Category: BGP

BGP: Convergence Enhancements

Fast External Neighbor Loss Detection – where when a directly conected BGP neighbors link goes down, IOS will immediately bring down that neighbor and flush all learned BGP routes from that neighbor.  Causing it to find better routes elsewhere.  This works for directly connected eBGP neighbors only.

Internal Neighbor Loss Detection – iBGP neighbors had no fast way to reconverge until IOS 12.0 when the neighbor fall-over command was introduced which allows iBGP neighbors to converge fast upon detecting the loss of a route to that neighbor.  With that command configured upon losing a route, the router will immediately tear down the BGP session with the peer resulting in fast convergence.  Proper failover with this setup though relies on the IGPs ability to supply a backup route.

EBGP Fast Session Deactivation – is the same as neighbor fall-over except its configured globally and applies to eBGP neighbors.

Advertisements

BGP: Community Lists

Originally communities were Cisco proprietary treating the 32 bit COMMUNITY as a decimal value.  When it was added as a PA, and the standard RFC it was formatted as AA:NN where AA is the 16 bit number to represent an ASN and NN is a value as set by that ASN, however still a 32 bit number

By default routers will display the community in its decimal format, yo uhave to globally enable the new format for it to display instead.  Use the ip bgp-community new-format command for this.

You can set multiple communities on NLRIs where the policy applies and you can add to existing communities using the additive option command.

Extended communities (100-199) allow for matching via regex.

bgpcommunity.PNG

Community lists can be edited and certain values removed with the use of route maps as well.

BGP: Communities

BGP Community PA provides a mechanism to group NLRIs and apply routing policies to those routes with the same community.

BGP Communities are powerful in that they allow routers in one AS to communicate policy information to routers that are one or more AS distant.  Since community PAs are optional transitive PAs it can pass through AS that do not even understand the community PA and then still be useful at another downstream AS.

 

BGP: Decision Process

The BGP decision process uses PAs to determine the best path to be injected into the IPv4 routing table when there are multiple routes to the same destination in the BGP table.

The following are used by BGP to determine the best path, with three additional tiebreakers listed later:

  1. is the NEXT_HOP reachable? if the router does not have a route to the NEXT_HOP PA for a route it will be rejected in the decision process
  2. Highest administrative weight: Weight is a cisco proprietary PA, the weight can be assigned to each NLRI locally on a router, the value is not communicated to other routers, the higher the value the better the route.
  3. Highest LOCAL_PREF PA: This well known discretionary PA can be set on a router inside an AS, and distributed within the AS only.  As a result this feature can be used by all BGP routers in one AS to choose the same exit point from their AS for a particular NLRI.  The higher the value the better.
  4. Locally injected routes: Picks locally injected routes such as redistribution, summarization, or routes injected via the network command.
  5. Shortest AS_PATH length: the shorter the AS path to get to a destination the better the route.  the length calculation ignores the AS_CONFED_SET and AS_CONFED_SEQ PAs and treats an AS_SET as one ASN regardless of the number of ASNS in the AS_SET.  It counts each ASN in the AS_SEQUENCE as one.
  6. ORIGIN PA: IGP routes are prefferred over EGP routes, which are preferred over incomplete routes
  7. Smalles Multi-Exit Discriminator (MED) PA: This PA allows an ISP with multiple peer connections to a neighboring AS to tell a neighboring AS which of the peer connections is best for reaching a particular NLRI
  8. Neighbor Type: Prefer external BGP (eBGP) routes over internal BGP (iBGP) confederation eBGP is equal to iBGP
  9. IGP metric for reaching the NEXT_HOP: IGP metrics for each NLRI’s NEXT_HOP are compared.  The lower the value, the better the route.

The three tiebreakers are as follows:

10. Keep the oldest eBGP route, If the routes being compared are eBGP and one of the paths is currently the best path retain the existing best path.

11. Choose the smallest neighbor router ID (RID).  Use the route whose next hop RID is the smallest, this is only performed if the bgp bestpath compare-routerid command is configured

12. Smallest neighbor ID, the local router requires at least two neighbor relationships to the same router to get to this step.

BGP: Path Attributes

BGP PA define different characteristics about NLRIs associated with a PA. Each PA can be described as well known or optional.

Well known PAs are either one of the following:

  • Mandatory: the PA MUST be in every update
  • Discretionary: the PA is not require in every update

For example, the ATOMIC_AGGREGATE PA is a well-known discretionary PA, which means all routers must be able to understand this PA, but its not necessary in every update.

