20111027_cht_tl_教育訓練 day4
TRANSCRIPT
-
8/2/2019 20111027_CHT_TL_ Day4
1/68
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net
Day 4
Layer 3 Routing(EGP - BGP)
Johnson Liu
[email protected] Oct. 27, 2011
-
8/2/2019 20111027_CHT_TL_ Day4
2/68
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net
Border Gateway Protocol(BGP)
-
8/2/2019 20111027_CHT_TL_ Day4
3/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 3
BGP is the core routing protocol within the Internet
What Is BGP?
AS 65501
AS 65503
AS 65502
AS 65504
Note: BGP Is an IETF standard defined in RFC 4271 (supersedes RFC
1771).
BGP is a path-vector protocolused for interdomain routing.
BGP views the Internet as acollection of autonomous systems.
BGP
-
8/2/2019 20111027_CHT_TL_ Day4
4/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 4
BGP is typically used in large enterpriseenvironments where multiple ISP connections exist,and in all service provider environments
When Should I Use BGP?
AS 65501
ISP B
ISP A
Static Routing
Customer A
Customer B
Single-homed customers typicallyuse a default route to the Internet.
BGP
AS 65502
AS 65503
Multihomed customers use BGP tocontrol inbound and outbound traffic.
-
8/2/2019 20111027_CHT_TL_ Day4
5/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 5
BGP peers can reside in different ASs or the sameAS
Peers in different ASs use the external session type(EBGP)
Peers in the same AS use the internal session type(IBGP)
BGP Peers (1 of 2)
IGP
AS 65501
IGPIBGP
AS 65503
IGPIBGP
AS 65502
IGP
AS 65504
EBGP
IBGP is not used because
a single BGP speakerexists.
IBGP is used becausemultiple BGP speakers exist.
-
8/2/2019 20111027_CHT_TL_ Day4
6/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 6
BGP peering sessions are manually defined andrely on TCP connections(port 179) No automatic neighbor discovery
BGP Peers (2 of 2)
R1 R2
BGP Neighbor States
TCP Connectivity BGP Connectivity
TCP Connectivity
BGP Connectivity
Established Neighbors
(1) Idle
(2) Connect
(4) OpenSent
(5) OpenConfirm
(6) Established(3) Active
-
8/2/2019 20111027_CHT_TL_ Day4
7/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 7
BGP Message Types
BGP messages are used to establish and maintainBGP peering sessions
All BGP messages use a common header
BGP Message TypesOpen Keepalive
Update Notification
Refresh
R1 R2
TCP Connectivity
BGP Connectivity
Established Neighbors
-
8/2/2019 20111027_CHT_TL_ Day4
8/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 8
BGP Update Messages
BGP update messages include pathadvertisements and their associated attributes
Can also list withdrawn routes that are no longerreachable
R1 R2 R3
Established Neighbors Established Neighbors
Router compares attributes associatedwith update messages to select the bestpath
Route 129.1.0.0/16 Route 129.1.0.0/16
-
8/2/2019 20111027_CHT_TL_ Day4
9/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 9
High-Level BGP Operation
Customer ACustomer B(AS 65501)
ISP A(AS 65001)
ISP C(AS 65003)
Customer A is single-homed to ISP A anduses 172.20.21.0/24 subnet, which was
assigned by ISP A
Static defaultroute to ISP A
Static route to Customer A
ISP B(AS 65002)
-
8/2/2019 20111027_CHT_TL_ Day4
10/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 10
ISP As Network
Customer A
ISP A(AS 65001)
ISP C(AS 65003)
I can reach172.20.0.0/16
(BGP Aggregate
Route)
R1
R2
R3
R4
Static route for 172.20.21.0/24 toCustomer A
I can reach172.20.21.0/24(Static => IGP)
-
8/2/2019 20111027_CHT_TL_ Day4
11/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 11
ISP As Aggregate
Customer ACustomer B(AS 65501)
ISP A(AS 65001) ISP C(AS 65003)
ISP B(AS 65002)
172.20.0.0/16 is reachablethrough AS 65001
172.20.0.0/16 isreachable through
AS 65002 andAS 65001
172.20.0.0/16 isreachable through
AS 65003, AS65002 and AS
65001
ISP A advertises an aggregate of172.20.0.0/16 through BGP to ISP B
-
8/2/2019 20111027_CHT_TL_ Day4
12/68 2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 12
Customer Bs Aggregate
Customer ACustomer B(AS 65501)
ISP A(AS 65001)
ISP C(AS 65003)
ISP B(AS 65002)
172.31.128.0/20 isreachable through AS65003 and AS 65501
172.31.128.0/20 is reachablethrough AS 65002, AS 65003
and AS 65501
Default staticroute
172.31.128.0/20is reachablethrough AS
65501
Customer B advertises its172.31.128.0/20 network
through BGP to ISP C
-
8/2/2019 20111027_CHT_TL_ Day4
13/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 13
Customer B Connects to ISP B
Customer ACustomer B(AS 65501)
ISP A(AS 65001)
ISP C
(AS 65003)
ISP B(AS 65002)
