Basic BGP Workshop

Basic BGP Workshop
27-28 November, 2017

Cebu, Philippines.
Hosted By:
Presenter
• Jessica Wei
Training Officer, APNIC
After graduating from China’s Huazhong University of Science and Technology in 2007 with a degree in
electronic engineering, Bei (whose nickname is Jessica) joined Huawei as a network training officer.
Over the next six years, she provided Huawei technical training on LAN/WAN systems, broadband
access, IP core and IP mobile backhaul networks as well as working on technical training course design
and the development of IP training materials. At the Huawei training center in China she provided
technical training to engineers and administrators from more than 15 nations including Viet Nam, Papua
New Guinea, Thailand, Pakistan and Bangladesh. She has also travelled to Bangladesh, Venezuela,
Colombia, Egypt, Malaysia, Australia, Thailand, Indonesia and Singapore to provide training.
Contact:
Email: [email protected]
Presenter
• Bani Lara
• Science Research Specialist, ASTI
• Bani Lara, a science research specialist at the Advanced Science and Technology Institute (ASTI), has 13
years of experience leading the network operations group of the Philippine Research Education and
Government Information Network. He also takes care of the routing infrastructure of the Philippine Open
Internet Exchange, as well as the core network of the Philippine Government broadband network. He earned
his degree in Computer Science at the University of the Philippines in Los Banos.
• Area of Interest:
• BGP, IS-IS/OSPF, IPv6, DWDM, Network Security, Next Generation Networks (SDN, Internet of Things), DNS
and DNSSEC.
• Contact:
• Email: [email protected]
Agenda : Day 1
Session Agenda
0900 - 1030 What is an IX, What is the value of Peering
1100 - 1230 Internet Routing Basic
1330 - 1500 Hands-on lab: Basic & Interface Configuration
1530 - 1700 BGP Routing Protocol Operation
4
Agenda : Day 2
Session Agenda
0900 - 1030 Attributes and Path Selection Process
1100 - 1230 Hands On Lab: BGP configuration
1330 - 1500 Hands On Lab: Route Policy configuration
1530 - 1700 IXP BCP
5
Logistics
• Training Materials
– https://wiki.apnictraining.net/bgp2017-ph/agenda
• Lab Access Point
– SSID : apnictraining5G
– Password : 1234567890
6
Acknowledgment
• Cisco Systems
• Philip Smith
7
Overview
Basic BGP Workshop
– What is an Internet Exchange Point (IXP)?
– What is the value of Peering?
– How Internet works & Routing Protocol Basic
– Hands On Lab Exercise: Basic Configuration, Interface
– BGP Routing Protocol Operation- Make the IXP Works
– BGP Attributes and Path Selection Process- Send Traffic Through IXP
– Hands On Lab Exercise: BGP Peering
– Hands On Lab Exercise: Route Policy Configuration
– IXP BCP and What can go wrong?
8
Overview
Basic BGP Workshop
9
What is an Internet Exchange Point (IXP)?
• The Internet is an interconnection of networks
– Each controlled by separate entities
– Generally called Internet Service Providers (ISPs)
– Grouped by Autonomous Systems (AS) number
• Transit
– Where ISP will pay to send/receive traffic
– Downstream ISP will pay upstream ISP for transit service
• Peering
– ISPs will not pay each other to interchange traffic
– Works well if win win for both
– Reduce cost on expensive transit link
10
Peering and Transit example
A and B peer for free, but need transit arrangements

with C and D to get packets to/from E and F
11
Private Interconnect
• Two ISPs connect their networks over a private link
– Could be peering arrangement

• No charges for traffic
• Share the cost of the link
– Could be transit
• One ISP charges the other for traffic (and also for the link)
12
Private Interconnect
Autonomous System 334
ISP B
border border
ISP A
Autonomous System 99
13
Public Interconnect
• A location or facility where several ISPs are present and
connect to each other over a common shared media
– Ex: Ethernet
• Why?
– To save money, reduce latency, improve performance
• IXP – Internet eXchange Point
• Each provider establishes peering relationships with
providers at the IXP
14
Public Interconnect
• Border routers in different Autonomous Systems
15
High Level View of the Global Internet
Global Providers
Regional Regional
Provider 1 Provider 2
Content Content
Provider Provider
1 2
Access Access
R4 1
Provider Internet Exchange Point Provider 2
Customer Networks
16
Detailed View of the Global Internet
• Global Transit Providers
– Connect to each other
– Provide connectivity to Regional Transit Providers
• Regional Transit Providers
– Connect to each other
– Provide connectivity to Content Providers
– Provide connectivity to Access Providers
• Content Providers
– Cross-connect with Access Providers
– Peer at IXPs (free traffic to Access Providers)
• Access Providers
– Connect to each other across IXPs (free peering)
– Provide access to the end user
17
Categorizing ISPs
Tier 1 ISP Tier 1 ISP
$
$
$
Tier 1 ISP Tier 1 ISP
$
$
$
$ Tier 2 ISP Tier 2 ISP
$
$
IXP IXP
$
$ Tier 3 ISP Tier 3 ISP Tier 3 ISP Tier 3 ISP
$
$
18
Categorising Network Operators
• Tier-1 Providers
– A provider that peers with other Tier-1s and does NOT pay for transit
– Caution:
• Many ISPs market themselves as Tier-1 even though they may be paying for transit
themselves to reach some parts of the Internet
• Regional Providers often have the same reach as Tier-1s

but still rely on one or two Tier-1s to reach the whole
Internet
– Often provide access too (in-country access networks)
• Access Providers provide connectivity in their locale
19
Inter-provider relationships
• Peering between equivalent sizes of service providers (e.g.
Tier 2 to Tier 2)
– Shared cost private interconnection, equal traffic flows
– No cost peering
• Peering across exchange points

