University of Belgrade - School of Electrical Engineering Department of Telecommunications

Transcription

1 University of Belgrade - School of Electrical Engineering Department of Telecommunications 1

2 BGP-4 Theory and Practice Berislav Todorović Nenad Krajnović 2

3 Routers and Routing Introduction to Routing 3

4 Objectives Routers Definition and classification of routers IP datagram forwarding algorithm Basic principles of routing Routing table analysis Less and more specific routes Aggregation of routing information Troubleshooting - routing loops and black holes Routing information exchange Static and dynamic routing Routing protocols Hierarchy in the routing architecture - interior and exterior routing Multihoming - is BGP-4 always needed? 4

5 What is a Router? Router - a multi-interface device, used to forward IP datagrams from one interface to another, as well as to exchange routing information with other routers, according to: source and destination IP address of the datagram routing information, set manually or obtained from other routers routing policies, set by router administrator, defined by agreements. Routers are basically Layer 3 (network layer) devices. Routers must be compliant with the current standards. Requirements for IPv4 routers are summarized in RFC RFC 1812 is a must-read read-document, prior to router purchase! Periodic software upgrades are necessary to keep up-to-date with the current standards and minimize effects of bugs! 5

6 IP Forwarding Procedure (taken from RFC 1812, simplified) Datagram decapsulation from a data-link layer frame (e.g. Ethernet frame). Validation of the IP datagram header, using a checksum procedure. Processing of any IP option (source route, record route etc.). Examination of the destination IP address (e.g ) if the destination is the router itself, the datagram should be delivered locally. if the destination is outside, it should be queued for forwarding. a copy of the datagram should be, in the latter case, queued for local delivery. If the datagram is to be forwarded, the router obtains next hop address from the routing table. Router checks access lists, to see whether forwarding to a specific destination is allowed or not. If not, datagram is discarded. Router decrements TTL and checks it. If TTL=0, discard the datagram. If necessary, the router performs datagram fragmentation. The router determines the next-hop data link layer address, encapsulates the 6 datagram and sends it, using the appropriate data link protocol.

7 Addressing and Routing Address allocation methods has strong impact on routing. Classful addressing: Initially, the address space had been divided into classes (A, B, C, D, E). Network prefix length was derived directly from the class. Used by EGP and RIPv1. Classless addressing: In a classless environment, network prefix length may be arbitary. Network prefix length is being transmitted along with the IP net number. Classless addressing is a basis of classless inter-domain routing (CIDR). Used by BGP-4, OSPF and EIGRP. 7

8 What is CIDR? By definition, CIDR comprises three elements: Topologically significant address assignment Consistent forwarding algorithm ("longest match rule") Aggregation of network layer reachability information A route to a destination might be: More specific Less specific Example - for the destination : Route /24 is more specific than the route /21. Route 10.91/16 is less specific than /24. Route / /32 would be the most specific in any case! 8

9 Longest Match Routing Rule The routing table may contain mutually overlapping routes. The router will always follow the most specific route available! Example - if the routing table contained: Destination Next hop Interface / Serial / Serial / Ethernet0 Traffic to would go to the Serial0 interface Traffic to would go to the Serial1 interface Traffic to would go to the Ethernet0 interface. 9

10 Tracing the Route... A B Destination Gateway Gateway Netmask Interface Ethernet0 eth Serial0 eth Serial Ethernet1 10

11 Route Aggregation Goals of route aggregation: Save router memory Minimize routing information update traffic among routers Principle: several more specific route entries could be glued together into a summary entry, if they have the same next hop Example: A /22 B / / / / / /23 11

12 Common Aggregation Mistake ADVICE - Do not aggregate networks not belonging or directly reachable to you!!! C D / /0 A /22 B / /24 Black hole: / /24 12

13 Correct Setup Don t allow former users to hold assigned address space upon agreement termination! C D / / /0 A / /24 B / / /24 13

14 Static and Dynamic Routing Routing tables require updates, as the network grows. Updates may be manual (static) or learnt dynamically: Static routes: Entered by the router administrator. Excellent for ISPs, when connecting single-homed customers. Bad in large network environments. Dynamic routing: Routing table update by the information learnt from other rout Routing protocols - used to exchange routing information among routers. Bad in losely controlled networks, where users could announce junk data. IMPORTANT - Routing protocols do not route traffic - they are only used to exchange routing information! 14 Traffic routing is being performed by IP!!!

