BGP Part-1.

Transcription

1 BGP Part-1

2 Comparison between IGPs & BGP» Similarities and differences between BGP and IGPs (OSPF and EIGRP): BGP needs to form neighborship like IGPs. BGP needs to advertise prefixes, just like IGPs. BGP also advertises Next Hops for those prefixes. Neighbor IP address may not be on a common subnet for BGP. BGP uses TCP (179) and unicast IGPs do not.

3 Comparison between IGPs & BGP» Neighbors versus Peers IGP routers are called neighbors which typically denotes a directconnection. BGP routers are called peers because there is no need for directconnection.» Routes versus NLRI IGP protocols exchange unicast routes BGP also exchanges unicast routes, but can also exchange other types of information. For this reason we say BGP exchanges NLRI (Network-Layer Reachability Information)

4 Overview of ibgp and ebgp

5 Overview of ibgp and ebgp» There are two types of neighbors in BGP: internal BGP (ibgp) and external BGP (ebgp).» A BGP router behaves differently in several ways depending on whether the peer (neighbor) is an ibgp or ebgp peer. Router BGP 1 neighbor remote-as 2 Router BGP 1 neighbor remote-as 1 ebgp Peering ibgp Peering

6 ibgp and ebgp Differences (Overview)» Peer establishment ebgp imposes certain rules/restrictions not imposed by ibgp» Prefix exchange BGP updates received from external peers can be forwarded on to any other type of peer. BGP updates received from internal peers can ONLY be forwarded on to external peers.» Update modification Certain BGP Path Attributes may only be forwarded to external or internal peers.

7 BGP Neighborship Requirements

8 BGP Peering Overview BGP Peering Establishment 2 router bgp 1 TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) router bgp 2 neighbor remote-as 1 AS# 1 neighbor remote-as 2 AS# 2 BGP Update Exchange I ve got better paths for these same prefixes!! 1 Ensure BGP peers have IP reachability to each other. 2 Configure basic ebgp on each router. These are the best paths I ve seen so far! 3 TCP 3-Way Handshake must complete 4 BGP Peering must complete 5 BGP Update Exchange 6 BGP Bestpath Selection Process

9 ebgp Neighborship Overview» To configure BGP Peers, use the following commands: router bgp asn (global command) neighbor ip-address remote-as remote-asn (BGP subcommand)» The asn in the router bgp command is the local AS number of the router.

10 BGP Peering Sanity Checks BGP Peering Establishment 2 router bgp 1 AS# 1 neighbor remote-as 2 AS# 2 1 Source IP address of incoming TCP connection must be from an expected/configured BGP peer. 2 Peer s advertisement of his BGP AS# must be what we expect. 3 If BGP authentication is used, same password must be configured. 4 Peers must have unique BGP Router-IDs 5 Peers must use the same BGP version. TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) router bgp 2 neighbor remote-as 1

11 BGP Router-ID» Just like any IGP, BGP elects a Router-ID.» The BGP router-id is elected as follows: Use the setting of the bgp router-id <x.x.x.x> router subcommand. Choose the highest numeric IP address of any up/up loopback interface, at the time the BGP process initializes. Choose the highest numeric IP address of any up/up nonloopback interface, at the time the BGP process initializes.

12 BGP Authentication» To configure authentication for BGP, use the following command: neighbor neighbor-ip password key (BGP subcommand)» This command must be configured on both routers.» If keys do not match or this command is only configured on one router, peer-establishment will not be formed.

13 BGP Update-Source & Multihop Requirement

14 BGP Update-Source» TCP Connection must first form between BGP peers.» This TCP connection must form before BGP messages flow over this TCP connection.» Source IP address used in TCP connection usually must match what your neighbor is expecting from you in his neighbor command.» The local router tries to form a TCP connection with the IP address defined in the neighbor remote-as command.

15 BGP Update-Source» When peers are directly-connected, source-ip address of incoming BGP messages is trusted. 2 TCP Sync (src= dest port=179) Fast0/0 TCP Sync + Ack (src = src port=179) Fast0/0 2 router bgp 1 4 router bgp 2 AS# 1 neighbor remote-as 2 neighbor remote-as 1 AS# 2 TCP ACK (179) 5 1 How do I reach ? Oh via FastEthernet0/ 0! I ll use that as my source IP. 3 Am I configured to expect/ trust BGP from ? Yes!! How do I reply back to ? Oh via FastEthernet0/ 0! I ll use that as my source IP.

