Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Implementing Internet and MPLS BGP

18,937 views

Published on

For enterprise network engineers, implementing BGP can be an intimidating task. This presentation was given to address common architectures for internet and MPLS BGP usage, along with best practices.

Published in: Technology
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Very Nice, If you want more good Presentations visit www.ThesisScientist.com, Its a wonderful website for latest Presentations and Research
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Great presentation of bgp and mpls
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • how can i download this ????
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Implementing Internet and MPLS BGP

  1. 1. Implementing & Troubleshooting<br />BGP<br />Tanner <br />5/23/2008<br />5/30/2008<br />
  2. 2. Agenda<br />PART 1<br />BGP Fundamentals<br />BGP and the Internet<br />PART 2<br />BGP and the WAN<br />Troubleshooting<br />2<br />
  3. 3. PART 1<br />BGP Fundamentals<br />BGP and the Internet<br />3<br />
  4. 4. BGP Fundamentals<br />Operations<br />4<br />
  5. 5. Where is BGP used?<br />Internet<br />Same, Unique, or Mixed ASN<br />MPLS WAN<br />Public or Private ASN<br />5<br />
  6. 6. ASAutonomous Systems<br />Textbook answer:<br />An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy.<br />6<br />
  7. 7. ASN’sAutonomous System Numbers<br />16-bit ASN’s (RFC1930)<br />Range: 0-65535<br />Public: 1-64511<br />Private: 64512-65534 <br />32-bit ASN’s (RFC4893)<br />4-octets<br />0.0 to 65535.65535<br />Only 46 32-bit ASN’s currently allocated<br />7<br />
  8. 8. EIGRP and BGP Comparison<br />8<br />
  9. 9. Path Selection<br />Attributes<br />Highest Weight<br />Highest Local Preference<br />Internally Originated<br />Shortest AS-Path<br />Manipulating these attributes changes BGP path selection<br />9<br />
  10. 10. Terminology<br />attribute [noun]<br />Pronunciation: a-trə-byüt <br />3: a word ascribing a quality; especially<br />attribute [transitive verb]<br />Pronunciation: ə-tri-byüt, -byət <br />1: to explain by indicating a cause &lt;attributed his success to his coach&gt;<br />10<br />
  11. 11. BGP AttributesRFC1771 attributes its success to its attributes<br />11<br />
  12. 12. BGP AttributesMost Used<br />Influence INBOUNDTraffic<br />The transit path to you is determined by how you announce your routes<br />AS Path Prepend (shorter is more preferred)<br />route-map RM-ISP-OUT<br /> set as-path prepend123 123 123<br />Influence OUTBOUNDtraffic<br />Local Preference (higher is more preferred)<br />route-map RM-ISP-IN<br /> set local-preference 50<br />12<br />
  13. 13. BGP Process Operations<br />13<br />
  14. 14. Section ReviewFundamentals<br />What is an autonomous system?<br />What are BGP attributes that affect inbound traffic?<br />What are BGP attributes that affect outbound traffic?<br />Name 4 common BGP path selection criteria<br />What maintenance task happens every 60 seconds in BGP?<br />14<br />
  15. 15. BGP & the Internet<br />15<br />23nd Ave / I-40 Junction<br />
  16. 16. Global IP Assignments<br />IANA<br />Regional Registrars<br />ISP’s<br />End Users<br />16<br />
