BGP and the Internet

Similar documents
BGP Configuration for a Transit ISP

BGP and the Internet

Module 19 Internet Exchange Points

Module 16 An Internet Exchange Point

Service Provider Multihoming

BGP Multihoming Techniques

BGP Multihoming Techniques

IPv6 Module 16 An IPv6 Internet Exchange Point

Service Provider Multihoming

Module 18 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Service Provider Multihoming

BGP and the Internet. Enterprise Multihoming. Enterprise Multihoming. Medium/Large ISP Multihoming. Enterprise Multihoming. Enterprise Multihoming

BGP Techniques for ISP. Terutaka Komorizono

Service Provider Multihoming

Advanced Multihoming. BGP Traffic Engineering

BGP in the Internet Best Current Practices

Module 14 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Introduction to BGP. ISP/IXP Workshops

Module 10 An IPv6 Internet Exchange Point

Network Layer (Routing)

BGP Tutorial Part 3 Multihoming

Introduction to BGP ISP/IXP Workshops

BGP Multihoming Techniques

APNIC elearning: BGP Basics. 30 September :00 PM AEST Brisbane (UTC+10) Revision: 2.0

BGP for Internet Service Providers

Multihoming Techniques. bdnog8 May 4 8, 2018 Jashore, Bangladesh.

BGP Multihoming Techniques

Module 12 Multihoming to the Same ISP

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

All participants will work within their groups in pairs. Each group has three routers and three switches to work with.

BGP Multihoming Techniques

Lab 3 Multihoming to the Same ISP

IPv4/IPv6 BGP Routing Workshop. Organized by:

Multihoming Complex Cases & Caveats

BGP Case Studies. ISP Workshops

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008

Routing Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols

Lab 2 BGP route filtering and advanced features

DE-CIX Academy: BGP - Multihoming

Module 13 Multihoming to Different ISPs

BGP and the Internet

BGP Policy Control. ISP Workshops. Last updated 17 May 2014

2016/01/17 04:05 1/19 Basic BGP Lab

DE-CIX Academy: BGP Introduction. Notice of Liability. BGP Configuration Examples. Network Diagram for all examples. Links and Examples

BGP Attributes and Policy Control

Connecting to a Service Provider Using External BGP

BGP Multihoming Techniques

BGP Attributes and Policy Control

BGP Attributes and Policy Control

BGP for Internet Service Providers

Routing Basics. ISP Workshops. Last updated 10 th December 2015

BGP route filtering and advanced features

BGP Multihoming ISP/IXP Workshops

Using BGP Communities

Monitoring BGP. Configuring the Router

Lab Guide 2 - BGP Configuration

Border Gateway Protocol - BGP

LACNIC XIII. Using BGP for Traffic Engineering in an ISP

Multihoming Case Study

Using BGP Communities

BGP Multihoming Techniques Philip Smith NANOG October 2005 Los Angeles

Simple Multihoming. ISP Workshops. Last updated 9 th December 2015

BGP Attributes and Path Selection

BGP Best Current Practices. ISP/IXP Workshops

BGP Best Current Practices. ISP/IXP Workshops

BGP in the Internet Best Current Practices

Routing Basics. Campus Network Design & Operations Workshop

Introduction to IP Routing. Geoff Huston

BGP Multihoming. ISP/IXP Workshops

BGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India

Recommended IOS Releases. BGP in the Internet. Which IOS? Which IOS? 12.2 IOS release images IOS release images is the old mainline train

BGP and the Internet. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability

BGP Policy Control. ISP Workshops

Module 8 Multihoming Strategies Lab

BGP Multihoming Techniques. Philip Smith APRICOT February 2009 Manila, Philippines

Routing Basics. ISP Workshops

Top-Down Network Design

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

IPv6 Module 6x ibgp and Basic ebgp

CertifyMe. CertifyMe

Introduction to BGP. BGP Basics BGP. Border Gateway Protocol. Path Vector Protocol. Path Vector Protocol INET 2000 NTW

BGP. BGP Overview. BGP Operation. BGP Neighbors

Inter-Domain Routing: BGP

BGP Best Current Practices. Recommended IOS Releases. Which IOS? Which IOS? 12.4 IOS release images IOS release images

