Implementing Internet and MPLS BGP

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

1 comments

Comments 1 - 1 of 1 previous next Post a comment

  • + mamedz mamedz 4 months ago
    how can i download this ????
Post a comment
Embed Video
Edit your comment Cancel

Notes on slide 1

http://tools.ietf.org/html/rfc1930http://www.iana.org/assignments/as-numbers

http://tools.ietf.org/html/rfc1930http://tools.ietf.org/html/rfc4893http://www.iana.org/assignments/as-numbers

BGP Scannerhttp://www.cisco.com/warp/public/459/highcpu-bgp.html

BGP Path Selection BGP could possibly receive multiple advertisements for the same route from multiple sources. BGP selects only one path as the best path. When the path is selected, BGP puts the selected path in the IP routing table and propagates the path to its neighbors. BGP uses the following criteria, in the order presented, to select a path for a destination: •If the path specifies a next hop that is inaccessible, drop the update. •Prefer the path with the largest weight. •If the weights are the same, prefer the path with the largest local preference. •If the local preferences are the same, prefer the path that was originated by BGP running on this router. •If no route was originated, prefer the route that has the shortest AS_path. •If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than incomplete). •If the origin codes are the same, prefer the path with the lowest MED attribute. •If the paths have the same MED, prefer the external path over the internal path. •If the paths are still the same, prefer the path through the closest IGP neighbor. •Prefer the path with the lowest IP address, as specified by the BGP router ID.

http://www.cisco.com/en/US/docs/internetworking/technology/handbook/bgp.html#wp1020565

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801c4f48.shtmlBGP-Router# sh proc cpu | i CPU|PID|BGPCPU utilization for five seconds: 10%/4%; one minute: 6%; five minutes: 5% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 215 3212220 28919634 111 0.00% 0.05% 0.07% 0 BGP Router 234 937744 13995769 67 0.00% 0.01% 0.00% 0 BGP I/O 235 38969228 512967 75969 6.14% 0.77% 0.63% 0 BGP Scanner

http://www.iana.org/assignments/ipv4-address-spacehttp://en.wikipedia.org/wiki/Regional_Internet_RegistryThe Internet Assigned Numbers Authority (IANA) delegates Internet resources to the RIRs, and in turn, the RIRs follow their regional policies for further sub-delegation of resources to their customers, which include Internet service providers and end-user organizations.

http://www.arin.net/announcements/20070521.htmlhttp://www.networkworld.com/news/2007/060707-arin-registry-backs-ipv6.htmlhttp://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://www.oecd.org/dataoecd/7/1/40605942.pdf

Memory Requirementshttp://bgp.potaroo.net/http://bgp.potaroo.net/bgprpts/rva-index.htmlhttp://www.cidr-report.org/as2.0/#General_Statushttp://www.caida.org/research/topology/as_core_network/http://thyme.apnic.net/http://thyme.apnic.net/current/data-summaryneighbor maximum-prefixWhen the number of received prefixes exceeds the maximum number configured, the router terminates the peering (by default). However, if the warning-only keyword is configured, the router instead only sends a log message, but continues peering with the sender. If the peer is terminated, the peer stays down until the clear ipbgpcommand is issued.

http://www.iana.org/assignments/ipv4-address-spacehttp://www.iana.org/numbershttp://www.afrinic.net/statistics/resource_search.htmhttp://www.arin.net/reference/ip_blocks.html

http://www.nanog.org/mtg-0710/smith.html

Full, No DefaultMost organizations don’t need full routesPartial, with DefaultGood balance between load sharing and memory control. ISP or CE controlledDefault OnlyLowest memory requirements, but least amount of available BGP policy options

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtmlhttp://www.911networks.com/index.php/Cisco/BGPRegexOriginated in AS 31915 + allow prependingip as-path access-list 1 permit ^(31915_)+$Use “show ipbgpregex” to test

http://thyme.apnic.net/current/data-summary

http://www.team-cymru.org/Services/Bogons/routeserver.htmlhttp://www.team-cymru.org/Services/ip-to-asn.html#whoishttp://www.ietf.org/rfc/rfc2827.txtThe bogon prefixes are announced unaggregated; as of 28 SEP 2005 this includes 71 prefixes. The ASN used by all of the bogon route-servers is 65333. A private ASN is used to ensure that leakage is easily detected and prevented. Each prefix is tagged with a community, 65333:888, to more readily enable filtering. Peering sessions include the use of a password. The bogon route-servers accept no prefixes from their peers.

