SlideShare a Scribd company logo
Border Gateway Protocol
FrOSCon 13 Network Track
Falk Stern, Maximilian Wilhelm
1 / 36
Agenda
1. Who's who
2. Theory
1. ASes
3. BGP Theory
1. Paths & Attributes
2. Best path decision
3. Routingtables and their interaction
4. external vs. internal BGP
1. Route Reflection
5. BGP on Linux
6. BGP on Cisco IOS
7. Outlook
1. Add Path Capabilites
2. MP-BGP
2 / 36
Who's who Falk Stern
Full Stack Infrastructure Engineer
IPv6 fanboy
Runs his own Kubernetes cluster in his basement
Consultant @ Profi Engineering Systems AG
Contact
@wrf42
falk@fourecks.de
3 / 36
Who's who Maximilian Wilhelm
Networker
OpenSource Hacker
Fanboy of
(Debian) Linux
ifupdown2
Occupation:
By day: Senior Infrastructure Architect, Uni Paderborn
By night: Infrastructure Archmage, Freifunk Hochstift
In between: Freelance Solution Architect for hire
Contact
@BarbarossaTM
max@sdn.clinic
4 / 36
Who's who
Theory
Theory
5 / 36
Who's who
Theory
Single-homed to one ISP
Local network 192.168.178.0/24
One default router
Only one path
Home Scale Internet
6 / 36
Who's who
Theory
Enterprise / Service Provider Scale Networking
AS13020
AS39225
Core
Distribution
Border
Internet
br-01 cr-E cr-A
cr-D
cr-B
cr-C
Already
present
dr-01
Access
sw-01 ap-04
ap-03ap-02ap-01
AS201701
bb-a.fra
bb-b.fra
AS41981
SDN.clinic
dr-02
7 / 36
Who's who
Theory
Interior vs. Exterior Gateway Protocols
Exterior Gateway Protocols
Exchange routing information between ASes / with untrusted peers
De-facto standard protocol: BGP
Interior Gateway Protocols
Exchance routing information inside AS
De-facto standard protocols:
OSPF
IS-IS
iBGP
8 / 36
Who's who
Theory
Distance Vector
Routers always send their complete routing table with increased metrics
Metrics are counted to infinity where infinity = 15
Example: Routing Information Protocol (RIP)
9 / 36
Who's who
Theory
Path Vector
Not only a next-hop but also a path to target
Multiple attributes per route
Multiple routes with different paths to a single destination possible
Enables equal cost multi path (ECMP)
Only next-hop attributes are modified
10 / 36
Who's who
Theory
BGP
Border Gateway Protocol
11 / 36
Who's who
Theory
BGP
Three Napkin Protocol
Led to RFC "BGP-1" #1105 (1989/06)
12 / 36
Who's who
Theory
BGP
History and BGP today
Four iterations of main BGP protocol
RFC1105 (1989/06): BGP-1
RFC1163 (1990/06): BGP-2
RFC1267 (1991/10): BGP-3
RFC1771 (1995/03): BGP-4 superseded by RFC4271 (2006/01)
Lots of additions (best of)
RFC2918 (2000/09): Route Refresh Capability for BGP-4
RFC4456 (2006/04): BGP-RR
RFC4760 (2007/01): MP-BGP
RFC6793 (2012/12): 32bit ASNs
RFC7911 (2016/07): BGP AddPath
RFC7999 (2016/10): BGP Blackhole Community
Holds the Internet together
Implemented in all major routing suites and vendors
Interoperable
13 / 36
Who's who
Theory
BGP
BGP at a glance
Neighbors have to be configured explicitly
TCP connection on port 179
Neighbors exchange Network Layer Reachability Information (NLRI)
Router selects best route(s)
Selected routes are installed in Local-RIB / FIB
14 / 36
Who's who
Theory
BGP
What's this routing table mess about?
Local RIB
AdjRIBOut
AdjRIBIn
FIB
OSPFStatic
Import
Filter
Export
Filter
AdjRIBOut
AdjRIBIn
PeerPeer
Import
Filter
BGP Process 1
Export
Filter
BGP Process 2
Local Routing Information Base (RIB) or Loc-RIB
Forwarding Informatio Base (FIB)
