BGP-v4 Theory and Practice - PDF Free Download

BGP-v4 Theory and Practice Dr Nenad Krajnović krajko@etf.bg.ac.rs 1

BGP-4 Border Gateway Protocol (Principles of Operation) 2

BGP-4 (Border Gateway Protocol - RFC 1771, 4271) Exchanges inter-as routing information, between two routers in the same or different AS (BGP speakers, border routers, peers). A TCP connection (port 179) must be established between peers. Upon startup, the whole (or partial routing table) is exchanged. Later, only incremental NLRI is exchanged, depending on inter- AS link states. Supports policy-based routing (policies). All routing policies, based on the hop-by-hop paradigm are supported by the BGP-4. Supports route aggregation, saving router memory and inter-as communication link bandwidth usage. Supports CIDR. 3

BGP-4 - Messages BGP-4 uses four standard types of messages: OPEN - used to negotiate neighbor parameters. UPDATE - used to exchange NLRI between the BGP speakers. NOTIFICATION - used to report errors. KEEPALIVE - used to check inter-bgp-speaker link availability. OPEN - contains: version, AS number, hold time, router ID (highest IP address on the router, or highest loopback address). NOTIFICATION - contains the error code. KEEPALIVE - sent periodically to assure availability of the link between BGP speakers, at rate less than hold timer. If hold timer expires, the BGP session is closed and the routes withdrawn. UPDATE - used to exchange NLRI. 4

BGP-4 Message header format Marker (16 octets) All bits must be set to 1. Length (2 octets) Type (1 octet) Type codes: 1 OPEN message 2 UPDATE message 3 NOTIFICATION message 4 KEEPALIVE message 5

How BGP-4 Works? Two BGP speakers, located in the same or different AS s establish a TCP connection (port 179). The BGP speakers exchange OPEN messages, to negotiate parameters. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Initially, the whole routing table is exchanged. Later, only incremental changes are being exchanged. Upon receiving an update, a BGP speaker decides whether to accept it or not and whether or not to announce it further. Data used in decision-making process are: Route to the destination already existing in the routing table (if it does exist). Routing policies, set locally by the network administration. Routing policies, set by the neighbor network administrators. Decision-making process might result in Installing a new route in the routing table Ignoring the update, but announcing it further. Total ignorance of the update, without announcing it further. 6

BGP-4 OPEN Message format Version (1) BGP-4 standard header (19 octets) My Autonomous System (2) Opt Param Len (1) Hold Time (2) BGP Identifier (4) Optional parameters (variable) 7

UPDATE Message Format Message header WL PL <- Widthdrawn route list length (2 bytes) Route 1 Route 2 Route 3... <- Path attributes list length (2 bytes) Path Attribute 1 Path Attribute 2 Path Attribute 3 NLRI route 1 NLRI route 2 NLRI route 3 Route format: Prefix length Prefix address AS_PATH: Flags 2 #AS's AS 1 AS 2......... 8

BGP Path Attributes Attributes - set of parameters used to keep track of route-specific information (path, route preferences, next hop, aggregation etc.). Used in decision-making process of a BGP process on the routers. Format: attribute type, attribute length, attribute value Well-known attributes - must be supported by all implementations: Well-known mandatory - must be present in each update (e.g. AS path) Well-known discretionary - may or may not be present in each update Optional attributes - not required by all BGP implementations: Optional transitive - the attribute must be passed to other BGP speakers. Optional non-transitive - should be ignored and not passed to others. 9

Review of BGP Path Attributes Code Attribute Name Cat. Short description 1 Origin WK-M Origin of info (IGP/EGP/incomplete) 2 AS_Path WK-M List of traversed AS numbers 3 Next_hop WK-M IP address of next hop to destination 4 Multi_exit_disc Opt-NT Advise other AS on path selection 5 Local_pref WK-D Used in path select. within a local AS 6 Atomic_aggr WK-D Used to control route aggregation 7 Aggregator Opt-T Used to control route aggregation 8 Community Opt-T Grouping of routes with same policies 10

Basic Mode of Operation 147.91 /16 Path: 286 AS 27 147.91 /16 Path: 27-286 AS 286 147.91 /16 Path: 286 147.91 /16 Path: 27-3 - 286 147.91 /16 Path: 27-286 AS 5377 147.91 /16 Path: 11-3 - 286 AS 3 AS 11 147.91 /16 Path: 3-286 11

AS 2 Basic Routing Configurations Multi-homed AS Multiple neighbors, no transit! AS 5377 Transit AS Transit AS Full transit AS 27 Stub AS Only one neighbor AS AS 3 AS 11 12

Stub AS Customer AS 6701 10.91 /16 172.16.64 /18 ISP AS 27 Customer AS 6701 must be visible from the Internet. Thus, AS6701 has to announce its IP networks to AS 27. That will allow incoming traffic to 6701 to flow. The ISP AS27 must provide enough information to AS6701. Thus, they will have to announce ANY information they have. Alterately, they will announce a default route only. 13

Stub AS - a Better Approach Customer AS 65500 10.91 /16 172.16.64 /18 ISP AS 27 Announce 10.91/16 172.16.64/18 origin: AS27 AS numbers are a limited resource (only 65535 numbers!). IANA has reserved the range 64512-65535 for private AS s. Private AS numbers do not get included in the AS path attribute. Thus, the customer might want to use a private AS number (say, AS65500). The customer will announce their networks to the ISP (AS27). Since the private AS number is ignored, all routing information will look like it originated from AS27. 14

Customer 10.91 /16 172.16.64 /18 Stub AS - the Best Solution ISP AS 27 Running BGP-4 with a stub AS is not recommended at all. In the stub AS case, BGP-4 only wastes link bandwidth! Recommended solution: place the customer s network in the ISP AS (AS 27). the customer will announce routes to the ISP using an IGP, or the ISP will use static routes to the customer. the customer will place a default (0.0.0.0/0) route to the ISP. 15

Multi-homed Non-transit AS AS 27 AS 12 AS 5377 Task: AS12 wants to use links to AS27 and AS5377 for load balancing. AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. AS12 will announce its networks only to AS 27 and AS 5377. AS27 and AS5377 must provide full routing information they have to AS12. Full global IP routing table (has 242485 routes) is necessary for load sharing! It is also possible to have partial IP routing information. Partial or full routing information must be announced by both AS27 and AS5377. 16