  17. 17. Address Space DepletionBGP Movie (6 min)<br />17<br />
  18. 18. Global Routing tableHow large is it?<br />.:: Limit Prefixes on Cisco routers<br />router bgp 12345<br /> neighbor 1.1.1.1 maximum-prefix 300000 90<br />18<br />
  19. 19. RIR whois<br />ARIN IP Lookup<br /><ul><li>AfriNIC Country Lookup</li></ul>19<br />
  20. 20. Typical ISP Routing Options<br />Single-homed, Single ISP<br />Private AS or Static (No BGP)<br />Multi-homed, Single ISP<br />Private AS<br />Multi-homed, Dual ISP<br />Public AS<br />20<br />
  21. 21. Prefix OriginationInbound Traffic<br />Common Elements<br />ISP’s won’t accept anything longer than /24<br />Provider Aggregate address block (PA)<br />/24 or shorter from ISP<br />Justification paperwork, but usually easy<br />Announcing another ISP’s prefix<br />Provider Independent address block (PI)<br />Applied for from RIR (e.g., ARIN)<br />More Paperwork (and solid justification)!<br />21<br />
  22. 22. What Kind of Routes?Outbound Traffic<br />1Based on 2 upstream eBGP peers<br />2 Varies depending on quantity of ISP customers announcing prefixes<br />3Varies depending on size of upstream carrier<br />4 Inbound bogon filtering is still possible, however outbound will not function due to default route<br />22<br />
  23. 23. Memory RequirementsFull BGP Routes<br />Based on 255K routes + soft reconfig<br />BGP Summary shows 57MB Used<br />BGP-Router# shipbgp sum<br />...<br />BGP using 57060899 total bytes of memory<br /><ul><li>Adding up processes shows 153MB Used</li></ul>BGP-Router# sh proc mem | i PID|BGP<br /> PID TTY Allocated Freed Holding GetbufsRetbufs Process<br /> 215 0 152845892 1430904 145443600 16 16 BGP Router <br /> 234 0 239016 0 6984 5164371 5164371 BGP I/O <br /> 235 0 0 82472 9972 0 0 BGP Scanner <br />23<br />
  24. 24. BGP Policy Components<br />Prefix-lists to filter prefixes <br />ip prefix-list PL-ANNOUNCE seq 10 permit 1.0.0.0/8<br />Filter-lists to filter ASNs<br />ip as-path access-list 1 ^1234<br />Route-maps to apply policy<br />route-map RM-ISP-OUT permit 10 set as-path prepend 1234<br />Distribute-lists to sit and watch (don’t use)<br />Source: NANOG 23, Phillip Smith<br />24<br />
  25. 25. Configuration ExampleISP eBGP Peer with Partial Routes<br />router bgp 1234<br /> no auto-summary<br /> no synchronization<br /> no bgp fast-external-fallover<br />bgp log-neighbor-changes<br /> neighbor 192.0.2.233 remote-as 209<br /> neighbor 192.0.2.233 description eBGP with Qwest AS209. Password: 1234abcd<br /> neighbor 192.0.2.233 password 1234abcd<br /> neighbor 192.0.2.233 version 4<br /> neighbor 192.0.2.233 soft-reconfiguration inbound<br /> neighbor 192.0.2.233 maximum-prefix 300000 90 warning-only<br /> neighbor 192.0.2.233 prefix-list PL-BOGONS in<br /> neighbor 192.0.2.233 prefix-list PL-ANNOUNCE out<br /> neighbor 192.0.2.233 route-map RM-QWEST-OUT out<br /> neighbor 192.0.2.233 route-map RM-QWEST-IN in<br /> neighbor 192.0.2.233 filter-list 1 out<br /> neighbor 192.0.2.233 filter-list 10 in<br /> network 205.93.251.0 mask 255.255.254.0<br /> network 205.93.251.0<br />ip route 205.93.251.0 255.255.254.0 Null0 name BGP-STABILITY<br />ip route 205.93.251.0 255.255.255.0 