Академический Документы
Профессиональный Документы
Культура Документы
Routing/Forwarding basics Building blocks Exercises BGP protocol basics Exercises BGP path attributes Best path computation Exercises
Routing/Forwarding Basics
R1
R2 10/8 -> R3 10.1/16 -> R4 20/8 -> R5 30/8 -> R6 .. R2s IP routing table
R4 10.1/16
R1
R1
R1
R4 10.1/16
Match as well!
R1
Forwarding
Uses the routing table built by routing protocols Performs the lookup to find next-hop and outgoing interface Switches the packet with new encapsulation as per the outgoing interface
Building Blocks
Autonomous System (AS) Types of Routes IGP/EGP DMZ Policy Egress Ingress
Autonomous System(AS)...
Identified by AS number Public & Private AS numbers Examples:
Service provider Multi-homed customers Anyone needing policy discrimination
Collection of networks with same policy Single routing protocol Usually under single administrative control IGP to provide internal connectivity
Egress Traffic
Packets exiting the network Based on
Route availability (what others send you) Route acceptance (what you accept from others) Policy and tuning (what you do with routes from others) Peering and transit agreements
AS 1
accept announce
ingress
announce
Routing flow
accept
AS2
packet flow
Ingress Traffic
Packets entering your network Ingress traffic depends on:
What information you send and to who Based on your addressing and ASes Based on others policy (what they accept from you and what they do with it)
Types of Routes
Static Routes
configured manually
Connected Routes
created automatically when an interface is up
Interior Routes
Routes within an AS
Exterior Routes
Routes exterior to AS
What Is an EGP?
Exterior Gateway Protocol Used to convey routing information between ASes De-coupled from the IGP Current EGP is BGP4
AS 100
B
DMZ Network
D
AS 101
BGP4/Static Customers
AS 102
Addressing - ISP
Need to reserve address space for its network. Need to allocate address blocks to its customers. Need to take growth into consideration Upstream link address is allocated by upstream provider
BGP Basics
Terminology Protocol Basics Messages General Operation Peering relationships (EBGP/IBGP) Originating routes
Terminology
Neighbor
Configured BGP peer
Protocol Basics
Peering
A C
NLRI/Prefix
NLRI - network layer reachability information Reachability information for a IP address & mask
AS 100
AS 101
D
Router-ID
Highest IP address configured on the router
Route/Path
NLRI advertised by a neighbor
AS 102
BGP Peers
A C
AS 101
220.220.16.0/24
BGP speakers are called peers Peers in different ASs are called External Peers
eBGP TCP/IP Peer Connection
AS 102
220.220.32.0/24
BGP Peers
A C
BGP Peers
A C
AS 100
220.220.8.0/24
AS 101
220.220.16.0/24
AS 100
220.220.8.0/24
AS 101
220.220.16.0/24
BGP speakers are called peers Peers in the same AS are called Internal Peers
iBGP TCP/IP Peer Connection
AS 102
220.220.32.0/24
BGP Peers exchange Update messages containing Network Layer Reachability Information (NLRI)
BGP Update Messages
AS 102
220.220.32.0/24
AS 101
C
.2
AS 101
iBGP TCP Connection .1
222.222.10.0/30
220.220.8.0/24
.1
.2
.1
220.220.16.0/24
.2
220.220.8.0/24
.2
.1
.2
220.220.16.0/24
.1
interface Serial 1 ip address 220.220.16.2 255.255.255.252 interface Serial 0 ip address 222.222.10.2 255.255.255.252 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101 remoteinterface Serial 0 ip address 222.222.10.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 222.222.10.2 remote-as 100 remoterouter bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.1 remote-as 101 remote-
interface Serial 1 ip address 222.220.16.1 255.255.255.252 router bgp 101 network 220.220.16.0 mask 255.255.255.0 neighbor 220.220.16.2 remote-as 101 remote-
BGP Peering sessions are established using the BGP neighbor configuration command