15 /22 Static Routes /23 POP-1 Customers POP-2 Static routes /24 Dynamically announce / / /27 Configured manually, by the router operator. Should not be avoided, if it is cost effective! Not always flexible, though, but - it works! Typical use in ISP networks. It is always better to describe an unskilled customer with static routes than to let them announce junk to others! 15

16 Dynamic Routing POP-1 Announce 10.91/16 Accept 10.91/16 POP /16 Traffic is now allowed to: 10.91/16 ANNOUNCE and ACCEPT policies are an essential part of dynamic routing protocols! 16

17 Routing Protocols Routing protocols do not route packets in the network - IP does it! Routing protocols are used for routing information - routing table contents exchange among routers in a network. Regarding the principle of operation, we distinguish among: Distance vector (e.g. RIPv1, RIPv2) Link-state (e.g. OSPF) Path vector (e.g. EGP, BGP) Regarding the dependence of the IP address class, we recognize: Classful protocols (RIPv1; EGP, BGP-1, 2 and 3) Classless protocols (RIPv2, OSPF, EIGRP; BGP-4) 17

18 Distance Vector Protocols A RIPv1 and RIPv2 fall into this category Each hop is assigned a fixed distance factor. Each routing update message contain a vector of (address, distance) pairs. Router, receiving the update, adds link distance and send update further to others (except to the router it received update from). To avoid routing loops, maximum cummulative distance is limited (15 for RIPv1 and RIPv2). This is a serious constrain in huge networks! Convergence is another problem of distance vector protocols B C D

19 Link State Protocols R1 8 R2 7 R1 0 8 N 0 7 R2 10 Network N 10 0 R R R3 R4 OSPF and IS-IS fall into this category. Each router interface is assigned a cost factor. Router sends update messages about the state of its interfaces, along with costs. Router receives updates and use them to create a network topology graph. The router calculates optimal routes to destinations from the constructed graph. 19

20 Path Vector Protocols /16 Path: 286 AS /16 Path: AS /16 Path: /16 Path: /16 Path: AS /16 Path: AS 3 AS /16 Path:

21 Routing Protocols - Summary Protocol Principle Application Network size limit EGP BGP-4 RIPv1 RIPv2 OSPF Path vector Path vector Distance vector Distance vector Link state CIDR support Route aggreg. Security support Underlying protocol Exterior No No No No IP PROTO=8 Exterior No Yes Yes Yes TCP PORT=79 Interior Yes No No No UDP PORT=520 Interior Yes Yes No Yes UDP PORT=520 Interior No Yes Yes Yes IP PROTO=89 21

22 The Need for Routing Hierarchy Internet is a complex system of autonomous networks, operated by various entities - ISPs, companies, universities... Routing in such an environment requires hierarchy! Autonomous system (AS) - a set of routers, running under a single technical administration, having a single (exterior) routing policy in respect to the other autonomous systems. Interior routing - routing inside an autonomous system. Exterior routing - routing among autonomous systems. Different protocols are used to exchange routing information relevant for interior and exterior routing. Interior routing - OSPF, RIPv1, RIPv2, IGRP, EIGRP Exterior routing - BGP-4, EGP, BGP-3 (mostly BGP-4!) 22

23 Autonomous System (AS) Autonomous system (AS) - a set of routers, running under a single technical administration, having a single (exterior) routing policy in respect to the other autonomous systems. One IP network (e.g /16) may belong to only one AS!!! One AS may comprise several IP networks (e.g. AS6700 contains /16, /19, /18 etc.). AS identifiers - 16-bit numbers ( ) - limited resource! Like IP addresses, AS numbers are centrally distributed - IANA, regional Internet registries and ISPs. Separate AS number is is only required for for a multi-homed user, running an an exterior routing protocol to to its its peers. AS number assignment policy is is defined in in RFC 1930! 23

24 Autonomous System and Its Vicinity AS / /24 TaideNet Ethernet /16 AS5377 Border router BeoTelNet AS 1800 AS 5479 AS

25 What is Exterior Routing? Exchange of routing information, relevant for routing IP datagrams from one AS to another. Exterior routing protocols (EGP, BGP-4) see the whole global network as a directed graph (tree), with AS s as its nodes. Using the information from the routing tables, learnt via exterior routing protocols, IP forwards datagrams from a router in one AS to the router in another one. Using an exterior routing protocol, router announces a list of IP networks belonging to its AS (Network-Layer Reachability Information - NLRI). Historically, there were many exterior routing protocols (GGP, EGP, BGP), of which BGP-4 is mostly being used today. 25

26 When to Use Exterior Routing? Most answers to this question are given in the RFC Exterior routing and a separate public AS number is needed when the customer is connected to the ISP s, belonging to different AS s. Exterior routing is not really needed and should be avoided if: the customer is single-homed, i.e. connected to a single ISP. the customer is multi-homed, but all peer ISP s belong to the same AS. the customer is multi-homed, but the peer ISP s are directly connected. Multi-homed user, having a small network (prefix > /19) might experience connectivity problems (Sprint s BGP update filtering policies). Alternate solution: obtain address space from all ISP s (a small IP network, say /26 or less), use private address space in your network and NAT on the router. 26