Adjacency RIB In (AdjRIBIn)
Adjecency RIB Out (AdjRIBOut)
15 / 36
Who's who
Theory
BGP
Statemachine
Established
OpenConfirmOpenSent
ActiveConnect
Idle
Quelle: Wikimedia Commons
16 / 36
Who's who
Theory
BGP
BGP Path
List of all Autonomous Systems (ASes) a route has gone trough
Used to prevent routing loops
Shorter is better
Our network as seen at DE-CIX:
Path: 201701 39225 13020
Translation: FFRL, SDN-CLINIC-LAB, CCCV-AS
May be prepended for traffic engineering purposes:
Path: 50629 201701 201701 201701 201701 39225 13020
Translation: LWLcom, (3x prepend) FFRL, SDN-CLINIC-LAB, CCCV-AS
17 / 36
Who's who
Theory
BGP
Path Attributes
Each prefix* carries a set of attributes:
Next-Hop
Local Preference
AS Path
Origin
Multi Exit Discriminator (MED, optional)
Communities (optional)
Large Communities (optional)
Attributes can be:
Transitive or non-transitive
Will be forwarded to the next BGP-speaker - or not
Mandatory or optional
* or set thereof 18 / 36
Who's who
Theory
BGP
BGP Next-Hop
A route has to point somewhere
IP address of the next router on a path
Can be adjacent router
Can be a router somewhere else
Look up route to remote router in local routing table
Will probably be resolved via IGP (e.g. OSPF)
Is the next hop not present in the local routing table the route cannot be used
Will be installed with an unreachable next hop in RIB
19 / 36
Who's who
Theory
BGP
BGP Local Preference
32bit unsigned int
Default value: 100
Meaningful within one AS
Higher is better
Real world usage: Rank prefixes of customers, peers, transits, ...
Direct/prioritize where our traffic is sent
Example values from Freifunk Rheinland e.V AS201701 Backbone:
Local Pref Prefix type
5 Remote Transits
500 Transits
1.000 Peerings
10.000 Downstreams
20 / 36
Who's who
Theory
BGP
BGP Multi Exit Discriminator
32bit unsigned int
Default value: 0
Meaningful between two adjacent ASes
non-transitive
Lower is better
Real world usage: Direct multi-homed peer where to ingest traffic to us
Some ASes ignore/overwrite MED values
Talk to peer
21 / 36
Who's who
Theory
BGP
BGP Communities
Numerical route attributes / labels
Meaningful only to local AS specifications
Classical Communities (RFC1997, Aug. 1996):
32bit unsigned int
16bit ASN, 16bit value
Default value: non set
Canonical representation: <ASN>:<value>
Well-Known communities
NO_EXPORT
NO_ADVERTISE
BLACKHOLE (RFC7999, Oct. 2016)
22 / 36
Who's who
Theory
BGP
BGP Large Communities
16bit ASN part to small for 32bit ASNs
Large Communities (RFC8092, Feb. 2017):
96bit unsigned int
32bit ASN
32bit Local-Data1
32bit Local-Data2
Canonical Representation: <ASN>:<Local Data 1>:<Local Data 2>
23 / 36
Who's who
Theory
BGP
BGP Route Decision (eBGP)
1. Is the Next Hop reachable?
2. Higher Local Preference
3. Shorter AS_PATH
4. Smaller ORIGIN
5. Smaller MED, if multiple prefixes with same next AS
6. Smaller Router ID
7. Smaller Neighbor IP address
See RFC4271, Section 9.1.2 for more details
24 / 36
Who's who
Theory
BGP
external vs. internal BGP
External BGP (eBGP):
Routers in two different ASes
Session established between IP addresses on transfer network
Internal BGP (iBGP):
Routers within the same AS
Sessions usually established between router's loopback addresses
Requires working IGP (e.g. OSPF)
Session will stay up as long as on path within the network exists