MIX Peering LAN connection: Technical Specifications

Simple Multihoming. ISP Workshops. Last updated 25 September 2013

BTnet Resilient Extra White Paper for BT People and Prospective Customers

Unit 3: Dynamic Routing

EE 122: Inter-domain routing Border Gateway Protocol (BGP)

Routing Control at Peering Points. HKNOG 0.1 Raphael Ho

Multihoming with BGP and NAT

I Commands. Send comments to

BGP made easy. John van Oppen Spectrum Networks / AS11404

Network Configuration Example

BGP4 workshop scenario

BGP101. Howard C. Berkowitz. (703)

InterAS Option B. Information About InterAS. InterAS and ASBR

Some Considerations About IXP Customers Connection Models

BGP Tutorial AFNOG2000 Class IP Assignments

Unicast Reverse Path Forwarding Loose Mode

Transcription:

BGP and the Internet Transit and Internet Exchange Points 1

Definitions Transit carrying traffic across a network, usually for a fee traffic and prefixes originating from one AS are carried across an intermediate AS to reach their destination AS Exchange Points common interconnect location where several ASes exchange routing information and traffic 2

Issues Only announce default to your BGP customers unless they need more prefixes Only accept the prefixes which your customer is entitled to originate If your customer hasn t told you he is providing transit, don t accept anything else 3

Issues Many mistakes are made on the Internet today due to incomplete understanding of how to configure BGP for transit 4

Provider Simple Example 5

AS130 and AS100 are stub/customer ASes of AS120 they may have their own peerings with other ASes minimal routing table desired minimum complexity required 6

AS 120 A AS 130 B D AS 100 C AS120 is transit provider between AS130 and AS100 7

Router A Configuration router bgp 130 network 221.10.0.0 mask 255.255.224.0 neighbor 222.222.10.2 remote-as 120 neighbor 222.222.10.2 prefix-list upstream out neighbor 222.222.10.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 221.10.0.0/19 ip route 221.10.0.0 255.255.224.0 null0 8

Router B Configuration router bgp 120 neighbor 222.222.10.1 remote-as 130 neighbor 222.222.10.1 default-originate neighbor 222.222.10.1 prefix-list Customer130 in neighbor 222.222.10.1 prefix-list default out ip prefix-list Customer130 permit 221.10.0.0/19 ip prefix-list default permit 0.0.0.0/0 Router B announces default to Router A, only accepts customer /19 9

Router C Configuration router bgp 120 neighbor 222.222.20.1 remote-as 100 neighbor 222.222.20.1 default-originate neighbor 222.222.20.1 prefix-list Customer100 in neighbor 222.222.20.1 prefix-list default out ip prefix-list Customer100 permit 219.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 Router C announces default to Router D, only accepts customer /19 10

Router D Configuration router bgp 100 network 219.0.0.0 mask 255.255.224.0 neighbor 222.222.20.2 remote-as 120 neighbor 222.222.20.2 prefix-list upstream out neighbor 222.222.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 219.0.0.0/19 ip route 219.0.0.0 255.255.224.0 null0 11

This is simple case: if AS130 or AS100 get another address block, it requires AS120 and their own filters to be changed some ISP transit provider are better skilled at doing this than others May not scale if they are frequently adding new prefixes 12

Provider More complex Example 1 13

AS130 and AS100 are stub/customer ASes of AS120 AS120 provides transit between AS130 and AS100 only AS120 does not provide Internet connectivity to AS130 14

AS 120 A AS 130 B D AS 100 C AS120 is transit provider between AS130 and AS100 15

Router A Configuration router bgp 130 network 221.10.0.0 mask 255.255.224.0 neighbor 222.222.10.2 remote-as 120 neighbor 222.222.10.2 prefix-list upstream out neighbor 222.222.10.2 prefix-list rfc1918-dsua in ip prefix-list upstream permit 221.10.0.0/19 ip route 221.10.0.0 255.255.224.0 null0 16

Router B Configuration router bgp 120 neighbor 222.222.10.1 remote-as 130 neighbor 222.222.10.1 prefix-list Customer130 in neighbor 222.222.10.1 prefix-list rfc1918-sua out neighbor 222.222.10.1 filter-list 15 out ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$ ip prefix-list Customer130 permit 221.10.0.0/19 Router B announces AS120 and AS100 prefixes to Router A, only accepts customer /19 17

