Lab 10-3: Multi-AS BGP Topology
This BGP lab demonstrates several aspects of IBGP and EBGP in combination with a route reflector, peer groups, and a route server. It essentially consists of two different EBGP topologies and simulates stub, transit, and multi-exit autonomous systems using OSPF as underlying IGP as well as an exchange segment. The IGP fulfills the connectivity requirements of IBGP. The examples of this lab include the following:
- EBGP mesh without a route server
- EBGP at an exchange point featuring a Zebra route server
- EBGP at an exchange point featuring Merrit's RSng (RSd, IRRd)
- Looking-glass access to route servers
The lab also demonstrates redistribution of OSPF into BGP (redistribute ospf) in contrast to network statements for prefix announcements to EBGP neighbors. This is not always advisable, but it really depends on your individual situation.
Zebra does not support EBGP multipath (maximum-paths), but Cisco IOS architecture does. Keep in mind, however, that bgp-multipath only takes care of storing more than one path to a given prefix in the BGP table (which is a necessary condition for load balancing, but not a sufficient one). In fact, it is the FIB, not BGP, that really sees that those are two ECMP-eligible routes and uses them appropriately per-flow or per-packet.
With EBGP, directly connected peers (exchange network segment) or ebgp-multihop configuration with IGP resolution of loopbacks is required. Figure 10-8 shows the topology and address concept used throughout this part of the lab. Note that the networks 192.168.7.0/24 and 192.168.14.0/24 are considered "neutral" networks and are not announced by any EBGP participant. Figure 10-9 shows the logical BGP setup
through 10-17 present the relevant parts of the router OSPF and BGP configurations, nothing really fancy. To demonstrate two variants of origin, OSPF redistribution into BGP is used on callisto and castor, whereas laurel and scar use network statements to announce their prefixes to the exchange segment in contrast to the redistribution of connected routes you have seen in the previous lab. Callisto acts as a route reflector for the AS 65000 IBGP speakers.
Example 10-11. Castor OSPF and BGP Configuration
castor-ospfd# show running-config Current configuration: ! hostname castor-ospfd password 8 4DwwIFdKLWvU. enable password 8 dV8x4MhxDAuaw log file /var/log/ospfd.log service advanced-vty service password-encryption ! ! ! interface xl0 ip ospf message-digest-key 1 md5 zebra ! interface ed0 ip ospf message-digest-key 1 md5 zebra ! interface lp0 ip ospf network point-to-point ! interface sl0 ip ospf network point-to-point ! interface sl1 ip ospf network point-to-point ! interface ds0 ! interface stf0 ! interface faith0 ! interface vlan0 ! interface vlan1 ! interface lo0 ! interface ppp0 ip ospf network point-to-point ! interface ppp1 ip ospf network point-to-point ! interface vlan8 ip ospf message-digest-key 1 md5 zebra ! interface lo1 ! interface wpachdlc0 ip ospf network point-to-point ! router ospf ospf router-id 192.168.2.7 compatible rfc1583 redistribute connected redistribute static passive-interface ed0 network 192.168.2.0/24 area 0 network 192.168.80.0/24 area 0 network 192.168.99.0/30 area 0 area 0 authentication message-digest capability opaque ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 15 0 ! end castor-bgpd# show running-config Current configuration: ! hostname castor-bgpd password 8 4DwwIFdKLWvU. enable password 8 dV8x4MhxDAuaw log file /var/log/bgpd.log service advanced-vty service password-encryption ! router bgp 65000 bgp router-id 192.168.2.7 bgp cluster-id 1.1.1.1 bgp dampening redistribute ospf neighbor 192.168.1.1 remote-as 65000 neighbor 192.168.1.1 soft-reconfiguration inbound neighbor 192.168.7.254 remote-as 65003 neighbor 192.168.7.254 soft-reconfiguration inbound ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 15 0 ! end
Example 10-12. Ganymed OSPF and BGP Configuration
ganymed-ospfd# show running-config Current configuration: ! hostname ganymed-ospfd password 8 bJFoEOB0obLL6 enable password 8 nVitURFKR/y3M log file /var/log/ospfd.log service advanced-vty service password-encryption ! ! ! interface lo0 ! interface lo1 ! interface ne3 ip ospf message-digest-key 1 md5 zebra ! interface ne4 ip ospf message-digest-key 1 md5 zebra ! interface ne5 ! interface ppp0 ip ospf network point-to-point ! interface ppp1 ip ospf network point-to-point ! interface tun0 ip ospf network point-to-point ! interface tun1 ip ospf network point-to-point ! interface enc0 ! interface vlan0 ip ospf message-digest-key 1 md5 zebra ! interface vlan1 ! interface gre0 ip ospf network point-to-point ! interface gif0 ip ospf network point-to-point ! interface gif1 ip ospf network point-to-point ! interface gif2 ip ospf network point-to-point ! interface gif3 ip ospf network point-to-point ! interface faith0 ! interface pflog0 ! interface sl0 ip ospf network point-to-point ! interface sl1 ip ospf network point-to-point ! interface bridge0 ! interface bridge1 ! router ospf ospf router-id 192.168.1.254 compatible rfc1583 redistribute connected redistribute static network 192.168.1.0/24 area 0 network 192.168.2.0/24 area 0 network 192.168.45.0/24 area 0 network 192.168.80.0/24 area 0 area 0 authentication message-digest capability opaque ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 15 0 ! end ganymed-bgpd# show running-config Current configuration: ! hostname ganymed-bgpd password 8 bJFoEOB0obLL6 enable password 8 bJFoEOB0obLL6 log file /var/log/bgpd.log service advanced-vty service password-encryption ! router bgp 65000 bgp router-id 192.168.44.1 bgp cluster-id 1.1.1.1 bgp dampening neighbor 192.168.1.1 remote-as 65000 neighbor 192.168.1.1 update-source lo1 neighbor 192.168.1.1 soft-reconfiguration inbound ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 15 0 ! end
