Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by Rrustem Bejta

4. BGP on IOS XR - Presentation

advertisement 
BGP on CISCO
IOS XR
Content
 BGP Overview
 External BGP (eBGP)
 Internal BGP (iBGP)
 Path selection algorithm
BGP Overview
 BGP (Border Gateway Protocol)
 Designed as EGP (Exterior Gateway Protocol)
 Is used to exchange network layer reachability
information (NLRI) between routing domains
(autonomous systems)
BGP vs IGPs
Similarities
 Establishes a neighbor
relationship (peering) before
exchanging topology
information
 Prefixes need to be
advertised
 Uses periodic keepalive
messages to ensure
availability of BGP
neighbors
Differences
 Neighbor relationships are
not dynamically formed
 Neighbor does not have to
be directly connected
 TCP port 179
BGP message types





OPEN message
UPDATE message
KEEPALIVE message
NOTIFICATION message
ROUTE-REFRESH message
BGP Neighbor States (FSM)
 Idle
 Connect
 Active
 OpenSent
 OpenConfirm
 Established
External BGP (eBGP)
 Neighbors are in different Autonomous
Systems
 Local AS must match with neighbor’s
configured remote-as asn
 BGP router IDs of the two routers must not be
the same
 Neighbors must be reachable*
 Authentication must pass
BGP router ID on IOS XR
 Strongly advised to configure a router ID
 If not configured, BGP uses the highest IP
address of existing loopback interfaces
 If no loopbacks exist prior to configuring the
BGP process, it assumes the first configured
IPv4 address
BGP update-source
 Update-source command tells a router which
IP address to use as source for TCP connection
 Local router’s update-source must match with
neighboring router’s reference to that IP
address*
 The preferred option is to use loopback
interfaces as update-source
eBGP multihop
 TTL
 Default is 1, maximum 255
 When using loopback interfaces as updatesource for an eBGP neighbor relationship,
eBGP multipath must be configured with a
higher value
eBGP multihop example
RP/0/0/CPU0:R1#show bgp neighbor
Fri Sep 6 11:24:13.429 UTC
BGP neighbor is 2.2.2.2
Remote AS 65001, local AS 65000, external link
Remote router ID 0.0.0.0
BGP state = Idle (eBGP neighbor not directly connected)
--------------------------------------------------------Connections established 0; dropped 0
Local host: 0.0.0.0, Local port: 0
Foreign host: 2.2.2.2, Foreign port: 0
Last reset 00:00:00
External BGP neighbor not directly connected.
BGP address-families on
IOS XR
 Supported address families (IPv4, IPv6,
VPNv4, VPNv6)
 The required address family must be activated
in BGP global configuration before a neighbor
peer configuration can be assigned that address
family
BGP address-family
(IPv4) example
RP/0/0/CPU0:R2#show bgp neighbor
Fri Sep 6 11:31:34.090 UTC
BGP neighbor is 1.1.1.1
Remote AS 65000, local AS 65001, external link
Remote router ID 0.0.0.0
BGP state = Idle (No address-family configured)
-----------------------------------------------------------No address families are configured on the neighbor.
The BGP session with this neighbor will not be established.
Connections established 0; dropped 0
Local host: 0.0.0.0, Local port: 0
Foreign host: 1.1.1.1, Foreign port: 0
Last reset 00:00:00
External BGP neighbor not directly connected.
BGP Route-policy on IOS
XR
 If route-policy is not applied on both routers
eBGP session will be established but no routes
will be exchanged
 Route-policy must be applied on both routers
and both directions
BGP route-policy example
route-policy not enabled (1)
RP/0/0/CPU0:R2#show bgp summary
Fri Sep 6 13:07:15.436 UTC
BGP router identifier 2.2.2.2, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process
Speaker
RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
2
2
2
2
2
2
Some configured eBGP neighbors (under default or non-default vrfs)
do not have both inbound and outbound policies configured for IPv4 Unicast
address family. These neighbors will default to sending and/or
receiving no routes and are marked with '!' in the output below.