27 Multi-homing to the Same AS BGP / / /24 OSPF, EIGRP, RIP... AS /24 ISP A ISP B Backbone ISP AS 702 User AS / /24 AS

28 Multi-homing to Directly Connected ISP s AS /19 BGP-4 Ethernet / /19 ISP A (AS 8400) / /16 OSPF, EIGRP /16 ISP B (AS 6700) /16 ISP C (AS 5377) ISP D (AS 8534) 28

29 BGP-4 Border Gateway Protocol (Principles of Operation) 29

30 BGP-4 (Border Gateway Protocol - RFC 1771, 1772) Exchanges inter-as routing information, between two routers in the same or different AS (BGP speakers, border routers, peers). A TCP connection (port 179) must be established between peers. Upon startup, the whole (or partial routing table) is exchanged. Later, only incremental NLRI is exchanged, depending on inter- AS link states. Supports policy-based routing (policies). All routing policies, based on the hop-by-hop paradigm are supported by the BGP-4. Supports route aggregation, saving router memory and inter-as communication link bandwidth usage. Supports CIDR. 30

31 BGP-4 - Messages BGP-4 uses four standard types of messages: OPEN - used to negotiate neighbor parameters. UPDATE - used to exchange NLRI between the BGP speakers. NOTIFICATION - used to report errors. KEEPALIVE - used to check inter-bgp-speaker link availability. OPEN - contains: version, AS number, hold time, router ID (highest IP address on the router, or highest loopback address). NOTIFICATION - contains the error code. KEEPALIVE - sent periodically to assure availability of the link between BGP speakers, at rate less than hold timer. If hold timer expires, the BGP session is closed and the routes withdrawn. UPDATE - used to exchange NLRI. 31

32 How BGP-4 Works? Two BGP speakers, located in the same or different AS s establish a TCP connection (port 179). The BGP speakers exchange OPEN messages, to negotiate parameters. Initially, the whole routing table is exchanged. Later, only incremental changes are being exchanged. Upon receiving an update, a BGP speaker decides whether to accept it or not and whether or not to announce it further. Data used in decision-making process are: Route to the destination already existing in the routing table (if it does exist). Routing policies, set locally by the network administration. Routing policies, set by the neighbor network administrators. Decision-making process might result in Installing a new route in the routing table Ignoring the update, but announcing it further. Total ignorance of the update, without announcing it further. 32

33 UPDATE Message Format Message header WL <- Widthdrawn route list length (2 bytes) Route 1 Route 2 Route 3 PL <- Path attributes list length (2 bytes) Attribute 1 Attribute 2 Attribute 3 NLRI route 1 NLRI route 2 NLRI route Route format: Prefix length Prefix address AS_PATH: Flags 2 #AS's AS 1 AS

34 BGP Path Attributes Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.). Used in decision-making process of a BGP process on the routers. Format: attribute type, attribute length, attribute value Well-known attributes - must be supported by all implementations: Well-known mandatory - must be present in each update (e.g. AS path) Well-known discretionary - may or may not be present in each update Optional attributes - not required by all BGP implementations: Optional transitive - the attribute must be passed to other BGP speakers. Optional non-transitive - should be ignored and not passed to others. 34

35 Review of BGP Path Attributes Code Attribute Name Cat. Short description 1 Origin WK-M Origin of info (IGP/EGP/incomplete) 2 AS_Path WK-M List of traversed AS numbers 3 Next_hop WK-M IP address of next hop to destination 4 Multi_exit_disc Opt-NT Advise other AS on path selection 5 Local_pref WK-D Used in path select. within a local AS 6 Atomic_aggr WK-D Used to control route aggregation 7 Aggregator Opt-T Used to control route aggregation 8 Community Opt-T Grouping of routes with same policies 35

36 Basic Mode of Operation /16 Path: 286 AS /16 Path: AS /16 Path: /16 Path: /16 Path: AS /16 Path: AS 3 AS /16 Path:

37 Basic Routing Configurations AS 2 Transit AS Transit AS Full transit Multi-homed AS Multiple neighbors, no transit! AS 27 AS 5377 Stub AS Only one neighbor AS AS 3 AS 11 37

38 Announce Stub AS Customer AS / / / /18 TRAFFIC ISP AS 27 Customer AS 6701 must be visible from the Internet. Thus, AS6701 has to announce its IP networks to AS 27. That will allow incoming traffic to 6701 to flow. The ISP AS27 must provide enough information to AS6701. Thus, they will have to announce ANY information they have. Alterately, they will announce a default route only. 38

