Basic BGP Path Manipulation Using Route Maps
Manipulating path-selection criteria can affect the inbound and outbound traffic policies of an autonomous system. This section discusses path manipulation and how to manipulate the BGP local preference, MED, and weight attributes to influence BGP path selection, including the use of route maps. Manipulating path selection by extending the AS-path attribute is also described.
| Note | Recall that route maps and route map configuration are described in Chapter 4. This section includes some specifics for route map use with BGP. |
BGP Path Manipulation
Unlike local routing protocols, BGP was never designed to choose the quickest path. Rather, it was designed to manipulate traffic flow to maximize or minimize bandwidth use. Figure 6-46 demonstrates a common situation that can result when using BGP without any policy manipulation.
Using default settings for path selection in BGP might cause uneven use of bandwidth. In Figure 6-46, Router A in autonomous system 65001 is using 60 percent of its outbound bandwidth to Router X in 65004, but Router B is using only 20 percent of its outbound bandwidth. If this utilization is acceptable to the administrator, no manipulation is needed. But if the load averages 60 percent and has temporary bursts above 100 percent of the bandwidth, lost packets, higher latency, and higher CPU usage may result because of the number of packets being routed. When another link to the same location is available and is not heavily used, it makes sense to divert some of the traffic to the other path. To change outbound path selection from autonomous system 65001, the local preference attribute must be manipulated.
Recall that a higher local preference is preferred. To determine which path to manipulate, the administrator performs a traffic analysis on Internet-bound traffic by examining the most heavily visited addresses, web pages, or domain names. This information can usually be found by examining network management records or accounting information.
Assume that in Figure 6-46, 35 percent of all traffic from autonomous system 65001 has been going to http://www.cisco.com. The administrator can obtain the Cisco IP address or autonomous system number by performing a reverse Domain Name System (DNS) lookup or by going to ARIN (at http://www.arin.net) and looking up the autonomous system number of Cisco Systems or the address space assigned to the company. After this information has been determined, the administrator can use route maps to change the local preference to manipulate path selection for packets destined to Cisco’s network.
Using a route map, Router B can announce, to all routers within autonomous system 65001, all routes to networks associated with Cisco’s autonomous system with a higher local preference than Router A announces for routes to those networks. Because routers running BGP prefer routes with the highest local preference, other BGP routers in autonomous system 65001 send all traffic destined for Cisco’s autonomous system to exit autonomous system 65001 via Router B. The outbound load for Router B increases from its previous load of 20 percent to account for the extra traffic from autonomous system 65001 destined for the Cisco networks. The outbound load for Router A, which was originally 60 percent, should decrease. This change will make the outbound load on both links more balanced. The administrator should monitor the outbound loads and adjust the configuration accordingly as traffic patterns change over time.
Just as there was a loading issue outbound from autonomous system 65001, there can be a similar problem inbound. For example, if the inbound load to Router B has a much higher utilization than the inbound load to Router A, the BGP MED attribute can be used to manipulate how traffic enters autonomous system 65001. Router A in autonomous system 65001 can announce a lower MED for routes to network 192.168.25.0/24 to autonomous system 65004 than Router B announces. This MED recommends to the next autonomous system how to enter autonomous system 65001. However, MED is not considered until later in the BGP path-selection process than local preference. Therefore, if the administrator for autonomous system 65004 prefers that traffic leave the autonomous system via Router Y (to Router B in autonomous system 65001), Router Y should be configured to announce a higher local preference to the BGP routers in autonomous system 65004 for routes to network 192.168.25.0/24 than Router X announces. The local preference that Routers X and Y advertise to other BGP routers in autonomous system 65004 is evaluated before the MED coming from Routers A and B. MED is considered a recommendation because the receiving autonomous system can override it by manipulating another variable that is considered before the MED is evaluated.
For example, using Figure 6-46, assume that 55 percent of all inbound traffic is going to the 192.168.25.0/24 subnet (on Router A). The inbound utilization to Router A is averaging only 10 percent, but the inbound utilization to Router B is averaging 75 percent. If the inbound load for Router B spikes to more than 100 percent, this may causes problems such as the route flapping, resulting in some of the sessions crossing that link being lost. For example, if these sessions were purchases being made on autonomous system 65001 web servers, revenue would be lost, which is something administrators want to avoid. If autonomous system 65001 were set to prefer to have all traffic that is going to 192.168.25.0/24 enter through Router A, the load inbound on Router A should increase, and the load inbound on Router B should decrease.
If load averages less than 50 percent for an outbound or inbound case, path manipulation might not be needed. However, as soon as a link starts to reach its capacity for an extended period of time, either more bandwidth is needed or path manipulation should be considered. The administrator should monitor the inbound loads and adjust the configuration accordingly as traffic patterns change over time.
Changing the Weight
Recall that the weight attribute influences only the local router. Routes with a higher weight are preferred.
Changing the Weight for All Updates from a Neighbor
The neighbor {ip-address | peer-group-name} weight weight router configuration command is used to assign a weight to updates from a neighbor connection, as described in Table 6-8.