BGP community policies can be found in the whois database for the ISP ASNhttp://www.onesc.net/communities/Sprint - https://www.sprint.net/index.php?p=policy_bgp

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00801475b2.shtml

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/VPN.htmlEach VPN is associated with one or more VPN routing/forwarding instances (VRFs). A VRF defines the VPN membership of a customer site attached to a PE router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included into the routing table.Based on routing information stored in the VRF IP routing table and VRF CEF table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone, is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone: 1 Top label directs the packet to the correct PE router 2 Second label indicates how that PE router should forward the packet to the CE router

Verizon AT&T AS7018Sprint AS1803

neighbor 1.1.1.1 default-originate This command does not require the presence of 0.0.0.0 in the local router. When used with a route map, the default route 0.0.0.0 is injected if the route map contains a match ip address clause and there is a route that matches the IP access list exactly. The route map can contain other match clauses also. You can use standard or extended access lists with the neighbor default-originate command.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtmlBGP Multipath BGP Multipath allows installation into the IP routing table of multiple BGP paths to the same destination. These paths are installed in the table together with the best path for load sharing. BGP Multipath does not affect bestpath selection. For example, a router still designates one of the paths as the best path, according to the algorithm, and advertises this best path to its neighbors.

bgp fast-external-falloverTo immediately reset the BGP sessions of any directly adjacent external peers if the link used to reach them goes down, use thebgp fast-external-fallover command. The behavior of this command is enabled by default.

http://www.cisco.com/en/US/tech/tk365/tk80/tsd_technology_support_sub-protocol_home.htmlhttp://www.nanog.org/mtg-0802/smith1.htmlhttp://www.nanog.org/mtg-0802/presentations/PSmith_BGP.pdf

http://www.cisconet.com/route-server/world_map.htmlTelnet to route-views.oregon-ix.net

http://www.cisconet.com/route-server/world_map.htmlhttp://stat.qwest.net/looking_glass.htmlTelnet to route-views.oregon-ix.net

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801c4f48.shtmlReduce amount of receivedBGP prefixes

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801c4f48.shtmlWhile BGP scanner runs, low priority processes need to wait a longer time to access the CPU. One low priority process controls Internet Control Message Protocol (ICMP) packets such as pings. Packets destined to or originated from the router may experience higher than expected latency since the ICMP process must wait behind BGP scanner. The cycle is that BGP scanner runs for some time and suspends itself, and then ICMP runs. In contrast, pings sent through a router should be switched via Cisco Express Forwarding (CEF) and should not experience any additional latency. When troubleshooting periodic spikes in latency, compare forwarding times for packets forwarded through a router against packets processed directly by the CPU on the router.