39 Stub AS - a Better Approach Customer AS / /18 Announce 10.91/ /18 origin: AS65500 ISP AS 27 Announce 10.91/ /18 origin: AS27 AS numbers are a limited resource (only numbers!). IANA has reserved the range for private AS s. Private AS numbers do not get included in the AS path attribute. Thus, the customer might want to use a private AS number (say, AS65500). The customer will announce their networks to the ISP (AS27). Since the private AS number is ignored, all routing information will look like it originated from AS27. 39

40 Stub AS - the Best Solution ISP Customer / /18 static routes default AS 27 Running BGP-4 with a stub AS is not recommended at all. In the stub AS case, BGP-4 only wastes link bandwidth! Recommended solution: place the customer s network in the ISP AS (AS 27). the customer will announce routes to the ISP using an IGP, or the ISP will use static routes to the customer. the customer will place a default ( /0) route to the ISP. 40

41 Multi-homed Non-transit AS AS 27 AS 12 AS 5377 Task: AS12 wants to use links to AS27 and AS5377 for load balancing. AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. AS12 will announce its networks only to AS 27 and AS AS27 and AS5377 must provide full routing information they have to AS12. Full global IP routing table (takes about 32 MB) is necessary for load sharing! It is also possible to have partial IP routing information. Partial or full routing information must be announced by both AS27 and AS

42 Preventing Dirty Games AS /16 Static route to /16 AS /16 AS /16 Task: AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. Problem: Static route to /16 AS27 and AS5377 may place static routes to each other and to cheat on AS12. Solution: Apply access-class class 101 in on the interfaces to both ISP s (AS27, AS5377). The access-list 101 would be of the form: access-list 101 permit ip any access-list 101 deny ip any any 42

43 AS 4 Transit AS AS /16 AS /16 AS /16 Transit may be full or restricted. Full transit assumes passing traffic from any AS to any other AS. Restricted transit assumes passing traffic coming from certain AS s to certain other AS s. Transit routing policies need not to be symmetrical, though it is desirable they are. Examples: Consider AS12, passing traffic between AS27 and AS5377. AS12 may want to pass traffic from AS27 to AS5377, but not in the opposite way. AS12 may want to pass traffic from AS4, coming through AS27 to AS

44 Transit AS - an Example AS 4 AS 5 AS /16 AS /16 AS /16 Task: To AS5377, AS12 wants to provide transit service for AS27 and AS4. To AS27, AS12 wants to provide transit service for AS5377, but not for AS5. AS12 itself will use both links to AS27 and AS5377, with default to AS27. Solution: announce AS5377 announce AS27, AS4 To AS5377, AS12 will announce all routes from AS27 and AS4. To AS27, AS12 will announce all routes from AS5377, but not routes from AS5. Accept anything AS27 and AS5377 announce, except default from AS5377. Accept default route from AS27. 44

45 Basic BGP-4 Routing Configurations Review Stub AS: Standalone AS, connected to its neighbor using a single logical link. Explicitly forbidden (RFC 1930), except as a temporary solution in the initial phase of a new AS setup. If BGP is needed anyway, use a private AS number ( )! Multi-homed, non-transit AS: Customer AS X, connected to two or more different AS s. Transit from one neighbor network to another using AS X is not allowed! Tranzitni AS (Transit AS): Customer AS X, connected to two or more different AS s. The customer allows partial or full transit to its neighbors. Backbone ISP s orpeate in full-transit mode, to ensure global connectivity. 45

46 BGP-4 Border Gateway Protocol (Setting up and Running) 46

47 Scope of this Section Setting up a BGP-4 connection between peer routers Passing BGP-4 information inside of the AS Injecting routing information into BGP Decision-making process BGP attributes and their usage Path Selection Criteria. 47

48 Establishing a BGP-4 Session AS1 AS2 AS3 BGP-4 peer routers must be directly physically connected! AS1 AS3 That is not always possible: some AS s have multiple exit points AS2 some routers cannot run BGP Possible solutions: Internal BGP (IBGP) AS1 AS3 External BGP (EBGP) multi-hop AS2 48

49 Passing BGP Information Inside an AS An AS might have a single or (more oftenly) multiple exit points. Information learnt via BGP-4 from one exit point must be passed along the AS to all other exit points. This can be done using two different approaches: Establish an internal BGP (IBGP) session between border routers. Redistribute BGP information into an IGP on entry and back to BGP P on exit. The first approach is better, since it preserves route attributes. The latter approach might result in complete loss of BGP attributes. Two basic rules are applied when passing BGP information out: Do not advertise a network without checking whether it is internally reachable within the AS. Do not advertise an external route, until all routers within AS don t t learn it 49 (the rule of Synchronization)!