205.93.251.4<br />ip route 205.93.251.125 255.255.255.255 205.93.251.121 name IBGP-PEER<br />ip route 205.93.251.125 255.255.255.255 205.93.251.2 250 name IBGP-PEER-BACKUP<br />ip as-path access-list 1 permit ^$<br />ip as-path access-list 10 permit _(209|7018)$<br />ip prefix-list PL-ANNOUNCE seq 10 permit 205.93.251.0/23 le 24<br />ip prefix-list PL-ANNOUNCE seq 99 deny 0.0.0.0/0 le 32<br />route-map RM-QWEST-OUT permit 10<br /> set as-path prepend 1234 1234<br />route-map RM-QWEST-IN permit 10<br /> set local-pref 50<br />25<br />
  26. 26. Regular ExpressionsBGP AS Filtering<br />Defining our AS<br />ip as-path access-list 1 permit ^$<br />Originating in AS 3549<br />ip as-path access-list 1 permit ^3549$<br />Originating in AS 3549 or Upstream AS<br />ip as-path access-list 1 permit ^3549$<br />ip as-path access-list 1 permit ^3549 1239$<br />ip as-path access-list 1 permit ^3549_(1239)?$<br />Deny all nets originating from AS 1239 and permit all other routes<br />ip as-path access-list 1 deny _1239$ <br />ip as-path access-list 1 permit .*<br />26<br />
  27. 27. BGP Routing Table Analysis<br />Daily BGP Stats Available<br />BGP routing table entries examined: 255572<br /> Prefixes after maximum aggregation: 127106<br />Deaggregation factor: 2.01<br /> Unique aggregates announced to Internet: 123962<br />Total ASes present in the Internet Routing Table: 28151<br /> Prefixes per ASN: 9.08<br />Average AS path length visible in the Internet Routing Table: 3.6<br /> Max AS path length visible: 25<br /> Max AS path prepend of ASN (39375) 13<br />Prefixes from unregistered ASNs in the Routing Table: 25414<br /> Unregistered ASNs in the Routing Table: 1885<br />Prefixes being announced from unallocated address space: 786<br />Number of addresses announced to Internet: 1,851,293,088<br />WojciechMisiaszek<br />TelekomunikacjaPodlasie Sp.<br />ul. Dobra 14A <br />15-034 Bialystok <br />Poland<br />27<br />
  28. 28. Bogon FilteringManual Method<br />28<br />Outbound traffic (via inbound route filter)<br />ip prefix-list BOGONS descBogon networks we won&apos;t accept<br />ip prefix-list BOGONS seq 2 deny 0.0.0.0/0<br />ip prefix-list BOGONS seq 5 deny 0.0.0.0/8 le 32<br />ip prefix-list BOGONS seq 20 deny 5.0.0.0/8 le 32<br />ip prefix-list BOGONS seq 390 deny 127.0.0.0/8 le 32<br />ip prefix-list BOGONS seq 400 deny 172.16.0.0/12 le 32<br />ip prefix-list BOGONS seq 520 deny 224.0.0.0/3 le 32<br />ip prefix-list BOGONS seq 700 permit 0.0.0.0/0 le 27<br />Inbound traffic<br />ip access-list extended ACL-OUTSIDE-IN<br /> remark --- Basic Spoof Filtering<br /> deny ip 0.0.0.0 0.255.255.255 any <br /> deny ip 10.0.0.0 0.255.255.255 any <br /> deny ippublic-ip-blocksubnet-mask any<br />
  29. 29. Bogon FilteringAutomatic Method<br />Do not try this at home!<br />Make sure you are aware of potential complications<br />29<br />router bgp &lt;your asn&gt;<br /> neighbor x.x.x.x remote-as 65333<br /> neighbor x.x.x.xebgp-multihop 255<br /> neighbor x.x.x.x description CymruBogon Route Server Project<br /> neighbor x.x.x.x prefix-list PL-CYMRU-OUT out<br /> neighbor x.x.x.x route-map RM-CYMRUBOGONS-IN in<br /> neighbor x.x.x.x password 31337PW<br /> neighbor x.x.x.x maximum-prefix 100 threshold 90<br />Configure a community list to accept the bogon prefixes into the route-map.