BGP - Support Cours

Border Gateway Protocol
Rappels routage
Static Routing vs dynamic routing
Autonomous System (AS)
• Static Routes
–
–
–
–
–
–
no path information
very versatile
low protocol overhead
high maintainance
very bad convergence time
requires manual configuration
• Dynamic protocols overcome these limitations &
problems
–
–
–
–
Collection of networks with same policy
Single routing protocol
Usually under single administrative control
Standard Range: 1 to 65 535 (16 bits, extended to 32 bits by RFC
48931)
– Private: 64512 to 65534
IGP
EGP
Interior Gateway Protocol
• Exterior Gateway Protocol
– Used to convey routing information between Autonomous
Systems
– Decoupled from the IGP
– Current only EGP is BGP
– Protocole de routage utilisé dans à l’intérieur d’un
système autonome
Why :
– Scaling to large network
– Rôle
• Hierarchy
• Limit scope of failure
• Établir les routes optimales entre un point du réseau et
toutes les destinations disponibles,
• éviter les boucles,
• Assurer la convergence du réseau dans les plus brefs délais
en cas de modification/évènement.
09/11/2022
– Policy
• Control reachability to prefixes
5
09/11/2022
Administrative distance
Interior vs. Exterior Routing Protocols
• Distance administrative pour
différencier la priorité des
protocoles
– Interior
– Définit un ordre de priorité pour le
routeur pour choisir une même
route présente dans 2 protocoles
de routages différents.
– Définit la fiabilité d'un protocole de
routage, du plus fiable (distance
faible) au moins fiable (distance
forte).
– Valeur entre 0 et 255, plus faible
l’emporte
– Possibilité de modifier la distance
administrative via configuration
• Automatic discovery
• Generally trust your IGP routers
• Routes go to all IGP routers
– Exterior
• Specifically configured peers
• Connecting with outside networks
• Set administrative boundaries
09/11/2022
6
7
09/11/2022
8
BGP
eBGP
•
• Border Gateway Protocol
External BGP Peering : between 2 AS
– RFC1771 ; Currently Version BGP4
–
–
–
–
–
–
Path Vector Protocol, Runs over TCP (port 179)
Incremental Updates
Runs with prefix (X.X.X.X/X routes)
Propagates ONLY the best path
Many options for policy enforcement
Widely used for Internet backbone
09/11/2022
– Between BGP speakers in different AS
– Should be directly connected
– Do not run an IGP between eBGP peers
9
iBGP
•
Learns multiple paths via internal and external BGP speakers
Picks the best path and installs in the IP forwarding table
Policies applied by influencing the best path selection
Not required to be directly connected
iBGP speakers need to be fully meshed (they do not pass on prefixes learned from other iBGP speakers to avoid
loops)
09/11/2022
10
Information transfer
Internal BGP Peering
–
–
–
–
–
09/11/2022
11
AS PATH
AS PATH use
• BGP stores the list of crossed AS
– Loop detection
Ordered sequence of AS a route has traversed
– Apply policy (filters, priority…)
09/11/2022
13
09/11/2022
L’attribut Weight
Présentation et définition des attributs
– Cisco specific (sort of router’s internal local preference)
• BGP Attributes
– Local to the router
– Is a characteristic of a prefix in addition to the
network/mask
– Is transferred between BGP peers
– Attributes can be :
•
•
•
•
•
•
09/11/2022
14
• Not propagated
– Value: 0 ‐ 65535
AS path
Next hop
Local preference
Multi‐Exit Discriminator (MED)
BGP community
Others
– Default:
• originated locally = 32768
• other = 0
– Routes with a higher weight are preferred when there
are multiple routes to the same destination
15
09/11/2022
16
L’attribut ‘Local Preference’
L’attribut ‘Local Preference’
– Local to an AS – non‐transitive
•
local preference set to 100 when heard from neighbouring AS
– Used to influence BGP path selection
•
determines best path for outbound traffic
– Paths with highest LOCAL‐PREF are most desirable (default = 100)
•
–
–
–
bgp default local‐preference <value>
Global to the local AS
Used to influence BGP path selection
Path with highest local preference wins
09/11/2022
17
09/11/2022
18
L’attribut ‘ORIGIN'
AS‐Path Prepending
– Conveys the origin of the prefix
– AS‐PATH is updated by the sending router with its
own AS number to increase PATH Length
– Values
• IGP (i) = via network command
• EGP (e) = learned from EGP
• incomplete (?) = redistribution
– Influences best path selection
– route‐map SETORIGIN permit 10
– set origin igp
09/11/2022
19
09/11/2022
20
Les Communities
L’attribut ‘MED'
– 32‐bits long tag
•
•
•
•
use 16 bits to indicate the ASN
ip bgp‐community new‐format
set community AS:community [additive]
set community none
– erase all the values in the attribute
• set comm‐list <number> delete
– erase selected communities
– Well‐known communities
•
Multi‐Exit Discriminator (MED)
–
–
–
–
–
Non‐transitive
Used to convey the relative preference of entry points
Influences best path selection (lower more preferable)
Comparable if paths are from same AS
IGP metric can be conveyed as MED
MED is compared ONLY for prefixes received
from the same AS
(unless bgp always‐compare‐med is enabled)
09/11/2022
21
•
•
•
•
internet = all routes are members of this community
no‐export = do not advertise to eBGP peers
no‐advertise = do not advertise to any peer
local‐AS = do not advertise outside local AS (used with confederations)
09/11/2022
22
Best‐Path Selection algorithm
Les Communities
1.