Example 10-13. Callisto OSPF and BGP Configuration
callisto-ospfd# show running-config Current configuration: ! hostname callisto-ospfd password 8 m6eyKycFMHniQ enable password 8 bjYlnA9YLBWyM log file /var/log/ospfd.log service advanced-vty service password-encryption ! ! ! interface lo ! interface eth0 ! interface eth1 ip ospf message-digest-key 1 md5 zebra ! interface ipsec0 ! interface ipsec1 ! interface ipsec2 ! interface ipsec3 ! interface eth1:1 ip ospf message-digest-key 1 md5 zebra ! interface lo1 ! interface wp1chdlc ip ospf network point-to-point ! router ospf ospf router-id 192.168.1.1 compatible rfc1583 redistribute connected redistribute static passive-interface eth0 network 192.168.1.0/24 area 0 network 192.168.45.0/24 area 0 network 192.168.99.0/30 area 0 area 0.0.0.0 authentication message-digest capability opaque ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 0 0 ! end callisto-bgpd# show running-config Current configuration: ! hostname callisto-bgpd password 8 m6eyKycFMHniQ enable password 8 bjYlnA9YLBWyM log file /var/log/bgpd.log service advanced-vty service password-encryption ! router bgp 65000 bgp router-id 192.168.1.1 bgp cluster-id 1.1.1.1 bgp dampening redistribute ospf neighbor INTERNAL peer-group neighbor INTERNAL remote-as 65000 neighbor INTERNAL route-reflector-client neighbor INTERNAL soft-reconfiguration inbound neighbor 192.168.2.7 peer-group INTERNAL neighbor 192.168.14.2 remote-as 65001 neighbor 192.168.14.2 soft-reconfiguration inbound neighbor 192.168.14.254 remote-as 65003 neighbor 192.168.14.254 soft-reconfiguration inbound neighbor 192.168.44.1 peer-group INTERNAL ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 0 0 ! end
Example 10-14. Scar OSPF and BGP Configuration
scar# show running-config ... ! ip subnet-zero ! interface Loopback0 ip address 10.0.0.1 255.255.255.0 ! interface Ethernet0 ip address 192.168.7.254 255.255.255.0 no ip proxy-arp ! interface Ethernet1 ip address 192.168.14.254 255.255.255.0 ! interface TokenRing0 ip address 10.0.1.1 255.255.255.0 early-token-release ring-speed 16 ! router ospf 1 router-id 10.0.0.1 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static subnets passive-interface Ethernet0 passive-interface Ethernet1 passive-interface Serial0 passive-interface Serial1 passive-interface Serial2 passive-interface Serial3 passive-interface TokenRing1 network 10.0.0.0 0.0.0.255 area 0 network 10.0.1.0 0.0.0.255 area 0 default-information originate ! router bgp 65003 no synchronization bgp router-id 10.0.0.1 bgp cluster-id 1.1.1.1 bgp log-neighbor-changes bgp dampening network 10.0.0.0 mask 255.255.255.0 network 10.0.1.0 mask 255.255.255.0 neighbor 10.0.1.2 remote-as 65003 neighbor 10.0.1.2 update-source Loopback0 neighbor 10.0.1.2 soft-reconfiguration inbound neighbor 192.168.7.7 remote-as 65000 neighbor 192.168.7.7 soft-reconfiguration inbound neighbor 192.168.14.1 remote-as 65000 neighbor 192.168.14.1 soft-reconfiguration inbound neighbor 192.168.14.2 remote-as 65001 neighbor 192.168.14.2 soft-reconfiguration inbound maximum-paths 2 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.14.1 ip route 0.0.0.0 0.0.0.0 192.168.7.7 2 ...
Example 10-15. Laurel OSPF and BGP Configuration
laurel# show running-config ... ip subnet-zero ! interface Loopback0 ip address 172.16.0.254 255.255.255.128 ! interface Ethernet0 ip address 192.168.14.2 255.255.255.0 ! interface Ethernet1 ip address 172.16.0.1 255.255.255.128 ip ospf message-digest-key 1 md5 7 061C0A235E4F ! router ospf 1 router-id 172.16.0.254 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static subnets passive-interface Ethernet0 passive-interface Serial0 passive-interface Serial1 network 172.16.0.0 0.0.0.127 area 0 network 172.16.0.128 0.0.0.127 area 0 default-information originate ! router bgp 65001 no synchronization bgp router-id 172.16.0.254 bgp cluster-id 1.1.1.1 bgp log-neighbor-changes bgp dampening network 172.16.0.0 mask 255.255.255.128 network 172.16.0.128 mask 255.255.255.128 neighbor 172.16.0.253 remote-as 65001 neighbor 172.16.0.253 soft-reconfiguration inbound neighbor 192.168.14.1 remote-as 65000 neighbor 192.168.14.1 soft-reconfiguration inbound neighbor 192.168.14.254 remote-as 65003 neighbor 192.168.14.254 soft-reconfiguration inbound maximum-paths 2 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.14.1 ip route 0.0.0.0 0.0.0.0 192.168.7.7 2
Example 10-16. Chaplin OSPF and BGP Configuration
chaplin# show running-config ... ! ip subnet-zero ! interface Loopback0 ip address 172.16.0.253 255.255.255.128 ! interface Ethernet0 ip address 172.16.0.2 255.255.255.128 ip ospf message-digest-key 1 md5 7 01090306490A ! router ospf 1 router-id 172.16.0.253 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static subnets passive-interface Serial0 passive-interface Serial1 network 172.16.0.0 0.0.0.127 area 0 network 172.16.0.128 0.0.0.127 area 0 ! router bgp 65001 no synchronization bgp router-id 172.16.0.253 bgp cluster-id 1.1.1.1 bgp log-neighbor-changes bgp dampening neighbor 172.16.0.254 remote-as 65001 neighbor 172.16.0.254 soft-reconfiguration inbound ! ip classless ...