Use the 'show bgp neighbor <nbr_address>' command for details.
Neighbor
1.1.1.1
Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
0 65000
6
6
2
0
0 00:03:54
0!
BGP route-policy example
route-policy not enabled (2)
RP/0/0/CPU0:R2#show bgp neighbor
Fri Sep 6 13:03:25.172 UTC
BGP neighbor is 1.1.1.1
Remote AS 65000, local AS 65001, external link
Remote router ID 1.1.1.1
BGP state = Established, up for 00:00:03
------------------------------------------------------------------------For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.2 Filter-group: 0.1 No Refresh request being processed
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
------------------------------------------------------------------------Connections established 1; dropped 0
Local host: 2.2.2.2, Local port: 179
Foreign host: 1.1.1.1, Foreign port: 49054
Last reset 00:00:00
External BGP neighbor may be up to 2 hops away.
BGP route-policy example
route-policy enabled (1)
RP/0/0/CPU0:R2#show bgp summary
Fri Sep 6 13:26:52.456 UTC
BGP router identifier 2.2.2.2, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process
Speaker
Neighbor
1.1.1.1
RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
2
2
2
2
2
2
Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
0 65000
27
27
2
0
0 00:23:31
0
BGP route-policy example
route-policy enabled (2)
RP/0/0/CPU0:R2#show bgp neighbor
Fri Sep 6 13:22:50.182 UTC
BGP neighbor is 1.1.1.1
Remote AS 65000, local AS 65001, external link
Remote router ID 1.1.1.1
BGP state = Established, up for 00:19:28
------------------------------------------------------------------------For Address Family: IPv4 Unicast
BGP neighbor version 2
Update group: 0.1 Filter-group: 0.2 No Refresh request being processed
Route refresh request: received 1, sent 1
Policy for incoming advertisements is pass_all
Policy for outgoing advertisements is pass_all
-------------------------------------------------------------------------
Connections established 1; dropped 0
Local host: 2.2.2.2, Local port: 179
Foreign host: 1.1.1.1, Foreign port: 49054
Last reset 00:00:00
External BGP neighbor may be up to 2 hops away.
Injecting routes via BGP
 Only routes that are in the routing table (RIB)
can be injected in the BGP table and then
advertised to other BGP neighbors
 Network command (must match exact
prefix/subnet, assuming default setting of no
auto-summary)
 Redistribution
Injecting routes via BGP
example (1)
RP/0/0/CPU0:R1#show route
Fri Sep 6 14:14:20.680 UTC
--------------------------------------------------------------L 10.10.10.10/32 is directly connected, 00:12:22, Loopback10
--------------------------------------------------------------RP/0/0/CPU0:R1(config)#router bgp 65000
RP/0/0/CPU0:R1(config-bgp)#address-family ipv4 unicast
RP/0/0/CPU0:R1(config-bgp-af)#network 10.0.0.0/24
RP/0/0/CPU0:R1(config-bgp-af)#commit
RP/0/0/CPU0:R1#show bgp ipv4 unicast
Fri Sep 6 14:16:43.611 UTC
RP/0/0/CPU0:R1(config-bgp-af)#no net 10.0.0.0/24
RP/0/0/CPU0:R1(config-bgp-af)#commit
Fri Sep 6 14:20:32.774 UTC
RP/0/0/CPU0:R1(config-bgp-af)#network 10.10.10.10/32
RP/0/0/CPU0:R1(config-bgp-af)#commit
Fri Sep 6 14:20:55.873 UTC
Injecting routes via BGP
example (2)
RP/0/0/CPU0:R1#show bgp ipv4 unicast
Sun Sep 8 17:00:12.925 UTC
BGP router identifier 1.1.1.1, local AS number 65000
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 3
BGP main routing table version 3
BGP scan interval 60 secs
RP/0/0/CPU0:R2#show bgp ipv4 unicast
Fri Sep 6 14:22:03.219 UTC
BGP router identifier 2.2.2.2, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 5
BGP main routing table version 5
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, >
best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 10.10.10.10/32 0.0.0.0
0
32768 i
