Hour 72: BGP Review Part 2

Took me some time for this one. Part 1 can be found here.

Consult the symbols legend at the end of the post for information on symbols.

Communities:

  • [(RTR)neighbor <ip> send-communities] By default no communities are exchanged between any peers
  • [(RM)set community No-advertise] – Do not send beyond local router
  • [(RM)set community No-export]  Do not send beyond local AS
  • [(RM)set community Local-as]  Do not send to EBGP sub-AS peers within confed. Within single AS works the same as no-export, but not recommended
  • [(RM)set community Internet] – permit any – overwrite all communities and allow prefix to be announced everywhere
  • [(RM)set comm-list <id | name> delete] delete single community
  • [(RM)set community none] deletes all communities
  • [ip community-list <1-99> permit|deny <value…>] Max 16 single community numbers
  • [ip community-list 1 permit 2000:100 100:2000] logical AND
  • [ip extcommunity-list standard | expanded <name> <seq> permit | deny <values>]
  • [ip bgp-community new-format] Change default numbered NN:AA (represented as a single number) community format to AA:NN (AS number followed by the community number)
  • [ip community-list <100-199) permit|deny <regexp>] extended ACL allows Regular Expressions

REGEXP

Cost:

  • Passed only to IBGP and confederation peers
  • Customize the local route preference and influence the best path selection process by assigning cost values to specific routes
  • Influences the BGP best path selection process at the point of insertion (POI). By default, the POI follows the IGP metric
  • Each set must have a different ID (0-255) Lowest ID preferred if Cost is the same.
  • [(RM)set extcommunity cost <id> <cost>]
  • Path with the lowest cost community number is preferred (0-4mld). Default for paths not marked is cost:2mld id:0

Link-bandwidth:

  • Enables load-sharing for EBGP unequal bandwith paths (Weight, LP, MED, AS_PATH, IGP cost must be the same)
  • [(RTR)bgp dmzlink-bw ] on all IBGP routers
  • [(RTR)neighbor <ebgp-ip> dmzlink-bw] advertise link BW for that peer

Route Tags:

  • BGP uses the route tag field in the OSPF packet to carry AS_PATH information across the OSPF domain
  • When router redistributes EBGP route into OSPF, it writes AS_PATH into the external route tag field. But, when IGP routes are redistributed into BGP, the BGP does not automatically assume that the IGP’s tag field contains AS_PATH.
  • Recovered path is added to own AS. Configured on routers redistributing from IGP into BGP

getTAG

  • Automatic Tag, Enters not only the AS_PATH information but also the ORIGIN code. Configure on the routers redistributing from BGP into an IGP:

AutoTag

Next hop:

  • Next-hop is set to own IP on EBGP sessions (except confederations)
  • [(RTR)neighbor <ip> next-hop-self]
  • Original (unchanged) NEXT_HOP is announced via IBGP and on multi-access network EBGP
  • [(RM) set ip next-hop  % <ip> | peer-address%] You can change next-hop per prefix unlike next-hop-self

Convergence:

Next Hop Tracking:

  • [(RTR)bgp nexthop trigger enable] Enable d by default. Adress Tracking Filter (ATF) is used (BGP is a client).BGP scanner tracks next-hops every 60 sec if NHT is disabled.
  • [(RTR)bgp nexthop trigger delay <0-100>] BGP waits 5 seconds before triggering NHT scan
  • [show ip bgp attr nexthop]
  • [show ip bgp attr nexthop ribfilter]

Fast Session Deactivation:

  • ATF can also track peer IP’s, not only next=hops
  • [(RTR)neighbor <ip> fall-over] If we lose our route to the peer (multihop EBGP), tear down the session. No need to wait for the hold timer to expire. Similar to fast external fallover for p2p sessions
  • [(RTR)no bgp fast-external-fallover] Enabled by default. If turned off does not react to connected interface going down, waits for holdtime to expire.

Read-only mode:

  • [(RTR)bgp update-delay <sec>] Router is in read-only mode (no updates sent) until timeout expires or first keepalive is received.

IGP startup:

  • ISIS [(RTR)set overload-bit on startup wait-for-bgp] If not signaled in 10min, OL bit is removed
  • OSPF [(RTR)max-metric router-lsa on-startup wait-for-bgp] If not signaled in 10 min, max OSPF cost is removed

NSF:

  • Graceful Restart capability is exchanged in OPEN message
  • Restarted router accepts BGP table from neighbors but it is in read-only more (FIB is marked as stale), and does not calculate best path until End of RIB marker is received- empty withdrawn NLRI TLV
  • After End of RIB marker is received, Best-path algorithm is run, and routing table is updated. Stale information is removed from FIB
  • [(RTR)bgp graceful-restart] Enables graceful restart capability glovally for all BGP neighbors
  • [(RTR)bgp graceful-restart restart-time <sec>] Maximum time (120 sec default) router will wait for peer to return to normal operation
  • [(RTR)bgp graceful-restart stalepath-time  <sec>] Maximum time (360 sec default) router will hold stale paths for a restarting peer
  • [(RTR)neighbor <ip> ha-mode graceful-restart] Enable graceful restart capability per neighbor

MTU:

  • TCP path MTU discovery is enabled by default for all BGP neighbor sessions
  • [ip tcp path-mtu-discovery] Tests every 10 min trial error. Affects sessions originated by router.
  • [(RTR)neighbor <ip> transport path-mtu-discovery] MSS 576 default (536 without TCP/IP headers), Window is 16k (Always regardless of CLI configuration)

Peer-groups and templates:

Peer-group:

  • [(RTR)neighbor <peer-group-name> peer-group] IBGP and EBGP peers cannot be in the same peer-group
  • Single BGP scan is performed for a leader (lowest IP) only, and replicated to other members
  • [show ip bgp replication]

Peer Session Template (affects BGP sessions with neighboring router):

  • Peer-group and peer-templates are exclusive
  • [(RTR)template peer-session <name>] Create peer-session template
  • [(RTR)neighbor <ip> inherit peer-session <name>] One directly inherited template per peer
  • [((RTR)TEMPLATE)inherit peer-session <name>] Up to seven indirectly (daisy-chained only) templates
  • Execution start with the last inherited template and ends with directly inherited template (overwrite rule)
  • [show ip bgp template peer-session]

Peer policy Template (Affects protocol specific NLRI):

  • [(RTR)template peer-policy <name>] Create peer-policy template
  • Up to 8 Peer policy templates daisy-chain inherited
  • Inheritance is sequenced (starts with lowest) – ALL ENTRIES ARE EXECUTED
  • [((RTR)inherit peer-policy <name> <seq>]
  • [(RTR)neighbor <ip> inherit peer-policy <name>]
  • [show ip bgp template peer-policy]

Load-balancing:

  • [(RTR)maximum-paths %ibgp% <up-to-6>] By default EBGP does not perform load balancing. Only one path is installed in routing table. Without ibgp option, multipath applies only to EBGP and external confederation peers.
  • All attributes of redundant paths must be the same
  • Next-hop router for each multipath must be different
  • [(RTR)neighbor <ip> ebgp-multihop <ttl>] Check only during session establishment.

Route-reflectors:

  • CLUSTER_LIST updated by RR with CLUSTER_ID (RID by default) when RR sends route from client to non-client. Loop avoidance method.
  • ORIGINATOR_ID added by RR in Update sourced by a client. RR will not send update to a peer with the same ORIGINATOR_ID. Router which is an originator will drop updates with ORIDINATOR_ID set to own. Loop avoidance method.
  • Route from non-client reflect to clients and EBGP peers only
  • Route from EBGP reflect to clients and non-clients
  • Route from client reflect to non-clients,clients and EBGP peers
  • Route-reflector in different cluster is a non-client for local route-reflector
  • [(RTR)neighbor <ip> route-reflector-client] Define client on RR. Client is not aware of being a client
  • [(RTR)bgp cluster-id <id>] Set if more than one RR in a cluster (not recommended See this other post) Cluster is a set of RR and its clients. Clusters may overlap. If not set, it is RID.
  • Connections between clusters must be made between the RR, not between clients, because clients do not examine the CLUSTER_LIST attribute
  • [(RTR)no bgp client-to-client reflection] When the clients are fully meshed, the route reflector is configured so that it does not reflect routes from one client to another
  • RR can be implemented hierarchically
  • Physical path should follow RR-to-Client path to avoid black holing and loops

Confederations:

  • As loop prevention method AS_CONFED_SEQUENCE and AS_CONFED_SET is maintained. Each AS adds own sub-AS to path {65222 65223}
  • When update is sent to external peer the AS_CONFED_SEQUENCE and AS_CONFED_SET information is stripped from the AS_PATH attribute and the confederation ID is prepended to the AS_PATH
  • [router bgp <id>] (private AS)

[(RTR)bgp confederation identifier <id> ](real AS)

[(RTR)bgp confederation peers <as> <as> ](sub-AS’s)

  • Centralized design recommended for implementation
  • NEXT_HOP, MED, LOCAL_PREF left untouched between sub-AS, common IGP required.
  • EBGP between sub-AS’s (Preference:  ext EBGP -> confed ext EBGP -> IBGP)
  • Advertisement follows simple EBGP and IBGP rules

Stability:

ORF (Outbound Route Filtering):

  • Only for individual peers. Multicast not supported
  • Requires prefix-list configuration (the only method supported)
  • BGP speaker can install the inbound prefix list filter to the remote peer as an outbound filter
  • [(RTR)neighbor <ip capability orf prefix-list send|receive|both]

[(RTR)neighbor <ip> prefix-list FILTER in

  • [clear ip bgp <ip> in %prefix-filter%] trigger route refresh

Soft Reconfig:

  • Peers table version is reset to 0, next update interval local router send whole BGP table
  • [neighbor <ip> soft-reconfiguration inbound]
  • [clear ip bgp <id> soft in|out]

Route Refresh:

  • Replacement for soft-reconfiguration; negotiated when session is established
  • Check if supported [sh ip bgp neighbors <ip> | s neighbor capabilities]
  • [Clear ip bgp <id> in]

Dampening:

  • Penalty added to specific path, not prefix. Flap means down and up. If path goes only down it is not a flap.
  • Max Penalty = Reuse limit * 2 * (Max suppress Time / Half Life)
  • Half-life: 15 min; Reuse; 750; Suppress: 2000; Max: 4x Half life; Penalty: 1000
  • Penalty is reduced every 5 sec in a way that after 15 min its half
  • [(RTR)bgp dampening %route-map <name>% | %<half-life> <reuse> <sup> <max-supp>%]
  • [(RM)set dampening <half-time>]
  • Flap history is cleared when penalty drops below half of reuse-limit
  • [clear ip bgp dampening]
  • [clear ip bgp <peer-ip> flap-statistics]

Symbols Legend:

[ ] = command

<> = input

% % = optional

{  } = available options separated by |

(RTR) = in router bgp <AS>

(IF) = interface <interface name> x/x , for example: interface fastethernet0/0

Thank you to Krzysztof Zaleski for his notes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s