Table 6-8: neighbor weight Command Description
Open table as spreadsheet | Parameter | Description |
| ip-address | The BGP neighbor’s IP address. |
| peer-group-name | The name of a BGP peer group. |
| Weight | The weight to assign. Acceptable values are 0 to 65535. The default is 32768 for local routes (routes that the router originates). Other routes have a weight of 0 by default. |
Changing the Weight Using Route Maps
The network shown in Figure 6-47 is used as an example to demonstrate how to change the weight attribute using route maps. The partial configuration of Router R1 is shown in Example 6-24.
Example 6-24: Configuration of Router R1 in Figure 6-47
In this example, the routing policy dictates the selection of autonomous system 65030 as the primary way out of autonomous system 65040 for the traffic destined to any network originated by the autonomous system 65020. This is achieved by placing a higher weight (150) on all incoming announcements from autonomous system 65030 (from neighbor 10.0.0.1), which carry the information about the network originated in autonomous system 65020.
The first line of the route map called set-weight is a permit statement with a sequence number of 10; it defines the first route-map statement. The match condition for this statement checks the AS-path attributes of updates to see which are permitted by autonomous system access list 10.
The match condition is defined by the match as-path path-list-number route-map configuration command. The path-list-number parameter is the number of the autonomous system path access list, which is 10 in this example.
The autonomous system path access list is defined by the ip as-path access-list acl-number {permit | deny} regexp global configuration command. The parameters of this command are described in Table 6-9.
Table 6-9: ip as-path access-list Command Description
Open table as spreadsheet | Parameter | Description |
| acl-number | Number from 1 to 500 that specifies the AS-path access list number. |
| regexp | Regular expression that defines the AS-path filter. The autonomous system number is expressed in the range from 1 to 65535. See the “Regular Expressions” appendix in the Cisco IOS Terminal Services Configuration Guide, available at http://www.cisco.com, for information about configuring regular expressions. |
In this example, autonomous system access list 10 permits updates whose AS-path attribute ends with 65020 (note that the parameter is _65020$). These are updates originating in autonomous system 65020. The route map sets these updates to a weight of 150, with the set weight 150 command.
The second statement in the route map called set-weight is a permit statement with a sequence number of 20; it does not have any match statements, so all remaining updates are permitted. These remaining updates have their weight set to 100, with the set weight 100 command. The sequence number 20 (rather than 11) is chosen for the second statement in case other policies have to be implemented later before this statement.
This route map is linked to neighbor 10.0.0.1 as an inbound route map. Therefore, as Router R1 receives updates from 10.0.0.1, it processes them through the set-weight route map and sets the weight accordingly as the routes are placed in Router R1’s BGP table.
Setting Local Preference
Recall that local preference is used only within an autonomous system between IBGP speakers to determine the best path to leave the autonomous system to reach an outside network. The local preference is set to 100 by default; higher values are preferred.
| Note | If for some reason an EBGP neighbor did receive a local preference value (such as because of faulty software), the EBGP neighbor ignores it. |
Changing Local Preference for All Routes
The bgp default local-preference value router configuration command changes the default local preference to the value specified. All BGP routes that are advertised include this local preference value. The value can be set to a number between 0 and 4294967295.
Manipulating the default local preference can have an immediate and dramatic effect on traffic flow leaving an autonomous system. Before making any changes to manipulate paths, the network administrator should perform a thorough traffic analysis to understand the effects of the change. For example, the configurations for Routers A and B in Figure 6-48 are shown in Examples 6-25 and 6-26, respectively. In this network, the administrator changed the default local preference for all routes on Router B to 500 and on Router A to 200. All BGP routers in autonomous system 65001 send all traffic destined for the Internet to Router B, causing its outbound utilization to be much higher and the utilization out Router A to be reduced to a minimal amount. This change is probably not what the network administrator intended. Instead, the network administrator should use route maps to set only routes for specific networks to have a higher local preference through Router B, to decrease some of the original outbound load that was being sent out Router A.
Example 6-25: Configuration for Router A in Figure 6-48
router bgp 65001
bgp default local-preference 200
Example 6-26: Configuration for Router B in Figure 6-48
router bgp 65001
bgp default local-preference 500
Local Preference Example
Figure 6-49 illustrates a sample network running BGP that will be used to demonstrate how local preference can be manipulated. This network initially has no commands configured to change the local preference.
Example 6-27 illustrates the BGP forwarding table on Router C in Figure 6-49, showing only the networks of interest to this example:
-
172.16.0.0 in autonomous system 65003
-
172.24.0.0 in autonomous system 65005
-
172.30.0.0 in autonomous system 65004
Example 6-27: BGP Table for Router C in Figure 6-49 Without Path Manipulation
RouterC#show ip bgp
BGP table version is 7, local router ID is 192.168.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i
*>i 192.168.28.1 100 0 65002 65003 i
*>i172.24.0.0 172.20.50.1 100 0 65005 i
* i 192.168.28.1 100 0 65002 65003 65004 65005
i
*>i172.30.0.0 172.20.50.1 100 0 65005 65004 i
* i 192.168.28.1 100 0 65002 65003 65004i
The best path is indicated with a > in the second column of the output.
Each network has two paths that are loop free, have synchronization disabled, and have a valid next-hop address (that can be reached from Router C). All routes have a weight of 0 and a default local preference of 100, so Steps 1 and 2 in the BGP path-selection process do not select the best route.
This router does not originate any of the routes (Step 3), so the process moves to Step 4, and BGP uses the shortest AS-path to select the best routes as follows:
-
For network 172.16.0.0, the shortest AS-path of two autonomous systems (65002 65003) is through the next hop of 192.168.28.1.
