bgp-4 case studies - university of...
TRANSCRIPT
BGP-4 Case Studies
Nenad Krajnovice-mail: [email protected]
2
Today topics
load balancing over multiple linksmultihoming to a single providermultihoming to different providersfollowing defaults inside an ASpolicy routinglab examples
3
Load balancing over multiple links
Increasing traffic toward Internet is requesting more and more bandwidth. Increasing of bandwidth can be made by aggregating two or more links and load balancing over them.
4
load balancing over multiple links
1.1.1.21.1.1.1
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
1.1.2.1 1.1.2.2
1.1.3.21.1.3.1
192.168.4.0/24172.16.4.0/24
We like to load balance over all tree links betweenAS 65100 and AS 65300
5
load balancing over multiple links
1.1.1.21.1.1.1
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
1.1.2.1 1.1.2.2
1.1.3.21.1.3.1
192.168.4.0/24 172.16.4.0/24
interface ethernet 0ip address 192.168.4.1 255.255.255.0
!interface serial 0
ip address 1.1.1.1 255.255.255.0!interface serial 1
ip address 1.1.2.1 255.255.255.0!interface serial 2
ip address 1.1.3.1 255.255.255.0!Interface loopback 0
ip address 172.16.50.1 255.255.255.0!router bgp 65100
network 192.168.4.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihopneighbor 172.16.1.1 update-source loopback 0no auto-summary
!ip route 172.16.1.1 255.255.255.255 1.1.1.2 3ip route 172.16.1.1 255.255.255.255 1.1.2.2 3ip route 172.16.1.1 255.255.255.255 1.1.3.2 3
6
load balancing over multiple links
interface ethernet 0ip address 172.16.4.1 255.255.255.0
!interface serial 0
ip address 1.1.1.2 255.255.255.0!interface serial 1
ip address 1.1.2.2 255.255.255.0!interface serial 2
ip address 1.1.3.2 255.255.255.0!Interface loopback 0
ip address 172.16.1.1 255.255.255.0!router bgp 65100
network 172.16.4.0 mask 255.255.255.0neighbor 172.16.50.1 remote-as 65300neighbor 172.16.50.1 ebgp-multihopneighbor 172.16.50.1 update-source loopback 0no auto-summary
!ip route 172.16.50.1 255.255.255.255 1.1.1.1 3ip route 172.16.50.1 255.255.255.255 1.1.2.1 3ip route 172.16.50.1 255.255.255.255 1.1.3.1 3
1.1.1.21.1.1.1
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
1.1.2.1 1.1.2.2
1.1.3.21.1.3.1
192.168.4.0/24 172.16.4.0/24
7
Multihoming to a single provider
In situation where links to the provider isn’t reliable enough, it is necessary to have more links to the provider. Beside that, this solution offer better stability and reliability of the network.
8
multihomed to a single provider - default only, one primary and one backup link
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP.
Outbound traffic from AS30 should always go on the X1 link unless that link fails, in which case it should switch to the other link.
Inbound traffic toward AS30 should always come on the X1 link unless that link fails, in which case is should switch to the other link.
Prevent any BGP updates from coming into AS3.