16 BGP Update-Source (2)» What if peers are NOT directly connected? IP Routing Table D /24 via (Fast0/0) AS# AS# 1 Fast0/ Fast0/0 router bgp 1 neighbor remote-as 1 Serial0/0 2 TCP Sync (src= dest port=179) TCP Reset (src = src port=179) 4 Serial0/ router bgp 1 neighbor remote-as 1 1 How do I reach ? Oh via FastEthernet0/ 0! I ll use that as my source IP ?? Who are you??? I don t know you!!

17 BGP Update-Source (3)» Redundant Links between connected peers IP Routing Table C /24 via Fast0/0 D C /24 via Fast0/1 (Fast0/10) AS# 1 AS# 1 Fast0/0 router bgp 1 neighbor remote-as TCP Sync (src= dest port=179) TCP Reset (src = src port=179) 6 0/1 Fast0/ Fast0/ /2 0/4 Fast0/ /3 TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) router bgp 1 neighbor remote-as 1 1 How do I reach ? Oh via FastEthernet0/ 1! I ll use that as my source IP ?? ? Who Great I are you??? 3 I don t was know expecting you!! you!

18 BGP Update-Source» The failure in one link can cause BGP neighborship to fail.» There are two solutions to resolve this issue: Configure two neighbor commands on each router. Use loopback interfaces as the TCP connection endpoints.» The use of two BGP Peerings between the same pair of routers can consume bandwidth and more memory in the BGP table.

19 BGP Update-Source (Fix# 1) IP Routing Table D /24 via (Fast0/0) AS# AS# 1 Fast0/ Fast0/0 Serial0/ router bgp 1 neighbor remote-as 1 neighbor update-source Serial0/0 2 TCP Sync (src= dest port=179) Serial0/0 router bgp 1 neighbor remote-as 1 neighbor update-source FastEthernet0/0 How do I reach ? 1 Oh via FastEthernet0/ 0! I ll use that as my source IP. 3 I was waiting for you !

20 BGP Parallel Links (Solution #1) AS# 1 AS# 1 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 1 neighbor remote-as TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) 0/1 0/3 TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) Fast0/0 router bgp 1 neighbor remote-as 1 neighbor remote-as 1

21 BGP Parallel Links (Solution# 2) IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via Loop / 32 AS# 1 AS# 1 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 1 neighbor update-source Loop0! ip route ip route TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) 0/1 0/3 Fast0/0 IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via Loop / 32 router bgp 1 neighbor remote-as 1 neighbor update-source Loop0! ip route ip route

22 Case where Update-Source not needed Router bgp <whatever> neighbor remote-as <whatever> 1 TCP Sync (Dest Port=179) Src= Dest = TCP Sync+ACK (Source Port=179) Src= Dest = Loopback Router bgp <whatever> neighbor remote-as <whatever> Notice that in this instance, Router-2 responds using it s Loopback Interface IP Address as a source IP even without update-source configured. 2

23 ebgp Problem IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via I can t even start the TCP process because my peer is NOT directly-connected!! IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via Loop / 32 AS# 1 AS# 2 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 2 neighbor update-source Loop0! ip route ip route /1 0/3 Fast0/0 Loop / 32 router bgp 2 neighbor remote-as 1 neighbor update-source Loop0! ip route ip route

24 ebgp Solution #1 - Multihop IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via Loop / 32 AS# 1 AS# 2 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 2 neighbor update-source Loop0 neighbor ebgp-multihop! ip route ip route TCP Sync (179) IP TTL = 255 0/1 0/3 Fast0/0 Loop / 32 router bgp 2 neighbor remote-as 1 neighbor update-source Loop0 neighbor ebgp-multihop! ip route ip route

25 ebgp Solution #2 Disable Connected IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via IP Routing Table C /24 via Fast0/0 C /24 via Fast0/1 S /32 via via Loop / 32 AS# 1 AS# 2 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 2 neighbor update-source Loop0 neighbor disable-connected-check! ip route ip route TCP Sync (179) IP TTL = 1 0/1 0/3 Fast0/0 Loop / 32 router bgp 2 neighbor remote-as 1 neighbor update-source Loop0 neighbor disable-connected-check! ip route ip route