Example 10-17. Hardy OSPF and BGP Configuration
hardy# show running-config ... ! ip subnet-zero ! interface Loopback0 ip address 10.0.0.2 255.255.255.0 ! interface TokenRing0 ip address 10.0.1.2 255.255.255.0 ip ospf network broadcast early-token-release ring-speed 16 ! router ospf 1 router-id 10.0.0.2 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static subnets network 10.0.0.0 0.0.0.255 area 0 network 10.0.1.0 0.0.0.255 area 0 ! router bgp 65003 no synchronization bgp router-id 10.0.0.2 bgp cluster-id 1.1.1.1 bgp log-neighbor-changes bgp dampening neighbor 10.0.0.1 remote-as 65003 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 soft-reconfiguration inbound ! ip classless ...
Example 10-18 demonstrates the result of this setup with several show commands. The last traceroute shows the effect of the BGP-multipath capability of Cisco IOS architecture using two equal-cost paths.
Example 10-18. Results of This EBGP Setup
[root@ganymed:~#] netstat -rn -f inet Routing tables Internet: Destination Gateway Flags Refs Use Mtu Interface default 211.11.117.1 UGS 4 10366 1500 ne5 10.0.0/24 192.168.1.1 UG1 0 0 1500 ne3 10.0.1/24 192.168.1.1 UG1 0 0 1500 ne3 127/8 127.0.0.1 UGRS 0 0 33224 lo0 127.0.0.1 127.0.0.1 UH 2 0 33224 lo0 172.16.0.0/25 192.168.1.1 UG1 0 0 1500 ne3 172.16.0.128/25 192.168.1.1 UG1 0 0 1500 ne3 192.168.1/24 link#1 UC 0 0 1500 ne3 192.168.1.1 52:54:5:e3:51:87 UHL 7 6620 1500 ne3 192.168.1.2 8:0:46:64:74:1b UHL 1 2213 1500 ne3 192.168.1.254 127.0.0.1 UGHS 0 0 33224 lo0 192.168.2/24 link#2 UC 0 0 1500 ne4 192.168.2.7 0:10:5a:c4:2c:4 UHL 3 977 1500 ne4 192.168.7/24 192.168.2.7 UG1 0 33 1500 ne4 192.168.14/24 192.168.1.1 UG1 0 0 1500 ne3 192.168.44.1 192.168.44.1 UH 0 0 33224 lo1 192.168.45/24 link#1 UC 0 0 1500 ne3 192.168.45.253 52:54:5:e3:51:87 UHL 0 0 1500 ne3 192.168.80/24 link#16 UC 0 0 1496 vlan0 192.168.80.1 0:10:5a:c4:2c:4 UHL 0 0 1496 vlan0 192.168.99.1 192.168.1.1 UGH1 0 0 1500 ne3 192.168.99.2 192.168.2.7 UGH1 0 0 1500 ne4 211.11.117/24 link#3 UC 0 0 1500 ne5 211.11.117.1 0:0:c:7:ac:12 UHL 1 0 1500 ne5 [root@castor:~#] netstat -rn -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.2.254 UGSc 3 12 xl0 10/24 192.168.7.254 UG1c 0 0 ed0 10.0.1/24 192.168.7.254 UG1c 0 0 ed0 127.0.0.1 127.0.0.1 UH 0 0 lo0 172.16/25 192.168.2.254 UG1c 0 0 xl0 172.16.0.128/25 192.168.2.254 UG1c 0 0 xl0 192.168.1 192.168.2.254 UG1c 2 0 xl0 192.168.2 link#1 UC 1 0 xl0 192.168.2.254 52:54:05:e3:e4:2f UHLW 14 33 xl0 679 192.168.7 link#2 UC 1 0 ed0 192.168.7.254 00:00:0c:1a:a9:a8 UHLW 4 516 ed0 583 192.168.44 192.168.2.254 UG1c 0 0 xl0 192.168.45 192.168.2.254 UG1c 0 0 xl0 192.168.80 link#15 UC 1 0 vlan8 192.168.80.254 52.54.5.e3.e4.2f UHLW 0 0 vlan8 777 192.168.99.1 192.168.2.254 UGH1 0 0 xl0 192.168.99.2 192.168.99.1 UH 0 6 wpachd => 192.168.99.2/32 wpachdlc0 U1c 0 0 wpachd 211.11.117 192.168.2.254 UG1c 0 0 xl0 castor-bgpd# show ip bgp summary BGP router identifier 192.168.2.7, local AS number 65000 5 BGP AS-PATH entries 0 BGP community entries Dampening enabled. Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.1 4 65000 51 54 0 0 0 00:46:07 9 192.168.7.254 4 65003 55 54 0 0 0 00:46:43 4 Total number of neighbors 2 castor-bgpd# show ip bgp neighbors 192.168.1.1 received-routes BGP table version is 0, local router ID is 192.168.2.7 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.14.254 0 100 0 65003 i *> 10.0.1.0/24 192.168.14.254 0 100 0 65003 i *> 172.16.0.0/25 192.168.14.2 0 100 0 65001 i *> 172.16.0.128/25 192.168.14.2 0 100 0 65001 i *> 192.168.2.0 192.168.1.254 20 100 0 ? *> 192.168.44.0 192.168.1.254 20 100 0 ? *> 192.168.80.0 192.168.1.254 20 100 0 ? *> 192.168.99.1/32 192.168.1.1 10 100 0 ? *> 211.11.117.0 192.168.1.254 20 100 0 ? Total number of prefixes 9 castor-bgpd# show ip bgp BGP table version is 0, local router ID is 192.168.2.7 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i10.0.0.0/24 192.168.14.254 0 100 0 65003 i *> 192.168.7.254 0 0 65003 i * i10.0.1.0/24 192.168.14.254 0 100 0 65003 i *> 192.168.7.254 0 0 65003 i *>i172.16.0.0/25 192.168.14.2 0 100 0 65001 i * 192.168.7.254 0 65003 65001 i *>i172.16.0.128/25 192.168.14.2 0 100 0 65001 i * 192.168.7.254 0 65003 65001 i *> 192.168.1.0 192.168.2.254 20 32768 ? *>i192.168.2.0 192.168.1.254 20 100 0 ? * i192.168.44.0 