BGP – Jeremy CBT Nuggets • Key Terms: AS private : 64512 – 65535 Distance vector Routing protocol: it’s a routing protocol that only knows what its neighbor says to it Link state: knows everything, all the topology BGP down, need to change asap but bgp is slow so created ibgp to change very quickly BGP Default metric: how bgp finds best route to you , how finds best way? By default, it relies on as path attribute (effencive version of rip) Routes choose made decision is totally independent of BW, router speed , router capacity take one cloud (jump) instead of two hhh (one in red in photo) Calculation BGP Metric: not one metric but 13 attributes NEighborship are set manually, by sending open message and not send untle configure it, then other side expecting that neighbor… No autodiscover, no hello Multiple session to same neigh not allowed, so solution is with loopback & static route Open : let’s start neighbor relashinship Update : have new for you, routing table, Idle: neighbor configured, haven’t tried to talk to him yet Active : trying to start communication Setup bgp to try shutdown a neighbor for testing, never do this because any other config under that neigh will be destrooooyeeed instead, do a shutdown DEBUG: show bgp topology table choosed one route from two exsisting here it will be in routing table Why choosed that because of metric … or lets say attributes: want to change selected route to 222, still didn’t changed sooo, needs to clear a session bgp not allow network to pass ‘being advertised” until allow that ;it’s advertise network using network command” network cmd here not like used in ospf or eigrp; here do that: take a route from exsiting routing table and advertise it via bgp make attention to loopback creatred: and do redistribute connected, also because of that we’ve ? in oath hhh need also to filter roote so route coming from isp2 don’t go to isp1, other wise isps will use u and also isp sould do filter to not receive from R1 routes except agreed ones before no 200 network, look, it don’t have r1 routes in networkn bgp needs and do exact matches, either uses default mask according tto class or specify mask and also if puts 10.0.0.0/8 and no route in routing table matches that prefix but there is 10.1…./16 then bgp stops it and do not advertise anything because its not a match if put this than bgp start looking for 179.5.0.0/16 because class B, and if no matches than no advertises Or needs to specify : Now both ipsp can see 200 Create some loopback @ Do redistribution: Do no network 200° When do any change, need to clear Needs also to filter, because always want to not send some int redistribute Allo only public int; Basely, always use ACL Can aply it for neighbot (just example) But here apply it to bgp routing process (impact all neighbors OR specified) Another way : USE Route MAP: example, not want to people see ? of routes which means routes not source known Summarize Hhhhhhhhhh summary + specific routes! So need to do this S : suppressed Now, do really good summary routes: Create a maual sammury .24 didn’t disappear yet because needs to do clear • BGP ATTRIBITES: ORIGIN: if do network to advertise, route shows origin i ,if we do for example redistribute then it will hows ?; for e never should see it because it’s old (when was egp) AS-PATH : stump every AS passed by, this is BGP loop prevention system Local Preference & Atomic Aggregate are OPTIONAL but in mandatory(discretionary) :::: mandatory means every single update has to be there By local preference choose ISP1, local preference 200>150 And now OPTIONAL means can be not supported in a device MED : low is better • Route MAP If no option then it takes permit with seq=10 then match & set Can do this: If more than one match in same sequence then it will be considered as an AND And if set a match in one line with many condition, then it consider it as ana OR Now apply route map in bgp output update to ISP1 Then needs to reset the neighbor BEFORE CLEAR: These also filtered Here is the filter bellow: Because no other match or sequence matches that, so like an ACL, will be denied with deny all How to fix it: with match all by creating a blink match rule hhhhh Match nothing in route map means match everything • BGP SERVICE PROVIDER ibgp Ibgp doesn’t modify any bgp attribute AS-PATH: massive loop prevention system for bgp Because ibgp soesn’t modify AS-PATH so doesn’t have a mechanism to prevent loops, so, have BFP split horizon :D means never send an update in same direction received it Bgp split horizon : Never advertise ibgp route (received via ibgp) to another igp peer But how get isp1 routes to router attached to isp2!!! Here can attach ort connect directly the two routers because ibgp havethis option Next Hop: passes in all ibgp without modifying, but R4 not going next hub to that ISP R phisically Check IGP, so like ospf will tell about that next hob hhhh, so when route to isp1 arrives to R4 and tell that next hub is R1, so a recursive lookup starts to find that next hub it goes to routing table (that learned via ospf for example) Ibgp should always use loopback int Ad useful here to choose ebgp than ibgp (cisco) Next hob : because ibgp will not change next hob, so, R4 don’t know how to reach ISP1, so, need to allow exceptionally to change attribute, so in R1 do next hob self, so in R4 either don’t now next hob ISP1 but at least know next hob R1 :D :D :D (not standard and not best practice) CONFIG SERVICE PROVIDER Same in other routers 2, 3 ,4 Create loopback Ibgp peers In all routers also Now iBGP Here loo0 = 1.1.1.1; of local router when configuring(present myself as 1.1.1.1 to 2.2.2.2 and not using int) Synchronization means : if I don’t hear about a route via igp then I will advertise it via bgp And to all other routers So this will be the config for ibgp full mesh Look it’s 0 in prefix Because neighbor formed, but not yet advertising