Pages

Tuesday, August 5, 2014

BGP Notes

BGP Overview
============
Open Standards based
-RFC 4271 “ A border gateway protocol 4 (BGP-4)”
Classless path vector routing protocol
-uses multiple “attributes” for routing decision
-supports VLSM and summarization
-Extensible
 IPV4 Multicast, IPv6, MPLS, etc.

BGP ASNs
=============
Autonomous Systems (AS)
-a set of routers under a single technical administration, using an interior gateway protocol(IGP) and common metrics to determine how to route packets within the AS, and using an inter-AS routing protocol to determine how to route packets to other Ases.
ASNs are allocated by Internet assigned number authority (IANA)
Generally, BGP relies on ospf, ISIS, Eigrp to advertise routing within AS.

BGP ASN Values
================
Originally 2 byte field
-value 0-65535
-public  ASNs 1-64511
-private ASNs 64512-65535

Now 2 byte is already occupied so we come up with 4 byte AS

Currently 4-byte field
-BGP support for four-octet AS number space

4-Byte BGP ASN
==============
0.0   – 65535.65535 notation
-0.[0-65535] denote original 2 byte ASNs
Requires backwards compatibility with old code.
-4 byte ASN support negotiated during capability exchange
-old bgp speakers are sent ASdot numbers encoded as ASN “23456”
-real AS-Path encoded with optional transitive  attributes AS4_AGGREGATOR and AS4_PATH

Establishing BGP Peerings
=====================
Like IGP, the first step in BGP is to find neighbors to exchange information with
Unlike IGP..
-BGP does not have its own transport
-BGP has different types of neighbors
-BGP neighbors are not discovered
-BGP neighbors do not have to be connected
Since we have a TCP used as a L4 protocol(logical) for the establishment, hence neighbors in case of IBGP need not to be directly connected.

BGP Transport
================
BGP uses TCP port 179 for transport
-Implies that BGP needs IGP first
BGP neighbor statements tells process to
-listen for remote address via TCP 179
-initiate a session to remote address via TCP 179
-If collision, higher router-id becomes TCP client
Note: if you want to use BGP only then there should be a physical connection between all routers ie full mesh which has again routing issues. Hence we use IGP within IBGP for route recursion process to BGP next hop value.

BGP Peering Types
===============
External BGP (EBGP ) peers
-neighbors outside my AS
Internal BGP(iBGP) Peers
-neighbors inside my AS
Update and pacth selection rules change depending on what type of peer a route is being sent to/received from

BGP Peering Rules
===========
EBGP packets default to TTL 1
-Can be modified if neighbors are multiple hops away
.neighbor ebgp-multihop [ttl]
.neighbor ttl-security hops [ttl]
Nom multi-hop peers must be directly connected by default
-can be modified if connected neighbors peer via Loopbacks
.neighbor disable –connected-check

Loop prevention via AS-PATH
-Local ASN is prepended to outbound updates
-Inbound updates containing local ASN are discarded
-can be modified with neighbor allows-in

Next-hop processing
-outbound EBGP updates have local update-source for neighbor set as next-hop
Eg. If update-source is Loopback0, next –hop is loopback0
-Can be modified with route-map action set ip next-hop but typically shouldn’t
.eg third-party next-hop

Note: control plane = session = routing update
Data plane = data forwarding = actual data flow.
IBGP packets default to TTL 255
-implies neighbors do not have to be connected as long as IGP reachability exists
Loop prevention via route filtering
-iBGP learned routes cannot be advertised on to another IBGP neighbor
-Implies need for either..
.fully meshed iBGP peerings
.router reflection
.confederation

Next-hop Processing
===================
-Outbound iBGP updates do not modify the next-hop attribute regardless of IBGP peer type
.iBGP peer
.Route reflector’s client peer
.Route Reflector’s non-client peer
.Confederation EBGP peer
-Can be modified with neighbor next-hop-self on route-map action set ip next-hop
Note : in case of BGp control and data plane are disconnected which gives us a flexibility to route outbound traffic based on route-map.