No path attributes altered in iBGP
Routes received via iBGP MUST NOT be sent to an iBGP neighbor
iBGP full mesh required
25 / 36
Who's who
Theory
BGP
BGP Route Decision (complete)
1. Is the Next Hop reachable?
2. Higher Local Preference
3. Shorter AS_PATH
4. Smaller ORIGIN
5. Smaller MED, if multiple prefixes with same next AS
6. eBGP > iBGP
7. Smaller IGP cost
8. Smaller Router ID
9. Smaller Neighbor IP address
See RFC4271, Section 9.1.2 for more details
26 / 36
Who's who
Theory
BGP
Rule: Every router within an AS has to
have an iBGP session to every other
router.
O(n²) scale. D'oh.
Management & memory headache
But there's help:
Route Reflection!
AS39225
Core
Border
br-01
cr-D
cr-B
cr-C
cr-Acr-E
dr-02
iBGP Full Mesh
27 / 36
Who's who
Theory
BGP
RFC4456 (Apr. 2006)
BGP extension to work around full
mesh requirement
Cluster ID prevents routing loops
Think "internal Path"
Route Reflector advertises iBGP
routes to iBGP peers
Special configuration only on RR
AS39225
Core
Border
br-01
cr-D
cr-B
cr-C
cr-Acr-E
dr-02
iBGP Route Re ection
28 / 36
Who's who
Theory
BGP
Obvious SPoF can be alleviated by
redundant RRs
AS39225
Core
Border
br-01
cr-D
cr-B
cr-C
cr-Acr-E
dr-02
Redundant iBGP Route Re ection
29 / 36
Who's who
Theory
BGP
Linux BGP on Linux
30 / 36
Who's who
Theory
BGP
Linux
BGP on Linux / Bird
We'll use Bird Internet Routing Daemon again
Base configuration already present from OSPF setup
Router ID
protocol device
protocol kernel
31 / 36
Who's who
Theory
BGP
Linux
Bird BGP con guration example
#
# Basic example BGP peer configuration
#
protocol bgp <name> {
# Which prefixes to accept from peer
import <...>;
# Which prefixes to send to peer
export <...>;
# Our ASN
local as <our ASN>;
# Neighbor to connect to
neighbor <peer IP> as <peer ASN>;
}
32 / 36
Who's who
Theory
BGP
Linux
BGP peer con guration br-01 -> dr01
# IPv4
br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/as13020.conf
protocol bgp as13020 {
# Only import Chaos prefix and send default route
import where net = 94.45.224.0/19;
export where net = 0.0.0.0/0;
local as 39225;
neighbor 194.107.207.29 as 13020;
}
# The same with IPv6
br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird6.d/as13020.conf
protocol bgp as13020 {
# Only import Chaos prefix and send default route
import where net = 2001:67c:20a1::/48;
export where net = ::/0;
local as 39225;
neighbor 2a07:ed07:fc13:fe03::2 as 13020;
}
33 / 36
Who's who
Theory
BGP
Linux
BGP peer con guration Route Re ection (cr-E)
# IPv4
cr-E.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/ibgp.conf
template bgp ibgp {
import all;
export all;
# Use loopback IP as source address for BGP session
source address 194.107.207.5;
local as 39225;
# The peer is a RR client
rr client;
}
protocol bgp br_01 from ibgp {
# Use neighbors loopback IP to connect to
neighbor 194.107.207.0 as 39225;
}
protocol bgp cr_A from ibgp {
neighbor 194.107.207.1 as 39225;
}
...
34 / 36
Who's who
Theory
BGP
Linux
Links
Further Reading
RFC4271: A Border Gateway Protocol 4 (BGP-4) - Rekhter, Li, Hares, 2006
BGP - Building Reliable Networks with the Border Gateway Protocol - I. van Beijnum,
2002
BGP Design and Implementation - Randy Zhang & Micah Bartell, 2003
Routing TCP/IP Volume II - Jeff Doyle & Jennifer DeHaven Carroll, 2016
35 / 36
Who's who
Theory
BGP
Linux
Links
Questions?
Questions?
36 / 36