<br />ipbgp-community new-format<br />ip community-list 10 permit 65333:888<br />Configure the route-map. Remember to apply it to the proper peering sessions.<br />route-map RM-CYMRUBOGONS-IN permit 10<br /> description Filter bogons learned from cymru.com bogon route-servers<br /> match community 10<br /> set ip next-hop 192.0.2.1<br />Set a bogon next-hop on all routers that receive the bogons.<br />ip route 192.0.2.1 255.255.255.255 null0<br />ip prefix-list PL-CYMRU-OUT seq 5 deny 0.0.0.0/0 le 32<br />
  30. 30. BGP Communities<br />WELL KNOWN<br />TE Custom Communities<br />no-advertise<br />no-export<br />ISP must support it<br />TE via AS path prepends, local prefs, trig. blackhole<br />30<br />
  31. 31. BGP CommunitiesConfiguration Example<br />ipbgp-community new-format<br />ipprefix-list PL-ANNOUNCE seq 10 permit 205.93.251.0/24<br />ipprefix-list PL-ANNOUNCE seq 10 deny 0.0.0.0/0 le 32<br />route-map RM-ISP-OUT permit 10<br /> match ip address prefix-list PL-ANNOUNCE <br /> set community 65011:209<br />route-map RM-ISP-OUT permit 20<br />router bgp 64512<br /> neighbor 1.1.1.1 send-community<br /> neighbor 1.1.1.1 route-map RM-ISP-OUT out<br />31<br />
  32. 32. Section ReviewBGP & the Internet<br />What kind of route options are typically received from an ISP?<br />Who is the global controller of IP space on the internet?<br />Describe bogon filtering<br />What do the ^ and $ symbols mean in regular expressions?<br />32<br />
  33. 33. PART 2<br />BGP and the MPLS WAN<br />Troubleshooting BGP<br />33<br />
  34. 34. BGP & MPLS<br />Theory<br />Design<br />Configuration<br />Best Practices<br />34<br />
  35. 35. MPLS Basics<br />Topology<br />Full Mesh<br />Single peer to WAN cloud<br />L1 Transport<br />T1<br />DS3<br />L2 Transport<br />PPP / MLP<br />ATM / IMA<br />Frame Relay<br />Ethernet<br />Routing Protocols<br />BGP<br />EIGRP<br />RIP<br />Public/Private AS’s<br />35<br />
  36. 36. MPLS Terminology<br />CE Router<br />Customer Edge<br />PE Router<br />Provider Edge<br />P/LSR Router<br />Provider Backbone/Label Switching Router<br />VRF<br />Virtual Routing and Forwarding<br />Everything else is standard BGP!<br />36<br />
  37. 37. Typical MPLS Topology Options<br />Single-homed, Single ISP<br />Easiest routing policies<br />Multi-homed, Single ISP<br />Most common<br />Multi-homed, Dual Provider<br />Lots of TE<br />37<br />
  38. 38. BGP TableHow do you read this thing???<br />38<br />&gt; is the path installed in the routing table<br />rmeans there is already a route with a better AD<br />32768means prefix originated on this router<br />? means prefix was originated via redistribution<br />Next Hopis the neighbor IP of eBGP peer(s)<br />WAN-Router# shipbgp<br />BGP table version is 7345, local router ID is 172.16.254.3<br />Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal,<br /> r RIB-failure, S Stale<br />Origin codes: i - IGP, e - EGP, ? - incomplete<br /> Network Next Hop Metric LocPrf Weight Path<br />* i12.86.42.44/30 172.16.254.4 0 100 0 7018 ?<br />*&gt; 12.122.14.185 0 7018 ?<br />r&gt;i172.16.254.4/32 172.16.254.4 0 100 0 ?