Status codes: s suppressed, d damped, h history, * valid, >
best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop Metric LocPrf Weight Path
*> 10.10.10.10/32 1.1.1.1
0
0 65000 i
Processed 1 prefixes, 1 paths
Injecting routes via BGP
example (3)
RP/0/0/CPU0:R2#show bgp ipv4 unicast 10.10.10.10/32
Fri Sep 6 15:15:43.558 UTC
BGP routing table entry for 10.10.10.10/32
Versions:
Process
bRIB/RIB SendTblVer
Speaker
5
5
Last Modified: Sep 6 14:21:31.250 for 00:54:13
Paths: (1 available, best #1)
Advertised to peers (in unique update groups):
5.5.5.5
Path #1: Received by speaker 0
Advertised to peers (in unique update groups):
5.5.5.5
65000
1.1.1.1 (metric 20) from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 5
Origin-AS validity: not-found
Internal BGP (iBGP)
 Peering inside an AS must consist of a full mesh,
because an iBGP speaker is not allowed to pass
on prefixes learned from one iBGP peer to
another iBGP peer*
 AS_Path and next hop are not modified
 Does not require direct connectivity
 Requires prefix synchronization between iBGP
and IGP (disabled by default on IOS XR)
Verifying iBGP (1)
RP/0/0/CPU0:R3#show bgp ipv4 unicast
Sun Sep 22 11:05:48.383 UTC
BGP router identifier 3.3.3.3, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*>i10.10.10.10/32 1.1.1.1
0
100
0 65000 i
Processed 1 prefixes, 1 paths
Verifying iBGP (2)
RP/0/0/CPU0:R3#show bgp ipv4 unicast 10.10.10.10
Sun Sep 22 11:02:08.628 UTC
BGP routing table entry for 10.10.10.10/32
Versions:
Process
bRIB/RIB SendTblVer
Speaker
4
4
Last Modified: Sep 22 10:58:30.314 for 00:03:38
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
65000
1.1.1.1 (metric 30) from 5.5.5.5 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 4
Originator: 2.2.2.2, Cluster list: 5.5.5.5
BGP next-hop-self
 iBGP speaker (by default) does not change the
next hop address when advertising a route to
an iBGP neighbor
 Next-hop reachability within the AS is
provided by an IGP
 Next-hop address is the address listed in
neighbor x.x.x.x command
BGP next-hop-self
example
RP/0/0/CPU0:R4#show bgp ipv4 unicast
Sun Sep 8 17:09:54.816 UTC
BGP router identifier 4.4.4.4, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 5
BGP main routing table version 5
BGP scan interval 60 secs
RP/0/0/CPU0:R4#show bgp ipv4 unicast
Sun Sep 8 17:15:11.944 UTC
BGP router identifier 4.4.4.4, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 6
BGP main routing table version 6
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, >
best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*>i10.10.10.10/32 1.1.1.1
0 100 0 65000 i
Status codes: s suppressed, d damped, h history, * valid, >
best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*>i10.10.10.10/32 2.2.2.2
0 100 0 65000 i
Processed 1 prefixes, 1 paths
Processed 1 prefixes, 1 paths
BGP filtering
 Filtering can happen on any router
 Filtering based on prefix/length or path
attributes
 BGP filtering configuration enables filters per
neighbor
BGP filtering example (1)
RP/0/0/CPU0:R5-RR#show bgp neighbor 3.3.3.3 advertised-routes
Sun Sep 22 11:54:36.603 UTC
Network
Next Hop
From
AS Path
10.10.10.10/32 1.1.1.1
2.2.2.2
65000i
RP/0/0/CPU0:R4(config)#router bgp 65001
RP/0/0/CPU0:R4(config-bgp)#neighbor 5.5.5.5
RP/0/0/CPU0:R4(config-bgp-nbr)#address-family ipv4 unicast
RP/0/0/CPU0:R4(config-bgp-nbr-af)#route-policy filter_bgp in
RP/0/0/CPU0:R4(config-bgp-nbr-af)#commit
RP/0/0/CPU0:R4#show bgp neighbor 5.5.5.5 received routes
Sun Sep 22 11:56:55.593 UTC
% The 'show bgp neighbor received routes' command is only available when inbound soft
reconfiguration is active. To activate inbound soft reconfiguration, use the 'soft-reconfiguration
inbound' command. If the neighbor supports route-refresh, the 'always' option to the command must
also be specified.
