Category: BGP

LAB VII: BGP communities

Building a case study from the ARCH FLG book; BGP communities.

The idea is to use BGP communities to influence the routing between Autonomous Systems with the following goals in mind:

  • Configure communities to tag the routes per building on each AS.
  • Configure communities as no-export so the routes of AS65001.building2 and AS65002.building2 are not exported through AS65000.
    • The routes will be tagged on R6 and R9 with community 65000:99 and processed on the AS boundry.
    • The routes of AS65001.building1 and AS65002.building1 are allowed to be exported.
  • Configure communities so that R7 and R8 can set their local preference on the AS65000 side.
    • The routes will be tagged on R7 will be tagged with 65000:200 resulting in a local-preference of 200.
    • The routes will be tagged on R8 will be tagged with 65000:300 resulting in a local-preference of 300.
ASBuildingSubnetCommunityDescription
AS65000Building 1 ( Router 1 )10.0.1.0/2465000:5001
AS65000Building 2 ( Router 2 )10.0.2.0/2465000:5002Single uplink to AS65001
AS65000Building 3 ( Router 3 )10.0.3.0/2465000:5003Double uplink to AS65002
AS65000Building 3 ( Router 4 )10.0.3.0/2465000:5003Double uplink to AS65002
AS65001Building 1 ( Router 5 )10.0.111.0/2465001:5102
AS65001Building 2 ( Router 6 )10.0.112.0/2465001:5102
65000:99
Community 65000:99 is used for no-export
AS65002Building 1 ( Router 7 )10.0.221.0/2465002:5202
65000:200
65000:200 is used for local preference 200 in AS65000
AS65002Building 1 ( Router 8 )10.0.221.0/2465002:5201
65000:300
65000:300 is used for local preference 300 in AS65000
AS65002Building 3 ( Router 9 )10.0.222.0/2465002:5202
65000:99
Community 65000:99 is used for no-export

LAB:

LAYER3:

 

BGP Configuration:

AS65000 :

R1# (Change the network and neighbor addresses where needed for the other routers)
router bgp 65000
 bgp log-neighbor-changes
 network 10.0.1.0 mask 255.255.255.0
 neighbor ibgp peer-group
 neighbor ibgp remote-as 65000
 neighbor ibgp next-hop-self
 neighbor ibgp send-community
 neighbor ibgp soft-reconfiguration inbound
 neighbor 10.255.65.2 peer-group ibgp
 neighbor 10.255.65.3 peer-group ibgp
 neighbor 10.255.65.4 peer-group ibgp

AS65001 :

R5# (Change the network and neighbor addresses where needed for the other routers)
router bgp 65001
 bgp log-neighbor-changes
 network 10.0.111.0 mask 255.255.255.0
 neighbor ibgp peer-group
 neighbor ibgp remote-as 65001
 neighbor ibgp next-hop-self
 neighbor ibgp send-community
 neighbor ibgp soft-reconfiguration inbound
 neighbor 10.255.1.1 remote-as 65000
 neighbor 10.255.1.1 send-community
 neighbor 10.255.66.2 peer-group ibgp

AS65002 :

R7# (Change the network and neighbor addresses where needed for the other routers)
router bgp 65002
 bgp log-neighbor-changes
 network 10.0.221.0 mask 255.255.255.0
 neighbor ibgp peer-group
 neighbor ibgp remote-as 65002
 neighbor ibgp next-hop-self
 neighbor ibgp send-community
 neighbor ibgp soft-reconfiguration inbound
 neighbor 10.255.2.1 remote-as 65000
 neighbor 10.255.2.1 send-community
 neighbor 10.255.2.1 route-map EBGP-MAP out
 neighbor 10.255.67.2 peer-group ibgp
 neighbor 10.255.67.3 peer-group ibgp

Tagging routes on R6 and R9 (no export)

R9#:
access-list 101 permit ip host 10.0.222.0 host 255.255.255.0
!
route-map TAGROUTE permit 10     
 match ip address 101                    # MATCH THE ROUTES YOU WANT TO TAG
 set community 65000:99 65002:5202       # SET COMMUNITIES 65000:99 (no export) and 65000:5202 ( site ID) 

Router bgp 65002
- snip -
neighbor ibgp route-map TAGROUTE out     # APPLY ROUTEMAP ON OUTGOING ROUTES TOWARDS R7 + R8 
- snap - 

Verify on R7 and R8:

R7#sh ip bgp 10.0.222.0
BGP routing table entry for 10.0.222.0/24, version 3
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
     9
  Refresh Epoch 1
  Local, (received & used)
    10.255.67.3 from 10.255.67.3 (10.0.222.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Community: 65000:99 65002:5202
      rx pathid: 0, tx pathid: 0x0

 

Confuring communities on R7 and R8 ( Site-ID’s and Local pref community )

R7:
access-list 101 permit ip host 10.0.221.0 host 255.255.255.0
!
route-map EBGP-MAP permit 10
 match ip address 101
 set community 65000:200 65002:5101
!
route-map EBGP-MAP permit 20
!
Router bgp 65002:
neighbor 10.255.2.1 route-map EBGP-MAP out

R8:
access-list 101 permit ip host 10.0.221.0 host 255.255.255.0
!
route-map EBGP-MAP permit 10
 match ip address 101
 set community 65000:300 65002:5101
!
route-map EBGP-MAP permit 20
!
Router bgp 65002:
neighbor 10.255.3.1 route-map EBGP-MAP out

What this will accomplish is that a local pref community is send to AS65000 with resulting values of 200 for R7 and 300 for R8 for the 10.0.221.0/24 route.

