border gateway protocol (bgp) - vsb.czwh.cs.vsb.cz/sps/images/6/6f/bgp.pdfborder gateway protocol...

© 2005 Petr Grygarek, VSB-TU Ostrava, Routed and Switched Networks 1

Border Gateway Border Gateway Protocol (BGP)Protocol (BGP)

Petr GrygPetr Grygáárekrek

2© 2005 Petr Grygarek, VSB-TU Ostrava, Routed and Switched Networks

Role of Autonomous Systems on the Role of Autonomous Systems on the InternetInternet


Autonomous systemsAutonomous systems

• Not possible to maintain complete Internet topology Not possible to maintain complete Internet topology information on all routersinformation on all routers• big database, change processing overhead, instabilitybig database, change processing overhead, instability

• Internet divided into Autonomous systemsInternet divided into Autonomous systems• ISPs, big companies, …ISPs, big companies, …

• Autonomous systemAutonomous system = contiguous set of routers with = contiguous set of routers with common routing policy and under common common routing policy and under common administrationadministration• Routing policy: IGP used, implemented route optimizations, Routing policy: IGP used, implemented route optimizations,

……• Autonomous systems numbered with world-wide unique Autonomous systems numbered with world-wide unique

numbers (16 bit)numbers (16 bit)• 32-bit extension used nowadays32-bit extension used nowadays


Hierarchical routingHierarchical routing• Intra-AS routing uses Interior Gateway Protocols (IGP)Intra-AS routing uses Interior Gateway Protocols (IGP)

• knows only topology of it’s own ASknows only topology of it’s own AS• outside of the AS is reached using default routeoutside of the AS is reached using default route

• sometimes IGP has summary information about networks behind individual sometimes IGP has summary information about networks behind individual external linksexternal links

• Limited by number of routes the protocol is capable to process efficientlyLimited by number of routes the protocol is capable to process efficiently

• OPSF, RIP, IGRP, …OPSF, RIP, IGRP, …• Inter-AS routing uses Exterior Gateway ProtocolsInter-AS routing uses Exterior Gateway Protocols

• Operates on graph of AS interconnectionOperates on graph of AS interconnection• Does not know internal topology of other ASes, works only with Does not know internal topology of other ASes, works only with

information about networks contained in individual ASesinformation about networks contained in individual ASes• knows local border router to reach the destinationknows local border router to reach the destination

• Currently, only BGP (Border Gateway Protocol) is used as exterior Currently, only BGP (Border Gateway Protocol) is used as exterior gateway protocolgateway protocol


Inter-AS routingInter-AS routing• The purpose of EGP is to provide information to deliver The purpose of EGP is to provide information to deliver

packet to the boundary router of the destination ASpacket to the boundary router of the destination AS• Boundary routers run both EGP and IGPBoundary routers run both EGP and IGP• Boundary router delivers the packet to the final destination using Boundary router delivers the packet to the final destination using

IGPIGP• Every AS propagates networks contained within it into EGPEvery AS propagates networks contained within it into EGP

• also networks from other ASes reachable through the ASalso networks from other ASes reachable through the AS• it is useful to limit number of routes propagated using it is useful to limit number of routes propagated using

summarizationsummarization (internal networks should have common prefix) (internal networks should have common prefix)

Note: For transit AS, packet has to be passed among border Note: For transit AS, packet has to be passed among border routers through AS internal routersrouters through AS internal routers


AS typesAS types

• Single-homedSingle-homed• Multi-homedMulti-homed

• More links to the same ISP or different ISPsMore links to the same ISP or different ISPs

• TransitTransit• Carries traffic not originated from or destined to AS’ internal Carries traffic not originated from or destined to AS’ internal

networksnetworks• multi-homedmulti-homed

• Non-transitNon-transit• single-homed or multi-homed AS which doesn’t allow transitsingle-homed or multi-homed AS which doesn’t allow transit


Single-homed ASSingle-homed AS


Single-homed AS:Single-homed AS:How to propagate internal networks into BGP ?How to propagate internal networks into BGP ?

