BGP Configuration for a Transit ISP

Similar documents
BGP and the Internet

BGP and the Internet

Module 14 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Service Provider Multihoming

Service Provider Multihoming

Service Provider Multihoming

BGP Multihoming Techniques

IPv6 Module 16 An IPv6 Internet Exchange Point

Service Provider Multihoming

Module 16 An Internet Exchange Point

BGP and the Internet. Enterprise Multihoming. Enterprise Multihoming. Medium/Large ISP Multihoming. Enterprise Multihoming. Enterprise Multihoming

BGP Multihoming Techniques

Advanced Multihoming. BGP Traffic Engineering

BGP in the Internet Best Current Practices

Multihoming Techniques. bdnog8 May 4 8, 2018 Jashore, Bangladesh.

Module 12 Multihoming to the Same ISP

BGP Policy Control. ISP Workshops. Last updated 17 May 2014

IPv4/IPv6 BGP Routing Workshop. Organized by:

Module 18 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Lab 3 Multihoming to the Same ISP

Introduction to BGP. ISP/IXP Workshops

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008

Multihoming Complex Cases & Caveats

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

Module 13 Multihoming to Different ISPs

BGP Policy Control. ISP Workshops

BGP Attributes and Path Selection

APNIC elearning: BGP Basics. 30 September :00 PM AEST Brisbane (UTC+10) Revision: 2.0

BGP Multihoming Techniques

Module 8 Multihoming Strategies Lab

BGP and the Internet

BGP Attributes and Policy Control

Using BGP Communities

Lab 2 BGP route filtering and advanced features

BGP Attributes and Policy Control

LACNIC XIII. Using BGP for Traffic Engineering in an ISP

BGP Best Current Practices. ISP/IXP Workshops

BGP Tutorial Part 3 Multihoming

Module 10 An IPv6 Internet Exchange Point

Using BGP Communities

BGP for Internet Service Providers

BGP Attributes and Policy Control

Monitoring BGP. Configuring the Router

BGP Multihoming Techniques

Simple Multihoming. ISP Workshops. Last updated 9 th December 2015

Module 19 Internet Exchange Points

BGP Multihoming Techniques

BGP for Internet Service Providers

Route Filtering. Types of prefixes in IP core network: Internal Prefixes External prefixes. Downstream customers Internet prefixes

BGP Multihoming Techniques

BGP Multihoming ISP/IXP Workshops

Introduction to BGP ISP/IXP Workshops

BGP Multihoming Techniques Philip Smith NANOG October 2005 Los Angeles

BGP Case Studies. ISP Workshops

BGP on IOS: Getting Started

BGP Best Current Practices. ISP/IXP Workshops

BGP in the Internet Best Current Practices

BGP route filtering and advanced features

BGP Multihoming. ISP/IXP Workshops

Recommended IOS Releases. BGP in the Internet. Which IOS? Which IOS? 12.2 IOS release images IOS release images is the old mainline train

Lab Guide 2 - BGP Configuration

Route Filtering. Types of prefixes in IP core network: Internal Prefixes External prefixes. Downstream customers Internet prefixes

Introduction to BGP. BGP Basics BGP. Border Gateway Protocol. Path Vector Protocol. Path Vector Protocol INET 2000 NTW

BGP Techniques for ISP. Terutaka Komorizono

Routing Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols

Simple Multihoming. ISP Workshops. Last updated 25 September 2013

IPv6 Module 7 BGP Route Filtering and Advanced Features

Network Layer (Routing)

Border Gateway Protocol - BGP

BGP and the Internet. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability

BGP Best Current Practices. Recommended IOS Releases. Which IOS? Which IOS? 12.4 IOS release images IOS release images

BGP4 workshop scenario

Routing Basics. ISP Workshops. Last updated 10 th December 2015

Module 3 BGP route filtering and advanced features

BGP made easy. John van Oppen Spectrum Networks / AS11404

BGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India

DE-CIX Academy: BGP Introduction. Notice of Liability. BGP Configuration Examples. Network Diagram for all examples. Links and Examples

Simple Multihoming. ISP Workshops

Routing Basics. Campus Network Design & Operations Workshop

BGP Multihoming Techniques. Philip Smith APRICOT February 2009 Manila, Philippines

IPv6 Module 6x ibgp and Basic ebgp

BGP Best Current Practices

2016/01/17 04:05 1/19 Basic BGP Lab

BGP Attributes and Policy Control. BGP Attributes. BGP Attributes. Agenda. What Is an Attribute? AS-Path. ISP/IXP Workshops.