26 BGP Message Types, BGP Table, & BGP Routes

27 BGP Message Header and Types» All BGP messages carried within IP/TCP Headers IP Header TCP Header Marker (All Fs ) 16-bytes Length (2-bytes) Type (1 byte) BGP Data» BGP uses four types of messages for its operation: Open Update Keepalive Notification

28 BGP Message Types - Open» BGP Open Message: Used in Neighbor Establishment BGP values and capabilities are exchanged. Marker (All Fs ) 16-bytes Length (2-bytes) Type = 1 Version = 4 My AS# Hold Time Router-ID Optional Parameters Length BGP Capabilities

29 BGP Open Message (Sniffer Trace)

30 BGP Message Types - Update» BGP Update Message: Informs neighbors about withdrawn routes, changed routes, and new routes. Used to exchange PAs and the associated prefix/length (NLRI) that use those attributes. Marker (All Fs ) 16-bytes Length (2-bytes) Type = 2 Unfeasible Routes Length Withdrawn Routes (if any) Total Path Attributes Length Path Attributes (TLV) NLRI Prefix Length NLRI Prefix

31 BGP Update Message (Sniffer Trace)

32 BGP Message Types - Notification» BGP Notification message: Used to signal a BGP error; typically results in a reset to the neighbor relationship Marker (All Fs ) 16-bytes Length (2-bytes) Type = 3 Error Code Error Subcode Data

33 BGP Notification Message (Sniffer Trace)

34 BGP Message Types - Keepalive» BGP Keepalive message: Sent on a periodic basis to maintain the neighbor relationship. The lack of receipt of a Keepalive message within the negotiated Hold timer causes BGP to bring down the neighbor connection. IP Header TCP Header Marker (All Fs ) 16-bytes Length (2-bytes) Type = 4

35 BGP Keepalive Message (Sniffer Trace)

36 Examining the BGP Table» To verify the BGP table, use the command show ip bgp.» The output will list all the BGP learned routes, locally injected plus learned from neighbors.» With each prefix it will have multiple attributes that can be examined and used for best path selection.» Each prefix can have multiple paths with different nexthops.

37 Examining the BGP Table

38 Examining the BGP Table» Prefixes with * are valid to be considered for best-path algorithm.» Best path is presented by >.» The Path heading shows the AS_Pa t h Attribute.» The BGP show commands list the AS_Pa t h with the first-added ASN on the right and the last-added ASN on the left.

39 Verification Commands for ebgp Learned Routes» show ip bgp prefix [subnet-mask]» show ip bgp neighbors ip-address received-routes» show ip bgp neighbors ip-address routes» show ip bgp neighbors ip-address advertised-routes» show ip bgp summary

40 BGP Neighbor States

41 BGP Neighbor States» BGP goes to through the following neighborship states:» Idle: The BGP process is either administratively down or awaiting the next retry attempt.» Connect: The BGP process has detected an incoming TCP connection request and is waiting for the TCP connection to be completed.

42 BGP Neighbor States» Active: BGP has initiated an outbound TCP connection request and is waiting for the 3-way handshake to complete. BGP can enter this state either because: This router was the first router to initiate a connection (from Idle-to-Active) This router received an initial, inbound connnection request that failed to complete the TCP handshake (Idle-Connect-Active)» Opensent: The TCP connection exists, and a BGP Open message has been sent to the peer, but the matching Open message has not yet been received from the other router.

43 BGP Neighbor States» Openconfirm: An Open message has been both sent to and received from the other router.» Est ablished: All neighbor parameters match, the neighbor relationship works, and the peers can now exchange Update messages.

44 State Transitions: TCP Handshake Failure Possibility #1 ConnectRetry Timer Idle Start event TCP Sync Received Connect Initiate TCP Active Initiate TCP TCP timeout TCP Sync+ACK TCP Sync Transmited EXPIRED! ConnectRetry Timer

45 State Transitions: TCP Resets Idle Start event BGP invokes/starts TCP Active Initiate TCP TCP Sync Sent TCP Reset Received ConnectRetry Timer ConnectRetry Timer (stopped) Possibility #2

46 Moving to OpenSent Idle Start event Active Initiate TCP TCP ConnectRetry Timer TCP AcK sent TCP Sync+AcK received Send BGP Open Sync Sent OpenSent Possibility #3

47 Moving from OpenSent (1) OpenSent Open Received but bad BGP header or bad Open parameters BGP Notification Idle ACTIVE Initiate TCP

48 Moving from OpenSent (2) OpenSent Open Received everything looks good! BGP Keepalive sent Open Confirm BGP Keepalive received Established I m ready to send my BGP Update(s) now!!

