Modulo 9 del CCNP

8/18/2019 Modulo 9 del CCNP

1/47


2/47

9.1.! Sin"le#$omed utonomous systems

If an &$ has only one exit point to outside networs" it is considered a singlehomed system. $inglehomed

autonomous systems are often referred to as stub networs or stubs. $tubs can rely on a default route to handleall traffic destined for nonlocal networs. %or the networ shown in %igure " configure the routers in thecustomer &$ to use a default route to an upstream service provider.

'he following are three methods to advertise a customers networs from the providers perspective9

• Use stti% %onfi"urtion : 'he provider lists the customers networs as static entries in its own

router and advertises these routes upstream to the Internet core. 'his approach wors well if thecustomers networs can be summari-ed using a ,I8R prefix" as discussed in 7odule !. ;owever" if the

&$ contains numerous discontiguous networs" route aggregation may not be a viable option.

• Use n &GP : *oth the provider and the customer use an IGP to share information regarding the

customers networs. 'his provides the benefits associated with dynamic routing.

• Use n EGP : 'he third method by which the I$P can learn and advertise the customers routes is to

use an EGP such as *GP. In a singlehomed autonomous system the customers routing policies are anextension of the policies of the provider. %or this reason the Internet number registries are unliely toassign an &$ number. Instead" the provider can give the customer an &$ number from the private poolof &$ numbers" 0+"1! to 01"121. 'he provider will strip off these numbers when advertising thecustomers routes towards the core of the Internet.

6otice that only the final solution re/uires the customers to enable *GP on their router.


3/47

9.1.' Multi$omed nontrnsit utonomous systems

&n &$ is a multihomed system if it has more than one exit point to outside networs. &n &$ connected to theInternet can be multihomed to a single provider or multiple providers. & nontransit &$ does not allow transit trafficto pass through it. 'ransit traffic is any traffic that has a source and destination outside the &$. %igureillustrates a multihomed and nontransit &$" shown as &$ !+" which is connected to two providers" I$P andI$P!.

& nontransit &$ would advertise only its own routes to both providers to which it connects. It would not advertiseroutes that it learned from one provider to another. 'his maes certain that I$P will not use &$ !+ to reachdestinations that belong to I$P!" and I$P! would not use &$ !+ to reach destinations that belong to I$P. #fcourse" I$P or I$P! can force traffic to be directed to &$ !+ by way of default or static routing. &s a precaution

against this" the router at the border of &$ !+ could filter incoming traffic to prevent transit traffic from passingthrough its border router.

7ultihomed nontransit autonomous systems do not really need to run *GP+ with their providers. It is usuallyrecommended and often re/uired by I$Ps. &s it will be seen later in this module" *GP+ offers numerousadvantages" including increased control of route propagation and filtering.


4/47

9.1.( Multi$omed trnsit utonomous systems

& multihomed transit system has more than one connection to the outside world and can be used for transit

traffic by other autonomous systems. 'he multihomed &$ views transit traffic as any traffic originating fromoutside sources bound for outside destinations.

& transit &$ can route transit traffic by running *GP internally so that multiple border routers in the same &$ canshare *GP information. &dditional routers may be used to forward *GP information from one border router toanother. *GP can be run inside an &$ to facilitate this exchange.


5/47

8o not use *GP within the &$ in the following situations9

• 'here is only a single connection to the Internet or other &$.

• Internet routing policy and route selection are not of concern to the &$.

• 'he *GP routers have insufficient R&7 or processor power to handle constant updates.

• 'here is limited understanding of route filtering and the *GP path selection process.

• =ow bandwidth lin between autonomous systems

In %igure " router & is advertising a default networ into the &$ through a local IGP" such as RIP. & static routeaffords connectivity through router * to the &$ for the I$P. 'he I$P is running *GP and is recogni-ed by other*GP routers in the Internet.

+ote: In general" when there are different policy re/uirements than the I$P" it is necessary touse *GP to connect to an I$P.

9.! Bsi% BGP O,ertion

9.!.1 BGP routin" u,dtes

*GP has been most recently defined in R%, >>!. 'he function of *GP is to exchange routing informationbetween autonomous systems and guarantee the selection of a loop free path. *GP+ is the first version of *GPthat supports ,I8R and route aggregation. ,ommon IGPs such as RIP" #$P%" and EIGRP use technical metrics.*GP does not use technical metrics. Instead" *GP maes routing decisions based on networ policies" or rules.

'his section offers a brief overview of how *GP wors and is followed by a more detailed examination of thevarious types of *GP pacets and relationship states.

*GP updates are carried using ',P on port >3. In contrast" RIP updates use ?8P port 1!@" while #$P% doesnot use a =ayer + protocol. *ecause *GP re/uires ',P" IP connectivity must exist between *GP peers. ',Pconnections must also be negotiated between them before updates can be exchanged. 'herefore" *GP inheritsthose reliable" connectionoriented properties from ',P.

'o guarantee loop free path selection" *GP constructs a graph of autonomous systems based on the informationexchanged between *GP neighbors. *GP views the whole internetwor as a graph" or tree" of autonomoussystems. 'he connection between any two systems forms a path. 'he collection of path information is expressedas a se/uence of &$ numbers called the &$ Path. 'his se/uence forms a route to reach a specific destination.


6/47

9.!.! BGP nei"$-ors


7/47

9.!.' BGP mess"e ty,es

8ifferent message types play an essential role in *GP operation. Each message type includes the *GPmessage header.

'he message header contains only three fields. 'hey are a 0byte 7arer field" a !byte =ength field" and a byte 'ype field. 'he 7arer field is used either to authenticate incoming *GP messages or to detect loss ofsynchroni-ation between two *GP peers.

'he =ength field indicates the total *GP message length" including the header. 'he smallest *GP message is 3bytes" 0 A ! A " and the largest possible message is +@30 bytes.

'he 'ype field can have four values" to +. Each of these values corresponds to one of the four *GP messagetypes" described as follows9

• O,en Mess"e : 'his message is used to establish connections with peers and includes fields for the

*GP version number" the &$ number" hold time" and Router I8.