Router C Configuration router bgp 120 neighbor 222.222.20.1 remote-as 100 neighbor 222.222.20.1 default-originate neighbor 222.222.20.1 prefix-list Customer100 in neighbor 222.222.20.1 prefix-list default out ip prefix-list Customer100 permit 219.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 Router C announces default to Router D, only accepts customer /19 18

Router D Configuration router bgp 100 network 219.0.0.0 mask 255.255.224.0 neighbor 222.222.20.2 remote-as 120 neighbor 222.222.20.2 prefix-list upstream out neighbor 222.222.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 219.0.0.0/19 ip route 219.0.0.0 255.255.224.0 null0 19

AS130 only hears AS120 and AS100 prefixes inbound AS path filter on Router A is optional, but good practice (never trust a peer) inbound Martian prefix-list filters are mandatory on all Internet peerings 20

Provider More complex Example 2 21

AS130 and AS100 are stub/customer ASes of AS120 AS130 has many customers with their own ASes AS105 doesn t get announced to AS120 AS120 provides transit between AS130 and AS100 22

AS 120 A AS 130 B AS 105 AS 104 D AS 100 C AS 101 AS 102 AS 103 AS130 has several customer ASes connecting to its backbone 23

Router A Configuration router bgp 130 network 221.10.0.0 mask 255.255.224.0 neighbor 222.222.10.2 remote-as 120 neighbor 222.222.10.2 prefix-list upstream-out out neighbor 222.222.10.2 filter-list 5 out neighbor 222.222.10.2 prefix-list upstream-in in ip route 221.10.0.0 255.255.224.0 null0 250..next slide 24

As-path filters.. ip as-path access-list 5 permit ^$ ip as-path access-list 5 permit ^(101_)+$ ip as-path access-list 5 permit ^102$ ip as-path access-list 5 permit ^103$ ip as-path access-list 5 permit ^104$ ip as-path access-list 5 deny ^105_..next slide 25

Outbound Martian prefixes to be blocked to ebgp peers ip prefix-list upstream-out deny 0.0.0.0/8 le 32 ip prefix-list upstream-out deny 10.0.0.0/8 le 32 ip prefix-list upstream-out deny 127.0.0.0/8 le 32 ip prefix-list upstream-out deny 169.254.0.0/16 le 32 ip prefix-list upstream-out deny 172.16.0.0/12 le 32 ip prefix-list upstream-out deny 192.0.2.0/24 le 32 ip prefix-list upstream-out deny 192.168.0.0/16 le 32 ip prefix-list upstream-out deny 224.0.0.0/3 le 32 ip prefix-list upstream-out deny 0.0.0.0/0 ge 25 Extra prefixes ip prefix-list upstream-out deny 221.10.0.0/19 ge 20 ip prefix-list upstream-out permit 0.0.0.0/0 le 32..next slide 26

Inbound Martian prefixes to be blocked from ebgp peers ip prefix-list upstream-in deny 0.0.0.0/8 le 32 ip prefix-list upstream-in deny 10.0.0.0/8 le 32 ip prefix-list upstream-in deny 127.0.0.0/8 le 32 ip prefix-list upstream-in deny 169.254.0.0/16 le 32 ip prefix-list upstream-in deny 172.16.0.0/12 le 32 ip prefix-list upstream-in deny 192.0.2.0/24 le 32 ip prefix-list upstream-in deny 192.168.0.0/16 le 32 ip prefix-list upstream-in deny 224.0.0.0/3 le 32 ip prefix-list upstream-in deny 0.0.0.0/0 ge 25 Extra prefixes ip prefix-list upstream-in deny 221.10.0.0/19 le 32 ip prefix-list upstream-in permit 0.0.0.0/0 le 32 27

Router B Configuration router bgp 120 neighbor 222.222.10.1 remote-as 130 neighbor 222.222.10.1 prefix-list rfc1918-sua in neighbor 222.222.10.1 prefix-list rfc1918-sua out neighbor 222.222.10.1 filter-list 10 in neighbor 222.222.10.1 filter-list 15 out ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$ Router B announces AS120 and AS100 prefixes to Router A, and accepts all AS130 customer ASes 28

