Sunday, July 10, 2011

My Note (BGP)

BGP synchronisation rule is
R1(As-100)-------R2(AS-200)----------R3(AS-200)-------R4(AS-300)
R3 is also connected to R10 (As-200)

R1 lo 0 - 1.1.1.1/24 & this is advertised in the BGP network command.
Since R1 and R2 are eBGP neighbors R1 will send this route to R2.
R2 recieves this route and puts it in his BGP table(sh ip bgp) as well as routing table(sh ip route).
R2 & R3 are iBGP peers
R3 has synchronisation ON .
Now R2 sends the route (1.1.1.0/24) to R3.
R3 will not use the route i.e R3 will keep 1.1.1.0/24 in its bgp table BUT will not give it '>' best path which means that 1.1.1.0/24 will not be kept in the routing table of R3.

So now to the definition of SYNCHRONISATION.
A route learnt via an iBGP peer will not be forwarded to an eBGP peer and NOT put into the routing table(i.e the route will not be used) until and unless the same route has been learnt via an IGP(e.g OSPF,RIP etc..)
This is when Synchronisation is ON.

If Synchronisation is OFF i.e
R3 #router bgp 200
no sync

Then R3 will put 1.1.1.0/24 in its BGP table giving it '>' best path which means this route will also go to the routing table.SPLIT-HORIZON rule in IGP and BGP

In BGP the split horizon rule is different.
It means routes learnt via an iBGP peer will not be sent to another iBGP peer
eg
R1(As-100)------------R2(AS-100)-------------R3(As-100)
R1 - R2 --------> iBGP
R2 - R3 ---------->iBGP

Routes which R2 learn from R1 will not be sent to R3. It is R1's job to send routes to R3.
This s how split horizon in BGP works.

In IGP (RIP,EIGRP). Ospf doesn't support Split horizon

definition is 'What routes i receive in interface1, I will not send the same routes back in interface1, but i can send it in any other interface.
-----------------------------------------------------------------------
ebgp-multihop: In EBGP, neighbor relationships are only formed if we have directly connected networks. We would require to use ebgp-multihop keyword with neighbor statement so that neighbors which are not directly connected can form relationship with each other. We need to specify a number with ebgp-multihop keyword, number can be between 1-255. This number represents how many hop counts is the router away.

The disable-connect-check command is used when you want to establish peering of directly connect routers using the loopback interface (using the loopback as the BGP source is configured with neighbor update-source).

update-source: We need to specify the interface which will be used to update neighbor table incase routers are not directly connected. Without update-source we will not be able to form BGP neighbor relationships. update-source keyword will update the interface which will be used to form neighbor relationship.



next-hop-self: When ebgp relation replicates , next hop always changes. IBGP routers only connected with other ibgp routers in same AS will not be able to talk with routers outside the AS, if they are not directly connected with each other. We would require a next-hop-self keyword in the ibgp router which is directly connected with ebgp neighbor so that other router in same AS (IBGP) can talk with ebgp routers.


-----------------------------------------------------------------------

Influencing Route Selection

BGP uses different attribute to implement these polices in route selection process between different autonomous systems. There are some main attributes that BGP uses in route selection process.

  • Weight
  • Local preference
  • Multi-exit Discriminator or MED
  • Origin
  • AS_Path
  • Next Hop
  • Community

Weight
Higher weights are preferred. Weight attributes basically a cisco proprietary technology, the default value is 32768 for locally originating network and default value of the weight is 0 for all other network.
Local Preference
Highest value is preferred than lower local preference number.
Default local preference is 100.
MED
Lower value is preferred over a higher metric value. Default value is 0.
-----------------------------------------------------------------------
BGP Link Bandwidth (dmzlink-bw command)
Bgp link bandwidth feature is used to advertise the bandwidth of an AS exit link as an extended community.
This feature is configured for links between directly connected ebgp neighbors.
The link bandwidth extended community attribute is propagated to iBGP peers when extended community exchange is enabled.
This feature is used with multipath features to configure load balancing over links with unequal bandwidth.
Example link: http://www.tcytech.com/forums/showthread.php?t=295
Example link: http://hackingcisco.blogspot.com/2011/04/lab-102-bgp-path-selection-using.html
-----------------------------------------------------------------------
bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system.
bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems.
The bgp always-compare-med command is useful when multiple service providers or enterprises agree on a uniform policy for setting MED. Thus, for network X, if Internet Service Provider A (ISP A) sets the MED to 10, and ISP B sets the MED to 20, both ISPs agree that ISP A has the better performing path to X.
-----------------------------------------------------------------------
BGP Backdoor

BGP Backdoor option is assigned to the network that is ADVERTISED to you, therefore, you should reference the network that is advertised to you and NOT the network that your local router is advertising.
# network 150.1.1.0 mask 255.255.255.0  <--local advertising="" font="" is="" router="">
# network 150.1.2.0 mask 255.255.255.0 backdoor <--neighbor advertised="" br="" router="" to="" you="">
-----------------------------------------------------------------------
BGP Conditional Advertisement 

To implement conditional advertisement of selected prefixs, the following must be used:
- Advertise-map
- Non-exist-map
- Exist-map
# neighbor 10.1.13.3 advertise-map ADV non-exist-map NOT_THERE
-----------------------------------------------------------------------
BGP well known Communities 
-Internet - If assigned to a network/s, that network/s should be advertised.

-Local-as - If assigned to a network/s, that network/s should ONLY be advertised within that AS. Even though it may look like it is doing the same thing as the "No-export" community, they are different, and the difference is that the "local-as" works within a confederation, whereas, the "No-export" does NOT, and the policy will leak into the other sub-ASes within the confederation.
 
-No-advertise - If assigned to a network/s, that network/s should NOT be advertised to ANY BGP neighbor.
 
-No-export - If assigned to a network/s, that network/s should NOT be advertised to an EBGP neighbor.
----------------------------------------------------------------------- 
BGP bestpath med missing-as-worst 
Paths received with no MED are assigned a MED of 0, unless you have enabled bgp bestpath med missing-as-worst .
If you have enabled bgp bestpath med missing-as-worst, the paths are assigned a MED of 4,294,967,294.
----------------------------------------------------------------------- 
BGP always-compare-med 
It is used to change this behavior by enforcing MED comparison between all paths, regardless of the AS from which the paths are received.
bgp bestpath as-path ignore is also needed as part of the solution.

Note: bgp bestpath as-path ignore command is a hidden one.
----------------------------------------------------------------------- 
BGP as-path access-list 
To filter prefixes using "as-path access-list" should use with "filter-list" router command.
----------------------------------------------------------------------- 
BGP Regular Expressions  

+------------------------------------------------------+
| CHAR | USAGE                                         |
+------------------------------------------------------|
|  ^   | Start of string                               |
|------|-----------------------------------------------|
|  $   | End of string                                 |
|------|-----------------------------------------------|
|  []  | Range of characters                           |
|------|-----------------------------------------------|
|  -   | Used to specify range ( i.e. [0-9] )          |
|------|-----------------------------------------------|
|  ( ) | Logical grouping                              |
|------|-----------------------------------------------|
|  .   | Any single character                          |
|------|-----------------------------------------------|
|  *   | Zero or more instances                        |
|------|-----------------------------------------------|
|  +   | One or more instance                          |
|------|-----------------------------------------------|
|  ?   | Zero or one instance                          |
|------|-----------------------------------------------|
|  _   | Comma, open or close brace, open or close     |
|      | parentheses, start or end of string, or space |
+------------------------------------------------------+

+-------------+---------------------------+
| Expression  | Meaning                   |
|-------------+---------------------------|
| .*          | Anything                  |
|-------------+---------------------------|
| ^$          | Locally originated routes |
|-------------+---------------------------|
| ^100_       | Learned from AS 100       |
|-------------+---------------------------|
| _100$       | Originated in AS 100      |
|-------------+---------------------------|
| _100_       | Any instance of AS 100    |
|-------------+---------------------------|
| ^[0-9]+$    | Directly connected ASes   |
+-------------+---------------------------+
Ref link : http://blog.ine.com/2008/01/06/understanding-bgp-regular-expressions/ 


E.g Configure R2 such that it allows AS-Path prepend from AS 100 ONLY if they have 
prepended ther own AS number and NOT anoter AS number. 


Configure R1 in AS 100 to ONLY allow prefixes from its existing and future directly 
connected ASes, these ASes should be allowed to prepend. 


 


# ip as-path access-list 1 permit ^([0-9]+)(_\1)*$ 

----------------------------------------------------------------------- 

BGP REGEX DETERMINISTIC   


"bgp regex deterministic" disabled recursive algorithm when processing regular expressions.

Configure R2 such that it allows AS-Path prepend from AS 100 ONLY if they have prepended ther own AS number and NOT anoter AS number. Configure R1 in AS 100 to ONLY allow prefixes from its existing and future directly connected ASes, these ASes should be allowed to prepend. # ip as-path access-list 1 permit ^([0-9]+)(_\1)*$ 

----------------------------------------------------------------------- 

BGP CONFEDERATION


"BGP confederation identifier" command is used to configure a single AS number to identify a group of smaller ASes (Sub-Ases) as a single confederation. This command MUST be configured on all the routers within the confederation.

"BGP confederation peers" command is used to identify the DIRECTLY CONNECTED EBGP sub-confederation peers.



 





 










Posted by



at


























Labels:


















No comments:











Post a Comment













        

      









Subscribe to:
Post Comments (Atom)