Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

  • Be the first to comment


  1. 1. Implement an eBGP based solution, given anetwork design and a set of requirements Determine network resources needed for implementingeBGP on a network Create an eBGP implementation plan Create an eBGP verification plan Configure eBGP routing Verify eBGP solution was implemented properly usingshow and debug commands Document results of eBGP implementation andverification plan 1
  2. 2. Border Gateway Protocol Used to exchange routes/prefix between different autonomous systems (AS) Use TCP port 179 Require IGP, network can’t route with only BGP Only one process per router Need neighbors but doesn’t run on interfaces Neighbors doesn’t need to be directly connected iBGP: In the same AS (AD 200) eBGP: In different AS (AD 20) Hello 60 seconds / Dead 180 secondsBGP Autonomous System Set of routers under a unique technical administration AS range: Public: 1 – 64511 Private: 64512 – 65535BGP Loop Prevention 2
  3. 3. Design of BGP, when to use it? Connection with multiple AS Implement complex routing When you are a transit ASMultihoming Connection to two different ISP’s via BGP Verify that your networks are correctly advertised Be careful not to become a transit AS Filter networks not originated from your ASDesign of BGP, what routes should i receive? Only a default route Some routes plus a default Full routes (more than 200.000)Impact Memory CPU Route selection 3
  4. 4. BGP Messages OPEN KEEPALIVE UPDATE NOTIFICACIONBGP Tables Neighbor table BGP table IP routing tableBGP Neighbor States IDLE: Looking for neighbors CONNECT: TCP session complete ACTIVE: Trying to establishing a neighborship OPEN SENT: BGP open message has been sent OPEN CONFIRM: Response of an open message ESTABLISHED: Neighbor is up, routes exchange start 4
  5. 5. Network Topology Configuring NeighborsR4(config)#router eigrp 100R4(config-router)#no auto-summaryR4(config-router)#network fa0/0R4(config)#router bgp 100R4(config-router)#neighbor remote-as 100R4(config-router)#neighbor remote-as 200R4(config-router)#network mask mask mask ip bgp neighbors advertised-routesR6#show ip bgp summaryR6#show ip bgpR6#debup ip packet detail 5
  6. 6. Loop Prevention iBGP learned routes can’t be advertised to another iBGP neighbor iBGP full mesh peerings Route Reflectors ConfederationsFull MeshRoute Reflectors Like the DR of OSPF No (n-1)/2 peering needed If route come from eBGP Advertise to eBGP, route-reflector-client, non-client If route come from route-reflector-client Advertise to eBGP, route-reflector-client, non-client If route come from non-client Advertise to eBGP, route-reflector-client 6
  7. 7. Route Reflectors RRR1(config)#router bgp 100R1(config-router)#neighbor route-reflector-clientR1(config-router)#neighbor route-reflector-clientR1#sh ip bgp neighbors Confederations Sub AS’s Usually Private AS’s Within a sub AS, route reflector can be usedR1(config)#no router bgp 100R1(config)#router bgp 65001R1(config-router)#bgp confederation id 100R1(config-router)#bgp confederation peers 65004 65035R1(config-router)#neighbor remote-as 65004R1(config-router)#neighbor remote-as 65035 7
  8. 8. Next Hop Processing eBGP change the next hop iBGP doesn’t change the next hop How to change the next hop: Static route Running a IGP Option ‘next-hop-self’ Via route-map Option ‘next-hop-self’R4(config)#router bgp 100R4(config-router)#neighbor next-hop-self Via Route MapR4(config)#route-map NEXTHOP permit 10R4(config-route-map)#set ip next-hop route-map NEXTHOP out 8
  9. 9. Redistribution When you redistribute an IGP to BGP, BGP can propagate to another AS. Routing loops may occur because external IGP routes may be originated in another AS When redistributing from BGP to an IGP it could cause high CPU and memory usage, there are more than 200.000 routes in the internet Well see an example on ‘synchronization rule’ Update Source and Multihop By default the TCP packet is sent via the closest interface In some occasions it’s a good idea that the TCP packets are originated from another interface. eBGP must be directly connected, if not, use multihopR4(config)#neighbor remote-as 200R4(config)#neighbor ebgp-multihop 255R4(config)#neighbor update-source Loopback0R4(config)#ip route 9
  10. 10. Peer Groups Easier administration In occasions a more efficient way to configure BGP Lot of neighbors with the same configuration Locally significantR3(config)#router bgp 100R3(config-router)#neighbor GROUP peer-groupR3(config-router)#neighbor GROUP remote-as 100R3(config-router)#neighbor GROUP route-reflector-clientR3(config-router)#neighbor peer-group GROUP Summarization Used in AS border Advertise a single route CPU Memory Cisco way says that is better to aggregate than redistribute static routes connected to nullR4(config)#ip route null 0R4(config)#router bgp 100R4(config-router)#network mask aggregate-address aggregate-address summary-only 10