192.168.1.254 20 100 0 ? *> 192.168.2.254 20 32768 ? *> 192.168.45.0 192.168.2.254 20 32768 ? *>i192.168.80.0 192.168.1.254 20 100 0 ? *>i192.168.99.1/32 192.168.1.1 10 100 0 ? *> 192.168.99.2/32 0.0.0.0 10 32768 ? * i211.11.117.0 192.168.1.254 20 100 0 ? *> 192.168.2.254 20 32768 ? Total number of prefixes 12 [root@callisto:~#] netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.99.1 0.0.0.0 255.255.255.255 UH 40 0 0 wp1chdlc 192.168.99.2 192.168.1.254 255.255.255.255 UGH 40 0 0 eth1 192.168.99.0 0.0.0.0 255.255.255.252 U 40 0 0 wp1chdlc 172.16.0.128 192.168.14.2 255.255.255.128 UG 40 0 0 eth0 172.16.0.0 192.168.14.2 255.255.255.128 UG 40 0 0 eth0 211.11.117.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 10.0.0.0 192.168.14.254 255.255.255.0 UG 40 0 0 eth0 10.0.1.0 192.168.14.254 255.255.255.0 UG 40 0 0 eth0 192.168.2.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 192.168.80.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0 192.168.14.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.44.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 192.168.45.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 192.168.1.254 0.0.0.0 UG 40 0 0 eth1 callisto-bgpd# show ip bgp summary BGP router identifier 192.168.1.1, local AS number 65000 6 BGP AS-PATH entries 0 BGP community entries Dampening enabled. Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.2.7 4 65000 46 46 0 0 0 00:39:42 7 192.168.14.2 4 65001 48 47 0 0 0 00:39:38 4 192.168.14.254 4 65003 50 47 0 0 0 00:39:38 4 192.168.44.1 4 65000 39 48 0 0 0 00:38:05 0 Total number of neighbors 4 callisto-bgpd# show ip bgp neighbors 192.168.2.7 BGP neighbor is 192.168.2.7, remote AS 65000, local AS 65000, internal link Member of peer-group INTERNAL for session parameters BGP version 4, remote router ID 192.168.2.7 BGP state = Established, up for 00:40:44 Last read 00:00:44, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received (old and new) Address family IPv4 Unicast: advertised and received Received 47 messages, 0 notifications, 0 in queue Sent 47 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast INTERNAL peer-group member Route-Reflector Client Inbound soft reconfiguration allowed Community attribute sent to this neighbor (both) 7 accepted prefixes Connections established 1; dropped 0 Local host: 192.168.1.1, Local port: 32923 Foreign host: 192.168.2.7, Foreign port: 179 Nexthop: 192.168.1.1 Read thread: on Write thread: off callisto-bgpd# show ip bgp neighbors 192.168.2.7 advertised-routes BGP table version is 0, local router ID is 192.168.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.14.254 0 100 0 65003 i *> 10.0.1.0/24 192.168.14.254 0 100 0 65003 i *> 172.16.0.0/25 192.168.14.2 0 100 0 65001 i *> 172.16.0.128/25 192.168.14.2 0 100 0 65001 i *> 192.168.2.0 192.168.1.254 20 100 32768 ? *> 192.168.44.0 192.168.1.254 20 100 32768 ? *> 192.168.80.0 192.168.1.254 20 100 32768 ? *> 192.168.99.1/32 192.168.1.1 10 100 32768 ? *> 211.11.117.0 192.168.1.254 20 100 32768 ? Total number of prefixes 9 callisto-bgpd# show ip bgp BGP table version is 0, local router ID is 192.168.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.14.254 0 0 65003 i * 192.168.14.254 0 65001 65003 i * i 192.168.7.254 0 100 0 65003 i *> 10.0.1.0/24 192.168.14.254 0 0 65003 i * 192.168.14.254 0 65001 65003 i * i 192.168.7.254 0 100 0 65003 i * 172.16.0.0/25 192.168.14.2 0 65003 65001 i *> 192.168.14.2 0 0 65001 i * 172.16.0.128/25 192.168.14.2 0 65003 65001 i *> 192.168.14.2 0 0 65001 i *>i192.168.1.0 192.168.2.254 20 100 0 ? *> 192.168.2.0 192.168.1.254 20 32768 ? * i192.168.44.0 192.168.2.254 20 100 0 ? *> 192.168.1.254 20 32768 ? *>i192.168.45.0 192.168.2.254 20 100 0 ? *> 192.168.80.0 192.168.1.254 20 32768 ? *> 192.168.99.1/32 0.0.0.0 10 32768 ? *>i192.168.99.2/32 192.168.2.7 10 100 0 ? * i211.11.117.0 192.168.2.254 20 100 0 ? *> 192.168.1.254 20 32768 ? Total number of prefixes 12 callisto-bgpd# show ip bgp 172.16.0.0/25 BGP routing table entry for 172.16.0.0/25 Paths: (2 available, best #2, table Default-IP-Routing-Table) Advertised to non peer-group peers: 192.168.2.7 192.168.14.254 192.168.44.1 65003 65001 192.168.14.2 from 192.168.14.254 (10.0.0.1) Origin IGP, localpref 100, valid, external Last update: Fri May 2 