49 BGP Peering Collisions

50 Peering and Router-IDs» When two routers are initially configured to peer with each other, they don t know each other s BGP Router-IDs.» Normally, the router with highest Router-ID will initiate the TCP handshake with the router that has lowest Router-ID.» That can t happen if Router-IDs are unknown.

51 BGP Collisions?» If BGP Router-IDs are unknown, a peering collision may occur. TCP Sync (179) Hey, I ve already got a session with you! Loop / 32 TCP Sync + Ack (179) TCP ACK (179) AS# 1 AS# 2 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 2 neighbor update-source Loop0 neighbor ebgp-multihop bgp router-id ! ip route ip route BGP Open (RiD= ) BGP Notification (Cease!!) 0/1 0/3 TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) BGP Open (RiD= ) Fast0/0 Hey, I ve already got a session with you! Loop / router bgp 2 neighbor remote-as 1 neighbor update-source Loop0 neighbor ebgp-multihop bgp router-id ! ip route ip route

52 How do we prevent collisions?» Router can be configured to only accept inbound connections, but not ACTIVELY initiate outbound connections. router bgp 1 neighbor remote-as 2 neighbor update-source Loop0 neighbor ebgp-multihop neighbor transport connection-mode passive bgp router-id ! ip route ip route TCP Sync (179) TCP Sync + Ack (179) TCP ACK (179) AS# 1 AS# 2 Fast0/ BGP Open (RiD= ) 0/1 0/3 Fast0/ Fast0/ /2 0/4 Fast0/ router bgp 2 neighbor remote-as 1 neighbor update-source Loop0 neighbor ebgp-multihop bgp router-id ! ip route ip route

53 Who initiated the connection? If the Local Port is NOT 179 that means your local router INITIATED the TCP connection.

54 Defeating BGP DoS Attacks with TTL Security

55 BGP DoS Example ebgp s reliance on TTL=1 leaves it open to attack. Guess I need to kill my BGP peering with ! AS# 2 router bgp 1 neighbor remote-as 2 bgp router-id ! IP TTL=1 Dest= Source= Fast0/ Fast0/ AS# 1 BGP Notification= CEASE!! (RiD= ) router bgp 2 neighbor remote-as 1 bgp router-id ! IP TTL=4 Dest= Source= Destination ? I can forward that! BGP Notification= CEASE!! (RiD= ) Evil Person

56 TTL and ebgp Sessions» ebgp sessions assume neighbor is directly-connected.» TTL in ebgp sessions set to 1 if Connected route is found.» If neighbor NOT directly connected, additional configuration needed to start BGP peering process (which affects outbound TTL) ebgp-multihop (sets TTL in outbound BGP packets to 255) Disable-connected-check (sets TTL to 1 in outbound BGP packets. TTL-Security (to be discussed next)

57 TTL-Security» By default, any TTL value (>0) of received BGP packets is accepted from ebgp peers.» TTL-Security = Mechanism to enforce TTL values to prevent DoS (config-rtr)#neighbor x.x.x.x ttl-security hops <1-254>» How is hops used? <hops> = X All incoming BGP packets must have TTL X

58 TTL-Security with Direct-Connection Peering 1 R1 BGP packets sent with TTL=255 R2 2 R1 BGP packets received-and-processed with TTL 254 R2 3 BGP packets silently discarded with TTL < 254 R1 TTL=252 TTL=253 TTL=254 TTL=255 Attacker Fast0/ Fast0/ x Y neighbor ttl-security hops 1 neighbor ttl-security hops 1 Evil Person AS# 1 (customer) AS# 2 (ISP)

59 TTL-Security with Multihop Peering 1 R1 BGP packets sent with TTL=255 R2 2 R1 BGP packets received-and-processed with TTL 253 R2 3 BGP packets silently discarded with TTL < 252 R1 TTL=250 TTL=253 TTL=254 TTL=255 Attacker a b 1 2 x Y neighbor ttl-security hops 2 neighbor ttl-security hops 2 Evil Person AS# 1 (customer) AS# 2 (ISP)