-
For network 172.24.0.0, the shortest AS-path of one autonomous system (65005) is through the next hop of 172.20.50.1.
-
For network 172.30.0.0, the shortest AS-path of two autonomous systems (65005 65004) is through the next hop of 172.20.50.1.
Neither Routers A nor B are using the neighbor next-hop-self command in this example.
A traffic analysis reveals the following:
-
The link going through Router B to 172.20.50.1 is heavily used, and the link through Router A to 192.168.28.1 is hardly used at all.
-
The three largest-volume destination networks on the Internet from autonomous system 65001 are 172.30.0.0, 172.24.0.0, and 172.16.0.0.
-
Thirty percent of all Internet traffic is going to network 172.24.0.0 (via Router B), 20 percent is going to network 172.30.0.0 (via Router B), and 10 percent is going to network 172.16.0.0 (via Router A). The other 40 percent is going to other destinations. Thus, considering only these three largest-volume destinations, only 10 percent of the traffic is using the link out Router A to 192.168.28.1, and 50 percent of the traffic is using the link out Router B to 172.20.50.1.
The network administrator has decided to divert traffic to network 172.30.0.0 and send it out Router A to the next hop of 192.168.28.1, so that the loading between Routers A and B is more balanced.
Changing Local Preference Using Route Maps
A route map is added to Router A in Figure 6-49, as shown in the BGP configuration in Example 6-28. The route map alters the network 172.30.0.0 BGP update from Router X (192.168.28.1) to have a high local preference value of 400 so that it will be more preferred.
Example 6-28: BGP Configuration for Router A in Figure 6-49 with a Route Map
router bgp 65001
neighbor 192.168.2.2 remote-as 65001
neighbor 192.168.3.3 remote-as 65001
neighbor 192.168.2.2 remote-as 65001 update-source loopback0
neighbor 192.168.3.3 remote-as 65001 update-source loopback0
neighbor 192.168.28.1 remote-as 65002
neighbor 192.168.28.1 route-map local_pref in
!
route-map local_pref permit 10
match ip address 65
set local-preference 400
!
route-map local_pref permit 20
!
access-list 65 permit 172.30.0.0 0.0.255.255
The first line of the route map called local_pref is a permit statement with a sequence number of 10; it defines the first route-map statement. The match condition for this statement checks all networks to see which are permitted by access list 65. Access list 65 permits all networks that start with the first two octets of 172.30.0.0. The route map sets routes for these networks to a local preference of 400, with the set local-preference 400 command.
The second statement in the route map called local_pref is a permit statement with a sequence number of 20, but it does not have any match or set statements. This statement is similar to a permit any statement in an access list. Because there are no match conditions for the remaining networks, they are all permitted with their current settings. In this case, the local preference for routes for networks 172.16.0.0 and 172.24.0.0 stays set at the default of 100. The sequence number 20 (rather than 11) is chosen for the second statement in case other policies have to be implemented later before this statement.
This route map is linked to neighbor 192.168.28.1 as an inbound route map. Therefore, as Router A receives updates from 192.168.28.1, it processes them through the local_pref route map and sets the local preference accordingly as the routes are placed in Router A’s BGP forwarding table.
Example 6-29 illustrates the BGP table on Router C in Figure 6-49, after the route map has been applied on Router A and the BGP sessions have been reset. Router C learns about the new local preference value (400) coming from Router A for network 172.30.0.0. The only difference in this table compared to the original in Example 6-27 is that the best route to network 172.30.0.0 is now through 192.168.28.1 because its local preference of 400 is higher than the local preference of 100 for the next hop of 172.20.50.1. The AS-path through 172.20.50.1 is still shorter than the path through 192.168.28.1, but AS-path length is not evaluated until Step 4, whereas local preference is examined in Step 2. Therefore, the higher local preference path was chosen as the best path.
Example 6-29: BGP Table for Router C in Figure 6-49 with a Route Map for Local Preference
RouterC#show ip bgp
BGP table version is 7, local router ID is 192.168.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i
*>i 192.168.28.1 100 0 65002 65003 i
*>i172.24.0.0 172.20.50.1 100 0 65005 i
* i 192.168.28.1 100 0 65002 65003 65004 65005 i
* i172.30.0.0 172.20.50.1 100 0 65005 65004 i
*>i 192.168.28.1 400 0 65002 65003 65004i
Setting the AS-Path
It is complicated to influence other autonomous systems to select a particular path for traffic that is returning to a specific autonomous system. Because it is unlikely that the operator of an autonomous system can request changes in router configurations in another autonomous system, it is nearly impossible to influence another autonomous system to select the desired path based on the weight and local preference attributes, because these require configuration changes in the neighboring autonomous system.
| Note | Communities, described in Appendix C, can be used to set attributes, including weight and local preference, in other autonomous systems. For example, an ISP with multihomed customers could allow those customers to set the local preference using communities. |
As we have seen, by default, if no BGP path selection tools are configured to influence traffic flow, BGP uses the shortest autonomous system path, regardless of available bandwidth.
