Lecture 13 - BGP Part 3

Lecture 13:
BGP Part 3
INFR 2411U – Advanced Networking I
Josh Lowe
November 2023
In this lecture…
INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

BGP Multihoming

BGP Multihoming
Single Homed
▪ Single Homed (1 link per ISP, 1 ISP)
• Connection to a single ISP
• No link redundancy
• If the ISP network fails, connectivity to the Internet is
interrupted
• Used in cases when a loss in Internet connectivity is not
problematic to a customer
• Two options for routing to and from the Internet:
• Use static routes (default in the enterprise, and a static route for
the enterprise’s public address range at the ISP)
• Use BGP, but only to exchange a default route (ISP to enterprise)
and a route for the enterprise’s public prefix (enterprise to ISP)

BGP Multihoming
Dual Homed
▪ Dual Homed (2+ links per ISP, 1 ISP)
• Uses two links to the same ISP
• The links can either be connected to a
single customer router, or two separate
customer routers
• Some flexibility in routing decisions:
• You could prefer one Internet connection over
another for all destinations, but when the better
ISP connection fails, all traffic reroutes over the
secondary connection
• Or you could treat both Internet connections as
equal, sending packets for some destinations out
each path. However, when one fails, all traffic
reroutes over the one still-working path
• Routing needs to be properly configured to
allow both links to be used simultaneously

BGP Multihoming
Single Multihomed
▪ Single Multihomed (1 link per ISP, 2+ ISPs)
• Connections to multiple ISPs
• Resistant to a failure of any single ISP
• Again, connections from the ISPs can
terminate on the same router, or on multiple
routers for even more resiliency
• The customer is responsible for announcing
its own IP address space to upstream ISPs
• The customer should not advertise routing
information between ISPs. This would make
the customer a transit provider for the ISPs
• Routing needs to be properly configured to
allow both ISPs to be used simultaneously

BGP Multihoming
Dual Multihomed
▪ Dual multihomed (2+ links per ISP, 2+ ISPs)
• Same as multihomed but with redundant
links to each ISP
• Usually multiple customer routers, one per
ISP
• The same design and routing principles as
the single multihomed network apply

BGP Multihoming
Internet Transit Routing
▪ Enterprise AS 65500 is learning routes from
both ISP-A and ISP-B via eBGP and is also
running iBGP on all its routers
• If one of the connections to the ISPs goes
down, traffic will be sent through the other ISP
(this is good!)
▪ An undesirable situation could occur if the
enterprise AS is configured as a transit AS
• For example, AS 65500 learns the
172.16.0.0/16 route from ISP-A
• If router B advertises that route to ISP-B, then
ISP-B may decide to use it
• This undesirable configuration could be
avoided through careful configuration of
outbound BGP route policies

Conditional Matching

Using Prefix Lists
▪ Prefix lists can be used as an alternative to access lists in many route filtering
commands
▪ Prefix list characteristics include:
• A significant performance improvement over ACLs in loading and route lookup of large lists
• Support for incremental modifications
• An improved user-friendly command-line interface ?
• Greater flexibility in specifying subnet mask ranges

Prefix List Filtering rules
▪ An empty prefix list permits all prefixes
▪ If a prefix is permitted, the route is used. If a prefix is denied, the route is not used
▪ Prefix lists consist of statements with sequence numbers. The router begins the
search for a match at the top of the prefix list, which is the statement with the
lowest sequence number
▪ When a match occurs, the router does not need to go through the rest of the
prefix list. For efficiency, you might want to put the most common matches
(permits or denies) near the top of the list by specifying a lower sequence number
▪ An implicit deny is assumed if a given prefix does not match any entries in a prefix
list

Prefix-list Scenario #1
172.16.11.0/24 AS 65001
172.16.10.0/24 172.16.0.0/16
AS 65000 172.16.10.0/24
R2 R3
172.16.11.0/24
10.1.1.1
R1
R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 le 24

R1(config)# router bgp 65000
R1(config-router)# aggregate-address 172.16.0.0 255.255.0.0 172.16.0.0/16 summary
R1(config-router)# neighbor 10.1.1.1 remote-as 65001
R1(config-router)# neighbor 10.1.1.1 prefix-list TEN-ONLY out
R1(config-router)# exit
R1(config)# do show running-config | include ip prefix-list
ip prefix-list TEN-ONLY seq 5 permit 172.0.0.0/8 le 24
R1(config)#
▪ In this case, neighbor R3 learns about 172.16.0.0/16, 172.16.10.0/24, and 172.16.11.0/24