• ee,live Mess"e : 'his message type is sent periodically between peers to maintain connections

and verify paths held by the router sending the eepalive. If the periodic timer is set to a value of -ero(@)" no eepalives are sent. 'he recommended eepalive interval is one third of the hold time interval.'he eepalive message is a 3byte *GP message header with no data following it.

• +otifi%tion Mess"e : 'his message type is used to inform the receiving router of errors. 'his

message includes a field for error codes that can be used to troubleshoot *GP connections.

• U,dte Mess"e : 'he update messages contain all the information *GP uses to construct a loop free

picture of the internetwor. 'here are three basic components of an update message. 'hey are networlayer reachability information (6=RI)" path attributes" and withdrawn routes. 'hese three elements aredescribed briefly in the following sections.


8/47

9.!.( BGP nei"$-or ne"otition

'he *GP neighbor negotiation process proceeds through various states" or stages" which can be described interms of a finitestate machine (%$7).

/$e BGP 0SMRecall that in 7odule 0" EIGRP" an %$7 was defined. &n %$7 is a set of possible states something can gothrough" what events causes those states" and what events will result from those states. %igure presents the*GP %$7" which includes the states and some of the message events that cause them.

'he six states of the *GP %$7 are described as follows9

• &dle : Idle is the first state of a *GP connection. *GP is waiting for a start event. It is normally initiated

by an administrator or a networ event. &t the start event" *GP initiali-es its resources and resets aconnect retry timer. 'hen it starts listening for a ',P notice that *GP can transition bac to Idle from anyother state in case of errors.

• onne%t : In the ,onnect state" *GP is waiting for the ',P connection to be completed. If the ',P

connection is successful" the state transitions to #pen$ent. If the ',P connection fails" the statetransitions to the &ctive state" and the router tries to connect again. If the connect retry timer expires" thestate remains in the ,onnect state" the timer is reset" and a ',P connection is initiated. In case of anyother event" initiated by the system or the administrator" the state returns to Idle.

• A%tive : In the &ctive state" *GP is trying to ac/uire a peer by initiating a ',P connection. If it is

successful" it transitions to #pen$ent. If the connect retry timer expires" *GP restarts the connect timerand returns to the ,onnect state.


9/47

In general" a neighbor state that is switching between B,onnectB and B&ctiveB is an indication thatsomething is wrong and that there are problems with the ',P connection. It could be because of many',P retransmissions" or the incapability of a neighbor to reach the IP address of its peer.

• O,enSent : In the #pen$ent state" *GP is waiting for an open message from its peer. 'he open

message is checed for correctness. In case of errors" such as an incompatible version number or anunacceptable &$" the system sends an error notification message and goes bac to idle. If there are noerrors" *GP starts sending eepalive messages and resets the eepalive timer. &t this stage" the holdtime is negotiated and the smaller value is taen. If the negotiated hold time is -ero (@)" the hold timerand the eepalive timer are not restarted.

&t the #pen$ent state" *GP recogni-es whether the peer belongs to the same &$ or to a different &$.*GP does this by comparing its &$ number to the &$ number of its peer. & same &$ is an I*GP peerand a different &$ is an E*GP peer.


10/47

9.!.) +etwor2#lyer re%$-ility informtion 3+L4&5

Rather than advertise reachable destinations as a networ and a subnet mas" *GP advertises them usingnetworlayer reachability information (6=RI)" which consists of prefixes and prefix lengths. 'he prefix representsthe reachable destination" and the prefix length represents the number of bits set in the subnet mas. %orexample" @...@ !11.!11.!11.@ has a prefix of @...@ and a prefix length of !+.

+ote: 'here are !+ bits set in the subnet mas. 'herefore it would be advertised by *GP as@...@C!+.

'he 6=RI consists of multiple instances of the !tuple Dlength" prefix. & tuple is a mathematical term for a set of elements. In this case" the two (!) refers to the fact that there are only two elements in the set. 'herefore" the6=RI D3" 3!.!+.0@.@ represents the prefix of 3!.!+.0@.@" and the length is a 3bit mas. In decimalterms" this 6=RI refers to the supernet 3!.!+.0@.@ !11.!11.!!+.@.*it$drwn 4outes


11/47

Each individual attribute is identified by its type and attribute code. %igure lists the attribute codes that arecurrently defined.$everal of these attributes are discussed later in this module. &ttributes " !" and 2 are not implemented by,isco because they do not add functionality and will not be covered.

9.' onfi"urin" BGP

9.'.1 Bsi% BGP %onfi"urtion

*GP configuration commands appear on the surface to mirror the syntax of familiar IGP commands. Examplesof familiar IGP commands are RIP and #$P%. &lthough the syntax is similar" the function of these commands issignificantly different.

'o begin configuring a *GP process" issue the following familiar command9

router(config)#router bgp AS-number

6otice that the ,isco I#$ permits only one *GP process to run at a time. 'herefore" a router cannot belong tomore than one *GP &$.'he network command is used with IGPs" such as RIP" to determine the interfaces on which to send and

receive updates. 'he command also indicates which directly connected networs to advertise. ;owever" whenconfiguring *GP" the network command does not affect what interfaces *GP runs on. 'herefore" configuring

5ust a network statement will not establish a *GP neighbor relationship. 'his is a ma5or difference between

*GP and IGPs. 'he networ statement follows this syntax9

Router(config-router)#network network-number [ mask network-mask]

In *GP" the network command tells the *GP process what locally learned networs to advertise. 'he networs

can be connected routes" static routes" or routes learned by way of a dynamic routing protocol" such as RIP.'hese networs must also exist in the routing table of the local router or they will not be sent out in updates. 'he

mask eyword can be used with the network command to specify individual subnets. Routes learned by the

*GP process are propagated by default but are often filtered by a routing policy.%or a *GP router to establish a neighbor relationship with another *GP router" issue the following configurationcommand9

Router(config-router)#neighbor ip-address remote-as AS-number

'his command serves to identify a peer router with which the local router will establish a session. 'he ip-

address argument is the IP address of the neighbor interface. 'he AS-number argument determines whether

the neighbor router is an E*GP or an I*GP neighbor.


