Border Gateway Protocol (BGP4)

Download Report

Transcript Border Gateway Protocol (BGP4)

Unicast Routing Protocols

1

Outline

    Routing basic RIP OSPF BGP 2

Routing Basic

     IP Routing Autonomous System (AS) IGP/EGP Distance-vector(DV)/Link-state(LS) How routing protocol works?

3

IP Routing

     Route entry  Destination/netmask  Nexthop Longest-match Default-route Equal Cost Multipath Protocol(ECMP) Static routing/Dynamic routing 4

Autonomous System (AS)

AS 100

    Collection of networks with same policy Usually under single administrative control IGP to provide internal connectivity Identified by a short number  Public & Private AS numbers  

public: 1 - 64511 private: 64512 – 65535

5

What Is an IGP?

    Interior Gateway Protocol Within an Autonomous System Carries information about internal prefixes Examples —  RIP, OSPF, ISIS … 6

What Is an EGP?

    Exterior Gateway Protocol Used to convey routing information between ASes Independent from the IGP Current EGP is BGP4 7

Why Do We Need an EGP?

   Scaling to large network  Hierarchy  Limit scope of failure Define administrative boundary Policy  Control reachability to prefixes 8

Hierarchy of Routing Protocols

Other ISP’s BGP4 BGP4 / IGP BGP4 Customers BGP4/Static Customers

9

Distance-vector (Bellman-Ford)

  Routers only know their local state  link metric and neighbor estimates Examples –  RIP, BGP (path-vector) 10

Link-state

  Routers have knowledge of the global state  topology database  global optimization (Shortest Path First - Dijkstra) Examples –  OSPF, ISIS 11

How Routing Protocol works?

    Neighbor Discovery Route Exchange between neighbors  learning/flooding/invalidation/refresh Best route choice and routing table management Responsibility     Fast convergence and loop-free Scalability Robustness Some control of routing choices 12

Routing Information Protocol (RIP)

    RIP basic General operation RIP v2 VS RIP v1 Conclusion 13

RIPv2 basic

   Distance-vector protocol Metric – hops   Metric is increased when routes are updated to neighbors Network span limited to 15 (16 means unreachable) Encapsulated as UDP packets, port 520 14

RIPV2 General operation

      On startup, send request on all interfaces.

When a request is received, a response is sent.

- Response contains entire routing table.

A response is also gratuitously sent every 30s.

– Response contains entire routing table.

A response is also sent when update detected.

- Response only contains changed routes.

Route metric is set to 16 when network becomes inaccessible or not refreshed during 6 update periods(180s) Invalid routes are flushed after another 4 update periods(120s) 15

Count of infinity

 What happens when a link dies?

A A: 0 B: 1, B C: 2, B A: 0 B: 1, B C: 2, B A: 0 B: 1, B C: 4, B A: 0 B: 1, B C: 15, B B A: 1, A B: 0 C: 1, C A: 1, A B: 0 C: 3, A A: 1, A B: 0 C: 3, A A: 1, A B: 0 C: 16, A C A: 2, B B: 1, B C: 0 A: 2, B B: 1, B C: 0 A: 2, B B: 1, B C: 0 A: 2, B B: 1, B C: 0

16

Split horizon

To speed up

convergence 

Simple -

do not claim reachability for a destination network to the neighbor from which the route was learned.

Poison reverse -

includes such routes in updates, but sets their metrics to infinity 17

Split horizon - simple

A A: 0 B: 1, B C: 2, B A: 0 B: 1, B C: 16, B B A: 1, A B: 0 C: 1, C A: 1, A B: 0 C: 16 C A: 2, B B: 1, B C: 0 A: 2, B B: 1, B C: 0

18

Split horizon – poison reverse

A A: 0 B: 1, B C: 2, B A: 0 B: 1, B C: 16, B C: 16 B A: 1, A B: 0 C: 1, C A: 1, A B: 0 C: 16 C A: 2, B B: 1, B C: 0 A: 2, B B: 1, B C: 0

19

RIPv2 vs RIPv1

   224.0.0.9 - broadcast Variable Length Subnet Mask(VLSM) - Classless Inter-Domain Routing (CIDR, no prefix/subnet information, derived from address class) Authentication - none 20

Conclusion

   Simplicity Slow convergence Not suited for large and complex networks 21

Open Shortest Path First (OSPF)

      OSPF Basic OSPF Neighbors OSPF Area SPF and LSA database OSPF Messages Conclusion 22

OSPF Basic

  Encapsulated as RAW IP packets, protocol ID 89 Uses metrics — path cost(1 – 65,535) 23

OSPF Basic - general operation

     Use Hello Protocol to establish neighbors All routers exchange Link State Advertisement (LSA) to build and maintain a consistent database Each router runs SPF on LSA database independently and gets optimal routes Periodic flooding of LSAs every 30 minutes LSA age   0 when created Incremented as time elapsed.

