Implement an eBGP based solution, given anetwork design and a set of requirements  Determine network resources needed for ...
Border Gateway Protocol Used to exchange routes/prefix between different autonomous systems (AS) Use TCP port 179 Require ...
Design of BGP, when to use it? Connection with multiple AS Implement complex routing When you are a transit ASMultihoming ...
BGP Messages OPEN KEEPALIVE UPDATE NOTIFICACIONBGP Tables Neighbor table BGP table IP routing tableBGP Neighbor States IDL...
Network Topology Configuring NeighborsR4(config)#router eigrp 100R4(config-router)#no auto-summaryR4(config-router)#networ...
Loop Prevention iBGP learned routes can’t be advertised to another iBGP neighbor    iBGP full mesh peerings    Route Refle...
Route Reflectors                                 RRR1(config)#router bgp 100R1(config-router)#neighbor 10.14.0.4 route-ref...
Next Hop Processing    eBGP change the next hop    iBGP doesn’t change the next hop    How to change the next hop:       S...
Redistribution    When you redistribute an IGP to BGP, BGP can    propagate to another AS. Routing loops may occur    beca...
Peer Groups    Easier administration    In occasions a more efficient way to configure BGP    Lot of neighbors with the sa...
Authentication    Only MD5 is supported    Very little ISP’s wants to run authentication with its    clientsR4(config)#rou...
Route MapsDeny only summary route to R6 and permit all other routesR4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8R4(c...
‘WELL KNOW’ Attributes  Autonomous system path AS_PATH (Mandatory)  Next-hop-address (Mandatory)  Origin (Mandatory)  Loca...
BGP Path Selection Influence BGP Path Select ion: Weight    Influence the OUTBOUND traffic    Apply INBOUND    Local to th...
Influence BGP Path Select ion: Local Preference   Influence the OUTBOUND traffic   Apply INBOUND   Local to AS   Default v...
Influence BGP Path Select ion: MED   Influence the INBOUND traffic   Apply OUTBOUND   Only compare MED if prefix is advert...
Synchronizat ion RuleR3(config)#router bgp 100R3(config-router)#synchronizationR4(config)#router bgp 100R4(config-router)#...
Verifying and Troubleshooting BGP  ACL blocking TCP 179  eBGP not directly connected, use multihop  AS mismatch Troublesho...
07.bgp
Upcoming SlideShare
Loading in …5
×

07.bgp

376
-1

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
376
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