9 Favorites

Implementing Internet and MPLS BGP - Presentation Transcript

  1. Implementing & Troubleshooting
    BGP
    Tanner
    5/23/2008
    5/30/2008
  2. Agenda
    PART 1
    BGP Fundamentals
    BGP and the Internet
    PART 2
    BGP and the WAN
    Troubleshooting
    2
  3. PART 1
    BGP Fundamentals
    BGP and the Internet
    3
  4. BGP Fundamentals
    Operations
    4
  5. Where is BGP used?
    Internet
    Same, Unique, or Mixed ASN
    MPLS WAN
    Public or Private ASN
    5
  6. ASAutonomous Systems
    Textbook answer:
    An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy.
    6
  7. ASN’sAutonomous System Numbers
    16-bit ASN’s (RFC1930)
    Range: 0-65535
    Public: 1-64511
    Private: 64512-65534
    32-bit ASN’s (RFC4893)
    4-octets
    0.0 to 65535.65535
    Only 46 32-bit ASN’s currently allocated
    7
  8. EIGRP and BGP Comparison
    8
  9. Path Selection
    Attributes
    Highest Weight
    Highest Local Preference
    Internally Originated
    Shortest AS-Path
    Manipulating these attributes changes BGP path selection
    9
  10. Terminology
    attribute [noun]
    Pronunciation: a-trə-byüt
    3: a word ascribing a quality; especially
    attribute [transitive verb]
    Pronunciation: ə-tri-byüt, -byət
    1: to explain by indicating a cause <attributed his success to his coach>
    10
  11. BGP AttributesRFC1771 attributes its success to its attributes
    11
  12. BGP AttributesMost Used
    Influence INBOUNDTraffic
    The transit path to you is determined by how you announce your routes
    AS Path Prepend (shorter is more preferred)
    route-map RM-ISP-OUT
    set as-path prepend123 123 123
    Influence OUTBOUNDtraffic
    Local Preference (higher is more preferred)
    route-map RM-ISP-IN
    set local-preference 50
    12
  13. BGP Process Operations
    13
  14. Section ReviewFundamentals
    What is an autonomous system?
    What are BGP attributes that affect inbound traffic?
    What are BGP attributes that affect outbound traffic?
    Name 4 common BGP path selection criteria
    What maintenance task happens every 60 seconds in BGP?
    14
  15. BGP & the Internet
    15
    23nd Ave / I-40 Junction
  16. Global IP Assignments
    IANA
    Regional Registrars
    ISP’s
    End Users
    16
  17. Address Space DepletionBGP Movie (6 min)
    17
  18. Global Routing tableHow large is it?
    .:: Limit Prefixes on Cisco routers
    router bgp 12345
    neighbor 1.1.1.1 maximum-prefix 300000 90
    18
  19. RIR whois
    ARIN IP Lookup
    • AfriNIC Country Lookup
    19
  20. Typical ISP Routing Options
    Single-homed, Single ISP
    Private AS or Static (No BGP)
    Multi-homed, Single ISP
    Private AS
    Multi-homed, Dual ISP
    Public AS
    20
  21. Prefix OriginationInbound Traffic
    Common Elements
    ISP’s won’t accept anything longer than /24
    Provider Aggregate address block (PA)
    /24 or shorter from ISP
    Justification paperwork, but usually easy
    Announcing another ISP’s prefix
    Provider Independent address block (PI)
    Applied for from RIR (e.g., ARIN)
    More Paperwork (and solid justification)!
    21
  22. What Kind of Routes?Outbound Traffic
    1Based on 2 upstream eBGP peers
    2 Varies depending on quantity of ISP customers announcing prefixes
    3Varies depending on size of upstream carrier
    4 Inbound bogon filtering is still possible, however outbound will not function due to default route
    22
  23. Memory RequirementsFull BGP Routes
    Based on 255K routes + soft reconfig
    BGP Summary shows 57MB Used
    BGP-Router# shipbgp sum
    ...
    BGP using 57060899 total bytes of memory
    • Adding up processes shows 153MB Used
    BGP-Router# sh proc mem | i PID|BGP
    PID TTY Allocated Freed Holding GetbufsRetbufs Process
    215 0 152845892 1430904 145443600 16 16 BGP Router
    234 0 239016 0 6984 5164371 5164371 BGP I/O
    235 0 0 82472 9972 0 0 BGP Scanner
    23
  24. BGP Policy Components
    Prefix-lists to filter prefixes
    ip prefix-list PL-ANNOUNCE seq 10 permit 1.0.0.0/8
    Filter-lists to filter ASNs