– If convenient, of mutual benefit, technically feasible
• Fee based peering
– Unequal traffic flows, “market position”
20
Default Free Zone
• NOT related to where an ISP is in the hierarchy!
• Made up of Internet routers which have explicit routing
information about the rest of the Internet, and hence, do not
need to use a default route!
21
Internet Exchange Point- Why peer?
• Consider a region with one ISP
– They provide internet connectivity to their customers
– They have one or two international connections
• Internet grows, another ISP sets up in competition
– They provide internet connectivity to their customers
– They have one or two international connections
• How does traffic from customer of one ISP get to customer
of the other ISP?
– Via the international connections
22
• Yes, International Connections…
– If satellite, RTT is around 550ms per hop
– So local traffic takes over 1s round trip
• International bandwidth
– Costs significantly more than domestic bandwidth
– Congested with local traffic
– Wastes money, harms performance (end-user experience)
23
• Solution:
– Two competing ISPs peer with each other
• Result:
– Both save money
– Local traffic stays local
– Better network performance, better QoS,…
– More international bandwidth for expensive international traffic
– Everyone is happy
24
• A third ISP enters the equation
– Becomes a significant player in the region
– Local and international traffic goes over their international
connections
• They agree to peer with the two other ISPs
– To save money
– To keep local traffic local
– To improve network performance, QoS,…
25
• Private peering means that the three ISPs have to buy
circuits between each other
– Works for three ISPs, but adding a fourth or a fifth means this does
not scale
• Solution:
– Internet Exchange Point
26
Internet Exchange Point
• Every participant has to buy just one whole circuit
– From their premises to the IXP fabric
• Rather than N-1 half circuits to connect to the N-1 other
ISPs
– 5 ISPs have to buy 4 half circuits = 2 whole circuits ® already twice
the cost of the IXP connection
27
Internet Exchange Point
• Solution
– Every ISP participates in the IXP
– Cost is minimal – one local circuit covers all domestic traffic
– International circuits are used for just international traffic – and
backing up domestic links in case the IXP fails
• Result:
– Local traffic stays local
– QoS considerations for local traffic is not an issue
– RTTs are typically sub 10ms
– Customers enjoy the Internet experience
– Local Internet economy grows rapidly
28
Summary - Objectives of IXP
• One main objective of an IXP is to keep local traffic local
• It also helps bypass 3rd-party network infrastructure for
easy interconnections and direct traffic exchange among
participating networks
– Reduced cost
– Enhanced network performance
– Reduced latency
• Every participant is benefited
– Some may gain more, some may gain less but all will gain
29
Internet Exchange Points
• Layer 2 exchange point
– Ethernet (100Gbps/10Gbps/1Gbps/100Mbps)
– Older technologies include ATM, Frame Relay, etc.
• Layer 3 exchange point
– Router based
• Traffic exchanged across the IX router
• Router quickly overwhelmed by the sophisticated requirements of the rapidly
growing Internet
– Has historical status since mid-90s
30
Layer 2 Exchange
ISP 6 ISP 5 ISP 4
IXP Services:
IXP
Root & TLD DNS, Management
Routing Registry Network
Ethernet Switch
Looking Glass, etc
ISP 1 ISP 3
ISP 2
31
Layer 2 Exchange
ISP 6 ISP 5 ISP 4
IXP Services:
IXP
Root & TLD DNS, Management
Routing Registry Network
Looking Glass, etc Ethernet Switches
ISP 1 ISP 3
ISP 2
32
Layer 2 Exchange
• Two switches for redundancy
• ISPs use dual routers for redundancy or loadsharing
• Offer services for the “common good”
– Internet portals and search engines
– DNS Root & TLDs, NTP servers
– Routing Registry and Looking Glass
33
Layer 2 Exchange
• Requires neutral IXP management
– Usually funded equally by IXP participants
– 24x7 cover, support, value add services
• Secure and neutral location
• Configuration
– Private address space if non-transit and no value add services
– Otherwise public IPv4 (/24) and IPv6 (/48, /56, /64)
– ISPs require AS, basic IXP does not
34
Layer 2 Exchange
• Network Security Considerations
– LAN switch needs to be securely configured
– Management routers require TACACS+ authentication, vty security
– IXP services must be behind router(s) with strong filters
35
“Layer 3 IXP”
• IX will provide layer two connection/switch port to ISPs
• Each ISP will peer with a route server on the IX
• Route server will collect and distribute directly connected
routes to every peers
36
Layer 2 versus “Layer 3”
• Layer 3
– IXP team requires good BGP knowledge
– Rely on 3rd party for BGP configuration
– One peering will get all IXP routes
– Less freedom on who peers with whom
– Usually competes with IXP membership
– Tends to be distributed over wide area
– IXP can grow faster
37
Layer 2 versus “Layer 3”
• Layer 2
– IXP team does not need routing knowledge
– Easy to get started
– More complicated to distribute over wide area
– ISPs free to set up peering agreements with each other as they wish
38
Overview
Basic BGP Workshop
40
Types of Peering (1/3)
• Private Peering
– Two operators agree to interconnect and exchange their respective
routes to ensure their customers can reach other directly over the
peering link
• Settlement Free Peering
– No traffic charges
– The most common form of peering!
• Paid Peering
– Where two operators agree to peer and charges for carrying traffic
41
• Bilateral Peering
– Similar to private peering but may take place at a public peering point
(IXP)
• Multilateral Peering
– Takes place at an IXP, where operators peer with each other via route
server
• Mandatory Multilateral Peering
– Where all operators are forced to peer with each other (as a condition of
IXP membership)
– Strongly discouraged: no record of success!
42
• Open Peering
– An ISP publicly states that they will peer with anyone who approaches
them for peering
– Commonly found at IXPs, where ISPs participate via the Route Server
• Selective Peering
– An ISP’s peering policy depends on who requests peering with them
– At an IXP, the operator will not peer with the RS but will only peer
bilaterally
• Closed Peering
– Where an ISP decides who its peering partners are
– Generally not approachable to creating peering opportunities
43
ISP Goals
• Minimise the cost of operating the business
• Transit
– ISP has to pay for circuit (international or domestic)
– ISP has to pay for data (usually per Mbps)
– Repeat for each transit provider
– Significant cost of being a service provider
• Peering
– ISP shares circuit cost with peer (private) or runs circuit to public peering
point (one off cost)
– No need to pay for data
– Reduces transit data volume, therefore reducing cost
44
Transit – How it works
• Small access provider provides Internet access for a city’s
population
– Mixture of dial up, wireless and fixed broadband
– Possibly some business customers
– Possibly also some Internet cafes
• How do their customers get access to the rest of the Internet?
• ISP buys access from one, two or more larger ISPs who already
have visibility of the rest of the Internet
– This is transit – they pay for the physical connection to the upstream and
for the traffic volume on the link
45
Peering – How it works
• If two ISPs are of equivalent sizes, they have:
– Equivalent network infrastructure coverage
– Equivalent customer size
– Similar content volumes to be shared with the Internet
– Potentially similar traffic flows to each other’s networks
• This makes them good peering partners
• If they don’t peer
– They both have to pay an upstream provider for access to each other’s
network/customers/content
– Upstream benefits from this arrangement, the two ISPs both have to
fund the transit costs
46
Example: South Asian ISP @ LINX
• Date: May 2013
• Data:
– Route Server plus bilateral peering offers 70k prefixes
– IXP traffic averages 247Mbps/45Mbps
– Transit traffic averages 44Mbps/4Mbps
• Analysis:
– 85% of inbound traffic comes from 70k prefixes available by peering
– 15% of inbound traffic comes from remaining 380k prefixes from
transit provider
47
Example: South Asian ISP @ HKIX
• Date: May 2013
• Data:
– Route Server plus bilateral peering offers 67k prefixes
– IXP traffic is 159Mbps/20Mbps
– Transit traffic is 108Mbps/50Mbps
• Analysis:
– 60% of inbound traffic comes from 67k prefixes available by peering
– 40% of inbound traffic comes from remaining 383k prefixes from
transit provider
48
Example: South Asian ISP
• Summary:
– Traffic by Peering: 406Mbps/65Mbps
– Traffic by Transit: 152Mbps/54Mbps
– 73% of incoming traffic is by peering

– 55% of outbound traffic is by peering
49
Example: South Asian ISP
• Router at remote co-lo
– Benefits: can select peers, easy to swap transit providers
– Costs: co-lo space and remote hands
• Overall advantage:
– Can control what goes on the expensive connectivity “back to home”
50
Value propositions
• Peering at a local IXP
– Reduces latency & transit costs for local traffic
– Improves Internet quality perception
• Participating at a Regional IXP
– A means of offsetting transit costs
• Managing connection back to home network

• Improving Internet Quality perception for customers
51
Summary
• Benefits of peering
– Private
– Internet Exchange Points
• Local versus Regional IXPs
– Local services local traffic
– Regional helps defray transit costs
52
Worked Example
Single International Transit
Versus
Local IXP + Regional IXP + Transit
Worked Example
• ISP A is local access provider
– Some business customers (around 200 fixed links)
– Some co-located content provision (datacentre with 100 servers)
– Some consumers on broadband (5000 DSL/Cable/Wireless)
• They have a single transit provider
– Connect with a 16Mbps international leased link to their transit’s PoP
– Transit link is highly congested
54
Worked Example (2)
• There are two other ISPs serving the same locality
– There is no interconnection between any of the three ISPs
– Local traffic (between all 3 ISPs) is traversing International
connections
• Course of action for our ISP:
– Work to establish local IXP
– Establish presence at overseas co-location
• First Step
– Assess local versus international traffic ratio
– Use NetFlow on border router connecting to transit provider
55
Worked Example (3)
• Local/Non-local traffic ratio
– Local = traffic going to other two ISPs
– Non-local = traffic going elsewhere
• Example: balance is 30:70
– Of 16Mbps, that means 5Mbps could stay in country and not congest
International circuit
– 16Mbps transit costs $50 per Mbps per month
• Local traffic charges = $250 per month, or $3000 per year for local traffic
– Circuit costs $100k per year => $30k is spent on local traffic
• Total is $33k per year for local traffic
56
Worked Example (4)
• IXP cost:
– Simple 8 port 10/100 managed switch plus co-lo space over 3 years
could be around US$30k total; or $3k per year per ISP
– One router to handle 5Mbps (e.g. 2801) would be around $3k (good
for 3 years) => $1k per year
– One local 10Mbps circuit from ISP location to IXP location would be
around $5k per year, no traffic charges
– Per ISP total: $9k per year
– Somewhat cheaper than $33k
– Business case for local peering is straightforward - $24k saving per
annum
57
Worked Example (5)
• After IXP establishment
– 5Mbps removed from International link
– Leaving 5Mbps for more International traffic – and that fills the link
within weeks of the local traffic being removed
• Next step is to assess transit charges and optimise costs
– ISPs visits several major regional IXPs
– Assess routes available
– Compares routes available with traffic generated by those routes
from its Netflow data
– Discovers that 30% of traffic would transfer to one IXP via peering
58
Overview
Basic BGP Workshop
60
How does Routing Work in Internet?
• If ISP in Fiji wants to tell ISP in China about their customer, how can
they communicate?
China
Fiji
61
• Should the ISPs in Fiji and China build the direct connection?
Is it easy to Then do they plan to

build set up independent
physically? China connections with every
other ISPs?
Fiji
How about
the cost?
62
• In fact, ISP in Fiji talks to its neighboring ISP about its customer, and
the neighboring ISPs pass this information on to their neighbors, and
so on. Vice versa for ISP in China.
China
Routing: Singapore
Fiji
ISP in Fiji tells the
neighbor ISP the IP Australia
block of its network and