BGP filtering example (2)
RP/0/0/CPU0:R4(config)#router bgp 65001
RP/0/0/CPU0:R4(config-bgp)#neighbor 5.5.5.5
RP/0/0/CPU0:R4(config-bgp-nbr)#address-family ipv4 unicast
RP/0/0/CPU0:R4(config-bgp-nbr-af)#soft-reconfiguration inbound ?
always
Always use soft reconfig, even if route refresh is supported
inheritance-disable Prevent soft-reconfiguration from being inherited from the parent
<cr>
RP/0/0/CPU0:R4(config-bgp-nbr-af)#soft-reconfiguration inbound always
RP/0/0/CPU0:R4(config-bgp-nbr-af)#commit
Sun Sep 22 12:18:24.215 UTC
RP/0/0/CPU0:R4#show bgp neighbor 5.5.5.5 received routes
-------------------------------------------------------------------------Network
Next Hop
Metric LocPrf Weight Path
*>i10.10.10.10/32 1.1.1.1
0
100
0 65000 I
RP/0/0/CPU0:R4#show bgp neighbor 5.5.5.5 routes
Sun Sep 22 12:50:27.363 UTC
Route Reflection (1)
 Route reflectors
 Route reflector clients
 Regular iBGP peers
 A client of one RR can be an RR of another
client. A nonclient with respect to one RR can
be a RR of another client
 Full iBGP mesh is required only between RRs
and between RRs and nonclients.
Route Reflection (2)
 n(n-1)/2
 five iBGP sessions
instead of ten
 RR advertises or reflects
only its best path
Route Reflector Rules (1)
 If an update comes from an eBGP peer, RR
advertises that update to all its peers (iBGP,
eBGP, RR clients)*
Route Reflector Rules (2)
 If an update comes from an iBGP peer, RR
advertises that update to its eBGP peers and
RR clients
Route Reflector Rules (3)
 If an update comes from a RR client, RR
advertises that update to other RR clients,
iBGP, and eBGP peers
Route Reflector example
RP/0/0/CPU0:R5-RR#show bgp neighbor 2.2.2.2
Sun Sep 8 16:36:40.762 UTC
RP/0/0/CPU0:R5-RR#show bgp neighbor 3.3.3.3
Sun Sep 8 16:40:36.836 UTC
BGP neighbor is 2.2.2.2
Remote AS 65001, local AS 65001, internal link
Remote router ID 2.2.2.2
Cluster ID 5.5.5.5
BGP state = Established, up for 00:44:02
------------------------------------------------------------------------For Address Family: IPv4 Unicast
BGP neighbor version 3
Update group: 0.2 Filter-group: 0.1 No Refresh request
being processed
Route-Reflector Client
Route refresh request: received 0, sent 0
------------------------------------------------------------------------Connections established 1; dropped 0
Local host: 5.5.5.5, Local port: 13246
Foreign host: 2.2.2.2, Foreign port: 179
Last reset 00:00:00
BGP neighbor is 3.3.3.3
Remote AS 65001, local AS 65001, internal link
Remote router ID 3.3.3.3
BGP state = Established, up for 00:22:33
------------------------------------------------------------------------For Address Family: IPv4 Unicast
BGP neighbor version 3
Update group: 0.3 Filter-group: 0.2 No Refresh request
being processed
Route refresh request: received 0, sent 0
------------------------------------------------------------------------Connections established 1; dropped 0
Local host: 5.5.5.5, Local port: 179
Foreign host: 3.3.3.3, Foreign port: 40537
Last reset 00:00:00
Route Reflector Cluster ID
(1)
 When multiple RRs are used to serve one or
more clients
 Defaults to the BGP router ID
 If two routers share the same Cluster ID, they
belong to the same cluster
 Updates from a RR that has the same Cluster
ID are denied