<br />*&gt; 172.16.254.16/29 0.0.0.0 0 32768 ?<br />*&gt; 172.16.254.24/29 0.0.0.0 0 32768 ?<br />* i172.30.32.0/20 172.16.254.4 0 100 0 7018 7018 i<br />*&gt; 12.122.14.185 0 7018 7018 i<br />*&gt; 172.30.64.0/20 12.122.14.185 0 7018 7018 ?<br />imeans prefix was originated via network statement<br />AS set is the list of AS’s prefix has passed through<br />CIDR Mask try to summarize where possible<br />* means route is OK to inject in routing table<br />imeans prefix learned from iBGP peer<br />
  39. 39. Default Route Origination<br />39<br />*Policies include: Conditional advertisement, AS prepending, and communities<br />
  40. 40. Best Path Selection<br />Review<br />BGP Table (BRIB)<br />Routing Table (RIB)<br />BGP Multipath<br />Multi-VRF w/Sub-interfaces<br />40<br />Weight<br />Local Pref<br />Local Originate<br />AS Path<br />Origin Type<br />Lowest MED<br />eBGP over iBGP<br />IGP Metric to NH<br />Received First<br />Lowest RID<br />Originator ID<br />Neighbor IP<br />WAN-router# shipbgpnei 172.16.16.249 advertised-routes<br />Originating default network 0.0.0.0<br />   Network          Next Hop      Metric LocPrf Weight Path<br />*&gt; 10.0.0.0/24      10.20.40.5         0         32768 ?<br />*&gt; 10.20.20.0/24    0.0.0.0            0         32768 ?<br />...<br />Only send the very best!<br />WAN-router&gt; shipbgp<br />   Network          Next Hop       Metric LocPrf Weight Path<br />*&gt; 0.0.0.0          172.14.16.250                     0 65000 i<br />* 0.0.0.0          10.217.13.102                     0 65001 i<br />WAN-router&gt; shipbgp<br />   Network       Next Hop        Metric LocPrf Weight Path<br />*&gt; 0.0.0.0       172.11.132.193                     0 1803 65000 i<br />
  41. 41. Route Redistribution<br />“Seek first to summarize…”<br />Do you need to redistribute?<br />Yes = Redistribution<br />No = Summarization<br />Maybe = Both?<br />BGP to EIGRP<br />router eigrp 111<br />redistribute bgp 222 metric 1500 1000 255 1 1500<br />EIGRP to BGP<br />router bgp 222<br />redistribute eigrp 111<br />41<br />
  42. 42. Miscellaneous Features<br />Peer Groups<br />Object-groups for BGP! (Kind of…)<br />router bgp 64512<br />! Setup peer-group policies<br /> neighbor PARTIAL-ROUTES peer-group<br /> neighbor PARTIAL-ROUTES version 4<br /> neighbor PARTIAL-ROUTES filter-list 5 out<br /> neighbor FULL-ROUTES peer-group<br /> neighbor FULL-ROUTES version 4<br />! Apply it to a neighbor<br /> neighbor 192.0.2.228 peer-group FULL-ROUTES<br />ip as-path access-list 5 permit ^(209|36270|6298_)[0-9]*_[0-9]*$<br />Route Reflectors<br />42<br />
  43. 43. Best Practices<br />Avoid redistributing everything under the sun<br />connected, static, every routing protocol, etc.<br />Look for ways to reduce routing tables<br />Summarize<br />Advertise only what is necessary<br />Use a network statement for default origination<br />network 0.0.0.0 mask 0.0.0.0<br />43<br />
  44. 44. Case StudyRequirements<br />WAN to Internet<br />Use DC as primary<br />Use Campus as secondary<br />Use Internet VPN as tertiary<br />WAN to Hubs<br />Use each hub MPLS DS3<br />Use other hub DS3 as secondary<br />Use Internet VPN as tertiary<br />Hub to Hub<br />Use LAN link as primary<br />Don’t use MPLS DS3’s as secondary<br />44<br />Smokey the Router says… <br />“Routing works both ways!”<br />