its customers’ network.
63
Routing Protocols
• Routers use “routing protocols” to exchange routing
information with each other
– IGP is used to refer to the process running on routers inside an ISP’s
network
– EGP is used to refer to the process running between routers
bordering directly connected ISP networks
64
What Is an IGP?
• Interior Gateway Protocol
• Within an Autonomous System
• Carries information about internal infrastructure prefixes
• Two widely used IGPs in service provider network:
– OSPF
– IS-IS
65
Why Do We Need an IGP?
• ISP backbone scaling
– Hierarchy
– Limiting scope of failure
– Only used for ISP’s infrastructure addresses, not customers or
anything else
– Design goal is to minimize number of prefixes in IGP to aid scalability
and rapid convergence
66
What Is an EGP?
• Exterior Gateway Protocol
• Used to convey routing information between Autonomous
Systems
• De-coupled from the IGP
• Current EGP is BGP
67
Why Do We Need an EGP?
• Scaling to large network
– Hierarchy
– Limit scope of failure
• Define Administrative Boundary
• Policy
– Control reachability of prefixes
– Merge separate organisations
– Connect multiple IGPs
68
Interior versus Exterior Routing Protocols
• Interior • Exterior
– Automatic neighbour discovery – Specifically configured peers
– Generally trust your IGP routers – Connecting with outside networks
– Prefixes go to all IGP routers – Set administrative boundaries
– Binds routers in one AS together – Binds AS’s together
– Carries ISP infrastructure – Carries customer prefixes
addresses only – Carries Internet prefixes
– ISPs aim to keep the IGP small for – EGPs are independent of ISP
efficiency and scalability network topology
69
Hierarchy of Routing Protocols
Other ISPs
BGP4
BGP4
and OSPF/ISIS
BGP4 Static/BGP4
IXP Customers
70
What is IP Routing
• IP Routing is to guide IP packets from source to destination.
• A route is a path along which packets are sent from the
source to the destination.
IP Packet
Source Destination
72
Routers
• Two key roles:
Determining network paths
Packet forwarding
73
What is Routing Table
Router#show ip route Cisco
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP IOS
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area ……
……
172.16.0.0/16 is variably subnetted, 18 subnets, 3 masks
C 172.16.10.0/30 is directly connected, GigabitEthernet0/0/0
L 172.16.10.2/32 is directly connected, GigabitEthernet0/0/0
O 172.16.10.24/30 [110/5] via 172.16.10.1, 7w0d, GigabitEthernet0/0/0
S 172.16.11.0/27 is directly connected, Null0
……
74
root@RT> show route Juniper
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
JUNOS
10.0.1.0/30 *[Direct/0] 00:44:34
> via em1.0
10.0.1.1/32 *[Local/0] 00:44:34
Local via em1.0
10.0.2.0/30 *[BGP/170] 00:04:23, localpref 100
AS path: 100 I
> to 10.0.1.2 via em1.0
200.1.1.0/24 *[BGP/170] 00:04:24, localpref 100
AS path: 100 65002 I
> to 10.0.1.2 via em1.0
......
75
<Router>display ip routing-table Huawei
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
VRP
Routing Tables: Public
Destinations : 43 Routes : 55
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.0.0/24 IBGP 255 0 RD 172.16.15.2 GigabitEthernet4/0/1
IBGP 255 0 RD 172.16.15.2 GigabitEthernet4/0/0
172.16.4.0/24 Static 60 0 D 0.0.0.0 NULL0
……
76
Destination
IOS
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
……
……
• Destination identifies the destination IP address or the

destination network address of an IP packet.
77
Next-Hop
IOS
……
……
• Next-hop indicates the IP address of the next router that an

IP packet passes through.
78
Outgoing Interface
IOS
……
……
• Outgoing interface is the interface from which the packet

will be sent out.
79
Populate a Routing Table
• Routes in the routing table are from ?
Dynamic Routes
1. OSPF Routes
Directly 2. IS-IS Routes

……
3. BGP Routes
Connected Routes Static Routes
Only the best routes are in the IP routing table
IP
Routing
Table
80
Directly Connected Route
• Direct route is discovered by link layer protocols
172.16.15.1/32
Loopback0 Router# show ip route
……
GE0/0/0 C 172.16.10.0/30 is directly connected, GigabitEthernet0/0/0
172.16.10.2/30
C 172.16.15.1/32 is directly connected, Loopback0 Cisco
…… IOS
81
Static Route
• Static routes are configured manually by network engineers.
• Easy to configure, but cannot automatically adapt to network topology changes, require
subsequent maintenance.
172.16.10.0/30
172.16.24.0/24
.2 .1
Router (config)#ip route 172.16.24.0 255.255.255.0 172.16.10.1
• There is a special static route --- default route
Router (config)#ip route 0.0.0.0 0.0.0.0 172.16.10.1
82
RIB and FIB
Router# show ip route Cisco
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP IOS
……
……
Router# show ip cef Cisco

Prefix Next Hop Interface IOS
……
172.16.10.2/32 receive GigabitEthernet0/0/0
172.16.10.24/30 172.16.10.1 GigabitEthernet0/0/0
172.16.11.0/27 attached Null0
172.16.11.64/30 172.16.10.1 GigabitEthernet0/0/0
……
• Routers send active routes in the routing table to the FIB table. A router
searches the FIB table for the optimal route to forward the packet.
Routing and Forwarding
• Routing process constructs a view of the network topology and computes the
best paths.
• Packet forwarding includes to transfer packets between interfaces and also
some additional processes, i.e. classification, translation and so on.
FIB FIB FIB
Address Prefix I/F Address Prefix I/F Address Prefix I/F
192.168.24.0/24 1/2 192.168.24.0/24 1/0 192.168.24.0/24 1/0
192.168.10.0/24 1/0 192.168.10.0/24 1/1 192.168.10.0/24 1/1

… … …
192.168.24.0/24
1/2 1/0 1/0

192.168.24.1 Data 192.168.24.1 Data 192.168.24.1 Data 192.168.24.1 Data
Route Lookup
10.1.2.25 Data
1. Destination IP Address in the e0/1
e0/3
packet Logical AND Subnet
e0/2
mask.
2. Compare the result with the
destination IP address in FIB.
Destination I/F
00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0

0.0.0.0 e0/1 Match
00000000 00000000 00000000 00000000 Subnet Mask(/0)
10.1.0.0/16 e0/2
00000000 00000000 00000000 00000000 0.0.0.0
Match 10.1.1.0/24 e0/3
0.0.0.0 10.1.2.0/24 e0/2
10.2.0.0/16 e0/1
Route Lookup
10.1.2.25 Data
e0/3
e0/2
mask.
Destination I/F
00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

11111111 11111111 00000000 00000000 Subnet Mask(/16)
10.1.0.0/16
10.1.0.0 e0/2 Match
00001010 00000001 00000000 00000000 10.1.0.0
Match 10.1.1.0/24 e0/3
10.1.0.0 10.1.2.0/24 e0/2
10.2.0.0/16 e0/1
Route Lookup
10.1.2.25 Data
e0/3
e0/2
mask.
Destination I/F
00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

11111111 11111111 11111111 00000000 Subnet Mask(/24)
10.1.0.0/16 e0/2 Match
00001010 00000001 00000010 00000000 10.1.2.0 Not
Not 10.1.1.0/24
10.1.1.0 e0/3 Match
10.1.1.0 Match 10.1.2.0/24 e0/2
10.2.0.0/16 e0/1
Route Lookup
10.1.2.25 Data
e0/3
e0/2
mask.
Destination I/F
00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

11111111 11111111 11111111 00000000 Subnet Mask(/24)
10.1.0.0/16 e0/2 Match
00001010 00000001 00000010 00000000 10.1.2.0 Not
Match 10.1.1.0/24 e0/3 Match
10.1.2.0 10.1.2.0
10.1.2.0/24 e0/2 Match
10.2.0.0/16 e0/1
Longest Matching
10.1.2.25 Data
e0/1
e0/3

mask
Destination I/F
3. Router selects the route with 0.0.0.0/0 e0/1 Match
longest prefix length of subnet 10.1.0.0/16 e0/2 Match

mask. Not
10.1.1.0/24 e0/3 Match
10.1.2.0/24 e0/2 Match
Not
10.2.0.0/16 e0/1 Match
Forwarding Decision
• If a best match is found, the router determines
– the correct exit interface to reach the next-hop/destination
Is the best match Directly YES Forward to host
connected
a subnet of …. interface? on local subnet
NO
YES Forward out the

Remote
Network?
exit interface to
the next-hop
NO
NO Is there a YES Forward out the