Router C Configuration router bgp 120 neighbor 222.222.20.1 remote-as 100 neighbor 222.222.20.1 default-originate neighbor 222.222.20.1 prefix-list Customer100 in neighbor 222.222.20.1 prefix-list default out ip prefix-list Customer100 permit 219.0.0.0/19 ip prefix-list default permit 0.0.0.0/0 Router C announces default to Router D, only accepts customer /19 29

Router D Configuration router bgp 100 network 219.0.0.0 mask 255.255.224.0 neighbor 222.222.20.2 remote-as 120 neighbor 222.222.20.2 prefix-list upstream out neighbor 222.222.20.2 prefix-list default in ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 219.0.0.0/19 ip route 219.0.0.0 255.255.224.0 null0 30

AS130 only hears AS120 and AS100 prefixes inbound AS path filter on Router A is optional, but good practice (never trust a peer) Special Use Address prefix-list filters are required on all Internet peerings 31

Provider More complex Example 3 32

AS130 and AS100 are stub/customer ASes of AS120 AS130 has many customers with their own ASes AS105 doesn t get announced to AS120 AS120 provides transit between AS130 and AS100 Same example as previously but using communities 33

AS 120 B A AS 130 E AS 105 AS 104 D AS 100 C AS 101 AS 102 AS 103 AS130 has several customer ASes connecting to its backbone 34

Router A configuration is greatly simplified all prefixes to be announced to upstream are marked with community 130:5100 route-map on outbound peering implements community policy Martian prefix-lists still required 35

Router A Configuration router bgp 130 network 221.10.0.0 mask 255.255.224.0 route-map setcomm neighbor 222.222.10.2 remote-as 120 neighbor 222.222.10.2 prefix-list upstream-out out neighbor 222.222.10.2 route-map to-as120 out neighbor 222.222.10.2 prefix-list upstream-in in ip route 221.10.0.0 255.255.224.0 null0 250..next slide 36

ip community-list 5 permit 130:5100 Set community on local prefixes route-map setcomm permit 10 set community 130:5100 route-map to-as120 permit 10 match community 5 upstream-in and upstream-out prefix-lists are the same as in the previous example 37

Router E Configuration router bgp 130 neighbor x.x.x.x remote-as 101 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer101 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out neighbor x.x.x.x remote-as 102 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer102 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out..next slide 38

neighbor s.s.s.s remote-as 105 neighbor s.s.s.s default-originate neighbor s.s.s.s prefix-list customer105 in neighbor s.s.s.s route-map no-transit in neighbor s.s.s.s prefix-list default out Set community on ebgp customers announced to AS120 route-map bgp-cust-in permit 10 set community 130:5100 route-map no-transit permit 10 set community 130:5199 Notice that AS105 peering has no route-map to set the community policy 39

AS130 only announces the community 130:5100 to AS120 Notice how Router E tags the prefixes to be announced to AS120 with community 130:5100 More efficient to manage than using filter lists 40

Exchange Points Simple Example 41

Exchange Point Example Exchange point with 6 ASes present Layer 2 ethernet switch Each ISP peers with the other NO transit across the IXP allowed 42

Exchange Point AS100 A F AS150 AS110 B E AS140 AS120 C D AS130 each of these represents a border router in a different autonomous system 43

Exchange Point Router A configuration interface fastethernet 0/0 description Exchange Point LAN ip address 220.5.10.2 mask 255.255.255.224 ip verify unicast reverse-path no ip directed-broadcast no ip proxy-arp no ip redirects router bgp 100 network 221.10.0.0 mask 255.255.224.0 neighbor ixp-peers peer-group neighbor ixp-peers soft-reconfiguration in neighbor ixp-peers prefix-list myprefixes out..next slide 44