  45. 45. Case StudyPossible Solution<br />45<br /><ul><li>WAN to Internet
  46. 46. Use DC as primary
  47. 47. Use Campus as secondary
  48. 48. Use Internet VPN as tertiary
  49. 49. WAN to Hubs
  50. 50. Use each hub MPLS DS3
  51. 51. Use other hub DS3 as secondary
  52. 52. Use Internet VPN as tertiary
  53. 53. Hub to Hub
  54. 54. Use LAN link as primary
  55. 55. Don’t use MPLS DS3’s as secondary</li></ul>Default Networks:<br />1 via eBGP to MPLS<br />1 via iBGP to VPN<br />Advertised Networks:<br />Shortest AS path (DC)<br />Advertised Networks:<br />network 0.0.0.0<br />network 10.112.0.0<br />Received Networks:<br />0.0.0.0/0 ge 29 le 32<br />Advertised Networks:<br />network 0.0.0.0<br />Received Networks:<br />0.0.0.0/0 ge 29 le 32<br />Summarized Networks:<br />summary-addr 10.x.0.0/20<br />summary-addr &lt;WAN nets&gt;<br />Advertised Networks:<br />network 0.0.0.0<br />Received Networks:<br />0.0.0.0/0 ge 29 le 32<br />Summarized Networks:<br />summary-addr 10.112.0.0/16<br />Default Route<br />Static route redistributed into EIGRP<br />Campus to WAN:<br />EIGRP Metric better via Router 1  WAN<br />DC to Campus:<br />Only 1 route via Interlink<br />
  56. 56. Configuration Example (Hub)MPLS eBGP Peer with Default Advertisement<br />46<br />router bgp 100<br /> network 0.0.0.0<br /> network 10.112.0.0 mask 255.255.0.0<br /> neighbor 192.0.2.105 remote-as 65000<br /> neighbor 192.0.2.105 description eBGP with MPLS SP. Password: 1234abcd<br /> neighbor 192.0.2.105 password 1234abcd<br /> neighbor 192.0.2.105 version 4<br /> neighbor 192.0.2.105 send-community<br /> neighbor 192.0.2.105 soft-reconfiguration inbound<br /> neighbor 192.0.2.105 route-map RM-MPLS-IN in<br /> neighbor 192.0.2.105 route-map RM-MPLS-OUT out<br /> no auto-summary<br />ip prefix-list PL-DEFAULT seq 10 permit 0.0.0.0/0<br />route-map RM-MPLS-IN deny 10<br /> description Block learning default route from DC Router. Use IGP instead.<br /> match ip address prefix-list PL-DEFAULT<br />route-map RM-MPLS-IN permit 20<br />route-map RM-MPLS-OUT permit 10<br /> description Set BGP policies for outbound route advertisements to MPLS Provider<br /> set community 112<br />route-map RM-MPLS-OUT permit 20<br /> description Prepend Default Route for Backup Link<br /> match ip address prefix-list PL-DEFAULT<br /> set as-path prepend 100 100<br />route-map RM-MPLS-OUT permit 30<br />
  57. 57. Configuration Example (Hub)MPLS EIGRP Redistribution<br />router eigrp 1<br /> redistribute bgp 100 metric 1500 1000 255 1 1500 route-map PL-WAN-SERIALS<br /> network 10.112.2.0 0.0.0.255<br /> no auto-summary<br />ip prefix-list PL-WAN-SERIALS seq 10 permit 0.0.0.0/0 ge 29<br />route-map RM-WAN-SERIALS permit 10<br /> description Only redistribute WAN serials (/29 to /32 prefixes) into EIGRP process<br /> match ip address prefix-list PL-WAN-SERIALS<br />Advertise learned BGP networks with prefixes /29 or longer<br />47<br />
  58. 58. Section ReviewBGP & MPLS<br />What are the 3 default route origination methods?<br />What does the &gt; symbol mean in the BGP table?<br />What are 3 clues that tell you a route &quot;originated here&quot; in the BGP table?<br />48<br />