More Related Content

What's hot

Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
Maximilan Wilhelm
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
Maximilan Wilhelm
 
6.Routing
6.Routing6.Routing
6.Routing
phanleson
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
Maximilan Wilhelm
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data Center
Cumulus Networks
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
Maximilan Wilhelm
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
Netwax Lab
 
Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)
NetProtocol Xpert
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
julianlz
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
Andriy Berestovskyy
 
CCNA DUMPS 640-802
CCNA DUMPS 640-802CCNA DUMPS 640-802
CCNA DUMPS 640-802
rahul kumar verma
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
Stephen Hemminger
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
Andriy Berestovskyy
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
Maximilan Wilhelm
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
Internet innovation with Multipath TCP
Internet innovation with Multipath TCPInternet innovation with Multipath TCP
Internet innovation with Multipath TCP
Olivier Bonaventure
 

What's hot (20)

Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
6.Routing
6.Routing6.Routing
6.Routing
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data Center
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
 
Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
 
CCNA DUMPS 640-802
CCNA DUMPS 640-802CCNA DUMPS 640-802
CCNA DUMPS 640-802
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
 
Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)Networking Fundamentals: Transport Protocols (TCP and UDP)
Networking Fundamentals: Transport Protocols (TCP and UDP)
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
 
Internet innovation with Multipath TCP
Internet innovation with Multipath TCPInternet innovation with Multipath TCP
Internet innovation with Multipath TCP
 

Similar to Dynamische Routingprotokolle Aufzucht und Pflege - BGP

Bgp
BgpBgp
BGP Overview
BGP OverviewBGP Overview
BGP Overview
Matt Bynum
 
Lec7
Lec7Lec7
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
NYversity
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PROIDEA
 
Bigbgp
BigbgpBigbgp
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)
Netwax Lab
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp
BgpBgp
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
IT Tech
 
Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Linux 2.5.3
Cumulus Linux 2.5.3
Cumulus Networks
 
Class 7
Class 7Class 7
Class 7
mozaharulhoq
 
Bgp 6 advanced transit as issues
Bgp 6   advanced transit as issuesBgp 6   advanced transit as issues
Bgp 6 advanced transit as issues
Auguste Behe
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
Nutan Singh
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
aozcan1
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
gobed
 
CCNP Route 642 902 BGP
CCNP Route 642 902 BGPCCNP Route 642 902 BGP
CCNP Route 642 902 BGP
IT Tech
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdf
GhulamIbneGhulam
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
 
Cisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparationCisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparation
Cisco-642-902
 

Similar to Dynamische Routingprotokolle Aufzucht und Pflege - BGP (20)

Bgp
BgpBgp
Bgp
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
Lec7
Lec7Lec7
Lec7
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr WojciechowskiPLNOG15: BGP New Advanced Features - Piotr Wojciechowski
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
 
Bigbgp
BigbgpBigbgp
Bigbgp
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
Bgp
BgpBgp
Bgp
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
Cumulus Linux 2.5.3
Cumulus Linux 2.5.3Cumulus Linux 2.5.3
Cumulus Linux 2.5.3
 
Class 7
Class 7Class 7
Class 7
 
Bgp 6 advanced transit as issues
Bgp 6   advanced transit as issuesBgp 6   advanced transit as issues
Bgp 6 advanced transit as issues
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
 
CCNP Route 642 902 BGP
CCNP Route 642 902 BGPCCNP Route 642 902 BGP
CCNP Route 642 902 BGP
 
SANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdfSANOG23-BGP-Techniques.pdf
SANOG23-BGP-Techniques.pdf
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
 
Cisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparationCisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparation
 

Recently uploaded

Understanding Threat Intelligence | What is Threat Intelligence
Understanding Threat Intelligence | What is Threat IntelligenceUnderstanding Threat Intelligence | What is Threat Intelligence
Understanding Threat Intelligence | What is Threat Intelligence
Lumiverse Solutions Pvt Ltd
 
Team Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public servicesTeam Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public services
Bangladesh Network Operators Group
 
DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33
APNIC
 
Software Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical ImplementationsSoftware Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical Implementations
Bangladesh Network Operators Group
 
University of California, Riverside diploma
University of California, Riverside diplomaUniversity of California, Riverside diploma
University of California, Riverside diploma
eufdev
 
