** Path Attributes **
Mandatory well-known attributes (next-hop, as-path and origin)
Discretionary well-known attributes (local preference, atomic aggregate)
Optional attributes (transitive and non-transitive)
** Neighbour Discovery **
TCP Port 179
#show ip bgp summary
#debug ip tcp transactions
#debug ip bgp events
"idle" state for a BGP peer means that the peer is not reachable.
idle --> active --> OpenSent --> OpenConfirm --> Established
BGP Open Message contains:
- BGP version number
- AS number of local router
- Holdtime
- BGP router identifier
- Optional parameters
TCP keepalives are sent every 60 seconds
Triggered updates batched and rate limited:
Internal peer = every 5 seconds
External peer = every 30 seconds
Authentication can be performed with shared MD5 password.
** Process BGP Routes **
#debug ip bgp update
#debug ip routing
BGP Route Selection Criteria
- Exclude routes with inaccessible next hop
- Prefer highest weight (local to router)
- Prefer highest local preference (global within AS)
- Prefer routes that the router originated
- Prefer shortest AS path (only length is compared)
- Prefer lowest origin code (IGP < EGP < Incomplete)
- Prefer lowest MED
- Prefer external (EBGP) paths over internal (IBGP)
- For IBGP paths, prefer oldest (most stable) path
- Prefer paths from router with the lowest BGP router-ID
Automatic summarization is enabled by default
** Configure Basic BGP **
Private AS numbers = 64512 - 65535
router bgp 1
neigbour 1.1.1.2 remote-as 2
neighbor 1.1.1.2 description neighbor "External BGP Peer"
neigbour 1.1.1.2 password MyPassword
timers bgp <keepalive> <holdtime>
no auto-summary
network 192.168.1.0 mask 255.255.255.0 route-map MyRouteMap
...or
redistribute eigrp 100
distribute-list 101 out eigrp 100
Summarization is called Aggregation in BGP
#router bgp 1
#aggregate-address 192.168.0.0 255.255.0.0 [summary-only]
The "summary-only" keyword means that only the summary address will be advertised. If this is not included then all less specific subnets will be advertised.
** Monitor and Troubleshoot BGP **
#sh ip bgp summary
#sh ip bgp neigh <ip-address>
#sh ip bgp <ip-prefix> <mask subnet-mask>
#debug ip tcp transactions
#debug ip bgp events
#debug ip bgp keepalives
#debug ip bgp <ip-address> updates <acl>
** Transit Autonomous Systems **
IBGP and EBGP peers must be directly connected but IBGP peers do not.
BGP maximum paths is set to 1 by default. If multiple paths exist then the router with the highest router ID will be used.
#neighbor <ip-address> next-hop-self
(change next hop processing at edge routers - the alternative to this is to redistribute connected into the IGP used within the IBGP cloud)
Transit IBGP Configuration
#router bgp 1
#neighbor 1.1.1.2 remote-as 2
#neighbor 1.1.1.2. update-source loopback0
#no synchronization
** AS Path Filters **
[1234] = any number from 1 to 4
[1-4] = any number from 1 to 4
. = any character
^ = match beginning of string
$ = match end of string
_ = match any delimiter
( ) = delimiter for grouping
\ = remove special meaning of character
* = match 0 or more characters
? = matches zero or more characters
+ matches one or more characters
Some Examples:
_100_ = going through AS 100
^100$ = directly connected to AS 100
_100$ = originated in AS 100
^100_. = networks behind AS 100
^[0-9]+$ = AS paths one AS long
^([0-9]+0(_\1)*$ = prepending performed in neighbouring originating AS
^$ = networks originated in local AS
.* = match everything
** Prefix Lists **
#ip prefix-list <list-name> [seq <seq>] {permit | deny} network/len [ge <value>] [le <value>]
le = less than or equal to
ge = greater than or equal to
e.g.
ip prefix-list MyList permit 192.168.0.0/16
(this matches only 192.168.0.0/16)
ip prefix-list MyList permit 192.168.0.0/16 le 20
(this matches only 192.168.0.0/16 and 192.168.17.0/24)
#router bgp 1
#neighbor 1.1.1.1 prefix-list MyList in | out
(filter in/out bound for a configured neighbour)
#rotuer bgp 1
#distribute-list prefix-list MyList out eigrp
(filter routes redistributed from specified routing process into BGP)
#show ip prefix-list MyList [detail | summary]
#[no] ip prefix-list seq <seq> <condition>
(insert or erase the specified line from the list)
#show ip bgp prefix-list Mylist
** Outbound Route Filters **
Send an outbound filter to a neighbour which it will use to filter which routes it sends:
(sender)
#router bgp 1
#address-family ipv4 unicast
#neighbor 1.1.1.2 remote-as 2
#neighbor 1.1.1.2 ebgp multihop
#neighbor 1.1.1.2 capability orf prefix-list send
#neighbor 1.1.1.2 prefix-list FILTER in
!
ip prefix-list FILTER seq 10 permit 192.168.1.0/24
(receiver)
#router bgp 2
#address-family ipv4 unicast
#neighbor 1.1.1.2 remote-as 1
#neighbor 1.1.1.2 ebgp mutihop 255
#neighbor 1.1.1.2 capability orf prefix-list receive
#clear ip bgp 192.168.1.2 in prefix-filter
ORF type 128 is the only kind supported on Cisco IOS.