  Max age 3600 indicates invalid Remove a LSA by incrementing age to 3600, reflooding and flushing.

24

OSPF Network type

   Broadcast Point-to-Point/Point-to-Multipoint NBMA(Non-Broadcast Multiple Access) 25

Neighbor discovery

 Hello packets  Periodically Multicasting 224.0.0.5, including  RouterId, AreaId, Netmask, hello interval, Priority, DR, BDR, Neighbor list   Neighbor state machine Works differently on different network 26

DR/BDR/Others

     For broadcast and NBMA networks Optimize the flooding procedure Designated Router(DR)    Adjacent to all routers Describe all routers on the network Send updates to all routers on the network Backup Designated Router(BDR)   Adjacent to all routers Act as new DR when previous DR fails Others  Only adjacent to DR/BDR, only send updates to DR/BDR 27

OSPF Area

    Why divide the network into different areas?

   Limit the scope of updates and computational overhead independent SPF computing in each area inject aggregated information on routes into other areas

32 bit number

Backbone area – area 0 or 0.0.0.0

   All areas must connect to backbone area. Backbone area must be continuous Virtual link when the above fails Area Border Routers(ABR) 28

Virtual Link

Area 1 ABR Area 3 Virtual link ABR Area 0 ABR Area 2

29

A 1 C

Shortest Path First

3 10 B 4 D 7 30

Candidat e Root cost SPF tree Description A, B, 3 A, C, 1 A, D, 10 A, B, 3

A, D, 10

C, D, 7

C, D, 7

B, D, 4 3 1 10 3 10 8 8 7 A, A, 0 A, A, 0 A, A, 0 A, C, 1 A, A, 0 A, C, 1 A, B, 3 A, A, 0 A, C, 1 A, B, 3 B, D, 4 Root tree Add adjacent links to A into Candidate and calculate cost to A.

Choose the lowest cost link (A, C, 1), add it into SPF tree and remote it from Candidate. Add adjacent links to C into Candidate and calculate cost to A. Because the new lowest cost to D is 8, is remoted.

Choose the lowest cost link(A, B, 3), Add it into SPF tree and remote it from Candidate.

Add adjacent links to B into Candidate and calculate cost to A. because the new lowest cost to D is 7, is removed.

Choose the lowest cost link(B, D, 4), Add it into SPF tree and remote it from Candidate. Because the Candidate is empty, the process is over.

31

OSPF SPF process

   SPF calculation is performed independently for each area Router LSA   Each router creates a router LSA for each area Describe links to an area     DR/BDR(broadcast) Neighboring router(point-to-point) Prefix/mask(stub network) metric Network LSA   Only DR creates a network LSA for a network Describe all routers on the network 32

Inter-area routes

 Network Summary LSA  Created by ABR   Advertise optimal routes in one area into another area  Prefix/mask  Metric Flood only in one area 33

Inter-AS routes

   Autonomous System Border Router(ASBR) Autonomous System External LSA   Created by ASBR Describe routes redistributed from other AS   Prefix/mask Metric  Flood across area in an AS(except stub area) ASBR summary LSA   Created by ABR Describe ASBR routers in one area   ASBR router id metric 34

Stub area

  AS External LSA are forbidden in stub area Why stub area?

 When many networks are connected only via one router   All external networks aggregated into default route Reduce routing table sizes 35

OSPF Messages

     Hello  Used to establish neighbor relationship Database description  Used to describe brief information of LSA Link-state request  Used to request LSAs Link-state update  Used to update LSAs Link-state acknowledgment  Used to assure LSA flooding reliable by including brief description of received LSA 36

Conclusion

  

2-level hierarchical model Faster convergence Relatively low, steady state bandwidth requirements

37

Border Gateway Protocol (BGP)

        BGP Basic BGP Peers BGP Updates – NLRI and Path Attributes Synchronization with IGP Route Reflector and AS Confederation Routing policy BGP Messages Conclusion 38

BGP Basic

     Based on TCP connection, port 179 BGP peer is configured manually BGP Peers exchange Update messages containing Network Layer Reachability Information (NLRI) Path attributes are with NLRI to avoid loop and facilitate policy control No routes refresh 39

BGP Peers - eBGP

eBGP A AS 100 220.220.8.0/24 B C AS 101 220.220.16.0/24 D eBGP eBGP Peers in different AS’s are called External Peers E AS 102 220.220.32.0/24 eBGP TCP/IP Peer Connection Note: eBGP Peers normally should be directly connected.

40

BGP Peers - iBGP

AS 100 220.220.8.0/24 A iBGP B C iBGP AS 101 220.220.16.0/24 D Peers in the same AS are called Internal Peers E AS 102 220.220.32.0/24 iBGP TCP/IP Peer Connection Note: iBGP Peers don’t have to be directly connected. Loopback this case, recursive route look-up is needed.