  59. 59. BGP Troubleshooting<br />Interpreting and Troubleshooting BGP Operations<br />49<br />
  60. 60. Peer Establishment<br />Peer Reachability<br />MD5 Password Mismatch<br />Wrong neighbor IP<br />Wrong update-source<br />Wrong peer AS<br />TTL / ebgp-multihop<br />Stuck in OpenSent/OpenConfirm<br />Asymmetric routing & TTL problem<br />ACL’s between peers<br />Blocking TCP/179<br />50<br />
  61. 61. Flapping Peer<br />*May 20 04:02:39.240 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session<br />*May 20 04:02:54.468 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up <br />*May 20 04:20:44.999 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent<br />*May 20 04:20:44.999 MST: %BGP-3-NOTIFICATION: sent to neighbor 192.0.2.133 4/0 (hold time expired) 0 bytes <br />*May 20 04:21:04.243 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up <br />*May 20 04:52:18.132 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent<br />*May 20 04:52:18.132 MST: %BGP-3-NOTIFICATION: sent to neighbor 192.0.2.133 4/0 (hold time expired) 0 bytes <br />*May 20 04:55:16.469 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up <br />*May 20 04:56:17.169 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session<br />*May 20 04:56:36.533 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up <br />*May 20 05:09:28.555 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down Peer closed the session<br />*May 20 05:09:35.087 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Up <br />*May 20 05:47:57.350 MST: %BGP-5-ADJCHANGE: neighbor 192.0.2.133 Down BGP Notification sent<br />Remote router rebooting (BGP crash?)<br />MTU Incorrect<br />L2 Problem<br />Interface output drops (QoS, CoPP, etc.)<br />51<br />
  62. 62. Received RoutesPre/Post Filter<br />Show received routes before policy is applied<br />shipbgpnei 1.1.1.1 received-routes<br />Requires soft-reconfiguration inbound (more mem)<br />Show received routes after policy is applied<br />shipbgpnei 1.1.1.1 routes<br />Show AS Paths to via all neighbors<br />BGP-router&gt; shipbgp paths <br />Address Hash Refcount Metric Path<br />0xC4125EDC 1 8 0 7018 209 701 23520 3816 ?<br />0x68397C58 1 18 0 4323 6389 6198 27266 25747 i<br />0x74151970 1 2 0 4323 1299 13249 44600 i<br />0x70FF72D4 1 2 0 4323 3257 1241 20506 i<br />52<br />
  63. 63. Missing Routes<br />Next hop IP address must be accessible<br />iBGP next-hop-self<br />Route with better AD already exists in RIB<br />Filters<br />Prefix<br />AS-Path<br />Route-maps<br />53<br />
  64. 64. AnnouncementsVerify advertised routes<br />Show advertised routes to peer<br />shipbgpnei 192.0.2.233 advertised-routes<br />54<br />BGP-Router&gt; shipbgpnei 192.0.2.233 advertised-routes <br />BGP table version is 20753141, local router ID is 205.93.251.126<br />Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal,<br /> r RIB-failure, S Stale<br />Origin codes: i - IGP, e - EGP, ? - incomplete<br /> Network Next Hop Metric LocPrf Weight Path<br />*&gt; 205.93.251.0 205.93.251.4 0 32768 i<br />*&gt; 205.93.251.0/23 0.0.0.0 0 32768 i<br />Total number of prefixes 2 <br /><ul><li>What if nothing shows up?
