Jaycee's Networking

June 12, 2010

Enable/Establish BGP

Filed under: BGP, IOS — Tags: , — Jaycee @ 7:54 pm

I. BGP Overview:

1. Path Vector EGP – used to exchange prefix information b/w ASs.

2. Uses TCP port 179 for transport:

a. Required underlying IGP
b. Network cannot route on BGP alone

II. Enabling BGP:

1. Enable the global process

router bgp [AS]

*Only one processes per router

2. Establish BGP Peerings

neighbor [address] remote-as [AS]

*Need to have ip reach-ability

III. Establishing BGP Peerings:

1. Two types of peers:

iBGP – member of the same AS
EBGP – members of different ASs

2. TCP 179 for transport

Normal TCP operations apply

3. Listen for address 1.2.3.4 starting a TCP session at port 179:

neighbor 1.2.3.4 remote-as 100

(router is doing “show ip route 1.2.3.4”, and do router recursion process to the interface – source of the BGP packet is from)

4. TCP server must agree on where the session is coming from. Need to know which one is TCP Client and which one is TCP Server.

bgp-notes-01

5. TCP Client has the higher BGP router-id

6. If server doesn’t expect session it will refuse

7. Packet sourced from outgoing interface in the routing table

BGP update source

*If there are multiple links b/w BGP peers, you can use “bgp update source” to update the BGP source interface.

(15:00)

IV.

November 6, 2009

Decision of BGP Path Selection on IOS and JUNOS

Filed under: BGP, IOS — Tags: , , — Jaycee @ 11:02 am

BGP Path Selection Process Decision Steps

IOS

JUNOS

Next-Hop accessible/resolvable (mandatory
attribute)
By default, the NEXT-HOP is changed for EBGP and is unchanged for iBGP.

 

The NEXT-HOP identifies the EBGP speaker in the adjoining AS, and IGP will not carry this route, thereby leading to an unreachable next hop.

Synchronization

BGP process expects the IGP to have a copy of each route before that route can be advertised by BGP. This is why disabling synchronization is the 1st step in IOS configuration.

NONE.

Weight (Influences OUTBOUND traffic, but apply on inbound). This is Cisco proprietary parameter given to a route on a particular router and is used only within that router. The weight is never given to other routers.

 

*Default weight = 0, except for locally sourced routes which get a default weight = 32,768. The maximum weight is 65,535.

*Weight value => the higher the better.

NONE.

Local Preference (Influences OUTBOUND traffic,
but apply on inbound).
(discretionary attribute)

 

Local preferences are shared among iBGP routers, but they are NOT shared with external BGP routers.

 

*Default Local_PREF = 100.

*Local_PREF value => the higher the better.

Self-Originated

BGP routes prefer routes that originate inside their own AS. That is, to choose the route that originated with BGP on this router.
AS Path (Influences INBOUND traffic, but apply on outbound). (mandatory
attribute)
By default, BGP discards any route advertisement that contains its local AS number in the AS path to prevent routing loop. For routes that originate outside of the AS, BGP will prefer the one with the shortest path.
Origin. (mandatory attribute)

 

ORIGIN has 3 values:

0 = IGP, 1 = EGP, 2 = Incomplete

BGP selects IGP routes in preference to EGP, and EGP in preference to INCOMPLETE routes. An INCOMPLETE route is one that is injected into BGP via redistribution.

*Origin value => the lower the better.

MED (Influences INBOUND traffic, but apply on outbound). (nontransitive attribute)

 

Use MED to tell your ISPs which of several entrances to your
network they should use. You should use MED values ONLY IF you are multihomed to a single provider. MED values are ONLY propagated to adjacent ASes, so routers that are further downstream don’t see them at all.

MED is used by the local AS to influence the routing decisions in an adjacent AS for traffic that is inbound to the local AS. BGP selects the route with the lowest MED value. MED actually leaves your AS and tells your neighbor routers which link we want them to talk to.