Preventing Dirty Games AS 27 10.12/16 Static route to 10.12 /16 AS 12 10.1/16 AS 5377 10.91/16 Task: Static route to 10.91 /16 AS12 doesn t want to allow traffic from AS5377 to AS27 to pass through it. Problem: AS27 and AS5377 may place static routes to each other and to cheat on AS12. Solution: Apply access-class class 101 in on the interfaces to both ISP s (AS27, AS5377). The access-list 101 would be of the form: access-list 101 permit ip any 10.1.0.0 0.0.255.255 access-list 101 deny ip any any 17

AS 4 Transit AS AS 27 10.12/16 AS 12 10.1/16 AS 5377 10.91/16 Transit may be full or restricted. Full transit assumes passing traffic from any AS to any other AS. Restricted transit assumes passing traffic coming from certain AS s to certain other AS s. Transit routing policies need not to be symmetrical, though it is desirable they are. Examples: Consider AS12, passing traffic between AS27 and AS5377. AS12 may want to pass traffic from AS27 to AS5377, but not in the opposite way. AS12 may want to pass traffic from AS4, coming through AS27 to AS5377. 18

Transit AS - an Example AS 4 AS 5 AS 27 10.12/16 AS 12 10.1/16 AS 5377 10.91/16 announce announce AS5377 Task: AS27, AS4 To AS5377, AS12 wants to provide transit service for AS27 and AS4. To AS27, AS12 wants to provide transit service for AS5377, but not for AS5. AS12 itself will use both links to AS27 and AS5377, with default to AS27. Solution: To AS5377, AS12 will announce all routes from AS27 and AS4. To AS27, AS12 will announce all routes from AS5377, but not routes from AS5. Accept anything AS27 and AS5377 announce, except default from AS5377. Accept default route from AS27. 19

Basic BGP-4 Routing Configurations Review Stub AS: Standalone AS, connected to its neighbor using a single logical link. Explicitly forbidden (RFC 1930), except as a temporary solution in the initial phase of a new AS setup. If BGP is needed anyway, use a private AS number (64512-65536)! Multi-homed, non-transit AS: Customer AS X, connected to two or more different AS s. Transit from one neighbor network to another using AS X is not allowed! Tranzitni AS (Transit AS): Customer AS X, connected to two or more different AS s. The customer allows partial or full transit to its neighbors. Backbone ISP s orpeate in full-transit mode, to ensure global connectivity. 20

BGP-4 Border Gateway Protocol (Setting up and Running) 21

Scope of this Section Setting up a BGP-4 connection between peer routers Passing BGP-4 information inside of the AS Injecting routing information into BGP Decision-making process BGP attributes and their usage Path Selection Criteria. 22

Establishing a BGP-4 Session AS1 AS2 AS3 BGP-4 peer routers must be directly physically connected! AS1 AS3 That is not always possible: some AS s have multiple exit points AS2 some routers cannot run BGP Possible solutions: Internal BGP (IBGP) AS1 AS3 External BGP (EBGP) multi-hop AS2 23

BGP basic configuration Basic commands to activate peer connection: router bgp autonomous_system_number enable BGP routing process network network_number mask network_mask define network which will be advertised neighbor neighbor_ip_address remote_as AS_number define neighbor and his AS number 24

BGP basic configuration - EBGP 192.168.1.0/24 RTR A AS 65300 192.168.5.1 192.168.5.2 RTR B 192.168.4.0/24 AS 65400 EBGP router bgp 65400 network 192.168.4.0 mask 255.255.255.0 neighbor 192.168.5.1 remote-as 65300 router bgp 65300 network 192.168.1.0 mask 255.255.255.0 neighbor 192.168.5.2 remote-as 65400 25

BGP basic configuration - IBGP 192.168.5.2 192.168.5.1 AS 65300 192.168.4.0/24 IBGP router bgp 65300 neighbor 192.168.5.2 remote-as 65300 26

BGP basic configuration Sometimes, two EBGP speakers cannot be directly connected, or we like to use IP address of the loopback interface as a next hop. In those situations, we must use multi hop option. neighbor IP_address ebgp-multihop define that neighbor is NOT directly connected neighbor IP_address update-source interface define another IP address source You must ensure visibility of other address! 27

BGP basic configuration - using other IP address for peering Loopback Interface 0 172.16.1.1 192.168.3.1 Serial 0 192.168.3.2 192.168.1.0/24 AS 65100 192.168.4.0/24 AS 65400 router bgp 65100 neighbor 192.168.3.2 remote-as 65400 neighbor 192.168.3.2 update-source loopback 0 router bgp 65400 neighbor 172.16.1.1 remote-as 65100 neighbor 172.16.1.1 ebgp-multihop! ip route 172.16.1.1 255.255.255.255 serial 0 28

BGP basic configuration - BGP multihop EBGP 192.168.5.2 192.168.3.1 192.168.5.1! Loopback Interface 0 172.16.1.1 192.168.3.2 AS 65300 AS 65100 router bgp 65300 neighbor 192.168.3.1 remote-as 65100 neighbor 192.168.3.1 ebgp-multihop neighbor 192.168.3.1 update-source loopback0 router bgp 65100 neighbor 172.16.1.1 remote-as 65300 neighbor 172.16.1.1 ebgp-multihop! ip route 172.16.1.1 255.255.255.255 serial0 29

Passing BGP Information Inside an AS An AS might have a single or (more often) multiple exit points. Information learnt via BGP-4 from one exit point must be passed along the AS to all other exit points. This can be done using two different approaches: Establish an internal BGP (IBGP) session between border routers. Redistribute BGP information into an IGP on entry and back to BGP on exit. The first approach is better, since it preserves route attributes. The latter approach might result in complete loss of BGP attributes. Two basic rules are applied when passing BGP information out: Do not advertise a network without checking whether it is internally reachable within the AS. Do not advertise an external route, until all routers within AS don t learn it (the rule of Synchronization)! 30

AS 2 External and Internal BGP (EBGP, IBGP)? AS 5377 AS 27 External BGP Peering between different AS s Internal BGP Internal BGP Peering inside of an AS AS 11 31

Another Solution - Use of an IGP (OSPF, RIPv1, RIPv2 ) AS 2 External BGP Peering between different AS s AS 27 AS 5377 External BGP BGP attributes received from AS2 are lost!!! IGP (RIP, OSPF) Routing information exchange using IGP s AS 11 32

BGP Continuity Inside of an AS A C EBGP IBGP IBGP B IBGP EBGP EBGP To avoid routing loops inside the AS, BGP does not advertise routes learnt from other IBGP peers to other internal BGP peers. Router A will advertise its EBGP routes to B, but B won t pass them to C. Router C will advertise its EBGP routes to B, but B won t pass them to A. Router B will advertise its EBGP routes to A and C. Apparently, there is a need for an IBGP session between routers A and C! The IBGP sessions must be fully-meshed inside an AS! 33