• ISP router has static routes to customer’s networksISP router has static routes to customer’s networks• and redistributes them into BGPand redistributes them into BGP

• IGP between ISP router and customer routerIGP between ISP router and customer router• ISP redistributes IGP into BGPISP redistributes IGP into BGP

• BGP between ISP router and customer routerBGP between ISP router and customer router• If customer has it’s own AS numberIf customer has it’s own AS number

• or uses private AS numberor uses private AS number


Propagation via IGPPropagation via IGP


Propagation via BGPPropagation via BGP


Private AS-esPrivate AS-es

• 64512 – 6553564512 – 65535• Used and known only in context of single Used and known only in context of single

provider’s ASprovider’s AS• Can be used only for AS connected to single Can be used only for AS connected to single

provider (by one or more links)provider (by one or more links)

• Outside of provider AS, private AS-es presents Outside of provider AS, private AS-es presents themselves as part of that’s provider ASthemselves as part of that’s provider AS

• Widely used between components of private Widely used between components of private enterprise networksenterprise networks• datacenters etc.datacenters etc.


Private AS-esPrivate AS-es


Who has it’s own AS ?Who has it’s own AS ?

• Normally, customer’s networks are part of Normally, customer’s networks are part of provider ASprovider AS• Sometimes private AS-es usedSometimes private AS-es used

• Customer has to have it’s own AS number if he Customer has to have it’s own AS number if he indents to connect to multiple providersindents to connect to multiple providers

• Customer commonly needs it’s own AS number Customer commonly needs it’s own AS number if it requires provider-independent addressesif it requires provider-independent addresses

• Provider-independent vs. Provider-aggregable Provider-independent vs. Provider-aggregable public addressespublic addresses


Nontransit Multi-homed ASNontransit Multi-homed AS

• Packet filters could be used on ingress links to protect Packet filters could be used on ingress links to protect against injection of unwanted trafficagainst injection of unwanted traffic• ISP1 could use static route to route to ISP2 networks ISP1 could use static route to route to ISP2 networks


Transit multi-homed ASTransit multi-homed ASAS1

20.0.1.0/2420.0.2.0/24

AS2

30.0.10.0/2430.0.20.0/24

AS3 (Transit AS)

100.80.0.0/16100.81.0.0/16

IBGP

EBGP EBGP

20.0.1.0/2420.0.2.0/24

30.0.10.0/2430.0.20.0/24

30.0.10.0/2430.0.20.0/24

100.80.0.0/16100.81.0.0/16

20.0.1.0/2420.0.2.0/24100.80.0.0/16100.81.0.0/16


Routing symmetry, load balancingRouting symmetry, load balancing

• SymmetrySymmetry - the link used for outgoing traffic for - the link used for outgoing traffic for some network is also used for returning trafficsome network is also used for returning traffic

• Load balancingLoad balancing – some destinations reached by – some destinations reached by one link, others by anotherone link, others by another

Often not possible to reach bothOften not possible to reach both


Border Gateway ProtocolBorder Gateway Protocol


Border Gateway ProtocolBorder Gateway Protocol• Exchanges information between AS Exchanges information between AS border routersborder routers

• What networks are in each ASWhat networks are in each AS• List of AS-es to transit when reaching particular networkList of AS-es to transit when reaching particular network

• Today, BGP v.4 is usedToday, BGP v.4 is used• Sometimes BGPv4+: multiprotocol extensionSometimes BGPv4+: multiprotocol extension

• supports additional (non-IPv4) address families, multicasting, VPNs, supports additional (non-IPv4) address families, multicasting, VPNs, ……

• Supports classless addressingSupports classless addressing• Propagates subnet masks together with every prefixPropagates subnet masks together with every prefix• Allows for address range aggregationAllows for address range aggregation


BGP operation on graph of AS-esBGP operation on graph of AS-es


Path selection, routing policiesPath selection, routing policies• BGP operates on AS interconnection graphBGP operates on AS interconnection graph• PathPath = sequence of AS numbers packet has to transit to get to = sequence of AS numbers packet has to transit to get to

particular networkparticular network• BGP does not have simple concept of metric to select best BGP does not have simple concept of metric to select best

pathpath• Path has to be chosen with regard to business policy of individual AS Path has to be chosen with regard to business policy of individual AS

operatorsoperators• BGP configuration has to reflect appointed routing policyBGP configuration has to reflect appointed routing policy

• Details of routing policy have to be configured manuallyDetails of routing policy have to be configured manually• Peer routers, prefix filtering and routing preferences, …Peer routers, prefix filtering and routing preferences, …• Configuration more complicated than configuration of IGP’sConfiguration more complicated than configuration of IGP’s

• requires more manual workrequires more manual work


Examples of routing policiesExamples of routing policies

• Which destination we allow to transit packets to Which destination we allow to transit packets to through our AS ?through our AS ?