 

*Default MED = 0.

*MED value => the lower the better

MED is used ONLY if both routes are received from the same AS, or if the command “bgp always-compare-med” has been enabled.

 

With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, although to reach this step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops.

External

 

BGP prefer the paths learned using EBGP over paths learned using iBGP to eliminate loops.

EBGP AD = 20 is lower than other IGP because it should go out of the AS instead of staying in AS.

 

iBGP AD = 200 is higher than other IGP because if it¡¯s an internal route, it should use internal IGP.

BGP default protocol preference = 170
IGP Cost

 

BGP prefers paths with the lowest IGP metric.

a. Make sure disabling synchronization.

 

b. Choose the routes with the lowest IGP administrative distance.

a. Examine route tables inet.0 and inet.3 for the BGP next hop, and then install the physical next hop for the route with the better preference.

 

b. For preference ties, install the physical next hop found in inet.3.

c. For preference ties within the same route table, install the physical next hop where the greater number of equal-cost paths exists.

eBGP
Peering/Ages of the routes
BGP will look at the ages of the routes and use the oldest route to particular destination for stability.
Router ID A router’s ID is the IP address assigned to the loopback interface or the highest IP address on an active interface at boot time.

 

*Router ID => the lower the better

May 31, 2009

BGP Processes and Memory Use

Filed under: BGP, IOS — Tags: — Jaycee @ 6:06 pm

A. Example of “BGP Process and Memory Use”:

R1# show processes memory | begin BGP
 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
  73   0  678981156   89816736   70811036          0          0 BGP Router
  74   0    2968320  419750112      61388    1327064        832 BGP I/O
  75   0          0    8270540       9824          0          0 BGP Scanner
                                 70882248 Total BGP
                                 77465892 Total all processes

1. Allocated column: It shows the total number of bytes allocated since the creation of the process.

2. Freed column: It provides the number of bytes the process has freed since its creation.

3. Holding column: It shows the actual memory that is bing consumed by the process at the moment.

a. BGP Router process accounts for the majority of BGP’s memory use.
b. The memory use for both the BGP I/O and BGP Scanner process are insignificant.

B. BGP Router Process:

1. BGP RIB

a. Includes network entries, path entries, path attributes, and route map and filter list caches.

b. The memory used to store this information can be found in “show ip bgp summary” output.

2. IP RIB for BGP learned prefixes

a. BGP learned prefixes are stored in two types of structures:

(1) NDBs (Network Descriptor Blocks)

(2) RDBs (Routing Descriptor Blocks)

b. Each route in the IP RIB requires one NDB and one RDB per path.

c. If the route is subnetted, additional memory is required to maintain the NDB.

d. The direct memory use for IP RIB can be shown using the “show ip route summary” command.

3. IP switching component for BGP learned prefixes

a. With significatn memory demand is IP switching component, such as FIB structures.

4. BGP Router process requires a small amount of memory for its own operation in addition to what is required to store the routing information, approximately 40KB which is insignificant compared to the overall memory consumed by the BGP router process.

May 24, 2009

BGP Processes

Filed under: BGP, IOS — Tags: — Jaycee @ 7:45 pm

figure2-1

May 19, 2009

BGP – Policy Engines and Path Selection

Filed under: BGP, IOS — Tags: — Jaycee @ 11:31 pm

BGP Plicy Engines and Path Selection

May 17, 2009

BGP – Route Filtering

Filed under: BGP, IOS — Tags: — Jaycee @ 5:51 pm

Filtering routes – that’s how you control how your network traffic is carried and how you implement routing policies. There are three ways to do it: AS path filtering, community filtering, and aggregate filtering.

A. AS Path Filters:

1. AS path filters work like ACLs, but with a twist: they support regular expression (regex) pattern matching.

2. Like ACLs, AS paths have the following rules:

a. Each line is a permit or a deny.
b. The first match wins.
c. An implicity “deny all” is added to the end of the list.