One way that an autonomous system can attempt to influence incoming traffic flow is by sending out EBGP updates with an extended AS-path attribute for undesired paths. The autonomous system path is extended with multiple copies of the autonomous system number of the sender. The receiver of this update is less likely to select the path as the best because its AS-path attribute appears to be longer. This feature is called AS-path prepending. There is no mechanism to calculate the optimal required prepended AS-path length, because the administrator of an autonomous system has no control over whether other autonomous systems are also doing prepending.
To avoid clashes with BGP loop-prevention mechanisms, no other autonomous system number, except that of the sending autonomous system, should be prepended to the AS-path attribute. If another autonomous system number is prepended in the autonomous system path, the routers in the autonomous system that has been prepended will reject the update because of BGP loop-prevention mechanisms.
You can configure prepending on a router for all routing updates that you send to a neighbor or only on a subset of them.
Figure 6-50 shows an example network, and Example 6-30 is a partial configuration for Router R1.
Example 6-30: Configuration of Router R1 in Figure 6-50
The route map called set-AS-path has only one statement, a permit statement with a sequence number of 10. There is no match condition for this statement, so it matches all updates. The set as-path {tag | prepend as-path-string} route-map configuration command is used to modify the AS-path attribute. The parameters of this command are described in Table 6-10.
Table 6-10: set as-path Command Description
Open table as spreadsheet | Parameter | Description |
| tag | Converts the tag of a route into an AS-path. Applies only when redistributing routes into BGP. |
| prepend as-path-string | Prepends the as-path-string to the AS-path attribute of the route that is matched by the route map. The range of values is any valid autonomous system number from 1 to 65535. Multiple values can be entered. Applies to inbound and outbound BGP route maps. |
This route map is linked to neighbor 172.16.1.1 as an outbound route map. Therefore, as Router R1 sends updates to 172.16.1.1, it processes them through the set-AS-path route map and all updates sent to neighbor 172.16.1.1 are prepended three times with the autonomous system number of the sender (65040), making that path less preferable for the returning traffic.
Setting the MED
Recall that MED is used to decide how to enter an autonomous system when multiple paths exist between two autonomous systems and one autonomous system is trying to influence the incoming path from the other autonomous system. Because MED is evaluated late in the BGP path-selection process (Step 6), it usually has no influence on the process. For example, an autonomous system receiving a MED for a route can change its local preference on how to leave the autonomous system to override what the other autonomous system is advertising with its MED value.
When comparing MED values for the same destination network in the BGP path-selection process, the lowest MED value is preferred.
Changing the MED for All Routes
The default MED value for each network an autonomous system owns and advertises to an EBGP neighbor is set to 0. To change this value, use the default-metric number router configuration command. The number parameter is the MED value.
Manipulating the default MED value can have an immediate and dramatic effect on traffic flow entering your autonomous system. Before making any changes to manipulate the path, you should perform a thorough traffic analysis to ensure that you understand the effects of the change.
For example, the configurations of Routers A and B in Figure 6-51 are shown in Examples 6-31 and 6-32, respectively. The network administrator in autonomous system 65001 tries to manipulate how autonomous system 65004 chooses its path to reach routes in autonomous system 65001. By changing the default metric under the BGP process on Router A to 1001, Router A advertises a MED of 1001 for all routes to Router X. Router X then informs all the other routers in autonomous system 65004 of the MED through Router X to reach networks originating in autonomous system 65001. A similar event happens on Router B, but Router B advertises a MED of 99 for all routes to Router Y. All routers in autonomous system 65004 see a MED of 1001 through the next hop of Router A and a MED of 99 through the next hop of Router B to reach networks in autonomous system 65001. (The neighbor next-hop self command is not used on either Router X or Router Y.) If autonomous system 65004 has no overriding policy, all routers in autonomous system 65004 choose to exit their autonomous system through Router Y to reach the networks in autonomous system 65001. This traffic goes through Router B. This selection causes Router A’s inbound bandwidth utilization to decrease to almost nothing except for BGP routing updates, and it causes the inbound utilization on Router B to increase and be used for all returning packets from autonomous system 65004 to autonomous system 65001.
Example 6-31: BGP Configuration for Router A in Figure 6-51
router bgp 65001
default-metric 1001
Example 6-32: BGP Configuration for Router B in Figure 6-51
router bgp 65001
default-metric 99
This situation is probably not what the network administrator intended. Instead, to load-share the inbound traffic to autonomous system 65001, the autonomous system 65001 network administrator should configure some networks to have a lower MED through Router B and other networks to have a lower MED through Router A. Route maps should be used to set the appropriate MED values for various networks.
Changing the MED Using Route Maps
The network shown in Figure 6-52 is used as an example to demonstrate how to manipulate inbound traffic using route maps to change the BGP MED attribute. The intention of these route maps is to designate Router A as the preferred entry point to reach networks 192.168.25.0/24 and 192.168.26.0/24 and Router B as the preferred entry point to reach network 192.168.24.0/24. The other networks should still be reachable through each router in case of a link or router failure.
The MED is set outbound when advertising to an EBGP neighbor. In the configuration for Router A shown in Example 6-33, a route map named med_65004 is linked to neighbor 192.168.28.1 (Router X) as an outbound route map. When Router A sends an update to neighbor 192.168.28.1, it processes the outbound update through route map med_65004 and changes any values specified in a set command if the corresponding match command conditions in that section of the route map are met.