12:54:37 2003 65001 192.168.14.2 from 192.168.14.2 (172.16.0.254) Origin IGP, metric 0, localpref 100, valid, external, best Last update: Fri May 2 12:54:37 2003 scar# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 65003 BGP table version is 19, main routing table version 19 12 network entries and 32 paths using 2316 bytes of memory 7 BGP path attribute entries using 420 bytes of memory 4 BGP AS-PATH entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths BGP activity 12/49 prefixes, 32/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.1.2 4 65003 298 308 19 0 0 04:54:26 0 192.168.7.7 4 65000 66 69 19 0 0 00:58:15 10 192.168.14.1 4 65000 65 70 19 0 0 00:57:36 10 192.168.14.2 4 65001 303 307 19 0 0 04:54:24 10 scar# show ip bgp neighbors 192.168.7.7 BGP neighbor is 192.168.7.7, remote AS 65000, external link BGP version 4, remote router ID 192.168.2.7 BGP state = Established, up for 00:59:07 Last read 00:00:07, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Received 67 messages, 0 notifications, 0 in queue Sent 70 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 19, neighbor version 19 Index 2, Offset 0, Mask 0x4 Inbound soft reconfiguration allowed 10 accepted prefixes consume 360 bytes Prefix advertised 10, suppressed 0, withdrawn 1 Number of NLRIs in the update sent: max 2, min 0 Connections established 1; dropped 0 Last reset never Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Local host: 192.168.7.254, Local port: 179 Foreign host: 192.168.7.7, Foreign port: 1024 Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes) Event Timers (current time is 0x10FB800): Timer Starts Wakeups Next Retrans 70 0 0x0 TimeWait 0 0 0x0 AckHold 67 37 0x0 SendWnd 0 0 0x0 KeepAlive 0 0 0x0 GiveUp 0 0 0x0 PmtuAger 0 0 0x0 DeadWait 0 0 0x0 iss: 939562101 snduna: 939563660 sndnxt: 939563660 sndwnd: 33580 irs: 2226264130 rcvnxt: 2226265600 rcvwnd: 16384 delrcvwnd: 0 SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms minRTT: 4 ms, maxRTT: 300 ms, ACK hold: 200 ms Flags: passive open, nagle, gen tcbs Datagrams (max data segment is 1460 bytes): Rcvd: 135 (out of order: 0), with data: 67, total data bytes: 1469 Sent: 108 (retransmit: 0), with data: 69, total data bytes: 1558 scar# show ip bgp neighbors 192.168.7.7 received-routes BGP table version is 19, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 172.16.0.0/25 192.168.7.7 0 65000 65001 i * 172.16.0.128/25 192.168.7.7 0 65000 65001 i * 192.168.1.0 192.168.7.7 20 0 65000 ? *> 192.168.2.0 192.168.7.7 0 65000 ? * 192.168.44.0 192.168.7.7 20 0 65000 ? * 192.168.45.0 192.168.7.7 20 0 65000 ? *> 192.168.80.0 192.168.7.7 0 65000 ? *> 192.168.99.1/32 192.168.7.7 0 65000 ? * 192.168.99.2/32 192.168.7.7 10 0 65000 ? * 211.11.117.0 192.168.7.7 20 0 65000 ? Total number of prefixes 10 scar# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.14.1 to network 0.0.0.0 C 192.168.14.0/24 is directly connected, Ethernet1 B 192.168.44.0/24 [20/20] via 192.168.7.7, 00:50:56 B 192.168.45.0/24 [20/0] via 192.168.14.1, 00:50:46 172.16.0.0/25 is subnetted, 2 subnets B 172.16.0.128 [20/0] via 192.168.14.2, 04:48:45 B 172.16.0.0 [20/0] via 192.168.14.2, 04:48:45 192.168.99.0/32 is subnetted, 2 subnets B 192.168.99.2 [20/0] via 192.168.14.1, 00:52:46 B 192.168.99.1 [20/0] via 192.168.7.7, 00:52:26 B 192.168.80.0/24 [20/0] via 192.168.7.7, 00:50:56 B 211.11.117.0/24 [20/20] via 192.168.7.7, 00:50:56 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks O 10.0.0.2/32 [110/7] via 10.0.1.2, 04:49:47, TokenRing0 C 10.0.0.0/24 is directly connected, Loopback0 C 10.0.1.0/24 is directly connected, TokenRing0 C 192.168.7.0/24 is directly connected, Ethernet0 B 192.168.1.0/24 [20/0] via 192.168.14.1, 00:50:46 B 192.168.2.0/24 [20/0] via 192.168.7.7, 00:50:56 S* 0.0.0.0/0 [1/0] via 192.168.14.1 scar# show ip bgp BGP table version is 17, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 0.0.0.0 0 32768 i *> 10.0.1.0/24 0.0.0.0 0 32768 i * 172.16.0.0/25 192.168.7.7 0 65000 65001 i * 192.168.14.2 0 65000 65001 i *> 192.168.14.2 0 0 65001 i * 172.16.0.128/25 192.168.7.7 0 65000 65001 i * 192.168.14.2 0 65000 65001 i *> 192.168.14.2 0 0 65001 i * 192.168.1.0 192.168.14.1 0 65001 65000 ? *> 192.168.14.1 0 65000 ? * 192.168.7.7 20 0 65000 ? * 192.168.2.0 192.168.14.1 