    ip as-path access-list 1 ^1234
    Route-maps to apply policy
    route-map RM-ISP-OUT permit 10 set as-path prepend 1234
    Distribute-lists to sit and watch (don’t use)
    Source: NANOG 23, Phillip Smith
    24
  25. Configuration ExampleISP eBGP Peer with Partial Routes
    router bgp 1234
    no auto-summary
    no synchronization
    no bgp fast-external-fallover
    bgp log-neighbor-changes
    neighbor 192.0.2.233 remote-as 209
    neighbor 192.0.2.233 description eBGP with Qwest AS209. Password: 1234abcd
    neighbor 192.0.2.233 password 1234abcd
    neighbor 192.0.2.233 version 4
    neighbor 192.0.2.233 soft-reconfiguration inbound
    neighbor 192.0.2.233 maximum-prefix 300000 90 warning-only
    neighbor 192.0.2.233 prefix-list PL-BOGONS in
    neighbor 192.0.2.233 prefix-list PL-ANNOUNCE out
    neighbor 192.0.2.233 route-map RM-QWEST-OUT out
    neighbor 192.0.2.233 route-map RM-QWEST-IN in
    neighbor 192.0.2.233 filter-list 1 out
    neighbor 192.0.2.233 filter-list 10 in
    network 205.93.251.0 mask 255.255.254.0
    network 205.93.251.0
    ip route 205.93.251.0 255.255.254.0 Null0 name BGP-STABILITY
    ip route 205.93.251.0 255.255.255.0 205.93.251.4
    ip route 205.93.251.125 255.255.255.255 205.93.251.121 name IBGP-PEER
    ip route 205.93.251.125 255.255.255.255 205.93.251.2 250 name IBGP-PEER-BACKUP
    ip as-path access-list 1 permit ^$
    ip as-path access-list 10 permit _(209|7018)$
    ip prefix-list PL-ANNOUNCE seq 10 permit 205.93.251.0/23 le 24
    ip prefix-list PL-ANNOUNCE seq 99 deny 0.0.0.0/0 le 32
    route-map RM-QWEST-OUT permit 10
    set as-path prepend 1234 1234
    route-map RM-QWEST-IN permit 10
    set local-pref 50
    25
  26. Regular ExpressionsBGP AS Filtering
    Defining our AS
    ip as-path access-list 1 permit ^$
    Originating in AS 3549
    ip as-path access-list 1 permit ^3549$
    Originating in AS 3549 or Upstream AS
    ip as-path access-list 1 permit ^3549$
    ip as-path access-list 1 permit ^3549 1239$
    ip as-path access-list 1 permit ^3549_(1239)?$
    Deny all nets originating from AS 1239 and permit all other routes
    ip as-path access-list 1 deny _1239$
    ip as-path access-list 1 permit .*
    26
  27. BGP Routing Table Analysis
    Daily BGP Stats Available
    BGP routing table entries examined: 255572
    Prefixes after maximum aggregation: 127106
    Deaggregation factor: 2.01
    Unique aggregates announced to Internet: 123962
    Total ASes present in the Internet Routing Table: 28151
    Prefixes per ASN: 9.08
    Average AS path length visible in the Internet Routing Table: 3.6
    Max AS path length visible: 25
    Max AS path prepend of ASN (39375) 13
    Prefixes from unregistered ASNs in the Routing Table: 25414
    Unregistered ASNs in the Routing Table: 1885
    Prefixes being announced from unallocated address space: 786
    Number of addresses announced to Internet: 1,851,293,088
    WojciechMisiaszek
    TelekomunikacjaPodlasie Sp.
    ul. Dobra 14A
    15-034 Bialystok
    Poland
    27
  28. Bogon FilteringManual Method
    28
    Outbound traffic (via inbound route filter)
    ip prefix-list BOGONS descBogon networks we won't accept
    ip prefix-list BOGONS seq 2 deny 0.0.0.0/0
    ip prefix-list BOGONS seq 5 deny 0.0.0.0/8 le 32
    ip prefix-list BOGONS seq 20 deny 5.0.0.0/8 le 32
    ip prefix-list BOGONS seq 390 deny 127.0.0.0/8 le 32
    ip prefix-list BOGONS seq 400 deny 172.16.0.0/12 le 32
    ip prefix-list BOGONS seq 520 deny 224.0.0.0/3 le 32
    ip prefix-list BOGONS seq 700 permit 0.0.0.0/0 le 27
    Inbound traffic
    ip access-list extended ACL-OUTSIDE-IN
    remark --- Basic Spoof Filtering
    deny ip 0.0.0.0 0.255.255.255 any
    deny ip 10.0.0.0 0.255.255.255 any
    deny ippublic-ip-blocksubnet-mask any
  29. Bogon FilteringAutomatic Method
    Do not try this at home!
    Make sure you are aware of potential complications
    29
    router bgp <your asn>
    neighbor x.x.x.x remote-as 65333
    neighbor x.x.x.xebgp-multihop 255
    neighbor x.x.x.x description CymruBogon Route Server Project