50 External and Internal BGP (EBGP, IBGP) AS 2 External BGP Peering between different AS s? AS 27 AS 5377 Internal BGP Internal BGP Peering inside of an AS AS 11 50

51 Another Solution - Use of an IGP (OSPF, RIPv1, RIPv2 ) AS 2 External BGP Peering between different AS s AS 27 AS 5377 External BGP External BGP BGP attributes received from AS2 are lost!!! IGP (RIP, OSPF) Routing information exchange using IGP s AS 11 51

52 BGP Continuity Inside of an AS A C EBGP IBGP IBGP B IBGP EBGP EBGP To avoid routing loops inside the AS, BGP does not advertise routes learnt from other IBGP peers to other internal BGP peers. Router A will advertise its EBGP routes to B, but B won t pass them to C. Router C will advertise its EBGP routes to B, but B won t pass them to A. Router B will advertise its EBGP routes to A and C. Apparently, there is a need for an IBGP session between routers A and C! The IBGP sessions must be fully-meshed inside an AS! 52

53 EBGP 10.91/16 Synchronization Within an AS A B1 IBGP Router A receives update for 10.91/16, via EBGP from its neighbor. Router A passes the update to the router C, using the existing IBGP session. Router C passes the update to its neighbor, router D, using EBGP. Upon receiving update, router D can send traffic for 10.91/16 via router C. Router C receives this and passes it to router B3, which doesn t know of 10.91/16! B2 C B /16 EBGP BGP must not advertise a route outside the AS, until the route is learnt by all routers within the AS, either statically or by IGP! This default behaviour may be turned off, if needed! 53 D

54 Injecting Routes into BGP Routes may be injected into BGP: Statically (redistribute static) Semidynamically (network command) Dynamically (from an IGP) Statically injected routes are stable, but it must be assured that the route goes down when the link goes down (interface-associated). Semidynamic method is more effective - it allows injection of a selected set of IGP routes. This method assures good stability! Dynamical injection of the whole IGP routing table is not recommended, unless there is a substantial degree of control within the AS and there is a large number of network prefixes. 54

55 Common Injection Problems Injection of private IP addresses (RFC 1918) Injection of reserved and unallocated addresses Injection of small networks, filtered by some backbone ISP s Injection of a classful network - lack of ip classless command Best known case - network 62/8, upon startup of its exploatation. Unstable routes, route flapping Paperwork and procedural problems Injection without proper documenting in an Internet routing registry (IRR) Inconsistency between the data in the IRR and the applied routing policy Changing routing policy, without notificating ANS. 55

56 Backdoors Protocol Distance Direct 0 Static 1 EBGP 20 EIGRP (int.) 90 IGRP 100 OSPF 110 ISIS 115 RIP 120 EGP 140 EIGRP (ext.) 170 IBGP 200 BGP Local 200 Unknown 255 Learning of routing information from different routing protocols is very common. For example, the same route (say, 10.91/16) may be learnt via BGP (from another BGP speaker), OSPF (from a router inside of AS), static route etc. Table of precedence is given on the left - less distance, more preference. The values are changeable. 56

57 10.1/16 A Backdoors - Example 10.1/16 OSPF B AS /16 AS /16 EBGP EBGP C AS 2 Routers A, B and C learn about the same route (10.1/16) using EBGP sessions. However, a direct line between border routers A and C is established. If the routing information between A and C is exchanged using OSPF, then: Router B will announce 10.1/16 to C, distance value being 20. Router A will annoucne 10.1/16 to C, using OSPF, distance value being 110. Thus, route via AS2 and router B will always have a precedence. This can be changed used a network a.b.c.d backdoor command, which raises distance value to 200, placing it less preferred than OSPF. 57

58 Decision-making Process Updates Input policies BGP routing table IP routing table Output policies Updates The router receives a pool of routes from its peers, by BGP updates. Input policies are being performed to filter-out update messages. BGP routing table is being updated and the best route selected. The best route gets installed in the IP routing table. A set of output policies is being used to determine what routes should be advertised further, with what attributes. BGP attributes - play the most important role in the route selection process! 58

59 BGP Path Attributes Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.). Used in decision-making process of a BGP process on the routers. Format: attribute type, attribute length, attribute value Well-known attributes - must be supported by all implementations: Well-known mandatory - must be present in each update (e.g. AS path) Well-known discretionary - may or may not be present in each update Optional attributes - not required by all BGP implementations: Optional transitive - the attribute must be passed to other BGP speakers. Optional non-transitive - should be ignored and not passed to others. 59