0 65001 65000 ? * 192.168.14.1 20 0 65000 ? *> 192.168.7.7 0 65000 ? * 192.168.44.0 192.168.14.1 0 65001 65000 ? * 192.168.14.1 20 0 65000 ? *> 192.168.7.7 20 0 65000 ? * 192.168.45.0 192.168.14.1 0 65001 65000 ? *> 192.168.14.1 0 65000 ? * 192.168.7.7 20 0 65000 ? * 192.168.80.0 192.168.14.1 0 65001 65000 ? * 192.168.14.1 20 0 65000 ? *> 192.168.7.7 0 65000 ? *> 192.168.99.1/32 192.168.7.7 0 65000 ? * 192.168.14.1 0 65001 65000 ? * 192.168.14.1 10 0 65000 ? * 192.168.99.2/32 192.168.14.1 0 65001 65000 ? *> 192.168.14.1 0 65000 ? * 192.168.7.7 10 0 65000 ? * 211.11.117.0 192.168.14.1 0 65001 65000 ? * 192.168.14.1 20 0 65000 ? *> 192.168.7.7 20 0 65000 ? scar# show ip bgp 192.168.44.1 BGP routing table entry for 192.168.44.0/24, version 18 Paths: (3 available, best #2, table Default-IP-Routing-Table) Advertised to non peer-group peers: 10.0.1.2 192.168.7.7 192.168.14.2 65001 65000, (received & used) 192.168.14.1 from 192.168.14.2 (172.16.0.254) Origin incomplete, localpref 100, valid, external 65000, (received & used) 192.168.14.1 from 192.168.14.1 (192.168.1.1) Origin incomplete, metric 20, localpref 100, valid, external, multipath, best 65000, (received & used) 192.168.7.7 from 192.168.7.7 (192.168.2.7) Origin incomplete, metric 20, localpref 100, valid, external, multipath scar# traceroute 192.168.44.1 Type escape sequence to abort. Tracing the route to 192.168.44.1 1 192.168.14.1 0 msec 192.168.7.7 4 msec 192.168.14.1 4 msec 2 192.168.44.1 [AS 65000] 4 msec 0 msec 0 msec
Lab 10-4: BGP with GateD
Now we replace the Zebra daemons on callisto and castor with GateD (see Examples 10-19 and 10-20). The secondary interface connecting callisto and ganymed is disabled, and OSPF authentication is turned off to accommodate GateD restrictions.
Although GateD lacks some of the features of Zebra, the configuration tries to mimic the Zebra configurations (Examples 10-11 to 10-13) as closely as possible. GateD uses different group peeras types to configure peerings (<type>=external, IGP, internal, routing) that can be used to configure IBGP and EBGP scenarios. For a more detailed explanation, refer to the V3.6 documentation.
NOTE
Note that the highlighted export statement in Example 10-19 is used to accomplish IBGP route reflector behavior.
Example 10-19. Castor GateD Route Reflector Setup
[root@castor:~#] cat /etc/gated.cfg routerid 192.168.2.7; autonomoussystem 65000; rip off; ospf yes{ backbone{ networks{ 192.168.2.0 mask 255.255.255.0; 192.168.80.0 mask 255.255.255.0; 192.168.99.0 mask 255.255.255.252; }; interface xl0 vlan8 wpachdlc0; }; }; bgp yes{ group type routing peeras 65000 proto ospf { peer 192.168.1.1; }; group type external peeras 65003 { peer 192.168.7.254; }; }; static{ default gateway 192.168.2.254; }; #exporting to OSPF export proto ospfase{ proto static{all; }; proto direct{all; }; }; export proto bgp as 65000 { proto bgp as 65000 {all;}; # for reflection proto ospf{all;}; }; export proto bgp as 65003 { proto ospf{all;}; }; GateD-castor> show bgp sum 100 Neighbor V AS MsgRcvd MsgSent State 100 192.168.1.1 4 65000 3 4 Established 100 192.168.7.254 4 65003 5 4 Established 100 BGP summary, 2 groups, 2 peers. GateD-castor> show bgp routes 0/0 100 Proto Route/Mask NextHop MED ASPath 100 BGP 10/24 192.168.7.254 0 (65000) 65003 IGP (Id 5) 100 BGP 10.0.1/24 192.168.7.254 0 (65000) 65003 IGP (Id 5) 100 BGP 172.16/25 192.168.7.254 -1 (65000) 65003 65001 IGP (Id 4) 100 BGP 172.16.0.128/25 192.168.7.254 -1 (65000) 65003 65001 IGP (Id 4) GateD-castor> show ip walkdown 0/0 100 Ker 0.0.0.0/0 192.168.2.254 IGP (Id 1) 100 BGP 10/24 192.168.7.254 (65000) 65003 IGP (Id 5) 100 BGP 10.0.1/24 192.168.7.254 (65000) 65003 IGP (Id 5) 100 Sta 127/8 127.0.0.1 IGP (Id 1) 100 Dir 127.0.0.1/32 127.0.0.1 IGP (Id 1) 100 BGP 172.16/25 192.168.7.254 (65000) 65003 65001 IGP (Id 4) 100 BGP 172.16.0.128/25 192.168.7.254 (65000) 65003 65001 IGP (Id 4) 100 OSP 192.168.1/24 192.168.2.254 (65000) IGP (Id 2) 100 Ker 192.168.1.1/32 192.168.2.254 IGP (Id 1) 100 Ker 192.168.1.2/32 192.168.2.254 IGP (Id 1) 100 Dir 192.168.2/24 192.168.2.7 IGP (Id 1) 100 Dir 192.168.7/24 192.168.7.7 IGP (Id 1) 100 OSP 192.168.14/24 192.168.2.254 (65000) Incomplete (Id 3) 100 OSP 192.168.44/24 192.168.2.254 (65000) Incomplete (Id 3) 100 Dir 192.168.80/24 