  11. 11. Authentication Only MD5 is supported Very little ISP’s wants to run authentication with its clientsR4(config)#router bgp 100R4(config-router)#neighbor password cisco Filter Access list Prefix list Route maps Access ListsSend only summary route to R6R4(config)#access-list 10 permit bgp 100R4(config-router)#neighbor distribute-list 10 out Prefix ListsSend only summary route to R6R4(config)#ip prefix-list SUMMARY permit bgp 100R4(config-router)#neighbor prefix-list SUMMARY out 11
  12. 12. Route MapsDeny only summary route to R6 and permit all other routesR4(config)#ip prefix-list SUMMARY permit FILTER deny 10R4(config-route-map)#match ip address prefix-list SUMMARYR4(config)#route-map FILTER permit 20R4(config-router)#neighbor route-map FILTER out What are BGP Attributes The BGP metric is not simple Attributes are ways that you can ‘tag’ incoming or outgoing BGP routes Some attributes are WELL KNOWN (everyone supports) while others are OPTIONAL Some attributes are MANDATORY (must be in the update) while others are DISCRETIONARY Some attributes are TRANSITIVE (travel from router to router) while others are NON-TRANSITIVE 12
  13. 13. ‘WELL KNOW’ Attributes Autonomous system path AS_PATH (Mandatory) Next-hop-address (Mandatory) Origin (Mandatory) Local Preference (Discretionary) Atomic Aggregate (Discretionary)‘OPTIONAL’ Attributes Aggregator (Transitive) Multi-exit Discriminator (Non-Transitive)BGP Path Selection 13
  14. 14. BGP Path Selection Influence BGP Path Select ion: Weight Influence the OUTBOUND traffic Apply INBOUND Local to the router Default value 0R4(config)#router bgp 100R4(config-router)#neighbor weight 200R4(config)#ip prefix-list LOOBACK2 permit WEIGHT permit 10R4(config-route-map)#match ip address prefix-list LOOBACK2R4(config-route-map)#set weight 200R4(config)#route-map WEIGHT permit 100R4(config)#router bgp 100R4(config-router)#neighbor route-map WEIGHT in 14
  15. 15. Influence BGP Path Select ion: Local Preference Influence the OUTBOUND traffic Apply INBOUND Local to AS Default value 100R4(config)#router bgp 100R4(config-router)#bgp default local-preference 150R4(config)#ip prefix-list LOOPBACK2 permit LOCAL_PREFERENCE permit 10R4(config-route-map)#match ip address prefix-list LOOPBACK2R4(config-route-map)#set local-preference 150R4(config)#route-map LOCAL_PREFERENCE permit 100R4(config)#router bgp 100R4(config-router)#neighbor route-map LOCAL_PREFERENCE in Influence BGP Path Select ion: AS Path Influence the INBOUND traffic Apply OUTBOUND Shortest is betterR4(config)#ip prefix-list LOOPBACK4 permit AS_PATH permit 10R4(config-route-map)#match ip address prefix-list LOOPBACK4R4(config-route-map)#set as-path prepend 100 100 100 100R4(config)#route-map AS_PATH permit 100R4(config)#router bgp 100R4(config-router)#neighbor route-map AS_PATH out 15
  16. 16. Influence BGP Path Select ion: MED Influence the INBOUND traffic Apply OUTBOUND Only compare MED if prefix is advertised from two sources from the same AS, if not: (config-router)#bgp always-compare-medR3(config)#ip prefix-list LOOPBACK3 permit MED permit 10R3(config-route-map)#match ip address prefix-list LOOPBACK3R3(config-route-map)#set metric 2300418R3(config)#route-map MED permit 100R3(config)#router bgp 100R3(config-router)#neighbor route-map MED outR3(config-router)#default-metric x Synchronizat ion Rule Prevents traffic to be black holed Reduces traffic that will be drop / Ensure consistency Turn off when Redistribute BGP into IGP BGP is running in all routers of the AS ‘Routes learned via BGP must be validated by the interior routing table before they can be advertised to remote peers’ 16
  17. 17. Synchronizat ion RuleR3(config)#router bgp 100R3(config-router)#synchronizationR4(config)#router bgp 100R4(config-router)#synchronizationHow to fix it1. BGP running in all routers of the ASor1. Turn off synchronization on R3 and R4 and:R4(config-router)#router eigrp 100R4(config-router)#redistribute bgp 100 metric 1 1 1 1 1 Communities To tag routes in the BGP topology Consistent filtering in the AS domain se n d t ag r ou t esR5(config)#route-map COMMUNITY permit 10R5(config-route-map)#set community 123456 local-ASR5(config)#router eigrp 100R5(config-router)#no network bgp 100R5(config-router)#network mask route-map COMMUNITY outR5(config-router)#neighbor send-community 17
  18. 18. Verifying and Troubleshooting BGP ACL blocking TCP 179 eBGP not directly connected, use multihop AS mismatch TroubleshootingR1#show ip bgpR1#show ip bgp summaryR1#show ip neighborsR1#clear ip bgp *R1#clear ip bgp * inR1#clear ip bgp * outR1#debug ip bgp BGP Design Peer ReviewImplementation Plan Detail (configuration and notes) Based on the network topology, configuration of peers, route reflectors, filters BGP Implementation Peer ReviewQuestion that can be Asked Why route reflectors and no confederations?Possible Answers There is only one route reflector in the network, the solution is simple 18