172.31.128.0/20 is reachablethrough AS 65003 and AS 65501
172.31.128.0/20 isreachable through
AS 65501
Customer B advertises its172.31.128.0/20 network through
BGP to ISP B and ISP C
172.31.128.0/20 is reachablethrough AS 65002 and AS 65501
ISP B chooses the bestpathand
advertises only that path
172.31.128.0/20 isreachable through
AS 65501
Default staticroute
-
8/2/2019 20111027_CHT_TL_ Day4
14/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 14
BGP Attributes Table
BGP Attributes
Name Type
AS Path Well-known mandatory
Local Preference Well-known discretionary
MED Optional nontransitive
Origin Well-known mandatory
Next Hop Well-known mandatory
Community Optional transitive
Aggregator Optional transitive
Atomic Aggregator Well-known discretionaryCluster List Optional nontransitive
Originator ID Optional nontransitive
-
8/2/2019 20111027_CHT_TL_ Day4
15/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 15
BGP attributes are included in the updatemessages and describe the BGP prefixes receivedfrom a peer
Attributes are used to select the best path
Some common examples include:
BGP Attributes
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
R1 R2 R3
Established Neighbors
Route XRoute X
Established Neighbors
-
8/2/2019 20111027_CHT_TL_ Day4
16/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 16
The next-hop attribute is the IP address of the peer
advertising the prefix Next-hop address must be reachable for receiving peer to
install route in RIB-local (routing table)
BGP Attributes: Next Hop
Common BGP AttributesNextHop
Local PreferenceASPath
Origin MED Community
R2(AS200)
R3(AS200)
Next-hop value is changed bydefault across EBGP links only
Next-hop value is not changed by defaultacross IBGP links; can be changed through
policy
EBGPRoute XNH: 8.1.1.1
R1(AS100)
8.1.1.1/30 8.1.1.2/30
IBGPRoute XNH: 8.1.1.1
16.6.6.1/30 16.6.6.2/30
-
8/2/2019 20111027_CHT_TL_ Day4
17/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 17
BGP Attributes: Local Preference
Determines the preferred path outofthe AS All BGP traffic in an AS flows toward the peer with the
highest local preference value Can be altered through BGP configuration or policy
Values are used only within an individual AS
Nothing is sent across EBGP links
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
-
8/2/2019 20111027_CHT_TL_ Day4
18/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 18
IGPIBGP
MyNET wants to use ISP A for outbound traffic buthave ISP B available for backup outbound traffic
Local-Preference Example
MyNET (AS 65503)
ISP AAS 65501
ISP BAS 65502
R3
R1 R2
R1: local preference = 300 R2: local preference = 100
Default local preference = 100
-
8/2/2019 20111027_CHT_TL_ Day4
19/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 19
Used to indicate path back to the routes source
and to prevent routing loops Routes with the receiving routers AS number in the AS
path are considered looped and not advertised (prefershortest AS Path first)
Route X
BGP Attributes: AS Path
Route X Route X
Route X
AS 501 AS 645 AS 452 AS 521
AS Path = 452 645 501AS Path = 645 501
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
AS Path = 501
-
8/2/2019 20111027_CHT_TL_ Day4
20/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 20
BGP Attributes: Origin
Added by the router that injected a route into BGPand describes from where the route informationwas received (prefer lowest origin code so thepriority is prefer IGP than EGP, or prefer EGP than
Incomplete) I = IGP (0)
E = EGP (1)
? = Incomplete (2)
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
-
8/2/2019 20111027_CHT_TL_ Day4
21/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 21
BGP Attributes: Multi-Exit Discriminator
Used to help influence the preferred path back intoan AS when multiple links exist between the sametwo ASs
Can be altered through BGP configuration or policy
Lower values are betterRoute X (MED = 20)
Route X (MED = 10)prefix X
AS 65501 AS 65502
IGPIBGP
IGPIBGP
R1
R2
R1
R2
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
-
8/2/2019 20111027_CHT_TL_ Day4
22/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 22
BGP Attributes: Community
Used to tag certain routes that can be identifiedeasily
Defined under [edit policy-options] hierarchy[edit policy-options]user@R1# show
policy-statement ibgp-export {
from neighbor 172.25.125.2;
then {
community set customer-routes;
}
}
community customer-routes members 64700:133;
Communities are set, added,or deleted through routingpolicy.