192.168.80.1 IGP (Id 1) 100 Dir 192.168.99.1/32 127.0.0.1 IGP (Id 1) 100 Dir 192.168.99.2/32 192.168.99.1 IGP (Id 1) 100 OSP 211.11.117/24 192.168.2.254 (65000) Incomplete (Id 3) GateD-castor> show bgp peeras 65003 100 group type External AS 65003 local 65000 flags <> 100 peer 192.168.7.254 version 4 lcladdr (null) gateway (null) 100 flags 0x0 100 state 0x6100 options 0x0 <> 100 metric_out -1 100 preference 170 100 preference2 0 100 recv buffer size 0 100 send buffer size 0 100 messages in 24 (updates 3, not updates 21) 559 octets messages out 23 (updates 1, not updates 22) 473 octets [root@castor:~#] netstat -rn -f inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.2.254 UGSc 1 62 xl0 10/24 192.168.7.254 UGc 0 0 ed0 10.0.1/24 192.168.7.254 UGc 0 0 ed0 127 127.0.0.1 URc 0 0 lo0 127.0.0.1 127.0.0.1 UH 2 186 lo0 172.16/25 192.168.7.254 UGc 0 0 ed0 172.16.0.128/25 192.168.7.254 UGc 0 0 ed0 192.168.1 192.168.2.254 UGc 2 2 xl0 192.168.2 link#1 UC 1 0 xl0 192.168.2.254 52:54:05:e3:e4:2f UHLW 7 0 xl0 337 192.168.7 link#2 UC 1 0 ed0 192.168.7.254 00:00:0c:1a:a9:a8 UHLW 7 67 ed0 347 192.168.14 192.168.2.254 UGc 0 0 xl0 192.168.44 192.168.2.254 UGc 0 3 xl0 192.168.80 link#15 UC 0 0 vlan8 192.168.99.1 127.0.0.1 UGH 0 0 lo0 192.168.99.2 192.168.99.1 UH 0 3 wpachd 211.11.117 192.168.2.254 UGc 0 0 xl0 224.0.0.5 127.0.0.1 UH 0 0 lo0 224.0.0.6 127.0.0.1 UH 0 0 lo0
Example 10-20. Callisto GateD Setup
[root@callisto:~#] cat /etc/gated.conf routerid 192.168.1.1; autonomoussystem 65000; rip off; ospf yes{ backbone{ networks{ 192.168.1.0 mask 255.255.255.0; 192.168.99.0 mask 255.255.255.252; 192.168.45.0 mask 255.255.255.0; }; interface eth1 wp1chdlc; }; }; bgp yes{ group type routing peeras 65000 proto ospf { peer 192.168.44.1; peer 192.168.2.7; }; group type external peeras 65001 { peer 192.168.14.2; }; group type external peeras 65003 { peer 192.168.14.254; }; }; static{ default gateway 192.168.1.254; }; #exporting to OSPF export proto ospfase{ #restrict; proto static{all; }; proto direct{all; }; #proto kernel{all; }; }; export proto bgp as 65000 { proto bgp as 65000 {all;}; # for reflection proto ospf{all;}; }; export proto bgp as 65001 { proto ospf{all;}; }; export proto bgp as 65003 { proto ospf{all;}; }; GateD-callisto> show bgp sum 100 Neighbor V AS MsgRcvd MsgSent State 100 192.168.44.1 4 65000 90 96 Established 100 192.168.2.7 4 65000 27 29 Established 100 192.168.14.2 4 65001 103 98 Established 100 192.168.14.254 4 65003 108 98 Established 100 BGP summary, 3 groups, 4 peers. GateD-callisto> show bgp routes 0/0 100 Proto Route/Mask NextHop MED ASPath 100 BGP 10/24 192.168.14.254 0 (65000) 65003 IGP (Id 7) 100 BGP 10.0.1/24 192.168.14.254 0 (65000) 65003 IGP (Id 7) 100 BGP 172.16/25 192.168.14.2 0 (65000) 65001 IGP (Id 5) 100 BGP 172.16.0.128/25 192.168.14.2 0 (65000) 65001 IGP (Id 5) GateD-callisto> show ip walkdown 0/0 100 Sta 0.0.0.0/0 192.168.1.254 IGP (Id 1) 100 BGP 10/24 192.168.14.254 (65000) 65003 IGP (Id 7) 100 BGP 10.0.1/24 192.168.14.254 (65000) 65003 IGP (Id 7) 100 Sta 127/8 127.0.0.1 IGP (Id 1) 100 Dir 127.0.0.1/32 127.0.0.1 IGP (Id 1) 100 BGP 172.16/25 192.168.14.2 (65000) 65001 IGP (Id 5) 100 BGP 172.16.0.128/25 192.168.14.2 (65000) 65001 IGP (Id 5) 100 Dir 192.168.1/24 192.168.1.1 IGP (Id 1) 100 OSP 192.168.2/24 192.168.1.254 (65000) IGP (Id 8) 100 OSP 192.168.7/24 192.168.1.254 (65000) IGP (Id 8) 100 Dir 192.168.14/24 192.168.14.1 IGP (Id 1) 100 OSP 192.168.44/24 192.168.1.254 (65000) Incomplete (Id 3) 100 OSP 192.168.80/24 192.168.1.254 (65000) IGP (Id 8) 100 Dir 192.168.99/32 192.168.99.2 IGP (Id 1) 100 Dir 192.168.99.2/32 127.0.0.1 IGP (Id 1) 100 OSP 211.11.117/24 192.168.1.254 (65000) Incomplete (Id 3) [root@callisto:~#] netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 224.0.0.6 127.0.0.1 255.255.255.255 UGH 40 0 0 lo 224.0.0.5 127.0.0.1 255.255.255.255 UGH 40 0 0 lo 192.168.99.0 0.0.0.0 255.255.255.255 UH 40 0 0 wp1chdlc 192.168.99.2 127.0.0.1 255.255.255.255 UGH 40 0 0 lo 127.0.0.1 0.0.0.0 255.255.255.255 UH 40 0 0 lo 192.168.99.0 0.0.0.0 255.255.255.252 U 40 0 0 wp1chdlc 172.16.0.128 192.168.14.2 255.255.255.128 UG 40 0 0 eth0 172.16.0.0 192.168.14.2 255.255.255.128 UG 40 0 0 eth0 192.168.7.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 211.11.117.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 10.0.0.0 192.168.14.254 255.255.255.0 UG 40 0 0 eth0 10.0.1.0 192.168.14.254 255.255.255.0 UG 40 0 0 eth0 192.168.2.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 192.168.80.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.14.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.44.0 192.168.1.254 255.255.255.0 UG 40 0 0 eth1 127.0.0.0 - 255.0.0.0 ! - - - - 0.0.0.0 192.168.1.254 0.0.0.0 UG 40 0 0 eth1