EBGP 10.91/16 Synchronization Within an AS A B1 IBGP B2 C B3 Router A receives update for 10.91/16, via EBGP from its neighbor. 10.91/16 EBGP Router A passes the update to the router C, using the existing IBGP session. Router C passes the update to its neighbor, router D, using EBGP. Upon receiving update, router D can send traffic for 10.91/16 via router C. Router C receives this and passes it to router B3, which doesn t know of 10.91/16! D BGP must not advertise a route outside the AS, until the route is learnt by all routers within the AS, either statically or by IGP! This default behaviour may be turned off, if needed! 34

BGP basic configuration - synchronization BGP and IGP synchronization With no synchronization command you can turn off synchronization between BGP and IGP process. Synchronization is very important in situation where you have IBGP connection through router which is NOT running IBGP. 35

To: 192.168.4.1 192.168.5.1 BGP basic configuration 192.168.5.2 IGP IBGP 192.168.5.10 IGP routing table: 0.0.0.0 192.168.5.1 192.168.5.9 192.168.3.1 192.168.3.2 EBGP AS 65300 EBGP 192.168.1.0/24 AS 65100 router bgp 65300 neighbor 192.168.3.2 remote-as 65100 neighbor 192.168.5.9 remote-as 65300 no synchronization 192.168.4.0/24 AS 65400 WITHOUT synchronization 36

BGP basic configuration 192.168.5.2 192.168.5.10 routing table: 0.0.0.0 192.168.5.1 IGP IGP To: 192.168.4.1 192.168.3.1 192.168.3.2 192.168.5.1 EBGP IBGP AS 65300 192.168.5.9 EBGP 192.168.1.0/24 AS 65100 router bgp 65300 neighbor 192.168.3.2 remote-as 65100 neighbor 192.168.5.9 remote-as 65300 192.168.4.0/24 AS 65400 WITH synchronization 37

Injecting Routes into BGP Routes may be injected into BGP: Statically (redistribute static) Semidynamically (network command) Dynamically (from an IGP) Statically injected routes are stable, but it must be assured that the route goes down when the link goes down (interface-associated). Semidynamic method is more effective - it allows injection of a selected set of IGP routes. This method assures good stability! Dynamical injection of the whole IGP routing table is not recommended, unless there is a substantial degree of control within the AS and there is a large number of network prefixes. 38

Common Injection Problems Injection of private IP addresses (RFC 1918) Injection of reserved and unallocated addresses Injection of small networks, filtered by some backbone ISP s Injection of a classful network - lack of ip classless command Best known case - network 62/8, upon startup of its exploatation. Unstable routes, route flapping Paperwork and procedural problems Injection without proper documenting in an Internet routing registry (IRR) Inconsistency between the data in the IRR and the applied routing policy Changing routing policy, without notificating ANS. 39

BGP basic configuration - injecting information Information about networks can be injected via 3 different ways: with network command - this is only possibility to announce a network; network will be announced only if router know how to route this network with redistribute static routes with redistribute from some IGP protocol 40

BGP basic configuration - injecting information AS 65100 172.16.1.2 172.16.1.1 AS 65300 1.1.1.0/24 router bgp 65100 neighbor 172.16.1.1 remote-as 65300 network 192.168.2.0 mask 255.255.255.0 redistribute static redistribute ospf 16! ip route 192.168.40.0 255.255.255.0 1.1.1.2! router ospf 16 network 1.1.0.0 255.255.0.0 area 0 41

Backdoors Protocol Distance Direct 0 Static 1 EBGP 20 EIGRP (int.) 90 IGRP 100 OSPF 110 ISIS 115 RIP 120 EGP 140 EIGRP (ext.) 170 IBGP 200 BGP Local 200 Unknown 255 Learning of routing information from different routing protocols is very common. For example, the same route (say, 10.91/16) may be learnt via BGP (from another BGP speaker), OSPF (from a router inside of AS), static route etc. Table of precedence is given on the left - less distance, more preference. The values are changeable. 42

10.1/16 A AS 1 Backdoors - Example 10.1/16 EBGP 10.1/16 OSPF B AS 2 10.1/16 EBGP C AS 3 Routers A, B and C learn about the same route (10.1/16) using EBGP sessions. However, a direct line between border routers A and C is established. If the routing information between A and C is exchanged using OSPF, then: Router B will announce 10.1/16 to C, distance value being 20. Router A will annoucne 10.1/16 to C, using OSPF, distance value being 110. Thus, route via AS2 and router B will always have a precedence. This can be changed used a network a.b.c.d backdoor command, which raises distance value to 200, placing it less preferred than OSPF. 43

Decision-making Process Updates Input policies BGP routing table IP routing table Output policies Updates The router receives a pool of routes from its peers, by BGP updates. Input policies are being performed to filter-out update messages. BGP routing table is being updated and the best route selected. The best route gets installed in the IP routing table. A set of output policies is being used to determine what routes should be advertised further, with what attributes. BGP attributes - play the most important role in the route selection process! 44

NEXT_HOP Attribute With most IGPs, the next hop to a route is the IP address of the connected interface of the router that has announced the route. When speaking of BGP, the next hop is: EBGP - the IP address of the neighbor that announced the route. IBGP - For routes originated inside the AS - the IP address of the neighbor that announced the route. For routes outside the AS (that came via EBGP) - the next hop is carried unaltered (IP address of the external neighbor). On multiaccess media - the IP address of the interface connected to the media. 46

A NEXT_HOP - Example 3.3.3.3 B 2.2.2.2 IBGP 10.91.1/24 C 1.1.1.1 D 10.91.8/24 Router C runs an EBGP session with router D and learns the route 10.91.8/24. Since this is an EBGP-learnt route, the next hop will be 1.1.1.1 (neighbor D interface) Router A runs an IBGP session with router C and learns the route 10.91.1/24. Since this is an IBGP-learnt route, locally originated, the next hop will be 2.2.2.2. Router A also learns the route the route 10.91.8/24 from the router C. Since this is an IBGP-learnt route, externally originated, the next hop will be 1.1.1.1. 47

