1、Intro to BGP All-Day Tutorial,Avi Freedman ,Index,Internet Connectivity Overview Multihoming Concepts Multihoming Without BGP Multihoming - Address Space Complications,Index,Basic BGP - The BGP Route Basic BGP - Inserting Routes into BGP Basic BGP - Advertising Routes Basic BGP - Other BGP Route Att
2、ributes Basic BGP - Selecting Routes,Index,Multihoming with BGP - an Introduction Interlude - Hardware for BGP Multihoming with BGP with a Cheap Router Multihoming with BGP - Taking Just Customer Routes Multihoming with BGP - Taking Full Routes Default Routing in BGP,Internet Connectivity Overview,H
3、aving Internet Connectivity,To have complete Internet connectivity you must be able to reach all destinations on the net. Your packets have to get delivered to every destination. This is easy (default routes). Packets from everywhere else have to “find you”. This is done by having your ISP(s) advert
4、ise routes for you.,Multihoming Without BGP,Multihoming Without BGP,To get Internet connectivity, you can just default route your traffic to your upstream providers. To get traffic back from the Internet, you need to have your providers tell all of the rest of the Internet “where you are”.,BGP Route
5、 Advertisement (1),Think of a BGP route as a “promise”. If I advertise 207.8.128.0/17, I promise that if you deliver traffic to me for anywhere in 207.8.128.0/17, I know how to deliver it at least as well as anyone else. If my customer has 207.8.140.0/24, I generally will not announce that route sep
6、arately since it is covered by my 207.8.128.0/17 aggregate route.,BGP Route Advertisement (2),By making sure these routes, or “promises”, are heard by ALL providers on the net, your provider ensures a return path for all of your packets. Remember, sending packets OUT is easier than getting them back
7、. Also, remember - sending routes OUT causes IP traffic to come IN.,BGP Route Advertisement (3),But the most specific route wins, so if one of my customers ISPs is advertising 207.8.240.0/24, all incoming traffic from other networks will start flowing in that pipe. So I must “punch a hole” in my agg
8、regate announcement and advertise 207.8.128.0/17 and 207.8.240.0/24.,BGP Route Advertisement (4),The complete set of routes advertised by all BGP speakers on the net is about 55,000 routes as of 10/98. If your route is missing in the “view” of any major provider, you will not have connectivity to th
9、em.,Multihoming Without BGP - How it Works,Customer Side - Outbound,All you need to do is to put in static default route(s). To prefer two upstreams equally: ip route 0.0.0.0 0.0.0.0 s4/0 ip route 0.0.0.0 0.0.0.0 s4/1 To use one link as a backup only for outbound packtes: ip route 0.0.0.0 0.0.0.0 s4
10、/0 ip route 0.0.0.0 0.0.0.0 s4/1 10 why? S4/1 could be a 56k or backup link,Cisco Load Balancing,The way Ciscos (except for big new ones running “CEF”) work if there are two “equal-cost” routes to the same place is - Option 1 - Round-robin the packets without “route caching”. This goes through the s
11、lowest sections of the routers OS. Bad. Also, if you are connected to different ISPs, packets can arrive out of order, etc Option 2 - Use route caching (default). Traffic to the same dest IP will always use the same interface, until the cache entry expires.,Customer Side - Inbound,Just tell your ISP
12、 what address space you are bringing, if any. Your ISP may allocate you space out of their larger address blocks. If so, they need to announce your space “more specifically”. But you do no work other than tell your ISP what to do.,Provider Side (1),If both providers dont advertise your routes with t
13、he same specificity, you might have - netaxs saying “4969 sez 207.8.128.0/17” uunet saying “701 sez 207.8.195.0/24” Bad, because almost all traffic on the net will come into you via UUNET. note - talk about address filters,Provider Side (2),What you need is - netaxs saying “4969 sez 207.8.128.0/17”
14、netaxs saying “4969 sez 207.8.195.0/24” uunet saying “701 sez 207.8.195.0/24” Good, because - 1) Because the two 207.8.195.0/24 routes are of the same specificity, providers CAN choose btwn netaxs and uunet to get to you; and 2) For some people who dont listen to /24s and such in new address space,
15、they still have the 207.8.128.0/17 route to use to get to you.,Address Space Complications,So, in the case of - netaxs saying “4969 sez 207.8.128.0/17” netaxs saying “4969 sez 207.8.195.0/24” uunet saying “701 sez 207.8.195.0/24” “Some people wont listen to the /24, so what happens if my netaxs conn
16、ection goes down?” Not a problem! Because netaxs will hear the UUNET /24. Sprint send traffic to netaxs; netaxs to uunet; and uunet to you.,Disadvantages of not using BGP,You gain a bit more control of your destiny when you speak BGP yourself. You can break up your routes in an emergency, or to tune
