Please enable JavaScript.
Coggle requires JavaScript to display documents.
BGP
179 (Properties (Policy-based , it doesn't care the fastest but…
BGP
179
Properties
- Policy-based , it doesn't care the fastest but to influence the route(you choose your EXIT Path, not the routing decisions in other Autonomous Systems )
- allows AS to manipulate traffic flow based on BGP Attributes
- Path-verctor: it shows the path to the destination(all ASs), you can't tell neighboring AS how to handle their traffic , but can control you traffic
- uses Attributes instead of metrics
- 100% loop-free guarantee
Routes that learned through iBGP are never propagated to other iBGP Peers((BGP Split horizon))
- operates between ASs , not Routers!
- TCP Port 179, so it is connection-oriented and reliable protocol
External BGP uses TTL of 1
- changed by ebgp multi-hop number
TTL has to be configured for external BGP
- each AS advertise the best paths to reach itself
-
Routers uses Loopback ip addresses to establish BGP Session for a resilience purpose in case of Link failure
neighbor + ip address + update-source + loopback
-
-
-
-
BGP Peer Group
Group of BGP Neighbors of a router that configured with the same policy
- save processing time in making the BGP updates and makes the configuration easier
-
Public AS:
1 through 64,495
Private:
64,512 through 65,534
Packets
OPEN
forming relationship by sending and receiving it, after that neighbors reach the established state
-
Hold Time: 60 seconds by default, if received Hold time lower that minimum Hold time, the neighborship will not be formed :red_flag:
-
UPDATE
has information on one path only, multiple paths require multiple updates
Path Attributes: AS Path, origin and local prefrnece
-
-
KEEPALIVE
sent every 60 sec by default, 19 bytes, to ensure that the connection between the peers is alive, confirming the receiving of OPEN Messsage
NOTIFICATION
sent when error condition detected, neighborship drops after it
BGP STATES
:check:sh bgp all summary
to verify that bgp sessions are up and established and display overall status of BGP Connections
IDLE
Process has been shutdown or waiting for the next entry, router is searching for a route in the routing table to reach its neighbor :red_flag:
-
-
if the state goes between IDLE and ACTIVE, AS number may be misconfigured :warning:
CONNECT
router found route to its neighbor and completing TCP Connection (Three-way handshake completed)
ACTIVE
Router goes in active if it didn't get OPENCONFIRM ,TCP Session is ready and actively looking for a relationship : :red_flag:
ensure that the source ip address or network of the packet is advertised in the IGP Table of neighboring router
-
-
-
ESTABLISHED
All parameters match and BGP Peering formed and ready for exchange routing information, just now Updates, Keepalive , Notification exchanges
ATTRIBUTES
BGP BEST PATH SELECTION :star:
tow requirements to enter the selection Process:
1- Route with No AS Loop
2- Route with a valid next-hop ip address
1> Highest Weight
- the default is 0 for the route that wasn't originated from the router, routes originated from the router have a weight of 32768 by default, locally configures or self-contained(not advertised to other Routers)
- can be configured from 0 to 65535
Changing the weight of all updates coming from a neighbor:
=>> neighbor + ip address + weight [0-65535]
Changing the Weight using Route Map
- create route-map with match + PL or ACL command
- set weight
- apply the Route-map with the neighbor command
-
-
-
5> Origin Code(IGP > EGP > Incomplete or ?)
i for igp and ? for redistributed or e for egp(precedence of BGP)
-
7> eBGP over IBGP
- if path length is equal then the oldest path will be chosen
- the oldest path from eBGP to avoid the flapping routes
8> No eBGP then the iBGP with the closest IGP neighbor
- if path length is equal then the oldest path will be chosen
-
-
-
Well-known Attributes
Attribute that all BGP Implementations MUST recognize and propagate to all neighbors
A well-known mandatory Attribute
must be in each BGP Update, otherwise an error notification will be sent
-
AS_PATH is updated form router that advertises AS-Paths to eBGP Router and not updated between iBGP Routers and has two functions=> :check:
Choose the best path based on the number of ASs in the route, begins with the neighboring AS and ends with route originating AS Number
- reconfigured with Route-Map and set as-path prepend
prevent routing loops:
When router receive AS_PATH carry its own AS number, it ignores this path, that makes it 100 % loopfree
-
A well-known discretionary Attribute
I doesn't have to be in each BGP Update, but has to be recognized in all BGP Implementations
Local-preference
an attribute that advertised inside the AS only, to inform the router about the best route for exiting from the AS, it is configure on local routers and exchanged only between internal routers and is 100 by default, and higher is preferred.