12/47

9.'.! EBGP nd &BGP


13/47

RTB(config)#router bgp 200RTB(config-router)#neighbor 172.16.1.2 remote-as 200

RTB(config-router)#neighbor 172.16.1.2 update-source loopback 0

'he remote-as value" !@@" is the same as the &$ number for the *GP on R'*. 'herefore" *GP recogni-es

that this connection will occur within &$ !@@. It attempts to establish an I*GP session. In reality" &$ !@@ is not aremote &$ at all as it is the local &$ with both routers residing there. %or simplicity" the eyword remote-as is

used when configuring both E*GP and I*GP sessions. &lso notice the second neighbor command. 'his is used to assign an optional parameter to be used when

communicating with that neighbor. It is typical to use multiple neighbor commands for the same *GP neighbor"each specifying a particular *GP option.In this example" the option specified is update-source loopback 0. If multiple pathways to the neighbor

exist" then the router can use any IP interface to spea *GP with that neighbor. 'he update-source

loopback 0 command is used to instruct the router to use interface loopbac -ero (@) for ',P connections.

'his command is typically used in all I*GP configurations.


14/47

E*GP session. 'his is despite the fact that R'J does not support *GP. 'he E*GP multihop option is configuredon each peer with the following command9

Router(config-router)#neighbor ip-address ebgp-multihop [hops]

'his command enables the specification of how many hops" up to !11" separate the E*GP peers. 'he followingcommands could be applied to the routers in the example9

RT'(config)#router bgp 200RT'(config-router)#neighbor 1.1.1.2 remote-as 300RT'(config-router)#neighbor 1.1.1.2 ebgp-multihop 2RT(config)#router bgp 300RT(config-router)#neighbor 2.2.2.1 remote-as 200RT(config-router)#neighbor 2.2.2.1 ebgp-multihop 2

In general" E*GP multihop is designed to allow the development of economical &$ edge router solutions. &single router with sufficient R&7 and ,P? power to support *GP is used to handle the *GP routing needs. 'hisrouter does not have to be an expensive modular" chassis based system. E*GP multihop allows inexpensiveedge routers to provide sufficient


15/47

9.'.6 Peerin"

&ny two routers that have formed a ',P connection in order to exchange *GP routing information are calledpeers or neighbors.

%igure demonstrates the different types of *GP peering sessions that will be encountered. &n I*GP peeringsession is formed within &$ 2" between the loopbac address of R'& and a physical address of R'%. &n E*GPsession is also formed between &$ 2 and &$ by using the two directly connected IP addresses of R'& andR',. &nother E*GP session is formed between R'% in &$ 2 and R'8 in &$ !" using IP addresses that are noton the same segment" multihop.

It is important to remember that the *GP peers will never become established unless there is IP connectivitybetween the two peers. In this example" #$P% is used to establish the re/uired internal connectivity betweenR'8 and R'E.

+ote: ,lic on the topology in %igure to view command outputs.

In the configuration from R'%" the ebgp-multihop 2 command is seen being used as part of the neighbor

configuration. 'his is an indication that the exterior *GP peer is not directly connected and can be reached at amaximum of two hops away. Remember that E*GP multihop is applicable only with E*GP" and not with I*GP.

'he example also shows how the peer connection will loo after the neighbors are in an established state. R'%sees neighbor >!.0.!.!1+ as an internal neighbor that belongs to &$2. 'he neighbor connection is running*GP Jersion + with a table version of two (!). 'he table version changes every time the *GP table is updated.'he other R'% neighbor" 3!.04.!." is also in an Established state. 'his is an external neighbor that belongs to

&$!. 6otice that the display indicates that this neighbor is two hops away and is configured using the ebgp-

multihop command.

9.'.8 BGP %ontinuity inside n AS

*GP does not advertise routes learned by way of I*GP peers to other I*GP peers. If *GP did" *GP routinginside the &$ would present a dangerous potential for routing loops. %or I*GP routers to learn about all *GProutes inside the &$" they must connect to every other I*GP router in a full I*GP mesh. 'his full mesh needs tobe only logical" not physical. In other words" as long as the I*GP peers can connect to each other using ',PCIP"a logical full mesh can be created even if the routers are not directly connected.

%igure illustrates one of the common mistaes that administrators mae when setting *GP routing within an &$. 'his I$P networ has three P#Ps ($an Lose" $an %rancisco" and =os &ngeles). Each P#P has multiple non*GP routers and a *GP border router running E*GP with other autonomous systems. 'he administrator has setup an I*GP connection between the $an Lose border router and the $an %rancisco border router. &nother I*GP


16/47

connection has been set up between the $an %rancisco border router and the =os &ngeles border router. In thisconfiguration" E*GP routes learned by way of $an Lose are given to $an %rancisco. E*GP routes learned byway of $an %rancisco are given to $an Lose and =os &ngeles. =astly E*GP routes learned by way of =os

&ngeles are given to $an %rancisco.

;owever" routing in this scenario is not complete. E*GP routes learned by way of $an Lose will not be given to=os &ngeles" and E*GP routes learned by way of =os &ngeles will not be given to $an Lose. 'his is because the$an %rancisco router will not advertise I*GP routes between $an Lose and =os &ngeles.


17/47

9.) /$e BGP 4outin" Pro%ess

9.).1 An overview of t$e BGP routin" ,ro%ess

'his section describes the process that *GP uses to mae routing decisions. Routes are exchanged between*GP peers by way of update messages. *GP routers receive the update messages" perform some policies orfilters on the updates" and then pass the routes on to other *GP peers.

'he ,isco implementation of *GP eeps trac of all *GP updates in a *GP table separate from the IP routingtable. In case multiple routes to the same destination exist" *GP does not flood its peers with all those routes.Instead" *GP pics only the best route and sends it to the peers. In addition to passing along routes from peers"a *GP router may originate routing updates to advertise networs that belong to its own &$. Jalid local routesoriginated in the system and the best routes learned from *GP peers are then installed in the IP routing table.'he IP routing table is used for the final routing decision.