Effective Tips for Creating the Best Rich Media Ads .pptx
Effective Tips for Creating the Best Rich Media Ads .pptxEffective Tips for Creating the Best Rich Media Ads .pptx
Effective Tips for Creating the Best Rich Media Ads .pptx
AirtoryInc
 
Do it again anti Republican shirt Do it again anti Republican shirt
Do it again anti Republican shirt Do it again anti Republican shirtDo it again anti Republican shirt Do it again anti Republican shirt
Do it again anti Republican shirt Do it again anti Republican shirt
exgf28
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Krishna L
 
Study of international anticancer research trends.pdf
Study of international anticancer research trends.pdfStudy of international anticancer research trends.pdf
Study of international anticancer research trends.pdf
Preston University
 
Network Security version1.0 - Module 3.pptx
Network Security version1.0 - Module 3.pptxNetwork Security version1.0 - Module 3.pptx
Network Security version1.0 - Module 3.pptx
Infotainmentforall
 
New York Institute of Technology degree Cert diploma offer
New York Institute of Technology degree Cert diploma offerNew York Institute of Technology degree Cert diploma offer
New York Institute of Technology degree Cert diploma offer
ubovu
 
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
QingjieDu1
 
Digital ethnography of the Polish darknet drug trade community
Digital ethnography of the Polish darknet drug trade communityDigital ethnography of the Polish darknet drug trade community
Digital ethnography of the Polish darknet drug trade community
Piotr Siuda
 
Portugal Dreamin 24 - How to easily use an API with Flows
Portugal Dreamin 24  - How to easily use an API with FlowsPortugal Dreamin 24  - How to easily use an API with Flows
Portugal Dreamin 24 - How to easily use an API with Flows
Thierry TROUIN ☁
 
Use of Ontologies in Chemical Kinetic Database CHEMCONNECT
Use of Ontologies in Chemical Kinetic Database CHEMCONNECTUse of Ontologies in Chemical Kinetic Database CHEMCONNECT
Use of Ontologies in Chemical Kinetic Database CHEMCONNECT
Edward Blurock
 
Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)
Bangladesh Network Operators Group
 
Saint Louis University diploma
Saint Louis University diplomaSaint Louis University diploma
Saint Louis University diploma
eufdev
 
Best Skills to Learn for Freelancing.pdf
Best Skills to Learn for Freelancing.pdfBest Skills to Learn for Freelancing.pdf
Best Skills to Learn for Freelancing.pdf
Million-$-Knowledge {Million Dollar Knowledge}
 
Rent remote desktop server mangohost .net
Rent remote desktop server mangohost .netRent remote desktop server mangohost .net
Rent remote desktop server mangohost .net
pdfsubmission50
 
Open Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using GraylogOpen Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using Graylog
Bangladesh Network Operators Group
 

Recently uploaded (20)

Understanding Threat Intelligence | What is Threat Intelligence
Understanding Threat Intelligence | What is Threat IntelligenceUnderstanding Threat Intelligence | What is Threat Intelligence
Understanding Threat Intelligence | What is Threat Intelligence
 
Team Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public servicesTeam Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public services
 
DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33DASH, presented by Elly Tawhai at PacNOG 33
DASH, presented by Elly Tawhai at PacNOG 33
 
Software Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical ImplementationsSoftware Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical Implementations
 
University of California, Riverside diploma
University of California, Riverside diplomaUniversity of California, Riverside diploma
University of California, Riverside diploma
 
Effective Tips for Creating the Best Rich Media Ads .pptx
Effective Tips for Creating the Best Rich Media Ads .pptxEffective Tips for Creating the Best Rich Media Ads .pptx
Effective Tips for Creating the Best Rich Media Ads .pptx
 
Do it again anti Republican shirt Do it again anti Republican shirt
Do it again anti Republican shirt Do it again anti Republican shirtDo it again anti Republican shirt Do it again anti Republican shirt
Do it again anti Republican shirt Do it again anti Republican shirt
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
 
Study of international anticancer research trends.pdf
Study of international anticancer research trends.pdfStudy of international anticancer research trends.pdf
Study of international anticancer research trends.pdf
 
Network Security version1.0 - Module 3.pptx
Network Security version1.0 - Module 3.pptxNetwork Security version1.0 - Module 3.pptx
Network Security version1.0 - Module 3.pptx
 
New York Institute of Technology degree Cert diploma offer
New York Institute of Technology degree Cert diploma offerNew York Institute of Technology degree Cert diploma offer
New York Institute of Technology degree Cert diploma offer
 
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
SisAi World - Software is AI - Providing AI as Software - Protecting the Inte...
 