3. Example, we want to deny any AS path that starts with AS 10 and permit every thing else.

ip as-path access-list 70 deny ^100_
ip as-path access-list 70 permit .*

4. A path is nothing more than a list of autonomous systems.

a. The 1st autonomous system in the path(which the path originates) is on the right.

b. As the path corsses AS boundaries, new autonomous systems are added on the left.

c. Therefore, the leftmost entry in an AS path is the autonomous system from which we heard the path.

5. AS path regular expressions:

Regular expression Meaning
_ Separates AS numbers in the path
^ Matches the start of the path
$ Matches the end
* Matches any repetition of a character
. Matches any character
.* Matches all (i.e., any AS path).
^$ Matches an empty path. The only routes that can have an empty path are routes that originated within our local AS.
^100$ Specifies a path that consists of the single AS, AS 100.
^(100|200|300)$ Specifies a path that consists of a single AS, which can be either 100, 200, or 300.
^100_ All paths that start with AS 100.
_100_ All paths with 100 anywhere in the path.
_100$ All paths that end with 100.

B. Community Filters:

1. The community attribute allows routing policies to be applied to a destination. They are applied to routes using a set command in a route map.

2. Predefined communiteis:

Community Action
no-export Do not advertise to eBGP peers
no-advertise Do not advertise to any peer
internet Advertise to the Internet community (all routers belong to it.)

3. In the following example, we define a route map named Community 1 that matches IP address from list 1. This map sets the community string of any matches to the no-advertise community:

access-list 1 permit 0.0.0.0 255.255.255.255
!
route-map Community1
 match ip address 1
 set community no-advertise
!
router bgp 500
 neighbor 10.1.1.1 remote-as 200
 neighbor 10.1.1.1 send-community
 neighbor 10.1.1.1 route-map Community1 out

a. By applying the route map in “neighbor” command, we use it to check all the route updates we send to neighbor 10.1.1.1.

b. Because of access list 1, the route map matches any route destination and sets the route’s community string to no-advertise.

c. “no-advertise” means that all routes we send to 10.1.1. via BGP will have the no-advertise community. Therefore, when 10.1.1.1 receives a route updates from us, it will NOT advertise any of our routes.

4. We can assign community value to outgoing routes. Our neighbors can then implement filters based on the community values we have set and act appropreately.

5. In the following example, consider 2 routers, R1 and R2. R1 belongs to 10.1.0.0 network (AS 500), while R2 belongs to 10.2.0.0 network (AS 600). R1 sends all routes to R2 with a community of 100. R2 looks for any routes with a community of 100 and sets the weight to 10.

R1:

router bgp 500
 network 10.1.0.0
 neighbor 10.2.0.0 remote-as 600
 neighbor 10.2.0.0 send-community
 neighbor 10.2.0.0 route-map SET100 out
!
route-map SET100 permit 10
 match ip address 1
 set community 100
!
access-list 1 permit 0.0.0.0 255.255.255.255

R2:

router bgp 600
 network 10.2.0.0
 neighbor 10.1.0.0 remote-as 500
 neighbor 10.1.0.0 route-map CHECK100 in
!
route-map CHECK100 permit 10
 match community 1
 set weight 10
! "community-list" command acts like an ACL.
! We are looking for a community of 100.
ip community-list 1 permit 100

C. Aggregate Filters:

1. They allo several different routes to be expressed in one simple route, thus reducing the size of the routing table. (Aggregates can be used ONLY when the routes can be summarized into a single route.)

2. “aggregate-address” command controls route aggregation and reduces the number of outgoing BGP routes.

3. Example, we have 192.168.1.0/24 through 192.168.254.0/24. We can generate a single route summary for the entire network space:

router bgp 600
 network 10.0.0.0
 aggregate-address 192.168.1.0 255.255.0.0 summary-only

4. “summary-only” keyword tells the router to advertise only the aggregate route.