'he following sections detail the *GP routing process" implementing *GP routing policy" controlling *GP routingwith attributes" and handling the *GP decision process.


18/47

9.).! /$e BGP routin" ,ro%ess model

'o model the *GP process" imagine each *GP speaer having different pools of routes and different policyengines applied to the routes. 'he model" shown in %igure " would involve the following components9

• 4outes re%eived from ,eers : *GP receives routes from external or internal peers. 8epending on what

is configured in the input policy engines" some or all of these routes will mae it into the router *GPtable.

• &n,ut ,oli%y en"ine : 'his engine handles route filtering and manipulation of attributes. %iltering is done

based on parameters such as the IP prefix" the &$ path" and attribute information.

'he input policy engine is used to manipulate the path attributes and influences the decision processmade by *GP. 'his affects what routes it will actually use to reach a certain destination. %or example" ifchoosing to filter a certain networ coming from a peer" it is an indication to *GP that it should not reachthat networ by way of that peer. & certain route can be given a better local preference than some other

path to the same destination. 'his is an indication that *GP should prefer this route instead of the otheravailable routes.

• /$e de%ision ,ro%ess : *GP goes through a decision process to decide the route or routes it wants to

use to reach a certain destination. 'he decision process is based on the routes that made it into therouter after the input policy engine was applied. 'his is performed on the routes in the *GP routing table.'he decision process loos at all the available routes for the same destination" compares the differentattributes associated with each route" and chooses one best route. 'he decision process is discussedlater in this module" in the section B'he *GP 8ecision ProcessB.

• 4outes used -y t$e router : 'he best routes" as identified by the decision process" are candidates to

be advertised to other peers. 'hese routes are also presented to the routing engine to be placed in theIP routing table. 6ot all routes presented to the routing engine will be placed in the routing table. 'his isbecause multiple protocols may present the same prefix for installation" and the router must chooseamong them based on administrative distance. In addition to routes passed on from other peers" therouter" if configured to do so" originates updates about the networs inside its own &$. 'his is how an &$in5ects its routes into the outside world.

• Out,ut ,oli%y en"ine : 'his is the same engine as the input policy engine" applied on the output side.

Routes used by the router" the best routes" in addition to routes that the router generates locally aregiven to this engine for processing. 'he engine might apply filters and might change some of theattributes" such as &$FPath or metric" before sending the update.

'he output policy engine also differentiates between internal and external peers. %or example" routeslearned from internal peers cannot be passed on to internal peers.

• 4outes dvertised to ,eers : 'he routes advertised to peers are routes that made it through the output

engine and are advertised to the *GP peers" internal or external.


19/47

9.).' &m,lementin" BGP routin" ,oli%y

Input and output policies generally are defined using route maps. Route maps are used with *GP to control andmodify routing information. Route maps are used to define how the routes are redistributed between routingdomains.

Recall from 7odule 4" Route #ptimi-ation" that the route-map command is entered using the following syntax9

Router(config)#route-map map-tag [ permit den!] [sequence-number ]

6otice that map-tag is a name that identifies the route map. 'he sequence-number indicates the position that aninstance of the route map is to have in relation to other instances of the same route map. Instances are orderedse/uentially" starting with the number ten by default.%or example" the route-map command might be used as follows" to define a route map named 77&P9

route-map "#"$% permit 10* +ir,t ,et of conition, goe, ere.

route-map "#"$% permit 20

* %econ ,et of conition, goe, ere.


20/47

9.6 BGP Attri-utes

9.6.1 ontrollin" BGP routin" wit$ ttri-utes

'raffic inside and outside an &$ always flows according to the road map laid out by routes. If the routes arealtered" the traffic behavior will be affected. 'he following are among the /uestions that organi-ations andservice providers as about controlling routes9

• ;ow can the private networs be prevented from being advertised

• ;ow can routing updates that come from a particular neighbor be filtered

• ;ow can it be specified to use this lin or this provider rather than another one

'hrough the use of attributes" *GP provides the answer to all these /uestions and more. & *GP speaer can receive updates from multiple autonomous systems that describe different paths to thesame destination. It must then choose the single best path for reaching that destination. #nce chosen" *GPpropagates the best path to its neighbors. 'he decision is based on the value of attributes" such as 6ext ;op or=ocal Preference" that the update contains and other configurable *GP factors. 'he following sections providean overview of these ey attributes that *GP uses in the decision maing process9

• 6ext ;op

• &$FPath

• &tomic &ggregate

• &ggregator

• =ocal Preference

•


21/47

• %or I*GP sessions" where routes originated inside the &$" the next hop is the IP address of the neighbor

that announced the route. %or routes in5ected into the &$ by way of E*GP" the next hop learned fromE*GP is carried unaltered into I*GP. 'he next hop is the IP address of the E*GP neighbor from whichthe route was learned.

•


22/47

logical that R'& would consider R', (@.@.@.!) as its next hop to reach ...@C!+. ;owever" this would nothappen. 'he correct behavior is for R'& to consider R'*" @.@[email protected]" as the next hop because R'* shares thesame medium with R',.


23/47

9.6.) /$e AS;Pt$ ttri-ute

&n &$FPath attribute is a wellnown mandatory attribute" type code !. It is the se/uence of &$ numbers that aroute has traversed to reach a destination. 'he &$ that originates the route adds its own &$ number when

sending the route to its external *GP peers. 'hereafter" each &$ that receives the route and passes it on to other *GP peers will prepend its own &$ number to the list. Prepending is the act of adding the &$ number to thebeginning of the list. 'he final list has all the &$ numbers that a route has traversed with the &$ number of the

&$ that originated the route at the end of the list. 'his type of &$FPath list is called an &$F$e/uence because allthe &$ numbers are ordered se/uentially.