NEXT_HOP and Multi-access Media 11.1.2/24 A B EBGP C 10.91.8.3 10.91.8.1 OSPF 10.91.8.2 Router C learns the route to 11.1.2/24 from router A, using OSPF. Router B runs an EBGP session with router C and learns the route 11.1.2/24. Question: What is the next hop to 11.1.2/24? Router C? Answer: Nope! Router A (10.91.8.3!). On multi-access media (Ethernet, FDDI etc.) a router should advertise the actual source of the route as the next hop, if the source is on the same multi-access media as the router! 48

NEXT_HOP and NBMA (FR, ATM) B A 10.91.1.1 Frame Relay Network 10.91.1.2 10.91.1.3 C 11.11.11/24 Router B learns the route to the network 11.11.11/24 from C by OSPF. If nothing specified, router B will advertise 11.11.11/24 to A by BGP, placing the address of router C (10.91.1.3) as the next hop. Routers A and C are not directly connected by a PVC and this will fail. Solution: the router B should always install itself as the next hop for routes learnt from the router C. This is done by using next-hop-self parameter in the neighbor command. 49

BGP basic configuration - next hop attribute Next hop attribute is defining next hop interface to reach IP address (network). In BGP, next hop attribute is taking 3 different values: EBGP - the next hop is the IP address of the neighbor that announced the route IBGP - for routes originated inside the AS, the next hop is the IP address of the neighbor that announced the route IBGP - for routes injected into the AS via EBGP, the next hop is the IP address of the EBGP neighbor from which the route was learned when the route is advertised on a multiaccess media, the next hop is the IP address of interface of router, connected to that media, that originated the route 50

BGP basic configuration - next hop attribute Next hop attribute Inside an AS, in some situation it is necessary to modify value of next hop attribute. This is very important attribute for network reachability, especially if we redistribute BGP information in IGP protocol. Next hop attribute can be modified with: neighbor {ip-address peer-group-name} next-hop-self 51

BGP basic configuration - next hop attribute AS 65300 AS 65100 172.16.1.2 172.16.1.1 EBGP 192.168.3.1 IBGP Serial 0 192.168.3.2 1.1.1.0/24 router bgp 65300 neighbor 172.16.1.2 remote-as 65100 neighbor 192.168.3.2 remote-as 65300 no synchronization routing table: dest. next hop 1.1.1.0/24 172.16.1.2 192.168.3.0/24 Serial 0 172.16.1.0/24????? with default next hop attribute value 52

BGP basic configuration - next hop attribute AS 65300 AS 65100 172.16.1.2 172.16.1.1 EBGP 192.168.3.1 IBGP Serial 0 192.168.3.2 1.1.1.0/24 router bgp 65300 neighbor 172.16.1.2 remote-as 65100 neighbor 192.168.3.2 remote-as 65300 neighbor 192.168.3.2 next-hop-self no synchronization routing table: dest. next hop 1.1.1.0/24 192.168.3.1 192.168.3.0/24 Serial 0 with modified next hop attribute value 53

AS_Path Attribute Sequence of AS numbers a route has traversed to reach a destination The AS originating the route adds its own AS number and forwards the update further. Each AS, receiving the update add (prepend) its own AS number at the beginning of the sequence and forwards the update further. At the end, each route will contain the sequence of AS numbers the update message has traversed. The shortest AS path is preferred! To prevent routing loops, if an AS finds itself prior in the AS sequence (which means that update traversed it once) - it will discard the update and stop forwarding it further. When traversing through the same AS (IBGP), AS_Path is left untouched. 54

AS_Path - Example 147.91 /16 Path: 286 AS 27 147.91 /16 Path: 27-286 AS 286 147.91 /16 Path: 286 147.91 /16 Path: 27-3 - 286 147.91 /16 Path: 27-286 AS 5377 147.91 /16 Path: 11-3 - 286 AS 3 AS 11 147.91 /16 Path: 3-286 55

AS_Path Prepending 10.91 /16 200 300 AS 100 AS 200 10.91 /16 300 AS 12 AS 300 10.91 /16 400 300 AS 400 10.91 /16 300 From AS12, there are two paths to AS300. Path 400-300 is better. However, the administrator might want to prefer the other path. There are many ways to do so, of which AS number prepending is the most simple one. 56

AS_Path Prepending 10.91 /16 200 300 AS 100 AS 200 10.91 /16 300 AS 12 10.91 /16 400 300 300 300 300 AS 400 AS 300 10.91 /16 300 300 300 300 When an update wants to leave the AS, AS number is prepended. That number might be prepended multiple times. For example, let s prepend AS300 three times (300 300 300). Now, instead of 400 300, at AS12 we have 400 300 300 300 300. Automatically, the other path (100 200 300) will be shorter. 57

Local Preference Attribute Degree of preference given to a route to compare it with other routes for the same destination. The highest local preference is preferred! This attribute is defined locally in the AS. This attribute is valid for all BGP speakers within the same AS. It is being exchanged normally via IBGP, but not via EBGP. Used to set the exit point from the AS for a certain destination. It affects outgoing traffic from the AS only. Incoming traffic will still have a possibility to reach from an arbitary AS entry/exit point (unless AS path prepending or similar technique is not applied). Cisco Systems have defined a similar attribute, but valid for the local BGP speaker only - not exchanged even with other speakers in the same AS. It s called WEIGHT attribute. 58

A B AS 12 Local preference - Example 10.91 /16 Local pref = 200 10.91/16 10.91/16 10.91 /16 Local pref = 300 ISP A AS 100 ISP B AS 300 N A P AS500 10.91/16 Both AS200 and AS300 offer the route 10.91/16. However, the path to AS300 may be preferred (higher bandwidth). The administrator of the router A sets local_pref 200 for that route. The administrator of the router B sets local_pref 300 for that route. A and B exchange local_pref attributes and agree on preference. Incoming traffic may go via either link - local_pref doesn t have any impact on it! 59

BGP basic configuration - attributes Local preference attribute can be modified through route map with: set local-preference value or with bgp default local-preference value Local preference attribute is part of the routing update and is exchanged among routers in the same AS. 60

BGP basic configuration - local preference attribute AS 6 AS 1 AS 5 1.1.2.1 10.4.4.0/24 1.1.1.1 router bgp 3 neighbor 1.1.2.1 remote-as 6 neighbor 1.1.3.1 remote-as 3 bgp default local-preference 200 1.1.2.2 1.1.3.2 AS 3 1.1.3.1 router# show ip bgp BGP table version 9, local router ID is 1.1.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete 1.1.1.2 router bgp 3 neighbor 1.1.1.1 remote-as 5 neighbor 1.1.3.2 remote-as 3 bgp default local-preference 150 Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 150 5 1 i *> 10.4.4.0/24 1.1.2.1 0 200 6 1 i 61