X1X2
192.168.1.4 E0192.168.1.1 E0
9
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.4 E0192.168.1.1 E0
multihomed to a single provider - default only, one primary and one backup link
router bgp 30network 172.18.23.0 mask 255.255.255.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 route-map BLOCK inneighbor 1.1.2.1 route-map SETMETRIC1 outneighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 route-map BLOCK inneighbor 1.1.1.1 route-map SETMETRIC2 outno auto-summary
!ip route 0.0.0.0 0.0.0.0 1.1.1.1 40ip route 0.0.0.0 0.0.0.0 1.1.2.1 60!route-map SETMETRIC1 permit 10
set metric 100!route-map SETMETRIC2 permit 10
set metric 50!route-map BLOCK deny 10
10
multihomed to a single provider - default only, one primary and one backup link
router# show ip route
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
1.0.0.0 255.0.0.0 is subnetted, 2 subnetsC 1.1.1.0 is directly connected, Serial 0C 1.1.2.0 is directly connected, Serial 1C 172.18.23.0 is directly connected, Ethernet0S* 0.0.0.0 0.0.0.0 [40/0] via 1.1.1.1
router# show ip bgpBGP table version 11, local router ID is 192.168.1.4Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i 172.18.23.0/24 192.168.1.4 50 100 0 3 i* 1.1.2.1 100 0 3 i*> 192.168.4.0/24 0.0.0.0 0 32768 i
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.4 E0192.168.1.1 E0
11
multihomed to a single provider - default, primary and backup plus partial routing
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1192.68.6.2
AS 7
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0
IBGP
192.68.10.1
AS 6
192.68.40.1
192.68.11.2NAP
12
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1192.68.6.2
AS 7
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0
IBGP
192.68.10.1
AS 6
192.68.40.1
192.68.11.2NAP
Routing policiesAS3 will only accept AS1’s local routes and its customers’ routes
such as AS6. AS3 will also accept one route from the Internet to set its default toward the provider AS1.
For all outbound traffic toward AS1 and AS6 (the partial routes), AS3 should use the X2 link. In case of failure, the other link is used.
For all other outbound traffic toward the Internet, AS3 should use the X1 link as the primary link by following a default route. In case of failure, the default via other link should be used.
For inbound traffic, AS3 will instruct AS1 to use the X2 link for 172.16.220.0/24.
For all other inbound traffic, the X1 link is the primary.
multihomed to a single provider - default, primary and backup plus partial routing
13
multihomed to a single provider - default, primary and backup plus partial routing
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1192.68.6.2
AS 7
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0
IBGP
192.68.10.1
AS 6
192.68.40.1
192.68.11.2NAP
router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map SET_OUTBOUND_TRAFFIC inneighbor 172.16.20.1 route-map SET_INBOUND_TRAFFIC outneighbor 172.16.20.1 filter-list 10 outno auto-summary
!ip route 0.0.0.0 0.0.0.0 193.78.0.0ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$ip as-path access-list 4 permit ^1$access-list 2 permit 172.16.220.0 0.0.0.255access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10
match ip address 101set local-preference 200
route-map SET_OUTBOUND_TRAFFIC permit 20match as-path 4set local-preference 300
!route-map SET_INBOUND_TRAFFIC permit 10
match ip address 2set local-preference 200
route-map SET_INBOUND_TRAFFIC permit 20set metric 300
14
multihomed to a single provider - default, primary and backup plus partial routing
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1192.68.6.2
AS 7
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0
IBGP
192.68.10.1
AS 6
192.68.40.1
192.68.11.2NAP
router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map SET_OUTBOUND_TRAFFIC inneighbor 192.68.5.2 route-map SET_INBOUND_TRAFFIC outneighbor 192.68.5.2 filter-list 10 outno auto-summary
!ip route 0.0.0.0 0.0.0.0 193.78.0.0!ip as-path access-list 10 permit ^$ip as-path access-list 4 permit ^1 6$
! ip as-path access-list ^1 ?[0-9]*$ip as_path access-list 4 permit ^1$!access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0!route-map SET_OUTBOUND_TRAFFIC permit 10
match ip address 101set local-preference 250
!route-map SET_OUTBOUND_TRAFFIC permit 20
match as-path 4set local-preference 250
!route-map SET_INBOUND_TRAFFIC permit 10
set metric 250
15
multihomed to a single provider - automatic load balancing
172.16.60.2
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.20.1
X1X2
192.68.6.1192.68.6.2
172.16.1.1 E1172.16.1.2
172.16.10.1172.16.2.254 L0
IBGP
AS 6
192.68.40.1
192.68.11.2
172.16.60.1
AS1 will load balancing traffic over two links between AS1 and AS3.