60 TTL-Security with Loopback Peering (Method #1) 1 R1 BGP packets sent with TTL=255 R2 2 R1 BGP packets received-and-processed with TTL 253 R2 3 BGP packets silently discarded with TTL < 253 R1 Loop /32 Loop /32 neighbor update-source loop0 neighbor ttl-security hops neighbor update-source loop0 neighbor ttl-security hops 2 AS# 1 (customer) AS# 2 (ISP)

61 TTL-Security with Loopback Peering (Method #2) 1 R1 BGP packets sent with TTL=255 R2 2 R1 BGP packets received-and-processed with TTL 254 R2 3 BGP packets silently discarded with TTL < 254 R1 Loop /32 Loop /32 neighbor update-source loop0 neighbor ttl-security hops 1 neighbor disable-connected-check AS# 1 (customer) neighbor update-source loop0 neighbor ttl-security hops 1 neighbor disable-connected-check AS# 2 (ISP)

62 BGP Neighbor Failure Detection

63 Neighbor Failures Direct Connections» BGP neighbors may be directly, or indirectly connected.» Failures of direct-connection = immediate teardown of BGP peer Fast0/0 Fast0/0 2 router bgp 1 router bgp 2 neighbor remote-as 1 AS# 1 neighbor remote-as 2 AS# 2

64 Neighbor Failures Indirect Connections» Indirect neighbor failures rely on BGP Holddown timer = 180-seconds.

65 Adjusting BGP Timers» BGP Keepalives can be reduced to a minimum of 1- second with a minimum holdtime of 3-secs.

66 Other ways of failure detection» Several other options exist for neighbor failure detection which don t affect CPU: Neighbor Fall-Over Neighbor Fall-Over Route-Map Neighbor Fall-Over BFD» All of the above are called, BGP Fast Peering Session Deact ivat ion

67 Neighbor Fall-Over» The neighbor x.x.x.x fall-over command has several options: Tracks IGP route to BGP peer (ibgp or ebgp). When route is lost, peer immediately taken down. Does NOT work if router ALSO contains a default route.

68 Neighbor Fall-Over Loopback AS# Fast0/0 Fast0/0 2 router bgp 1 neighbor remote-as 1 neighbor fall-over EIGRP Loopback router bgp 1 neighbor remote-as 1 neighbor fall-over Without neighbor fall-over, Holddown Timer must expire.

69 Neighbor Fall-Over The Problem ISP-A Loop /32 ibgp peering ibgp peering ibgp peering Loop / 32 ISP-C Fast0/0 3 A /16 via Rtr-X!! x.x/16 EIGRP AS x.x/ /16 via Rtr-Y!! C X Corporate Intranet Routers Y router bgp 1 neighbor remote-as 1 neighbor remote-as 1 neighbor fall-over ISP-B: BGP AS# 1 router bgp 1 neighbor remote-as 1 neighbor remote-as 1 neighbor fall-over

70 BGP Fast Peering Session Deactivation with Next-Hop Address Tracking» A Route-Map can be associated to the neighbor x.x.x.x fall-over command: Tracks IGP route to BGP peer (ibgp or ebgp). When route is lost, peer immediately taken down. Doesn t care if a default route (or aggregate) exists or not.

71 Neighbor Fall-Over The Solution! ISP-A A Loop /32 1 ibgp peering /16 via Rtr-X!! X ibgp peering Fast0/ x.x/16 EIGRP AS x.x/16 Corporate Intranet Routers ibgp peering /16 via Rtr-Y!! Y Loop / 32 ISP-C C router bgp 1 neighbor remote-as 1 neighbor remote-as 1 neighbor fall-over route-map FALLOVER! access-list 1 permit ! Route-map FALLOVER permit 10 match ip address 1 router bgp 1 neighbor remote-as 1 neighbor remote-as 1 neighbor fall-over route-map FALLOVER! access-list 1 permit ! Route-map FALLOVER permit 10 match ip address 1

72 Indirect Link Failure AS# 3 AS# 4 A B AS# 1 AS# /24 Fast0/ /2 0/4 Fast0/ router bgp 1 neighbor remote-as 2 neighbor a.a.a.a remote-as 3 network mask router bgp 2 neighbor remote-as 1 neighbor b.b.b.b remote-as 4 Previous two solutions will not work. Router-2 will continue to use path to Router-1 until holddown timer expires.