60 NEXT_HOP Attribute With most IGPs, the next hop to a route is the IP address of the connected interface of the router that has announced the route. When speaking of BGP, the next hop is: EBGP - the IP address of the neighbor that announced the route. IBGP - For routes originated inside the AS - the IP address of the neighbor that announced the route. For routes outside the AS (that came via EBGP) - the next hop is carried unaltered (IP address of the external neighbor). On multiaccess media - the IP address of the interface connected to the media. 60

61 A NEXT_HOP - Example B IBGP /24 C EBGP D /24 Router C runs an EBGP session with router D and learns the route /24. Since this is an EBGP-learnt route, the next hop will be (neighbor D interface) Router A runs an IBGP session with router C and learns the route /24. Since this is an IBGP-learnt route, locally originated, the next hop will be Router A also learns the route the route /24 from the router C. Since this is an IBGP-learnt route, externally originated, the next hop will be

62 NEXT_HOP and Multi-access Media /24 A B EBGP C OSPF Router C learns the route to /24 from router A, using OSPF. Router B runs an EBGP session with router C and learns the route /24. Question: What is the next hop to /24? Router C? Answer: Nope! Router A ( !). On multi-access media (Ethernet, FDDI etc.) a router should advertise the actual source of the route as the next hop, if the source is on the same multi-access media as the router! 62

63 NEXT_HOP and NBMA (FR, ATM) B A EBGP Frame Relay Network OSPF C /24 Router B learns the route to the network /24 from C by OSPF. If nothing specified, router B will advertise /24 to B by BGP, placing the address of router C ( ) as the next hop. Routers A and C are not directly connected by a PVC and this will fail. Solution: the router B should always install itself as the next hop for routes learnt from the router C. This is done by using next-hop-self parameter in the neighbor command. 63

64 AS_Path Attribute Sequence of AS numbers a route has traversed to reach a destination The AS originating the route adds its own AS number and forwards the update further. Each AS, receiving the update add (prepend) its own AS number at the beginning of the sequence and forwards the update further. At the end, each route will contain the sequence of AS numbers the update message has traversed. The shortest AS path is preferred! To prevent routing loops, if an AS finds itself prior in the AS sequence (which means that update traversed it once) - it will discard the update and stop forwarding it further. When traversing through the same AS (IBGP), AS_Path is left untouched. 64

65 AS_Path - Example /16 Path: 286 AS /16 Path: AS /16 Path: /16 Path: /16 Path: AS /16 Path: AS 3 AS /16 Path:

66 AS / AS_Path Prepending AS / AS / AS / AS / From AS12, there are two paths to AS300. Path is better. However, the administrator might want to prefer the other path. There are many ways to do so, of which AS number prepending is the most simple one. 66

67 AS / AS_Path Prepending AS / AS / AS / AS / When an update wants to leave the AS, AS number is prepended. That number might be prepended multiple times. For example, let s prepend AS300 three times ( ). Now, instead of , at AS12 we have Automatically, the other path ( ) will be shorter. 67

68 Local Preference Attribute Degree of preference given to a route to compare it with other routes for the same destination. The highest local preference is preferred! This attribute is defined locally in the AS. This attribute is valid for all BGP speakers within the same AS. It is being exchanged normally via IBGP, but not via EBGP. Used to set the exit point from the AS for a certain destination. It affects outgoing traffic from the AS only. Incoming traffic will still have a possibility to reach from an arbitary AS entry/exit point (unless AS path prepending or similar technique is not applied). Cisco Systems have defined a similar attribute, but valid for the local BGP speaker only - not exchanged even with other speakers in the same AS. It s called WEIGHT attribute. 68

69 A B AS 12 Local preference - Example /16 Local pref = / / /16 Local pref = 300 ISP A AS 100 ISP B AS / /16 N A P AS /16 Both AS200 and AS300 offer the route 10.91/16. However, the path to AS300 may be preferred (higher bandwidth). The administrator of the router A sets local_pref 200 for that route. The administrator of the router B sets local_pref 300 for that route. A and B exchange local_pref attributes and agree on preference. Incoming traffic may go via either link - local_pref doesn t have any impact 69on it!