Avoiding Single Points of Failure
The introduction of links to multiple points of presence (POPs) of one or several ISPs can eliminate single points of failure. Such autonomous systems can provide transit services or not. The following subsections discuss several popular BGP scenarios.
Single-Homed Nontransit (Stub) Scenario with a Private AS
In a nutshell, stub and single-homed autonomous systems do not justify the assignment of a regular ASN in the eyes of Internet Assigned Numbers Authority (IANA) and company. In case of special requirements, upstream providers do assign a private ASN (64512–65534, RFC 1930); and in case of a PI block assigned to the downstream customer, upstream providers announce this network to the Internet while stripping the private AS. The first level of redundancy would be to attach this customer to two different POP of the same ISP and provide traffic granularity via BGP measures. BGP offers a clean demarcation point. I strongly advise against ISDN dial-on-demand backups in BGP scenarios.
Multi-Homed Nontransit (Stub) Scenario
Entities that require the added redundancy of two independent upstreams usually register an ASN and a PI block. Upstream ISPs/carriers announce the PI prefix, which frequently results in suboptimal utilization of one upstream link. Remember, BGP was not designed for load balancing. This situation can be improved with the cooperation of both upstreams to tune BGP's advanced capabilities, such as path prepending, MED, and community attributes, to achieve at least a better distribution of traffic. To say the least, this is a tedious task that requires strong BGP knowledge and needs to be taken care of incoming and outgoing. In general, providing transit services through a public exchange violates the policy established by the exchange managers.
Transit Services
Transit traffic usually serves topological and commercial purposes. As long as the corresponding ingress and egress traffic of two transit partners is roughly equivalent, transit AS owners tend to agree to mutually beneficial no-charge peering/transit agreements. If this is not the case, transit traffic might be subject to charge.
In fact, providing transit traffic (be it for free or not) through a public IX is a violation of policy of almost any IX in the world (of which I am aware of). What has changed over the past few years, however, is the perception of what is considered "transit traffic" by the IX operators: Because carriers and ISPs have become multinational, IXs have to deal with peering entities (in a commercial sense) that cover numerous autonomous systems (combined administratively to an AS set, or macro), so IX operators usually allow such providers to announce their entire AS set at a given (national) IX instead of only their (national) AS. So a certain AS providing transit (in the strict BGP meaning) has nothing to do with public peering in the first place, but merely with the combination of some autonomous systems under common (international) administration, or is simply necessary because a provider has customers with their own autonomous systems (which, of course, have always been permitted on the IXs).
The question of traffic symmetry is a different one that does not really touch the transit/nontransit topic. As mentioned earlier, providers were picky about this symmetry when peering privately, and some kept enforcing this policy on the public IXs. Today, however, most of them realize that the advantages of public peering easily compensate for the possible drawbacks, so most do not care about symmetry anymore, and many just do not want to go through the added accounting hassle involved.
If You Enjoyed This Post Please Take a Second To Share It.
You Might Also Like
Stay Connected With Free Updates
 |
 |
 |
|
Subscribe via Email
|