eBGP Config: Bgp not dedicated for load balancing, so need to use static route with loo to do load balance Will be a problem with loo 1.1.1.1 So change it Change in R1: THIS WILL FAIL hHHhHhh Statle = idle Because of This: Why because not directly connected, why that because not using ip of int but instead using ip of loo Need to change that rule hihihi, rules are made to be broken hahaha Now, neighbor is up, but no exchanged routes Now with isp2, change loo of r2 and then config ISP2 Now CUS1 Change in topology, because cant do Cust1 in AS500(problem of full mesh), than we can use private AS Or also we can even not use bgp, instead, do static route and advertise it inside bgp, can do this because have only one possible path Anyway, going with private AS And to advertise its routes to ISP1, then need to do this cmd in R1 means send the routes but remove as before Remove this highlited line Do so on all routers Now start send routes using aolso filters Because redistributed then path = ? There is issue in Jeremy laptop so restart laptop without save config and now tshoot why other routs like 1.1.1.1 don’t show here; TSHOOT: i routes Sometimes it displays why, but here no Sems that this stat isn’t known by other routers Here too Here too, routes are there but no route is selected because don’t know how to get there Look, no route Here we could apply the unrecommended ‘next_hob_self” so router will change any route bgp next hob to it self BBUUUTTTT, do a ospf redistribution is better and safer and recommended, here image to see Here in R3 says don’t know how to go to R2 So do the next But should not be the case or you will be used as a transit in real word About as 64512, now will remove that in upstream to provider Something is missing This one Not pingable because ospf not running on cust1 .2 Best practice is incule any next hox (r that connect to isp) is ospf process Now R1 knows abour network 150.1.0.0,;; but still cust1 don’t know about 10.1.1.0 between R1&R3 And do So it will not form ispf neighbor No it’s selected > but still cust1 don’t know about 10.1.1.0 between R1&R3, here we resolve it by giving default route Ops, we need to remouve that Do on R2 as well This will not work ecause no matched route in routing tabe like route in network. Need to have that route in routing tabe; so do to null0 If matched with high prefix then good otherwise drop and that’s good too Now isp 2 Receiving it but from R1 then to R2, need to d othis also in R2 So problem in ISP R3 doesn’t have that network 17.9.1.4 Last point is canceled. Video 15 31:00 min Match all Now config stop of isp1 to go to isp2 anf vise versa Can’t attach it directly but need to do through route map Can do also set if you awant, but here using it just to filter Now need to attach it to neigh Now reset neigh no DOOONEEE hhhhhhhhhhhhh Now same for R2 Now build bgp peer Did this to influence route selection Wantr to do this : isp1 isp2 cust1 Wcant do this with W or local p, choose W Selected directly connected Now do any route comes from AS 500 set the weight higher for 199.9.9.2 then the other neigh With deny everything else Apply it for neigh between ISP1 & ISP 2 Not tp R1 Donen, preferred the long way But 2.2.2.2 routes!!!!!!!!!!!!! Because blocking it through route map, because sequence 10 allow only 500 as Can change and allow others, but not good, so do the next Add sequence with no match hhh Match methods Filter with prefix list examples Check if it’s routed /advertised Ok so everything is allowed Check is OK Flter for only specific ones, not want class C Now check no route maps attached to 1.1.1.1 ni Solution in cisco to not kill neighborship because in production will produce outage of about 1min, so here is some solutions * Tells things have been changes so recheck routes In means take of exsiting routes and put in memory then compare to filter and generate new routes….bla blab labla video 18 9;15 Inconvignint is memory Need to do this at first Frim iso 12.1, refresh is release; Means resend routes without killing neigh Then Want to say to ISP1 to not comme to 150.1.1.0 from ISP1, but go from ISP2, but ISP don’t repond to every request otherwise many many customers so solution is in Community, standard agree from bith means, isp say if you want to say preference to lower then send community val 200 and it will do it auto No in ISP RESUME of CONTROLING Section: Video 20 es all examples of filter It’s difficult to use load balance with bgp, load balance of not direct neighbotr wih redundant connection but bgp multipath (maxpath) Here if it comes to max path, then make it load balance between them ‘isp 1 & B) by doing thiat command Bgp support multipath up to 6 destiantions BGP son’t stop loops inside the network, it stops it from coming outside by as PATH Ibgp scalability issue(because needs every ibgp to built full mesh) is route refector and this band the ibgp split horizon rule of not send received route via ibgp, Example ; put router in middle as route reflector, it’ss resent all received ibgp routes hhh Issue if many RR Solution is to do cluser, and it’s block routes inside same cluster, but this case every RR needs full mesh with clients R1 RR, R2&3 client Add in cluster/create it But can’t see that detail from client side CONFEDERATION is another way to solve ibgp full ,msh scenario How to config it; BackUp Change an copy again: 500 is the real AS; 64514 is the list of all internal as (if many then put many in same line) Just notice this too : To not drop packets Protect your self in case of isp is sending looooooot of routes Like dynamically add all same peers same configuration in a group; or can do it amnually hhh Now advantage is router will calculate update one time for peer greoup; and the nsend them as a batch Reuse but not clear penalty, means next flap will immediately suppress if it reaches level Clear penalty but not use yet