BGP

Alp ISIK

Objectives
Part 1 (bgp introduction) - IBGP Peering - Update source - EBGP Peering - Network command - Next-hop-self - Route-Reflector - Synchronization - Authentication - IBGP Confederation - Redistribute internal - Peer group Part 2 (bgp best-path selection)

Weight Local-Preference AS-Path Origin MED

Objectives
Part 3 (Aggregation) Aggregation Summary-only Suppress-map Unsuppress-map AS-SET Advertise-map Allowas-in Part 4 (Communities) No-export No-advertise Local-as

General information about BGP

EBGP AD20, IBGP AD200 BGP uses TCP port 179. BGP updates are triggered and incremental. Convergence is very slow. Routing table is very big.

Tables ----------------------------- Neighbor table - BGP Table - Routing Table

Basic BGP Topology

ebgp

OSPF 1 area 0

IBGP Peering
Internet network divided by BGP autonomous systems, each ISP/company represented by AS number. There are two kind of BGP peering IBGP and EBGP; for IBGP peering, peers need to be in the same AS; EBGP Peering is between different ASs. For IBGP Peering we need full mesh topology or similating full-mesh. Because updates coming from IBGP peer does not sent to other IBGP peers, its also called ibgp split-horizon

Update source loopback

Between R4 and R1; in order to make bgp neighborship we have 2 choices; either f0/0 or f0/1 and if we choose any of them we will not have any redundancy. Since we are using TCP we are configuring neighborship over lo0 interfaces, it provides redundancy. For IBGP peering physical directly connection is not required.
Bgp session lo0 R1 lo0 R2

 In order to test if the router is listenning the TCP port : ------------------------------------------------------------------------------show tcp brief all TCB Local Address Foreign Address (state) 67701674 *.179 1.1.1.1.* LISTEN R2# clear ip bgp * R2#debug ip bgp events R2#debug ip bgp updates

EBGP Peering
For EBGP the default TTL value is 1. So in order to make the neighborhood over loopback interfaces we need to increase the value to the required hop value. disable-connected-check is an alternate configuration. Its used for EBGP peers configured over loopback addresses. Provides not to look at TTL value, and send the information. If thare are plenty of neighboorhood over loopback addresses, it provides efficiantly use of sources.

Network command
In IGP; via network command we make the neighborship but in BGP we use this command for the prefixes that we want to advertise. Need to be careful while writing the mask it should exact match to the routing table. What is r, >, ?, i, * ???

r is the rib failure; its saying that same root is learnt from IGB with higher AD. show ip bgp rib-failure.

Next-hop Self
Why cant we ping 55.55.55.55 from R1- R2 - R3 ?

At AS1234 routers we see as the next-hop for 55.55.55.55, 5.5.5.5 but except R4, the other routers dont know how to reach 5.5.5.5. So next-hop-self command needed at R4 for the IBGP neighbor, to be a next-hop of AS5 originated prefixes.

Route-Reflector
R5 55.55.55.55 ebgp R4 55.55.55.55 ibgp R3 ibgp R1

55.55.55.55

Remember the rule that the route learnt from ibgp peer does not sent to other ibgp peer. With route reflector configuration we can send the route learnt from ibgp peer to an other one.
RR ebgp ibgp ibgp

R5
55.55.55.55

R4
55.55.55.55

R3

R1

55.55.55.55

Route-reflector-client
RR

ibgp

Route-reflection with clusters

RR Cluster id 150.1.1.1 R1 h R4 R6 SW1 SW3 RR Cluster id 150.1.3.3 R3

BB3
as54 RR
Cluster id 150.1.5.5

as100

R5

sw2 BB1 As 54

sw4

R2 as200

Route-Reflection with Clusters

1-routes learnt from EBGP peers can be sent to other EBGP peers, clients and non-clients. 2- routes learnt from client peers can be sent to EBGP peers, other client peers and non-clients. 3- routes learnt from non-client peers can be sent to EBGP peers and client peers, but not other non-client peers.

R1; does not sent R3 learnt routes to R5, but send them to R4 and R6. R3; does not sent R1 learnt routes to R5, but send them to SW1 and SW3.
In order to make Full-mesh redundancy between R1,R3, R5 routereflector-client can be configured.

