6. 6
Multiple Paths!
Eek
192.168.0.0/24
Network A Network B
192.168.1.1192.168.0.1
Network C
192.168.2.1
192.168.1.0/24 192.168.2.0/24
192.168.4.0/24
Network E
192.168.4.1
Destination Gateway
192.168.0.0/24 192.168.0.1
192.168.1.0/24 ????
192.168.2.0/24 ????
192.168.3.0/24 192.168.3.1
192.168.3.0/24
Network D
192.168.3.1
Destination Gateway
192.168.4.0/24 192.168.4.1
192.168.1.0/24 192.168.1.1
192.168.2.0/24 ????
192.168.3.0/24 ????
7. 7
Many, Multiple Paths
How do we get there?
• How do we figure out all these routes?
• How can we further simplify route discovery?
• How do we handle multiple paths to the same network?
9. 9
Route discovery
Routing Protocols
• Distance Vector Protocols
• Track hop count
• Sends its neighbor copies of its routes
• Ex: RIP, RIP2
• Link State Protocols
• Stitches a complete picture of its topology
• Knows what node is connected to what other node
• Each node independently calculates a best path to another
• Ex: OSPF
• Internal Routing Protocols
10. 10
Route discovery
Routing Protocols
• Path Vector Protocol – BGP
• Understands that there are multiple paths to
a destination
• Think “GPS maps”
• What’s the best path to get to where I want
to go?
• Considers nodes as autonomous systems to
determine path
11. 11
What is BGP
“Border Gateway Protocol is a standardized exterior gateway protocol designed
to exchange routing and reachability information among autonomous systems on
the Internet”
12. 12
What is an AS(N)
“An autonomous system (AS) is a network or a collection of networks that are all
managed and supervised by a single entity or organization.”
• Internet: Network of networks
• These networks are numbered, e.g. 64514 (16bit)
• BGP manipulates its route or determines its path by tracking ASN’s
13. 13
BGP
Multiple paths
192.168.0.0/24
Network A Network B
192.168.1.1192.168.0.1
Network C
192.168.2.1
192.168.1.0/24 192.168.2.0/24
192.168.4.0/24
Network E
192.168.4.1
192.168.3.0/24
Network D
192.168.3.1
A A, B A, B, C
A, B, C, D
A, E
A, E, D
1 Mbps
100 Mbps
100 Mbps
100 Mbps
100 Mbps
14. 14
AS_PATH prepending
Manipulating Paths
• Several methods by which paths can be weighted or manipulated
• AS_Path prepending
• Artificially increase route cost
• Shared with neighbors
• Add additional AS paths to create the illusion of a less desirable route
• Propagated to neighbors
15. 15
BGP
Path manipulation
192.168.0.0/24
Network A Network B
192.168.1.1192.168.0.1
Network C
192.168.2.1
192.168.1.0/24 192.168.2.0/24
192.168.4.0/24
Network E
192.168.4.1
192.168.3.0/24
Network D
192.168.3.1
A A, B A, B, C
A, B, C, D
A, E
A, E, D
1 Mbps
100 Mbps
100 Mbps
100 Mbps
100 Mbps
A, E, E, E
A, E, E, E, D
16. 16
Overarching inbound and outbound traffic
BGP Path Decision Process
Weight
(highest)
LOCAL_PREF
Locally
generated route
(aggregated)
Shortest
AS_PATH
Lowest ORIGINLowest MED
eBGP over
iBGP
Closest IGP
neighbor
Oldest eBGP
route
Lowest
neighbor BGP
Lowest
neighbor IP
address
18. 18
Public virtual
interface vs Private
virtual interface for
AWS Direct
Connect
Public Virtual Interface
• Connect to AWS public
endpoints such as S3 or EC2
• Connect to all AWS public IP
spaces globally.
• Access Amazon services in any
region
Private Virtual Interface
• Private services such as VPC
• Connect on your private IP
addresses or endpoint.
19. 19
Controlling
routes
advertised and
received to
specific scope
• Control routes over AWS public
virtual interface with Direct
Connect.
• DC supports a range of BGP
community tags
• Control scope to regional,
continent or global
• Use combination of community
tags to control routes over public
VIF
20. 20
Public VIF—Global Public Access
AWS Direct Connect applies the following BGP
communities to its advertised routes:
• 7224:8100 Routes that originate from the same
AWS Region in which the AWS Direct Connect
point of presence is associated
• 7224:8200 Routes that originate from the same
continent with which the AWS Direct Connect
point of presence is associated
• No tag Global (all public AWS Regions)
24. 24
Public VIF—
Global Public
Access You can use the following BGP communities
for your prefixes:
• 7224:9100 Local AWS Region
• 7224:9200 All AWS regions for a continent (for
example, North America–wide)
• 7224:9300 Global (all public AWS Regions)
25. 25
Private VIF – Egress local-pref
• 7224:7100 Low Preference
• 7224:7200 Medium Preference
• 7224:7300 High Preference
27. 27
Active / Passive
Direct Connect
• Two routers to terminate primary
and secondary DX connections
• Private virtual interface on each
DX routers terminate to same
VPC
• HA routing protocols on two
routers – allow local servers to
use multiple routers that act as a
single virtual router.