RTA
16
multihomed to a single provider - automatic load balancing
172.16.60.2
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
IBGP
172.16.20.1
X1X2
192.68.6.1192.68.6.2
172.16.1.1 E1172.16.1.2
172.16.10.1172.16.2.254 L0
IBGP
AS 6
192.68.40.1
192.68.11.2
172.16.60.1
router bgp 3no sunchronizationneighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source
loopback0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.60.1 remote-as 1neighbor 172.16.60.1 filter-list 10 outmaximum-paths 2no auto-summary
!ip as-path access-list 10 permit ^$
router# show ip bgpBGP table version 11, local router ID is 172.168.60.2Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i 172.16.10.0/24 172.16.1.2 0 100 0 i*> 192.68.11.0 172.16.20.1 0 0 1 i* 172.16.60.1 0 1 i*> 192.68.40.0 172.16.20.1 0 1 6 i*> 172 16 60 1 0 1 6
17
Multihomed to different provider
Multihoming to different provider is offering better stability and reliability of network. Because of that, it can be often found network which is multihomed.
18
multihomed to different provider
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0255.255.255.255
IBGP
192.68.10.1
AS 6192.68.40.1
192.68.10.4
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
RouteServer
19
multihomed to different provider
Routing policiesAS3 will be accepting AS1’s local and customer routes only via
the X2 link. All other Internet routes will be accepted via the X1 link (primary).
AS3 will accept a default route from AS1 just in case there is a failure in the X1 link.
AS3 prefers that the network 172.16.220.0/24 be reachable by theoutside world via the X2 link, and networks 172.16.10.0/24 and 172.16.65.0/26 be reachable via the X1 link.
AS3 cannot be a transit network for A1 and AS2, which means that under no circumstances will AS1 use AS3 to reach AS2.
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0255.255.255.255
IBGP
192.68.10.1
AS 6192.68.40.1
192.68.10.4
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
RouteServer
20
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0255.255.255.255
IBGP
192.68.10.1
AS 6192.68.40.1
192.68.10.4
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
RouteServer
multihomed to different provider
router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 update-source Loopback0neighbor 172.16.1.2 next-hop-selfneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map ACCEPT_ALL inneighbor 172.16.20.1 route-map PREPEND_PATH outno auto-summary
!ip as-path access-list 1 permit ^1 ?[0-9]*$ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.65.0 0.0.0.63access-list 1 permit 172.16.10.0 0.0.0.255access-list 10 permit 0.0.0.0!route-map PREPEND_PATH permit 10
match ip address 1set as-path prepend 3 3 3
!route-map PREPEND_PATH permit 20
match as-path 2!route-map ACCEPT_LOCAL permit 10
match ip address 10set local-preference 50
!route-map ACCEPT_LOCAL permit 20
match as-path 1
21
192.68.5.1
AS 3
AS 1
172.16.20.2 S0
192.68.11.1
172.16.220.1 E0
192.68.5.2172.16.20.1
X1X2
192.68.6.1
193.78.0.0/16
172.16.1.1 E1
172.16.1.2 E1
172.16.65.1172.16.10.1
172.16.2.254 L0255.255.255.255
IBGP
192.68.10.1
AS 6192.68.40.1
192.68.10.4
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
RouteServer
multihomed to different provider
router bgp 3no sunchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192network 172.16.220.0 mask 255.255.255.0neighbor 172.16.2.254 remote-as 3neighbor 172.16.2.254 next-hop-selfneighbor 192.68.5.2 remote-as 1neighbor 192.68.5.2 route-map PREPEND_PATH outno auto-summary
!ip as-path access-list 2 permit ^$!access-list 1 permit 172.16.220.0 0.0.0.255!route-map PREPEND_PATH permit 10
match ip address 1set as-path prepend 3 3 3
!route-map PREPEND_PATH permit 20
match as-path 2
22
multihomed to different provider - customers of the same provider with a backup link
X1X2
AS 6192.68.40.1
172.16.10.4
172.16.10.1
AS 3
172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
IBGP
AS 7
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
NAP
192.68.6.1
192.68.5.2
AS 2
192.68.5.1
172.16.20.2
192.68.6.1
23
multihomed to different provider - customers of the same provider with a backup link
X1X2
AS 6192.68.40.1
172.16.10.4
172.16.10.1
AS 3
172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
IBGP
AS 7
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
NAP
192.68.6.1
192.68.5.2
AS 2
192.68.5.1
172.16.20.2
192.68.6.1
Routing policiesIn normal condition, AS1 and AS2 will use the private link only
for traffic between AS1 and AS2; for all other Internet traffic, the direct link to the provider AS3 is used.