Example 6-33: BGP Configuration for Router A in Figure 6-52 with a Route Map
router bgp 65001
neighbor 192.168.2.2 remote-as 65001
neighbor 192.168.3.3 remote-as 65001
neighbor 192.168.2.2 update-source loopback0
neighbor 192.168.3.3 update-source loopback0
neighbor 192.168.28.1 remote-as 65004
neighbor 192.168.28.1 route-map med_65004 out
!
route-map med_65004 permit 10
match ip address 66
set metric 100
route-map med_65004 permit 100
set metric 200
!
access-list 66 permit 192.168.25.0.0 0.0.0.255
access-list 66 permit 192.168.26.0.0 0.0.0.255
The first line of the route map called med_65004 is a permit statement with a sequence number of 10; it defines the first route-map statement. The match condition for this statement checks all networks to see which are permitted by access list 66. The first line of access list 66 permits any networks that start with the first three octets of 192.168.25.0, and the second line of access list 66 permits networks that start with the first three octets of 192.168.26.0.
Routes for any networks that are permitted by either of these lines will have the MED set to 100, by the set metric 100 command. No other networks are permitted by this access list (there is an implicit deny all at the end of all access lists), so the MED of the other routes is not changed. These other routes must proceed to the next route-map statement in the med_65004 route map.
The route map’s second statement is a permit statement with a sequence number of 100. The route map does not have any match statements, just a set metric 200 statement. This statement is similar to a permit any statement for route maps. Because the network administrator does not specify a match condition for this portion of the route map, all routes being processed through this section of the route map (sequence number 100) are permitted, and the MED of these routes is set to 200. If the network administrator did not set the MED to 200, by default it would have been set to a MED of 0. Because 0 is less than 100, the routes with a MED of 0 would have been the preferred paths to the networks in autonomous system 65001.
Similarly, the configuration for Router B is shown in Example 6-34. A route map named med_65004 is linked to neighbor 172.20.50.1 as an outbound route map. Before Router B sends an update to neighbor 172.20.50.1, it processes the outbound update through route map med_65004, and changes any values specified in a set command if the preceding match command conditions in that section of the route map are met.
Example 6-34: BGP Configuration for Router B in Figure 6-52 with a Route Map
router bgp 65001
neighbor 192.168.1.1 remote-as 65001
neighbor 192.168.3.3 remote-as 65001
neighbor 192.168.1.1 update-source loopback0
neighbor 192.168.3.3 update-source loopback0
neighbor 172.20.50.1 remote-as 65004
neighbor 172.20.50.1 route-map med_65004 out
!
route-map med_65004 permit 10
match ip address 66
set metric 100
route-map med_65004 permit 100
set metric 200
!
access-list 66 permit 192.168.24.0.0 0.0.0.255
The first line of the route map called med_65004 is a permit statement with a sequence number of 10; it defines the first route-map statement. The match condition for this statement checks all networks to see which are permitted by access list 66. Access list 66 on Router B permits any networks that start with the first three octets of 192.168.24.0.
Routes for any networks that are permitted by this line have the MED set to 100 by the route map. No other networks are permitted by this access list, so the MED of the other routes is unchanged. These other routes must proceed to the next route-map statement in the med_65004 route map.
The second statement of the route map is a permit statement with a sequence number of 100, but it does not have any match statements, just a set metric 200 statement. This statement is similar to a permit any statement for route maps. Because the network administrator does not specify a match condition for this portion of the route map, all routes being processed through this section of the route map are permitted, and the MED of these routes is set to 200. If the network administrator did not set the MED to 200, by default it would have been set to a MED of 0. Because 0 is less than 100, the routes with a MED of 0 would have been the preferred paths to the networks in autonomous system 65001.
Example 6-35 shows the BGP forwarding table on Router Z in autonomous system 65004 indicating the networks learned from autonomous system 65001. (Other networks that do not affect this example have been omitted.) Remember that in this command output, the MED is shown in the column labeled Metric.
Example 6-35: BGP Table for Router Z in Figure 6-52 with a Route Map
RouterZ#show ip bgp
BGP table version is 7, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.24.0 172.20.50.2 100 100 0 65001 i
* i 192.168.28.2 200 100 0 65001 i
* i192.168.25.0 172.20.50.2 200 100 0 65001 i
*>i 192.168.28.2 100 100 0 65001 i
* i192.168.26.0 172.20.50.2 200 100 0 65001 i
*>i 192.168.28.2 100 100 0 65001 i
Router Z has multiple paths to reach each network. These paths all have valid next-hop addresses, synchronization disabled, and the paths are loop free. All networks have a weight of 0 and a local preference of 100, so Steps 1 and 2 in the route-selection decision process do not determine the best path. None of the routes were originated by this router or any router in autonomous system 65004. All networks came from autonomous system 65001, so Step 3 does not apply. All networks have an AS-path of one autonomous system (65001) and were introduced into BGP with network statements (i is the origin code), so Steps 4 and 5 are equal. The route-selection decision process therefore gets to Step 6, which states that BGP chooses the lowest MED if all preceding steps are equal or do not apply.
For network 192.168.24.0, the next hop of 172.20.50.2 has a lower MED than the next hop of 192.168.28.2. Therefore, for network 192.168.24.0, the path through 172.20.50.2 is the preferred path. For networks 192.168.25.0 and 192.168.26.0, the next hop of 192.168.28.2 has a lower MED (100) than the next hop of 172.20.50.2 (with a MED of 200). Therefore, 192.168.28.2 is the preferred path for those two networks.
