Document Details
Uploaded by ProdigiousQuantum
null
Tags
Full Transcript
JTO PH-II IT VLAN & Configuration 9 BORDER GATEWAY PROTOCOL (BGP 4 ) 9.1 LEARNING OBJECTIVES The objectives of this chapter is to understand vi) Concept of BGP vii) Internal and External Routing...
JTO PH-II IT VLAN & Configuration 9 BORDER GATEWAY PROTOCOL (BGP 4 ) 9.1 LEARNING OBJECTIVES The objectives of this chapter is to understand vi) Concept of BGP vii) Internal and External Routing viii) Autonomous System ix) Working of BGP x) BGP Message header format xi) e-BGP & i-BGP xii) Route Map xiii) BGP Attributes xiv) BGP Filtering and peer groups xv) Confederations & route reflectors 9.2 INTRODUCTION The Border Gateway Protocol (BGP), provides loop-free Interdomain routing between autonomous systems. (An autonomous system [AS] is a set of routers that operate under the same administration.) BGP is often run among the networks of Internet service providers (ISPs). BGP went through different phases and improvements from its earlier version, BGP1, in 1989 to today‘s version , BGP4, deployment of which started in 1993. BGP4 is the first version that handles aggregation (CIDR) and supernetting &allows the announcement of "classless routes" - routes that aren't strictly on "Class A", "Class B", or "Class C" boundaries - but instead can also be "subnets" or "supernets".. BGP imposes no restrictions on the underlying Internet topology. It assumes that routing within an autonomous system is not via an intra-autonomous system routing protocol. BGP constructs a graph of autonomous systems based on the information exchanged between BGP neighbors. This directed graph environment is sometimes referred to as a tree. As far as BGP is concerned, the whole Internet is a graph of ASs, with each AS identified by an AS number. Connections between two ASs together from a path, and the collection of path information forms a route to reach a specific destination. JTO-PH-II IT Version Page 117 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution BGP ensures that loop-free inter-domain routing is maintained. Figure 1 illustrates this general path tree concept. AS2 A A S1 S3 A ASn-1 S4 A A S5 Sn AS_Path Tree Figure 50: Example of AS_Path tree. 9.3 ROUTING: INTERNAL (INTERIOR) AND EXTERNAL Internal routing is the art of getting each router in your network to know how to get to every location (destination) in your network. You can do this simply, with static routes, or in a more complicated but robust way, with active internal routing protocols such as RIP, RIPv2, OSPF, and IS-IS. It's obviously critical that any box inside your network know how to get (directly or indirectly) to any other box inside your network. Before you invite people to send data to your network, you've got to have a running and happy network to take the data. If you default route into one or more providers, external routing isn't something you have in your network. But if you do want to "peer" with someone - or to "multi-home" to multiple providers and have a little bit more control over where your data goes on the Internet, you will be taking at least some external routes into your network and will do so with BGP. 9.4 WHY IS BGP INTERESTING? Well, as mentioned above, it's nice to have routing data for parts of the Internet in your routers. But it is much more useful to tell people outside your network (upstream providers or "peers") about what routes (or portions of the IP address space) you "know how to get to" inside your network. The primary purpose of BGP4 is to advertise routes to other networks ("Autonomous Systems"). JTO-PH-II IT Version Page 118 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.4.1 AUTONOMOUS SYSTEMS An AS, or Autonomous System, is a way of referring to "someone's network". That network could be yours; VSNL, MTNL, MCI's; Sprintlink's; or anyone's. Normally an AS will have someone or ones responsible for it (a point of contact, typically called a NOC, or Network Operations Center) and one or multiple "border routers" (where routers in that AS peer and exchange routes with other ASs), as well as a simple or complicated internal routing scheme so that every router in that AS knows how to get to every other router and destination within that AS. When you "advertise" routes to other entities (ASs), one way of thinking of those route "advertisements" is as "promises" to carry data to the IP space represented in the route being advertised. For example, if you advertise 192.204.4.0/24 (the "Class C" starting at 192.204.4.0 and ending at 192.204.4.255), you promise that if someone sends you data destined for any address in 192.204.4.0/24, you know how to carry that data to its ultimate destination. The cardinal sin of BGP routing is advertising routes that you don't know how to get to. This is called "black-holing" someone - because if you advertise, or promise to carry data to, some part of the IP space that is owned by someone else, and that advertisement is more specific than the one made by the owner of that IP space, all of the data on the Internet destined for the black-holed IP space will flow to your border router. Needless to say, this makes that address space "disconnected from the 'net" for the provider that owns the space, and makes many people unhappy. The second most heinous sin of BGP routing is not having strict enough filters on the routes you advertise. Also, one terminology note: Classless routes are sometimes called "prefixes". When someone talks about a prefix they're talking about a route with a particular starting point and a particular specificity (length). So 207.8.96.0/24 and 207.8.96.0/20 are not the same prefix (route). Every IP address that you can get to on the Internet is reachable because someone, some where, has advertised a route that covers it. 9.5 HOW BGP WORKS? BGP is a path vector protocol used to carry routing information between autonomous systems. The term path vector comes from the fact that BGP routing information carries a sequence of AS numbers, which indicates the path a route has traversed. BGP uses TCP as its transport protocol (port 179). This ensures that all the transport reliability such as retransmission is taken care of by TCP and does not need to be implemented in BGP itself. Two BGP routers form a transport protocol connection between each other. These routers are called neighbors or peers. Figure 2 illustrates this relationship. Peer routers exchange multiple messages to open and confirm the connection parameters, such as the BGP version running between the two peers (for example, version3 for BGP 3 and version 4 for BGP4). In case of any disagreement between the peers, notification errors are sent, and the peer connection does not get established. JTO-PH-II IT Version Page 119 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution Initially all candidate BGP routes are exchanged, as illustrated in figure 3. Incremental updates are sent as network information changes. The incremental update approach has shown an enormous improvement as far as CPU overhead and bandwidth allocation compared with complete periodic updates used by previous protocols, such as EGP. N1 N3 2.2.2.2 1.1.1.1 N2 N4 Establishing a neighboring Establishing a neighboring Session with 1.1.1.1 Session with 2.2.2.2 Figure 51: BGP routers become neighbors. N1 N3 2.2.2.2 1.1.1.1 N2 N4 N3,N4 N N1,N2 N 1 3 N N 2 4 N N 3 1 Figure 52: Exchanging all routing updates. N N 4 2 Routes are advertised between a pair of BGP routers in update messages. The UPDATE message contains, among other things, a list of tuples that indicate the list of destinations reachable via each system. The UPDATE message also contains the path attributes, which include such information as the degree of preference for a particular route. JTO-PH-II IT Version Page 120 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution In case of information changes, such as route being unreachable or having a better path, BGP informs its neighbors by withdrawing invalid routes and injecting new routing information. As illustrated in figure 4, Withdrawn routes are part of the UPDATE message. These are the routes not available for use. Figure 5 illustrates a steady state situation: if no routing change occur, the routers exchange only KEEPALIVE packets. Withdraw N1 N1 N3 2.2.2.2 1.1.1.1 N2 N4 N1 N N2 3 N3 N N4 4 N 1 Figure 53: N1 goes down; partial update sent. N 2 N3 2.2.2.2 1.1.1.1 N2 N4 N N 2 3 N N 3 4 N N 4 54: Steady state; N1 is still down. Figure 2 KEEPALIVE messages are sent periodically between BGP neighbors to ensure that the connection is kept alive. KEEPALIVE packets (19 byte each) should not cause any strain on the router CPU or link bandwidth as they consume a minimal bandwidth (about 2.5 bits/sec for a periodic rate of 60 sec). JTO-PH-II IT Version Page 121 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution BGP keeps a table version number to keep track of the instance of the BGP routing table. If the table changes, BGP will increment the table version. A table version that is incrementing rapidly is usually an indication of instabilities in the network. 9.6 BGP FUNDAMENTALS :BGP MESSAGE HEADER FORMAT The BGP message header format is a 16-byte marker field, followed by a 2-byte length field and a 1-byte type field. Figure 6 illustrates the basic format of the BGP message header. 