AS1 and AS2 agree to use each other as backup in case their links to AS3 fail.
24
multihomed to different provider - customers of the same provider with a backup link
X1X2
AS 6192.68.40.1
172.16.10.4
172.16.10.1
AS 3
172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
IBGP
AS 7
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
NAP
192.68.6.1
192.68.5.2
AS 2
192.68.5.1
172.16.20.2
192.68.6.1
router bgp 1network 192.168.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 3neighbor 172.16.20.2 route-map PREF_FROM_AS3 inneighbor 192.68.6.1 remote-as 1neighbor 192.68.6.1 route-map PREF_FROM_AS2 inno auto-summary
!ip as-path access-list 1 permit _2_!route-map PREF_FROM_AS3 permit 10
match ip address 1set local-preference 100
!route-map PREF_FROM_AS3 permit 20
match local-preference 300!route-map PREF_FROM_AS2 permit 10set local-preference 200
25
multihomed to different provider - customers of the same provider with a backup link
router# show ip bgpBGP table version 11, local router ID is 192.68.11.1Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i 172.16.1.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.10.0/24 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.65.0/26 172.16.20.2 20 300 0 3 i* 192.68.6.1 200 0 2 3 i*> 172.16.220.0/24 172.16.20.2 0 300 0 3 i* 192.68.6.1 200 0 2 3 i* 192.68.10.0 172.16.20.2 0 100 0 3 2 i*> 192.68.6.1 200 0 2 i*> 192.68.11.0 0.0.0.0 0 32768 i*> 192.68.40.0 172.16.20.2 300 0 3 6 i*> 192.68.6.1 200 0 2 3 6
X1X2
AS 6192.68.40.1
172.16.10.4
172.16.10.1
AS 3
172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
IBGP
AS 7
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
NAP
192.68.6.1
192.68.5.2
AS 2
192.68.5.1
172.16.20.2
192.68.6.1
26
multihomed to different provider - customers of different providers with a backup link
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
27
multihomed to different provider - customers of different providers with a backup link
Routing policiesIn normal condition, AS1 and AS2 will use the private link only
for traffic between AS1 and AS2; for all other Internet traffic, both customers would like to go out via their direct providers, AS1 via AS4 and AS2 via AS3
In case the private link goes down, the customers should be able to talk to one another via the providers. If a link to the provider fails, the other customer should be used to reach the Internet.