Drop the gateway of exit interface to
packet! last resort? the next-hop
Forwarding Decision (1)
10.2.2.2 Data
e0/1
e0/3
e0/2
Loopback0:
10.2.2.2/32
Destination I/F
0.0.0.0/0 ethernet0/1
10.1.0.0/16 ethernet0/2
10.1.1.0/24 ethernet0/3
10.1.2.0/24 ethernet0/2
10.2.2.2/32 Loopback0 Local interface
10.1.2.45 Data
e0/1
e0/3
e0/2
Loopback0:
10.2.2.2/32
Destination I/F
0.0.0.0/0 ethernet0/1
10.1.0.0/16 ethernet0/2
10.1.1.0/24 ethernet0/3
10.1.2.0/24 ethernet0/2 Send to nexthop
10.2.2.2/32 Loopback0
92
10.10.1.5 Data
e0/1
e0/3
e0/2
Loopback0:
10.2.2.2/32
Destination I/F
0.0.0.0/0 ethernet0/1 Use the default route

10.1.0.0/16 ethernet0/2
10.1.1.0/24 ethernet0/3
10.1.2.0/24 ethernet0/2
10.2.2.2/32 Loopback0
Drop the
10.10.1.5 Data packet!
e0/1
e0/3
e0/2
Loopback0:
10.2.2.2/32
If no default route, the
Destination I/F packet will be dropped.
10.1.0.0/16 ethernet0/2
10.1.1.0/24 ethernet0/3
10.1.2.0/24 ethernet0/2
10.2.2.2/32 Loopback0
Egress Traffic
• How packets leave your network
• Egress traffic depends on:
– route availability (what others send you)
– route acceptance (what you accept from others)
– policy and tuning (what you do with routes from others)
– Peering and transit agreements
95
Ingress Traffic
• How packets get to your network and your customers’
networks
• Ingress traffic depends on:
– what information you send and to whom
– based on your addressing and AS’s
– based on others’ policy (what they accept from you and what they do
with it)
96
Autonomous System (AS)
• Collection of networks with same routing policy
• Single routing protocol
• Usually under single ownership, trust and administrative
control
AS 100
97
Definition of terms
• Neighbours
– AS’s which directly exchange routing information
– Routers which exchange routing information
• Announce
– send routing information to a neighbour
• Accept
– receive and use routing information sent by a neighbour
• Originate
– insert routing information into external announcements (usually as a result of the IGP)
• Peers
– routers in neighbouring AS’s or within one AS which exchange routing and policy information
98
Routing flow and packet flow
packet flow
accept announce
AS 1 announce
routing flow
accept AS 2
packet flow
For networks in AS1 and AS2 to communicate:

AS1 must announce to AS2
AS2 must accept from AS1
AS2 must announce to AS1
AS1 must accept from AS2
99
Routing flow and Traffic flow
• Traffic flow is always in the opposite direction of the flow of
Routing information
– Filtering outgoing routing information inhibits traffic flow inbound
– Filtering inbound routing information inhibits traffic flow outbound
100
Routing Flow/Packet Flow:
With multiple ASes
AS 1
AS 34
N1
AS16
AS 8
N16
• For net N1 in AS1 to send traffic to net N16 in AS16:

– AS16 must originate and announce N16 to AS8.
– AS8 must accept N16 from AS16.
– AS8 must forward announcement of N16 to AS1 or AS34.
– AS1 must accept N16 from AS8 or AS34.
• For two-way packet flow, similar policies must exist for N1
101
Routing Flow/Packet Flow:
With multiple ASes
AS 1
AS 34
N1
AS16
AS 8
N16
• As multiple paths between sites are implemented it is easy

to see how policies can become quite complex.
102
Routing Policy
• Used to control traffic flow in and out of an ISP network
• ISP makes decisions on what routing information to accept
and discard from its neighbours
– Individual routes
– Routes originated by specific ASes
– Routes traversing specific ASes
– Routes belonging to other groupings
• Groupings which you define as you see fit
103
Routing Policy Limitations
red
red
Internet AS99
green green
packet flow
• AS99 uses red link for traffic to the red AS and the green link for remaining
traffic
• To implement this policy, AS99 has to:
– Accept routes originating from the red AS on the red link
– Accept all other routes on the green link
104
Routing Policy Limitations
red
red Internet
AS22 AS99
green green
packet flow
• AS99 would like packets coming from the green AS to use the green
link.
• But unless AS22 cooperates in pushing traffic from the green AS down
the green link, there is very little that AS99 can do to achieve this aim
105
Overview
Basic BGP Workshop
107
AS135535 AS135536 AS135537 AS135538
172.16.20.0/23 172.16.22.0/23 172.16.24.0/23 172.16.26.0/23
2406:6400:a000::/48 2406:6400:b800::/48 2406:6400:c000::/48 2406:6400:d800::/48
r17-CAR3
r18-CBR3
r16-CBR2
r15-CAR2
CPE
CPE
AS17821
APNIC Training LAB : Summarize ISP
r20-CBR4
r19-CAR4
r14-CBR1
r13-CAR1
CPE
CPE
2406:6400:8000::/48 2406:6400:9800::/48 2406:6400:e000::/48 2406:6400:f800::/48
172.16.16.0/23 172.16.18.0/23 172.16.28.0/23 172.16.30.0/23
AS135533 AS135534 AS135539 AS135540
AS135535 AS135536 AS135537 AS135538
172.16.20.0/23 172.16.22.0/23 172.16.24.0/23 172.16.26.0/23
2406:6400:a000::/48 2406:6400:b800::/48 2406:6400:c000::/48 2406:6400:d800::/48
r17-CAR3
r18-CBR3
r16-CBR2
r15-CAR2
CPE
CPE
Route Server
as135541
AS17821
bird
DNS
APNIC Training LAB : IX as new entity
r20-CBR4
r19-CAR4
r14-CBR1
r13-CAR1
CPE
CPE
2406:6400:8000::/48 2406:6400:9800::/48 2406:6400:e000::/48 2406:6400:f800::/48
172.16.16.0/23 172.16.18.0/23 172.16.28.0/23 172.16.30.0/23
AS135533 AS135534 AS135539 AS135540
APNIC Training LAB : Connect with IX
Route Server
bird
DNS
CPE as135541 CPE
2406:6400:a000::/48
2406:6400:8000::/48
172.16.20.0/23
172.16.16.0/23
r13-CAR1
E1/1 IX
r15-CAR2
AS135535
AS135533
AS135533 E1/1 AS135535
Fa0/1 Fa0/1
2406:6400:9800::/48
2406:6400:b800::/48
172.16.18.0/23
172.16.22.0/23
AS135534 r14-CBR1 r16-CBR2
AS135534
AS135536
AS135536
Upstream
2406:6400:e000::/48
2406:6400:c000::/48
172.16.28.0/23
172.16.24.0/23
r19-CAR4 r17-CAR3
AS17821
AS135539
AS135537
AS135539 AS135537
2406:6400:d800::/48
2406:6400:f800::/48
r20-CBR4 r18-CBR3
172.16.30.0/23
172.16.26.0/23
AS135540
AS135540 AS135538
AS135538
CPE CPE
Address Planning
Ioopback 0 f0/1 Connected with upstream e1/1 Connected with IX Prefixes
r13 AS135533 172.16.16.254/32 172.16.11.2/30 203.176.189.13/24 172.16.16.0/23

2406:6400:8000:0000::1/128 2406:6400:0010:0000::2/64 2001:0df0:000a:0001::13/64 2406:6400:8000::/48
r14 AS135534 172.16.18.254/32 172.16.11.34/30 203.176.189.14/24 172.16.18.0/23

2406:6400:9800:0000::1/128 2406:6400:0014:0000::2/64 2001:0df0:000a:0001::14/64 2406:6400:9800::/48
r15 AS135535 172.16.20.254/32 172.16.11.66/30 203.176.189.15/24 172.16.20.0/23

2406:6400:A000:0000::1/128 2406:6400:0018:0000::2/64 2001:0df0:000a:0001::15/64 2406:6400:a000::/48
r16 AS135536 172.16.22.254/32 172.16.11.98/30 203.176.189.16/24 172.16.22.0/23

2406:6400:B800:0000::1/128 2406:6400:001C:0000::2/64 2001:0df0:000a:0001::16/64 2406:6400:b800::/48
r17 AS135537 172.16.24.254/32 172.16.11.130/30 203.176.189.17/24 172.16.24.0/23

2406:6400:C000:0000::1/128 2406:6400:0020:0000::2/64 2001:0df0:000a:0001::17/64 2406:6400:c000::/48
r18 AS135538 172.16.26.254/32 172.16.11.162/30 203.176.189.18/24 172.16.26.0/23