    neighbor x.x.x.x prefix-list PL-CYMRU-OUT out
    neighbor x.x.x.x route-map RM-CYMRUBOGONS-IN in
    neighbor x.x.x.x password 31337PW
    neighbor x.x.x.x maximum-prefix 100 threshold 90
    Configure a community list to accept the bogon prefixes into the route-map.
    ipbgp-community new-format
    ip community-list 10 permit 65333:888
    Configure the route-map. Remember to apply it to the proper peering sessions.
    route-map RM-CYMRUBOGONS-IN permit 10
    description Filter bogons learned from cymru.com bogon route-servers
    match community 10
    set ip next-hop 192.0.2.1
    Set a bogon next-hop on all routers that receive the bogons.
    ip route 192.0.2.1 255.255.255.255 null0
    ip prefix-list PL-CYMRU-OUT seq 5 deny 0.0.0.0/0 le 32
  30. BGP Communities
    WELL KNOWN
    TE Custom Communities
    no-advertise
    no-export
    ISP must support it
    TE via AS path prepends, local prefs, trig. blackhole
    30
  31. BGP CommunitiesConfiguration Example
    ipbgp-community new-format
    ipprefix-list PL-ANNOUNCE seq 10 permit 205.93.251.0/24
    ipprefix-list PL-ANNOUNCE seq 10 deny 0.0.0.0/0 le 32
    route-map RM-ISP-OUT permit 10
    match ip address prefix-list PL-ANNOUNCE
    set community 65011:209
    route-map RM-ISP-OUT permit 20
    router bgp 64512
    neighbor 1.1.1.1 send-community
    neighbor 1.1.1.1 route-map RM-ISP-OUT out
    31
  32. Section ReviewBGP & the Internet
    What kind of route options are typically received from an ISP?
    Who is the global controller of IP space on the internet?
    Describe bogon filtering
    What do the ^ and $ symbols mean in regular expressions?
    32
  33. PART 2
    BGP and the MPLS WAN
    Troubleshooting BGP
    33
  34. BGP & MPLS
    Theory
    Design
    Configuration
    Best Practices
    34
  35. MPLS Basics
    Topology
    Full Mesh
    Single peer to WAN cloud
    L1 Transport
    T1
    DS3
    L2 Transport
    PPP / MLP
    ATM / IMA
    Frame Relay
    Ethernet
    Routing Protocols
    BGP
    EIGRP
    RIP
    Public/Private AS’s
    35
  36. MPLS Terminology
    CE Router
    Customer Edge
    PE Router
    Provider Edge
    P/LSR Router
    Provider Backbone/Label Switching Router
    VRF
    Virtual Routing and Forwarding
    Everything else is standard BGP!
    36
  37. Typical MPLS Topology Options
    Single-homed, Single ISP
    Easiest routing policies
    Multi-homed, Single ISP
    Most common
    Multi-homed, Dual Provider
    Lots of TE
    37
  38. BGP TableHow do you read this thing???
    38
    > is the path installed in the routing table
    rmeans there is already a route with a better AD
    32768means prefix originated on this router
    ? means prefix was originated via redistribution
    Next Hopis the neighbor IP of eBGP peer(s)
    WAN-Router# shipbgp
    BGP table version is 7345, local router ID is 172.16.254.3
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    Network Next Hop Metric LocPrf Weight Path
    * i12.86.42.44/30 172.16.254.4 0 100 0 7018 ?
    *> 12.122.14.185 0 7018 ?
    r>i172.16.254.4/32 172.16.254.4 0 100 0 ?
    *> 172.16.254.16/29 0.0.0.0 0 32768 ?
    *> 172.16.254.24/29 0.0.0.0 0 32768 ?
    * i172.30.32.0/20 172.16.254.4 0 100 0 7018 7018 i
    *> 12.122.14.185 0 7018 7018 i
    *> 172.30.64.0/20 12.122.14.185 0 7018 7018 ?
    imeans prefix was originated via network statement
    AS set is the list of AS’s prefix has passed through
    CIDR Mask try to summarize where possible
    * means route is OK to inject in routing table
    imeans prefix learned from iBGP peer
  39. Default Route Origination
    39
    *Policies include: Conditional advertisement, AS prepending, and communities
  40. Best Path Selection
    Review
    BGP Table (BRIB)
    Routing Table (RIB)
    BGP Multipath
    Multi-VRF w/Sub-interfaces
    40
    Weight
    Local Pref
    Local Originate
    AS Path
    Origin Type
    Lowest MED
    eBGP over iBGP
    IGP Metric to NH
    Received First
    Lowest RID
    Originator ID
    Neighbor IP
    WAN-router# shipbgpnei 172.16.16.249 advertised-routes