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
28
multihomed to different provider - customers of different providers with a backup link
router bgp 4network 172.16.220.0 mask 255.255.255.0neighbor 172.16.1.2 remote-as 3neighbor 172.16.1.2 route-map CHECK_COMMUNITY inneighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 route-map CHECK_COMMUNITY inno auto-summary
!ip community-list 2 permit 4:40ip community-list 3 permit 4:60!route-map CHECK_COMMUNITY permit 10
match community 2set local-preference 40
!route-map CHECK_COMMUNITY permit 20
match community 3set local-preference 60
!route-map CHECK_COMMUNITY permit 30set local-preference 100
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
Solution No. 1 - The Community Approach
29
multihomed to different provider - customers of different providers with a backup link
router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 send-communityneighbor 172.16.20.2 route-map SETCOMMUNITY outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary
!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map SETCOMMUNITY permit 10
match as-path 2set community 4:40
!route-map SETCOMMUNITY permit 20
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
Solution No. 1 - The Community Approach
30
multihomed to different provider - customers of different providers with a backup link
router bgp 3network 172.16.10.0 mask 255.255.255.0network 172.16.65.0 mask 255.255.255.192neighbor 172.16.1.1 remote-as 4neighbor 172.16.1.1 send-communityneighbor 172.16.1.1 route-map setcommunity outneighbor 192.68.5.2 remote-as 2no auto-summary
!route-map setcommunity permit 10set community 4:60
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
Solution No. 1 - The Community Approach
31
multihomed to different provider - customers of different providers with a backup link
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
router# show ip bgpBGP table version 11, local router ID is 172.16.2.254Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 60 0 3 i*> 172.16.65.0/26 172.16.1.2 0 60 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 60 0 3 2 i* 172.16.20.1 40 0 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i
Solution No. 1 - The Community Approach
32
multihomed to different provider - customers of different providers with a backup link
router bgp 1network 192.68.11.0 mask 255.255.255.0neighbor 172.16.20.2 remote-as 4neighbor 172.16.20.2 route-map setpath outneighbor 172.16.20.2 filter-list 10 outneighbor 192.68.6.1 remote-as 2no auto-summary
!ip as-path access-list 2 permit _2_ip as-path access-list 10 permit ^$ip as-path access-list 10 permit ^2$!route-map setpath permit 10
match as-path 2set as-path prepend 1
!route-map setpath permit 20
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
Solution No. 2 - The AS_Path Approach
33
multihomed to different provider - customers of different providers with a backup link
X1X2
AS 4172.16.220.1
172.16.1.1172.16.1.2
172.16.65.1172.16.2.254 L0255.255.255.255
AS 1
192.68.11.1
172.16.20.1
192.68.6.2
192.68.10.1
192.68.5.2
AS 2
192.68.5.1172.16.20.2
192.68.6.1
172.16.10.1
AS 3
router# show ip bgpBGP table version 9, local router ID is 172.16.2.254Status codes: s suppressed, d damped, h history, * valid, > best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 172.16.10.0/24 172.16.1.2 0 0 3 i*> 172.16.65.0/26 172.16.1.2 0 0 3 i*> 172.16.220.0/24 0.0.0.0 0 32768 i*> 192.68.10.0 172.16.1.2 0 0 3 2 i* 172.16.20.1 0 1 1 2 i*> 192.68.11.0 172.16.20.1 0 100 0 1 i
Solution No. 2 - The Community Approach
34
Following default inside an AS
Inserting default route in an AS can make a lot of problem if it wasn’t do on appropriate way.
35
following defaults inside an AS
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.1.1
172.16.1.2 172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
Border routers HAVEHAVEphysical connection.
36
following defaults inside an AS
Routing policiesRTG is an interior router in AS3 that is running an OSPF; RTG is
following the default route 0/0 to reach networks outside AS3AS3 is multihomed to two different providers.
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.1.1
172.16.1.2 172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
37
following defaults inside an AS
router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always
!router bgp 3
no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.1.2 remote-as 3no auto-summary
!ip as-path access-list 10 permit ^$
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.1.1
172.16.1.2 172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
38
following defaults inside an AS
router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate always
!router bgp 3
no synchronizationnetwork 172.16.1.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 1neighbor 172.16.1.1 next-hop-selfneighbor 172.16.5.2 remote-as 2neighbor 172.16.5.2 filter-list 10 outno auto-summary
!ip as-path access-list 10 permit ^$
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.1.1
172.16.1.2 172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
router ospf 16network 172.16.0.0 0.0.255.255 area 0
39
following defaults inside an AS
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
Border routers DONDON’’TTHAVEHAVE physical connection.