Exchange Point neighbor 220.5.10.2 remote-as 110 neighbor 222.5.10.2 peer-group ixp-peers neighbor 222.5.10.2 prefix-list peer110 in neighbor 220.5.10.3 remote-as 120 neighbor 222.5.10.3 peer-group ixp-peers neighbor 222.5.10.3 prefix-list peer120 in neighbor 220.5.10.4 remote-as 130 neighbor 222.5.10.4 peer-group ixp-peers neighbor 222.5.10.4 prefix-list peer130 in neighbor 220.5.10.5 remote-as 140 neighbor 222.5.10.5 peer-group ixp-peers neighbor 222.5.10.5 prefix-list peer140 in neighbor 220.5.10.6 remote-as 150 neighbor 222.5.10.6 peer-group ixp-peers neighbor 222.5.10.6 prefix-list peer150 in 45

Exchange Point ip route 221.10.0.0 255.255.224.0 null0 ip prefix-list myprefixes permit 221.10.0.0/19 ip prefix-list peer110 permit 222.0.0.0/19 ip prefix-list peer120 permit 222.30.0.0/19 ip prefix-list peer130 permit 222.12.0.0/19 ip prefix-list peer140 permit 222.18.128.0/19 ip prefix-list peer150 permit 222.1.32.0/19 46

Exchange Point Configuration of the other routers in the AS is similar in concept Notice inbound and outbound prefix filters outbound announces myprefixes only inbound accepts peer prefixes only 47

Exchange Point Ethernet port configuration use ip verify unicast reverse-path helps prevent stealing of bandwidth IXP border router must NOT carry prefixes with origin outside local AS and IXP participant ASes helps prevent stealing of bandwidth 48

Exchange Point Issues: AS100 needs to know all the prefixes its peers are announcing New prefixes requires the prefix-lists to be updated Alternative solutions Use the Internet Routing Registry to build prefix list Use AS Path filters (could be risky) 49

Exchange Points More Complex Example 50

Exchange Point Example Exchange point with 6 ASes present Layer 2 ethernet switch Each ISP peers with the other NO transit across the IXP allowed ISPs at exchange points provide transit to their customers 51

Exchange Point AS200 AS201 AS100 A F AS150 AS110 B E AS140 AS120 C D AS130 each of these represents a border router in a different autonomous system 52

Exchange Point Router A configuration interface fastethernet 0/0 description Exchange Point LAN ip address 220.5.10.2 mask 255.255.255.224 ip verify unicast reverse-path no ip directed-broadcast no ip proxy-arp no ip redirects router bgp 100 network 221.10.0.0 mask 255.255.224.0 neighbor ixp-peers peer-group neighbor ixp-peers soft-reconfiguration in neighbor ixp-peers prefix-list rfc1918-sua out neighbor ixp-peers filter-list 10 out..next slide 53

Exchange Point neighbor 220.5.10.2 remote-as 110 neighbor 222.5.10.2 peer-group ixp-peers neighbor 222.5.10.2 prefix-list peer110 in neighbor 220.5.10.3 remote-as 120 neighbor 222.5.10.3 peer-group ixp-peers neighbor 222.5.10.3 prefix-list peer120 in neighbor 220.5.10.4 remote-as 130 neighbor 222.5.10.4 peer-group ixp-peers neighbor 222.5.10.4 prefix-list peer130 in neighbor 220.5.10.5 remote-as 140 neighbor 222.5.10.5 peer-group ixp-peers neighbor 222.5.10.5 prefix-list peer140 in neighbor 220.5.10.6 remote-as 150 neighbor 222.5.10.6 peer-group ixp-peers neighbor 222.5.10.6 prefix-list peer150 in 54

Exchange Point ip route 221.10.0.0 255.255.224.0 null0 ip as-path access-list 10 permit ^$ ip as-path access-list 10 permit ^200$ ip as-path access-list 10 permit ^201$ ip prefix-list myprefixes permit 221.10.0.0/19 ip prefix-list peer110 permit 222.0.0.0/19 ip prefix-list peer120 permit 222.30.0.0/19 ip prefix-list peer130 permit 222.12.0.0/19 ip prefix-list peer140 permit 222.18.128.0/19 ip prefix-list peer150 permit 222.1.32.0/19 55

Exchange Point Notice the change in router A s configuration filter-list instead of prefix-list permits local and customer ASes out to exchange prefix-list blocks Special Use Address prefixes rest get out, could be risky Other issues as previously 56

BGP and the Internet Transit and Internet Exchange Points 57

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback