BGP Filtering

  • BGP filtering can be done on any routers
  • Filtering can be done inbound and outbound
  • After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
    • clear ip bgp 20.20.20.20 in/out  preferred
    • clear ip bgp *   (hard reset)
    • clear ip bgp 20.20.20.20 soft in/out

(more…)

BGP Next-hop & iBGP switching

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 r>  1.1.1.0/30       20.20.20.1               0             0 20 ?
 r>  20.20.20.0/24    20.20.20.1               0             0 20 ?
 *>  30.30.30.0/24    20.20.20.1               0             0 20 ?
 *>i 40.40.40.0/24    1.1.2.2                  0    100      0 i

(more…)

BGP Routing

Injecting routes into BGP.

  • Use the network command.
    • Different than the network command in iGP; it isn’t used to listen/active interfaces.
    • the BGP network command looks for the prefix in the routing table and originates that into the BGP table.
    • If no mask is defined, IOS assumes a classful network.
    • Classful route is added if:
      • the exact route is in the ip routing table
      • Any subset of routes are in the routing table (only with auto-summery)
    • create a null0 route
      •  ip route 30.30.30.0 255.255.255.0 null0
router bgp 20
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 neighbor 10.10.10.1 remote-as 10
 neighbor 10.10.10.1 ebgp-multihop 255
 neighbor 10.10.10.1 update-source Loopback1

(more…)

BGP AS Path

  • Multiple path attributes to determine the best path for a certain prefix.
  • When no path attributes are set, BGP uses the AS_PATH to determine the best route.
    • Shortest AS path wins
  • AS_SEQ is the component of the AS_PATH attribute.
    • 10.10.10.0/24 20 10
      • AS-SEQ (in order)
  • With summarization:
    • 10.10.0.0/16 20 10 { 1 2 5 4 3 }  
    • Prefix AS-PATH AS-SEQ  { AS-SET } 
      • AS-SET are not in order
  • Prevents Routing loops.
  • If a BGP router received an update with it’s own AS#, it indicates a loop.
  • If a BGP router received an update with it’s own AS#, it drops the route.

BGP Message types

BGP message types

New relation between two BGP peers:

  • Open
    • type 1
    • Version4 (ipv4), AS#, Hold time, Router-iD, parameters.

(more…)

BGP Neighbor states

  • idle:
    • BGP is down or waiting next retry
  • Connect:
    • The BGP is waiting for the TCP connection to be completed
  • Active:
    • The TCP Connection failed, Connect-retry timer running, listening for incoming TCP Connections
  • Opensent:
    • The TCP connection exists and a BGP Open Message as been send.
    • The matching Open Message has not yet been received
  • Openconfirm:
    • Open Message has been send and received
  • Established:
    • All neighbor parameters match
    • Relationship works
    • Peers can exchange update messages

eBGP Update-source & multihop

  • Local router find the outgoing interface for the neighbor
  • the IP of the outgoing interface is used as the source IP by default.
  • With one link a failure in that link can lose the neighborship.
    •  configure two neighbor commands
    • Use the loopback interfaces as TCP endpoints
  • Loopback links between two AS might miss the route to the peer’s loopback
    • fixed with multihop (TTL=255 instead of TTL=1).

      • create routes between peers to reach loopback address.
      • configure update-source so the right source-ip is used.
R10#(config)router bgp 10
R10#(config-router)neighbor 20.20.20.20 remote-as 20
R10#(config-router)neighbor 20.20.20.20 ebgp-multihop
R10#(config-router)neighbor 20.20.20.20 update-source loopback0

R20#(config)router bgp 20
R20#(config-router)neighbor 10.10.10.10 remote-as 10
R20#(config-router)neighbor 10.10.10.10 ebgp-multihop
R20#(config-router)neighbor 10.10.10.10 update-source loopback0

iBGP – eBGP

 

eBGPiBGP
External BGPInternal BGP
NeighborBetween differnet ASWithin the same AS
Route updatesRoutes are send to eBGP peers by defaultRoutes are not send to BGP peers by default
AS path additionyesno
Administrative distance20200
TopologyDoes not require a full meshFull mesh or Route reflectors or Confedoration
Loop Preventionas-pathBGP split horizon

(more…)

BGP

  • eBGP ad  20
  • iBGP  ad 200
  • BGP uses TCP port 179
  • Designed as an Exterior gateway Protocol.

(more…)

Policy Based Routing

  • PBR intercepts packets before regular routing
  • PBR overwrites the router’s natural destination
  • PBR is tied to route-maps
    • Define the match criteria
    • Define the action for the packets
  •  Packet forwarding
    • Outgoing interface
    • IP Next-Hop

(more…)