07.bgp

  1. 1. Implement an eBGP based solution, given anetwork design and a set of requirements Determine network resources needed for implementingeBGP on a network Create an eBGP implementation plan Create an eBGP verification plan Configure eBGP routing Verify eBGP solution was implemented properly usingshow and debug commands Document results of eBGP implementation andverification plan 1
  2. 2. Border Gateway Protocol Used to exchange routes/prefix between different autonomous systems (AS) Use TCP port 179 Require IGP, network can’t route with only BGP Only one process per router Need neighbors but doesn’t run on interfaces Neighbors doesn’t need to be directly connected iBGP: In the same AS (AD 200) eBGP: In different AS (AD 20) Hello 60 seconds / Dead 180 secondsBGP Autonomous System Set of routers under a unique technical administration AS range: Public: 1 – 64511 Private: 64512 – 65535BGP Loop Prevention 2
  3. 3. Design of BGP, when to use it? Connection with multiple AS Implement complex routing When you are a transit ASMultihoming Connection to two different ISP’s via BGP Verify that your networks are correctly advertised Be careful not to become a transit AS Filter networks not originated from your ASDesign of BGP, what routes should i receive? Only a default route Some routes plus a default Full routes (more than 200.000)Impact Memory CPU Route selection 3
  4. 4. BGP Messages OPEN KEEPALIVE UPDATE NOTIFICACIONBGP Tables Neighbor table BGP table IP routing tableBGP Neighbor States IDLE: Looking for neighbors CONNECT: TCP session complete ACTIVE: Trying to establishing a neighborship OPEN SENT: BGP open message has been sent OPEN CONFIRM: Response of an open message ESTABLISHED: Neighbor is up, routes exchange start 4
  5. 5. Network Topology Configuring NeighborsR4(config)#router eigrp 100R4(config-router)#no auto-summaryR4(config-router)#network 0.0.0.0 255.255.255.255R4(config-router)#passive-interface fa0/0R4(config)#router bgp 100R4(config-router)#neighbor 10.14.0.1 remote-as 100R4(config-router)#neighbor 172.16.46.6 remote-as 200R4(config-router)#network 1.1.1.1 mask 255.255.255.255R4(config-router)#network 4.4.4.4 mask 255.255.255.255R4(config-router)#network 10.14.0.0 mask 255.255.255.0R6#show ip bgp neighbors 172.16.46.4 advertised-routesR6#show ip bgp summaryR6#show ip bgpR6#debup ip packet detail 5
  6. 6. Loop Prevention iBGP learned routes can’t be advertised to another iBGP neighbor iBGP full mesh peerings Route Reflectors ConfederationsFull MeshRoute Reflectors Like the DR of OSPF No (n-1)/2 peering needed If route come from eBGP Advertise to eBGP, route-reflector-client, non-client If route come from route-reflector-client Advertise to eBGP, route-reflector-client, non-client If route come from non-client Advertise to eBGP, route-reflector-client 6
  7. 7. Route Reflectors RRR1(config)#router bgp 100R1(config-router)#neighbor 10.14.0.4 route-reflector-clientR1(config-router)#neighbor 10.13.0.2 route-reflector-clientR1#sh ip bgp neighbors 10.13.0.2 Confederations Sub AS’s Usually Private AS’s Within a sub AS, route reflector can be usedR1(config)#no router bgp 100R1(config)#router bgp 65001R1(config-router)#bgp confederation id 100R1(config-router)#bgp confederation peers 65004 65035R1(config-router)#neighbor 10.14.0.4 remote-as 65004R1(config-router)#neighbor 10.13.0.2 remote-as 65035 7
  8. 8. Next Hop Processing eBGP change the next hop iBGP doesn’t change the next hop How to change the next hop: Static route Running a IGP Option ‘next-hop-self’ Via route-map Option ‘next-hop-self’R4(config)#router bgp 100R4(config-router)#neighbor 10.14.0.1 next-hop-self Via Route MapR4(config)#route-map NEXTHOP permit 10R4(config-route-map)#set ip next-hop 10.14.0.4R4(config-router)#neighbor 10.14.0.1 route-map NEXTHOP out 8
  9. 9. Redistribution When you redistribute an IGP to BGP, BGP can propagate to another AS. Routing loops may occur because external IGP routes may be originated in another AS When redistributing from BGP to an IGP it could cause high CPU and memory usage, there are more than 200.000 routes in the internet Well see an example on ‘synchronization rule’ Update Source and Multihop By default the TCP packet is sent via the closest interface In some occasions it’s a good idea that the TCP packets are originated from another interface. eBGP must be directly connected, if not, use multihopR4(config)#neighbor 6.6.6.6 remote-as 200R4(config)#neighbor 6.6.6.6 ebgp-multihop 255R4(config)#neighbor 6.6.6.6 update-source Loopback0R4(config)#ip route 6.6.6.6 255.255.255.255 172.16.46.6 9
  10. 10. Peer Groups Easier administration In occasions a more efficient way to configure BGP Lot of neighbors with the same configuration Locally significantR3(config)#router bgp 100R3(config-router)#neighbor GROUP peer-groupR3(config-router)#neighbor GROUP remote-as 100R3(config-router)#neighbor GROUP route-reflector-clientR3(config-router)#neighbor 10.35.0.5 peer-group GROUP Summarization Used in AS border Advertise a single route CPU Memory Cisco way says that is better to aggregate than redistribute static routes connected to nullR4(config)#ip route 10.0.0.0 255.0.0.0 null 0R4(config)#router bgp 100R4(config-router)#network 10.0.0.0 mask 255.0.0.0R4(config-router)# aggregate-address 10.0.0.0 255.0.0.0orR4(config-router)# aggregate-address 10.0.0.0 255.0.0.0 summary-only 10