0 7 15 23 31 Marker Length Type Figure 55: BGP message header format. There may or may not be a data portion following the header, depending on the message type. KEEPALIVE messages, for example, consist of the message header only, with no following data. The marker field is used to either authenticate incoming BGP messages or to detect loss of synchronisation between two BGP peers. The marker field can have two formats: If the type of the message is OPEN or if the OPEN message has no authentication information, the marker field must be all ones. Otherwise, the marker field will be computed based on part of the authentication mechanism used. The length indicates the total BGP message length including the header. The smallest BGP message is no less than 19 bytes (16+2+1) and no grater than 4,096. The type indicates the message type, from the following possibilities: OPEN UPDATE NOTIFICATION KEEPALIVE JTO-PH-II IT Version Page 122 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution Now here we will examine the purpose and format of each of the four message types in more detail. 9.6.1 BGP NEIGHBOR NEGOTIATION One of the basic steps of the BGP protocol is establishing neighbors between BGP peers. Without successful completion of this step, no exchange of updates will ever take effect. Neighbor negotiation is based on the successful completion of a TCP transport connection, the successful processing of the OPEN message, and periodic detection of the KEEPALIVE messages. 9.6.2 OPEN MESSAGE FORMAT Figure 7 illustrates the format of the OPEN message. 0 7 15 23 31 Version My Autonomous System Hold Time BGP Identifier Opt parm Len Optional Parameters OPEN Message Figure 56: OPEN Message format. Version - A 1-byte field that indicate the version of BGP protocol such as BGP3 or BGP4. My autonomous system - A 2-byte field that indicates the AS number of the BGP router. Hold Time - The maximum time in seconds that may elapse between the receipt of successive KEEPALIVE or update messages. BGP indetifier - A 4-byte field that indicates the senders ID (Router ID)which is calculated as the highest IP address on the router or the highest loop back address at BGP session startup. (Loop back address is the representation of the IP address of a virtual software interface that is considered to be up at all times, irrespective of the state of any physical interface.) Optional parameter - This field is represented by triplet. Example - Authentication information parameter JTO-PH-II IT Version Page 123 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.6.3 NOTIFICATION MESSAGE A notification message is always sent whenever an error is detected, after which the peer connection is closed. These are required to determine the specific nature of errors that emerge in the routing protocol. 9.6.4 KEEPALIVE MESSAGE KEEPALIVE messages are periodic messages exchanged between peers to determine whether peers are reachable. a) UPDATE Message and Routing Information Central to the BGP protocol is the concept of routing updates. Routing updates contain all the necessary information that BGP uses to construct a loop free picture of the Internet. The following are basic blocks of an update message: Network Layer Reachability Information (NLRI) Path Attributes Unreachable Routes Figure 8 illustrates these components in the context of an update message format. The NLRI is an indication, in the form of an IP prefix route, of the network being advertised. The path attribute list provides BGP with the capabilities of detecting routing loops and the flexibility to enforce local and global routing policies. Unfeasible Routes Length (2 bytes) Unreachable routes Withdrawn Routes (variable) information Total Path Attribute Length (2 bytes) Path Attribute information Path Attribute (Variable) Length (1byte) Prefix (variable) NLRI information Figure 57: BGP Routing Update JTO-PH-II IT Version Page 124 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.7 EBGP VS IBGP EBGP and IBGP share the same low-level protocol for exchanging routes, and also share some of the algorithms, but EBGP is used to exchange routes between different Autonomous Systems, while IBGP is used to exchange routes between the same Autonomous System. In fact, IBGP is one of the "interior routing protocols" that you can use to do "active routing" inside your network. The major difference between EBGP and IBGP is that EBGP tries like crazy to advertise every BGP route it knows to everyone - you have to put "filters" in place to stop it from doing so. IBGP is actually pretty difficult to get working because it tries like crazy not to redistribute routes - in fact, all IBGP-speakers inside your network have to peer with all other IBGP "speakers" in order to make it work. This is called a "routing mesh" and, as you can imagine, is quite a mess. If you have 20 routers, each router has to peer with every other router. Also, IBGP has major drawbacks as an IGP. The main one is the necessity to "peer up" every set of routers in the network (or in one POP if you're using confederations). Protocols like