17、 traffic. You can “pad” your announcements to de-prefer one or more upstreams. Also, you lose the ability to fine-tune outbound traffic flow to the “best” upstream.,Why BGP?,BGP is a multi-vendor “open” protocol with multiple implementations, all mostly interoperable. It is the only actively used EG
18、P on the Internet. The main design feature of BGP was to allow ISPs to richly express their routing policy, both in selecting outbound paths and in announcing internal routes. Keep this in mind as we progress.,What is BGP?,BGP is (1),An Exterior Gateway Protocol (EGP), used to propagate tens or hund
19、reds of thousands of routes between networks (ASs).The only protocol used to do this on the Internet today.,BGP is (2),The Border Gateway Protocol, currently Version 4 - defined in RFC 1771, and extended (with additional optional attributes) in other RFCs. A “distance-vector” routing protocol, runni
20、ng over TCP port 179. Supports modern “classless” routing. BGP3, RIPv1, and some others do NOT.,Purpose of BGP,Purpose of BGP,To allow networks to tell other networks about routes (parts of the IP address space) that they are “responsible” for. Using “route advertisements”, or “promises” - also call
21、ed “NLRI” or “network-layer reachability information”. Networks are “Autonomous Systems”. Identified in BGP by a number, called the ASN (“Autonomous System Number”),Basic BGP Concepts,Basic BGP Concepts (1),BGP exchanges routes between ASs. When routes are exchanged, ASNs are stamped on the routes *
22、on the way out* - adding one “AS hop” per network traversed. (0-65535) No concept of pipe size, internal router hop-count, congestion - in some sense BGP treats all ASs the same. ASs allow administrative debugging, “policy” routing, and *loop detection*.,BGP AND ASNs,AS 4969,AS 5000,AS 6461,AS 701,A
23、S 12001,Basic BGP Concepts (2),Routes are exchanged over “peering sessions”, which run on top of TCP. Keepalives are used to avoid needed to re-send the whole table periodically. The routes are “objects”, or “bags” of “attributes” - really mini-databases. BGP is actually two protocols - iBGP, design
24、ed for internal routing, and eBGP, designed for external routing.,Basic BGP Concepts (3),There is only one “best” BGP route for any given IP block at one time. This “best” BGP route is not always the route that gets “installed” into the routers RIB/FIB. Once a session comes up, all best-routes are e
25、xchanged. Then over time, just “topology updates” are exchanged. You can ONLY exchange “best” routes.,Basic BGP Concepts (4),Policy The Internet was a strange place before the modern commercial Internet evolved in 1992-1993. Some networks had policies about what kind of traffic they would carry. BGP
26、 was designed to allow network operators to make routing decisions based on whatever “policy” they wanted (or HAD) to use.,CISCO DIAGRAM - RIB FIB ETC,Basic BGP Concepts - The BGP Route and Route Attributes,The BGP Route,A BGP “route” is a “bag” of objects, or “attributes”. The “prefix” is the secti
27、on of address space being advertised. A prefix consists of: A starting point (i.e. 207.8.128.0) A netmask (i.e. /24, aka 255.255.255.0),What Is an Attribute?,A BGP message consists of a prefix and information about that prefix (i.e., local-pref, med, next-hop, originator, etc.). Each piece of inform
28、ation is encoded as an attribute in a TLV (type-length-value) format. The attribute length is 4 bytes long, and new attributes can be added by simply appending a new attribute. Attributes can be transitive or non-transitive, some are mandatory.,Next Hop,AS Path,.,.,MED,.,Next Hop Attribute,Next-hop
29、IP address to reach a network. Router A will advertise 198.3.97.0/24 to router B with a next-hop of 207.240.24.202. With IBGP, the next-hop does not change. IGPs should carry route to next-hops, using intelligent forwarding decision.,AS 6201,AS 3847,198.3.97.0/24,A,B,207.240.24.200/30,.201,A,B,.202,
30、C,Next Hop Self,AS701,AS3561,AS3847,A,B,C,D,AS1,198.32.184.19,198.32.184.116,198.32.184.42,198.32.184.56,Sequence of AS(s) a route has traversed. Provides a mechanism for loop detection. Policies may be applied based on AS path. Local AS added only when send to external peer. Shortest AS path prefer
31、red,AS Path Attribute (1),AS3847 207.240.0.0/16,AS1673 140.222.0.0/16,AS701 192.67.95.0/24,AS3561 204.70.0.0/15,192.67.95.0/24 3847 701 i 140.222.0.0 3847 1673 i 204.70.0.0/15 3847 3561 i 207.240.0.0/16 3847 i,AS6201,E,C,F,G,D,B,A,Sprint is 1239; UUNET is 701; Net Access is 4969. When pattern-matchi
32、ng, or regexping, AS_PATHS, means “match beginning”, and $ means “match end”. The null AS-Path is $ - if the AS-Path is null, the BGP route originated inside the same AS.,AS Path Attribute (2),1239 4969$ is how a Sprint customer would see a Net Access route. 1239 4969 11023$ is how a Sprint customer
33、 would see a Net Access BGP customers route. 4969 11023$ is how Sprint itself sees that same route.,AS Path Attribute (3),Indication to external peers of the preferred path into an AS. Affects routes with same AS path. Advertised to external neighbors Usually based on IGP metric Lowest MED preferred