    Originating default network 0.0.0.0
       Network          Next Hop      Metric LocPrf Weight Path
    *> 10.0.0.0/24      10.20.40.5         0         32768 ?
    *> 10.20.20.0/24    0.0.0.0            0         32768 ?
    ...
    Only send the very best!
    WAN-router> shipbgp
       Network          Next Hop       Metric LocPrf Weight Path
    *> 0.0.0.0          172.14.16.250                     0 65000 i
    * 0.0.0.0          10.217.13.102                     0 65001 i
    WAN-router> shipbgp
       Network       Next Hop        Metric LocPrf Weight Path
    *> 0.0.0.0       172.11.132.193                     0 1803 65000 i
  41. Route Redistribution
    “Seek first to summarize…”
    Do you need to redistribute?
    Yes = Redistribution
    No = Summarization
    Maybe = Both?
    BGP to EIGRP
    router eigrp 111
    redistribute bgp 222 metric 1500 1000 255 1 1500
    EIGRP to BGP
    router bgp 222
    redistribute eigrp 111
    41
  42. Miscellaneous Features
    Peer Groups
    Object-groups for BGP! (Kind of…)
    router bgp 64512
    ! Setup peer-group policies
    neighbor PARTIAL-ROUTES peer-group
    neighbor PARTIAL-ROUTES version 4
    neighbor PARTIAL-ROUTES filter-list 5 out
    neighbor FULL-ROUTES peer-group
    neighbor FULL-ROUTES version 4
    ! Apply it to a neighbor
    neighbor 192.0.2.228 peer-group FULL-ROUTES
    ip as-path access-list 5 permit ^(209|36270|6298_)[0-9]*_[0-9]*$
    Route Reflectors
    42
  43. Best Practices
    Avoid redistributing everything under the sun
    connected, static, every routing protocol, etc.
    Look for ways to reduce routing tables
    Summarize
    Advertise only what is necessary
    Use a network statement for default origination
    network 0.0.0.0 mask 0.0.0.0
    43
  44. Case StudyRequirements
    WAN to Internet
    Use DC as primary
    Use Campus as secondary
    Use Internet VPN as tertiary
    WAN to Hubs
    Use each hub MPLS DS3
    Use other hub DS3 as secondary
    Use Internet VPN as tertiary
    Hub to Hub
    Use LAN link as primary
    Don’t use MPLS DS3’s as secondary
    44
    Smokey the Router says…
    “Routing works both ways!”
  45. Case StudyPossible Solution
    45
    • WAN to Internet
    • Use DC as primary
    • Use Campus as secondary
    • Use Internet VPN as tertiary
    • WAN to Hubs
    • Use each hub MPLS DS3
    • Use other hub DS3 as secondary
    • Use Internet VPN as tertiary
    • Hub to Hub
    • Use LAN link as primary
    • Don’t use MPLS DS3’s as secondary
    Default Networks:
    1 via eBGP to MPLS
    1 via iBGP to VPN
    Advertised Networks:
    Shortest AS path (DC)
    Advertised Networks:
    network 0.0.0.0
    network 10.112.0.0
    Received Networks:
    0.0.0.0/0 ge 29 le 32
    Advertised Networks:
    network 0.0.0.0
    Received Networks:
    0.0.0.0/0 ge 29 le 32
    Summarized Networks:
    summary-addr 10.x.0.0/20
    summary-addr <WAN nets>
    Advertised Networks:
    network 0.0.0.0
    Received Networks:
    0.0.0.0/0 ge 29 le 32
    Summarized Networks:
    summary-addr 10.112.0.0/16
    Default Route
    Static route redistributed into EIGRP
    Campus to WAN:
    EIGRP Metric better via Router 1  WAN
    DC to Campus:
    Only 1 route via Interlink
  46. Configuration Example (Hub)MPLS eBGP Peer with Default Advertisement
    46
    router bgp 100
    network 0.0.0.0
    network 10.112.0.0 mask 255.255.0.0
    neighbor 192.0.2.105 remote-as 65000
    neighbor 192.0.2.105 description eBGP with MPLS SP. Password: 1234abcd
    neighbor 192.0.2.105 password 1234abcd
    neighbor 192.0.2.105 version 4
    neighbor 192.0.2.105 send-community
    neighbor 192.0.2.105 soft-reconfiguration inbound
    neighbor 192.0.2.105 route-map RM-MPLS-IN in
    neighbor 192.0.2.105 route-map RM-MPLS-OUT out
    no auto-summary
    ip prefix-list PL-DEFAULT seq 10 permit 0.0.0.0/0
    route-map RM-MPLS-IN deny 10
    description Block learning default route from DC Router. Use IGP instead.
    match ip address prefix-list PL-DEFAULT
    route-map RM-MPLS-IN permit 20
    route-map RM-MPLS-OUT permit 10