OSPF and IS-IS just "find" each other over serial and Ethernet interfaces (they're "broadcast" protocols). This can be a pain (you don't want to accidentally merge your IGP with a customer's or peer's) but turning off broadcasting on certain ports is easier than turning on peering sessions between a new router and every other router on your network. Also, IBGP doesn't do as good a job at "convergence" (closing the gap and re- routing around failed network segments) as OSPF and IS-IS. Routers that belong to the same AS and exchange BGP updates are said to be running internal BGP (IBGP), and routers that belong to different ASs and exchange BGP updates are said to be running external BGP (EBGP). Figure 9 shows a network that demonstrates the difference between EBGP and IBGP. Before it exchanges information with an external AS, BGP ensures that networks within the AS are reachable. This is done by a combination of internal BGP peering among routers within the AS and by redistributing BGP routing information to Interior Gateway Protocols (IGPs) that run within the AS, such as Interior Gateway Routing Protocol (IGRP), Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol (RIP), and Open Shortest Path First (OSPF). AS 100 AS 300 RA RD 129.213.1.2 A D 192.208.10.1 EBGP EBGP 129.213.1.1 192.208.10.2 IBGP RB RC B C 175.220.1.2 175.220.212.1 AS 200 JTO-PH-II IT Version Page 125 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution Figure 58: EBGP, IBGP and Multiple ASs BGP uses the Transmission Control Protocol (TCP) as its transport protocol (specifically port 179). Any two routers that have opened a TCP connection to each other for the purpose of exchanging routing information are known as peers or neighbors. In Figure 9, Routers A and B are BGP peers, as are Routers B and C, and Routers C and D. The routing information consists of a series of AS numbers that describe the full path to the destination network. BGP uses this information to construct a loop-free map of ASs. Note that within an AS, BGP peers do not have to be directly connected. BGP peers initially exchange their full BGP routing tables. Thereafter, BGP peers send incremental updates only. BGP peers also exchange keepalive messages (to ensure that the connection is up) and notification messages (in response to errors or special conditions). For routers that run EBGP, neighbors are usually directly connected, and the IP address is usually the IP address of the interface at the other end of the connection. For routers that run IBGP, the IP address can be the IP address of any of the router‘s interfaces. Refer the following about the ASs shown in Figure 9 Routers A and B are running EBGP, and Routers B and C are running IBGP. Note that the EBGP peers are directly connected and that the IBGP peers are not. As long as there is an IGP running that allows the two neighbors to reach one another, IBGP peers do not have to be directly connected. All BGP speakers within an AS must establish a peer relationship with each other. That is, the BGP speakers within an AS must be fully meshed logically. BGP4 provides two techniques that alleviate the requirement for a logical full mesh: confederations and route reflectors. AS 200 is a transit AS for AS 100 and AS 300—that is, AS 200 is used to transfer packets between AS 100 and AS 300. 9.7.1 INTERNAL BGP Internal BGP (IBGP) is the form of BGP that exchanges BGP updates within an AS. Instead of IBGP, the routes learned via EBGP could be redistributed into IGP within the AS and then redistributed again into another AS. However, IBGP is more flexible, provides more efficient ways of controlling the exchange of information within the AS, and presents a consistent view of the AS to external neighbors. For example, IBGP provides ways to control the exit point from an AS. Figure 10 shows a topology that demonstrates IBGP. JTO-PH-II IT Version Page 126 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 180.10.30.1 AS 100 R D IBGP D 190.10.50.1 150.10.30.1 R IBGP R AA BB 170.10.20.1 175.10.40.2 170.10.20.2 175.10.40.1 R R E AS 300 C AS 400 AS 500 170.10.0.0 175.10.0.0 Figure 59: Internal BGP Example When a BGP speaker receives an update from other BGP speakers in its own AS (that is, via IBGP),the receiving BGP speaker uses EBGP to forward the update to external BGP speakers only. This behavior of IBGP is why it is necessary for BGP speakers within an AS to be fully meshed. For example, in Figure 10 if there were no IBGP session between Routers B and D, Router A would send updates from Router B to Router E but not to Router D. If you want Router D to receive updates from Router B, Router B must be configured so that Router D is a BGP peer. 9.7.2 LOOP BACK INTERFACES Loop back interfaces are often used by IBGP peers. The advantage of using loopback interfaces