BGP basic configuration - local preference attribute AS 6 AS 1 AS 5 1.1.2.1 10.4.4.0/24 1.1.1.1 router bgp 3 neighbor 1.1.3.1 remote-as 3 neighbor 1.1.2.1 remote-as 6 neighbor 1.1.2.1 route-map SD in ip as-path 7 permit ^6?[0-9]*$ route-map SD permit 10 match as-path 7 set local-preference 300 route-map SD permit 20 1.1.2.2 1.1.3.2 AS 3 1.1.3.1 1.1.1.2 router# show ip bgp BGP table version 9, local router ID is 1.1.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * 10.4.4.0/24 1.1.1.1 0 100 5 1 i *> 10.4.4.0/24 1.1.2.1 0 300 6 1 62 i

Formati za regular expression Function. Matches any single character. 0.0 matches 0x0 and 020 \ Matches the character following the backslash. Also matches (escapes) special characters. [ ] Matches the characters or a range of characters separated by a hyphen, within left and right square brackets. Examples t..t matches strings such as test, text, and tart 172\.1\.. matches 172.1.10.10 but not 172.12.0.0 \. allows a period to be matched as a period [02468a-z] matches 0, 4, and w, but not 1, 9, or K ^ Matches the character or null string at the beginning of an input string. ^123 matches 1234, but not 01234? Matches zero or one occurrence of the pattern. (Precede the question mark with Ctrl-V sequence to prevent it from being interpreted as a help command.) ba?b matches bb and bab $ Matches the character or null string at the end of an input string. 123$ matches 0123, but not 1234 * Matches zero or more sequences of the character preceding the asterisk. Also acts as a wildcard for matching any number of characters. + Matches one or more sequences of the character preceding the plus sign. () Nest characters for matching. Separate endpoints of a range with a dash [ (-). ] Concatenates constructs. Matches one of the characters or character patterns on either side of the vertical bar. _ Replaces a long regular expression list by matching a comma (,), left brace ({), right brace (}), the beginning of the input string, the end of the input string, or a space. 5* matches any occurrence of the number 5 including none 18\..* matches the characters 18. and any characters that follow 18. 8+ requires there to be at least one number 8 in the string to be matched (17)* matches any number of the two-character string 17 ([A-Za-z][0-9])+ matches one or more instances of letterdigit pairs: b8 and W4, as examples A(B C)D matches ABD and ACD, but not AD, ABCD, ABBD, or ACCD The characters _1300_ can match any of the following strings: ^1300$,1300, ^1300space {1300} space1300 {1300, 63

BGP basic configuration - local-preference attribute AS 65300 AS 65100 172.16.1.2 172.16.1.1 EBGP 192.168.3.1 IBGP Serial 0 192.168.3.2 1.1.1.0/24 router bgp 65300 neighbor 172.16.1.2 remote-as 65100 neighbor 192.168.3.2 remote-as 65300 bgp default local-preference 200 BGP table: dest. local preference 1.1.1.0/24 200 64

Multi-exit Discriminator (MED) Hint to external neighbors about the preferred path into an AS with multiple exit points. The lowest MED is preferred! Exchanged between AS s. Not transitive - once it enters an AS it doesn t get transmitted in the further updates to other neighbors! When the route is originated by the AS itself, MED for it follows its IGP metric, which is useful for multiple connections to the same ISP. At the same time, MED s reflect the internal topology of an AS. Only MED s for paths from the same neighbor AS are compared. This behaviour may be changed by using always-compare-med. 65

A MED=120 AS10 MED - Example MED=50 B AS20 10.91/16 C AS500 D Routers C and D (AS500), as well as router B (AS20) offer the route to 10.91/16. Normally, router A will compare MED s from routers C and D (AS500 only!). The router A will chose MED=120 and, therefore, the route via the router C. If always-compare-med is used, it will also take into account router B MED. In that case the router A will chose MED=50 and, thus, the route via the router B. 66

ORIGIN Attribute Indicates the origin of the routing update, with respect to the AS that originated it. BGP considers three types of origins: IGP - the NLRI at the originating AS is learnt by an IGP and was advertised with a network router configuration command EGP - the NLRI is on the origin learnt by the EGP protocol INCOMPLETE - NLRI is learnt by some other means (e.g. redistribute static) Each type of origin is associated a number: IGP=0, EGP=1, INCOMPLETE=2. The lowest ORIGIN value is preferred! 67

Community Attribute Group of destination, sharing some common property. Communities have no physical boundaries - they are not restricted to a network or an AS! A group of IP networks and/or AS s may form a community, for which separate routing policies may be set. Community is a transitive attributes (passed to other AS s). Well-known communities with global meaning (reserved values); From 0x00000000 to 0x0000FFFF and from 0xFFFF0000 to 0xFFFFFFFF. NO_ADVERTISE (0xFFFFFF02) - route in this community - not to be adv. Usually, first two bytes are AS number and last is community in AS. Example: in AS256, good choice is to use 256:1 (0x01000001) A route may have multiple community attributes. A BGP speaker may follow one, some or all community attributes in the route. 68

Community Attribute - Example AS55 London office Internet ISP ISP AS6505 AS6711 Bahrain office Muscat office Regional multi-homed ISP s (AS6505, AS6711), connect two single-homed branch offices (Bahrain, Muscat). The ISP s announce their routes to their peers, using community attribute: 55:22. London office is multi-homed (AS55) - we may decide to: Use one link for general Internet traffic (but not for traffic to our offices!). Use another link for the traffic to our offices only! Solution: set the router in the London office to: Accept all routes with community set to 55:22 on the interface Serial0. Accept any other route on the interface Serial1. 69

NO_EXPORT Community - Example AS100 10.91.0/24 10.91.1/24 10.91.2/24 10.91.15/24 Bahrain NO_EXPORT Muscat NO_EXPORT AS200 10.91.0/20 N A P A customer AS100 with two offices, connected to a WAN is multi-homed. The customer has two links - each one near one of the offices. Both links are capable of routing the whole traffic, however this is not efficient. On the other hand, if we let Bahrain and Muscat offices to announce all more specific routes, they will be propagated to the NAP. Solution: set NO_EXPORT community to all routes from AS100 to AS200. Advertise only the aggregated route to the NAP. 70