Digital ethnography of the Polish darknet drug trade community
Digital ethnography of the Polish darknet drug trade communityDigital ethnography of the Polish darknet drug trade community
Digital ethnography of the Polish darknet drug trade community
 
Portugal Dreamin 24 - How to easily use an API with Flows
Portugal Dreamin 24  - How to easily use an API with FlowsPortugal Dreamin 24  - How to easily use an API with Flows
Portugal Dreamin 24 - How to easily use an API with Flows
 
Use of Ontologies in Chemical Kinetic Database CHEMCONNECT
Use of Ontologies in Chemical Kinetic Database CHEMCONNECTUse of Ontologies in Chemical Kinetic Database CHEMCONNECT
Use of Ontologies in Chemical Kinetic Database CHEMCONNECT
 
Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)
 
Saint Louis University diploma
Saint Louis University diplomaSaint Louis University diploma
Saint Louis University diploma
 
Best Skills to Learn for Freelancing.pdf
Best Skills to Learn for Freelancing.pdfBest Skills to Learn for Freelancing.pdf
Best Skills to Learn for Freelancing.pdf
 
Rent remote desktop server mangohost .net
Rent remote desktop server mangohost .netRent remote desktop server mangohost .net
Rent remote desktop server mangohost .net
 
Open Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using GraylogOpen Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using Graylog
 