BGP Transport
==============
TCP server must agree on where client’s session is coming from
-if server does not expect session it will refuse
Client’s packet is sourced from outgoing interface in the routing table.
-can be modified with update-source per neighbor

iBGP Route reflection
======================
Eliminates need of full mesh
-only need peering(s) to the RR(s)
Like OSPF DR & IS-IS DIS, minimizes prefix replication
-send one update to the RR
-RR sens the update to its “clients”
Loop prevention through Cluster-ID
-RR discards routed received with its own cluster-id
-does not modify other attributes such as next-hop

Route reflector Peerings
===================
Route reflector can have three types of peers
-EBGP peers
.neighbors in differnet AS
-Client peers
.IBGP peers with route-reflector-client
-Non-client  peers
.IBGP peers without route-reflector-client

Route Reflector Update Processing
======================
RR processes update differently depending on what type of peer they came from
-EBGP learned routes
.can be advertised to EBGP peers, clients, & Non clients
-client learned routes
.can be advertised to EBGP peers, clients, & non clients
-Non-cleient learned routes
.can be advertised to EBGP peers and clients
RR placement based upon these rules

Large Scale Route Reflection
=========================
Larger scale BGP designs cannot be serviced by only a single RR
-single RR is a single point of failure
RR “clusters” allow redundancy and hierarchy
-cluster is defined by the clients a RR servers
-RRs in the same cluster use the same cluster-ID

Inter-Cluster peerings between RRs can be client or non-client peerings
-depends on redundancy design

BGP Confederation
+=================
Reduces full mesh IBGP requirement by splitting AS into smaller Sub-Ases
-inside Sub-AS full mesh or RR requirement remains
-between sub-AS acts like EBGP
Devices outside the confederation do not know about the internal structure
-Sub-AS numbers are stripped from advertisements to “true” EBGP peers
Typically uses ASNs in private range (64512-65635)

BGP Confederation Configuration
=====================
Enable the BGP process
-router bgp [sub-as]
Specify the main AS number
-bgp confederation-id [main-as]
Specify other Sub-Ases that you peer with
-bgp confederation-peers [sub-as1 sub-asn]
-Not all sub-Ases, just those directly peered with

BGP NLRI Advertisement
====================
BGP NLRI can be originated by
-network statement
.requires exact match in the routing table first
-redistribute statement
.won’t include OSPF External by default
-aggregate-address statement
.requires one subnet in BGP table first
-bgp inject-map statement
.opposite of aggregation

BGP Network Statement
=====================
Originates prefixes with ORIGIN of iGP(i)
Requires exact match in the routing table
-Does not have to be a connected prefix, can be learned via IGP
Without mask keyword  assumes classful mask

BGP redistribute statement
=======================
Originates prefixes with ORIGIN of INCOMPLETE (?)
Originates classfull summary if auto-summary is enabled
Automatically copies IGP metric to BGP MED
Won’t include OSPF external by default
-redistribute ospf [pid] match internal external

BGP Aggregation
=================
Can be applied at any point in the network as long as one subnet is in the bGP table
Configured as aggregate-address [network] [mask] [args]
Arguments are ..
-summary-only
-suppress-map
-attribute-map | route-map
-as-set
-advertise-map

BGP conditional Route Injection
======================
Originates subnest(s) from aggregate for purpose of longest match traffic engineering
Configured as bgp inject-map inject-map exist-map exist-map [copy-attributes]
-Inject Map
.subnet to be advertised
.set ip address prefix-list [list]
-Exist Map
.Aggreate to be originated from
.match ip address prefix-list [list]
.match ip route-source prefix-list [list]

BGP Best Path Selection
===================
Chooses which routes can be
-installed in the RIB/FIB
-Advertised to the other BGP peers

Best path selection prerequisites
============================
Nexthop value must be in the routing table
-prevents route-recursion failure
Synchronization rule must be met or disabled
-Legacy black-hole prevention technique
AS-Path must not contain local-AS
-Normal EBGP loop prevention
First ASN in path must be neighbor’s ASN
-bgp enforce-first-as command

Best path Selection Order
====================
Weight
Local Preference
Locally Originated
AS-Path
Origin
MED
EBGP over IBGP (This is different form the AD)
IGP metric to Next-hop
Tie breakers
-Oldest
-Lowest RID
-Shortest cluster list
-Lowest neighbor address

Manipulating Best path selection
==========================
Outbound routing policy affects inbound traffic
Inbound routing policy affects outbound traffic
Weight and local pref
-set inbound
-affects outbound traffic
AS-path and MED
-set outbound
-affects inbound traffic