Confuring the community settings on R3 and R4 ( No export and Local pref )

R3# and R4#:
ip community-list 1 permit 65000:99        # The no-export community from R6 and R9 
ip community-list 2 permit 65000:200       # The localpref community for value 200
ip community-list 3 permit 65000:300       # The localpref community for value 300
!
route-map TAG-IN permit 10
 match community 1
 set community no-export
!
route-map TAG-IN permit 20
 match community 2
 set local-preference 200
!
route-map TAG-IN permit 30
 match community 3
 set local-preference 300
!
route-map TAG-IN permit 40                  # This to allow all other routes if there were any.

router bgp 65000
 neighbor 10.255.3.2 route-map TAG-IN in

This will give R4 a higher local pref (300) for route 10.0.221.0/24 towards R8. Resulting in the following result from R3’s prespective:

R3#sh ip route 10.0.221.1
Routing entry for 10.0.221.0/24
  Known via "bgp 65000", distance 200, metric 0
  Tag 65002, type internal
  Last update from 10.255.65.4 03:51:18 ago
  Routing Descriptor Blocks:
  * 10.255.65.4, from 10.255.65.4, 03:51:18 ago        # R4 is the next hop
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 65002
      MPLS label: none


R3#sh ip bgp 10.0.221.0
BGP routing table entry for 10.0.221.0/24, version 7
Paths: (2 available, best #1, table default)
  Advertised to update-groups:
     9
  Refresh Epoch 1
  65002, (received & used)
    10.255.65.4 from 10.255.65.4 (10.255.65.4)
      Origin IGP, metric 0, localpref 300, valid, internal, best
      Community: 65000:300 65002:5101
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 1
  65002
    10.255.2.2 from 10.255.2.2 (10.255.67.1)
      Origin IGP, metric 0, localpref 200, valid, external
      Community: 65000:200 65002:5101
      rx pathid: 0, tx pathid: 0

Verifying the no-export community

If all goes well we shouldn’t see the 10.0.112.0/24 and 10.0.222.0/24 routes exported through AS65000 ( And we don’t );

R1#sh ip route
-
      10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C        10.0.1.0/24 is directly connected, Loopback0
L        10.0.1.1/32 is directly connected, Loopback0
B        10.0.2.0/24 [200/0] via 10.255.65.2, 03:36:08
B        10.0.3.0/24 [200/0] via 10.255.65.3, 03:36:07
B        10.0.111.0/24 [200/0] via 10.255.65.2, 03:36:08
B        10.0.112.0/24 [200/0] via 10.255.65.2, 03:36:08        #AS6500 Sees the AS65001 route
B        10.0.221.0/24 [200/0] via 10.255.65.4, 03:36:07
B        10.0.222.0/24 [200/0] via 10.255.65.3, 03:36:07        #AS6500 Sees the AS65002 route
C        10.255.65.0/24 is directly connected, FastEthernet0/0
L        10.255.65.1/32 is directly connected, FastEthernet0/0

R6#sh ip route
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
B        10.0.1.0/24 [200/0] via 10.255.66.1, 03:37:08
B        10.0.2.0/24 [200/0] via 10.255.66.1, 03:37:08
B        10.0.3.0/24 [200/0] via 10.255.66.1, 03:36:39
B        10.0.111.0/24 [200/0] via 10.255.66.1, 00:00:03
C        10.0.112.0/24 is directly connected, Loopback0
L        10.0.112.1/32 is directly connected, Loopback0
B        10.0.221.0/24 [200/0] via 10.255.66.1, 03:36:39
C        10.255.66.0/24 is directly connected, FastEthernet0/0
L        10.255.66.2/32 is directly connected, FastEthernet0/0
                                                          #AS65001 is missing the 10.0.222.0/24 route

R9#sh ip route
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
B        10.0.1.0/24 [200/0] via 10.255.67.1, 03:34:29
B        10.0.2.0/24 [200/0] via 10.255.67.1, 03:34:29
B        10.0.3.0/24 [200/0] via 10.255.67.1, 03:34:29
B        10.0.111.0/24 [200/0] via 10.255.67.1, 03:34:29
B        10.0.221.0/24 [200/0] via 10.255.67.1, 03:41:11
C        10.0.222.0/24 is directly connected, Loopback0
L        10.0.222.1/32 is directly connected, Loopback0
C        10.255.67.0/24 is directly connected, FastEthernet0/0
L        10.255.67.3/32 is directly connected, FastEthernet0/0
                                                         #AS65002 is missing the 10.0.112.0/24 route

BGP Path Attributes

BGP Path Attributes

 

“We Love Oranges AS Oranges Mean Pure Refreshment”