BGP Path Selection Criteria BGP bases its decision on path selection on the attribute values. When multiple routes to a same destination exist, the following sequence of operations is being performed: If the next hop is inaccessible, the route is ignored. Prefer the path with the largest WEIGHT parameter. If the weights are same, prefer the route with the largest local preference. If the local pref s are same, prefer the routes with the shortest AS paths. If AS path length is the same, prefer the route with the loweset ORIGIN. If origins are the same, prefer the route with the lowest MED. If the routes have the same MED, prefer EBGP-learnt over IBGP-learnt. If that fails too, try to find the route with the shortest path to its next hop. If nothing other helps, the router with lower router ID will be preferred! 71

BGP-4 Basic Routing Policies 72

Objectives Redundancy Building stability by providing alternate default routes in the case of link failure. How to do it? Symmetry Configuring routes in such manner that certain traffic enters and exits an AS at the same point. Load balancing Capability to divide traffic optimally over multiple links. Typical scenarios Controlling inbound and outbound traffic when multihoming to single and different ISP s. 73

Redundancy Redundancy - possibility to use a backup link to the global network if the main link fails. Redundancy is one of the major goals of BGP. The most simple technique to achieve redundancy is to introduce multiple default routes inside the AS. Default route - 0.0.0.0 /0 - is the least specific route in the router forwarding table, that is used if more specific route for a destination does not exist (Cisco term: gateway of last resort). Default route can be learnt: Dynamically, via BGP or some IGP. Statically - manually entered by the operator - it can point to a next hop IP address, specific router interface or a remote IP network. 74

Dynamically Learnt Default Routes set local-pref 100 set local-pref 50 IBGP AS1 EBGP EBGP 1.1.1.1 2.2.2.2 Primary AS2 Backup To achieve redundancy, default routes from multiple sources will be received. One route will always be primary, while other will be backup. Using local preference, we can always prefer one route over the other. 75

Statically Set Default Routes AS1 Serial0 Default route pointing to the next hop 1.1.1.1 AS2 24.32.64/18 AS10 10.212/16 AS5 38.2 /16 N A P Default route pointing to a router interface Default route pointing to a remote IP network 76

Usage of Static Default Routes set local-pref 100 set local-pref 50 IBGP AS1 0/0 0/0 38.2 /16 38.2 /16 Primary AS2 Backup The customer sets a separate default route to AS2 on each router. Each static route will point to the remote IP network 38.2 /16. Using local preference, the customer can always prefer one route over the other. 77

following defaults inside an AS Border routers HAVE physical connection. 192.68.11.1 NAP AS 7 192.68.10.2 193.78.0.0/16 192.68.10.1 AS 1 192.68.10.3 172.16.20.1 AS 2 192.68.5.2 X2 172.16.20.2 172.16.1.1 IBGP X1 AS 3 192.68.5.1 172.16.220.1 172.16.70.1 IGP 172.16.70.2 172.16.1.2 RTG IGP 172.16.50.2 172.16.50.1 78

following defaults inside an AS 192.68.10.2 192.68.11.1 NAP AS 7 193.78.0.0/16 192.68.10.1 AS 1 192.68.10.3 172.16.20.1 AS 2 192.68.5.2 X2 172.16.20.2 172.16.1.1 X1 IBGP AS 3 192.68.5.1 172.16.1.2 172.16.220.1 172.16.50.1 172.16.70.1 IGP 172.16.70.2 RTG IGP 172.16.50.2 Routing policies RTG is an interior router in AS3 that is running an OSPF; RTG is following the default route 0/0 to reach networks outside AS3 AS3 is multihomed to two different providers. 79

following defaults inside an AS router ospf 16 passive-interface Serial0 network 172.16.0.0 0.0.255.255 area 0 default-information originate always! router bgp 3 no synchronization network 172.16.1.0 mask 255.255.255.0 network 172.16.70.0 mask 255.255.255.0 network 172.16.220.0 mask 255.255.255.0 neighbor 172.16.20.1 remote-as 1 neighbor 172.16.20.1 filter-list 10 out neighbor 172.16.1.2 remote-as 3 no auto-summary! ip as-path access-list 10 permit ^$ AS 1 192.68.11.1 192.68.10.3 172.16.20.1 NAP AS 7 192.68.10.2 193.78.0.0/16 192.68.10.1 AS 2 192.68.5.2 172.16.20.2 172.16.1.1 172.16.220.1 X2 172.16.70.1 IGP 172.16.70.2 X1 IBGP AS 3 RTG 172.16.1.2 IGP 172.16.50.2 192.68.5.1 172.16.50.1 80

following defaults inside an AS AS 1 X2 192.68.11.1 192.68.10.1 192.68.10.3 172.16.20.1 172.16.20.2 172.16.1.1 IBGP 172.16.220.1 172.16.70.1 IGP 172.16.70.2 192.68.10.2 NAP 193.78.0.0/16 AS 7 X1 AS 3 AS 2 192.68.5.2 192.68.5.1 172.16.1.2 172.16.50.1 RTG IGP 172.16.50.2 router ospf 16 passive-interface Serial0 network 172.16.0.0 0.0.255.255 area 0 default-information originate always! router bgp 3 no synchronization network 172.16.1.0 mask 255.255.255.0 network 172.16.50.0 mask 255.255.255.0 neighbor 172.16.1.1 remote-as 1 neighbor 172.16.1.1 next-hop-self neighbor 172.16.5.2 remote-as 2 neighbor 172.16.5.2 filter-list 10 out no auto-summary! ip as-path access-list 10 permit ^$ router ospf 16 network 172.16.0.0 0.0.255.255 area 0 81

following defaults inside an AS Border routers DON T HAVE physical connection. 192.68.11.1 NAP AS 7 192.68.10.2 193.78.0.0/16 192.68.10.1 AS 1 192.68.10.3 172.16.20.1 AS 2 192.68.5.2 X2 172.16.20.2 IBGP X1 AS 3 192.68.5.1 172.16.220.1 172.16.70.1 IGP 172.16.70.2 RTG IGP 172.16.50.2 172.16.50.1 82

following defaults inside an AS router ospf 16 passive-interface Serial0 network 172.16.0.0 0.0.255.255 area 0 default-information originate route-map send_default! router bgp 3 no synchronization network 172.16.70.0 mask 255.255.255.0 network 172.16.220.0 mask 255.255.255.0 neighbor 172.16.20.1 remote-as 1 neighbor 172.16.20.1 filter-list 10 out neighbor 172.16.50.1 remote-as 3 neighbor 172.16.50.1 route-map setlocalpref in no auto-summary! 192.68.11.1 ip as-path access-list 10 permit ^$! 192.68.10.3 AS 1 access-list 1 permit 0.0.0.0 172.16.20.1 access-list 2 permit 172.16.20.1! route-map setlocalpref permit 10 X2 set local-preference 300 172.16.20.2! route-map send_default permit 10 match ip address 1 172.16.220.1 172.16.70.1 match ip next-hop 2 IGP 172.16.70.2 NAP AS 7 IBGP RTG 192.68.10.2 193.78.0.0/16 192.68.10.1 X1 AS 3 IGP 172.16.50.2 192.68.5.2 192.68.5.1 172.16.50.1 83 AS 2