▪ These are the routes that match the first 8 bits of 172.0.0.0 and have a prefix length between 8 and 24
▪ NOTE: the running-config shows ip prefix-list TEN-ONLY permit 172.0.0.0/8 le 24
▪ This is because only the first 8 bits in the address are considered significant when a prefix length of /8 is used

172.16.11.0/24 AS 65001
172.16.10.0/24 172.16.0.0/16
AS 65000
R2 R3
10.1.1.1
R1
R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 le 16

R1(config-router)# aggregate-address 172.16.0.0 255.255.0.0
R1(config)#
▪ Now neighbor R3 learns only about 172.16.0.0/16

▪ This is the only route that matches the first 8 bits of 172.0.0.0 and has a prefix length between 8
and 16

172.16.11.0/24 AS 65001
172.16.10.0/24 172.16.10.0/24
AS 65000 172.16.11.0/24
R2 R3
10.1.1.1
R1
R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 17

R1(config)#
▪ Now neighbor R3 learns only about 172.16.10.0/24 and 172.16.11.0/24

▪ R1 ignores the /8 parameter (which is only used to specify which bits should match) and treats
the command as if it had the parameters ge 17 le 32

172.16.11.0/24 AS 65001
172.16.10.0/24 172.16.0.0/16
AS 65000 172.16.10.0/24
R2 R3
172.16.11.0/24
10.1.1.1
R1
R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 16 le 24

R1(config)#
▪ Now neighbor 10.1.1.1 learns about 172.16.0.0/16, 172.16.10.0/24, and

172.16.11.0/24
172.16.11.0/24 AS 65001
172.16.10.0/24 172.16.10.0/24
AS 65000 172.16.11.0/24
R2 R3
10.1.1.1
R1
R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 17 le 24

R1(config)#
▪ Now neighbor 10.1.1.1 learns about 172.16.10.0/24 and 172.16.11.0/24

Configure a Prefix List
▪ Use the no ip prefix-list list-name global configuration command to
delete a prefix list
▪ The ip prefix-list list-name description text global configuration
command can be used to add or delete a text description for a prefix list
▪ Tip:
• For best performance, the most frequently processed prefix list statements should be
configured with the lowest sequence numbers
• The seq seq-value keyword can be used for re-sequencing

Regular Expression Syntax
▪ Atom: A single character
• . matches any single character
• ^ matches the start of the input string
• $ matches the end of the input string
• _ matches a space, a ^, or a $
• \ matches the character. (e.g., \$ would match a dollar sign)
▪ Piece: one of these symbols

• * matches 0 or more sequences of the preceding character or string
• + matches 1 or more sequences of the preceding character or string
• ? matches the preceding character, or not. (True/False)
▪ Range: A sequence of characters within square brackets
• Example is [abcd]

Regular Expression Examples
Regular Expression Resulting Expression

Expression indicates any occurrence of the number “5",
5*
which includes no occurrences
Indicates that at least one occurrence of the number “5" must
5+
be present in order to match
Expression matches “123" or “13“ (the “2” is either present
12?3
or not).
Expression indicates an origin of AS100. (The $ marks the
_100$ end of the AS_PATH and the _ matches the start of the path
or a space)
Expression indicates transmission from AS100 (The ^
^100_ matches the start of the AS_PATH and the _ matches the end
of the path or a space)
Expression indicates origination from this AS (The ^ matches
^$
the start of the path and the $ matches the end of the path)
Expression means “via AS100”. (The underscore represents
_100_
the start of string, end of string, or a space)
For more details see the PDF “Regular Expressions” in the Modules section on Canvas
Route Maps

Route Maps
Understanding Route Maps
▪ Route maps are similar in function to ACLs but provide far more control
▪ Route maps are more similar to a scripting language

• They can be named rather than numbered for easier documentation
• Lines are sequence-numbered for easier editing
• Match and set criteria can be used, similar to the “if, then” logic
• They allow conditions to be tested using match commands and if the conditions match, actions specified
by set commands can be taken to modify attributes of the packet or routes
▪ Just as ACLs are used by a variety of Cisco IOS features, route maps can also be
used for various applications
• The actual route map implementation will vary based on how its applied

Route Maps
Route Map Applications
▪ Route filtering during redistribution

• All IP routing protocols can use route maps for redistribution filtering
• Applied using the redistribute protocol route-map router configuration command.
▪ Policy-based routing (PBR)
• PBR allows the operator to define routing policy other than basic destination-based routing using
the routing table
• Applied using the ip policy route-map interface configuration command
▪ BGP
• Route maps are the primary tools for implementing BGP policy