Implementing BGP in an Enterprise Network
Figure 6-53 depicts a typical enterprise BGP implementation. The enterprise is multihomed to two ISPs, to increase the reliability and performance of its connection to the Internet. The ISPs might pass only default routes or might also pass other specific routes, or even all routes, to the enterprise. The enterprise routers connected to the ISPs run EBGP with the ISP routers and IBGP between themselves; therefore, all routers in the transit path within the enterprise autonomous system run IBGP. These routers pass default routes to the other routers in the enterprise, rather than redistributing BGP into the interior routing protocol.
BGP attributes can be manipulated, using the methods discussed in this section, by any of the routers running BGP, to affect the path of the traffic to and from the autonomous systems.
Filtering BGP Routing Updates
BGP may receive a high number of routing updates. To optimize BGP configuration, route filtering may be applied.
As illustrated in Figure 6-54, filter lists, prefix lists, and route maps can be applied to either incoming or outgoing BGP information, or in any combination. The incoming prefix list, filter list, and route map must all permit the routes that are received from a neighbor before they will be accepted into the BGP table. Similarly, outgoing routes must pass the outgoing filter list, prefix list, and route map before they will be sent to the neighbor.
If you configure a router to redistribute routing information from an IGP into BGP, the routes must successfully pass any prefix list or route map applied to the redistribution process before the route is injected into the BGP table.
This section describes the steps needed to configure routing update filtering using prefix lists and route maps.
BGP Filtering Using Prefix Lists
Chapter 4 describes prefix lists and how to configure them. This section introduces the use of prefix lists for BGP route filtering.
Planning BGP Filtering Using Prefix Lists
When planning BGP filter configuration using prefix lists, the following steps should be documented in an implementation plan:
-
Define the traffic filtering requirements, including the following:
-
Configure the ip prefix-list statements, including using mask filtering and the ge and le parameters.
-
Apply the prefix list to filter inbound or outbound updates.
BGP Filtering Using Prefix Lists Example
Recall that the ip prefix-list {list-name | list-number} [seq seq-value] {deny | permit} network/length [ge ge-value] [le le-value] global configuration command is used to create a prefix list.
The neighbor {ip-address | peer-group-name} prefix-list prefix-list-name {in | out} router configuration command is used to apply a prefix list to routes from or to a neighbor. The parameters of this command are described in Table 6-12.
Table 6-12: neighbor prefix-list Command Description
Open table as spreadsheet | Parameter | Description |
| ip-address | IP address of the BGP neighbor. |
| peer-group-name | Name of a BGP peer group. |
| prefix-list-name | Name of a prefix list. |
| in | Prefix list is applied to incoming advertisements. |
| out | Prefix list is applied to outgoing advertisements. |
ip prefix-list statements in which you specify the ge and le option match any prefix within the address range that you specify with the ge and le parameters. For example, consider Figure 6-55 and the configuration on router R2 in Example 6-36. The prefix-list named ANY-8to24-NET is configured to match routes from any networks that have a mask length from 8 to 24 bits. The 0.0.0.0/0 network/length combination does not match a specific network; rather it defines any network. The parameters ge 8 and le 24 specify that any network with the mask length between 8 and 24 matches the prefix list entry.
Example 6-36: Configuration for Router R2 in Figure 6-55
router bgp 65001
neighbor 172.16.1.2 remote-as 65002
neighbor 172.16.1.2 prefix-list ANY-8to24-NET in
!
ip prefix-list ANY-8to24-NET permit 0.0.0.0/0 ge 8 le 24
The prefix list ANY-8to24-NET is applied to the incoming advertisements from the BGP neighbor 172.16.1.2. It permits routes from any network with a mask length from 8 to 24 bits.
| Note | Cisco IOS documentation for the neighbor prefix-list command says this command is used to “prevent distribution” of BGP neighbor information as specified in a prefix list. Other documentation interprets this statement incorrectly and assumes that routes permitted by the prefix list are denied (prevented) from being sent (with the out keyword) or received (with the in keyword). Our testing confirmed that the neighbor prefix-list command actually behaves as we expected: routes permitted by the prefix list are sent (with the out keyword) or received (with the in keyword). |
Example 6-37 displays the output from the show ip prefix-list detail command on router R2. Router R2 has a prefix list called ANY-8to24-NET that has only one entry (sequence number 10). The hit count of 0 means that no routes have matched this entry. Use the clear ip prefix-list prefix-list-name [network/length] command to reset the hit count shown on prefix list entries.
Example 6-37: show ip prefix-list detail Command Output on Router R2 in Figure 6-55
R2#show ip prefix-list detail ANY-8to24-NET
ip prefix-list ANY-8to24-NET:
Description: test-list
count: 1, range entries: 1, sequences: 10 - 10, refcount: 3
seq 10 permit 0.0.0.0/0 ge 8 le 24 (hit count: 0, refcount: 1)
BGP Filtering Using Route Maps
Route maps, as described in Chapter 4, can also be used to filter BGP updates.