• From which source address we allow to transit From which source address we allow to transit traffic through our AS ?traffic through our AS ?

• Which external link will we use to reach Which external link will we use to reach particular external network ?particular external network ?

• Which ingress link we prefer other ASes to use Which ingress link we prefer other ASes to use for traffic destined for particular network inside for traffic destined for particular network inside our AS (or behind our AS) ?our AS (or behind our AS) ?


Suboptimal routing on the InternetSuboptimal routing on the Internet

• Internet routing is not optimal from point of view of Internet routing is not optimal from point of view of any metricany metric• There is no common metric, various IGPs use different There is no common metric, various IGPs use different

metricsmetrics

• Optimality not reachable neither desiredOptimality not reachable neither desired• Hierarchical routing is suboptimal by it’s natureHierarchical routing is suboptimal by it’s nature

• but limits the number of routes in routing tablebut limits the number of routes in routing table

• We need to respect routing policies anywayWe need to respect routing policies anyway


BGP PrinciplesBGP Principles• Path-vector routing algorithmPath-vector routing algorithm

• from point of view of topology knowledge, BGP stands between from point of view of topology knowledge, BGP stands between distance-vector and link-state protocolsdistance-vector and link-state protocols

• Path vector =Path vector = sequence of AS numbers the packet has to sequence of AS numbers the packet has to transit before getting to destination networktransit before getting to destination network

• Every route is propagated together with it’s path vectorEvery route is propagated together with it’s path vector• Path vector collects numbers of AS-es through which the route was Path vector collects numbers of AS-es through which the route was

passed passed • If an AS receives route with path vector containing it’s own AS If an AS receives route with path vector containing it’s own AS

number, route is discarded (loop avoidance)number, route is discarded (loop avoidance)• Path vector serves as a metricPath vector serves as a metric

• route with shorter path vector is preferredroute with shorter path vector is preferred


Passing of BGP routesPassing of BGP routes(loop avoidance)(loop avoidance)


Spreading of routing informationSpreading of routing information• Routing information exchanged between AS boundary Routing information exchanged between AS boundary

routersrouters• Peer routers are configured manually with whom they Peer routers are configured manually with whom they have have

toto exchange routing information exchange routing information • Reliable exchange (TCP, port 179)Reliable exchange (TCP, port 179)

• When BGP session is established among peers, When BGP session is established among peers, complete routing information is exchangedcomplete routing information is exchanged

• After initial exchange, only changes are sentAfter initial exchange, only changes are sent


Peer reachability testingPeer reachability testing

• BGP router periodically checks reachability of BGP router periodically checks reachability of every peerevery peer• Keepalive message sent once per minuteKeepalive message sent once per minute

• If some peer fails, the router has to remove all If some peer fails, the router has to remove all routes through that peer and inform other peersroutes through that peer and inform other peers


BGP messagesBGP messagesExchanged between peer routersExchanged between peer routers

(TCP/179, support for authentication)(TCP/179, support for authentication)

• OPEN – session establishmentOPEN – session establishment• Negotiation of protocol version, hold time for keepalives, AS Negotiation of protocol version, hold time for keepalives, AS

numbers, address families supported, …numbers, address families supported, …• UPDATEUPDATE

• Advertised prefixes (+ route attributes), withdrawn routesAdvertised prefixes (+ route attributes), withdrawn routes• KEEPALIVE – peer reachability testingKEEPALIVE – peer reachability testing• NOTIFICATION – operation error, close sessionNOTIFICATION – operation error, close session• ROUTE REFRESH – asks neighbor to resend its ROUTE REFRESH – asks neighbor to resend its

routesroutes• Used only if negotiated during BGP session setupUsed only if negotiated during BGP session setup


BGP databaseBGP database• BGP database contains all routes learned from peersBGP database contains all routes learned from peers

• Hundreds of thousands in the Internet backboneHundreds of thousands in the Internet backbone