External (eBGP) is configured when AS numbers are different
BGP Peering sessions are established using the BGP neighbor configuration command
External (eBGP) is configured when AS numbers are different Internal (iBGP) is configured when AS numbers are same
AS 100
215.10.7.2
215.10.7.3
Each iBGP speaker must peer with every other iBGP speaker in the AS
AS 100
215.10.7.2
AS 100
215.10.7.2
215.10.7.3
215.10.7.3
interface loopback 0 ip address 215.10.7.2 255.255.255.255 router bgp 100 network 220.220.5.0 neighbor 215.10.7.1 neighbor 215.10.7.1 neighbor 215.10.7.3 neighbor 215.10.7.3
remote-as 100 updateupdate -source loopback0 remote-as 100 updateupdate -source loopback0
remote-as 100 updateupdate -source loopback0 remote-as 100 updateupdate -source loopback0
AS 100
215.10.7.2
215.10.7.3
remote-as 100 updateupdate -source loopback0 remote-as 100 updateupdate -source loopback0
AS-Path Attribute
Sequence of ASes a route has traversed Loop detection Apply policy AS 300
AS 200
170.10.0.0/16
AS 100
180.10.0.0/16
AS 400
150.10.0.0/16 Network 180.10.0.0/16 170.10.0.0/16 150.10.0.0/16 Path 300 200 100 300 200 300 400
AS 500
140.10.0.0/16
.2
140.10.0.0/16 D E
.1
Path 100
.1
.2
.1
AS 100
160.10.0.0/16
Next hop to reach a network Usually a local network is the next hop in eBGP session
Next hop to reach a network 100 160.10.0.0/16 192.10.1.1 200 Usually a local network is the next hop in eBGP session Next Hop updated between eBGP Peers
Path 200
AS 100
160.10.0.0/16
.1
.2
.1
IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physical topology Allows IGP to make intelligent forwarding decision
AS 100
160.10.0.0/16
Connectivity lost
192.192.25.0/24
Network Next-Hop Path 150.10.0.0/16 192.168.10.2 321 200 192.192.25.0/24 192.168.10.2 321
router bgp 100 network 160.10.0.0 255.255.0.0 aggregate-address 160.10.0.0 255.255.0.0 summary-only no auto-summary
Route Table
BGP network commands are normally used to populate the BGP RIB with routes from the Route Table
Route Table
BGP aggregate-address commands may be used to install summary routes in the BGP RIB
OUT Process
Update
Update
router bgp 100 network 160.10.0.0 255.255.0.0 redistribute static route-map foo no auto-summary
D D D R S 10.1.2.0/24 160.10.1.0/24 160.10.3.0/24 153.22.0.0/16 192.1.1.0/24
Network 173.21.0.0/16
Next-Hop 192.20.2.1
Path 100
Route Table
BGP redistribute commands can also be used to populate the BGP RIB with routes from the Route Table
BGP in process
receives path information from peers results of BGP path selection placed in the BGP table best path flagged (denoted by >)
OUT Process
Update
Update
D D D R S B
Route Table
UPDATE
To exchange routing information
KEEPALIVE
To maintain peering session
NOTIFICATION
To report errors (results in session reset)
AS 100
B
AS 101
BGP peer within the same AS Not required to be directly connected Maintain full IBGP mesh or use Route Reflection
An Example
A AS200 F B C
35.0.0.0/8 AS3561
Configuration commands
AS21
Show commands
D AS101 E AS675
Originating routes...
Using network command or redistribution
network <ipaddress> redistribute <protocol name>
10
Update message
BGP4 continued...
AS-PATH
Updated by the sending router with its AS number
Origin AS-path Next-hop Multi-Exit Discriminator (MED) Local preference BGP Community Others...
Contains the list of AS numbers the update traverses. Used to detect routing loops
Each time the router receives an update, if it finds its AS number, it discards the update
11
AS-Path
AS 200
170.10.0.0/16
Next-Hop
150.10.1.1 150.10.1.2
AS 100
180.10.0.0/16
AS 200
150.10.0.0/16 A B
AS 300
AS 100 AS 500
180.10.0.0/16 300 200 100 170.10.0.0/16 300 200 150.10.0.0/16 300 400
160.10.0.0/16
Next hop router to reach a network Advertising router/Third party in EBGP Unmodified in IBGP
Cisco Systems Confidential
0799_04F7_c2
20
Next Hop...