40
following defaults inside an ASrouter ospf 16
passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default
!router bgp 3
no synchronizationnetwork 172.16.70.0 mask 255.255.255.0network 172.16.220.0 mask 255.255.255.0neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.50.1 remote-as 3neighbor 172.16.50.1 route-map setlocalpref inno auto-summary
!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 172.16.20.1!route-map setlocalpref permit 10set local-preference 300
!route-map send_default permit 10
match ip address 1match ip next-hop 2
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
41
following defaults inside an AS
router ospf 16passive-interface Serial0network 172.16.0.0 0.0.255.255 area 0default-information originate route-map send_default
!router bgp 3
no synchronizationnetwork 172.16.50.0 mask 255.255.255.0neighbor 172.16.70.1 remote-as 3neighbor 172.16.70.1 net-hop-selfneighbor 192.68.5.2 remote-as 2neighbor 192.68.5.2 filter-list 10 outno auto-summary
!ip as-path access-list 10 permit ^$!access-list 1 permit 0.0.0.0access-list 2 permit 192.68.5.2!route-map send_default permit 10
match ip address 1match ip next-hop 2
192.68.5.1AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
192.68.5.2172.16.20.1
X1X2
193.78.0.0/16
172.16.50.1
IBGP
192.68.10.1
AS 2
192.68.10.2
AS 7
192.68.10.3
NAP
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP RTG
router ospf 16network 172.16.0.0 0.0.255.255 area 0
42
Policy routing
Possibility to route traffic based on source IP address, instead of destination IP address.
43
policy routing
AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
172.16.80.2172.16.20.1
X1X2
172.16.50.1
192.68.6.1 AS 2192.68.6.2
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP
192.68.10.1
172.16.112.1
172.16.10.1
Routing policiesTraffic from network 172.16.10.0/24 is directed toward AS2, over
X1 link.Traffic from network 172.16.112.0/24 is directed toward AS1 over
X2 link; in case of a link failure to AS1, the traffic will go to AS2.For all other source IP address, follow normal routing.
172.16.80.1
44
AS 3
AS 1
172.16.20.2
192.68.11.1
172.16.220.1
172.16.80.2172.16.20.1
X1X2
172.16.50.1
192.68.6.1 AS 2192.68.6.2
172.16.50.2
172.16.70.1
172.16.70.2IGPIGP
192.68.10.1
172.16.112.1
172.16.10.1172.16.80.1
policy routing
interface ethernet0ip address 172.16.80.1 255.255.255.0
!interface serial1
ip address 172.16.70.1 255.255.255.0ip policy route-map CHECK_SOURCE
!router ospf 16
passive-interface Serial0passive-interface Ethernet0network 172.16.0.0 0.0.255.255 area 0default-information originate always
!router bgp 3
network 172.16.70.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0network 172.16.10.0 mask 255.255.255.0network 172.16.112.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 1neighbor 172.16.20.1 filter-list 10 outneighbor 172.16.80.2 remote-as 2neighbor 172.16.80.2 filter-list 10 outno auto-summary
!ip as-path access-list 10 permit ^$!access-list 1 permit 172.16.10.0 255.255.255.0access-list 2 permit 172.16.112.0 255.255.255.0!route-map CHECK_SOURCE permit 10
match ip address 1set ip next-hop 172.16.80.2
!route-map CHECK_SOURCE permit 20
match ip address 2set ip next-hop 172.16.20.1 172.16.80.2
45
Lab examples
Equipment:
CISCO 2501 (1x10BaseAUI + 2xSerial) ……………3 pcs.
DTE cables…………………………………………...3 pcs
DCE cables…………………………………………...3 pcs
hub
46
lab example 1
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
AS30 is not learning any BGP routes from AS10 and is sending its own routes via BGP.
Outbound traffic from AS30 should always go on the X1 link unless that link fails, in which case it should switch to the other link.
Inbound traffic toward AS30 should always come on the X1 link unless that link fails, in which case is should switch to the other link.
Prevent any BGP updates from coming into AS3.