• For every destination, one route is chosen based on For every destination, one route is chosen based on routing policy criteriarouting policy criteria• only very limited support for load balancingonly very limited support for load balancing

• Chosen routes are placed into routing tableChosen routes are placed into routing table• Only routes used by router itself (i.e. those chosen into Only routes used by router itself (i.e. those chosen into

routing table) are propagated to other peersrouting table) are propagated to other peers• this may cause somehow unexpected lack of routing this may cause somehow unexpected lack of routing

symmetry in some topologiessymmetry in some topologies


External and Internal BGPExternal and Internal BGP


External and Internal BGPExternal and Internal BGP• If there is more than one boundary router in some AS, BGP If there is more than one boundary router in some AS, BGP

information has to be passed between theminformation has to be passed between them• Special case, route exchange between routers in the same ASSpecial case, route exchange between routers in the same AS

• Boundary routers can possibly be separated by complex Boundary routers can possibly be separated by complex structure of routers (running IGP)structure of routers (running IGP)

• Solution: there exists two types of BGP sessionSolution: there exists two types of BGP session• External BGP (EBGP) External BGP (EBGP)

• Used between ASes as discussed beforeUsed between ASes as discussed before• No L3 hops normally assumed between peersNo L3 hops normally assumed between peers

• Internal BGP (IBGP)Internal BGP (IBGP)• Peers do not have to be physically connectedPeers do not have to be physically connected


EBGP and IBGPEBGP and IBGP


Passing of routes in IBGP sessionsPassing of routes in IBGP sessions

• Need to avoid loops when passing routes through Need to avoid loops when passing routes through IBGPIBGP

• Test for presence of receiving peer’s AS number in Test for presence of receiving peer’s AS number in route’s path vector doesn’t workroute’s path vector doesn’t work

• Special rules defined for passing of routes in IBGP Special rules defined for passing of routes in IBGP sessionsession

• InformaInformation fromtion from IBGP IBGP is passed tois passed to EBGP peer EBGP peerss, , but but not to other not to other IBGP peerIBGP peerss. .

• InformaInformation fromtion from EBGP EBGP is passed to otheris passed to other EBGP peer EBGP peerss and alland all IBGP peer IBGP peerss


Full mesh of IBGP sessionsFull mesh of IBGP sessions


Definition of BGP Routing PolicyDefinition of BGP Routing Policy


BGP AttributesBGP Attributes

• Mechanism of implementation of routing Mechanism of implementation of routing policiespolicies

• Every route passed between peers can be Every route passed between peers can be assigned one or more assigned one or more attributesattributes

• Routes are processed and chosen for routing Routes are processed and chosen for routing table based on values of attributes they carrytable based on values of attributes they carry


Attribute TypesAttribute Types• Well-knownWell-known

- understood by every BGP implementation- understood by every BGP implementation• Mandatory – must be appended to each routeMandatory – must be appended to each route• Discretionary – may be appended to routeDiscretionary – may be appended to route

• OptionalOptional - not every BGP implementation must understand it- not every BGP implementation must understand it• TransitiveTransitive

– if implementation doesn’t understand the attribute, it – if implementation doesn’t understand the attribute, it passes it next unchangedpasses it next unchanged

• NontransitiveNontransitive – if implementation doesn’t understand the attribute, it – if implementation doesn’t understand the attribute, it doesn’t pass it nextdoesn’t pass it next


Most commonly used AttributesMost commonly used Attributes


How to influence routing policy How to influence routing policy using attributes ?using attributes ?

• Manipulation with attributes received from individual peersManipulation with attributes received from individual peers• Performed at Input Policy EnginePerformed at Input Policy Engine• Includes filtering of routes received from individual peers based on Includes filtering of routes received from individual peers based on

attributes’ valuesattributes’ values• Manipulation with attributes of routes propagated to Manipulation with attributes of routes propagated to

individual peersindividual peers• Performed at Output Policy EnginePerformed at Output Policy Engine• Includes filtering of routes propagated to individual peersIncludes filtering of routes propagated to individual peers

• Route used (and propagated next) by BGP router is Route used (and propagated next) by BGP router is determined by candidate route’s attribute valuesdetermined by candidate route’s attribute values