*GP uses the &$FPath attribute as part of the routing updates" update pacet" to ensure a loop free topology onthe Internet. Each route that gets passed between *GP peers will carry a list of all &$ numbers that the routehas already been through. If the route is advertised to the &$ that originated it" that &$ will see itself as part ofthe &$FPath attribute list and will not accept the route. *GP speaers prepend their &$ numbers whenadvertising routing updates to other autonomous systems" external peers.


24/47

9.6.6 AS;Pt$ nd ,rivte AS num-ers

In an effort to conserve &$ numbers" customers whose routing policies are an extension of the policies of theirprovider generally are not assigned a legal &$ number. 'herefore" if a customer is singlehomed or multihomed

to the same provider" the provider generally re/uests that the customer use an &$ number taen from the privatepool" 0+"1! to 01"121. &s such" all *GP updates that the provider receives from its customer contain private &$numbers.

Private &$ numbers cannot be advertised to the Internet because they are not uni/ue. %or this reason" ,iscohas implemented a feature to strip private &$ numbers out of the &$FPath list before the routes get propagatedto the Internet.

In %igure " &$ is providing Internet connectivity to its customer &$ 01@@. *ecause the customer connects toonly this provider and has no plans to connect to an additional provider in the near future" the customer has beenallocated a private &$ number. $hould the customer need connectivity to another provider" a legal &$ numbermust be assigned.

Prefixes originating from &$01@@ have an &$FPath of 01@@. 6otice the prefix >!.0.!!@.@C!+ as it leaves &$01@@. %or &$ to propagate the prefix to the Internet" it would have to strip the private &$ number.


25/47

9.6.8 /$e Atomi% A""re"te ttri-ute

'he &tomic &ggregate attribute is a wellnown discretionary attribute" type code 0. 'he &tomic &ggregateattribute is set to either 'rue or %alse. If 'rue" this attribute alerts *GP routers that multiple destinations havebeen grouped into a single update. In other words" the *GP router that sent the update had a more specific routeto the destination but did not send it. *ecause this can lead to routing problems" the &tomic &ggregate attributewarns receiving routers that the information they are receiving is not necessarily the most complete routeinformation available.

*GP can be manually configured to summari-e routes by using the aggregate-address command.

?sing the aggregate-address command with no arguments will create an aggregate entry" a supernet route"

in the *GP routing table. 'his happens as long as the router nows at least one specific *GP route that belongsto that supernet. 'herefore" if the router nows 5ust one route" it can claim to now hundreds of others. 'hisfeature should be used with caution. 'he aggregate route will be advertised as coming from the &$ on the router

and has the &tomic &ggregate attribute set to 'rue. 'his shows that information might be missing. *y default" the &tomic &ggregate attribute is set to 'rue unless the as-set eyword is specified.

?sing the as-set eyword creates an aggregate entry. ;owever" the path advertised for this route will be an

&$F$et consisting of all elements contained in all paths that are being summari-ed. 8o not use this form ofaggregate-address when aggregating many paths. 'his route must be continually withdrawn and updated as

autonomous system path reachability information for the summari-ed route changes.

If the router is to propagate the supernet route only" and not to propagate any more specific routes" use thesummar!-onl! eyword.


26/47

RT(config-router)#aggregate-address 160.0.0.0 255.0.0.0 summar!-onl!

9.6.< /$e A""re"tor ttri-ute

&ggregator is a wellnown discretionary attribute" type code >.


27/47

'his is where =ocal Preference starts. R'* can give the routes coming from 6E' a =ocal Preference of 2@@"and R'& can give the routes coming from M6E' a lower value" such as !@@. *ecause both R'& and R'* areexchanging routing updates by way of I*GP" they both agree that the exit point of the &$ is going to be by way of 6E'. 'his happens because of the higher local preference.In %igure " &6E' learns route !4.!2.@.@C0 by way of M6E' and 6E'. R'& and R'* will agree on using6E' as the exit point for destination !4.!2.@.@C0 because of the higher =ocal Preference value of 2@@. 'he=ocal Preference manipulation discussed in this case affects the traffic going out of the &$ and not traffic cominginto the &$. Inbound traffic can still come by way of the ' lin.

9.6.1= Mni,ultin" Lo%l Preferen%e

In %igure " &$ !10 receives route updates for networ >@.@.@.@ from &$ @@ and &$ 2@@. 'he following aretwo ways to set the =ocal Preference attribute on the routers in &$ !109

• ?se the bgp de'ault local-pre'erence command

• ?se a route map to set local preference

?sing the bgp de'ault local-pre'erence command" set the =ocal Preference attribute on R', and R'8

as follows9

RT(config)#router bgp 256RT(config-router)#neighbor 1.1.1.1 remote-as 100RT(config-router)#neighbor 128.213.11.2 remote-as 256RT(config-router)# bgp de'ault local-pre'erence 150

RT(config)#router bgp 256RT(config-router)#neighbor 3.3.3.) remote-as 300RT(config-router)#neighbor 128.213.11.1 remote-as 256RT(config-router)# bgp de'ault local-pre'erence 200

'he configuration from R', causes it to set the =ocal Preference of all updates from &$ @@ to 1@. 'heconfiguration from R'8 causes it to set the =ocal Preference for all updates from &$ 2@@ to !@@. *ecause =ocalPreference is exchanged within the &$" both R', and R'8 determine that updates regarding networ>@.@.@.@ have a higher =ocal Preference when they come from &$ 2@@ than when they come from &$ @@. &sa result" all traffic in &$ !10 destined for networ >@.@.@.@ is sent R'8.

&s an alternate configuration" use a route map. Route maps provide more flexibility than the bgp de'ault

local-pre'erence configuration command.


28/47

6otice that the configuration shown in the %igure uses the ip as-path access-list command" which

matches the regular expression *300+. Essentially" this statement matches any routes that include &$ 2@@ in

their &$FPath attribute.