Best Path Selection Exception
=========================
AS-Path
-bgp bestpath as-path ignore
MED
-bgp always-compare-med
-bgp bestpath med-confed
.compare med for routes locally originated in the confederation
-bgp bestpath med missing-as-worst
.assign MED of 4,294,967,294 to NULL MED
-bgp deterministic med
.compare MED against all possible paths

BGP Communities
================
BGP’s implementation of a route-tag
Used to group prefixes together for
-advertisement policy
-filtering policy
-best path selection policy
Community is an optional transitive attribute
-not exchanged between peers by default
-neighbor [address] send-community

BGP Community Values
==============
Standard community is 4-byte value
Can be denoted as ..
-decimal (0-42944967296)
-AA:NN(00: - 65635:65535)
.ip bgpcommunity new-format
-same binary value regardless of visual format
Three “well-known” values are reserved

BGP well-known communities
=======================
No-export (0xFFFFFF01)
-don’t advertise to EBGP peers
No-advertise (0xFFFFFF02)
-don’t advertise to any peers
Local-AS (0xFFFFFF03)
-don’t advertise to confederation EBGP peers
-RFC defines as NO_EXPORT_SUBCONFED

Matching and setting Communities
==========================
Set occurs in route-map
-set community {community-number [additive] [well-known-community] | none}
-not additive by default

Match occurs by community-list
-Define list
.standard list matches community name or number
-ip community-list 1 standard permit no-export
.expanded matches regular expression
-ip community-list expanded AS100 permit 100:[0-9]+
-Reference from route-map
.match community AS100

Regular Expressions
=================
Used for string matching in..
-show command outputs
-TCL/EEM scripting
-BGP AS-path access lists
-BGP Expanded community lists

BGP Filtering
=================
BGP updates filtering occurs on a per peer bassis with..
-neighbor [address] distribute-list
-neighbor [address] filter-list
-neighbor [address] prefix-list
-neighbor [address] route-map

Using route-map avoids order of operations issues.

BGP Convergence
================
Hello and keepalive timers
-lowest timers are negotiated during peering establishment
-timers bgp
-neighbor timers

Link down detection
-bgp fast-external-fallover

Update timers
.neighbor advertisement-interval
-bgp nexthop {trigger {delay seconds | enable} | route-map map-name}
-bgp scan-time
-bgp update-delay

BGP Default routing
==================
Three ways to originate default
-default-information originate + redistribute
-network 0.0.0.0 mask 0.0.0.0
-neighbor default-originate

.supports conditional advertisement

Miscellaneous :
Attributes
well known mandatory: everyone supports, must be in update message (next_hop, origin, as_path)
well known discretionary: everyone supports, might not be in update message (local pref, atomic aggregate)
Optional transitive: travel from router to router or from AS to AS
Optional non-transitive:  does not travel from router to router (Aggregator, MED)

Most  preferred: Ignore
In bgp table : * means valid  and > means best route

Two ways to get networks into BGP
-network commands
-redistribution

BGP synchronization:
Do not use or advertise a route learned via IBGP until the same route has been learned from the internal routing protocol.

BGP next-hop processing:
-for IBGP peers: do not change next hop address on advertised routes.
-for EBGP peers: change next hop address on advertised routes.

When we create neighbor relation within IBGP or Ebgp between loopback addresses we need to use update source loopback
when we create neighbor relation between ebgp routers having loopback address we need to use ebgp multihop since loopback address sees itself sees as one hop away.

When only BGP is configured on IBGP, do no synchronization on all routers in AS and do clear and reset the process(clear ip bgp *)

Issue: since with IBGP, next hop is not changed, internal router will not be able to reach ebgp router so solution is to redistribute external ebgp route to routers in internal AS or another solution is to set next hop- self  command  in border router.

Weight is cisco propriety and its local to the router. It is set on per neighbor basis.

To disable the neighbor
neighbor 10.1.1.2 shut

origin code: i iGP(entering with network command) or e EGP or? incomplete (redistribute routes into BGP)

local pref : advertised within AS
bgp default local-preference 100. Mainly used when we want to pass routes through that particular router.

policy_routing : the programming language of routing table.













        





































































1 comment:


  1. Nawraj,
    Overall indeed a nice read, i've few comments on BGP confederation & BGP route reflector stuffs, will consolidate later & post.
    & one point:

    The answer of following question is both B & C when AS number is 4 byte, its 32 bits.

    58. An autonomous system number is comprised of how many bits?
    A. 8
    B. 16=
    C. 32
    D. 64


    ReplyDelete