Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dynamische Routingprotokolle Aufzucht und Pflege - BGP

60 views

Published on

Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet.

Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Dynamische Routingprotokolle Aufzucht und Pflege - BGP

  1. 1. Border Gateway Protocol FrOSCon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 36
  2. 2. Agenda 1. Who's who 2. Theory 1. ASes 3. BGP Theory 1. Paths & Attributes 2. Best path decision 3. Routingtables and their interaction 4. external vs. internal BGP 1. Route Reflection 5. BGP on Linux 6. BGP on Cisco IOS 7. Outlook 1. Add Path Capabilites 2. MP-BGP 2 / 36
  3. 3. Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 36
  4. 4. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 36
  5. 5. Who's who Theory Theory 5 / 36
  6. 6. Who's who Theory Single-homed to one ISP Local network 192.168.178.0/24 One default router Only one path Home Scale Internet 6 / 36
  7. 7. Who's who Theory Enterprise / Service Provider Scale Networking AS13020 AS39225 Core Distribution Border Internet br-01 cr-E cr-A cr-D cr-B cr-C Already present dr-01 Access sw-01 ap-04 ap-03ap-02ap-01 AS201701 bb-a.fra bb-b.fra AS41981 SDN.clinic dr-02 7 / 36
  8. 8. Who's who Theory Interior vs. Exterior Gateway Protocols Exterior Gateway Protocols Exchange routing information between ASes / with untrusted peers De-facto standard protocol: BGP Interior Gateway Protocols Exchance routing information inside AS De-facto standard protocols: OSPF IS-IS iBGP 8 / 36
  9. 9. Who's who Theory Distance Vector Routers always send their complete routing table with increased metrics Metrics are counted to infinity where infinity = 15 Example: Routing Information Protocol (RIP) 9 / 36
  10. 10. Who's who Theory Path Vector Not only a next-hop but also a path to target Multiple attributes per route Multiple routes with different paths to a single destination possible Enables equal cost multi path (ECMP) Only next-hop attributes are modified 10 / 36
  11. 11. Who's who Theory BGP Border Gateway Protocol 11 / 36
  12. 12. Who's who Theory BGP Three Napkin Protocol Led to RFC "BGP-1" #1105 (1989/06) 12 / 36
  13. 13. Who's who Theory BGP History and BGP today Four iterations of main BGP protocol RFC1105 (1989/06): BGP-1 RFC1163 (1990/06): BGP-2 RFC1267 (1991/10): BGP-3 RFC1771 (1995/03): BGP-4 superseded by RFC4271 (2006/01) Lots of additions (best of) RFC2918 (2000/09): Route Refresh Capability for BGP-4 RFC4456 (2006/04): BGP-RR RFC4760 (2007/01): MP-BGP RFC6793 (2012/12): 32bit ASNs RFC7911 (2016/07): BGP AddPath RFC7999 (2016/10): BGP Blackhole Community Holds the Internet together Implemented in all major routing suites and vendors Interoperable 13 / 36
  14. 14. Who's who Theory BGP BGP at a glance Neighbors have to be configured explicitly TCP connection on port 179 Neighbors exchange Network Layer Reachability Information (NLRI) Router selects best route(s) Selected routes are installed in Local-RIB / FIB 14 / 36
  15. 15. Who's who Theory BGP What's this routing table mess about? Local RIB AdjRIBOut AdjRIBIn FIB OSPFStatic Import Filter Export Filter AdjRIBOut AdjRIBIn PeerPeer Import Filter BGP Process 1 Export Filter BGP Process 2 Local Routing Information Base (RIB) or Loc-RIB Forwarding Informatio Base (FIB) Adjacency RIB In (AdjRIBIn) Adjecency RIB Out (AdjRIBOut) 15 / 36
  16. 16. Who's who Theory BGP Statemachine Established OpenConfirmOpenSent ActiveConnect Idle Quelle: Wikimedia Commons 16 / 36
  17. 17. Who's who Theory BGP BGP Path List of all Autonomous Systems (ASes) a route has gone trough Used to prevent routing loops Shorter is better Our network as seen at DE-CIX: Path: 201701 39225 13020 Translation: FFRL, SDN-CLINIC-LAB, CCCV-AS May be prepended for traffic engineering purposes: Path: 50629 201701 201701 201701 201701 39225 13020 Translation: LWLcom, (3x prepend) FFRL, SDN-CLINIC-LAB, CCCV-AS 17 / 36
  18. 18. Who's who Theory BGP Path Attributes Each prefix* carries a set of attributes: Next-Hop Local Preference AS Path Origin Multi Exit Discriminator (MED, optional) Communities (optional) Large Communities (optional) Attributes can be: Transitive or non-transitive Will be forwarded to the next BGP-speaker - or not Mandatory or optional * or set thereof 18 / 36
  19. 19. Who's who Theory BGP BGP Next-Hop A route has to point somewhere IP address of the next router on a path Can be adjacent router Can be a router somewhere else Look up route to remote router in local routing table Will probably be resolved via IGP (e.g. OSPF) Is the next hop not present in the local routing table the route cannot be used Will be installed with an unreachable next hop in RIB 19 / 36
  20. 20. Who's who Theory BGP BGP Local Preference 32bit unsigned int Default value: 100 Meaningful within one AS Higher is better Real world usage: Rank prefixes of customers, peers, transits, ... Direct/prioritize where our traffic is sent Example values from Freifunk Rheinland e.V AS201701 Backbone: Local Pref Prefix type 5 Remote Transits 500 Transits 1.000 Peerings 10.000 Downstreams 20 / 36