Community format is typically:AS-
number:community
Common BGP Attributes
NextHop
Local PreferenceASPath
Origin MED Community
-
8/2/2019 20111027_CHT_TL_ Day4
23/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 23
Selecting the Active BGP Route(*)
Once BGP verifies next-hop reachability and thatno loops exist, it selects the active route as follows:
BGP Route Selection Summary
1. Prefer the highest local-preferencevalue
6. Prefer best exit from AS
2. Prefer the shortest AS-path length 7. For EBGP-received routes, prefer thecurrent active route; otherwise, preferroutes from the peer with the lowest
RID
3. Prefer the lowest origin value 8. Prefer paths with the shortest clusterlength
4. Prefer the lowest MED value 9. Prefer routes from the peer with thelowest peer ID
5. Prefer routes learned from anEBGP peer over an IBGP peer
-
8/2/2019 20111027_CHT_TL_ Day4
24/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 24
IBGP is used within an ASEBGP is used between ASs
IBGP Versus EBGP
IGP
AS 65501
IGPIBGP
AS 65503
IGPIBGP
AS 65502
IGP
AS 65504
EBGP
-
8/2/2019 20111027_CHT_TL_ Day4
25/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 25
IBGP sessions are usually established betweenloopback addresses
Uses IGP to maintain sessions regardless of physicaltopology
EBGP sessions are usually established using the IPaddresses of the physically connected interfaces
Loopback and Interface Peering
AS 65503
IGPIBGP
R3
R1
R2AS 65502
(.1) 172.24.1.0/30 (.2)
ge-0/0/1.0 ge-0/0/1.0
If failure occurs, loopback-based IBGPsessions stay up over working links
-
8/2/2019 20111027_CHT_TL_ Day4
26/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 26
To avoid loops, BGP speakers do not propagate
IBGP-received routes to other IBGP peers1. A full mesh is required to ensure all IBGP speakers
have consistent BGP routing information or
2. BGP Route Reflector(RR) or
3. BGP Confederation
IBGP Route Propagation
AS 65503
R3R1 R2
AS 65502
IBGP NeighborsIBGP Neighbors
Route X Route X
Rule prohibits R2 fromadvertising route X to R3
Solution is to have R1 and R3become IBGP neighbors
-
8/2/2019 20111027_CHT_TL_ Day4
27/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 27
By default, IBGP peers do not change the next hopfor routes received from EBGP peers
To make the next hop reachable, you can:
Put external interface in IGP using thepassiveoption, or
Use next-hop selfin a policy to cause the router to use itsown IP address as the next hop
IBGP Next-Hop Propagation
AS 65503
R1 R2AS 65502
IBGP Neighbors
Route X Route X
By default, the next-hop value for the routeX advertisement will remain as 172.24.1.1
(.1) 172.24.1.0/30 (.2)
How do I get to
172.24.1.1?