5. If we leave off summary-only, the router will advertise all of our routes plus the aggregate, which is not our intention.

6. Aggregate routes also allow us to suppress certain addresses from the aggregate list.

7. The following example, we want to advertise our aggregate route and our other routes, but we also want to suppress (抑制) route 192.168.5.0:

router bgp 600
 network 10.1.0.0
 aggregate-address 192.168.1.0 255.255.0.0 suppress-map MAP1
!
route-map MAP1 permit 1
 match ip address 1
!
access-list 1 deny 192.168.5.0 0.0.0.255
access-list 1 permit 0.0.0.0 255.255.255.255

8. As the example above, we use the route map MAP1 to determine which networks we want to suppress. This route map is abased on access list 1.

Basic BGP Configuration – IOS

Filed under: BGP, IOS — Tags: , — Jaycee @ 4:19 pm

A. Basic BGP Commands:

router bgp 64512
 no synchronization
 bgp dampening
 network 10.10.2.0 mask 255.255.254.0
 neighbor 192.168.1.5 remote-as 64513
 neighbor 192.168.1.5 next-hop-self
 neighbor 192.168.1.5 default-originate
 no auto-summary

1. “network” command: BGP assumes the old classful addressing scheme when a mask isn’t provided explicitly.

2. “neighbor” command: Use it only to specify our peers. If BGP neighbors aren’t communicating, make sure they can actually reach each other. BGP neighbors will not peer if they can’t reach each other.

3. Local-AS numbers: AS numbers reserved for local use range from 64512 to 65535.

4. Synchronization: a BGP router is not allowed to advertise a route that is learned from another BGP peer until the router knows about the route via an IGP. Synchronization can be disabled safely under either of two conditions:

a. If your network doesn’t pass traffic from one AS to another (i.e. other networks don’t route their traffic through you)

b. If all your border routers are running BGP.

5. “no auto-summary” disables automatic summarization.

6. “default-originatecauses the BGP router to advertise a default route to other BGP routers, even if it doesn’t have a default route defined for itself.

7. “next-hope-self” tells thr router to rewrite the route’s next hop as itself.

8. “bgp dampening” command: Route dampening controls the effect that a flapping route has on the network. Route flapping occurs when a route changes state repeatedly. BGP handles route flapping with the bgp dampening command.

a. When this feature is activated, the router tolerates only a certain number of state changes for a route within a certain amount of time.

b. If the state-change threshold (tolerance) is reached, the route is placed in a hold-down (ignored) state for a period.

c. After the hold-down time passes, the route is again allowed into the routing table to see if it behaves.

Dampening doesn’t stop the route from receiving unstable routes. It prevents the routing from forwarding what it considers to be unstable routes.

B. iBGP Checklist:

There are 2 ways to get iBGP to work correctly.

1. Redistribute all external routes into all of your iBGP routers. (<= not a good idea)

Problem: Routing table might be large, and some of the routers may not be able to handle it.

2. Full Mesh:

a. Disable synchronization.

b. Make sure all iBGP routers are fully meshed.

c. Make sure all networks and subnets that connect iBGP routers are known. That is, a route exists between all of your routers and and your interior routing protocol is doing its job and distributing those routes. If the routers cannot talk to one another, they wont be able to peer.

C. Simple BGP Configuration:

a simple bgp network

office-r1:

interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
interface Serial0
 ip address 172.16.1.2 255.255.255.0
interface Serial1
 ip address 192.168.3.1 255.255.255.0
!
router bgp 3000
 no synchronization
 network 192.168.3.0
 network 192.168.1.0
 neighbor 172.16.1.1 remote-as 100
 neighbor 192.168.3.2 remote-as 3000
 neighbor 192.168.3.2 next-hop-self
 neighbor 192.168.3.2 default-originate
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1

office-r2:

interface Ethernet0
 ip address 192.168.2.1 255.255.255.0
interface Serial0
 ip address 192.168.3.2 255.255.255.0
!
router bgp 3000
 no synchronization
 network 192.168.2.0
 neighbor 192.168.3.1 remote-as 3000