70 Multi-exit Discriminator (MED) Hint to external neighbors about the preferred path into an AS with multiple exit points. The lowest MED is preferred! Exchanged between AS s. Not transitive - once it enters an AS it doesn t get transmitted in the further updates to other neighbors! When the route is originated by the AS itself, MED for it follows its IGP metric, which is useful for multiple connections to the same ISP. At the same time, MED s reflect the internal topology of an AS. Only MED s for paths from the same neighbor AS are compared. This behaviour may be changed by using always-compare-med. 70

71 MED - Example A AS10 0 MED=50 MED=200 B AS20 MED= /16 C AS500 D Routers C and D (AS200), as well as router B (AS20) offer the route to 10.91/16. Normally, router A will compare MED s from routers C and D (AS200 only!). The router A will chose MED=120 and, therefore, the route via the router C. If always-compare-med is used, it will also take into account router B MED. In that case the router A will chose MED=50 and, thus, the route via the router B. 71

72 ORIGIN Attribute Indicates the origin of the routing update, with respect to the AS that originated it. BGP considers three types of origins: IGP - the NLRI at the originating AS is learnt by an IGP EGP - the NLRI is on the origin learnt by the EGP protocol INCOMPLETE - NLRI is learnt by some other means (e.g. static) Each type of origin is associated a number: IGP=0, EGP=1, INCOMPLETE=1. The lowest ORIGIN value is preferred! 72

73 Community Attribute Group of destination, sharing some common property. Communities have no physical boundaries - they are not restricted to a network or an AS! A group of IP networks and/or AS s may form a community, for which separate routing policies may be set. Community is a transitive atttributes (passed to other AS s). Well-known communities with global meaning (reserved values); From 0x to 0x0000FFFF and from 0xFFFF0000 to 0xFFFFFFFF. NO_ADVERTISE (0xFFFFFF02) - route in this community - not to be adv. Usually, first two bytes are AS number and last is community in AS. Example: in AS256, good choice is to use 256:1 (0x ) A route may have multiple community attributes. A BGP speaker 73 may follow one, some or all community attributes in the route.

74 Community Attribute - Example AS55 ISP AS6505 Bahrain office London office Internet Regional multi-homed ISP s (AS6505, AS6711), connect two single-homed branch offices (Bahrain, Muscat). The ISP s announce their routes to their peers, using community attribute: 55:22. London office is multi-homed (AS55) - we may decide to: Use one link for general Internet traffic (but not for traffic to our offices!). Use another link for the traffic to our offices only! Solution: set the router in the London office to: ISP AS6711 Accept all routes with community set to 55:22 on the interface Serial0. Accept any other route on the interface Serial1. Muscat office 74

75 NO_EXPORT Community - Example AS / / / /24 Bahrain NO_EXPORT Muscat NO_EXPORT AS /22 N A P A customer AS100 with two offices, connected to a WAN is multi-homed. The customer has two links - each one near one of the offices. Both links are capable of routing the whole traffic, however this is not efficient. On the other hand, if we let Bahrain and Muscat offices to announce all more specific routes, they will be propagated to the NAP. Solution: set NO_EXPORT community to all routes from AS100 to AS200. Advertise only the aggregated route to the NAP. 75

76 BGP Path Selection Criteria BGP bases its decision on path selection on the attribute values. When multiple routes to a same destination exist, the following sequence of operations is being performed: If the next hop is inaccessible, the route is ignored. Prefer the path with the largest WEIGHT parameter. If the weights are same, prefer the route with the largest local preference. If the local pref s are same, prefer the routes with the shortest AS paths. If AS path length is the same, prefer the route with the loweset ORIGIN. If origins are the same, prefer the route with the lowest MED. If the routes have the same MED, prefer EBGP-learnt over IBGP-learnt. If that fails too, try to find the route with the shortest path to its next hop. If nothing other helps, the router with lower router ID will be preferred! 76

77 BGP-4 Basic Routing Policies 77

78 Objectives Redundancy Building stability by providing alternate default routes in the case of link failure. How to do it? Symmetry Configuring routes in such manner that certain traffic enters and exits an AS at the same point. Load balancing Capability to divide traffic optimally over multiple links. Typical scenarios Controlling inbound and outbound traffic when multihoming to single and different ISP s. 78

79 Redundancy Redundancy - possibility to use a backup link to the global network if the main link fails. Redundancy is one of the major goals of BGP. The most simple technique to achieve redundancy is to introduce multiple default routes inside the AS. Default route /0 - is the least specific route in the router forwarding table, that is used if more specific route for a destination does not exist (Cisco term: gateway of last resort). Default route can be learnt: Dynamically, via BGP or some IGP. Statically - manually entered by the operator - it can point to a next hop IP address, specific router interface or a remote IP network. 79

80 Dynamically Learnt Default Routes set local-pref 100 set local-pref 50 IBGP AS1 EBGP EBGP Primary AS2 Backup To achieve redundancy, default routes from multiple sources will be received. One route will always be primary, while other will be backup. Using local preference, we can always prefer one route over the other. 80

81 Statically Set Default Routes AS1 Serial0 Default route pointing to the next hop AS /18 AS /16 AS /16 N A P Default route pointing to a router interface Default route pointing to a remote IP network 81