• Active/Passive or Failover – AS
path prepend
29. 29
Active / Active
Direct Connect
• DX connections to separate DX
routers in two locations from two
independently configured
customer devices.
• VGW will prefer to send to
10.0.0.0/16 traffic to Data
Center 1
• VGW will prefer to send
10.1.0.0/16 to Data Center 2
• Only reroute traffic if
connectivity is down.
Big topic: not CCNA CCIP, or CCIE, not comprehensive
In Part 1, Network Fundamentals, we discussed IP’s and subnetting
In Part 2, Transit Gateway, we discussed routing and how networks talk to each other
You might remember this nugget
Pl-id = logical representation of IP’s for server (S3)
To use the GPS analogy, the nodes are considered autonomous systems
Pl-id = logical representation of IP’s for server (S3)
Notice routers, moving them to the edge
Let’s look at the world from Network A’s perspective
A wants to talk to D
Up to now Route Discovery and Management
Next Zubin: practical examples and WHAT we propagate
https://aws.amazon.com/premiumsupport/knowledge-center/control-routes-direct-connect/
Direct Connect supports a range of Border Gateway Protocol (BGP) community tags to help control the scope of routes advertised and received over a public VIF. And the scope options being regional, continent, or global.
AWS has something called Scope BGP communities to allow you to achieve the scope. A community is piece of metadata attached to a route when its being advertised. Show an example of this in the following slides.
You can use any combination of the community tags to control the routes advertised and received over an AWS public VIF.
There is also something called Local Preference BGP Communities which you can use to achieve load balancing and route preference for incoming traffic to your network on a private virtual interface.
These tags are set by the AWS, and are not managed by you. They are attached on routes AWS advertises to you over the public vif.
This is so you can filter based on geographies.
-- Review PowerPoint
So for example If you connect to AWS North America and only use north America based resources you have the ability to filter routes that you learn from direct connect with the 7224:8200 route.
Based on the filter you can accept or deny these routes into your route table. So for example accept all routes that are tagged with 7224:8200.
52.218.48.0/24 (CIDR used for S3) is in Dublin
So this gives you the community tag of 8100 and 8200 since it is in the same region and contintent
52.219.73.0/24 (CIDR used for S3) is in Frankfurt
So this gives you the community tag of 8200 since Frankfurt it is in the same region and contintent
52.95.147.0/24 (CIDR used for S3) is in Canada
So this gives you the community tag of no-export, or no tag since you are outside the region or continent and at a global level.
These are AWS route scoping tags that are applied by you and sent to AWS. These are how far customer accouncements propagate within aws.
-- powerpoint
For example: if you attach 7224:9100 to the routes you advertise AWS contain that announcement and only use it within that region.
No community tags attached from AWS towards the customer gateway or you.
These are attached to routes being sent by you to AWS.
The route with the highest preference is preferred, if all paths are equal including this local preference then the shortest AS_path will be chosen.
However, if you applied the High Preference to the longer AS_Path then you can engineer the traffic to the longer path without adding more specific routes.
https://aws.amazon.com/premiumsupport/knowledge-center/active-passive-direct-connect/
Active Passive or failover, One connection is handling traffic and other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection.
https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/
Avoids a single point of device failure
This maintains connectivity even if the primary router fails. The secondary router will take over and become active. It can run an internal routing protocol such as iBGP (explain iBGP) which will learn routes from DX EBGP (explain) and distribute prefixes to internal iBGP gateways.
To achieve Active/Passive or Failover you will need to AS path prepend the routes on one of your links for it to be the passive link.
This related to the The BGP Best Path Algorithm which decides how the best path to an autonomous system is selected. Common value is the AS Path length. When two or more routes exist to reach a particular prefix the default in BGP is to prefer the route with the shortest AS Path.
The secondary router will advertise a longer AS path so traffic from VPC to network will
https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/
Active / Active or BGP multipath is the default configuration where both connections are active. AWS DX supports multipathing to multiple virtual interfaces within the same location. Traffic is load shared between interfaces based on flow. If one connection becomes unavailable, all traffic is routed through the other connection.
https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/
More specific routes: With this approach, both Customer Device 1 and Customer Device 2 advertise a summary route of 10.0.0.0/15. In addition, Customer Device 1 advertises 10.0.0.0/16 and Customer Device 2 advertises 10.1.0.0/16. AWS will use the more specific routes to send traffic to the appropriate data center, and will fail back to the other data center following the summarized route if the more specific route becomes temporarily unavailable.
AS-path prepending: With this approach, both Customer Device 1 and Customer Device 2 advertise 10.0.0.0/16 and 10.1.0.0/16. However, Customer Device 1 uses AS-path prepending when advertising the 10.1.0.0/16 network to make this route less preferred. Likewise, Customer Device 2 uses AS-path prepending when advertising the 10.0.0.0/16 network to make this route less preferred. AWS will use the preferred routes to send traffic to the appropriate data center, and will fail back to the other data center following the less preferred routes when necessary.
If your organization already leverages AS-path prepending for influencing route preferences, then the latter approach will likely align more closely with your existing routing policies. Otherwise, the approach using more specific routes is a great place to start.