ISP:

interface Ethernet0
 ip address 10.1.1.1 255.255.255.0
interface Serial1
 ip address 172.16.1.1 255.255.255.0
 clockrate 64000
!
router bgp 100
 network 172.16.0.0
 neighbor 10.1.1.2 remote-as 200
 neighbor 172.16.1.2 remote-as 3000

Verify:

office-r2#show ip route
Gateway of last resort is 192.168.3.1 to network 0.0.0.0

B    172.16.0.0/16 [200/0] via 192.168.3.1, 00:03:10
B    172.16.1.0/24 [200/0] via 192.168.3.1, 00:03:15
C    192.168.2.0/24 is directly connected, Ethernet0
C    192.168.3.0/24 is directly connected, Serial0
B*   0.0.0.0/0 [200/0] via 192.168.3.1, 00:03:16

1. The gateway of last resort is set because we have “default-originate” set on the office-r1 router (192.168.3.1).

2. The route for 172.16.0.0/16 is via 192.168.3.1 because we used the “next-hop-self” option. If we hadn’t put that command in, the route would have looked like this:

B    172.16.0.0/16 [200/0] via 172.16.1.1, 00:00:17

In this configuration, this route would work as well as the route to 192.168.3.2 because the default route tells our router how to get to that address. If we didn’t have the default route, we would have to add an extra network statement, defining 172.16.0.0, to office-r1‘s configuration.

office-r2#show ip bpg
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network      Next Hop       Metric  LocPrf  Weight  Path
*>i0.0.0.0      192.168.3.1               100       0  i
*>i172.16.0.0   192.168.3.1         0     100       0  100 i
*>i192.168.1.0  192.168.3.1         0     100       0  i
*> 192.168.2.0  0.0.0.0             0          32768   i
*>i192.168.3.0  192.168.3.1         0     100       0  i

3. “i” means the route was learned through an interior protocol and therefore doesn’t cross autonomous system boundaries.

4. 172.16.0.0 network is in another autonomous system (AS 100). For this route to reach office-r1, BGP must learn the route from some sort of interior protocol. Therefore, the path for this network is 100 i.

5. If there is a network 172.30.0.0 attached to the ISP router and has an AS number of 200. The route might look like this:

office-r2#show ip bgp

  Network       Next Hop       Metric  LocPrf  Weight  Path
...
*>i172.30.0.0   192.168.3.1         0     100       0  100 200 i
...

6. This path shows that to reach 172.30.0.0, you must cross AS 100, then enter AS 200, which learned the route through an interior protocol such as RIP. Therefore, you don’t need to cross any more AS boundaries.

D. Neighbor Authentication:

1. BGP authentication are using an MD5 message digest.

2. As the example above, we can enable password authentication between office-r1 and office-r2.

office-r1:

router bgp 3000
neighbor 192.168.3.2 remote-as 3000
neighbor 192.168.3.2 password letmein

office-r2:

router bgp 3000
neighbor 192.168.3.1 remote-as 3000
neighbor 192.168.3.1 password letmein

E. Peer Groups:

1. Peer groups eliminate redundant configuration lines by allowing you to define a group and then make each neighbor a part of that group.

2. For example, assume you have a route map that enforces some routing policy. Instead of applying that route map separately on each neighbor, you can add all the neighbors to a peer group and then apply the route map for the group as a whole.

ibgp network with peer-group configuration

R1:

router bgp 500
 neighbor policy1 peer-group
 neighbor policy1 remote-as 500
 neighbor policy1 next-hop-self
 neighbor policy1 route-map map1 in
!
neighbor 10.10.2.1 peer-group policy1
neighbor 10.10.3.1 peer-group policy1

F. Route Reflectors:

1. BGP does NOT advertise a route learned from one iBGP router to another.

2. A router is advertised via iBGP ONLY IF it’s learned from the iBGP router that first advertised it.

3. An iBGP router cannot advertise a route it learned from another iBGP router to a third iBGP router. (Because of this restriction, if you have multiple routers connected to different AS networks, all of the routers must be fully meshed.)