  11. 11. Authentication Only MD5 is supported Very little ISP’s wants to run authentication with its clientsR4(config)#router bgp 100R4(config-router)#neighbor 10.14.0.1 password cisco Filter Access list Prefix list Route maps Access ListsSend only summary route to R6R4(config)#access-list 10 permit 10.0.0.0 0.255.255.255R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 distribute-list 10 out Prefix ListsSend only summary route to R6R4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 prefix-list SUMMARY out 11
  12. 12. Route MapsDeny only summary route to R6 and permit all other routesR4(config)#ip prefix-list SUMMARY permit 10.0.0.0/8R4(config)#route-map FILTER deny 10R4(config-route-map)#match ip address prefix-list SUMMARYR4(config)#route-map FILTER permit 20R4(config-router)#neighbor 172.16.46.6 route-map FILTER out What are BGP Attributes The BGP metric is not simple Attributes are ways that you can ‘tag’ incoming or outgoing BGP routes Some attributes are WELL KNOWN (everyone supports) while others are OPTIONAL Some attributes are MANDATORY (must be in the update) while others are DISCRETIONARY Some attributes are TRANSITIVE (travel from router to router) while others are NON-TRANSITIVE 12
  13. 13. ‘WELL KNOW’ Attributes Autonomous system path AS_PATH (Mandatory) Next-hop-address (Mandatory) Origin (Mandatory) Local Preference (Discretionary) Atomic Aggregate (Discretionary)‘OPTIONAL’ Attributes Aggregator (Transitive) Multi-exit Discriminator (Non-Transitive)BGP Path Selection 13
  14. 14. BGP Path Selection Influence BGP Path Select ion: Weight Influence the OUTBOUND traffic Apply INBOUND Local to the router Default value 0R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 weight 200R4(config)#ip prefix-list LOOBACK2 permit 2.2.2.2/32R4(config)#route-map WEIGHT permit 10R4(config-route-map)#match ip address prefix-list LOOBACK2R4(config-route-map)#set weight 200R4(config)#route-map WEIGHT permit 100R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 route-map WEIGHT in 14
  15. 15. Influence BGP Path Select ion: Local Preference Influence the OUTBOUND traffic Apply INBOUND Local to AS Default value 100R4(config)#router bgp 100R4(config-router)#bgp default local-preference 150R4(config)#ip prefix-list LOOPBACK2 permit 2.2.2.2/32R4(config)#route-map LOCAL_PREFERENCE permit 10R4(config-route-map)#match ip address prefix-list LOOPBACK2R4(config-route-map)#set local-preference 150R4(config)#route-map LOCAL_PREFERENCE permit 100R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 route-map LOCAL_PREFERENCE in Influence BGP Path Select ion: AS Path Influence the INBOUND traffic Apply OUTBOUND Shortest is betterR4(config)#ip prefix-list LOOPBACK4 permit 4.4.4.4/32R4(config)#route-map AS_PATH permit 10R4(config-route-map)#match ip address prefix-list LOOPBACK4R4(config-route-map)#set as-path prepend 100 100 100 100R4(config)#route-map AS_PATH permit 100R4(config)#router bgp 100R4(config-router)#neighbor 172.16.46.6 route-map AS_PATH out 15
  16. 16. Influence BGP Path Select ion: MED Influence the INBOUND traffic Apply OUTBOUND Only compare MED if prefix is advertised from two sources from the same AS, if not: (config-router)#bgp always-compare-medR3(config)#ip prefix-list LOOPBACK3 permit 3.3.3.3/32R3(config)#route-map MED permit 10R3(config-route-map)#match ip address prefix-list LOOPBACK3R3(config-route-map)#set metric 2300418R3(config)#route-map MED permit 100R3(config)#router bgp 100R3(config-router)#neighbor 172.16.32.2 route-map MED outR3(config-router)#default-metric x Synchronizat ion Rule Prevents traffic to be black holed Reduces traffic that will be drop / Ensure consistency Turn off when Redistribute BGP into IGP BGP is running in all routers of the AS ‘Routes learned via BGP must be validated by the interior routing table before they can be advertised to remote peers’ 16
  17. 17. Synchronizat ion RuleR3(config)#router bgp 100R3(config-router)#synchronizationR4(config)#router bgp 100R4(config-router)#synchronizationHow to fix it1. BGP running in all routers of the ASor1. Turn off synchronization on R3 and R4 and:R4(config-router)#router eigrp 100R4(config-router)#redistribute bgp 100 metric 1 1 1 1 1 Communities To tag routes in the BGP topology Consistent filtering in the AS domain se n d t ag r ou t esR5(config)#route-map COMMUNITY permit 10R5(config-route-map)#set community 123456 local-ASR5(config)#router eigrp 100R5(config-router)#no network 5.5.5.5 0.0.0.0R5(config-router)#router bgp 100R5(config-router)#network 5.5.5.5 mask 255.255.255.255R5(config-router)#neighbor 10.35.0.3 route-map COMMUNITY outR5(config-router)#neighbor 10.35.0.3 send-community 17
  18. 18. Verifying and Troubleshooting BGP ACL blocking TCP 179 eBGP not directly connected, use multihop AS mismatch TroubleshootingR1#show ip bgpR1#show ip bgp summaryR1#show ip neighborsR1#clear ip bgp *R1#clear ip bgp * inR1#clear ip bgp * outR1#debug ip bgp BGP Design Peer ReviewImplementation Plan Detail (configuration and notes) Based on the network topology, configuration of peers, route reflectors, filters BGP Implementation Peer ReviewQuestion that can be Asked Why route reflectors and no confederations?Possible Answers There is only one route reflector in the network, the solution is simple 18

×