Route Maps
Route Map Operation Logic
▪ A route map consists of a list of statements

• The list is processed top-down like an access list
• Sequence numbers are used for inserting or deleting specific statements
▪ Route map permit or deny determines if BGP accepts the routes and, optionally,
set one or more attributes on the route
▪ The first match found for a route is applied
• The match statement may contain multiple references
• Multiple match criteria in the same line use a logical OR
• Multiple match criteria in multiple separate lines use a logical AND
• Once there is a match, set the action (if defined) and leave the route map
• Other route-map statements are not processed

Route Maps
Route Map Operation Example
route-map DEMO permit 10
OR
If {(X OR Y OR Z)
match X Y Z
AND AND A match}
match A
set B Then {Set B AND C}

AND
set C (and exit route-map)
route-map DEMO permit 20 Else

If Q matches
match Q
Then set R (and exit route-map)
set R
Else
route-map DEMO permit 30
Set nothing (and exit route-map)
▪ Match criteria on the same line mean a logical OR condition (If this or this or …)
▪ Multiple match and set criteria on separate lines indicates an AND condition (and if this …)
Matches
▪ A route-map statement without any match statements will be considered matched Everything
▪ Like an access list, an implicit deny any appears at the end of a route map
• The consequences of this deny depend on how the route map is being used
Route Maps
The match Commands*
Command Description
match community Matches a BGP community
match interface Matches any routes that have the next hop out of one of the interfaces specified
match ip address Matches any routes that have a destination network number address that is permitted
by a standard or extended ACL (or prefix-list)
match as-path Matches routes based on a regex query to isolate the ASN in the BGP path attribute
AS_PATH. The AS path ACLs are numbered 1 to 500
match local-preference Matches routes based on the BGP attribute local preference. This command allows for
multiple match variables
match length Matches based on the layer 3 length of a packet
match metric Matches routes with the metric specified
match route-type Matches routes of the specified type
match tag Matches tag of a route
*partial list
Route Maps
The set Commands*
Command Description
set as-path Modifies an AS path for BGP routes
set automatic-tag Computes automatically the tag value
set community Sets the BGP communities attribute
set default interface Indicates where to output packets that pass a match clause of a route map for policy
routing and have no explicit route to the destination
set interface Indicates where to output packets that pass a match clause of a route map for policy
routing
set ip default next-hop Indicates where to output packets that pass a match clause of a route map for policy
routing and for which the Cisco IOS software has no explicit route to a destination
set ip next-hop Indicates where to output packets that pass a match clause of a route map for policy
routing
set level Indicates where to import routes for IS-IS and OSPF
set local-preference Specifies a BGP local preference value
set metric Sets the metric value for a routing protocol
set metric-type Sets the metric type for the destination routing protocol
set tag Sets tag value for destination routing protocol
set weight Specifies the BGP weight value
*partial list

Lecture 13 - BGP Part 3

Uploaded by

Copyright:

Available Formats

Lecture 13 - BGP Part 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 13 - BGP Part 3

Uploaded by

Copyright:

Available Formats

Lecture 13:

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

▪ An empty prefix list permits all prefixes

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 le 24

▪ In this case, neighbor R3 learns about 172.16.0.0/16, 172.16.10.0/24, and 172.16.11.0/24

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 le 16

▪ Now neighbor R3 learns only about 172.16.0.0/16

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 17

▪ Now neighbor R3 learns only about 172.16.10.0/24 and 172.16.11.0/24

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 16 le 24

▪ Now neighbor 10.1.1.1 learns about 172.16.0.0/16, 172.16.10.0/24, and

R1(config)# ip prefix-list TEN-ONLY permit 172.16.10.0/8 ge 17 le 24

▪ Now neighbor 10.1.1.1 learns about 172.16.10.0/24 and 172.16.11.0/24

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

▪ Piece: one of these symbols

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

Regular Expression Resulting Expression

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

▪ Route maps are more similar to a scripting language

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

▪ Route filtering during redistribution

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

▪ A route map consists of a list of statements

INFR 2411U – Advanced Networking I ©Josh Lowe, 2023

set B Then {Set B AND C}

route-map DEMO permit 20 Else

match community Matches a BGP community

match length Matches based on the layer 3 length of a packet

match metric Matches routes with the metric specified

match route-type Matches routes of the specified type

match tag Matches tag of a route

You might also like