2.
3.
4.
5.
6.
Do not consider IBGP path if not synchronized
Do not consider path if no route to next hop
Highest weight (local to router)
Highest local preference (global within AS)
Shortest AS path
Lowest origin code
7.
Multi‐Exit Discriminator
IGP < EGP < incomplete
Considered only if paths are from the same AS
8. Prefer EBGP path over IBGP path
9. Path with shortest nexthop metric wins
10. Lowest router‐id
09/11/2022
23
09/11/2022
24
Scaling : Les «Route Reflectors»
Les «Route Reflectors»
– Breaks iBGP rules of non
redistributing internal
routes for the RR
– All router peers with the
RR
– Should be redunded due to
criticity
– RR are fully meshed
09/11/2022
25
09/11/2022
Les «Route Reflectors»
26
Filtrage
• Filtrage in/out
Configuration d’un RR
router bgp 100
neighbor 1.1.1.1 remote‐as 100
neighbor 1.1.1.1 route‐reflector‐client
neighbor 2.2.2.2 remote‐as 100
neighbor 2.2.2.2 route‐reflector‐client
neighbor 3.3.3.3 remote‐as 100
neighbor 3.3.3.3 route‐reflector‐client
– AS‐PATH filter‐list
– Distribute‐list out (ACL)
– Prefix‐list
– Route‐map
– Access‐list
Les clients sont configures pour peerer avec le RR en
configuration standard (pas de peering entre clients)
09/11/2022
27
09/11/2022
28
Best practice
• Stable BGP Peering
– Peer with loop‐back address
– BGP session is not dependent on a single interface
– Loop‐back interface does not go down
• Next‐hop
–
–
–
–
Unchanged by default
IGP should carry route to next hops
Recursive route look‐up
Can be changed using “next‐hop self”
command
Best practice : router‐id
– Router‐id identifies BGP instance for the router
– Is on the X.X.X.X format (such as IPv4 address)
– By default
• Is the highest IP of all the router interfaces
• Is the loopback address if a loopback is configured
• Is the highest IP of all looback IP addresses if more than
one loopback is configured
– Can be forced using the “bgp router‐id X.X.X.X”
command
Best practice
– no auto‐summary
• Old IOS versions summarized to Classful range by default
– no synchronization
• Synchronization : “In a transit network, a route learned
from an external peer should not be advertised to other
eBGP peers until all the routers in the local AS have
learned about it”
Rtr A won’t advertise the prefixes from
AS209 if synchronization is on as RtrB has
not the route in his IGP
Configuration (Cisco)
– eBGP speakers in different AS
router bgp 100
bgp router‐id 100.100.100.100
neighbor 1.1.1.1 remote‐as 101
network 131.108.0.0 / prefix advertisement; route must exist in the local routing table
– Non directly connected neighbors
– ‐> ebgp‐multihop
neighbor 150.10.0.1 ebgp‐multihop
ip route 150.10.0.1 255.255.255.255 131.108.10.2
– Loopack peering
Loopback interface is not linked to a physical interface & is always up
router bgp 100
neighbor X.X.X.X update‐source Loopback0
Configuration filtrage AS‐PATH
Configuration peer‐groups
– Group of peer with same policies
– Simplifies configuration
• AS‐PATH filter‐list
– Ex config
• router bgp 256
• neighbor 3.3.3.4 remote‐as 300 filter‐list 7 in
• ip as‐path access‐list 7 permit ^300$
• show ip as‐path‐list <..>
• show ip bgp filter‐list <…>
09/11/2022
Configuration des Prefix‐list
–
–
–
–
–
Configuration des Route‐map
– Permit/deny
– Match conditions (ACL, prefix‐list, as‐path list, originator, next‐hop,
origin, tag, communities via community‐list, …)
Permit/deny
Match subnet/mask
Sequential numbers / incremental updates
Better performance/readabilty than ACL
Better flexibility
• Match every sentence if more than 2 match lines
– Set operations (attributes)
– Sequential numbers / incremental updates
– ip prefix‐list <name> [seq <#] {permit|deny} net/len [ge .] [le .]