BGP. BGP Overview. BGP Operation. BGP Neighbors

Multihoming Case Study

Multihoming with BGP and NAT

Routing Basics. ISP Workshops

BGP101. Howard C. Berkowitz. (703)

Connecting to a Service Provider Using External BGP

BGP Attributes and Policy Control. BGP Attributes. Agenda. What Is an Attribute? AS-Path. AS-Path loop detection. BGP Attributes

BGP Best Current Practices

IPv6 Module 6 ibgp and Basic ebgp

Lecture 18: Border Gateway Protocol

Introduction to IP Routing. Geoff Huston

EE 122: Inter-domain routing Border Gateway Protocol (BGP)

Enhanced Feasible-Path Unicast Reverse Path Filtering draft-sriram-opsec-urpf-improvements-01

Routing Control at Peering Points. HKNOG 0.1 Raphael Ho

internet technologies and standards

DE-CIX Academy: BGP - Multihoming

Transcription:

BGP Configuration for a Transit ISP ISP Workshops Last updated 24 April 2013 1

Definitions p Transit carrying traffic across a network, usually for a fee n traffic and prefixes originating from one AS are carried across an intermediate AS to reach their destination AS p Peering private interconnect between two ASNs, usually for no fee p Internet Exchange Point common interconnect location where several ASNs exchange routing information and traffic 2

ISP Transit Issues p What to announce to BGP customers n Default route n Full BGP table p What to receive from BGP customers n Only the prefixes they are entitled to originate n Only the prefixes they have informed you they will originate n ie: filter filter filter 3

To BGP Customers p Default route: n This is all that most BGP customers require to receive p Full BGP table: n Useful for BGP customers who are multihoming between you and other providers p Common principle: n Offer BGP customers the two options above n Customisation does NOT scale 4

From BGP Customers p Only accept the prefixes which your customer is entitled to originate p If your customer hasn t told you he is providing transit to his BGP customers, don t accept anything else he may announce p The importance of filtering can t be overstated p Use the Internet Routing Registry and related tools to simplify configuration 5

ISP Transit Issues Many mistakes are made on the Internet today due to incomplete understanding of how to configure BGP for transit 6

ISP Transit Provider Simple Example 7

ISP Transit p AS130 and AS100 are stub/customer ASes of AS120 n They may have their own peerings with other ASes n Minimal routing table desired n Minimum complexity required 8

ISP Transit AS 120 AS 130 B A D AS 100 C p AS120 is transit provider between AS130 and AS100 9

AS130 Customer p Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream out neighbor 122.12.10.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 121.10.0.0/19 ip route 121.10.0.0 255.255.224.0 null0 10

AS120 Transit Provider p Router B Configuration router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 default-originate neighbor 122.12.10.1 prefix-list Customer130 in neighbor 122.12.10.1 prefix-list default out ip prefix-list Customer130 permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0 Sends default route to specified neighbour p Router B announces default to Router A, only accepts customer /19 11

AS120 Transit Provider p Router C Configuration router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list Customer100 in neighbor 122.12.20.1 prefix-list default out ip prefix-list Customer100 permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 Sends default route to specified neighbour p Router C announces default to Router D, only accepts customer /19 12

AS100 Customer p Router D Configuration router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list upstream out neighbor 122.12.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 109.0.0.0/19 ip route 109.0.0.0 255.255.224.0 null0 13

ISP Transit p This is simple case: n if AS130 or AS100 get another address block, they have to change their prefix filters and ask AS120 to do the same p Some ISP transit providers are better skilled at doing this than others n May not scale if they are frequently adding new prefixes n The Internet Routing Registry is an alternative mechanism allowing semi-automation of this activity 14