82 Usage of Static Default Routes set local-pref 100 set local-pref 50 IBGP AS1 0/0 0/ / /16 Primary AS2 Backup The customer sets a separate default route to AS2 on each router. Each static route will point to the remote IP network 38.2 /16. Using local preference, the customer can always prefer one route over the other. 82

83 Symmetry Symmetry: traffic leaving the AS from an exit point comes back trhough the same point. In multi-homed environment symmetry is hardly achievable. In some configurations asymmetry is preferred: Inbound traffic Satellite ISP Customer network Outbound traffic 83

84 Load Balancing Capability to divide data traffic over multiple connections. Load balancing does not mean equal distribution of the load. Perfectly equal load distribution is rarely achievable. Load balancing might be done on: Outbound traffic Inbound traffic ISP A ISP A Customer ISP B Customer ISP B ISP C ISP C 84

85 Outbound Traffic Load Balancing ISP A Customer ISP B ISP C Outbound traffic load balancing mostly depends on what we ll receive from our peers. By applying appropriate attributes and route filters we can the effect of their updates. Outbound traffic will depend on the results of decision-making process of our router. 85

86 Inbound Traffic Load Balancing ISP A Customer ISP B ISP C Inbound traffic mostly depends on what we ll announce to our peers. What we announce is what traffic we ll get! For example, we may decide to announce 10.1/16 to ISP A, 10.2/16 to ISP B and 10.3/16 to ISP C. Traffic to 10.1/16 will flow from the link to ISP A, traffic to 10.2/16 from ISP B and traffic to 10.3/16 from ISP C. 86

87 Basic Topology Scenarios Cases: One customer, multihoming to a single ISP. One customer, multihoming to different ISP s. Two customers of the same ISP, with a mutual backup link. Configurations: Minimal configuration - default routes only. Primary/backup configuration. Routing with partial BGP routing table ( customer routes ). Routing with full BGP routing table (cca routes!). 87

88 Customer oubound traffic: The customer sets two separate default routes to AS2 on its router. One default will be preferred, using local preference. One default will be primary, other one backup. Multihoming to a Single ISP Default Only, Primary/Backup A ISP B AS2 AS2 Customer AS1 The user may want to apply different MED s when advertising routes. Customer inbound traffic: Customer announces its IP networks to the ISP AS2. If nothing applied by the customer, traffic will flow according to the distance between destination and POP. 88

89 Multihoming to a Single ISP Default Only, Primary/Backup + Partial Routing Outbound: prefer link via A to reach C1 and C2, link B for others. Inbound: prefer link via A to reach X, Y; link via B to reach Z. Default route: link to the location B is primary, with backup to A. C1 C2 C3 C4 AS2 ISP A B MED X, Y: 200 other: 300 A Local_pref: C1, C2: 300 other: 200 MED Z: 200 other: 250 Local_pref: C3, C4: 300 other: 250 B AS1 X Y Z 89

90 Multihoming to Multiple ISP s Default only, Primary/Backup A AS2 B AS3 Customer oubound traffic: The customer sets default routes to AS2 and AS3 on its router. The default should point to a remote network out of ISP A and ISP B network. One default will be preferred, using local preference. Customer AS1 MED s cannot be used here! Another approach must be used!!! Customer inbound traffic: Customer announces its IP networks to the ISP AS2. If nothing applied by the customer, traffic will flow according to the distance between destination and POP. 90

91 Multihoming to Multiple ISP s Default only, Primary/Backup + Partial Routing Outbound: prefer link via A to reach C1 and C2, link B for others. Default route: link to the location B is primary, with backup to A. AS2 C1 A C2 C3 B C4 AS3 A Local_pref: C1, C2: 300 other: 200 Local_pref: C3, C4: 300 other: 250 B AS1 X Y Z 91

92 Multihoming to Multiple ISP s Inbound Traffic (AS_Path Prepending Technique) Task: Use AS2 to reach network X, while AS3 to reach network Y and others. AS22 AS_Path: X: X: Y: Y: X AS50 AS_Path: X: Y: Customer AS_Path: X: Y: AS23 AS_Path: X: Y: 21 Y AS100 AS21 92

93 Task: Customers of the Same ISP + Mutual AS1: 1 Customer AS1 Backup ISP AS10 From AS1 and AS2 use links to AS10 to access all sites. Customer AS2 If any of the links to AS10 fails, allow transit through the remaining link. AS1 - outbound traffic: AS1: Use two default routes, with preference set for default to AS10. AS1 - inbound traffic: AS1: To AS10 announce routes from AS1, without prepending anything. To AS2 announce routes from AS1, but prepend AS1 at least 3 times. 93

94 Thanks! 94