X1X2
192.168.1.2 S1192.168.1.1 S1
47
lab example 1
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
interface ethernet 0ip address 172.18.23.1 255.255.255.0
!interface serial 0
ip address 1.1.1.2 255.255.255.0clockrate 64000
!interface serial 1
ip address 1.1.2.2 255.255.255.0clockrate 6400
!router bgp 30
network 172.18.23.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 route-map BLOCK in
neighbor 1.1.2.1 route-map SETMET1 outneighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 route-map BLOCK inneighbor 1.1.1.1 route-map SETMET2 outno auto-summary
!ip route 0.0.0.0 0.0.0.0 1.1.1.1 40ip route 0.0.0.0 0.0.0.0 1.1.2.1 60!route-map SETMET1 permit 10
set metric 100!route-map SETMET2 permit 10
set metric 50!route-map BLOCK deny 10
48
lab example 1
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
interface ethernet 0ip address 192.168.4.1 255.255.255.0
!interface serial 0
ip address 1.1.2.1 255.255.255.0!interface serial 1
ip address 192.168.1.1 255.255.255.0!router bgp 10
network 192.168.0.0 mask 255.255.0.0neighbor 1.1.2.2 remote-as 30neighbor 192.168.1.2 remote-as 10no auto-summary
49
lab example 1
1.1.1.2 S0
AS 30
AS 10
1.1.2.2 S1
192.168.4.0/24 E0IBGP
172.18.23.0/24 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
interface serial 0ip address 1.1.1.1 255.255.255.0
!interface serial 1
ip address 192.168.1.2 255.255.255.0!router bgp 10
network 192.168.0.0 mask 255.255.0.0network 1.1.1.0 mask 255.255.255.0neighbor 1.1.1.2 remote-as 30neighbor 192.168.1.1 remote-as 10no auto-summary
50
lab example 2-a
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
172.18.2.1 E0
172.18.3.1 E0
Routing policiesTraffic to the Internet should go toward 172.18.2.10.IBGP is running between RTA and RTB; IGP is running between
RTB and RTC.
RTBRTA
RTC
51
lab example 2-a
interface ethernet 0ip address 172.18.2.1 255.255.255.0
!interface serial 0
ip address 1.1.2.1 255.255.255.0clockrate 64000
interface serial 1ip address 192.168.1.1 255.255.255.0clockrate 6400
!router bgp 10
no synchronizationnetwork 172.18.2.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 192.168.1.2 remote-as 10neighbor 192.168.1.2 next-hop-selfredistribute static route-map default_onlyno auto-summary
!ip route 0.0.0.0 0.0.0.0 172.18.2.1 40access-list 1 permit 0.0.0.0!route-map default_only permit 10
match ip address 1 set local-preference 300
route-map default_only deny 20
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
52
lab example 2-a interface ethernet 0ip address 172.18.3.1 255.255.255.0
!interface serial 0
ip address 1.1.1.1 255.255.255.0!interface serial 1
ip address 192.168.1.2 255.255.255.0!router bgp 10
no synchronizationnetwork 172.18.3.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 192.168.1.1 remote-as 10neighbor 192.168.1.1 next-hop-selfno auto-summary
!router ospf 16
network 1.1.0.0 0.0.3.255 area 0default-originate route-map def-only
!access-list 1 permit 0.0.0.0!route-map def_only permit 10
match ip address 1
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
53
lab example 2-a
interface ethernet 0ip address 172.18.23.1 255.255.255.0
!interface serial 0
ip address 1.1.1.2 255.255.255.0!interface serial 1
ip address 1.1.2.2 255.255.255.0!router ospf 16
network 1.1.0.0 0.0.3.255 area 0
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
192.168.1.2 S1192.168.1.1 S1
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
54
lab example 2-b
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
172.18.2.1 E0
172.18.3.1 E0
Routing policiesTraffic to the Internet should go toward 172.18.2.10.IBGP is running between RTA and RTB; IGP is running between
RTB and RTC.