    description Set BGP policies for outbound route advertisements to MPLS Provider
    set community 112
    route-map RM-MPLS-OUT permit 20
    description Prepend Default Route for Backup Link
    match ip address prefix-list PL-DEFAULT
    set as-path prepend 100 100
    route-map RM-MPLS-OUT permit 30
  47. Configuration Example (Hub)MPLS EIGRP Redistribution
    router eigrp 1
    redistribute bgp 100 metric 1500 1000 255 1 1500 route-map PL-WAN-SERIALS
    network 10.112.2.0 0.0.0.255
    no auto-summary
    ip prefix-list PL-WAN-SERIALS seq 10 permit 0.0.0.0/0 ge 29
    route-map RM-WAN-SERIALS permit 10
    description Only redistribute WAN serials (/29 to /32 prefixes) into EIGRP process
    match ip address prefix-list PL-WAN-SERIALS
    Advertise learned BGP networks with prefixes /29 or longer
    47
  48. Section ReviewBGP & MPLS
    What are the 3 default route origination methods?
    What does the > symbol mean in the BGP table?
    What are 3 clues that tell you a route "originated here" in the BGP table?
    48
  49. BGP Troubleshooting
    Interpreting and Troubleshooting BGP Operations
    49
  50. Peer Establishment
    Peer Reachability
    MD5 Password Mismatch
    Wrong neighbor IP
    Wrong update-source
    Wrong peer AS
    TTL / ebgp-multihop
    Stuck in OpenSent/OpenConfirm
    Asymmetric routing & TTL problem
    ACL’s between peers
    Blocking TCP/179
    50
  51. Flapping Peer
    *May 20 04:02:39.240 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session
    *May 20 04:02:54.468 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up
    *May 20 04:20:44.999 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent
    *May 20 04:20:44.999 MST: %BGP-3-NOTIFICATION: sent to neighbor 192.0.2.133 4/0 (hold time expired) 0 bytes
    *May 20 04:21:04.243 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up
    *May 20 04:52:18.132 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent
    *May 20 04:52:18.132 MST: %BGP-3-NOTIFICATION: sent to neighbor 192.0.2.133 4/0 (hold time expired) 0 bytes
    *May 20 04:55:16.469 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up
    *May 20 04:56:17.169 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session
    *May 20 04:56:36.533 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up
    *May 20 05:09:28.555 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session
    *May 20 05:09:35.087 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up
    *May 20 05:47:57.350 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent
    Remote router rebooting (BGP crash?)
    MTU Incorrect
    L2 Problem
    Interface output drops (QoS, CoPP, etc.)
    51
  52. Received RoutesPre/Post Filter
    Show received routes before policy is applied
    shipbgpnei 1.1.1.1 received-routes
    Requires soft-reconfiguration inbound (more mem)
    Show received routes after policy is applied
    shipbgpnei 1.1.1.1 routes
    Show AS Paths to via all neighbors
    BGP-router> shipbgp paths
    Address Hash Refcount Metric Path
    0xC4125EDC 1 8 0 7018 209 701 23520 3816 ?
    0x68397C58 1 18 0 4323 6389 6198 27266 25747 i
    0x74151970 1 2 0 4323 1299 13249 44600 i
    0x70FF72D4 1 2 0 4323 3257 1241 20506 i
    52
  53. Missing Routes
    Next hop IP address must be accessible
    iBGP next-hop-self
    Route with better AD already exists in RIB
    Filters
    Prefix
    AS-Path
    Route-maps
    53
  54. AnnouncementsVerify advertised routes
    Show advertised routes to peer
    shipbgpnei 192.0.2.233 advertised-routes
    54
    BGP-Router> shipbgpnei 192.0.2.233 advertised-routes
    BGP table version is 20753141, local router ID is 205.93.251.126
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    Network Next Hop Metric LocPrf Weight Path
    *> 205.93.251.0 205.93.251.4 0 32768 i
    *> 205.93.251.0/23 0.0.0.0 0 32768 i
    Total number of prefixes 2
    • What if nothing shows up?
    • Route must exist in the RIB
  55. BGP TableAnalyzing and Interpreting
    Router# shipbgp
    BGP table version is 24849, local router ID is 205.215.216.193