PathDescription
WWeight (highest)
LLocal_pref (higest)
OOriginate (Local)
ASAS_PATH (shortest)
OORIGIN code ( igp > egp > incomplete)
MMED (lowest)
PPaths ( External > Internal)
RRID (Lowest)
R1#sh ip bgp 40.40.40.0
*Mar  1 00:17:21.323: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp 40.40.40.0
BGP routing table entry for 40.40.40.0/24, version 4
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  30
    3.3.3.2 from 3.3.3.2 (3.3.3.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
  20
    2.2.2.2 from 2.2.2.2 (20.20.20.1)
      Origin IGP, metric 0, localpref 100, valid, external

R1#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.20.20.0/24    2.2.2.2                  0             0 20 i
*> 30.30.30.0/24    3.3.3.2                  0             0 30 i
*> 40.40.40.0/24    3.3.3.2                  0             0 30 i
*                   2.2.2.2                  0             0 20 i

(more…)

BGP Filtering

  • BGP filtering can be done on any routers
  • Filtering can be done inbound and outbound
  • After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
    • clear ip bgp 20.20.20.20 in/out  preferred
    • clear ip bgp *   (hard reset)
    • clear ip bgp 20.20.20.20 soft in/out

(more…)

BGP Next-hop & iBGP switching

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 r>  1.1.1.0/30       20.20.20.1               0             0 20 ?
 r>  20.20.20.0/24    20.20.20.1               0             0 20 ?
 *>  30.30.30.0/24    20.20.20.1               0             0 20 ?
 *>i 40.40.40.0/24    1.1.2.2                  0    100      0 i

(more…)

BGP Routing

Injecting routes into BGP.

  • Use the network command.
    • Different than the network command in iGP; it isn’t used to listen/active interfaces.
    • the BGP network command looks for the prefix in the routing table and originates that into the BGP table.
    • If no mask is defined, IOS assumes a classful network.
    • Classful route is added if:
      • the exact route is in the ip routing table
      • Any subset of routes are in the routing table (only with auto-summery)
    • create a null0 route
      •  ip route 30.30.30.0 255.255.255.0 null0
router bgp 20
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 neighbor 10.10.10.1 remote-as 10
 neighbor 10.10.10.1 ebgp-multihop 255
 neighbor 10.10.10.1 update-source Loopback1

(more…)

BGP AS Path

  • Multiple path attributes to determine the best path for a certain prefix.
  • When no path attributes are set, BGP uses the AS_PATH to determine the best route.
    • Shortest AS path wins
  • AS_SEQ is the component of the AS_PATH attribute.
    • 10.10.10.0/24 20 10
      • AS-SEQ (in order)
  • With summarization:
    • 10.10.0.0/16 20 10 { 1 2 5 4 3 }  
    • Prefix AS-PATH AS-SEQ  { AS-SET } 
      • AS-SET are not in order
  • Prevents Routing loops.
  • If a BGP router received an update with it’s own AS#, it indicates a loop.
  • If a BGP router received an update with it’s own AS#, it drops the route.

BGP Message types

BGP message types

New relation between two BGP peers:


  • Open
    • type 1
    • Version4 (ipv4), AS#, Hold time, Router-iD, parameters.

(more…)

BGP Neighbor states

  • idle:
    • BGP is down or waiting next retry
  • Connect:
    • The BGP is waiting for the TCP connection to be completed
  • Active:
    • The TCP Connection failed, Connect-retry timer running, listening for incoming TCP Connections
  • Opensent:
    • The TCP connection exists and a BGP Open Message as been send.
    • The matching Open Message has not yet been received
  • Openconfirm:
    • Open Message has been send and received
  • Established:
    • All neighbor parameters match
    • Relationship works
    • Peers can exchange update messages

eBGP Update-source & multihop

  • Local router find the outgoing interface for the neighbor
  • the IP of the outgoing interface is used as the source IP by default.
  • With one link a failure in that link can lose the neighborship.
    •  configure two neighbor commands
    • Use the loopback interfaces as TCP endpoints
  • Loopback links between two AS might miss the route to the peer’s loopback
    • fixed with multihop (TTL=255 instead of TTL=1).

      • create routes between peers to reach loopback address.
      • configure update-source so the right source-ip is used.
R10#(config)router bgp 10
R10#(config-router)neighbor 20.20.20.20 remote-as 20
R10#(config-router)neighbor 20.20.20.20 ebgp-multihop
R10#(config-router)neighbor 20.20.20.20 update-source loopback0

R20#(config)router bgp 20
R20#(config-router)neighbor 10.10.10.10 remote-as 10
R20#(config-router)neighbor 10.10.10.10 ebgp-multihop
R20#(config-router)neighbor 10.10.10.10 update-source loopback0

iBGP – eBGP

 

eBGPiBGP
External BGPInternal BGP
NeighborBetween differnet ASWithin the same AS
Route updatesRoutes are send to eBGP peers by defaultRoutes are not send to BGP peers by default
AS path additionyesno
Administrative distance20200
TopologyDoes not require a full meshFull mesh or Route reflectors or Confedoration
Loop Preventionas-pathBGP split horizon

(more…)