discriminator (MED)
AS 2
MED value is set
on prefix ‘net.’
advertised by AS3
in order to ”tell everybody”
MED=50
that AS3 ’would like’ to
receive traffic for
AS 1 network ‘net.’
MED=100 MED=50
over high bandwidth links

MED=50
AS 3 Note that MED value related to the same
prefix but received in AS2 from different
net. Autonomous Systems
will not be compared !
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 25

 Addressing Plan for the exercise

Pre-configured
network topology:

- zebra is ‘up and running’

- interfaces are up
- networks are configured

Need to configure:
-R31 and R32
Notice:
e0 = eth0
e1 = eth1
Nowoczesne Sieci IP etc.
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 26

 Testing routes from PC to R31
before setting MED
Execute traceroute from PC to 10.10.3.1/24

............
............
............

Note that traffic is routed over link R22-R31

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 27

 Route map
– generic example
Use the following example to configure R31 and R32:

router bgp 100

network nn.nn.nn.nn/mm
neighbor aa.bb.cc.dd remote-as nnnn
neighbor aa.bb.cc.dd route-map myRouteMap out
!
route-map myRouteMap permit 10
set metric xx
!
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 28

 Changing the router configuration

In order to configure R31 and R32 do one of the following:

1. Edit the bgpd.conf file, add what is needed and restart
zebra

or

2. Telnet to bgpd, configure what is needed and (on R22

and R24) issue the clear ip bgp * command

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 29

 Configuration of R31
Expected configuration on router R31
hostname bgpd
password zebra
enable password zebra
!
route-map metricOut permit 10
set metric 100
!
router bgp 3
!
network 10.10.3.0/24
!
neighbor 192.168.2.2 remote-as 2
neighbor 192.168.2.2 description Router22
neighbor 192.168.2.2 route-map metricOut out
!
neighbor 10.10.3.2 remote-as 3
neighbor 10.10.3.2 description Router32
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 30

 Configuration of R32
Expected configuration on router R32
hostname bgpd
password zebra
enable password zebra
!
route-map metricOut permit 10
set metric 70
!
router bgp 3
!
network 10.10.3.0/24
!
neighbor 192.168.4.1 remote-as 2
neighbor 192.168.4.1 description Router24
neighbor 192.168.4.1 route-map metricOut out
neighbor 10.10.3.1 remote-as 3
neighbor 10.10.3.1 description Router31
neighbor 10.10.3.1 next-hop-self
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 31

 Testing routes from PC to R31
after setting MED
Execute traceroute again from PC to 10.10.3.1/24

............
............
............

Note that traffic is routed over link R24-R32

(because of lower value of MED on that link)

Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 32

 BGP Decision Process with MED

AS 2 AS 2
LocPref=70
LocPref
=200
MED=50

AS 1
AS 1 Prefix
MED=100 MED=50

MED=50 AS 3
AS 3

Review question:
a) What path will a router in AS2 select to reach AS3 ?
b) Which is the preferred path in multi-provider scenarios ?
hint: MED values from different service providers are not compared
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 33

 BGP Decision Process

1. Prefer the highest value of LOCAL_PREF

2. Prefer paths locally computed on the router
3. Prefer paths with shortest AS_PATH length
4. Prefer paths of lowest origin code
( IGP < EGP < incomplete )
5. Prefer the lowest value of MULTI_EXIT_DISC
6. Prefer the lowest value of metric to NEX_HOP
rtr
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 34

 General conclusion: Level of control over the route
selection process is different for incoming traffic
and for outgoing traffic.

An ISP can precisely influence local selection of routes

leading to remote destinations (for outbound traffic)

An ISP has limited ability to control choices that other

ISPs make to direct traffic to local networks (inbound
traffic)
Nowoczesne Sieci IP
Next Generation IP Networks
(C) P i o t r P a c y n a, K T A G H, 2001 - 2005

Unauthorised copying or use is prohibited 35