Processing of BGP routesProcessing of BGP routes


Function of policy enginesFunction of policy engines

• Test for attribute valuesTest for attribute values• Test for prefixes (including prefix length)Test for prefixes (including prefix length)• Setting of attribute value when predefined Setting of attribute value when predefined

criteria are metcriteria are met• Filtering of route when predefined criteria are Filtering of route when predefined criteria are

metmet


Definition of Routing PoliciesDefinition of Routing Policies

• Separately for each peerSeparately for each peer• Separately for incoming (received) and outgoing Separately for incoming (received) and outgoing

(propagated) routes(propagated) routes


BGP Table (BGP database)BGP Table (BGP database)• Contains routes passed through (and possibly Contains routes passed through (and possibly

manipulated by) input policy enginemanipulated by) input policy engine• Routes from every peerRoutes from every peer

• For every destination (prefix), one best route is For every destination (prefix), one best route is chosenchosen• Selection is based on attribute valuesSelection is based on attribute values

• Uses standardized algorithm (will be discussed next)Uses standardized algorithm (will be discussed next)• Best route placed into routing tableBest route placed into routing table• Best route passed next to Output Policy EngineBest route passed next to Output Policy Engine


Well-known Mandatory AttributesWell-known Mandatory Attributes


AS-PATHAS-PATH

• Necessary for path-vector algorithm functionNecessary for path-vector algorithm function• AS which gets the route prepends it’s number to AS which gets the route prepends it’s number to

the beginningthe beginning• AS doesn’t accept route if AS-PATH already AS doesn’t accept route if AS-PATH already

contains it’s own AS numbercontains it’s own AS number• Route with shorter AS-PATH is preferredRoute with shorter AS-PATH is preferred


AS-PATH manipulationAS-PATH manipulation

• AS-PATH mostly treated as ASCII string AS-PATH mostly treated as ASCII string • (AS numbers separated by spaces)(AS numbers separated by spaces)

• Regular expression may be used to test presence Regular expression may be used to test presence of some pattern (AS sequence)of some pattern (AS sequence)• Originating AS, AS in path, …Originating AS, AS in path, …

• Inserting AS number multiple times makes AS-Inserting AS number multiple times makes AS-PATH longer and route less preferredPATH longer and route less preferred• Router can insert only it’s own AS number (possibly Router can insert only it’s own AS number (possibly

multiple times)multiple times)


NEXT-HOPNEXT-HOP

• Next hop of BGP route is the boundary router Next hop of BGP route is the boundary router which propagated that route into ASwhich propagated that route into AS• Difference from IGP – not neighbor on the same Difference from IGP – not neighbor on the same

linklink• Router has to know route to next-hop address Router has to know route to next-hop address

from IGP (or IBGP)from IGP (or IBGP)• Otherwise, BGP route is not acceptedOtherwise, BGP route is not accepted

• Results to Results to recursive routing table lookuprecursive routing table lookup when when routing packetsrouting packets


NEXT-HOPNEXT-HOP

• Line between ASes propagated into IGPLine between ASes propagated into IGP


NEXT-HOP on broadcast networkNEXT-HOP on broadcast network


ORIGINORIGIN

• Informs where BGP learnt the route fromInforms where BGP learnt the route from• IGP – redistributed from IGPIGP – redistributed from IGP• EGP – unused (from outdated protocol EGP)EGP – unused (from outdated protocol EGP)• INCOMPLETE – unknown originINCOMPLETE – unknown origin


BGP and IGP synchronizationBGP and IGP synchronizationproblemproblem


Route synchronizationRoute synchronization• Route is synchronized, if router can see it both Route is synchronized, if router can see it both

from BGP and IGPfrom BGP and IGP• Only synchronized routes are accepted by Only synchronized routes are accepted by

default by BGP (and thus propagated further, default by BGP (and thus propagated further, including out of the AS)including out of the AS)• Otherwise, traffic would have to be discarded by Otherwise, traffic would have to be discarded by

internal routersinternal routers• When IBGP is ran on every router, the When IBGP is ran on every router, the

synchronization test has to be switched offsynchronization test has to be switched off


Transit system routing Transit system routing implementation choicesimplementation choices

• BGP on every router (IBGP)BGP on every router (IBGP)• At least on every transit routerAt least on every transit router• Common solution of ISPsCommon solution of ISPs