IBGP Confederations

AS65034
cbgp

AS65012

cbgp

IBGP Confederation
Configure with the Sub-AS. // router bgp 65012 configure AS as identifier. // bgp confed ide 1234 Configure peer ASes. // bgp confed peer 65034 PS: between different sub AS peers, TTL is counting, need to configure TTL higher.

Authenticating BGP Peerings

MD5 is Default. Implement directly to the router.

iBGP Synchronization
If IBGP synchronizatin is enabled, for a route to be valid, it should be learnt from IGP first. Sometimes for Full redundancy need to redistribute Ebgp learnt routes into IGP.

But it causes RIB failure.

In order to get rid of RIB failure we can configure bgp suppress-inactive .

nternet cloud

BB1

BB2

ebgp ibgp CE2 igp igp

ebgp

CE1

C1

 In this scenario, while CE1 sending the routes learnt from BB1, it will first send to C1 as physical way. Because of C1 does no spoke IBGP it can not make next-hop resolution and the routes couldnt be sent to CE2; there are coubple ways to fix that 1- at C1, we can open IBBGP 2- we can redistribute the interface IP of CE1, CE2 connection of BB to IGP. 3- we can make a tunnel between CE1 - CE2 and IBGP from that tunnel.

BGP over GRE

AS200 AS254

10.0.0.2/24 tunnel

AS54

10.0.0.4/24

AS100

 Between R2 and R4, IGP is configured (bgp unaware)

 At R2 interface Tunnel0 ip address 10.0.0.2 255.255.255.0 tunnel source 155.1.23.2 tunnel destination 155.1.146.4 router bgp 200 network 150.1.2.0 mask 255.255.255.0 neighbor 155.1.146.4 remote-as 100 neighbor 155.1.146.4 ebgp-multihop 5 neighbor 192.10.1.254 remote-as 254 neighbor 192.10.1.254 password CISCO

 At R4 interface Tunnel0 ip address 10.0.0.4 255.255.255.0 tunnel source 155.1.146.4 tunnel destination 155.1.23.2 router bgp 100 network 150.1.4.0 mask 255.255.255.0 neighbor 155.1.23.2 remote-as 200 neighbor 155.1.23.2 ebgp-multihop 5 neighbor 155.1.23.2 route-map FROM_R2 in neighbor 155.1.23.2 route-map TO_R2 out neighbor 204.12.1.254 remote-as 54

route-map TO_R2 permit 10 set ip next-hop 10.0.0.4 route-map FROM_R2 permit 10 set ip next-hop 10.0.0.2

BGP Redistribute Internal

RR

Advertise 112.0.0.1/24 to bgp

AS54

AS100 AS54
Advertise 112.0.0.1/24 to bgp

 At R1, configured EIGRP external AD higher then IBGP. Since originally R1 is learning these 112.0.0.1 routes from R4 and R6 via IBGP AD200; while redistributing them into IGP at R3 with 170AD(EIGRP EX) it begun to learn them from R3; and R3s Route reflector is R1, (R1 will sent to R3 and R3 will sent to R1) it will become a routing loop.

BGP Redistribute Internal

While type redistribute bgp under IGP, IBGP routes will not redistributed. In order to make them active

At R3 router bgp 100 bgp redistribute-internal neighbor 155.1.13.1 remote-as 100 neighbor 155.1.13.1 route-map FROM_R1 in route-map FROM_R1 permit 10 set ip next-hop 155.1.13.1

router eigrp 100 redistribute bgp 100 metric 10000 1000 255 1 1500 network 155.1.0.0

 At R1 router eigrp 100 network 155.1.0.0 distance eigrp 90 201

router bgp 100 neighbor 155.1.13.3 remote-as 100 neighbor 155.1.13.3 route-reflector-client neighbor 155.1.146.4 remote-as 100 neighbor 155.1.146.4 route-reflector-client neighbor 155.1.146.6 remote-as 100 neighbor 155.1.146.6 route-reflector-client

BGP Peer Groups

At R1 router bgp 100 neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 100 neighbor IBGP_PEERS update-source Loopback0 neighbor IBGP_PEERS route-reflector-client neighbor 150.1.2.2 peer-group IBGP_PEERS neighbor 150.1.3.3 peer-group IBGP_PEERS neighbor 150.1.4.4 peer-group IBGP_PEERS neighbor 150.1.5.5 peer-group IBGP_PEERS neighbor 150.1.6.6 peer-group IBGP_PEERS

Bgp best path selection criteria

Exclude routes with inaccessible next hop Weight : with this command, we can determine which routes we will prefer, higher is better. Local Preference : its the preference that we get the routes, default is 100. Higher is better. AS Path : for loop prevention via AS-path; router does not accept prefix with its own AS in the path. Shorter is better. Origin : where the routes came from; incomplete (IGP have a preferences to redistributed routes) MED : Prefer lowest MED.