34、,Multi-Exit Discriminator (MED),MED Attribute (2),The MED (multi-exit discriminator) is a commonly used attribute. It comes after the AS_PATH in evaluation, and thus isnt quite as much of a “hammer” as local-pref. Commonly, MED is used to tack a distance on BGP routes as they move within your networ
35、k. NSPs advertise MEDs to each other to let it be known which POP the route is “closest” to.,Applies on a AS path basis Current aggregation schemes significantly lessen value.,MED Attribute (3),+40,+20,+5,Origin Attribute,One of the mandatory, but minor, attributes of a BGP route is the origin. It i
36、s one of (in order of preference): IGP (i) (from a network statement) EGP (e) (from an external peer) Unknown (?) (from IGP redistribution) It can be re-set, but that is not often done. It is almost-last in the selection algorithm.,Weight Attribute,Cisco proprietary, not part of any spec. Local to r
37、outer. Value 0-65535 (default if originated by router - 32768, other - 0)Highest weight preferred,Weight Attribute (ctd),Weight is rarely used. It overrides almost all other attributes in the decision path, and is local to a specific router - it is never sent to other routers, even ones inside your
38、ASN. Usually used for temporary “I-dont-have-time-to-think-about-it” fixes.,Local Preference Attribute,Local to AS Used to influence BGP path selection Default 100 Highest local-pref preferred,AS 6201,208.1.1.0/24,A,B,208.1.1.0/24 100 Preferred by all AS3847 routers,208.1.1.0/24 80,AS 3847,G,F,E,C,D
39、,Local-Pref Attribute (2),An often-used attribute, local-pref (normally 100) overrides AS_PATH, and is transitive throughout your network. It is never advertised to an eBGP peer. For example, you can express the policy “prefer private interconnects” by making the local_pref be 150 and leaving all ot
40、her peers at 100. Best used as an intermediate-level knob.,iBGP vs. eBGP,iBGP vs. eBGP,BGP is very strange. It is promiscuous with external routes, making it very easy for you to become “MAE-Clueless”, yet it makes it very hard to advertise routes thoroughly inside your network. iBGP sessions are es
41、tablished when peering with the same AS; eBGP otherwise. Same protocols; different route install rules. YOU MUST STRONGLY FILTER ALL eBGP SESSIONS!,iBGP,AS 3847,When BGP speakers in the same AS form a BGP connection for the purpose of exchanging routing information, they are said to be running IBGP
42、or internal BGP.IBGP speakers are usually fully-meshed.,B,A,c,eBGP (1),AS 3561,AS 3847,When BGP speakers in different ASs form a BGP connection for the purpose of exchanging routing information, they are said to be running EBGP or external BGP. EBGP peers are usually directly connected.,B,A,eBGP (2)
43、,AS 2033,AS 4200,AS 7007,AS 2041,iBGP and eBGP Diagram,AS 7007,XP,AS 1239,AS 6079,AS 701,AS 4006,eBGP Rules,By default, only talks to directly-connected router. Sends the one best BGP route for each destination. Sends all of the important “attributes”; omits the “local preference” attribute. Adds (p
44、repends) the speakers ASN to the “as-path” attribute. Usually rewrites the “next-hop” attribute.,iBGP Rules,Can talk to routers many hops away by default. Can only send routes it “injects”, or routes heard DIRECTLY from an external peer. Thus, requires a FULL mesh. Sends all attributes. Leaves the a
45、s-path attribute alone. Doesnt touch the “next hop” attribute.,Logical view of 16 routers, fully meshed,iBGP Restriction (1),Assume AS1239 sends route 10.0.0.0/8 to AS2828. Router A will send that route to Routers B and C.,AS 2828,AS 1239,A,B,C,iBGP Restriction (2),When Router B receives 10.0.0.0/8,
46、 it will not propagate that route to Router C because it was learned from an iBGP neighbor. Router C will behave similarly.,AS 2828,AS 1239,A,B,C,iBGP and next-hop (1),Furthermore, the Next Hop for 10.0.0.0/8 will be the serial interface on the AS1239 router, even in Router Bs and Router Cs forwardi
47、ng table.,AS 2828,AS 1239,A,B,C,iBGP and next-hop (2),With iBGP, next-hop is not a router directly connected. So a “recursive lookup” is needed. After the next-hop is found, a second lookup is made to figure out how to send the packet “in the direction” of the next-hop.,Basic BGP Concepts Inserting
48、Routes into BGP,Inserting Routes into BGP (1),How do routes get into BGP? They have to come from somewhere. You have to insert routes into BGP, and someone had to insert external routes that you get into BGP somewhere else in the first place. Two main ways: network statements (like static BGP routes
49、) redistributing from OSPF, static, etc.,Inserting Routes into BGP (2),network statements “network x.y.z.q mask a.b.c.d” MUST have an EXACTLY-matching IGP route - specificity must be an exact match Doesnt scale beyond 200 or so network statements per routers; not a problem, though. Makes scaling easier when you have to support multi-homed customers,