Planning BGP Filtering Using Route Maps
When you are planning BGP filter configuration using route maps, the following steps should be documented in an implementation plan:
BGP Filtering with Route Maps Example
To apply a route map to filter incoming or outgoing BGP routes, use the neighbor ip address route-map name {in | out} router configuration command. The routes that are permitted may have their attributes set or changed, using set commands in the route map. This is useful when trying to influence route selection.
| Note | Similar route filtering could be performed for the OSPF or EIGRP routing process. In this case, the distribute-list in or distribute-list out commands are used with route maps, which define which updates are dropped and which updates are accepted. |
In the example network in Figure 6-56, the customer accepts only a default route from the two ISPs and uses the link to autonomous system 65387 as their primary link for outbound traffic. The configuration of the customer Router A is shown in Example 6-38.
Example 6-38: Configuration of Router A in Figure 6-56
router bgp 65213
neighbor 10.2.3.4 remote-as 65627
neighbor 10.2.3.4 route-map filter in
neighbor 10.4.5.6 remote-as 65387
neighbor 10.4.5.6 route-map filter in
!
route-map filter permit 10
match ip address prefix-list defonly
match as-path 10
set weight 150
!
route-map filter permit 20
match ip address prefix-list defonly
set weight 100
!
ip as-path access-list 10 permit _65387$
ip prefix-list defonly seq 10 permit 0.0.0.0/0
Router A is configured for BGP with two neighbors using neighbors remote-as commands. Both neighbors are configured with the neighbor route-map command to filter the incoming routing update traffic according to the route-map named filter. The route map filter allows only a default route into the customer’s network, as defined by the prefix list defonly. The default route coming from ISP in autonomous system 65387, as defined in the autonomous system path access list 10, is assigned a weight value of 150, and all other default routes (in this case, the one coming from ISP autonomous system 65627) are assigned a weight value of 100. Because a higher weight value is preferred, the link to ISP autonomous system 65387 is preferred.
Summary
This chapter covered the basics of BGP, the EGP used on the Internet, through discussion of the following topics:
-
BGP terminology and concepts, including the following:
-
BGP’s use between autonomous systems.
-
The range of private autonomous system numbers: 64512 to 65535.
-
Requirements for an enterprise’s connection to an ISP, including public IP address space, link type and bandwidth, routing protocol, and connection redundancy.
-
Using Layer 2 circuit emulation and Layer 3 MPLS VPNs to connect to multiple ISPs.
-
Using static routes to connect to an ISP.
-
The four connection redundancy types:
-
Single-homed: One connection to one ISP
-
Dual-homed: Two connections to one ISP
-
Multihomed: One connection to each of multiple (usually two) ISPs
-
Dual-multihomed: Two connections to each of two ISPs
-
BGP neighbor (peer) relationships:
-
IBGP, when BGP runs between routers in the same autonomous system.
-
EBGP, when BGP runs between routers that are in different autonomous systems. EBGP neighbors are typically directly connected.
-
Three common multihoming options:
-
Each ISP passes only a default route to the autonomous system.
-
Each ISP passes only a default route and provider-owned specific routes to the autonomous system.
-
Each ISP passes all routes to the autonomous system.
-
BGP’s loop-free guarantee, because it does not accept a routing update that already includes its autonomous system number in the path list
-
When to use BGP: If the autonomous system allows packets to transit through it to reach other autonomous systems, if the autonomous system has multiple connections to other autonomous systems, or if the routing policy and route selection for traffic entering and leaving the autonomous system must be manipulated.
-
When not to use BGP: If there is only a single connection to the Internet or another autonomous system, if edge routers have a lack of memory or processing power, or if you have a limited understanding of route filtering and the BGP path-selection process.
-
BGP’s classification as a path vector protocol and its use of TCP protocol 179.
-
The use of full-mesh IBGP on all routers in the transit path within the autonomous system.
-
The BGP synchronization rule, which states that a BGP router should not use, or advertise to an external neighbor, a route learned by IBGP, unless that route is local or is learned from the IGP. BGP synchronization is disabled by default in Cisco IOS Software Release 12.2(8)T and later.
-
The three tables used by BGP: the BGP table, IP routing table, and BGP neighbor table.
-
The four BGP message types: open, keepalive, update, and notification.
-
The BGP attributes that can be either well known or optional, mandatory or discretionary, and transitive or nontransitive. An attribute might also be partial. The BGP attributes are the following:
-
AS-path: Well-known mandatory. The list of autonomous system numbers that a route has traversed to reach a destination, with the number of the autonomous system that originated the route at the end of the list.
-
Next-hop: Well-known mandatory. Indicates the next-hop IP address that is to be used to reach a destination. For EBGP, the next hop is the IP address of the neighbor that sent the update; for IBGP, the protocol states that the next hop advertised by EBGP should be carried into IBGP.
-
Origin: Well-known mandatory. Defines the origin of the path information; can be IGP, EGP, or incomplete.
-
Local preference: Well-known discretionary. Indicates to routers in the autonomous system which path is preferred to exit the autonomous system. The path with a higher local preference is preferred. Sent only to IBGP neighbors.
-
Atomic aggregate: Well-known discretionary. Informs the neighbor autonomous system that the originating router has aggregated the routes.
-
Aggregator: Optional transitive. Specifies the BGP router ID and autonomous system number of the router that performed the route aggregation.
-
Community: Optional transitive. Allows routers to tag routes with an indicator (the community) and allows other routers to make decisions based on that tag.