BGP classifies optional PAs into one of two categories:

  • Transitive: The router should silently forward the PA to other routers without  needing to consider the meaning of the PA
  • Nontransitive: The router should remove the PA so  that it is not propagated to any peers.

BGP: AS_PATH Segment Types

There are four types of AS_PATH segments held inside the AS_PATH PA:

aspathpa.PNG

The most recently added ASN to the AS Sequence is considered the process of AS Prepending.

AS_SEQUENCE is the most common type of AS_PATH PA, it contains the list of ASNs starting with the most recent ASN being added read from left to right.

The other three AS_PATH types are used for Confederations

AS_SET- this type of AS_PATH attribute summarizes routes using  the aggregate-address command, allowing AS_PATHs to be summarized in the update as well.

AS_CONFED_SEQ gives the list of ASNs in the path starting with the most recent ASN to be added reading left to right

AS_CONFED_SET will allow summarization of multiple AS PATHs to be sent in BGP Updates.

BGP: Filtering BGP Updates Matching the AS_PATH PA

to filter routes matching the AS_PATH PA IOS uses AS_PATH filters.  The logic is applied with a neighbor command:  The two main steps are

  1. Configure AS_PATH filter using: ip as-path access-list number {permit|deny} regex command
  2. Enable the AS_PATH filter using the neighbor neighbor-id filter-list as-path-filter-number {in|out} command

IOS will examine the AS_PATH PA in the sent or received updates for the stated neighbor.    NLRIs whos AS_PATH match with a deny action are filtered.

AS_PATH filters use regular expressions to apply powerful matching logic to the AS_PATH

 

BGP: Filtering Subnets of a Summary using aggregate-address

Manual BGP router summarization using the aggregate-address command provides flexibility to allow none,all,or a subset of the summary’s component subnets to be advertised out of the BGP table.

  • filtering all component subnets of the summary from being advertised, using the summary-only keyword
  • advertising all the component subnets of the summary by omitting the summary-only keyword
  • advertising some and filtering other component subnets of the summary by omitting summary-only and referring to a route map using the suppress-map keyword.

 

BGP: Route Filtering and Summarization

Four tools can be used to filter BGP routes:

  • Distribution Lists
  • Prefix Lists
  • AS_PATH filter lists
  • Route Maps

The aggregate-address command can be used to filter component subnet of a summary route.

  • All can filter in or out updates per neighbor or per peer group
  • peer group configurations require cisco IOS software to process the routing policy against the update only once, rather than once per neighbor
  • the filters cannot be applied to a single neighbor that is part of a peer group, the filter can only be applied to the entier group or the neighbor must be configured outside the peer group
  • each tools matching logic examines the contents of the BGP update message which includes the BGP PAs and NLRI
  • if a filters config has changed a clear command is required for the changed filter to take effect
  • the clear command can use the soft reconfiguration option to implement changes without requiring the BGP peers to be brought down and back up.

BGP: Multiprotocol BGP

An extension that was added to BGP-4 protocol allows the advertisement of customer VPN routes between PE devices that were injected into CE devices.  Service provider clouds run MP-BGP, routers communicating with MP-BGP are considered internal since these routers traditionally will belong to the same AS.

MP-BGP is required withing the MPLS/VPN architecture for its ability to carry IPv4 Address, MPLS Labels, and extended or standard BGP communities.  The basis of MP-BGP is to allows BGP more capabilities to carry additional information in updates.

the OPEN message is used to communicate other parameters to other BGP routers, the OPEN message is what defines/enables multiprotocol extensions.  Through MP-BGP information other than standard IPv4 addresses can be exchanged with BGP.  MP-BGP introduced some additional optional attributes to provide enhanced functionality i nthe management and injection of any non-IPv4 traffic

  • Multiprotocol Reachable NLRI (MP_REACH_NLRI) announces new multiprotocol routes
  • Multiprotocol Unreachable NLRI (MP_UNREACH_NLRI) serves to revoke the routes previously announced by MP_REACH_NLRI

MP_REACH_NLRI communicates a set of reachable prefixes together with their next hop information.

MP_UNREACH_NLRI carries the set of unreachable destinations

For MP-BGP speakers to exchange multi-protocol data they must agree on these capabilities during their capabilities exchange.

When a Pe router sends a MP-iBGP update to other PE routers the MP_REACH_NLRI attribute contains one or more of the following triples:

  • AFI – The address family information identifies the network layer protocol that is being carried within the update
  • Next Hop Information – the next hop information is the next hop address of hte next router in the path to the destination
  • NLRI – The NLRI manages the addition or withdrawal of multiprotocol routes and the next hop address, and the NLRI prefixes must be in the same address family.