2406:6400:D800:0000::1/128 2406:6400:0024:0000::2/64 2001:0df0:000a:0001::18/64 2406:6400:d800::/48
r19 AS135539 172.16.28.254/32 172.16.11.194/30 203.176.189.19/24 172.16.28.0/23

2406:6400:E000:0000::1/128 2406:6400:0028:0000::2/64 2001:0df0:000a:0001::19/64 2406:6400:e000::/48
r20 AS135540 172.16.30.254/32 172.16.11.226/30 203.176.189.20/24 172.16.30.0/23

2406:6400:F800:0000::1/128 2406:6400:002C:0000::2/64 2001:0df0:000a:0001::20/64 2406:6400:f800::/48
Prefixes
Customer AS Number Prefix
r-13-CAR1 135533 172.16.16.0/23
r-14-CBR1 135534 172.16.18.0/23
r-15-CAR2 135535 172.16.20.0/23
r-16-CBR2 135536 172.16.22.0/23
r-17-CAR3 135537 172.16.24.0/23
r-18-CBR3 135538 172.16.26.0/23
r-19-CAR4 135539 172.16.28.0/23
r-20-CBR4 135540 172.16.30.0/23
Overview
Basic BGP Workshop
113
What is Border Gateway Protocol?
• BGP:
– A path vector routing protocol to exchange routing information
between different Autonomous System (AS)
– ASes are the building block of BGP operational unites
– AS is a collection of routers with a common routing policy
– Specification is defined in RFC4271
114
BGP features
• Path Vector Routing Protocol
• Send incremental updates to peers
• Runs over TCP –Port 179
• Select path based on routing policy/ organization’s business
requirement
• Support Classless Inter Domain Routing (CIDR) concept
• Widely used in today’s Internet Backbone
• Current BGP version is MP-BGP
115
What is an Autonomous System (AS)
• An AS is a collection of networks with same routing policy
• Usually under a single administrative control unit
• A public AS is identified by a unique number called AS
number
• Around 32000 ASes are visible on the Internet now
116
What is Path Vector Routing Protocol
• A path vector routing protocol is used to span different
autonomous systems
• It defines a route as a collection of a number of AS that it
passes through from source AS to destination AS
• This list of ASes are called AS path and used to avoid
routing loop
• AS path is also used to select path to destination
117
What is AS path?
• An AS path example:
118
BGP Traffic Arrangement Definition
• Transit
– Forwarding traffic through the network usually for a fee
– I.e Internet service from upstream ISP
• Peering
– Exchanging traffic without any fee
– I.e Connection in an IXP
• Default
– Where to send traffic if there no explicit route match in the routing
table
119
What is Default Free Zone?
• Default free zone is made up of Tire One ISP routers which
have explicit routing information about every part of the
Global Internet
• So there is no need of default route
• If there is no destination network match, then that prefix is
still not announced/ used by any ISP yet
120
ISP Hireracial Connection
• Connectivity Diagram:
121
BGP General Operation
• BGP maintain 3 database i.e Neighbor Table, BGP Table
and Forwarding Table
– Learns multiple paths via internal and external BGP speakers
– Picks the best path and installs them on the forwarding tables
– Best path is sent to external BGP neighbors
– Policies are applied by influencing the best path selection
122
Constructing the Forwarding Table
• BGP “In” process
– Receives path information from peers
– Results of BGP path selection placed in the BGP table “best path”
flagged
• BGP “Out” process
– Announce “best path” information to peers
• Best path installed in forwarding table if:
– Prefix and prefix length are equal
– Lowest protocol distance
123
Constructing the Forwarding Table
Flowchart:
124
BGP Terminology
• Neighbor
– Any two routers that have formed a TCP connection to exchange BGP
routing information are called peers or neighbors
• iBGP
– iBGP refers to the BGP neighbor relationship within the same AS.
– The neighbors do not have to be directly connected.
• eBGP
– When BGP neighbor relationship are formed between two peers belongs
to different AS are called eBGP.
– EBGP neighbors by default need to be directly connected.
125
Building Neighbor Relationship
• After adding BGP neighbor:
– Both routers establish a TCP connection and send open message
– If open message is accepted then both send keepalive message to
each other to confirm open message
– After both confirm open message by sending keepalive message
they establish BGP neighbor relationship and exchange routing
information
126
BGP Message Type
Message Type Function
Open message To establish BGP neighbor relationship
Keepalive message Only contain message header to maintain neighbor
relationship. Sent every periodic interval
Update message Contain path information. One update message

contain one path information. Multiple path need
multiple update message to be sent
Notification message Sent when an error condition occur and BGP

connection closed immediately
127
BGP Open Message
• Open message contain:
– BGP Version number
– AS number of the local router
– BGP holdtime in second to elapse between the successive keepalive
message
– BGP router ID which is a 32 bit number. Usually an IPv4 address is
used as router ID
– Optional parameters i.e types, length and value encoded. An
example optional parameter is session authentication info
128
BGP Keepalive Message
• Send between BGP peers after every periodic interval (60
Sec)
• It refresh hold timer from expiration (180sec)
• A keepalive message contain only the message header
129
BGP Update Message
• An update message contains:
– Withdrawn routes: a list contain address prefix that are withdrawn
from service
– Path attributes: includes AS path, origin code, local pref etc
– Network-layer reachablity information: includes a list of address prefix
reachable by this path
130
BGP Notification Message
• Only sent when an error condition occur and detected in a
network and BGP connection is closed immediately
• Notification message contain an error code, an error
subcode, and data that are related to that error
131
BGP Neighbor Relationship States
• BGP neighbor goes through following steps:
– Idle: Router is searching its routing table to reach the neighbor
– Connect: Router found route and completed TCP three-way
handshake
– Open Sent: Open message sent with the parameter for BGP session
– Open Confirm: Router receive agreement on the parameter to
establish BGP session
– Established: Peering is established and routing information
exchange began
132
Troubleshoot BGP Neighbor Relation
Phenomena Problems
Idle The router can not find address of the neighbor in
its routing table
Active Router found address of the neighbor in its routing
table sent open message and waiting for the
response from the neighbor
Cycle between 1. Neighbor might peer with wrong address
Active/Idle 2. Does not have neighbor statement on the other
side
3. BGP open message source IP address does
not match with remote side neighbor statement
or no route to source IP address
133
iBGP Peering
• BGP peer within the same AS
• Not required to be directly connected
• iBGP peering require full mesh peering
– Within an AS all iBGP speaker must peer with other iBGP speaker
– They originate connected network
– Pass on prefixes learned from outside AS
– They do not forward prefixes learned from other iBGP peer
134
iBGP Peering with Loopback Interface
• If iBGP speakers has multiple connection then it is advisable to peer

with loopback
• Connected network can go down which might loose iBGP peering
• Loopback interface will never go down
135
iBGP Neighbor Update Source
• This command allows the BGP process to use the IP
address of a specified interface as the source IP address of
all BGP updates to that neighbor
• A loopback interface is usually used as it will never goes
down as long as the router is operational
• All BGP message will use the referenced interface as
source of the messages
136
eBGP Peering
• Peering with BGP speaker in different AS

• Peers should be directly connected and share same WAN link
• eBGP neighbors are usually routed through connected network
137
BGP Next Hop Behavior
• BGP is an AS-by-AS routing protocol
not a router-by router routing
protocol.
• In BGP, the next hop does not mean
the next router it means the IP
address to reach the next AS
– I.e Router A advertise 150.10.0.0/16
and 160.10.0.0/16 to router B in eBGP
with next hop 150.10.1.1
– Router B will update Router C in iBGP
keeping the next hop unchanged
138
iBGP Next Hop
• Next hop is iBGP router loopback address