C
150.1.1.1 peering 150.1.1.2 150.1.1.3
B
192.68.1.0/24
IGP should carry route to next hops Recursive route look-up Unlinks BGP from actual physical topology Allows IGP to make intelligent forwarding decision
AS 201
Local Preference
Not for EBGP, mandatory for IBGP Default value is 100 on Ciscos Local to an AS Used to prefer one exit over another Path with highest local preference wins
AS 200
Local Preference
AS 100
160.10.0.0/16
AS 300
D
500 800
A
160.10.0.0/16 500 > 160.10.0.0/16 800
AS 400
C
12
Multi-Exit Discriminator
Non-transitive
Represented as a numeric value (0-0xffffffff) Used to convey the relative preference of entry points Comparable if paths are from the same AS Path with lower MED wins IGP metric can be conveyed as MED
C
preferred
192.68.1.0/24 2000 192.68.1.0/24 1000
B
192.68.1.0/24
AS 201
Origin
Conveys the origin of the prefix Three values:
IGP - Generated using network statement
ex: network 35.0.0.0
Communities
Transitive, Non-mandatory Represented as a numeric value (0-0xffffffff) Used to group destinations Each destination could be member of multiple communities Flexibility to scope a set of prefixes within or across AS for applying policy
Community...
Synchronization
1880
C OSPF
35/8 209
D
D
Community Local Preference 201:110 110 201:120 120 Community:201:120
690
Community:201:110
B
192.68.1.0/24
C not running BGP (non-pervasive BGP) A wont advertise 35/8 to D until the IGP is in sync Turn synchronization off!
Run pervasive BGP router bgp 1880
no sync
Customer AS 201
13
Lowest origin
IGP < EGP < INCOMPLETE
Largest weight
Local to the router
Lowest MED
between paths from same AS
Closest next-hop
Lower IGP metric, closer exit from as AS
Locally sourced
Via redistribute or network statement
AS 300
ISP advertises the stub network to Internet Policy confined within ISP policy
AS 400
AS 400s Policy to reach AS100 AS 200 preferred path AS 300 backup
Stub AS Multi-homed AS
B A
AS 101
Provider
Only border routers speak BGP IBGP only between border routers Exterior routes must be redistributed in a controlled fashion into IGP or use defaults
Customer
AS 100
14
AS 300
A B C D
provider
IBGP used to carry exterior routes IGP keeps track of topology Full IBGP mesh is required
AS 200
customer
Routing Policy
AS 200
Why?
To steer traffic through preferred paths Inbound/Outbound prefix filtering To enforce Customer-ISP agreements
AS 300
D
provider
E
How ?
AS based route filtering - filter list Prefix based route filtering - distribute list BGP attribute modification - route maps
AS 400
15
Route Maps
router bgp 300 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 route-map SETCOMMUNITY out ! route-map SETCOMMUNITY permit 10 match ip address 1 match community 1 set community 300:100 ! access-list 1 permit 35.0.0.0 ip community-list 1 permit 100:200
ip as-path access-list 1 permit 3561 ip as-path access-list 2 deny 35 ip as-path access-list 2 permit .* router bgp 100 neighbor 171.69.233.33 remote-as 33 neighbor 171.69.233.33 filter-list 1 in neighbor 171.69.233.33 filter-list 2 out
Match Clauses
Set Clauses
AS-path prepend Community Local-Preference MED Origin Weight Others...
ISP2
C21
ethH
C22
ethH
ISP3
Inbound route-map to set community
neighbor <x.x.x.x> route-map AS100_IN in ! route-map AS100_IN permit 10 set community 100:200
eth H
C31
C32
eth H
A
AS100
Loopback 0 20.200.0.1
Loopback 0 10.200.0.2
AS200
16
Redundancy - Multi-homing
Reliable connection to Internet 3 common cases of multi-homing:
- default from all providers - customer + default routes from all - full routes from all
A 100 200
Provider AS 200
D E
Provider AS 300
AS 400
C
Provider AS 200
D E
Provider AS 300
AS 400
C
17
AS 200
D E
AS 300
AS 400
C
18