is that they eliminate a dependency that would otherwise occur when you use the IP address of a physical interface to configure BGP. JTO-PH-II IT Version Page 127 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.7.3 EBGP MULTIHOP Usually, the two EBGP speakers are directly connected (for example, over a wide- area network [WAN] connection). Sometimes, however, they cannot be directly connected. In this special case,the neighbor EBGP-multihop router configuration command is used. Multihop is used only for EBGP, but not for IBGP. 9.7.4 SYNCHRONIZATION When an AS provides transit service to other ASs and if there are non-BGP routers in the AS, transit traffic might be dropped if the intermediate non-BGP routers have not learned routes for that traffic via an IGP. The BGP synchronization rule states that if an AS provides transit service to another AS, BGP should not advertise a route until all of the routers within the AS have learned about the route via an IGP. The topology shown in Figure 11 demonstrates the synchronization rule. AS 100 E 150.10.0.0 I I GP R GP E R IBGP R A B B 2.2.2.2 A 2.2.2.1 AS 300 D R C R 170.10.0.0 C D AS 400 175.10.0.0 Figure 60: Synchronization In Figure 11, Router C sends updates about network 170.10.0.0 to Router A. Routers A and B are running IBGP, so Router B receives updates about network 170.10.0.0 via IBGP. If Router B wants to reach network 170.10.0.0, it sends traffic to Router E. If Router A does not redistribute network 170.10.0.0 into an IGP, Router E has no way of knowing that network 170.10.0.0 exists and will drop the packets. If Router B advertises to AS 400 that it can reach 170.10.0.0 before Router E learns about the network via IGP, traffic coming from Router D to Router B with a destination of 170.10.0.0 will flow to Router E and be dropped. This situation is handled by the synchronization rule of BGP, which states that if an AS (such as AS 100 in Figure 11) passes traffic from one AS to another AS, BGP does JTO-PH-II IT Version Page 128 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution not advertise a route before all routers within the AS (in this case, AS 100) have learned about the route via an IGP. In this case, Router B waits to hear about network 170.10.0.0 via an IGP before it sends an update to Router D. In some cases, you might want to disable synchronization. Disabling synchronization allows BGP to converge more quickly, but it might result in dropped transit packets. You can disable synchronization if one of the following conditions is true: Your AS does not pass traffic from one AS to another AS. All the transit routers in your AS run BGP. 9.8 BGP AND ROUTE MAPS Route maps are used with BGP to control and modify routing information and to define the conditions by which routes are redistributed between routing domains. The format of a route map is as follows: route-map map-tag [[permit | deny] | [ sequence-number]] The map tag is a name that identifies the route map, and the sequence number indicates the position that an instance of the route map is to have in relation to other instances of the same route map. 9.8.1 ADVERTISING NETWORKS A network that resides within an AS is said to originate from that network. To inform other Ass about its networks, the AS advertises them. BGP provides three ways for an AS to advertise the networks that it originates: Redistributing Static Routes Redistributing Dynamic Routes Using the network Command BGP Decision Algorithm When a BGP speaker receives updates from multiple ASs that describe different paths to the same destination, it must choose the single best path for reaching that destination. Once chosen, BGP propagates the best path to its neighbors. The decision making process is based on the value of following attributes: AS path Attribute Origin Attribute Next Hop Attribute Weight Attribute Local Preference Attribute Multi-Exit Discriminator Attribute Community Attribute JTO-PH-II IT Version Page 129 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.9 BGP ATTRIBUTE DETAILS Value Code Possible Values ---- ----------------------------------------------------- --------------------------------------------- 1 ORIGIN 0 (IGP); 1 (EGP); 2 (Incomplete) This attribute specifies the origin of a route. Straightforward except that "Incomplete" means that the route got into BGP by redistribution from an IGP. 2 AS_PATH 0 - N, 2-byte values A list of the ASNs of all ASs the route has traversed. 3 NEXT_HOP IP Address The most critical attribute; where to send data destined for this route. 4 MULTI_EXIT_DISC 0-2^32 A weight; designed to go outside and inside of an ASN. 5 LOCAL_PREF 0-2^32 A weight; not designed to go outside of an ASN. 6 ATOMIC_AGGREGATE TRUE/FALSE: If present, true; otherwise, false. Present if this route was not the most specific one known by the advertiser. 