• Recursive route look-up
• Loopback address need to announce through IGP (OSPF)
139
BGP Synchronous Rule
• BGP do not use or advertise any route to an external
neighbor learned by iBGP until a matching route has been
learned from an IGP i.e OSPF or static
• It ensure consistency of information throughout the AS
• Avoid black hole route within an AS
• It is safe to turn off if all routers with in the AS run full-mesh
iBGP
• Advisable to disable this feature (BCP)
140
Configuring BGP in Cisco IOS
• This command enables BGP in Cisco IOS:
router bgp 100
• For ASNs > 65535, the AS number can be entered in either plain
notation, or in dot notation:
router bgp 131076
or
router bgp 2.4
• IOS will display ASNs in plain notation by default
– Dot notation is optional:
router bgp 2.4
bgp asnotation dot
141
Configuring External BGP
ip address on
Router A in AS100 ethernet interface
interface ethernet 5/0

ip address 102.102.10.2 255.255.255.240
! Local ASN
router bgp 100
network 100.100.8.0 mask 255.255.252.0
Remote ASN
neighbor 102.102.10.1 remote-as 101
neighbor 102.102.10.1 prefix-list RouterC in
neighbor 102.102.10.1 prefix-list RouterC out
!
ip address of Router C Inbound and
ethernet interface outbound filters
142
Configuring External BGP
ip address on
Router C in AS101 ethernet interface
interface ethernet 1/0/0

ip address 102.102.10.1 255.255.255.240
! Local ASN
router bgp 101
network 100.100.8.0 mask 255.255.252.0
Remote ASN
neighbor 102.102.10.2 prefix-list RouterA in
neighbor 102.102.10.2 prefix-list RouterA out
!
ip address of Router A Inbound and
ethernet interface outbound filters
143
Configuring Internal BGP
ip address on loopback
Router A in AS100 interface
interface loopback 0
ip address 105.3.7.1 255.255.255.255
!
Local ASN
router bgp 100
network 100.100.1.0 Local ASN
neighbor 105.3.7.2 update-source loopback0
!
ip address of Router B
loopback interface
144
Configuring Internal BGP
ip address on loopback
Router B in AS100 interface
interface loopback 0
ip address 105.3.7.2 255.255.255.255
!
Local ASN
router bgp 100
network 100.100.1.0 Local ASN
!
ip address of Router A
loopback interface
145
Inserting prefixes into BGP – Network Command
• Configuration Example
router bgp 100
network 102.10.32.0 mask 255.255.254.0
ip route 102.10.32.0 255.255.254.0 serial0
• A matching route must exist in the routing table before the

network is announced
• Forces origin to be “IGP”
146
Configuring Aggregation – Network Command
• Configuration Example
router bgp 100
network 102.10.0.0 mask 255.255.0.0
ip route 102.10.0.0 255.255.0.0 null0 250
• A matching route must exist in the routing table before the

network is announced
• Easiest and best way of generating an aggregate
147
Summary
BGP neighbour status
Router>show ip bgp summary
BGP router identifier 10.0.15.246, local AS number 10

BGP table version is 16, main routing table version 16
7 network entries using 819 bytes of memory
14 path entries using 728 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1795 total bytes of memory
BGP activity 7/0 prefixes, 14/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.0.15.241 4 10 9 8 16 0 0 00:04:47 2
10.0.15.242 4 10 6 5 16 0 0 00:01:43 2
10.0.15.243 4 10 9 8 16 0 0 00:04:49 2
...
Updates sent and

BGP Version received Updates waiting
148
Summary
BGP Table
Route6>show ip bgp
BGP table version is 30, local router ID is 10.0.15.246

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

*>i10.0.0.0/26 10.0.15.241 0 100 0 i
*>i10.0.0.64/26 10.0.15.242 0 100 0 i
*>i10.0.0.128/26 10.0.15.243 0 100 0 i
*>i10.0.0.192/26 10.0.15.244 0 100 0 i
*>i10.0.1.0/26 10.0.15.245 0 100 0 i
*> 10.0.1.64/26 0.0.0.0 0 32768 i
*>i10.0.1.128/26 10.0.15.247 0 100 0 i
*>i10.0.1.192/26 10.0.15.248 0 100 0 i
...
149
Overview
Basic BGP Workshop
– BGP Attributes and Path Selection Process- Send Traffic Through
IXP
151
BGP Attributes
BGP metrics are called path attributes. Here is the
classifications BGP attributes:
Well-known Mandatory
Optional Transitive
- AS-Path
- Community
- Next-hop
- Aggregator
- Origin
Well-known Discretionary Optional Non-Transitive

- Local preference -Multi-exit-discriminator
- Atomic aggregate (MED)
152
Well-Known Attributes
• Must be recognized by all compliant BGP implementations
• Are propagated to other neighbors
Well-Known Mandatory Attributes Well-Known Discretionary Attributes

- Must be present in all update messages - May be present in update messages
- AS Path - Local preference
- Next-hop - Atomic aggregate
- Origin
153
Optional Attributes
• Recognized by some implementations (could be private)
expected not to be recognized by everyone
• Recognized optional attributes are propagated to other
neighbors based on their meaning
Optional Transitive Attributes Optional Non Transitive attributes
- If not recognized, are marked as partial and - Discarded if not recognized
propagated to other neighbors - Multi Exit Discriminator
- Community (MED)
- Aggregator
154
AS Path Attribute
• Sequence of ASes a route has traversed

• Used for
– Loop detection
– Path metrics where the length of the AS Path is used as in path selection
155
AS Path Loop Detection
• 180.10.0.0/16 is not accepted by AS100 as the prefix has

AS100 in its AS-PATH
• This is loop detection in action
156
AS Path Attribute (2 byte and 4 byte)
• Internet with 16-bit and

32-bit ASNs
– 32-bit ASNs are 65536 and
above
– AS-PATH length maintained
157
eBGP Next Hop
• The IP address to reach the next AS

– Router A advertise 150.10.0.0/16 and 160.10.0.0/16 to router B in eBGP with next hop
150.10.1.1 (Change it to own IP)
– Router B will update Router C in iBGP keeping the next hop unchanged
• Well known mandatory attribute
158
iBGP Next Hop
• Next hop is iBGP router loopback address

• Recursive route look-up
• Loopback address need to announce through IGP (OSPF)
• iBGP send update next-hop unchanged
159
Next Hop Best Practice
• IOS default is for external next-hop to be propagated
unchanged to iBGP peers
– This means that IGP has to carry external next-hops
– Forgetting means external network is invisible
– With many eBGP peers, it is unnecessary extra load on IGP
• ISP Best Practice is to change external next-hop to be that

of the local router
– neighbor x.x.x.x next-hop-self
160
Next Hop Self Configuration
• Next hop default behavior can be changed by using next-hop-self
command
• Forces all updates for this neighbor to be advertised with this router as
the next hop
161
BGP Origin Attribute
• The origin attribute informs all autonomous systems how
the prefix introduced into BGP
Origin Methods Examples
IGP Generated by BGP “network” network 172.16.16.0 mask
statement 255.255.254.0
EGP By EGP (not used now)

incomplete Redistributed from another redistribute ospf
routing protocol
• Well known mandatory attribute
162
BGP Origin Attribute Example
163
BGP Local Preference Attribute
• Local preference is used to advertise to IBGP neighbors
only about how to leave their AS (Outbound Traffic).
• Paths with highest preference value are most desirable
• Local preference attribute is well-known and discretionary
and is passed only within the AS
• Cisco Default Local Pref is 100
164
BGP Local Preference Attribute
• For destination 160.10.0.0/16 Router A advertise local pref

500 and Router B advertise local pref 800 in iBGP
• 800 will win best path (Router B)
165
BGP Local Pref Attribute Example
*> 172.16.16.0/24 172.16.11.2 0 0 65001 i
* i 172.16.18.0/24 172.16.15.3 0 100 0 65002 i
*>i 172.16.15.3 0 100 0 65002 i
*>i 172.16.20.0/24 172.16.15.4 0 100 0 65003 i
*>i 172.16.22.0/24 172.16.15.6 0 100 0 65004 i
166
BGP MED Attribute
• MED is used to advertise to EBGP neighbors about how to
exit their AS to reach networks owned by this AS (Incoming
traffic).
• MED is sent to EBGP neighbors only.
• The paths with the lowest MED value are the most
desirable
• The MED attribute is optional and non transitive
167
BGP MED Attribute
• For prefix 120.68.1.0/24 Router B send MED 1000 and router A send
MED 2000 to eBGP neighbor
• Incoming traffic from AS200 will choose Router B since lowest MED will
win
168
BGP MED Example
*> 2001::/32 2406:6400:F:41::1
0 23456 38610 6939 i
* i 2406:6400:D::5 0 100 0 45192 4608 4826 6939 i
*> 2001:200::/32 2406:6400:F:41::1
0 23456 38610 6939 2500 i
* i 2406:6400:D::5 0 100 0 45192 4608 4826 6939 2500 i
169
BGP Community Attribute
• Community is a tagging technique to mark a set of routes
• Upstream service provider routers can then use these flags to
apply specific routing polices (i.e local preference etc) within their
network
• Represented as two 16 bit integers (RFC1998)
– Common format is <local-ASN>:xx
– I.e 0:0 to 0:65535 and 65535:0 to 65535:65535 are reserved
• Very useful in applying policies within and between ASes
• Optional & transitive attribute
170
BGP Route Selection Process
• Step 1: Prefer highest weight (local to router)
• Step 2: Prefer highest local preference (global within AS)
• Step 3: Prefer route originated by the local router
• Step 4: Prefer shortest AS path
• Step 5: Prefer lowest origin code (IGP < EGP < incomplete)
• Step 6: Prefer lowest MED (from other AS)
• Step 7: Prefer EBGP path over IBGP path
• Step 8: Prefer the path through the closest IGP neighbor
• Step 9: Prefer oldest route for EBGP paths
• Step 10: Prefer the path with the lowest neighbor BGP router ID
171
Overview
Basic BGP Workshop
173
Introduction to Route
Servers
How to scale IXP
What is a Route Server?
• Announces routes to participating IXP members according
to their routing policy definitions
• Implemented using the same specification as for a Route
Collector
175
Features of a Route Server
• Helps scale routing for large IXPs
• Simplifies Routing Processes on ISP Routers
• Optional participation
– Provided as service, is NOT mandatory
• Does result in insertion of RS Autonomous System Number
in the Routing Path
• Optionally uses Policy registered in IRR
176
Diagram of N-squared Peering Mesh
• For large IXPs (dozens for participants)

maintaining a larger peering mesh becomes
cumbersome and often too hard
177
Peering Mesh with Route Servers
RS RS
• ISP routers peer with the Route Servers