-
8/2/2019 20111027_CHT_TL_ Day4
28/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 28
Default BGP Advertisement Rules
AS 655011. IBGP advertises routes
learned from EBGP
2. EBGP advertises routeslearned from IBGP or
EBGP
4. IBGP does notadvertiseany routes learned from
IBGP
AS 65510
prefix X
Route X
EBGP IGPIBGP
IGP
IBGP
AS 65502
IGP
IBGP
AS 65503
3. IBGP advertises
routes learned fromEBGP
-
8/2/2019 20111027_CHT_TL_ Day4
29/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 29
Case Study: Monitoring BGP (1 of 3)
Use the show bgp summary command to showan overview of the systems BGP information:user@R1> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 12 6 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Act/Rec/Acc/Damped.172.30.1.2 65501 914 915 0 0 6:51:16 6/6/6/0 0/0/0/0
192.168.100.2 65503 978 983 0 0 7:19:03 0/6/6/0 0/0/0/0
-
8/2/2019 20111027_CHT_TL_ Day4
30/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 30
Case Study: Monitoring BGP (2 of 3)
Use the show bgp neighbor command to showthe BGP neighbor database:user@R1> show bgp neighbor
Peer: 172.30.1.2+62790 AS 65501 Local: 172.30.1.1+179 AS 65503
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: NoneExport: [ adv-aggregate ]
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 172.18.1.1 Local ID: 192.168.100.1 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/3.0
-
8/2/2019 20111027_CHT_TL_ Day4
31/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 31
Case Study: Monitoring BGP (3 of 3)
Use the show bgp group command to show theBGP group database:user@R1> show bgp group
Group Type: Internal AS: 65503 Local AS: 65503
Name: int-65503 Index: 0 Flags:
Export: [ next-hop-self-policy ]
Holdtime: 0Total peers: 1 Established: 1
192.168.100.2+51067
inet.0: 0/6/6/0
Group Type: External Local AS: 65503
Name: ext-65501 Index: 1 Flags:
Export: [ adv-aggregate ]
Holdtime: 0
Total peers: 1 Established: 1
172.30.1.2+62790
inet.0: 6/6/6/0
-
8/2/2019 20111027_CHT_TL_ Day4
32/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 32
Case Study: Displaying BGP Routes (1 of 3)
Use show route protocol bgp to display BGProutes installed in the RIB-Local:user@R1> show route protocol bgp
inet.0: 15 destinations, 21 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/16 *[BGP/170] 1d 21:43:42, localpref 100
AS path: 64501 65500 65501 65502 65503 I
> to 172.30.1.2 via ge-0/0/3.0
[BGP/170] 1d 21:43:42, localpref 100, from 192.168.100.2
AS path: 64502 65400 65501 65502 65503 I
> to 172.24.1.2 via ge-0/0/1.0
Note: You can add options to filter the output by BGP attributes such as AS path,next hop, and community.
-
8/2/2019 20111027_CHT_TL_ Day4
33/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 33
Case Study: Displaying BGP Routes (2 of 3)
Use show route receive-protocol bgpneighbor to display received routes (RIB-In):
user@R1> show route receive-protocol bgp 172.30.1.2
inet.0: 14 destinations, 20 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.0.0.0/16 172.30.1.2 65501 65510 65515 65520 65525 I
* 10.1.0.0/16 172.30.1.2 65501 65510 65515 65520 65525 I
* 10.2.0.0/16 172.30.1.2 65501 65510 65515 65520 65525 I
Importpolicy
RIB-Local(Route table)
RIB-In
Routesfrom BGP
peers
Displays route entries in the RIB-Intable that have not yet been filtered
-
8/2/2019 20111027_CHT_TL_ Day4
34/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 34
Case Study: Displaying BGP Routes (3 of 3)
Use show route advertising-protocolbgp neighbor to display advertised routes (RIB-
Out):user@R1> show route advertising-protocol bgp 172.30.1.2
inet.0: 14 destinations, 20 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path* 172.24.0.0/22 Self I
RIB-Local(Route table)
Exportpolicy
RIB-Out
Routes toBGP peers
Displays route entries in the RIB-Outtable that are not yet filtered
-
8/2/2019 20111027_CHT_TL_ Day4
35/68
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net
Advanced BGP Featuresin JUNOS
-
8/2/2019 20111027_CHT_TL_ Day4
36/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 36
[edit protocols bgp group ext-peers]
type external;
peer-as 2;
neighbor 10.222.28.2;