- reconfigured by bgp default local-preference + value
Atomic aggregate
informs the neighboring AS that the originating Router has aggregated or summarized the routes.
-
-
TABLES & Verifying
IP Routing Table:
contains the best routes(BGP routes or any other routes) based on AD (routes learned form eBGP[20], Routes learned from iBGP[200]) :!:
BGP Table: :check:SH IP BGP
- contains all BGP Neighboring Routers and separate from IP Routing table
- Neighbors exchange best BGP Routes
- sh ip bgp displays the entire BGP table
-
d (dampening)=penalized, because it goes up and down often, it will not be advertised until the penalty is expired.
-
-
r (RIB-Failure)= route wasn't installed in RIB(Routing table)
---sh ip bgp rib-failure--- shows the reason
-
> :star: the best route, offered to be in routing table
-
Next hop = next hop for that route, it points to the router that advertised the route , if it is 0.0.0.0, it means the route originated from the router.
- ip address to reach next AS
- neighbor* ip address *next-hop-self forces BGP to use the source ip address as next-hop-address for the networks it advertises
BGP Neighborship requirements
1- reachability between neighbors(ip address in neighbor command has to be reachable), if they are not directly connected, the route to each of them has to be in routing table(static or dynamic route)
2- different AS Number for eBGP and the same AS Number for iBGP.
3- define Neighbors(TCP Session has to be established)
:check: sh ip bgp neighbors
to get detailed information about the TCP Session and the BGP Parameters of that session
Routing Black holes & Routing Loops: :red_cross:
in case of inconsistent Routing tables between iBGP Peers, because of the Non-full-meshed Topology in Transit AS.
BGP Session resetting
-
Hard reset
will clear the BGP session and reset it.
with clear ip bgp* for all neighbors or clear ip bgp + neighbor address for just one neighbor
Advertising Networks into BGP
- to advertise networks over the establishing BGP Session
with network + mask command
- network command tell BGP what to advertise , Neighbor command tells BGP where to advertise
- it has to include all the networks in the AS need to be advertised
- if the mask advertised, an exact match must be exist in the routing table , if the exact match not found , you can configure it to Null0 in routing table
When and When Not?
WHNEN:
1- AS allows traffic between ASs through it
2- AS has multiple connections to multiple ASs
3- Routes entering and leaving AS have to be manipulated
WHEN NOT:
1 - One single connection between AS and the Internet or other AS, static or default route will be an alternative
2- Routing Policy in AS consistent with the policy in Service provider AS
3- Not full understanding of BGP Filtering and Path Selection
4- Memory and processor of Edge Router aren't sufficient
-
MP-BGP for IPv6
- an extension for MP-BGP to support IPv6
- Link Local Address is used for BGP Peering and as Next-hop, can be reconfigured for global ipv6 using route-map.
- it operates with multiple protocols carrier and passengers, bgp session established with the passenger:
-ipv4 as carrier and passenger
-ipv4 as the carrier with ipv6 as the passenger
-ipv6 as the carrier and passenger
- ipv6 routes over ipv6 sessions using address family for just ipv6, BGP Router id hat to be configured, as there is no ipv4 address nor loopback address
ipv6 neighbor need to be activated with neighbor ipv6 activate
- IPv6 routes over ipv4 sessions using address-family for both ipv4 and ipv6
- ipv6 neighbor need to be activated with neighbor ipv6 activate
=>>sh bgp ipv4 unicast = sh ip bgp
=>>sh bgp ipv4 unicast summay = sh ip bgp summary
=>> sh bgp ipv6 unicast summary displays the routing table of ipv6