– Only need to have two eBGP sessions rather than N
178
RS based Exchange Point Routing Flow
RS
TRAFFIC FLOW
ROUTING INFORMATION FLOW
179
Advantages of Using a Route Server
• Helps scale Routing for very large IXPs
• Separation of Routing and Forwarding
• Simplify Routing Configuration Management on ISPs
routers
180
Disadvantages of using a Route Server
• ISPs can lose direct policy control
– If RS is only peer, ISPs have no control over who their prefixes are
distributed to
• Completely dependent on 3rd party
– Configuration, troubleshooting, etc…
• Insertion of RS ASN into routing path
– Traffic engineering/multihoming needs more care
• These are major disadvantages
– Usually out-weigh the advantages
181
Typical usage of a Route Server
• Route Servers may be provided as an OPTIONAL service
– Most common at large IXPs (>50 participants)
– Examples: LINX, TorIX, AMS-IX, etc
• ISPs peer:
– Directly with significant peers
– With Route Server for the rest
182
Things to think about...
• Would using a route server benefit you?
– Helpful when BGP knowledge is limited (but is NOT an excuse not to
learn BGP)
– Avoids having to maintain a large number of eBGP peers
– But can you afford to lose policy control? (An ISP not in control of
their routing policy is what?)
183
Overview
Basic BGP Workshop
185
AS135535 AS135536 AS135537 AS135538
172.16.20.0/23 172.16.22.0/23 172.16.24.0/23 172.16.26.0/23
2406:6400:a000::/48 2406:6400:b800::/48 2406:6400:c000::/48 2406:6400:d800::/48
r17-CAR3
r18-CBR3
r16-CBR2
r15-CAR2
CPE
CPE
AS17821
APNIC Training LAB : Summarize ISP
r20-CBR4
r19-CAR4
r14-CBR1
r13-CAR1
CPE
CPE
2406:6400:8000::/48 2406:6400:9800::/48 2406:6400:e000::/48 2406:6400:f800::/48
172.16.16.0/23 172.16.18.0/23 172.16.28.0/23 172.16.30.0/23
AS135533 AS135534 AS135539 AS135540
AS135535 AS135536 AS135537 AS135538
172.16.20.0/23 172.16.22.0/23 172.16.24.0/23 172.16.26.0/23
2406:6400:a000::/48 2406:6400:b800::/48 2406:6400:c000::/48 2406:6400:d800::/48
r17-CAR3
r18-CBR3
r16-CBR2
r15-CAR2
CPE
CPE
Route Server
as135541
AS17821
bird
DNS
APNIC Training LAB : IX as new entity
r20-CBR4
r19-CAR4
r14-CBR1
r13-CAR1
CPE
CPE
2406:6400:8000::/48 2406:6400:9800::/48 2406:6400:e000::/48 2406:6400:f800::/48
172.16.16.0/23 172.16.18.0/23 172.16.28.0/23 172.16.30.0/23
AS135533 AS135534 AS135539 AS135540
APNIC Training LAB : Connect with IX
Route Server
bird
DNS
CPE as135541 CPE
2406:6400:a000::/48
2406:6400:8000::/48
172.16.20.0/23
172.16.16.0/23
r13-CAR1
E1/1 IX
r15-CAR2
AS135535
AS135533
AS135533 E1/1 AS135535
Fa0/1 Fa0/1
2406:6400:9800::/48
2406:6400:b800::/48
172.16.18.0/23
172.16.22.0/23
AS135534 r14-CBR1 r16-CBR2
AS135534
AS135536
AS135536
Upstream
2406:6400:e000::/48
2406:6400:c000::/48
172.16.28.0/23
172.16.24.0/23
r19-CAR4 r17-CAR3
AS17821
AS135539
AS135537
AS135539 AS135537
2406:6400:d800::/48
2406:6400:f800::/48
r20-CBR4 r18-CBR3
172.16.30.0/23
172.16.26.0/23
AS135540
AS135540 AS135538
AS135538
CPE CPE
Address Planning
Ioopback 0 f0/1 Connected with upstream e1/1 Connected with IX Prefixes
r13 AS135533 172.16.16.254/32 172.16.11.2/30 203.176.189.13/24 172.16.16.0/23

2406:6400:8000:0000::1/128 2406:6400:0010:0000::2/64 2001:0df0:000a:0001::13/64 2406:6400:8000::/48
r14 AS135534 172.16.18.254/32 172.16.11.34/30 203.176.189.14/24 172.16.18.0/23

2406:6400:9800:0000::1/128 2406:6400:0014:0000::2/64 2001:0df0:000a:0001::14/64 2406:6400:9800::/48
r15 AS135535 172.16.20.254/32 172.16.11.66/30 203.176.189.15/24 172.16.20.0/23

2406:6400:A000:0000::1/128 2406:6400:0018:0000::2/64 2001:0df0:000a:0001::15/64 2406:6400:a000::/48
r16 AS135536 172.16.22.254/32 172.16.11.98/30 203.176.189.16/24 172.16.22.0/23

2406:6400:B800:0000::1/128 2406:6400:001C:0000::2/64 2001:0df0:000a:0001::16/64 2406:6400:b800::/48
r17 AS135537 172.16.24.254/32 172.16.11.130/30 203.176.189.17/24 172.16.24.0/23

2406:6400:C000:0000::1/128 2406:6400:0020:0000::2/64 2001:0df0:000a:0001::17/64 2406:6400:c000::/48
r18 AS135538 172.16.26.254/32 172.16.11.162/30 203.176.189.18/24 172.16.26.0/23

2406:6400:D800:0000::1/128 2406:6400:0024:0000::2/64 2001:0df0:000a:0001::18/64 2406:6400:d800::/48
r19 AS135539 172.16.28.254/32 172.16.11.194/30 203.176.189.19/24 172.16.28.0/23

2406:6400:E000:0000::1/128 2406:6400:0028:0000::2/64 2001:0df0:000a:0001::19/64 2406:6400:e000::/48
r20 AS135540 172.16.30.254/32 172.16.11.226/30 203.176.189.20/24 172.16.30.0/23

2406:6400:F800:0000::1/128 2406:6400:002C:0000::2/64 2001:0df0:000a:0001::20/64 2406:6400:f800::/48
Prefixes
Customer AS Number Prefix
r-13-CAR1 135533 172.16.16.0/23
r-14-CBR1 135534 172.16.18.0/23
r-15-CAR2 135535 172.16.20.0/23
r-16-CBR2 135536 172.16.22.0/23
r-17-CAR3 135537 172.16.24.0/23
r-18-CBR3 135538 172.16.26.0/23
r-19-CAR4 135539 172.16.28.0/23
r-20-CBR4 135540 172.16.30.0/23
Interface Configuration
config t
interface Ethernet1/1
description IX Router
no ip redirects
no ip unreachables
no clns route-cache
ip address 203.176.189.13 255.255.255.0
ipv6 address 2001:0df0:000a:0001::13/64
duplex full
no shut
BGP Configuration
config t
!
router bgp 135533
no bgp enforce-first-as
neighbor IPV4-eBGP-IX peer-group
neighbor IPV6-eBGP-IX peer-group
!
address-family ipv4
neighbor 203.176.189.240 peer-group IPV4-eBGP-IX
neighbor 203.176.189.240 activate
exit-address-family
!
address-family ipv6
neighbor 2001:0df0:000a:0001::240 remote-as 135541
neighbor 2001:0df0:000a:0001::240 peer-group IPV6-eBGP-IX
neighbor 2001:0df0:000a:0001::240 activate
Prefix Filter
config t
!
ip prefix-list ANNOUNCE-PREFIX-IPv4 seq 5 permit 172.16.16.0/23 le 24
ip prefix-list ANNOUNCE-PREFIX-IPv4 seq 100 deny 0.0.0.0/0 le 32
!
ipv6 prefix-list ANNOUNCE-PREFIX-IPv6 seq 5 permit 2406:6400:8000::/48
ipv6 prefix-list ANNOUNCE-PREFIX-IPv6 seq 100 deny ::/0 le 48
!
router bgp 135533
address-family ipv4
neighbor IPV4-eBGP-IX prefix-list ANNOUNCE-PREFIX-IPv4 out
neighbor IPV4-eBGP-UPSTREAM prefix-list ANNOUNCE-PREFIX-IPv4 out
exit-address-family
!
address-family ipv6
neighbor IPV6-eBGP-IX prefix-list ANNOUNCE-PREFIX-IPv6 out
neighbor IPV6-eBGP-UPSTREAM prefix-list ANNOUNCE-PREFIX-IPv6 out
Overview
Basic BGP Workshop
194
What can go wrong?
Concept
• Some Service Providers attempt to cash in on the
reputation of IXPs
• Market Internet transit services as “Internet Exchange
Point”
– “We are exchanging packets with other ISPs, so we are an Internet
Exchange Point!”
– So-called Layer-3 Exchanges — really Internet Transit Providers
– Router used rather than a Switch
– Most famous example: SingTelIX
195
What can go wrong?
Competition
• Too many exchange points in one locale
– Competing exchanges defeats the purpose
• Becomes expensive for ISPs to connect to all of them
• An IXP:
– is NOT a competition
– is NOT a profit making business
196
What can go wrong?
Rules and Restrictions
• IXPs try to compete with their membership
– Offering services that ISPs would/do offer their customers
• IXPs run as a closed privileged club e.g.:
– Restrictive membership criteria (closed shop)
• IXPs providing access to end users rather than just Service