4. One solution is to use router reflectors.

5. Route reflectors ease the advertisement restriction by allowing a BGP router to reflect BGP routes it learns about to a third BGP router.

route-reflectors

6. As the graph above, let’s setup a route reflector on R1 that propagates iBGP routes between R2 and R3.

R1:

router bgp 500
 neighbor 10.10.2.1 remote-as 500
 neighbor 10.10.2.1 route-reflector-client
 neighbor 10.10.3.1 remote-as 500
 neighbor 10.10.3.1 route-reflector-client

7. With the above configuration, R1 can advertise R2’s iBGP routes to R3, and R3’s routes to R2.

G. BGP Confederacies:

1. Confederacies allow you to divide an AS into smaller, more manageable pieces.

2. Inside each little AS, all the iBGP oruters are fully meshed.

3. Outside, all the little ASes are fully meshed to each other.

BGP confederacies

4. In above example, problem with using route reflectors: we would need more than one reflector, and managing them could easily get out of control.

R1:

router bgp 10000
 bgp confederation identifier 500
 bgp confederation peers 10010 10020
 neighbor 10.10.2.1 remote-as 10010
 neighbor 10.10.3.1 remote-as 10020
 neighbor 10.11.1.1 remote-as 600

R2:

router bgp 10010
 bgp confederation identifier 500
 bgp confederation peers 10000 10020
 neighbor 10.10.1.1 remote-as 10000
 neighbor 10.10.3.1 remote-as 10020
 neighbor 10.12.1.1 remote-as 700

R3:

router bgp 10020
 bgp confederation identifier 500
 bgp confederation peers 10000 10010
 neighbor 10.10.1.1 remote-as 10000
 neighbor 10.10.2.1 remote-as 10010
 neighbor 10.13.1.1 remote-as 800

H. BGP TTL Security:

1. It’s possible for a rogue router to hijack a BGP peer connection and inject bogus routes.

2. To prevent this, you can use TTL checking between peers.

3. It’s extremely difficult or impossible to forge TTL counts, we can apply a rule that only accepts IP packets with a TTL count that is equal to our configured hop-count. (TTL can be considered a hop-count).

4. If the BGP peer was directly connected, we could set the hop-count (TTL) to 2, and our BGP process accepts only packets with that hop-count from that neighbor’s IP address.

neighbor 10.10.1.1 ttl-security hops 2

5. With this seting, if the hop-count is less than 253, the packet is dropped. (You get 253 by subtracting our hop-count of 2 from 255). The only TTL values that will be accepted are 254 and 253.

6. This command is NOT support for iBGP peers. It applies ONLY to eBGP peers.

April 23, 2009

BGP Path Selection – IOS

Filed under: BGP, IOS — Tags: — Jaycee @ 11:31 pm

1. Next-Hop accessible:

By default, routers don’t update the next-hop attribute when exchanging routers by iBGP. BGP will not pass unreachable routes to the main routing table, but it will keep them in its own route database.

*NEXT_HOP is mandatory attribute that carries the IP address of the 1st BGP router along the path to the destination network. By default, the NEXT_HOP router will be the router that announced this route to the AS. For routes learned from an external AS via eBGP, the NEXT_HOP router will be the 1st router in the neighboring AS. This information is passed intact throughtout the AS using iBGP, so all routers in the AS se the same NEXT_HOP router.

2. Synchronization:

Synchronization means that a BGP router is not allowed to advertise a route that is learned from another BGP peer until the router knows about the route via an IGP.