following defaults inside an AS AS 1 X2 172.16.20.2 172.16.220.1 192.68.11.1 192.68.10.3 172.16.20.1 172.16.70.1 IGP 172.16.70.2 NAP AS 7 IBGP RTG 192.68.10.2 193.78.0.0/16 192.68.10.1 X1 AS 3 IGP 172.16.50.2 192.68.5.2 192.68.5.1 172.16.50.1 AS 2 router ospf 16 passive-interface Serial0 network 172.16.0.0 0.0.255.255 area 0 default-information originate route-map send_default! router bgp 3 no synchronization network 172.16.50.0 mask 255.255.255.0 neighbor 172.16.70.1 remote-as 3 neighbor 172.16.70.1 net-hop-self neighbor 192.68.5.2 remote-as 2 neighbor 192.68.5.2 filter-list 10 out no auto-summary! ip as-path access-list 10 permit ^$! access-list 1 permit 0.0.0.0 access-list 2 permit 192.68.5.2! route-map send_default permit 10 match ip address 1 match ip next-hop 2 router ospf 16 network 172.16.0.0 0.0.255.255 area 0 84

Symmetry Symmetry: traffic leaving the AS from an exit point comes back through the same point. In multi-homed environment symmetry is hardly achievable. In some configurations asymmetry is preferred: Satellite ISP Customer network 85

Load Balancing Capability to divide data traffic over multiple connections. Load balancing does not mean equal distribution of the load. Perfectly equal load distribution is rarely achievable. Load balancing might be done on: Outbound traffic Inbound traffic ISP A ISP A Customer ISP B Customer ISP B ISP C ISP C 86

Outbound Traffic Load Balancing ISP A Customer ISP B ISP C Outbound traffic load balancing mostly depends on what we ll receive from our peers. By applying appropriate attributes and route filters we can the effect of their updates. Outbound traffic will depend on the results of decision-making process of our router. 87

Inbound Traffic Load Balancing ISP A Customer ISP B ISP C Inbound traffic mostly depends on what we ll announce to our peers. What we announce is what traffic we ll get! For example, we may decide to announce 10.1/16 to ISP A, 10.2/16 to ISP B and 10.3/16 to ISP C. Traffic to 10.1/16 will flow from the link to ISP A, traffic to 10.2/16 from ISP B and traffic to 10.3/16 from ISP C. 88

load balancing over multiple links Loopback Interface 0 172.16.50.1 192.168.4.0/24 1.1.1.1 1.1.1.2 1.1.2.1 1.1.2.2 Loopback Interface 0 172.16.1.1 172.16.4.0/24 1.1.3.1 1.1.3.2 AS 65100 AS 65300 We like to load balance over all tree links between AS 65100 and AS 65300 89

load balancing over multiple links 192.168.4.0/24 Loopback Interface 0 172.16.50.1 AS 65100 1.1.1.1 1.1.2.1 1.1.3.1 1.1.1.2 1.1.2.2 1.1.3.2 Loopback Interface 0 172.16.1.1 172.16.4.0/24 AS 65300 interface ethernet 0 ip address 192.168.4.1 255.255.255.0! interface serial 0 ip address 1.1.1.1 255.255.255.0! interface serial 1 ip address 1.1.2.1 255.255.255.0! interface serial 2 ip address 1.1.3.1 255.255.255.0! Interface loopback 0 ip address 172.16.50.1 255.255.255.0! router bgp 65100 network 192.168.4.0 mask 255.255.255.0 neighbor 172.16.1.1 remote-as 65300 neighbor 172.16.1.1 ebgp-multihop neighbor 172.16.1.1 update-source loopback 0 no auto-summary! ip route 172.16.1.1 255.255.255.255 1.1.1.2 3 ip route 172.16.1.1 255.255.255.255 1.1.2.2 3 ip route 172.16.1.1 255.255.255.255 1.1.3.2 3 90

load balancing over multiple links interface ethernet 0 ip address 172.16.4.1 255.255.255.0! interface serial 0 ip address 1.1.1.2 255.255.255.0! interface serial 1 ip address 1.1.2.2 255.255.255.0! interface serial 2 ip address 1.1.3.2 255.255.255.0 Loopback Interface 0 172.16.50.1 192.168.4.0/24! Interface loopback 0 ip address 172.16.1.1 255.255.255.0! router bgp 65100 network 172.16.4.0 mask 255.255.255.0 neighbor 172.16.50.1 remote-as 65300 neighbor 172.16.50.1 ebgp-multihop neighbor 172.16.50.1 update-source loopback 0 no auto-summary! ip route 172.16.50.1 255.255.255.255 1.1.1.1 3 ip route 172.16.50.1 255.255.255.255 1.1.2.1 3 ip route 172.16.50.1 255.255.255.255 1.1.3.1 3 AS 65100 1.1.1.1 1.1.2.1 1.1.3.1 1.1.1.2 1.1.2.2 1.1.3.2 Loopback Interface 0 172.16.1.1 172.16.4.0/24 AS 65300 91

Basic Topology Scenarios Cases: One customer, multihoming to a single ISP. One customer, multihoming to different ISP s. Two customers of the same ISP, with a mutual backup link. Configurations: Minimal configuration - default routes only. Primary/backup configuration. Routing with partial BGP routing table ( customer routes ). Routing with full BGP routing table (cca 480.000 routes!). 92

Customer oubound traffic: The customer sets two separate default routes to AS2 on its router. One default will be preferred, using local preference. One default will be primary, other one backup. Multihoming to a Single ISP Default Only, Primary/Backup A B ISP AS2 Customer AS1 The user may want to apply different MED s when advertising routes. Customer inbound traffic: Customer announces its IP networks to the ISP AS2. If nothing applied by the customer, traffic will flow according to the distance between destination and POP. 93