7 AGGREGATOR {ASN,Ip address} pair. Data to indicate who formed the route if the route is an aggregate of smaller routes. 8 COMMUNITY 0 - N, 4-byte values ("communities") 9 ORIGINATOR_ID Used for BGP Route Reflection 10 CLUSTER_LIST Used for BGP Route Reflection 9.9.1 AS-PATHS Every time a route is advertised via BGP, it is "stamped" with the ASN of the router doing the advertising. As a route moves from Autonomous System to Autonomous System (network to network), it builds up an "AS-PATH". Each route starts out with a "null AS- JTO-PH-II IT Version Page 130 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution PATH", represented by the regular expression "^$". The AS-PATH is useful for a number of reasons: It provides a "diagnostic trace" of routing on the Internet. If you have "full routes" in one of your routers, or have "query access" to a router that does (such as telnet://route-server.cerf.net), you can find the route that encompasses a particular IP address and see which ASNs have advertised it. If you do some poking around, you can even see how a provider is actually connected. It is one of a number of metrics that determines how routes "heard" via BGP are inserted into the actual IP routing table. It is something that allows you to do "policy routing" of sorts - basically, you use the AS-PATH to filter routes. Why would you want to do this? 9.9.2 BGP PATH SELECTION PROCESS BGP selects only one path as the best path. When the path is selected, BGP puts the selected path in its routing table and propagates the path to its neighbors. BGP uses the following criteria, in the order presented, to select a path for a destination: 1. If the path specifies a next hop that is inaccessible, drop the update. 2. Prefer the path with the largest weight. 3. If the weights are the same, prefer the path with the largest local preference. 4. If the local preferences are the same, prefer the path that was locally originated (by BGP running on this router). 5. If no route was originated, prefer the route that has the shortest AS_path. 6. If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than Incomplete). 7. If the origin codes are the same, prefer the path with the lowest MED attribute. 8. If the paths have the same MED, prefer the external path over the internal path. 9. If the paths are still the same, prefer the path through the closest IGP neighbor. 10. Prefer the path with the lowest IP address, as specified by the BGP router ID." 9.9.3 CONTROLLING THE FLOW OF BGP UPDATES For controlling the flow of BGP updates, the techniques include the following: Administrative Distance BGP Filtering BGP Peer Groups CIDR and Aggregate Addresses Confederations Route Reflectors Route Flap Dampening JTO-PH-II IT Version Page 131 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution 9.9.4 ADMINISTRATIVE DISTANCE Administrative distance is used to discriminate between routes learned from more than one protocol The route with the lowest administrative distance is installed in the IP routing table 9.9.5 BGP DEFAULT DISTANCES Distance Default value Function External 20 Applied to routes learned from EBGP Internal 200 Applied to routes learned from IBGP Local 200 Applied to routes originated by the router Distance does not influence the BGP path selection algorithm, but it does influence whether BGP learned routes are installed in the IP routing table. 9.10 BGP FILTERING We can control the sending and receiving of updates by using the following filtering methods: Prefix Filtering AS_path Filtering Route Map Filtering Community Filtering 9.11 BGP PEER GROUPS A BGP peer group is a group of BGP neighbors that share the same update policies. Update policies are usually set by route maps, distribution lists, and filter lists. Instead of defining the same policies for each individual neighbor, you define a peer group name and assign policies to the peer group. Members of a peer group inherit all of the configuration options of the peer group. Peer group members can also be configured to override configuration options if the options do not affect outgoing updates. That is, you can only override options that are set for incoming updates. 9.11.1 CIDR AND AGGREGATE ADDRESSES BGP4 supports classless interdomain routing (CIDR), which is a major improvement over BGP3. (CIDR is also known as supernetting.) CIDR is a new way of looking at IP addresses that eliminates the concept of classes (Class A, Class B, and so on). For example, network 192.213.0.0, which is an illegal Class C network number, is a legal supernet when it is represented in CIDR notation as 192.213.0.0/16. The /16 indicates that the subnet mask consists of 16 bits (counting from the left).Therefore, 192.213.0.0/16 is similar to 192.213.0.0 255.255.0.0.CIDR makes it easy to aggregate JTO-PH-II IT Version Page 132 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution routes. Aggregation is the process of combining several different routes in such a way that a single route can be advertised, which minimizes the size of routing tables. A router cannot aggregate an address if it does not have a more specific route of that address in the BGP routing table. The more specific route can be injected in the BGP routing table by incoming updates from other ASs, can be redistributed from an IGP, or can be established by the network router configuration command. 