If synchronization is enabled, the router will ignore any iBGP routes that are not synchronized. Because the AS needs to behave consistently, if you run an IGP and iBGP, they have to agree.

For a BGP route to be usable, the IGP must also contain a route to the same prefix. This ensures that one of these BGP peer routers doesn’t try to forward a packet to the other internal BGP peer unless the network connecting them knows what to do with this packet.

Synchronization requirement: Asserts that a route must be known by an IGP before it may be advertised to BGP peers.

Disabling synchronization is an absolute MUST for running iBGP: Cisco routers allow to disable synchronization, which is necessary in any case where you dont redistribute the IGP routes into BGP.

Synchronization can be disabled safely under either of 2 conditions:

(1) If your network doesn’t pass traffic from one AS to another (i.e., other networks do not route their traffic through you.)

(2) If all your border routers are running BGP.

router bgp 65500
 network 192.168.1.0
 neighbor 192.168.55.5 remote-as 65501
 no synchronization

3. Weight (Influences OUTBOUND traffic, but apply on inbound) :

This is Cisco proprietary parameter given to a route on a particular router and is used only within that router. The weight is never given to other routers.

*Default weight = 0, except for locally sourced routes which get a default weight = 32,768. The maximum weight is 65,535.

*Weight value => the higher the better.

router bgp 65500
 no synchronization
 bgp log-neighbor-changes
 bgp dampening
 network 172.18.5.0 mask 255.255.255.0
 neighbor 192.168.1.5 remote-as 65510
 neighbor 192.168.1.5 weight 200
 no auto-summary

4. Local Preference (Influences OUTBOUND traffic, but apply on inbound) :

Routers only include LOCAL_PREF attribute when communicating within an AS (iBGP).

(1) For external routes, the router that receives a particular route via eBGP sets sets the Local Preference value.

(2) For internal routes, it’s set by the router that introduced the route into BGP.

This allows you to force every router in your AS to preferentially send traffic for a particular destination through a particular eBGP link.

Local preferences are shared among iBGP routers, but they are NOT shared with external BGP routers.

*Default Local_PREF = 100.

*Local_PREF value => the higher the better.

*LOCAL_PREF is discretionary attribute.

router bgp 65500
 no synchronization
 bgp log-neighbor-changes
 bgp dampening
 network 172.18.5.0 mask 255.255.255.0
 bgp default local-preference 200
 neighbor 192.168.1.5 remote-as 65510
 neighbor 192.168.1.5 route-map LOCALPREF in
 no auto-summary

route-map LOCALPREF permit 10
 match ip address prefix-list LOW_LOCALPREF
 set local-preference 50
route-map LOCALPREF permit 20

ip prefix-list LOW_LOCALPREF seq 10 permit 172.22.0.0/1

5. Self-Originated:

BGP routes prefer routes that originate inside their own AS.

6. AS Path (Influences INBOUND traffic, but apply on outbound) :

For routes that originate outside of the AS, BGP will prefer the one with the shortest path. AS paths allow BGP to detect routing loops.

*AS_PATH is mandatory attribute. There are 2 types of AS_PATHs:

(1) An AS_SEQUENCE describes the literal path taken to reach the destination
(2) An AS_SET is an unordered list of ASNs along the path.

*AS_PATH value: the shorter the better

ip as-path access-list 10 permit ^65501$
ip as-path access-list 20 permit _65530_
ip as-path access-list 20 deny _65531$
ip as-path access-list 20 permit .*

router bgp 65500
 no synchronization
 network 172.18.5.0 mask 255.255.255.0
 neighbor 192.168.1.5 remote-as 65510
 neighbor 192.168.1.5 filter-list 10 in
 neighbor 192.168.2.5 remote-as 65520
 neighbor 192.168.2.5 filter-list 20 out
 no auto-summary

.*” permits all other AS Paths
“^$” the filed is empty

ip as-path access-list 10 permit ^$

route-map PREPEND permit 10
 match as-path 10
 set as-path prepend 65501 65501 65501
route-map PREPEND permit 20

router bgp 65501
 neighbor 192.168.1.5 route-map PREPEND out
no auto-summary

7. Origin:

BGP selects IGP routes in preference to EGP, and EGP in preference to INCOMPLETE routes. An INCOMPLETE route is one that is injected into BGP via redistribution.