neighbor 10.222.29.2;
}
user@router> show bgp summary
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Rec
10.222.28.2 2 7 7 0 0 00:00:02 4/4/0
10.222.29.2 2 8 10 0 0 00:00:06 0/4/0
BGP Multipath: Part 1BGP can ignore both router ID and peer ID
comparisons whenmultipathis configured withinBGP Can use:
Two peering sessions to the same router
Two peering sessions to different routers in the same AS
R2(AS 2)
R1(AS 1)
10.222.28.2/2410.222.28.1/24
10.222.29.2/2410.222.29.1/24 R3
(AS 2)
-
8/2/2019 20111027_CHT_TL_ Day4
37/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 37
BGP Multipath: Part 2
Routes from each peer contain a singlenext hop
user@R1> show route protocol bgp terse
inet.0: 15 destinations, 19 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 172.16.20.4/30 B 170 100 >10.222.28.2 2 I
B 170 100 >10.222.29.2 2 I
* 172.16.20.8/30 B 170 100 >10.222.28.2 2 I
B 170 100 >10.222.29.2 2 I
* 172.16.20.12/30 B 170 100 >10.222.28.2 2 I
B 170 100 >10.222.29.2 2 I
* 172.16.20.16/30 B 170 100 >10.222.28.2 2 I
B 170 100 >10.222.29.2 2 I
-
8/2/2019 20111027_CHT_TL_ Day4
38/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 38
BGP Multipath: Part 3
Peer group on R1 configured with multipath
Active route receives two next hops
Forwarding table still maintains a single next hop perroute[edit protocols bgp group ext-peers]
type external;
peer-as 2;
multipath;
neighbor 10.222.28.2;
neighbor 10.222.29.2;
}
user@R1> show route protocol bgp terse
inet.0: 15 destinations, 19 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 172.16.20.4/30 B 170 100 >10.222.28.2 2 I10.222.29.2
B 170 100 >10.222.29.2 2 I
* 172.16.20.8/30 B 170 100 >10.222.28.2 2 I
10.222.29.2
B 170 100 >10.222.29.2 2 I
* 172.16.20.12/30 B 170 100 >10.222.28.2 2 I
10.222.29.2
B 170 100 >10.222.29.2 2 I
-
8/2/2019 20111027_CHT_TL_ Day4
39/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 39
Multihop Peering
lo0: 192.168.3.4
EBGP sessions can peer with nonphysicaladdresses
R2(AS 2)
R1(AS 1)
10.10.1.1/2410.10.1.2/24
lo0: 172.16.128.1
[edit protocols bgp group ext-peers]
type external;
local-address 192.168.3.4;
neighbor 172.16.128.1 {
multihop ttl 1;
}
[edit routing-options]
static {
route 172.16.128.1 next-hop [ 10.10.1.1 10.10.2.1 ];
}
10.10.2.1/2410.10.2.2/24
Step 1
Step 2
Step 3
A TTL value of 1 accommodatespeering to a loopback address on adirectly connected peerhigher valuesare needed for peers that are notdirectly connected
-
8/2/2019 20111027_CHT_TL_ Day4
40/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 40
passive keeps BGP from sending open message
To have the router not send active BGP openmessages to the neighbor, include the passive
statement.
The router instead waits for the peer to send anopen message first before sending one.[edit protocols bgp]group ext-peers {
type external;peer-as 2;neighbor 10.10.10.1 {
passive;}
}
Peer Configuration Options: Part 1
-
8/2/2019 20111027_CHT_TL_ Day4
41/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 41
Peer Configuration Options: Part 2
prefix-limit allows a specified amount of
prefixes to be received
[edit protocols bgp]group ext-peers {
type external;
peer-as 2;family inet {
unicast {prefix-limit {
maximum 25000;}
}}
neighbor 10.10.10.1;}
-
8/2/2019 20111027_CHT_TL_ Day4
42/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 42
Peer Configuration Options: Part 3
hold-timealters the value used in the sessionnegotiation process(lowest win)
JUNOS default : keepalive 30/hold-time 90
IOS default : keepalive 60/hold-time 180
[edit protocols bgp]group ext-peers {
type external;hold-time 45;peer-as 2;neighbor 10.10.10.1;
}
-
8/2/2019 20111027_CHT_TL_ Day4
43/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 43
GR allows a router undergoing a restart event toinform its neighbors and request a grace periodduring which it can recover from that restart event
Forwarding through existing paths can continue during
restart
R1s neighbors hide the failurefrom other routers in the network.R2, R4, and R5 are known ashelper routers in GR terminology.
Graceful Restart(GR)
R3 and R6 are not awarea restart event occurred.
Once R1 recovers from the restart event, R1synchronizes with its neighbors without disrupting
packet forwarding.
R1 informs all neighbors of a restartevent. R1 is known as therestarting router in GR terminology.
-
8/2/2019 20111027_CHT_TL_ Day4
44/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 44
Routers (restarting and helper routers) must have
GR enabled and be able to support nonstopforwarding
End-of-RIB markers sent for each NLRI
Notifies the neighbor that all current routing informationwas sent
Local router defers path selection algorithm until themarker is received
Configured globally within the [edit routing-options] hierarchy
GR Support and Requirements
Packet Forwarding
Engine
Routing Engine
Packets In Packets Out
Control Plane
Forwarding Plane
FT
During a restart event, forwardingcontinues based on existing forwardingtable entries.
-
8/2/2019 20111027_CHT_TL_ Day4
45/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 45
Configuring GR (1 of 2)GR helper mode is enabled by default
You can disable GR helper mode globally atthe [edit routing-options] hierarchy or on a
per-protocol, per-group, or per-neighbor basis(depending on the protocol)
[edit]
user@R1# show routing-optionsgraceful-restart {
disable;
}
[edit]
user@R1# show protocols bgp
graceful-restart;
group my-group {
type internal;local-address 192.168.1.1;
neighbor 192.168.1.2;
neighbor 192.168.2.2 {
graceful-restart {
disable;
}
}
}
Disables GR for BGP peer
Enables helper mode for BGP
Note: The most specific application ispreferred.
Disables helper mode globally forall protocols that support GR
-
8/2/2019 20111027_CHT_TL_ Day4
46/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 46
Configuring GR (2 of 2)
GR restarting router mode is not enabled by default You can enable this mode at the [edit routing-options] hierarchy and disable it on a per-protocol, per-
group, or per-neighbor basis (depending on the protocol)
Configuration options vary betweenthe supported protocols [edit]user@R1# show routing-options
graceful-restart;
[edit]
user@R1# show protocols bgp
graceful-restart;
group my-group {
type internal;
local-address 192.168.1.1;
neighbor 192.168.1.2;
neighbor 192.168.2.2 {
graceful-restart {
disable;
}
}
}
Disables GR for specificBGP peer
Enables restarting router mode forall protocols that support GR
-
8/2/2019 20111027_CHT_TL_ Day4
47/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 47
AS 65003192.168.19.0/24
AS 65002
local-preference
R1 R2
lo0=192.168.40.1
user@R2> show route advertising-protocol bgp 192.168.40.1
inet.0: 14 destinations, 15 routes (14 active, 0 holddown, 0 hidden)
Restart Complete
Prefix Nexthop MED Lclpref AS path
* 192.168.19.0/24 Self 0 100 65003 I
[edit]
user@R2# set protocols bgp group int-peers local-preference 300
user@R2> show route advertising-protocol bgp 192.168.40.1
inet.0: 14 destinations, 15 routes (14 active, 0 holddown, 0 hidden)
Restart Complete
Prefix Nexthop MED Lclpref AS path
* 192.168.19.0/24 Self 0 300 65003 I
Modifying Local Preference
-
8/2/2019 20111027_CHT_TL_ Day4
48/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 48
Modifying AS Path: remove-private
AS 1000
192.168.17.0/24 AS-Path 1000
192.168.18.0/24 AS-Path 1000
192.168.19.0/24 AS-Path 1000
remove-private
192.168.17.0/24
AS-Path 65001
192.168.19.0/24
AS-Path 65003
192.168.18.0/24
AS 65002 AS 65003192.168.19.0/24
AS 65001192.168.17.0/24
Internet
192.168.18.0/24
AS-Path 65002
-
8/2/2019 20111027_CHT_TL_ Day4
49/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 49
Modifying AS Path: local-as(Part 1)
172.16.10.0/24
AS-Path 1 222
172.16.12.0/24
AS-Path 1 333
172.16.10.0/24
AS-Path 222
172.16.12.0/24
AS-Path 333
AS 222172.16.10.0/24 172.16.12.0/24
AS 333
AS 777
AS 1EBGP
172.16.10.0/24
AS-Path 777 1 222
172.16.12.0/24
AS-Path 777 1 333
Internet
EBGP
-
8/2/2019 20111027_CHT_TL_ Day4
50/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 50
Modifying AS Path: local-as (Part 2)
172.16.10.0/24
AS-Path 222
172.16.12.0/24
AS-Path 333
172.16.10.0/24
AS-Path 777 1 222
172.16.12.0/24
AS-Path 777 1 333
172.16.10.0/24
AS-Path 1 222
172.16.12.0/24
AS-Path 1 333
Internet
AS 777
local-as 1
172.16.12.0/24
AS 333AS 222
172.16.10.0/24
IBGP
EBGP
-
8/2/2019 20111027_CHT_TL_ Day4
51/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 51
Modifying AS Path: local-as (Part 3)
172.16.10.0/24
AS-Path 777 222
172.16.12.0/24AS-Path 777 333
172.16.10.0/24
AS-Path 222
172.16.12.0/24
AS-Path 333
AS 222
172.16.10.0/24 172.16.12.0/24
AS 333
Internet
AS 777
local-as 1 private
IBGP
EBGP
172.16.10.0/24
AS-Path 222
172.16.12.0/24
AS-Path 333
-
8/2/2019 20111027_CHT_TL_ Day4
52/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 52
Modifying AS Path: as-override172.16.10.0/24
AS-Path 65022
172.16.10.0/24
AS-Path 65432 65432
as-override
10.222.4.1
10.222.4.2
user@AS65432> show route advertising-protocol bgp 10.222.4.2inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)Prefix Nexthop MED Lclpref AS path
* 172.16.10.0/24 Self 65022 I
user@AS65022> show route receive-protocol bgp 10.222.4.1inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
[edit]user@AS65432# set protocols bgp group AS-65022 as-override
user@AS65432> show route advertising-protocol bgp 10.222.4.2inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)Prefix Nexthop MED Lclpref AS path
* 172.16.10.0/24 Self 65022 I
user@AS65022> show route receive-protocol bgp 10.222.4.1inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)Prefix Nexthop MED Lclpref AS path
* 172.16.10.0/24 10.222.4.1 65432 65432 I
AS 65022
172.16.10.0/24
AS 65432
AS 65022
-
8/2/2019 20111027_CHT_TL_ Day4
53/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 53
Modifying AS Path: loops
172.16.10.0/24: 65022 172.16.10.0/24: 65432 65022
user@AS65022> show route receive-protocol bgp 10.222.4.1
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
[edit]
user@AS65022# set routing-options autonomous-system 65022 loops 2
user@AS65022> show route receive-protocol bgp 10.222.4.1
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.16.10.0/24 10.222.4.1 65432 65022 I
AS 65022
172.16.10.0/24AS 65432 AS 65022
loops
-
8/2/2019 20111027_CHT_TL_ Day4
54/68
-
8/2/2019 20111027_CHT_TL_ Day4
55/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 55
Scaling BGP
IBGP full-mesh peer requirement has an n2problem
Addition of a new router requires new peering with allcurrent IBGP speakers
Current IBGP speakers must update their configurations Two primary scaling mechanisms:
Route Reflection (RFC 4456)
Confederations (RFC 3065)
-
8/2/2019 20111027_CHT_TL_ Day4
56/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 56
Route Reflection Concepts
Allows an IBGP speaker to re-advertise anIBGP-learned route to anotherIBGP speaker
Route reflector only re-advertises the active routeto clients
Route reflector does not, by default, changeexisting IBGP attributes
Two new BGP attributes to prevent loops:
Cluster list Contains one or more cluster ID values
Originator ID
-
8/2/2019 20111027_CHT_TL_ Day4
57/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 57
New Cluster Attributes Prevent Loops Steps:
1. Client sends routes to RR
2. RR sends routes to all clients in the cluster and all RRs
3. Those RRs send the routes to all their peers forming a loop
4. If RR1 received the same cluster ID in cluster list then it dropthe route
10.10.10.0/24
RR
RR3
RR2
Clients
ClientsClients
RR1
10.10.10.0/24
10.10.10.0/24
10.10.10.0/24
10.10.10.0/24
-
8/2/2019 20111027_CHT_TL_ Day4
58/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 58
Route Reflection Attributes
Cluster list:
Operates like an AS path, used by RR for loop prevention
Also used in the route selection algorithm
Contains a sequence of cluster IDs
Cluster ID represents each RR cluster in the network RR drops routes that have already transited the cluster
Added to the cluster list when a RR touchesa route
Originator ID:
Identifies the first router to inject a route in an RR network
-
8/2/2019 20111027_CHT_TL_ Day4
59/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 59
Route reflector clients are configured in a separate
peer groupEach peer group uses the cluster keyword
Cluster ID uses unique 32-bit number Often the router ID of the RR is used
Clients only peer to their route reflectors
[edit protocols bgp]
group int-peers {type internal;
local-address 172.16.1.1;cluster 172.16.1.1;neighbor 172.16.2.2;
neighbor 172.16.3.3;neighbor 172.16.4.4;
}
[edit protocols bgp]
group int-peers {type internal;local-address 172.16.2.2;
neighbor 172.16.1.1;
}
Route Reflection Configuration
-
8/2/2019 20111027_CHT_TL_ Day4
60/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 60
Basic Route Reflection
Client > RR > Clients and Nonclients
Nonclient > RR > Clients Only
RR
RR
RR
RR
Client
Client
Client Client
Client
ClientClient
Client
ClientClient
Client
Client
IBGP Full MeshBetween Route
Reflectors
R P i
-
8/2/2019 20111027_CHT_TL_ Day4
61/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 61
Route Propagation
Steps:
1. Client sends routes to route reflector2. Route reflector sends routes to all clients in the cluster
and all peers3. Route reflector sends routes from peers to all clients in
the cluster
10.10.10.0/24
RR
RR
RR
Clients
ClientsClients
RR
10.10.10.0/24
10.10.10.0/24
10.10.10.0/24
10.10.10.0/24
-
8/2/2019 20111027_CHT_TL_ Day4
62/68
M dif i A ib h RR
-
8/2/2019 20111027_CHT_TL_ Day4
63/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 63
Modifying Attributes on the RR
Route reflector can modify any BGP attribute usinga routing policy
Presence of RRs should not affect forwarding paths Use of next-hop selfcan result in inefficient
forwarding paths In this example, the RR incorrectly overwrites the BGP
next hop for the 192.168.0.0/16 route Packets are now forwarded through the reflector instead of
directly between the clients
RR
172.16.1.1
Client172.16.3.3
Client172.16.2.2
192.168.0.0/16
BNH = 172.16.2.2
192.168.0.0/16
BNH = 172.16.1.1
S li BGP C f d ti
-
8/2/2019 20111027_CHT_TL_ Day4
64/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 64
Scaling BGPConfederations
Breaks a global AS into multiple pieces (sub-AS)
Within each sub-AS:
Use private AS numbers
An IBGP full-mesh topology is still required
Between each sub-AS: EBGP-type configurations are required
(multihop, and so forth)
Only the AS path attribute is changed
Prevents loops in the network Sub-AS networks are notused when comparing AS path lengths
Other BGP attributes are not modified by default
Next hop, local preference, and MED are all unaffected
C f d ti AS P th S t
-
8/2/2019 20111027_CHT_TL_ Day4
65/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 65
Confederation AS Path Segments
AS confederation sequence:
Each sub-AS is added to the AS path attribute
(65000 65001 65002) 100 200 shows a sequence
Used for loop prevention only
Sequence values are not counted as AS hopsAS confederation set is used when an aggregated
route loses the granularity of the sequence:
192.168.24.0/24 (65000 65001) 100
192.168.100.0/24 (65000 65002) 100
192.168.0.0/16 ({65000 65001 65002}) 100
C f d ti C fi ti
-
8/2/2019 20111027_CHT_TL_ Day4
66/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 66
Confederation Configuration
The global AS appears as a whole network whenviewed externally by peer networks
All routers remove all confederation information atthe edge of the global AS
Other AS peers do not see the details of theconfederation
No need for remove-private
[edit routing-options]user@router# show
autonomous-system 65000;
confederation 201 members [ 65000 65001 65002 65003 65004 ];
Confederation Peering
-
8/2/2019 20111027_CHT_TL_ Day4
67/68
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 67
Confederation PeeringCBGP
CBGP
CBGP
CBGP
CBGP
CBGP
AS 65004
AS 65003
AS 65002
AS 65001
AS 65000 AS 201
RRRR
-
8/2/2019 20111027_CHT_TL_ Day4
68/68