Dynamische Routingprotokolle Aufzucht und Pflege - BGP

  • 1. Border Gateway Protocol FrOSCon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 36
  • 2. Agenda 1. Who's who 2. Theory 1. ASes 3. BGP Theory 1. Paths & Attributes 2. Best path decision 3. Routingtables and their interaction 4. external vs. internal BGP 1. Route Reflection 5. BGP on Linux 6. BGP on Cisco IOS 7. Outlook 1. Add Path Capabilites 2. MP-BGP 2 / 36
  • 3. Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 36
  • 4. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 36
  • 6. Who's who Theory Single-homed to one ISP Local network 192.168.178.0/24 One default router Only one path Home Scale Internet 6 / 36
  • 7. Who's who Theory Enterprise / Service Provider Scale Networking AS13020 AS39225 Core Distribution Border Internet br-01 cr-E cr-A cr-D cr-B cr-C Already present dr-01 Access sw-01 ap-04 ap-03ap-02ap-01 AS201701 bb-a.fra bb-b.fra AS41981 SDN.clinic dr-02 7 / 36
  • 8. Who's who Theory Interior vs. Exterior Gateway Protocols Exterior Gateway Protocols Exchange routing information between ASes / with untrusted peers De-facto standard protocol: BGP Interior Gateway Protocols Exchance routing information inside AS De-facto standard protocols: OSPF IS-IS iBGP 8 / 36
  • 9. Who's who Theory Distance Vector Routers always send their complete routing table with increased metrics Metrics are counted to infinity where infinity = 15 Example: Routing Information Protocol (RIP) 9 / 36
  • 10. Who's who Theory Path Vector Not only a next-hop but also a path to target Multiple attributes per route Multiple routes with different paths to a single destination possible Enables equal cost multi path (ECMP) Only next-hop attributes are modified 10 / 36
  • 12. Who's who Theory BGP Three Napkin Protocol Led to RFC "BGP-1" #1105 (1989/06) 12 / 36
  • 13. Who's who Theory BGP History and BGP today Four iterations of main BGP protocol RFC1105 (1989/06): BGP-1 RFC1163 (1990/06): BGP-2 RFC1267 (1991/10): BGP-3 RFC1771 (1995/03): BGP-4 superseded by RFC4271 (2006/01) Lots of additions (best of) RFC2918 (2000/09): Route Refresh Capability for BGP-4 RFC4456 (2006/04): BGP-RR RFC4760 (2007/01): MP-BGP RFC6793 (2012/12): 32bit ASNs RFC7911 (2016/07): BGP AddPath RFC7999 (2016/10): BGP Blackhole Community Holds the Internet together Implemented in all major routing suites and vendors Interoperable 13 / 36
  • 14. Who's who Theory BGP BGP at a glance Neighbors have to be configured explicitly TCP connection on port 179 Neighbors exchange Network Layer Reachability Information (NLRI) Router selects best route(s) Selected routes are installed in Local-RIB / FIB 14 / 36
  • 15. Who's who Theory BGP What's this routing table mess about? Local RIB AdjRIBOut AdjRIBIn FIB OSPFStatic Import Filter Export Filter AdjRIBOut AdjRIBIn PeerPeer Import Filter BGP Process 1 Export Filter BGP Process 2 Local Routing Information Base (RIB) or Loc-RIB Forwarding Informatio Base (FIB) Adjacency RIB In (AdjRIBIn) Adjecency RIB Out (AdjRIBOut) 15 / 36
  • 17. Who's who Theory BGP BGP Path List of all Autonomous Systems (ASes) a route has gone trough Used to prevent routing loops Shorter is better Our network as seen at DE-CIX: Path: 201701 39225 13020 Translation: FFRL, SDN-CLINIC-LAB, CCCV-AS May be prepended for traffic engineering purposes: Path: 50629 201701 201701 201701 201701 39225 13020 Translation: LWLcom, (3x prepend) FFRL, SDN-CLINIC-LAB, CCCV-AS 17 / 36
  • 18. Who's who Theory BGP Path Attributes Each prefix* carries a set of attributes: Next-Hop Local Preference AS Path Origin Multi Exit Discriminator (MED, optional) Communities (optional) Large Communities (optional) Attributes can be: Transitive or non-transitive Will be forwarded to the next BGP-speaker - or not Mandatory or optional * or set thereof 18 / 36
  • 19. Who's who Theory BGP BGP Next-Hop A route has to point somewhere IP address of the next router on a path Can be adjacent router Can be a router somewhere else Look up route to remote router in local routing table Will probably be resolved via IGP (e.g. OSPF) Is the next hop not present in the local routing table the route cannot be used Will be installed with an unreachable next hop in RIB 19 / 36
  • 20. Who's who Theory BGP BGP Local Preference 32bit unsigned int Default value: 100 Meaningful within one AS Higher is better Real world usage: Rank prefixes of customers, peers, transits, ... Direct/prioritize where our traffic is sent Example values from Freifunk Rheinland e.V AS201701 Backbone: Local Pref Prefix type 5 Remote Transits 500 Transits 1.000 Peerings 10.000 Downstreams 20 / 36
  • 21. Who's who Theory BGP BGP Multi Exit Discriminator 32bit unsigned int Default value: 0 Meaningful between two adjacent ASes non-transitive Lower is better Real world usage: Direct multi-homed peer where to ingest traffic to us Some ASes ignore/overwrite MED values Talk to peer 21 / 36