9.12 CONFEDERATIONS A confederation is a technique for reducing the IBGP mesh inside the AS. WE use Confederations reduce the number of peers within the AS. Confederations to divide the AS into multiple mini-ASs and assign the mini-ASs to a confederation. Each mini-AS is fully meshed, and IBGP is run among its members. Each mini-AS has a connection to the other mini-ASs within the confederation. Even though the mini-ASs have EBGP peers to ASs within the confederation, they exchange routing updates as if they were using IBGP—that is, the next hop, MED, and local preference information is preserved. To the outside world, the confederation looks like a single AS. 9.13 ROUTE REFLECTORS Route reflectors are another solution for the explosion of IBGP peering within an AS. As described earlier in the section ―Synchronization,‖ a BGP speaker does not advertise a route learned from another IBGP speaker to a third IBGP speaker. Route reflectors ease this limitation and allow a router to advertise (reflect) IBGP-learned routes to other IBGP speakers, thereby reducing the number of IBGP peers within an AS. 9.14 ROUTE FLAP DAMPENING Route flap dampening is a mechanism for minimizing the instability caused by route flapping. The following terms are used to describe route flap dampening: Penalty—A numeric value that is assigned to a route when it flaps. Half-life time—A configurable numeric value that describes the time required to reduce the penalty by one half. Suppress limit—A numeric value that is compared with the penalty. If the penalty is greater than the suppress limit, the route is suppressed. Suppressed—A route that is not advertised even though it is up. A route is suppressed if the penalty is more than the suppressed limit. Reuse limit—A configurable numeric value that is compared with the penalty. If the penalty is less than the reuse limit, a suppressed route that is up will no longer be suppressed. History entry—An entry that is used to store flap information about a route that is down. A route that is flapping receives a penalty of 1000 for each flap. When the accumulated penalty reaches a configurable limit, BGP suppresses advertisement of the JTO-PH-II IT Version Page 133 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution route even if the route is up. The accumulated penalty is decremented by the half-life time. When the accumulated penalty is less than the reuse limit, the route is advertised again (if it is still up). Dampening is not applied to routes that are learned via IBGP. This restriction avoids forwarding loops and prevents IBGP peers from having a higher penalty for routes that are external to the AS. 9.14.1 WHAT IS ROUTE FLAP AND WHY IT IS BAD? When you "assert" a route - saying "I know how to get to 192.204.4.0/24" based on some internal knowledge that you actually do know how to get to 192.204.4.0/0, the natural (and previously-though-to-be-correct-thing-to-do) is to "withdraw" that assertion if you in fact no longer know how to get to 192.204.4.0. But look at what happens when you withdraw that assertion. Your provider(s) must then also withdraw that assertion. And then their provider(s) and peer(s) must do the same. All in all, thousands of routers around the world now have to look at that route and decide if they have a next-best path in their BGP (or other routing) table, and insert it as the current best path in their IP routing table. This consumes many CPU-seconds on routers that are sometimes very busy. In fact, it was consuming so much CPU time a few years ago that Sean Doran of Sprintlink said "this must stop" and a few people came up with an idea (which Cisco implemented in record time) to "damp"(en) the "route flap"s. What this means in practice today is that if your routes flap more than one or two complete up-down-up cycles, you will be dampened by many providers for at least an hour or so. So even if you're only "single-homed", you will be dampened if your provider withdraws your routes every time your link flips up and down a few times. 