Route Reflector Cluster ID
(2)
 RR cluster can include one or more RRs, each
with one or more clients
 A client can be in multiple
clusters simultaneously
Route Reflector
Originator ID
 In a RR environment, the first RR creates the
Originator ID attribute and sets it to the BGP
router ID of the router that originated the route
 This attribute is never modified by subsequent
RRs
Route Reflector
Originator ID example
RP/0/0/CPU0:R4#show bgp ipv4 unicast 10.10.10.10
Sun Sep 8 16:32:06.711 UTC
BGP routing table entry for 10.10.10.10/32
Versions:
Process
bRIB/RIB SendTblVer
Speaker
3
3
Last Modified: Sep 8 15:53:43.191 for 00:38:24
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
65000
1.1.1.1 (metric 40) from 5.5.5.5 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 3
Originator: 2.2.2.2, Cluster list: 5.5.5.5
AS Confederations (1)
 Splitting a large AS into a number of smaller
autonomous systems called sub-autonomous systems
 eBGP sessions are used among sub-AS
 The iBGP full-mesh requirement still applies within
each sub-AS
 eBGP session within a confederation is called an
intra-confederation eBGP session
 To the external neighbors (peers outside the
confederation), the sub-AS topology is invisible
AS Confederations (2)
 To other autonomous systems, a confederation
appears as a single AS
 Sub-AS do no have to use the same IGP
 When different IGPs are used, however, BGP nexthop reachability must be guaranteed within each
member AS
 Private AS number (ranging from 64512 through
65535) is typically, but not necessarily, used to
identify the member AS inside a confederation
AS Confederations peering
types
 External peering, such as between R4 and R5
 Confederation external peering, such as between R2
and R4
 Internal peering, such as between R1 and R2
Path selection Algorithm
(1)
1. Weight (Cisco-proprietary) – default is 32768 for
locally originated paths and 0 for other paths
2. Local preference – default is 100 for iBGP learned
routes
3. Locally originated through a network/redistribute
command
4. AS path length (configuration of bgp bestpath aspath ignore bypasses this step)
5. Origin type (I<E<?)
Path selection Algorithm
(2)
6. MED (Multi-exit discriminator)
- bgp bestpath med always
- bgp deterministic-med*
- bgp bestpath med confed
- bgp bestpath med missing-as-worst
Example:
entry1: AS(PATH) 500, med 150, external, rid 172.16.13.1
entry2: AS(PATH) 100, med 200, external, rid 1.1.1.1
entry3: AS(PATH) 500, med 100, internal, rid 172.16.8.4
Path selection Algorithm
(3)
7. External (eBGP) over internal (iBGP) paths
8. IGP metric to BGP next hop
9. If maximum-paths {ebgp, eibgp, ibgp} n*
(2≤n ≤32), BGP inserts up to n received paths on the IP
routing table
10. When both paths are external, BGP prefers the path that
was received first (the oldest one). This step is skipped
if:
- bgp bestpath compare-routerid is enabled
- the router ID is the same for multiple paths
- there is no current best path
Path selection Algorithm
(4)
11. BGP prefers the route coming from the BGP router
with the lowest router ID (if coming from RR
prefers the lower originator ID)
12. Cluster list length
13. Lower neighbor address (IP address used in the
neighbor configuration)
Thank you !
Download
advertisement