ISP Transit Provider More complex Example 1 15

ISP Transit p AS130 and AS100 are stub/customer ASes of AS120 p AS120: n Provides transit between AS130 and AS100 n Does not provide full Internet access to AS130 n Provides full Internet access for AS100 16

ISP Transit Rest of Internet AS 120 AS 130 B A D AS 100 C p AS120 is transit provider between AS130 and AS100 17

AS130 Customer p Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list as130-prefixes out neighbor 122.12.10.2 prefix-list bogons in ip prefix-list as130-prefixes permit 121.10.0.0/19 The bogons prefix list contains prefixes which should not appear in the Internet Routing System ip route 121.10.0.0 255.255.224.0 null0 18

AS120 Transit Provider p Router B Configuration router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 prefix-list as130-cust in neighbor 122.12.10.1 prefix-list bogons out neighbor 122.12.10.1 filter-list 15 out ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$ ip prefix-list as130-cust permit 121.10.0.0/19 p Router B announces AS120 and AS100 prefixes to Router A, only accepts customer /19 19

AS120 Transit Provider p Router C Configuration router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list as100-cust in neighbor 122.12.20.1 prefix-list default out ip prefix-list as100-cust permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 p Router C announces default to Router D, only accepts customer /19 20

AS100 Customer p Router D Configuration router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list as100-prefix out neighbor 122.12.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list as100-prefix permit 109.0.0.0/19 ip route 109.0.0.0 255.255.224.0 null0 21

ISP Transit p AS130 only hears AS120 and AS100 prefixes n Inbound AS path filter on Router A is optional, but good practice (never trust a peer) n Inbound bogon prefix-list filters are considered mandatory on all Internet peerings p See the next transit example for a typical bogon list n (Consult BGP BCP presentation for more information on BGP best practices) 22

ISP Transit Provider More complex Example 2 23

ISP Transit p AS130 and AS100 are stub/customer ASes of AS120 n AS130 has many customers with their own ASes p AS105 doesn t get announced to AS120 n AS120 provides transit between AS130 and AS100 24

ISP Transit AS 120 AS 130 B A AS 105 AS 104 D AS 100 C AS 101 AS 102 AS 103 p AS130 has several customer ASes connecting to its backbone 25

AS130 Customer p Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream-out out neighbor 122.12.10.2 filter-list 5 out neighbor 122.12.10.2 prefix-list upstream-in in ip route 121.10.0.0 255.255.224.0 null0 250..next slide 26

AS130 Customer AS-path filters ip as-path access-list 5 permit ^$ ip as-path access-list 5 permit ^(101_)+$ ip as-path access-list 5 permit ^102$ ip as-path access-list 5 permit ^103$ ip as-path access-list 5 permit ^104$ ip as-path access-list 5 deny ^105_..next slide 27

AS130 Customer Outbound Bogon prefixes to be blocked to ebgp peers ip prefix-list upstream-out deny 0.0.0.0/8 le 32 ip prefix-list upstream-out deny 10.0.0.0/8 le 32 ip prefix-list upstream-out deny 127.0.0.0/8 le 32 ip prefix-list upstream-out deny 169.254.0.0/16 le 32 ip prefix-list upstream-out deny 172.16.0.0/12 le 32 ip prefix-list upstream-out deny 192.0.2.0/24 le 32 ip prefix-list upstream-out deny 192.168.0.0/16 le 32 ip prefix-list upstream-out deny 224.0.0.0/3 le 32 ip prefix-list upstream-out deny 0.0.0.0/0 ge 25 Extra prefixes ip prefix-list upstream-out deny 121.10.0.0/19 ge 20 ip prefix-list upstream-out permit 0.0.0.0/0 le 32...next slide 28