  • 22. Who's who Theory BGP BGP Communities Numerical route attributes / labels Meaningful only to local AS specifications Classical Communities (RFC1997, Aug. 1996): 32bit unsigned int 16bit ASN, 16bit value Default value: non set Canonical representation: <ASN>:<value> Well-Known communities NO_EXPORT NO_ADVERTISE BLACKHOLE (RFC7999, Oct. 2016) 22 / 36
  • 23. Who's who Theory BGP BGP Large Communities 16bit ASN part to small for 32bit ASNs Large Communities (RFC8092, Feb. 2017): 96bit unsigned int 32bit ASN 32bit Local-Data1 32bit Local-Data2 Canonical Representation: <ASN>:<Local Data 1>:<Local Data 2> 23 / 36
  • 24. Who's who Theory BGP BGP Route Decision (eBGP) 1. Is the Next Hop reachable? 2. Higher Local Preference 3. Shorter AS_PATH 4. Smaller ORIGIN 5. Smaller MED, if multiple prefixes with same next AS 6. Smaller Router ID 7. Smaller Neighbor IP address See RFC4271, Section 9.1.2 for more details 24 / 36
  • 25. Who's who Theory BGP external vs. internal BGP External BGP (eBGP): Routers in two different ASes Session established between IP addresses on transfer network Internal BGP (iBGP): Routers within the same AS Sessions usually established between router's loopback addresses Requires working IGP (e.g. OSPF) Session will stay up as long as on path within the network exists No path attributes altered in iBGP Routes received via iBGP MUST NOT be sent to an iBGP neighbor iBGP full mesh required 25 / 36
  • 26. Who's who Theory BGP BGP Route Decision (complete) 1. Is the Next Hop reachable? 2. Higher Local Preference 3. Shorter AS_PATH 4. Smaller ORIGIN 5. Smaller MED, if multiple prefixes with same next AS 6. eBGP > iBGP 7. Smaller IGP cost 8. Smaller Router ID 9. Smaller Neighbor IP address See RFC4271, Section 9.1.2 for more details 26 / 36
  • 27. Who's who Theory BGP Rule: Every router within an AS has to have an iBGP session to every other router. O(n²) scale. D'oh. Management & memory headache But there's help: Route Reflection! AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 iBGP Full Mesh 27 / 36
  • 28. Who's who Theory BGP RFC4456 (Apr. 2006) BGP extension to work around full mesh requirement Cluster ID prevents routing loops Think "internal Path" Route Reflector advertises iBGP routes to iBGP peers Special configuration only on RR AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 iBGP Route Re ection 28 / 36
  • 29. Who's who Theory BGP Obvious SPoF can be alleviated by redundant RRs AS39225 Core Border br-01 cr-D cr-B cr-C cr-Acr-E dr-02 Redundant iBGP Route Re ection 29 / 36
  • 30. Who's who Theory BGP Linux BGP on Linux 30 / 36
  • 31. Who's who Theory BGP Linux BGP on Linux / Bird We'll use Bird Internet Routing Daemon again Base configuration already present from OSPF setup Router ID protocol device protocol kernel 31 / 36
  • 32. Who's who Theory BGP Linux Bird BGP con guration example # # Basic example BGP peer configuration # protocol bgp <name> { # Which prefixes to accept from peer import <...>; # Which prefixes to send to peer export <...>; # Our ASN local as <our ASN>; # Neighbor to connect to neighbor <peer IP> as <peer ASN>; } 32 / 36
  • 33. Who's who Theory BGP Linux BGP peer con guration br-01 -> dr01 # IPv4 br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/as13020.conf protocol bgp as13020 { # Only import Chaos prefix and send default route import where net = 94.45.224.0/19; export where net = 0.0.0.0/0; local as 39225; neighbor 194.107.207.29 as 13020; } # The same with IPv6 br-01.in.fc13.sdn.clinic:~# cat /etc/bird/bird6.d/as13020.conf protocol bgp as13020 { # Only import Chaos prefix and send default route import where net = 2001:67c:20a1::/48; export where net = ::/0; local as 39225; neighbor 2a07:ed07:fc13:fe03::2 as 13020; } 33 / 36
  • 34. Who's who Theory BGP Linux BGP peer con guration Route Re ection (cr-E) # IPv4 cr-E.in.fc13.sdn.clinic:~# cat /etc/bird/bird.d/ibgp.conf template bgp ibgp { import all; export all; # Use loopback IP as source address for BGP session source address 194.107.207.5; local as 39225; # The peer is a RR client rr client; } protocol bgp br_01 from ibgp { # Use neighbors loopback IP to connect to neighbor 194.107.207.0 as 39225; } protocol bgp cr_A from ibgp { neighbor 194.107.207.1 as 39225; } ... 34 / 36
  • 35. Who's who Theory BGP Linux Links Further Reading RFC4271: A Border Gateway Protocol 4 (BGP-4) - Rekhter, Li, Hares, 2006 BGP - Building Reliable Networks with the Border Gateway Protocol - I. van Beijnum, 2002 BGP Design and Implementation - Randy Zhang & Micah Bartell, 2003 Routing TCP/IP Volume II - Jeff Doyle & Jennifer DeHaven Carroll, 2016 35 / 36