*ORIGIN is mandatory that have 3 different values:

0 – IGP
1 – EGP
2 – Incomplete

8. MED (Multi-exit discriminator) (Influences INBOUND traffic, but apply on outbound) :

BGP selects the route with the lowest MED value. MED actually leaves your AS and tells your neighbor routers which link we want them to talk to. That is, you use the MED to tell your ISPs which of serveral entrances to your network they should use. You should use MED values ONLY IF you are multihomed to a single provider.

MED is used ONLY if both routes are received from the same AS, or if the command “bgp always-compare-med” has been enabled.

With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, althought to reach this step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops.

MED values are ONLY propagated to adjacent ASes, so routers that are further downstream dont see them at all.

*Default MED = 0.

*MED value => the lower the better

access-list 10 permit 192.168.0.0 0.0.255.255

route-map MED permit 10
 match ip address 10
 set metric 100
route-map MED permit 20

router bgp 65500
 neighbor 192.168.1.5 MED out

9. External :

BGP prefers eBGP to iBGP paths which helps to eliminate loops. iBGP routes don’t include internal routes that are sourced from within your AS, because they are selected at step 5. This test only looks at routes to external destinations.

EBGP metric = 20 is lower than other IGP beacause it should go out of the AS instead of staying in AS.

iBGP metric = 200 is higher than other IGP because if it’s an internal route, it should use internal IGP.

10. IGP Cost :

BGP compares the IGP costs of the paths to the next-hop routers, and selects the closest one. This ensures that faster links and shorter paths are used where possible.

11. eBGP Peering/Ages of the routes :

BGP will look at the ages of the routes and use the oldest route to particular destination for stability.

12. Router ID :

BGP resorts to the router IDs of the next-hop routers by selecting the next-hop router with the lowest router ID. Router IDs are unique which guarantees to eliminate any remaining duplicate route problems.

A router’s ID is the IP address assigned to the loopback interface or the highest IP address on an active interface at boot time.

*Router ID => the lower the better

January 26, 2009

BGP aggregate-address command

Filed under: BGP, IOS — Tags: , — Jaycee @ 10:14 pm

1. To create an aggregate entry in a BGP routing, use the aggregate-address command in address family or router configuration mode.

aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

2. When the aggregate-address command is used within BGP routing, the aggregated address is advertised, along with the more specific routes.

The exception to this rule is through the use of the summary-only command. The “summary-only” keyword suppresses the more specific routes and announces only the summarized route.

*BGP aggregate-address command

2. Using the as-set argument creates an aggregate address with a mathematical set of autonomous systems (AS). This as-set summarizes the AS_PATH attributes of the all of the individual routes. This can be useful to avoid routing loops while aggregating routes.

Again, unless the “summary-only” keyword is used with the as-set command the summary route is advertised along with the more specific routes.

December 5, 2008

Looking Glass

Filed under: BGP, Information — Tags: — Jaycee @ 3:34 pm

BGP Looking Glass servers are computers on the Internet running one of a variety of publicly available Looking Glass software implementations.  A Looking Glass server (or LG server) is accessed remotely for the purpose of viewing routing info. Essentially, the server acts as a limited, read-only portal to routers of whatever organization is running the lg server. Typically, publicly accessible looking glass servers are run by ISPs or NOCs.

1. BGP Looking Glass Server List:
http://www.bgp4.as/looking-glasses

2. Qwest Looking Glass:
http://stat.qwest.net/looking_glass.html


Older Posts »

Create a free website or blog at WordPress.com.