29/47

9.6.1! /$e Multi,le E7it Dis%rimintor ttri-ute

'he 7ultipleexitdiscriminator (7E8) attribute is an optional nontransitive attribute" type code +. 7E8 informsexternal neighbors about the preferred path into an &$ that has multiple entry points. & lower 7E8 is preferredover a higher 7E8.

?nlie =ocal Preference" the 7E8 attribute is exchanged between autonomous systems" but a 7E8 attribute

that comes into an &$ does not leave the &$.


30/47

9.6.1' MED %onfi"urtion e7m,le

In %igure " &$ @@ receives updates regarding networ 4@.@.@.@ from R'*" R'," and R'8. R', and R'8are in &$ 2@@" and R'* is in &$ +@@.

?se a route map to configure the 7E8 attribute on a router as follows9

RTB(config)#route-map setmedout permit 10RTB(config-route-3!)#set metric 50RTB(config)#router bgp )00RTB(config-router)#neighbor ).).).) route-map setmedout out

*y default" *GP compares only the 7E8 attributes of routes coming from neighbors in the same external &$"

such as &$ 2@@ in the example. 'his means that R'& will compare the 7E8 attribute coming from R', (!@)only to the 7E8 attribute coming from R'8 (!@@). Even though the update coming from R'* has the lowest7E8 value" R'& will choose R', as the best path for reaching networ 4@.@.@.@. 'o force R'& to includeupdates for networ 4@.@.@.@ from R'* in the comparison" use the bgp alwa!s-compare-med router

configuration command.R'& will choose R'* as the best next hop for reaching networ 4@.@.@.@" assuming that all other attributes arethe same. 'he 7E8 attribute can also be set when configuring the redistribution of routes into *GP. %orexample" on R'* the static route can be in5ected into *GP with a 7E8 of 1@. 'he preceding configurationcauses R'* to send out updates for 4@.@.@.@ with a 7E8 attribute of 1@.


31/47

9.6.1( /$e Ori"in ttri-ute

'he #rigin attribute is a wellnown mandatory attribute" type code " that indicates the origin of the routingupdate. *GP allows the following three types of origins9

• &GP : 'he prefix is internal to the originating &$.

• EGP : 'he prefix was learned by way of some EGP" such as *GP.

• &n%om,lete : 'he prefix was learned by some other means" probably redistribution.

*GP considers the #rigin attribute in its decision maing process to establish a preference raning amongmultiple routes. $pecifically" *GP prefers the path with the lowest origin type" where IGP is lower than EGP" andEGP is lower than Incomplete.

9.8 /$e BGP De%ision Pro%ess

9.8.1 /$e BGP de%ision ,ro%ess

9.8.!*GP bases its decision process on the attribute values.


32/47

9.< BGP 4oute 0ilterin" nd Poli%y 4outin"

9.


33/47

9.


34/47

'he distribute-list eyword" used as part of a *GP neighbor statement" prevents R'& from advertising

prefix 3!.04.@.@C!+ to R',. 'he access list is used to identify the prefixes to be filtered and the distribute-

list and out eywords apply the filter to outgoing updates.

6otice that accesslist concludes with a permit 0.0.0.0 255.255.255.255 statement that is the same as

a permit an! statement. Remember that" when using access lists for filtering" anything that does not match a

permit statement will be denied. !.0.@.@C0 summary" use an extended access list. It is usually thought ofextended access lists as matching both source and destination addresses. In the case of a *GP route filter" anextended access list matches the networ address first and then the subnet mas of the prefix. *oth networ andmas are paired with their own wildcard bitmas" using the following syntax9

router(config)#access-list number permit,den! network network-wildcard mask mask-wildcard

'o permit the aggregate address in the example" configure an extended access list to match the networaddress and also the 0bit mas of the prefix. ?sing this configuration" R'& would not send a subnet route"such as >!.0.@.@ C> or >!.0.@.@ C!+" in an update to &$.

RT(config)#router bgp 3RT(config-router)#neighbor 172.16.1.1 remote-as 3RT(config-router)#neighbor 172.16.20.1 remote-as 1RT(config-router)#neighbor 172.16.20.1 distribute-list 101 outRT(config-router)#/RT(config)#access-list 101 permit ip 172.16.0.0 0.0.255.255255.255.0.0 0.0.0.0

If using an extended access list to accomplish this type of filtering seems confusing" that is not unusual.Improved user friendliness was one of the factors that motivated ,isco to include the ip pre'i&-list

command in I#$ !.@. 'his command is described in the next section.


35/47

9.


36/47

9.


37/47

3!.04..@C!+ match the permit statement" but 3!.04..2!C!> does not because its mas length is greaterthan the ge value" !1. &ny routes with a mas e/ual to the ge value will also be denied.'he le and ge eywords can be used together in the same statement" as the following shows9

RT(config)#ip pre'i&-list $ permit 10.0.0.08 ge 16 le 2)

'his command permits all prefixes in the @.@.@.@C4 address space that have a mas length from 0 to !+ bits.

Each prefix list entry is assigned a se/uence number" either by default or manually by an administrator. *ynumbering the prefix list statements" new entries can be inserted at any point in the list. 'his is importantbecause routers test for prefix list matches from lowest se/uence number to highest.


38/47

9.9 4edundn%y> Symmetry> nd Lod Bln%in"

9.9.1 &ssues wit$ redundn%y> symmetry> nd lod -ln%in"

Redundancy" symmetry" and load balancing are crucial needs facing anyone in the process of implementing ahigh throughput connection to the Internet. I$Ps and their large customers re/uire ade/uate control over howtraffic enters and exits their respective autonomous systems.

Redundancy is achieved by providing multiple alternate paths for the traffic. 'his occurs by having multipleconnections to one or more autonomous systems. $ymmetry exists if traffic leaves the &$ from a certain exitpoint and returns through the same point. =oad balancing" as has been seen" results in the division of trafficoptimally over multiple lins. 'ogether" these three re/uirements can be difficult to meet in a *GP environmentbecause any provider between the source and destination of a pacet can affect its path.

'he general design problem of how best to implement redundancy" symmetry" and load balancing is common toevery networ. 'he specific solution" however" depends on the needs and uni/ue configuration of an individualnetwor. 'he following sections examine the general design issues of redundancy" symmetry" load balancing" aswell as configuration models for successful implementation.


39/47

9.9.! 4edundn%y> symmetry> nd lod -ln%in"

&lthough corporations and I$Ps prefer uninterrupted connectivity" disruptions still occur for a variety of reasons.,onnectivity is not the responsibility of one entity. & connection to the Internet may involve a router" a ,$?C8$?"premise wiring" the providers physical layer" switching e/uipment" and numerous administrators. Each of theseelements has influence over different parts of the connection. &t any time" endtoend connectivity can be

5eopardi-ed by human error" software errors" physical errors" or adverse unforeseen conditions" such as badweather or power outages.

%or these reasons" redundancy is generally desirable" but finding the optimal balance between redundancy andsymmetry is crucial. Redundancy and symmetry can be conflicting design goals. 'he more redundant lins anetwor has" the more unpredictable the entrance and exit points for a pacet become. & customer may havemultiple connections" for example" one to a point of presence (P#P) in $an %rancisco and another to a P#P in6ew or. 'herefore" traffic leaving $an %rancisco might come bac through 6ew or. &dding a thirdconnection to a P#P in 8allas maes connectivity even more reliable" but it also maes traffic symmetry morechallenging. 'hese are the tradeoffs that networ administrators must consider when implementing routingpolicies.

,ompanies might also feel geographic pressure to implement redundancy. 7any contemporary companies arenational" international" or multinational in nature" and their &$ is a logical entity that spans different physicallocations. & corporation with an &$ that spans several geographical points can tae service from a singleprovider" or from different providers in different regions. In %igure " the $an %rancisco office of &$ connects tothe $an %rancisco P#P of I$P" and the 6ew or office connects to the 6ew or P#P of I$P!. In thisenvironment" traffic can tae a shorter path to reach a destination by traveling by way of the geographicallyad5acent P#P.

*ecause redundancy refers to the existence of alternate routes to and from a networ" additional routinginformation needs to be ept in the routing tables. 'o avoid this extra routing overhead" default routing becomesan alternate practical tool that can be used to provide bacup routes in case primary connections fail. 'he nextsection discusses the different aspects of default routing and how it can be applied to achieve simple routingscenarios.

9.9.' Defult routin" in BGP networ2s

It has been seen that default routes minimi-e the si-e of a routing table. 'hey can also provide networs withredundancy in the event of failures and connectivity interruptions. *GP" lie almost all IGPs" can distribute adefault route. 'o provide redundancy" default information could be received from multiple *GP sources. In a *GPsystem" the =ocal Preference attribute can be manipulated on the various default routes. 'his is so that onedefault route is identified as a primary" the highest =ocal Preference" and others are ept as bacups. If theprimary fails" a bacup route with the next highest preference can tae its place.


40/47

In %igure " R'& is connected to R'* and is learning about two default routes" one by way of ... and asecond by way of !.!.!.!. *y using the =ocal Preference attribute" ... can be given preference and mae itthe primary default route. R'& will use !.!.!.! as a default only after ... fails.

In %igure " the same behavior can be achieved as long as I*GP is running inside the &$. 'he =ocal Preferenceattribute" which is exchanged between I*GP peers" will determine the primary and bacup lins.

It is important to control default information in *GP because improper configuration can cause serious Internetrouting problems. %or example" a misconfigured *GP speaer could end up flooding a default route to all of itsneighbors and /uicly find itself consumed with default routed traffic from surrounding autonomous systems. 'oprotect against misadvertisements" the ,isco I#$ provides a way to target default information at a specificneighbor by using the de'ault-originate option with the neighbor command9

RT(config)#router bgp 3RT(config-router)#neighbor 172.16.20.1 remote-as 1RT(config-router)#neighbor 172.16.20.1 de'ault-originate

If R', is configured as shown in this configuration" it will send default information only to the specified neighbor.If a *GP router is to be configured to advertise a default to all of its peers" use the network command shown as

follows9

+ote: *oth neighbors" >!.0.!@. and >!.>.." will receive a default route from R'," if it has one to send.

RT(config)#router bgp 3RT(config-router)#neighbor 172.16.20.1 remote-as 1RT(config-router)#neighbor 172.17.1.1 remote-as 2RT(config-router)#network 0.0.0.0

7any networ administrators choose to filter dynamically learned default routes to avoid situations in whichtraffic ends up where it is not supposed to be.


41/47

9.9.( Symmetry

$ymmetry is achieved when traffic leaving the &$ from one exit point comes bac through the same point.$ymmetry always exists if an &$ maintains a single connection to outside networs. ;owever" the need forredundancy often results in multihoming an &$. If an &$ has many different lins to the outside world" traffictends to flow asymmetrically. &n asymmetrical traffic flow can result in increased delay and other routingproblems. In general" customers and providers would lie to see their traffic come bac by way of the same pointor close to the same point that it left the &$.

'o promote symmetry" choose a primary path and configure routing policies that force traffic to flow along thispath. & default route with a low administrative distance or a high =ocal Preference might serve to control the flowof outbound traffic" but inbound traffic can be more complex to manipulate. 'hrough appropriate planning anduse of *GP attributes and route filters" an &$ can control which paths the outside world finds most desirable.

9.9.) Lod -ln%in"

=oad balancing is the capability to divide data traffic over multiple connections. & *GP speaer may learn twoidentical E*GP paths for a prefix from a neighboring &$. If this happens" it will choose the path with the lowestroute I8 as the best path. 'his best path is installed in the IP routing table. If *GP multipath support is enabledand the E*GP paths are learned from the same neighboring &$" the best path may not be chosen. Instead"multiple paths are installed in the IP routing table.

'o enable *GP load balancing over e/ual cost paths" use the ma&imum-paths command" which has the

following syntax9

Router(config-router)# ma&imum-paths number

*GP supports a maximum of six paths per destination" but only if they are sourced from the same &$. *ydefault" *GP will install only one path to the IP routing table.