• Redistribution of BGP routes into IGPRedistribution of BGP routes into IGP• But IGPs are not capable to handle so many routesBut IGPs are not capable to handle so many routes

• MPLS with tags distributed via (MP-)BGPMPLS with tags distributed via (MP-)BGP• BGP-free coreBGP-free core


Route aggregation in BGPRoute aggregation in BGP


Aggregation Attributes Aggregation Attributes • Router can aggregate more routes into one with Router can aggregate more routes into one with

shorter prefixshorter prefix• Only when aggregator “owns” whole address rangeOnly when aggregator “owns” whole address range

• ATOMIC-AGGREGATE=TrueATOMIC-AGGREGATE=True• AGGREGATOR: ID of aggregating routerAGGREGATOR: ID of aggregating router• AS-SET= AS-PATH_1+AS-PATH_2AS-SET= AS-PATH_1+AS-PATH_2• AS-PATH: set as if route originated from AS of AS-PATH: set as if route originated from AS of

aggregating routeraggregating router


Aggregation ExampleAggregation Example


How to influence route selection How to influence route selection using attributesusing attributes


LOCAL_PREFERENCELOCAL_PREFERENCE

• Well-known discretionaryWell-known discretionary• Allows routers of one AS to unify exit link they Allows routers of one AS to unify exit link they

will use to reach some particular external will use to reach some particular external networknetwork• Route with higher LOCAL_PREFERENCE is Route with higher LOCAL_PREFERENCE is

preferredpreferred

• Never passed behind AS boundaryNever passed behind AS boundary


LOCAL_PREFERENCE ExampleLOCAL_PREFERENCE Example


WEIGHTWEIGHT• Proprietary (Cisco, …)Proprietary (Cisco, …)• Used to increase/decrease preference of some Used to increase/decrease preference of some

route by current routerroute by current router• Set in Input Policy Engine, evaluated in route Set in Input Policy Engine, evaluated in route

selection process, never propagated furtherselection process, never propagated further• Higher Weight is preferredHigher Weight is preferred

• Only local significance, does not passed outside Only local significance, does not passed outside of the current routerof the current router• In fact, not a standard-defined attributeIn fact, not a standard-defined attribute


WEIGHT exampleWEIGHT example


Multi-Exit DiscriminatorMulti-Exit Discriminator (MED) (MED)• Influences other AS’es decision which link to Influences other AS’es decision which link to

use when routing packets into networks inside use when routing packets into networks inside “our” AS“our” AS

• Lower MED is preferred Lower MED is preferred • treatedtreated similary similary like like IGP IGP metricmetric• MED value can be set manually or derived from MED value can be set manually or derived from

IGP metricIGP metric• Normally, only MEDs from the same AS may Normally, only MEDs from the same AS may

be comparedbe compared


MED exampleMED example


Route Selection AlgorithmRoute Selection Algorithm

1.1. Higher WEIGHTHigher WEIGHT2.2. Higher LOCAL_PREFERENCEHigher LOCAL_PREFERENCE3.3. Route generated by router itselfRoute generated by router itself4.4. Shorter AS_PATHShorter AS_PATH5.5. More preferred ORIGIN More preferred ORIGIN

• (IGP best, INCOMPLETE worst)(IGP best, INCOMPLETE worst)6.6. Lower MEDLower MED7.7. EBGP preferred over IBGPEBGP preferred over IBGP8.8. Better IGP metric to NEXT-HOPBetter IGP metric to NEXT-HOP9.9. Lower peer Router_ID (tiebreaker)Lower peer Router_ID (tiebreaker)


BGP and IPv6BGP and IPv6

• Utilizes multiprotocol support in BGPv4+ Utilizes multiprotocol support in BGPv4+ • New address family identifier (AFI)New address family identifier (AFI)

• IPv6 unicast/multicast/VPNv6IPv6 unicast/multicast/VPNv6

• NLRI for IPv6NLRI for IPv6• Extension of attributes that carry IPv4 addressesExtension of attributes that carry IPv4 addresses

• NEXT-HOPNEXT-HOP• AGGREGATORAGGREGATOR

border gateway protocol (bgp) - vsb.czwh.cs.vsb.cz/sps/images/6/6f/bgp.pdfborder gateway protocol...

Documents