** Route Maps **
Route-maps can match on:
- Network number and subnet mask matched with an ip prefix-list
- route originator
- BGP next-hop
- BGP origin
- Tag attached to IGP route
- AS-Path
- BGP community attached to BGP route
- IGP route type (internal/external)
Route-maps can set:
- Origin
- BGP next-hop
- Weight
- BGP community
- Local preference
- MED
#ip policy-list MyList {permit | deny}
#match policy-list MyList
#show ip policy-list MyList.
Order of checking inbound is as follows:
1. route-map
2. prefix-list
3. filter-list
4. distribute-list
#show ip bgp route-map MyMap
(run the route-map against the current bgp table)
#clear ip bgp 1.1.1.1 soft in
#clear ip bgp 1.1.1.1 in
(route refresh - must be supported by router)
** Route Selection **
Weight::
#router bgp 1
#neighbor 1.1.1.1 weight <weight>
(default is 0 if not specified)
(locally generated routes have a weight of 32768)
set weight 200 to networks coming from 1.1.1.1 originated in AS 10
#router bgp 1
#neighbor 1.1.1.1 route-map MyMap in
!
#route-map MyMap permit 10
#match as-path 1
#set weight 200
!
#route-map MyMap permit 20
#set weight 100
!
#ip as-path access-list 1 permit _10$
Local Preference:
#router bgp 1
#bgp default local-preference <value>
(default is 100, higher is better)
Local Preference with route-map
#route-map MyMap permit 10
#match <condition>
#set local-preference <value>
#router bgp 1
#neighbor 1.1.1.1 route-map MyMap in | out
** As Path Prepending **
Use your own AS when prepending
#route map MyMap permit 10
#match <condition>
#set as-path prepend <as-number> <as-number> ...
#router bgp 1
#neighbor 1.1.1.1 route-map MyMap out
NB: Cannot be debugged.
Local AS number can be hidden / changed with the command:
#neighbor local-as
** Mutli Exit Discriminator **
MED is preferable when you have two connections to one ISP. As path prepending is preferable when you have two connections to two different ISPs.
Lower MED = more preferable
#router bgp 1
#neighbor 1.1.1.1 route-map MED out
!
#route-map MED
#set metric 100
To compare MEDs from different AS:
#bgp always-compare-med
To make a missing MED infinity instead of the default of 0:
#bgp bestpath med missing-med-worst
To change the BGP route selection procedure:
#bgp deterministic-med
To view the original MED received from a neighbour before route-map processing use:
#show ip bgp neighbors 1.1.1.1 received-routes
** BGP Communities **
Tagging routes to influence path selection
Community is a transitive optional attribute (values from 0 to 4,294,967,200)
- no-advertise (do not advertise to any peer)
- no export (do not advertise to real EBGP peers)
- local-as (do not advertise to any EBGP peers)
- internet (advertise to internet community)
#route-map MyMap
#match <condition>
#set community <value> [additive]
(additive keyword means that the value is just added rather than overwriting existing values)
#router bgp 1
#neighbor 1.1.1.1 route-map MyMap
#neighbor 1.1.1.1 send-community
On the receiving router:
#ip community-list 101 permit | deny regexp
#show ip bgp community
Show community in new format
#ip bgp new-format
By default EBGP neighbours must be directly connected, this can be modified with:
#neighbor 1.1.1.1 ebgp multihop [TTL]
** Service Provider Networks **
Route Reflectors are used when you do not have a full mesh of IBGP peers
#bgp cluster-id <cluster-id>
(defaults to router ID)
#neighbor 1.1.1.1 route-reflector-client
#show ip bgp neighbor
(on the reflector this shows a peer as a RR client)
#show ip bgp <network>
(on client or reflector show routes received / sent as RR)
** Confederations **
Splitting of one AS into multiple composite AS
#router bgp 1
#bgp confederation identifier <external-as-number>
#bgp confederation peers <list-of-intra-confederation-as>
#neighbor 1.1.1.1 maximum-prefix <maximum. [threshold] [warning-only] [restart <interval>]
(limit number of prefixes received from neighbour)
Default warning is at 75%.
** BGP Peer Groups **
Common information for a group of BGP Peers
Peer Group parameters
- Community propagation
- Source interface for TCP session
- EBGP multihop sessions
- MD5 Password
- Neighbour weight
- Filter-list and distribute-list
- Route-maps
#router bgp 1
#neighbor MyGroup peer-group
#neighbor MyGroup <BGP params>
#neighbor 1.1.1.1 peer-group MyGroup
(BGP parameters defined against the neighbour will override peer group settings
#show ip bgp peer-group <group-name> [summary]
#clear ip bgp <group-name> soft in | out
** BGP Route Dampening **
Minimizes amount of BGP updates by suppressing unstable (flapping) routes
#router bgp 1
#bgp dampening [<half-life> <reuse> <suppress> [route-map <map>]
Default values are:
- half life - 15 minutes
- suppress - 2000
- reuse - 750
- max-suppress-time - 60 minutes
- per-flap penalty - 1000
#clear ip bgp 1.1.1.1 flap-statistics
#clear ip bgp dampening
#show ip bgp dampened-paths
#debug ip bgp dampening
#show ip bgp flap-statistics
=================
Calculating number of sessions for BGP full mesh:
(n)(n-1)/2
e.g.
10 = (10)(9)/2 = 45
No comments:
Post a Comment