AS130 Customer Inbound Bogon prefixes to be blocked from ebgp peers ip prefix-list upstream-in deny 0.0.0.0/8 le 32 ip prefix-list upstream-in deny 10.0.0.0/8 le 32 ip prefix-list upstream-in deny 127.0.0.0/8 le 32 ip prefix-list upstream-in deny 169.254.0.0/16 le 32 ip prefix-list upstream-in deny 172.16.0.0/12 le 32 ip prefix-list upstream-in deny 192.0.2.0/24 le 32 ip prefix-list upstream-in deny 192.168.0.0/16 le 32 ip prefix-list upstream-in deny 224.0.0.0/3 le 32 ip prefix-list upstream-in deny 0.0.0.0/0 ge 25 Extra prefixes ip prefix-list upstream-in deny 121.10.0.0/19 le 32 ip prefix-list upstream-in permit 0.0.0.0/0 le 32 29

AS120 Transit Provider p Router B Configuration router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 prefix-list bogons in neighbor 122.12.10.1 prefix-list bogons out neighbor 122.12.10.1 filter-list 10 in neighbor 122.12.10.1 filter-list 15 out ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$ p Router B announces AS120 and AS100 prefixes to Router A, and accepts all AS130 customer ASes 30

AS120 Transit Provider p Router C Configuration router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list Customer100 in neighbor 122.12.20.1 prefix-list default out ip prefix-list Customer100 permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 p Router C announces default to Router D, only accepts customer /19 31

AS100 Customer p Router D Configuration router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list upstream out neighbor 122.12.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 109.0.0.0/19 ip route 109.0.0.0 255.255.224.0 null0 32

ISP Transit p AS130 only hears AS120 and AS100 prefixes n inbound AS path filter on Router A is optional, but good practice (never trust a peer) n Special Use Address prefix-list filters are required on all Internet peerings p This situation is getting more complex, and you can see the BGP configuration could easily get out of hand n Solution: BGP Communities 33

ISP Transit Provider More complex Example 3 34

ISP Transit p AS130 and AS100 are stub/customer ASes of AS120 n AS130 has many customers with their own ASes p AS105 doesn t get announced to AS120 n AS120 provides transit between AS130 and AS100 p Same example as previously but using communities 35

ISP Transit AS 120 B A AS 130 E AS 105 AS 104 D AS 100 C AS 101 AS 102 AS 103 p AS130 has several customer ASes connecting to its backbone 36

AS130 Customer p Router A configuration is greatly simplified n All prefixes to be announced to upstream are marked with Community 130:5100 n Route-map on outbound peering implements community policy n Bogon prefix-lists still required 37

AS130 Customer p Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 route-map setcomm neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream-out out neighbor 122.12.10.2 route-map to-as120 out neighbor 122.12.10.2 prefix-list upstream-in in ip route 121.10.0.0 255.255.224.0 null0 250...next slide 38

AS130 Customer ip community-list 5 permit 130:5100 Set community on local prefixes route-map setcomm permit 10 set community 130:5100 route-map to-as120 permit 10 match community 5 p upstream-in and upstream-out prefix-lists are the same as in the previous example they simply deny bogon prefixes and allow everything else 39

AS130 Customer p Router E Configuration router bgp 130 neighbor x.x.x.x remote-as 101 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer101 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out neighbor x.x.x.x remote-as 102 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer102 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out...next slide 40

AS130 Customer neighbor s.s.s.s remote-as 105 neighbor s.s.s.s default-originate neighbor s.s.s.s prefix-list customer105 in neighbor s.s.s.s route-map no-transit in neighbor s.s.s.s prefix-list default out Set community on ebgp customers announced to AS120 route-map bgp-cust-in permit 10 set community 130:5100 route-map no-transit permit 10 set community 130:5199 p Notice that AS105 peering is put into a different community one that is not announced to AS130 s 41 upstream

ISP Transit p AS130 only announces the community 130:5100 to AS120 p Notice how Router E tags the prefixes to be announced to AS120 with community 130:5100 p More efficient to manage than using filter lists 42

Summary 43

Summary p Being a transit provider is simply a case of working out a scalable filtering policy n Default or full routes to a customer n Accept only customer prefixes n Use communities for scaling p (More details in the BGP Communities Presentation) 44

BGP Configuration for a Transit ISP ISP Workshops 45

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback