internal bgp as pe-ce protocol pedro marques [email protected]@juniper.net robert raszuk...
TRANSCRIPT
![Page 1: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/1.jpg)
Internal BGP as PE-CE Protocol
Pedro Marques [email protected] Raszuk [email protected]
Dan Tappan [email protected] Martini [email protected]
![Page 2: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/2.jpg)
Problem
When BGP is used as PE-CE protocol, it uses External BGP rules: as-path perpending, etc.
Accept looped routes in CE-1 Rewrite customer AS# with provider AS#
CE-1 PE-1 PE-2 CE-2
ProviderProvider
AS 10458AS 10458 AS 65001AS 65001AS 65001AS 65001
Route AdvertisementRoute Advertisement
as-path 65001as-path 65001
as-path 10548 65001as-path 10548 65001
![Page 3: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/3.jpg)
Continued
When CE connections are not isolated islands and exchange BGP routes with any other party, it just gets messier.
Customer island peers with the service provider (for Internet service, for instance).
Customer islands exchange routes with outside world: Provider AS# appears in the path.
Never ending requests for as-path rewrite hacks.
![Page 4: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/4.jpg)
Rent-a-core
Traditional network design: Core distributes routing information to sites.
Reflectors participate in top level iBGP mesh. Pop/Site routers receive routing information
from their respective RRs. IGP may be stub area if there are no backdoor
links. These are often managed independently.
CE-1 RR-1 RR-2 CE-2
CoreCore
![Page 5: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/5.jpg)
Proposed model
PE routers are route reflectors to each CE site location.
Customer network attributes are pushed into an “attribute stack” at ingress.
This deals with interference on local-preference, communities, MEDs, etc.
At egress “attribute stack” is poped. cluster is perpended when advertising to CE side.
cluster-list performs loop avoidance.
![Page 6: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/6.jpg)
IGP interaction
Shouldn’t require a single IGP between distinct sites.
Even if an IGP is running between all sites it may not be able to compare inter-site metrics (Provider assigned) and intra-site.
Perform implicit “next-hop self” on the PE/RR when advertising to CE. when advertising to other PEs.
PE/RR makes decisions by taking inter-cluster metrics always higher than intra-cluster.
![Page 7: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/7.jpg)
Deployment
Mix and match of eBGP and iBGP in the same VPN. Proposed attribute (ATTR_SET) consists of
customer AS# plus attributes in original path. This allows a PE to know what to advertise to
a given CE.
iBGP eBGP
internal if same as# use internal rules
pop and applyexternal rules
external advertise as-is existing rules
peerpeeroriginorigin
![Page 8: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/8.jpg)
Summary
Using iBGP between PE and CE requires a few extra considerations: non-interference of customer attributes in
provider network. IGP/next-hop dependencies. apply external rules when crossing as
boundaries. iBGP interaction can provide
transparency to customer network. as-path manipulation hacks only get you
so far.
![Page 9: Internal BGP as PE-CE Protocol Pedro Marques roque@juniper.netroque@juniper.net Robert Raszuk rraszuk@cisco.comrraszuk@cisco.com Dan Tappan tappan@cisco.comtappan@cisco.com](https://reader036.vdocument.in/reader036/viewer/2022082613/5697bfea1a28abf838cb738b/html5/thumbnails/9.jpg)
Thank You
For more details see:draft-marques-ppvpn-ibgp-00.txt