  21. 21. Who's who Theory BGP BGP Multi Exit Discriminator 32bit unsigned int Default value: 0 Meaningful between two adjacent ASes non-transitive Lower is better Real world usage: Direct multi-homed peer where to ingest traffic to us Some ASes ignore/overwrite MED values Talk to peer 21 / 36
  22. 22. Who's who Theory BGP BGP Communities Numerical route attributes / labels Meaningful only to local AS specifications Classical Communities (RFC1997, Aug. 1996): 32bit unsigned int 16bit ASN, 16bit value Default value: non set Canonical representation: <ASN>:<value> Well-Known communities NO_EXPORT NO_ADVERTISE BLACKHOLE (RFC7999, Oct. 2016) 22 / 36
  23. 23. Who's who Theory BGP BGP Large Communities 16bit ASN part to small for 32bit ASNs Large Communities (RFC8092, Feb. 2017): 96bit unsigned int 32bit ASN 32bit Local-Data1 32bit Local-Data2 Canonical Representation: <ASN>:<Local Data 1>:<Local Data 2> 23 / 36
  24. 24. Who's who Theory BGP BGP Route Decision (eBGP) 1. Is the Next Hop reachable? 2. Higher Local Preference 3. Shorter AS_PATH 4. Smaller ORIGIN 5. Smaller MED, if multiple prefixes with same next AS 6. Smaller Router ID 7. Smaller Neighbor IP address See RFC4271, Section 9.1.2 for more details 24 / 36
  25. 25. Who's who Theory BGP external vs. internal BGP External BGP (eBGP): Routers in two different ASes Session established between IP addresses on transfer network Internal BGP (iBGP): Routers within the same AS Sessions usually established between router's loopback addresses Requires working IGP (e.g. OSPF) Session will stay up as long as on path within the network exists No path attributes altered in iBGP Routes received via iBGP MUST NOT be sent to an iBGP neighbor iBGP full mesh required 25 / 36
  26. 26. Who's who Theory BGP BGP Route Decision (complete) 1. Is the Next Hop reachable? 2. Higher Local Preference 3. Shorter AS_PATH 4. Smaller ORIGIN 5. Smaller MED, if multiple prefixes with same next AS 6. eBGP > iBGP 7. Smaller IGP cost 8. Smaller Router ID 9. Smaller Neighbor IP address See RFC4271, Section 9.1.2 for more details 26 / 36
  27. 27. Who's who Theory BGP Rule: Every router within an AS has to have an iBGP session to every other router. O(n�) scale. D'oh. Management & memory headache But there's help: Route Reflection! AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 iBGP Full Mesh 27 / 36
  28. 28. Who's who Theory BGP RFC4456 (Apr. 2006) BGP extension to work around full mesh requirement Cluster ID prevents routing loops Think "internal Path" Route Reflector advertises iBGP routes to iBGP peers Special configuration only on RR AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 iBGP Route Re ection 28 / 36
  29. 29. Who's who Theory BGP Obvious SPoF can be alleviated by redundant RRs AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 Redundant iBGP Route Re ection 29 / 36
  30. 30. Who's who Theory BGP Linux BGP on Linux 30 / 36
  31. 31. Who's who Theory BGP Linux BGP on Linux / Bird We'll use Bird Internet Routing Daemon again Base configuration already present from OSPF setup Router ID protocol device protocol kernel 31 / 36
  32. 32. Who's who Theory BGP Linux Bird BGP con guration example # # Basic example BGP peer configuration # protocol bgp <name> { # Which prefixes to accept from peer import <...>; # Which prefixes to send to peer export <...>; # Our ASN local as <our ASN>; # Neighbor to connect to neighbor <peer IP> as <peer ASN>; } 32 / 36
  33. 33. Who's who Theory BGP Linux BGP peer con guration br-01 -> dr01 # IPv4 br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/as13020.conf protocol bgp as13020 { # Only import Chaos prefix and send default route import where net = 94.45.224.0/19; export where net = 0.0.0.0/0; local as 39225; neighbor 194.107.207.29 as 13020; } # The same with IPv6 br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird6.d/as13020.conf protocol bgp as13020 { # Only import Chaos prefix and send default route import where net = 2001:67c:20a1::/48; export where net = ::/0; local as 39225; neighbor 2a07:ed07:fc13:fe03::2 as 13020; } 33 / 36
  34. 34. Who's who Theory BGP Linux BGP peer con guration Route Re ection (cr-E) # IPv4 cr-E.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/ibgp.conf template bgp ibgp { import all; export all; # Use loopback IP as source address for BGP session source address 194.107.207.5; local as 39225; # The peer is a RR client rr client; } protocol bgp br_01 from ibgp { # Use neighbors loopback IP to connect to neighbor 194.107.207.0 as 39225; } protocol bgp cr_A from ibgp { neighbor 194.107.207.1 as 39225; } ... 34 / 36
  35. 35. Who's who Theory BGP Linux Links Further Reading RFC4271: A Border Gateway Protocol 4 (BGP-4) - Rekhter, Li, Hares, 2006 BGP - Building Reliable Networks with the Border Gateway Protocol - I. van Beijnum, 2002 BGP Design and Implementation - Randy Zhang & Micah Bartell, 2003 Routing TCP/IP Volume II - Jeff Doyle & Jennifer DeHaven Carroll, 2016 35 / 36
  36. 36. Who's who Theory BGP Linux Links Questions? Questions? 36 / 36

×