9.15 INTERNET CONNECTIVITY WITHOUT BGP Let's review what happens when we are connected to the Internet without speaking BGP to upstream provider. We can create a default route towards upstream provider, and all non- local packets go out the interface specified by the route; and upstream provider probably put static routes towards us on their side, and redistributes those static routes into their IGP, and then probably redistributes their IGP into BGP - unless all of their BGP is done statically. Basically, if we have any address space "inside" of upstream provider's larger "netblock" or "aggregate", we won't be advertised to the outside world specifically - upstream provider will just advertise their larger block. If we have any other networks (an old Class C; customers with address space; etc...) upstream provider will just statically announce those routes to the world and statically route them inside their network to our leased-line/ router interface(s). With BGP, upstream provider gives us all of the routes they have (the easy part), and listens to our route announcements and then redistributes some or all of those to their peers and customers. The net difference is "just" that they may start advertising a more JTO-PH-II IT Version Page 134 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution specific route (no mean task in a complicated network designed, as most networks are, to prevent the accidental "leaking" of more specific routes) or that the routes that they normally advertise for us under just their ASN will now have our ASN attached as well. 9.16 BGP AND THE SINGLE HOMED If you've only got one upstream provider, why speak BGP to them? Well, you could say "practice", but in general, no upstream provider's going to waste their time configuring BGP with you (since it generally involves a fair amount of behind-the-scenes work on their part) unless you have a good reason. And you don't really need "full routes" if you're single-homed. Since every packet destined for the Internet (as opposed to your internal network ) is going to go out the same router interface, it doesn't matter whether it's via one default route or via searching a list of 45,000 or more routes heard via BGP. The only really valid reason is that you want to be able to have more control in advertising your routes. Of course, you'll have to argue around the flap argument even if you have your own provider-independent address space (if you're singly- connected to the 'net, why bother all of the routers in the world by telling them whether you're reachable or not currently) and the routing-table space argument (if you're in your provider's IP space or "aggregate announcement"), why pollute the routing tables with an extra few routes by announcing your routes more specifically? The ISPs have to answers to these questions and decide routing policies accordingly. If you do want to configure BGP and are single-homed, follow the instructions on how to announce your networks (routes), and either filter all incoming routes - or accept them if you feel you really want to. 9.17 MULTI HOMING AND LOAD BALANCING Generally, the goal of multi-homing is to use both connections in a same manner and "load-balance" them somehow. Ideally, you'd like roughly half the traffic to go in and out of each connection. You'd also like "fail-over" routing, where if one connection goes down the other one keeps you connected to the Internet. In an ideal network, you'd be able to have any one of your connections to the 'net go down and still maintain connectivity and speed. We'll talk a bit about how you load-balance incoming and outgoing traffic to and from your network. Incoming traffic is controlled by how you announce your routes to the world (packets will flow into your network because someone out there heard and is using a route announcement). Outgoing traffic is controlled by the routes that you allow to flow into your border router(s) - and is thus much easier to control and tune. 9.18 CONCLUSION Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it JTO-PH-II IT Version Page 135 of 136 For Restricted Circulation OSPF Configuration – Normal/ Stub/ Totally Stub/ NSSA & RIP Redistribution makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator. Border Gateway Protocol (BGP) is the postal service of the Internet. When someone drops a letter into a mailbox, the postal service processes that piece of mail and chooses a fast, efficient route to deliver that letter to its recipient. Similarly, when someone submits data across the Internet, BGP is responsible for looking at all of the available paths that data could travel and picking the best route, which usually means hopping between autonomous systems. BGP is used for routing within an autonomous system is called Interior Border Gateway Protocol, Internal BGP (iBGP). In contrast, the Internet application of the protocol is called Exterior Border Gateway Protocol, External BGP (eBGP). JTO-PH-II IT Version Page 136 of 136 For Restricted Circulation