Multihoming to a Single ISP Default Only, Primary/Backup + Partial Routing Outbound: prefer link via A to reach C1 and C2, link B for others. Inbound: prefer link via A to reach X, Y; link via B to reach Z. Default route: link to the location B is primary, with backup to A. C1 C2 C3 C4 AS2 ISP A B MED X, Y: 200 other: 300 A Local_pref: C1, C2: 300 other: 200 MED Z: 200 other: 250 Local_pref: C3, C4: 300 other: 250 B AS1 X Y Z 94

multihomed to a single provider - default only, one primary and one backup link X2 1.1.2.2 S1 192.168.4.0/24 E0 1.1.2.1 S0 1.1.1.2 S0 172.18.23.0/24 E0 AS 30 192.168.1.1 E0 X1 AS 10 IBGP 192.168.1.4 E0 1.1.1.1 S0 AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP. Outbound traffic from AS30 should always go on the X1 link unless that link fails, in which case it should switch to the other link. Inbound traffic toward AS30 should always come on the X1 link unless that link fails, in which case is should switch to the other link. Prevent any BGP updates from coming into AS3. 95

X2 1.1.2.2 S1 192.168.4.0/24 E0 1.1.1.2 S0 172.18.23.0/24 E0 AS 30 multihomed to a single provider - default only, one primary and one backup link 192.168.1.1 E0 1.1.2.1 S0 X1 AS 10 IBGP 192.168.1.4 E0 1.1.1.1 S0 router bgp 30 network 172.18.23.0 mask 255.255.255.0 neighbor 1.1.2.1 remote-as 10 neighbor 1.1.2.1 route-map BLOCK in neighbor 1.1.2.1 route-map SETMETRIC1 out neighbor 1.1.1.1 remote-as 10 neighbor 1.1.1.1 route-map BLOCK in neighbor 1.1.1.1 route-map SETMETRIC2 out no auto-summary! ip route 0.0.0.0 0.0.0.0 1.1.1.1 40 ip route 0.0.0.0 0.0.0.0 1.1.2.1 60! route-map SETMETRIC1 permit 10 set metric 100! route-map SETMETRIC2 permit 10 set metric 50! route-map BLOCK deny 10 96

X2 1.1.2.2 S1 multihomed to a single provider - default only, one primary and one backup link 192.168.4.0/24 E0 192.168.1.1 E0 1.1.2.1 S0 1.1.1.2 S0 X1 AS 10 IBGP 192.168.1.4 E0 1.1.1.1 S0 router# show ip bgp BGP table version 11, local router ID is 192.168.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete 172.18.23.0/24 E0 AS 30 Network Next Hop Metric LocPrf Weight Path *>i 172.18.23.0/24 192.168.1.4 50 100 0 3 i * 1.1.2.1 100 0 3 i *> 192.168.4.0/24 0.0.0.0 0 32768 i router# show ip route Gateway of last resort is 1.1.1.1 to network 0.0.0.0 1.0.0.0 255.0.0.0 is subnetted, 2 subnets C 1.1.1.0 is directly connected, Serial 0 C 1.1.2.0 is directly connected, Serial 1 C 172.18.23.0 is directly connected, Ethernet0 S* 0.0.0.0 0.0.0.0 [40/0] via 1.1.1.1 97

multihomed to a single provider - default, primary and backup plus partial routing 192.68.40.1 193.78.0.0/16 AS 6 192.68.11.2 192.68.11.1 192.68.6.2 172.16.20.1 AS 1 IBGP 192.68.6.1 NAP 192.68.10.1 192.68.5.2 AS 7 X2 X1 172.16.20.2 S0 172.16.1.1 E1 IBGP 192.68.5.1 172.16.220.1 E0 172.16.2.254 L0 AS 3 172.16.1.2 E1 172.16.65.1 172.16.10.1 98

192.68.40.1 193.78.0.0/16 multihomed to a single provider - default, primary and backup plus partial routing AS 6 192.68.11.2 192.68.11.1 192.68.6.2 172.16.20.1 AS 1 IBGP 192.68.6.1 NAP 192.68.10.1 192.68.5.2 AS 7 X2 X1 172.16.20.2 S0 172.16.220.1 E0 172.16.1.1 E1 172.16.2.254 L0 IBGP 172.16.1.2 E1 172.16.65.1 192.68.5.1 172.16.10.1 AS 3 Routing policies AS3 will only accept AS1 s local routes and its customers routes such as AS6. AS3 will also accept one route from the Internet to set its default toward the provider AS1. For all outbound traffic toward AS1 and AS6 (the partial routes), AS3 should use the X2 link. In case of failure, the other link is used. For all other outbound traffic toward the Internet, AS3 should use the X1 link as the primary link by following a default route. In case of failure, the default via other link should be used. For inbound traffic, AS3 will instruct AS1 to use the X2 link for 172.16.220.0/24. For all other inbound traffic, the X1 link is the primary. 99

AS 6 172.16.20.2 S0 172.16.220.1 E0 192.68.40.1 192.68.11.2 X2 192.68.11.1 192.68.6.2 172.16.20.1 172.16.1.1 E1 172.16.2.254 L0 multihomed to a single provider - default, primary and backup plus partial routing AS 3 AS 1 IBGP IBGP 192.68.6.1 X1 172.16.1.2 E1 172.16.65.1 193.78.0.0/16 NAP 192.68.10.1 192.68.5.2 192.68.5.1 172.16.10.1 AS 7 router bgp 3 no sunchronization network 172.16.1.0 mask 255.255.255.0 network 172.16.10.0 mask 255.255.255.0 network 172.16.65.0 mask 255.255.255.192 network 172.16.220.0 mask 255.255.255.0 neighbor 172.16.1.2 remote-as 3 neighbor 172.16.1.2 update-source loopback0 neighbor 172.16.1.2 next-hop-self neighbor 172.16.20.1 remote-as 1 neighbor 172.16.20.1 route-map SET_OUTBOUND_TRAFFIC in neighbor 172.16.20.1 route-map SET_INBOUND_TRAFFIC out neighbor 172.16.20.1 filter-list 10 out no auto-summary! ip route 0.0.0.0 0.0.0.0 193.78.0.0 ip as-path access-list 10 permit ^$ ip as-path access-list 4 permit ^1 6$ ip as-path access-list 4 permit ^1$ access-list 2 permit 172.16.220.0 0.0.0.255 access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0! route-map SET_OUTBOUND_TRAFFIC permit 10 match ip address 101 set local-preference 200 route-map SET_OUTBOUND_TRAFFIC permit 20 match as-path 4 set local-preference 300! route-map SET_INBOUND_TRAFFIC permit 10 match ip address 2 set local-preference 200 route-map SET_INBOUND_TRAFFIC permit 20 set metric 300 100