42/47

%igure illustrates how inbound and outbound traffic behaves. 'he path for outbound traffic to reach 6et&depends on where 6et& is learned. *ecause 6et& is received from both $an %rancisco and 6ew or" outboundtraffic toward 6et& can go by way of $an %rancisco or 6ew or.#n the other hand" the path for inbound traffic to reach the local networs" 6et* and 6et," depends on howthese networs are advertised. If 6et, is advertised over the 6ew or lin only" then incoming traffic toward6et, will tae the 6ew or lin. $imilarly" if 6et* is advertised over the $an %rancisco lin only" traffic toward6et* will tae the $an %rancisco lin.

9.9.6 Multi$omed %onne%tions

&lthough running *GP when the &$ is multihomed to the same I$P is not necessary" it is generallyrecommended. In the scenario illustrated in %igure " the customer wants to configure only default routes towardthe provider. 'he customer does not want any part of the Internet routing table.


43/47

%rancisco. 'herefore" traffic toward the customer will tae the 6ew or route. %igure shows the commandsneeded to configure the customers boundary router.

6otice in this configuration that default routing is handled by two static routes pointing toward the I$P routers.'he default route by way of the 6ew or lin is set with a lower administrative distance and therefore will bepreferred. 'he $E'7E'RI, and $E'7E'RI,! route maps will influence the I$P to send incoming traffic byway of the primary path" 6ew or. 7eanwhile" the *=#,N route map prevents any *GP updates from &$ from entering &$ 2.


44/47

9.1= BGP 4edistri-ution

9.1=.1 BGP redistri-ution overview


45/47

'he semidynamic method of in5ecting information into *GP is to specify a subset of IGP networs. 'his is to beadvertised by individually listing them for in5ection into *GP by using the network command. 'his method is

more selective than a completely dynamic method. ,ontrolling which of the IGPlearned routes are advertised by*GP is possible. ?nfortunately" a network command is necessary for each route prefix" so when dealing with a

large number of prefixes" maintaining semidynamic configurations is impractical. In fact" the ,isco I#$ limits itto !@@ network statements. ?ltimately" a semidynamic configuration provides greater administrative control but

dramatically increases administrative overhead.

*GP assumes that prefixes specified by the network command exist in an IGP domain. 'his is verified by

checing for them in the routing table. If an IGP has not learned about a local route" *GP will not advertise it. #fcourse" the no s!nchroni:ation command can be used to disable this verification. ;owever" in doing so"

there is a ris that will allow a router to advertise networs that it cannot reach.

9.1=.! &n?e%tion of unwnted or fulty informtion

In5ecting routes into *GP by way of the networ command may not always be practical or even possible.In5ecting routes by way of redistribution can result in polluting other autonomous systems with unwelcome"incorrect" or otherwise undesirable information. Redistributing the entire IGP table into *GP could result inprivate addresses" or illegal addresses being advertised outside the &$. In some cases" routes withinappropriate prefix lengths could mae it upstream to the provider where they are not needed. %or example"host routes are generally greeted with disdain by annoyed systems administrators.

7utual redistribution between IGP and *GP can also result in the propagation of flawed routing information. Inthis case" a *GP route that was in5ected from the outside could be sent bac into *GP by way of the IGP. 'his

happens as if the route originated within the &$. %igure illustrates the danger of mutual redistribution betweenprotocols.

In %igure " &$@@ is the source of 6et& and is sending this information by way of *GP to &$!@@. 'he borderrouter R', in5ects that information into the IGP" and R'* learns about it. R'* is configured to redistribute theIGP information into *GP. 6et& will end up being advertised by way of *GP bac to the Internet as if it hadoriginated from &$!@@. 'his is very misleading to &$s connected to the Internet because 6et& now has twosources rather than one source" &$@@ and &$!@@.

'o remedy these situations" special filtering should be put on the border routers to specify what particularnetwors should be in5ected from the IGP into *GP. %or protocols that differentiate between internal and external


46/47

routes" such as #$P%" configure the IGP to ensure that it will redistribute only internal routes into *GP. In the,isco implementation" external #$P% routes are automatically bloced from being redistributed into *GP. 'hereis the option of overriding this behavior. ,ertain protocols may not distinguish between internal and externalroutes" such as RIP or IGRP. %or these types of protocols" special route tagging should be performed todifferentiate between external routes and internal routes.

9.1=.' &n?e%tin" informtion stti%lly into BGP

'oday" in5ecting information statically into *GP has proven to be the most effective means to ensure routestability. #f course" this method also has drawbacs. 'o statically in5ect information into *GP" the IGP routes" oraggregates" that need to be advertised to other peers are manually defined as static routes. 'his ensures thatthese routes will never disappear from the IP routing table and hence will always be advertised. &dministratorsare often uncomfortable advertising routes to networs that might be down or unreachable.


47/47

9.11 BGP onfi"urtion L- E7er%ises

9.11.1 onfi"urin" BGP

9.11.! onfi"urin" &BGP nd EBGP sessions9.11.' Usin" t$e AS;PA/ ttri-ute9.11.( Usin" t$e LOAL;P4E0 nd MED ttri-utes

9.1! BGP onfi"urtion $llen"e L- E7er%ise

9.1!.1 BGP %$llen"e l-

Summry

*GP defines the basis of routing architectures in the Internet. 'he segregation of networs into autonomoussystems has logically defined the administrative and political borders between organi-ations. Interior GatewayProtocols can now run independently of each other" but still interconnect by way of *GP to provide globalrouting.

In this module" the details of the practical implementation for *GP as part of the overall design problem inbuilding reliable Internet connectivity was covered. 'his module examined specific attributes of *GP and how the

attributes are applied individually and together address this design problem. 'he terminology" attributes" anddetails of this module are specific to *GP. ;owever" the general concepts and problems raised are pertinent torouting architecture design" regardless of what specific protocols are being utili-ed.

Modulo 9 del CCNP

Documents

Transcript of Modulo 9 del CCNP