Best-path selection - Weight

Best-path selection - Weight

Default is 0, bigger is better. Give you control of the routes on the same router. We can configure directly to a neighbor; or we can implement via route-map for specific routes. It only effects upload traffic.

Its putting the max value 32768 for locally originated prefixes

Best Path Selection Local Preference

Best Path Selection Local Preference

It effects all local AS routers. This attributes only sent to only IBGP neighbors. If for same prefix router learns the prefix from different paths wih same weight then local pref is in the game and higher one wins. It only effects upload traffic.

AS Path

Each time a route pass through an AS, each AS information is added to prevent loop. we can modify the passed AS as well.

Best-path Selection As Path

Both upload and download traffic can be modified. In order to effect the traffic both weight and local preference need to be same for the prefix learnt from different paths.

Best-path Selection As Path

AS path 10 20 30

Best-Path Selection Origin

Injected prefixes with network command are superior to redistributed ones to bgp.

Best-Path Selection Origin

Origin with ?

Best-Path Selection MED

Higher one has lower priority.

In normal situation BGP only compares med for learnt from same AS.
But if we configure (config-router)#bgp always-comparemed; it will check all the time.

Best-Path Selection MED

Metric 10

MED Always compare

cloud

BGP Aggregation
We can aggregate prefixes from different ASes as well. All prefixes (both summary and specific ones) are send. With summary-only command we can suppress the specific ones. With suppress-map we can send some individual prefixes. With unsuppress-map we can implement this to a neighbor.

BGP Aggregation
10.0.0.0 /24 10.0.1.0 /24 10.0.2.0 /24 10.0.3.0 /24 10.0.0.0 /22

BGP Aggregation Summary-only

10.0.0.0 /22

BGP Aggregation Summary-only Suppress-map

10.0.0.0 /22 10.0.2.0/24

BGP Aggregation Summary-only Unsuppress-map

10.0.0.0 /22 10.0.1.0/24

10.0.0.0 /22

BGP Aggregation AS-SET

While aggregation is done at another router (in which prefixes are not originated) AS information does not hold; with as-set command, routers holds that info.

BGP Aggregation AS-SET

10.0.0.0 /22 {1,2,3,4}

No bgp

BGP Aggregation Advertise-Map Allowas-in

10.0.0.0 /22 10.0.0.0 /22 10.0.0.0 /22 {1,2,4}

No bgp

Bgp communities
There are 4 well known community : Internet : useless Local-AS : dont send outside the local AS; (not send to confederation as well) no-advertise : dont advertise to any peer no-export : dont export to the next AS

What is the function: it provides grouping the prefixes so that inside the AS there is no need to catch the prefixes one by one to modify or filtering, bind the community according to AS number and modify whole prefixes.

BGP Communities no-export

No bgp

55.55.55.55/32 Send community no export

AS65012
55.55.55.55/32 Send community no export

55.55.55.55/32 community 200:200

AS65034

BGP Communities no-advertise

No bgp

55.55.55.55/32 Send community no export

AS65012
55.55.55.55/32 Send community no advertise

55.55.55.55/32 community 200:200

AS65034

BGP Communities local-as

No bgp

33.33.33.33/32 Send community Local-as

AS65012
33.33.33.33/32

AS65034

BGP Filtering with Maximum Prefix

Rack1SW1(config-router)#neighbor 155.1.37.3 maximum-prefix 20 warning-only Rack1R6(config-router)# neighbor 54.1.1.254 maximum-prefix 20 80 restart 3

BGP Dampening
At R2, R3, R5, SW2, SW4 router bgp 200 bgp dampening 4 750 2000 16