RTBRTA
RTC
55
interface ethernet 0ip address 172.18.2.1 255.255.255.0
!interface serial 0
ip address 1.1.2.1 255.255.255.0clockrate 64000
!router bgp 10
no synchronizationno synchronizationnetwork 172.18.2.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.1.1 remote-as 10neighbor 1.1.1.1 next-hop-selfredistribute static route-map default_onlyno auto-summary
!ip route 0.0.0.0 0.0.0.0 172.18.2.1 40access-list 1 permit 0.0.0.0!route-map default_only permit 10
match ip address 1 set local-preference 300
!route-map default_only deny 20
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
lab example 2-b
56
lab example 2-b interface ethernet 0ip address 172.18.3.1 255.255.255.0
!interface serial 0
ip address 1.1.1.1 255.255.255.0!router bgp 10
no synchronizationnetwork 172.18.3.0 mask 255.255.255.0network 1.1.0.0 mask 255.255.252.0neighbor 1.1.2.1 remote-as 10neighbor 1.1.2.1 next-hop-selfno auto-summary
!router ospf 16
network 1.1.0.0 0.0.3.255 area 0default-originate route-map def-only
!access-list 1 permit 0.0.0.0!route-map def_only permit 10
match ip address 1
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
57
1.1.1.2 S0AS 10
1.1.2.2 S1
IBGP
172.18.23.1 E0
1.1.1.1 S01.1.2.1 S0
X1X2
172.18.2.1 E0
172.18.3.1 E0
RTBRTA
RTC
lab example 2-b
interface ethernet 0ip address 172.18.23.1 255.255.255.0
!interface serial 0
ip address 1.1.1.2 255.255.255.0!interface serial 1
ip address 1.1.2.2 255.255.255.0!router ospf 16
network 1.1.0.0 0.0.3.255 area 0
58
lab example 3
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
192.168.4.1 E0172.16.4.1 E0
We like to load balance over two links betweenAS 65100 and AS 65300
1.1.1.2 S01.1.1.1 S0
1.1.2.1 S11.1.2.2 S1
59
lab example 3
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
192.168.4.1 E0172.16.4.1 E0
1.1.1.2 S01.1.1.1 S0
1.1.2.1 S11.1.2.2 S1
interface ethernet 0ip address 192.168.4.1 255.255.255.0
!interface serial 0
ip address 1.1.1.1 255.255.255.0clockrate 64000
!interface serial 1
ip address 1.1.2.1 255.255.255.0clockrate 64000
!Interface loopback 0
ip address 172.16.50.1 255.255.255.0!router bgp 65100
network 192.168.4.0 mask 255.255.255.0network 172.16.50.0 mask 255.255.255.0neighbor 172.16.1.1 remote-as 65300neighbor 172.16.1.1 ebgp-multihopneighbor 172.16.1.1 update-source loopback 0no auto-summary
!ip route 172.16.1.1 255.255.255.255 1.1.1.2 3ip route 172.16.1.1 255.255.255.255 1.1.2.2 3
60
lab example 3
AS 65300
Loopback Interface 0172.16.1.1
Loopback Interface 0172.16.50.1
AS 65100
192.168.4.1 E0172.16.4.1 E0
1.1.1.2 S01.1.1.1 S0
1.1.2.1 S11.1.2.2 S1
interface ethernet 0ip address 172.16.4.1 255.255.255.0
!interface serial 0
ip address 1.1.1.2 255.255.255.0!interface serial 1
ip address 1.1.2.2 255.255.255.0!Interface loopback 0
ip address 172.16.1.1 255.255.255.0!router bgp 65300
network 172.16.4.0 mask 255.255.255.0network 172.16.1.0 mask 255.255.255.0neighbor 172.16.50.1 remote-as 65100neighbor 172.16.50.1 ebgp-multihopneighbor 172.16.50.1 update-source loopback 0no auto-summary
!ip route 172.16.50.1 255.255.255.255 1.1.1.1 3ip route 172.16.50.1 255.255.255.255 1.1.2.1 3