Full mesh

AS 100 B A C D

 Each iBGP speaker must peer with every other iBGP speaker in the AS (full mesh)  IBgp speaker never floods routes received from another iBGP peer to any other iBGP peer.

42

BGP Updates — NLRI

   Network Layer Reachability Information Used to advertise feasible routes Composed of:   Network Prefix Mask Length 43

BGP Updates — Path Attributes

  Used to convey information associated with NLRI         Origin mandatory AS path mandatory Next hop mandatory Local preference Multi-Exit Discriminator (MED) Community Origin Aggregator Rich policy control 44

Origin

   Conveys the origin of the prefix Three values:    IGP - Generated using “ network ”  ex: network 35.0.0.0 EGP - Redistributed from EGP Incomplete - Redistribute IGP  ex: redistribute ospf IGP < EGP < INCOMPLETE statement 45

AS-Path Attribute

   Sequence of ASes a route has traversed Loop detection Apply policy

AS 300 AS 500 AS 200 170.10.0.0/16 AS 400 150.10.0.0/16 Network Path 180.10.0.0/16 170.10.0.0/16 150.10.0.0/16 300 200 100 300 200 300 400 AS 100 180.10.0.0/16 Network Path 180.10.0.0/16 300 200 100 170.10.0.0/16 300 200

46

AS-Path

Loop detection

AS 200 170.10.0.0/16

  Sequence of ASes a route has traversed Loop detection

AS 300 AS 500 AS 400 150.10.0.0/16 180.10.0.0/16 170.10.0.0/16 150.10.0.0/16 300 200 100 300 200 300 400 AS 100 180.10.0.0/16

180.10.0.0/16 dropped 47

Next Hop Attribute

AS 200 150.10.0.0/16 C .1

192.10.1.0/30 .2

D 192.20.2.0/30 A .1

B .2

AS 300 140.10.0.0/16 E Network Next-Hop Path 150.10.0.0/16 192.10.1.1 200 160.10.0.0/16 192.10.1.1

200 100 Network Next-Hop Path 150.10.0.0/16 192.10.1.1 200 160.10.0.0/16 192.10.1.1

200 100 Network Next-Hop Path 160.10.0.0/16 192.20.2.1 100 AS 100 160.10.0.0/16 BGP Update Messages

  

Next hop to reach a network Usually a local network is the next hop in eBGP session Next Hop updated between eBGP Peers

Local Preference

AS 100 160.10.0.0/16 AS 200 D Multi-homed AS

Only for iBGPLocal to an AS Path with highest

local preference wins 500 A AS 400 B C 160.10.0.0/16 500 > 160.10.0.0/16 800 800 E AS 300

49

Multi-Exit Discriminator (MED)

AS 200 192.68.1.0/24 2000 C

preferred

192.68.1.0/24 1000 A B

Used to convey the relative

preference of entry points

Comparable if paths are from

the same AS

Path with lower MED winsIGP metric can be conveyed as

MED 192.68.1.0/24 AS 201

50

Communities

Service Provider AS 200 Community 201:110 201:120 Local Preference 110 120 C D

Community:201:110 Community:201:120

A B

Used to group destinationsEach destination could be

member of multiple communities

Flexibility to scope a set of

prefixes within or across AS for applying policy 192.68.1.0/24 Customer AS 201

51

BGP Updates — Withdrawn Routes

  Used to “ withdraw ” network reachability Each Withdrawn Route is composed of:  Network Prefix  Mask Length 52

Synchronization with IGP

1880

C

A

D OSPF

690

35/8

209 B

  

C not running BGP (non-pervasive BGP) A won’t advertise 35/8 to D until the IGP is in sync Turn synchronization off!

Run pervasive BGP

53

Alternative to Full Mesh – Router-reflection

AS 100 RR Client Client Non-client

  

Route Reflector (RR) Client peers Non-client peers Non-client

  

Non-client peers are full-mesh connected RR reflects routes from non-client peers to all client peers RR reflects routes from client peers to all non-client peers and other client peers

54

Alternative to Full Mesh – Confederation

Member AS 65531 Member-AS 65532 AS Confederation 100

Divided into member AS, marked by private AS numberFull-mesh in member ASPeers between member AS are most similar with eBGP, except that

inserted AS path is confederation AS path

When routes get out of AS confederation, remove confederation AS

path

55

Routing Policy

  Why?

 To steer traffic through preferred paths   Inbound/Outbound prefix filtering To enforce Customer-ISP agreements How ?

   AS based route filtering - filter list Prefix based route filtering - distribute list BGP attribute modification - route maps 56

BGP Messages

    OPEN  To negotiate and establish peering UPDATE  To exchange routing information(NLRI, Path attributes, Withdrawn routes) KEEPALIVE  To maintain peering session NOTIFICATION  To report errors (results in session reset) 57

Conclusion

   The single extant protocol for interdomain routing Fundamentally simple algorithms but can provide complex and flexible policy control More future applications, such as BGP/MPLS VPN networks 58