Providers
• IXPs interfering with ISP business decisions e.g. Mandatory
Multi-Lateral Peering
197
What can go wrong?
Technical Design Errors
• Interconnected IXPs
– IXP in one location believes it should connect directly to the IXP in
another location
– Who pays for the interconnect?
– How is traffic metered?
– Competes with the ISPs who already provide transit between the two
locations (who then refuse to join IX, harming the viability of the IX)
– Metro interconnections work ok (e.g. LINX)
198
What can go wrong?
Technical Design Errors
• ISPs bridge the IXP LAN back to their offices
– “We are poor, we can’t afford a router”
– Financial benefits of connecting to an IXP far outweigh the cost of a
router
– In reality it allows the ISP to connect any devices to the IXP LAN —
with disastrous consequences for the security, integrity and reliability
of the IXP
199
What can go wrong?
Routing Design Errors
• Route Server mandated
– ISPs have no incentive to learn BGP
– Therefore have no incentive to understand peering relationships,
peering policies, &c
– Entirely dependent on operator of RS for troubleshooting,
configuration, reliability
• RS can’t be run by committee!
• Route Server is designed to assist with scaling peering at

IXPs
200
What can go wrong?
Routing Design Errors
• iBGP Route Reflector used to distribute prefixes between IXP participants
• Claimed advantages:
– Participants don’t need to know about or run BGP
– Allows an IXP to be started very quickly
– IXP operator has full control over ISP activities
– ISP participants routers sit inside IXP’s ASN
• All are disadvantages!
– Participants never learn BGP
– Participants have no policy control, IXP policies could impact the participants networks
– IXP is an ethernet switch, not an Internet operator
– IXP operator is single point of failure
– Migration to true IXP with RS is very difficult
201
More Information
Exchange Point
Policies & Politics
• AUPs
– Acceptable Use Policy
– Minimal rules for connection
• Fees?
– Some IXPs charge no fee
– Other IXPs charge cost recovery
– A few IXPs are commercial
• Nobody is obliged to peer
– Agreements left to ISPs, not mandated by IXP
203
Exchange Point etiquette
• Don’t point default route at another IXP participant
• Be aware of third-party next-hop
• Only announce your aggregate routes
– Read RIPE-399 first
www.ripe.net/docs/ripe-399.html
• Filter! Filter! Filter!

– And do reverse path check
204
Exchange Point Examples
• LINX in London, UK
• TorIX in Toronto, Canada
• AMS-IX in Amsterdam, Netherlands
• SIX in Seattle, Washington, US
• PA-IX in Palo Alto, California, US
• JPNAP in Tokyo, Japan
• DE-CIX in Frankfurt, Germany
• HK-IX in Hong Kong
…
• All use Ethernet Switches
205
Features of IXPs (1)
• Redundancy & Reliability
– Multiple switches, UPS
• Support
– NOC to provide 24x7 support for problems at the exchange
• DNS, Route Collector, Content & NTP servers
– ccTLD & root servers
– Content redistribution systems such as Akamai
– Route Collector – Routing Table view
206
Features of IXPs (2)
• Location
– neutral co-location facilities
• Address space
– Peering LAN
• AS Number
– If using Route Collector/Server
• Route servers (optional, for larger IXPs)
• Statistics
– Traffic data – for membership
207
More info about IXPs
• http://www.pch.net/documents
– Another excellent resource of IXP locations, papers, IXP statistics,
etc
• http://www.telegeography.com/ee/ix/index.php
– A collection of IXPs and interconnect points for ISPs
208
Summary
• L2 IXP – most commonly deployed
– The core is an ethernet switch
– ATM and other old technologies are obsolete
• L3 IXP – nowadays is a marketing concept used by
wholesale ISPs
– Does not offer the same flexibility as L2
– Not recommended unless there are overriding regulatory or political
reasons to do so
– Avoid!
209

Basic BGP Workshop

Uploaded by

Copyright:

Available Formats

Basic BGP Workshop

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Basic BGP Workshop

Uploaded by

Copyright:

Available Formats

Basic BGP Workshop

27-28 November, 2017

A and B peer for free, but need transit arrangements

– Could be peering arrangement

• Border routers in different Autonomous Systems

• Regional Providers often have the same reach as Tier-1s

• Peering across exchange points

– 73% of incoming traffic is by peering

• Managing connection back to home network

Is it easy to Then do they plan to

block of its network and

Determining network paths

• Destination identifies the destination IP address or the

• Next-hop indicates the IP address of the next router that an

• Outgoing interface is the interface from which the packet

Directly 2. IS-IS Routes

Only the best routes are in the IP routing table

Router (config)#ip route 172.16.24.0 255.255.255.0 172.16.10.1

• There is a special static route --- default route

Router (config)#ip route 0.0.0.0 0.0.0.0 172.16.10.1

Router# show ip cef Cisco

192.168.24.0/24 1/2 192.168.24.0/24 1/0 192.168.24.0/24 1/0

192.168.10.0/24 1/0 192.168.10.0/24 1/1 192.168.10.0/24 1/1

1/2 1/0 1/0

00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0

00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

00001010 00000001 00000010 00011001 10.1.2.25 0.0.0.0/0 e0/1 Match

1. Destination IP Address in the e0/2

packet Logical AND Subnet

longest prefix length of subnet 10.1.0.0/16 e0/2 Match

YES Forward out the

NO Is there a YES Forward out the

0.0.0.0/0 ethernet0/1 Use the default route

For networks in AS1 and AS2 to communicate:

• For net N1 in AS1 to send traffic to net N16 in AS16:

• As multiple paths between sites are implemented it is easy

r13 AS135533 172.16.16.254/32 172.16.11.2/30 203.176.189.13/24 172.16.16.0/23

r14 AS135534 172.16.18.254/32 172.16.11.34/30 203.176.189.14/24 172.16.18.0/23

r15 AS135535 172.16.20.254/32 172.16.11.66/30 203.176.189.15/24 172.16.20.0/23

r16 AS135536 172.16.22.254/32 172.16.11.98/30 203.176.189.16/24 172.16.22.0/23

r17 AS135537 172.16.24.254/32 172.16.11.130/30 203.176.189.17/24 172.16.24.0/23

r18 AS135538 172.16.26.254/32 172.16.11.162/30 203.176.189.18/24 172.16.26.0/23

r19 AS135539 172.16.28.254/32 172.16.11.194/30 203.176.189.19/24 172.16.28.0/23

r20 AS135540 172.16.30.254/32 172.16.11.226/30 203.176.189.20/24 172.16.30.0/23

Update message Contain path information. One update message

Notification message Sent when an error condition occur and BGP

• If iBGP speakers has multiple connection then it is advisable to peer

• Peering with BGP speaker in different AS

• Next hop is iBGP router loopback address

interface ethernet 5/0

interface ethernet 1/0/0

• A matching route must exist in the routing table before the

• A matching route must exist in the routing table before the

BGP router identifier 10.0.15.246, local AS number 10

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

Updates sent and

BGP table version is 30, local router ID is 10.0.15.246

Network Next Hop Metric LocPrf Weight Path