-
MED: Optional nontransitive. Also called metric. Indicates to external neighbors the preferred path into an autonomous system. A lower value is preferred; exchanged between autonomous systems.
-
Weight: Cisco defined; provides local routing policy only and is not propagated to any BGP neighbors. Routes with a higher weight are preferred.
-
The 11-step BGP route-selection decision process:
-
BGP peer groups, a group of BGP neighbors of the router being configured that all have the same update policies, created with the neighbor peer-group-name peer-group router configuration command. The neighbor ip-address peer-group peer-group-name router configuration command assigns neighbors as part of the group. The clear ip bgp peer-group peer-group-name EXEC command resets the BGP connections for all members of a BGP peer group.
-
Basic BGP configuration commands:
-
The router bgp autonomous-system global configuration command, which defines the autonomous system that the router is in and enters router configuration mode.
-
The neighbor {ip-address | peer-group-name} remote-as autonomous-system router configuration command, which tells BGP where to advertise.
-
The network network-number [mask network-mask] [route-map map-tag] router configuration command, which tells BGP what to advertise. This command permits BGP to advertise a network if it is present in the IP routing table.
-
The relationship between the BGP table, the IP routing table and the network command: The network command allows a BGP router to advertise a network that is in its IP routing table to its neighbors. The neighbor router that receives that network information puts the information in its BGP table and selects its best BGP route for that network. The best route is offered to its IP routing table. BGP neighbors exchange their best BGP routes. Routes learned by IBGP do not have to be in the IP routing table for BGP to use or advertise them (with the default of synchronization disabled).
-
Using the neighbor {ip-address | peer-group-name} shutdown router configuration command to administratively shut down an existing BGP neighbor or peer group.
-
Using the neighbor {ip-address | peer-group-name} update-source loopback interface-number router configuration command to cause the router to use the address of the specified loopback interface as the source address for BGP connections to this neighbor.
-
Using the neighbor {ip-address | peer-group-name} ebgp-multihop [ttl] router configuration command to enable multihop EBGP.
-
Using the neighbor {ip-address | peer-group-name} next-hop-self router configuration command to force BGP to use the source IP address of the update as the next hop for each network it advertises to the neighbor.
-
Using the neighbor {ip-address | peer-group-name} password string router configuration command to enable MD5 authentication on a TCP connection between two BGP peers.
-
Using the synchronization router configuration command to enable BGP synchronization so that a router will not advertise routes in BGP until it learns them in an IGP.
-
Using the clear ip bgp {* | neighbor-address} privileged EXEC command to cause a hard reset of the BGP neighbors involved. Using the clear ip bgp {* | neighbor-address} [soft out] privileged EXEC command to cause BGP to do a soft reset for outbound updates.
-
Using the neighbor {ip-address} soft-reconfiguration inbound router configuration command to inform BGP to save all updates that were learned from the neighbor specified. When an inbound policy is changed, use the clear ip bgp {* | neighbor-address} soft in privileged EXEC command to cause the router to use the stored unfiltered table to generate new inbound updates. Alternatively, use the clear ip bgp {* | neighbor-address} [soft in | in] privileged EXEC command for dynamic soft reconfiguration, without using the neighbor soft-reconfiguration inbound command, in routers with an IOS that supports this feature.
-
Commands for verifying BGP configuration, including the following:
-
show ip bgp neighbors
-
show ip bgp neighbors {address} received-routes
-
show ip bgp neighbors {address} routes
-
show ip bgp neighbors {address} advertised-routes
-
show ip bgp
-
show ip bgp summary
-
show ip bgp rib-failure
-
debug ip bgp {dampening | events | keepalives | updates}
-
Understanding and troubleshooting the BGP states: idle, connect, active, open sent, open confirm, and established.
-
BGP path manipulation, including the following:
-
Using the neighbor {ip-address | peer-group-name} weight weight router configuration command to assign a weight to updates from a neighbor connection.
-
Using the match as-path path-list-number route-map configuration command to match AS-path attributes defined in an autonomous system path access-list. The autonomous system path access-list is defined by the ip as-path access-list acl-number {permit | deny} regexp global configuration command.
-
Using the set weight weight route-map configuration command to change the weight within a route-map.
-
Using the bgp default local-preference value router configuration command to change the default local preference to the value specified.
-
Using the set local-preference local-preference route-map configuration command to change the local preference within a route-map.
-
Using the as-path {tag | prepend as-path-string} route-map configuration command to modify the AS-path attribute.
-
Using the default-metric number router configuration command to change the MED value for each network an autonomous system owns and advertises to an EBGP neighbor.
-
Using the set metric metric route-map configuration command to change the MED value within a route-map.
-
Using the neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} router configuration command to apply a filter list to routes from or to a neighbor.
-
Using the ip prefix-list {list-name | list-number} [seq seq-value] {deny | permit} network/length [ge ge-value] [le le-value] global configuration command to create a prefix list. Use the neighbor {ip-address | peer-group-name} prefix-list prefix-list-name {in | out} router configuration command to apply a prefix list to routes from or to a neighbor. Use the show ip prefix-list detail command to verify prefix lists.
-
Using the neighbor ip address route-map name {in | out} router configuration command to apply a route map to filter incoming or outgoing BGP routes.
0 comments
Post a Comment