73 BFD yes, it is a Big, Fantastic Deal!!» BFD = Bi-Directional Forwarding Detection» Utilizes UDP and CEF» BFD session setup between BFD peers.» Sub-second failover utilizing BFD/UDP pings» Originally designed for directly-connected peers.» Not just for BGP.

74 BFD Echo and Control Packets» BFD can utilize two types of packets Echo Control» Control packets are mandatory and processed by CPU.» Echo packets are optional (on by default). Echo packets are not received by CPU of peer, simply test forwarding path of peer. Echo packets contain source-and-destination address of the sender.

75 BFD Basic Configuration» Initial BFD timers configured on physical interface.» Echo Mode on by default Router(config-if)#bfd interval 100 min_rx 200 multiplier 3 I would like to transmit BFD Echo packets every 100msecs! The fastest I can process incoming BFD ECHO packets is every 200msecs so please don t send them any faster! If YOUR min_rx is LESS than my interval, I ll respect your value and transmit Echo packets at that rate. And I ll declare you dead after 3x that value!

76 Indirect Link Failure with BFD AS# 3 AS# 4 A B AS# 1 AS# /24 Fast0/ /2 0/4 Fast0/ Interface FastEthernet0/1 ip address bfd interval 100 min_rx 100 multiplier 3! router bgp 1 neighbor remote-as 2 neighbor fall-over bfd neighbor a.a.a.a remote-as 3 network mask Interface FastEthernet0/1 ip address bfd interval 100 min_rx 100 multiplier 3! router bgp 2 neighbor remote-as 1 neighbor fall-over bfd neighbor b.b.b.b remote-as 4

77 Indirect Link Failure with BFD (1) Loop / 32 AS# 1 AS# /24 Fast0/ /2 0/4 Fast0/ ! router bgp 1 neighbor remote-as 2 neighbor ebgp-multihop neighbor update-source loopback0 neighbor remote-as 3 network mask ! Ip route AS# 3 AS# 4 A B Loop / 32! router bgp 2 neighbor remote-as 1 neighbor ebgp-multihop neighbor update-source loopback0 neighbor remote-as 4! Ip route Multihop peers can be reachable via several physical links. Upon which link should BFD be configured?

78 Indirect Link Failure with BFD (2) Loop / 32 AS# 1 AS# 2 Fast0/ /2 0/4 Fast0/ /24 bfd-template multi-hop BGP interval min-tx 200 min-rx 200 multiplier 3! bfd map ipv / /0 BGP! router bgp 1 neighbor remote-as 2 neighbor ebgp-multihop neighbor update-source loopback0 neighbor fall-over bfd multihop neighbor remote-as 3 network mask ! Ip route AS# 3 AS# 4 A B Loop / 32 bfd-template multi-hop BGP interval min-tx 200 min-rx 200 multiplier 3! bfd map ipv / /0 BGP! router bgp 2 neighbor remote-as 1 neighbor ebgp-multihop neighbor update-source loopback0 neighbor fall-over bfd multihop neighbor remote-as 4! Ip route

79 Quiz!!! Given the configurations shown above, answer these questions: 1. How often will Router-1 receive BFD Echo packets from Router-2? 2. How long will it take for Router-2 to tear down the BGP peering session with Router-1 when port 0/2 on the switch goes down?

80 Answer Given the configurations shown above, answer these questions: 1. How often will Router-1 receive BFD Echo packets from Router-2? Every 300mSecs 2. How long will it take for Router-2 to tear down the BGP peering session with Router-1 when port 0/2 on the switch goes down? After roughly 900msecs.

81 Quiz!!! ISP-A Loop /32 ibgp peering ibgp peering ibgp peering Loop / 32 ISP-C 1 Fast0/0 2 Fast0/0 3 A /0 via Rtr-X (EIGRP) EIGRP AS 100 C X Corporate Intranet Routers Y Which of the features that we ve learned about in this series would quickly teardown the ibgp Peering between Router-1 and Router-3 if FastEthernet0/0 on Router-1 went down WITHOUT consuming any additional bandwidth on any of the links shown here?

82 Answer ISP-A Loop /32 ibgp peering ibgp peering ibgp peering Loop / 32 ISP-C Fast0/0 A /16 via Rtr-X!! x.x/16 EIGRP AS x.x/ /16 via Rtr-Y!! C X Corporate Intranet Routers Y BGP Fast Peering Session Deactivation with Next-Hop Address Tracking

83 Q&A All rights reserved.