– flexibility
• ge = greater than or equal
• le = less than or equal
– Ex :
– neighbor <…> prefix‐list <name> {in|out}
• route‐map TEST permit 10
– match ip address prefix‐list <…>
– set local‐preference 105
– Info :
• neighbor <…> distribute‐list <ACL> out
09/11/2022
34
• neighbor <…> route‐map <name> {in|out}
35
09/11/2022
36
Configuration Weight
Configuration AS‐PATH prepending
– Ex config
• router bgp 300
• router bgp 300
–
–
–
–
–
–
–
–
neighbor 1.1.1.1 remote‐as 100
neighbor 1.1.1.1 weight 2000
neighbor 2.2.2.2 remote‐as 200
neighbor 2.2.2.2 weight 1000
• Filter list (as‐path)
network 170.10.0.0
neighbor 3.3.3.3 remote‐as 200
neighbor 2.2.2.2 remote‐as 100
neighbor 2.2.2.2 route‐map SETPATH out
• route‐map SETPATH permit 10
– neighbor 1.1.1.1 filter‐list 5 weight 2000
– ip as‐path access‐list 5 permit ^100$
– set as‐path prepend 300 300
• Route‐map
– neighbor 1.1.1.1 route‐map SETWEIGHTIN in
– route‐map SETWEIGHTIN permit 10
– match as‐path 5
– set weight 2000
09/11/2022
37
Configuration MED
Clément Marty
Clément Marty
38
Configuration Local preference
router bgp 109
neighbor x.x.x.x remote‐as 1880
neighbor x.x.x.x route‐map SET‐LP in
!
route‐map SET‐LP permit 10
set local‐preference 120
router bgp 1755
neighbor x.x.x.x remote‐as 1880
neighbor x.x.x.x route‐map set_MED out
!
route‐map set_MED permit 10
match as‐path 2
set metric 2
!
ip as‐path access‐list 2 permit _690$
09/11/2022
09/11/2022
39
09/11/2022
Clément Marty
40
Dépannage : show bgp command
–
Dépannage : Peering issues
“show ip bgp [network] [network‐mask] [longer‐prefixes]”
•
•
•
•
BGP table version is 8, local router ID is 200.200.200.66
Status codes: s suppressed, d damped, h history, * valid, > best, i ‐ internal
Origin codes: i ‐ IGP, e ‐ EGP, ? ‐ incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 11.0.0.0
0.0.0.0
0
32768 i
*> 12.0.0.0
200.200.200.65
0 300 200 i
*> 193.10.2.0
200.200.200.65
0
0 300 i
BGP table version ‐ Internal version number of the table. This number is incremented whenever the table changes.
local router ID ‐ IP address of the router.
Status codes ‐ Status of the table entry. The status is displayed at the beginning of each line in the table. It can be one of the
following values:
s —The table entry is suppressed.
* —The table entry is valid.
> —The table entry is the best entry to use for that network.
i —The table entry was learned via an internal BGP (iBGP) session
Origin codes ‐ Origin of the entry. The origin code is placed at the end of each line in the table. It can be one of the following
values:
i —Entry originated from Interior Gateway Protocol (IGP) and was advertised with a network router configuration command.
e —Entry originated from Exterior Gateway Protocol (EGP).
? —Origin of the path is not clear. Usually, this is a router that is redistributed into BGP from an IGP.
Network ‐ IP address of a network entity.
Next Hop ‐ IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0
indicates that the router has some non‐BGP routes to this network
09/11/2022
41
Dépannage : AS de transit
– The next hop to reach a network
• eBGP
– IP address of the peer
• iBGP
– NEXT_HOP advertised by eBGP
– IGP should carry route to
NEXT_HOPs
– Recursive route lookup
– Unlinks BGP from the physical
topology
– Allows IGP to make intelligent
forwarding decision
– Unreachable next‐hop ‐> route
not used
09/11/2022
43
–
Extended ping fails ‐> IGP issue
Update source missing
No directly connected route to neighbor (eBGP) + forgot ebgp‐multihop
ebgp‐multihop but wrong (or not specific enough) static route to neighbor
Neighbor negotiation’s finite state machine (Connect, Active, OpenSent, OpenConfirm, Established, Idle)
•
•
“show ip bgp summary”
“show ip bgp neighbor <…>”
–
“show ip bgp [network] [network‐mask] [longer‐prefixes]”
–
Best Path selection
–
Reset “hard” de session
•
–
Reset “soft” (lié à route refresh)
•
–
clear ip bgp 1.1.1.1
clear ip bgp 1.1.1.1 soft [in | out]
Debug ip bgp <…>
09/11/2022
42