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    Network Next Hop Metric LocPrf Weight Path
    *>i0.0.0.0 205.93.251.125 0 100 0 7018 i
    *> 3.0.0.0 192.0.2.233 0 4323 1239 701 703 80 i
    *> 4.0.0.0/9 192.0.2.233 0 4323 3549 3356 i
    * i 205.93.251.125 0 100 0 7018 209 3356 i
    *> 4.0.0.0 192.0.2.233 0 4323 3549 3356 i
    * i 205.93.251.125 0 100 0 7018 209 3356 i
    *> 4.23.112.0/24 192.0.2.233 0 4323 174 21889 i
    *>i12.2.60.0/22 205.93.251.125 0 100 0 7018 209 7018 32719 i
    * 192.0.2.233 0 4323 6539 19092 26794 26794 26794 26794 26794 26794 26794 26794 26794 26794 26794 32719 i
    Note to self: 10 prepends is excessive
    Average AS path length is 3.6
    55
  56. Looking GlassPublic BGP Route Servers - CLI
    Verify how the global internet routing table views your prefix announcement
    route-views.oregon-ix.net> shipbgp205.93.251.0 | i64512
    3333 3356 1239 4323 64512
    2905 701 209 7018 64512
    4513 13789 22212 4323 64512
    7018 4323 64512
    ...
    56
  57. Looking GlassPublic BGP Route Servers – Web/CLI
    57
  58. High CPU
    BGP-Router# sh proc cpu | i CPU|PID|BGP
    CPU utilization for five seconds: 93%/2%; one minute: 32%; five minutes: 22%
    PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
    319 2319628 11589466 200 0.15% 0.05% 0.04% 0 BGP Router
    320 568684 2305861 246 0.00% 0.01% 0.00% 0 BGP I/O
    321 246815548 1497615 164807 76.47% 9.23% 6.50% 0 BGP Scanner
    58
  59. High Memory
    L3-Switch# sh proc mem | i PID|BGP
    PID TTY Allocated Freed Holding GetbufsRetbufs Process
    319 0 541682808 353471992 177441136 0 0 BGP Router
    320 0 1377432 2361312 7048 0 0 BGP I/O
    321 0 136 323920 10216 0 0 BGP Scanner
    L3-Switch# shipbgp sum
    Neighbor V AS MsgRcvdMsgSentTblVerInQOutQ Up/Down State/PfxRcd
    32.124.75.251 4 209 1741759 68344 9564122 0 0 6w5d 251577
    52.111.238.129 4 5555 2798645 68231 9564122 0 0 1w2d 254104
    192.0.1.148 4 22222 68448 2134480 9564122 0 0 3w3d 35
    192.0.2.228 4 33333 67386 2381477 9564122 0 0 5d01h 118
    192.0.3.254 4 11111 2140027 2272911 9564130 0 0 6w5d 254360
    750K routes (if no soft-reconfig)
    1.5M routes (if soft-reconfig)
    542MB of memory for BGP
    59
  60. LatencyPerception v. Reality
    What could cause this horrible latency???
    Reply from 209.85.171.100: bytes=32 time=5ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=5ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=6ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=99ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=225ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=248ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=66ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=8ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=5ms TTL=247
    Reply from 209.85.171.100: bytes=32 time=5ms TTL=247
    60
    BGP scanner process takes higher priority than ICMP processing. Move on, nothing to see here.
  61. Section ReviewTroubleshooting
    What are 3 reasons that could cause peer establishment problems?
    What are the advantages and disadvantages of soft reconfiguration?
    What is required in ordered to announce a prefix?
    What kind of information can you get from the looking glass route servers?
    61
  62. BGP Resources
    North American Network Operators Group (NANOG)
    http://www.nanog.org
    www.traceroute.org
    62

+ Tanner Tanner , 2 years ago

custom

882 views, 9 favs, 1 embeds more stats

For enterprise network engineers, implementing BGP more

More info about this document

© All Rights Reserved

Go to text version

  • Total Views 882
    • 880 on SlideShare
    • 2 from embeds
  • Comments 1
  • Favorites 9
  • Downloads 0
Most viewed embeds
  • 2 views on http://jeeveshwarni.blogspot.com

more

All embeds
  • 2 views on http://jeeveshwarni.blogspot.com

less

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

Cancel
File a copyright complaint
Having problems? Go to our helpdesk?

Categories

Tags

-->
What's New

© 2009 SlideShare Inc. All rights reserved.