  65. 65. Route must exist in the RIB</li></li></ul><li>BGP TableAnalyzing and Interpreting<br />Router# shipbgp<br />BGP table version is 24849, local router ID is 205.215.216.193<br />Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal,<br /> r RIB-failure, S Stale<br />Origin codes: i - IGP, e - EGP, ? - incomplete<br /> Network Next Hop Metric LocPrf Weight Path<br />*&gt;i0.0.0.0 205.93.251.125 0 100 0 7018 i<br />*&gt; 3.0.0.0 192.0.2.233 0 4323 1239 701 703 80 i<br />*&gt; 4.0.0.0/9 192.0.2.233 0 4323 3549 3356 i<br />* i 205.93.251.125 0 100 0 7018 209 3356 i<br />*&gt; 4.0.0.0 192.0.2.233 0 4323 3549 3356 i<br />* i 205.93.251.125 0 100 0 7018 209 3356 i<br />*&gt; 4.23.112.0/24 192.0.2.233 0 4323 174 21889 i<br />*&gt;i12.2.60.0/22 205.93.251.125 0 100 0 7018 209 7018 32719 i<br />* 192.0.2.233 0 4323 6539 19092 26794 26794 26794 26794 26794 26794 26794 26794 26794 26794 26794 32719 i<br />Note to self: 10 prepends is excessive<br />Average AS path length is 3.6<br />55<br />
  66. 66. Looking GlassPublic BGP Route Servers - CLI<br />Verify how the global internet routing table views your prefix announcement<br />route-views.oregon-ix.net&gt; shipbgp205.93.251.0 | i64512<br /> 3333 3356 1239 4323 64512<br /> 2905 701 209 7018 64512<br /> 4513 13789 22212 4323 64512<br /> 7018 4323 64512<br /> ...<br />56<br />
  67. 67. Looking GlassPublic BGP Route Servers – Web/CLI<br />57<br />
  68. 68. High CPU<br />BGP-Router# sh proc cpu | i CPU|PID|BGP<br />CPU utilization for five seconds: 93%/2%; one minute: 32%; five minutes: 22%<br /> PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process <br /> 319 2319628 11589466 200 0.15% 0.05% 0.04% 0 BGP Router <br /> 320 568684 2305861 246 0.00% 0.01% 0.00% 0 BGP I/O <br /> 321 246815548 1497615 164807 76.47% 9.23% 6.50% 0 BGP Scanner<br />58<br />
  69. 69. High Memory<br />L3-Switch# sh proc mem | i PID|BGP<br /> PID TTY Allocated Freed Holding GetbufsRetbufs Process<br /> 319 0 541682808 353471992 177441136 0 0 BGP Router <br /> 320 0 1377432 2361312 7048 0 0 BGP I/O <br /> 321 0 136 323920 10216 0 0 BGP Scanner<br />L3-Switch# shipbgp sum<br />Neighbor V AS MsgRcvdMsgSentTblVerInQOutQ Up/Down State/PfxRcd<br />32.124.75.251 4 209 1741759 68344 9564122 0 0 6w5d 251577<br />52.111.238.129 4 5555 2798645 68231 9564122 0 0 1w2d 254104<br />192.0.1.148 4 22222 68448 2134480 9564122 0 0 3w3d 35<br />192.0.2.228 4 33333 67386 2381477 9564122 0 0 5d01h 118<br />192.0.3.254 4 11111 2140027 2272911 9564130 0 0 6w5d 254360<br />750K routes (if no soft-reconfig)<br />1.5M routes (if soft-reconfig)<br />542MB of memory for BGP<br />59<br />
  70. 70. LatencyPerception v. Reality<br />What could cause this horrible latency???<br />Reply from 209.85.171.100: bytes=32 time=5ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=5ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=6ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=99ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=225ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=248ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=66ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=8ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=5ms TTL=247<br />Reply from 209.85.171.100: bytes=32 time=5ms TTL=247<br />60<br />BGP scanner process takes higher priority than ICMP processing. Move on, nothing to see here.<br />
  71. 71. Section ReviewTroubleshooting<br />What are 3 reasons that could cause peer establishment problems?<br />What are the advantages and disadvantages of soft reconfiguration?<br />What is required in ordered to announce a prefix?<br />What kind of information can you get from the looking glass route servers?<br />61<br />
  72. 72. BGP Resources<br />North American Network Operators Group (NANOG)<br />http://www.nanog.org<br />www.traceroute.org<br />62<br />

×