BGP Filtering

  • BGP filtering can be done on any routers
  • Filtering can be done inbound and outbound
  • After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
    • clear ip bgp 20.20.20.20 in/out  preferred
    • clear ip bgp *   (hard reset)
    • clear ip bgp 20.20.20.20 soft in/out

(more…)

BGP Next-hop & iBGP switching

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 r>  1.1.1.0/30       20.20.20.1               0             0 20 ?
 r>  20.20.20.0/24    20.20.20.1               0             0 20 ?
 *>  30.30.30.0/24    20.20.20.1               0             0 20 ?
 *>i 40.40.40.0/24    1.1.2.2                  0    100      0 i

(more…)

BGP Routing

Injecting routes into BGP.

  • Use the network command.
    • Different than the network command in iGP; it isn’t used to listen/active interfaces.
    • the BGP network command looks for the prefix in the routing table and originates that into the BGP table.
    • If no mask is defined, IOS assumes a classful network.
    • Classful route is added if:
      • the exact route is in the ip routing table
      • Any subset of routes are in the routing table (only with auto-summery)
    • create a null0 route
      •  ip route 30.30.30.0 255.255.255.0 null0
router bgp 20
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 neighbor 10.10.10.1 remote-as 10
 neighbor 10.10.10.1 ebgp-multihop 255
 neighbor 10.10.10.1 update-source Loopback1

(more…)

BGP AS Path

  • Multiple path attributes to determine the best path for a certain prefix.
  • When no path attributes are set, BGP uses the AS_PATH to determine the best route.
    • Shortest AS path wins
  • AS_SEQ is the component of the AS_PATH attribute.
    • 10.10.10.0/24 20 10
      • AS-SEQ (in order)
  • With summarization:
    • 10.10.0.0/16 20 10 { 1 2 5 4 3 }  
    • Prefix AS-PATH AS-SEQ  { AS-SET } 
      • AS-SET are not in order
  • Prevents Routing loops.
  • If a BGP router received an update with it’s own AS#, it indicates a loop.
  • If a BGP router received an update with it’s own AS#, it drops the route.

BGP Message types

BGP message types

New relation between two BGP peers:


  • Open
    • type 1
    • Version4 (ipv4), AS#, Hold time, Router-iD, parameters.

(more…)

BGP Neighbor states

  • idle:
    • BGP is down or waiting next retry
  • Connect:
    • The BGP is waiting for the TCP connection to be completed
  • Active:
    • The TCP Connection failed, Connect-retry timer running, listening for incoming TCP Connections
  • Opensent:
    • The TCP connection exists and a BGP Open Message as been send.
    • The matching Open Message has not yet been received
  • Openconfirm:
    • Open Message has been send and received
  • Established:
    • All neighbor parameters match
    • Relationship works
    • Peers can exchange update messages

eBGP Update-source & multihop

  • Local router find the outgoing interface for the neighbor
  • the IP of the outgoing interface is used as the source IP by default.
  • With one link a failure in that link can lose the neighborship.
    •  configure two neighbor commands
    • Use the loopback interfaces as TCP endpoints
  • Loopback links between two AS might miss the route to the peer’s loopback
    • fixed with multihop (TTL=255 instead of TTL=1).

      • create routes between peers to reach loopback address.
      • configure update-source so the right source-ip is used.
R10#(config)router bgp 10
R10#(config-router)neighbor 20.20.20.20 remote-as 20
R10#(config-router)neighbor 20.20.20.20 ebgp-multihop
R10#(config-router)neighbor 20.20.20.20 update-source loopback0

R20#(config)router bgp 20
R20#(config-router)neighbor 10.10.10.10 remote-as 10
R20#(config-router)neighbor 10.10.10.10 ebgp-multihop
R20#(config-router)neighbor 10.10.10.10 update-source loopback0

iBGP – eBGP

 

(more…)

BGP

  • eBGP ad  20
  • iBGP  ad 200
  • BGP uses TCP port 179
  • Designed as an Exterior gateway Protocol.

(more…)

Policy Based Routing

  • PBR intercepts packets before regular routing
  • PBR overwrites the router’s natural destination
  • PBR is tied to route-maps
    • Define the match criteria
    • Define the action for the packets
  •  Packet forwarding
    • Outgoing interface
    • IP Next-Hop

(more…)