You are on page 1of 11

Agenda

• BGP Attributes

BGP Attributes and Policy • BGP Path Selection
Control • Applying Policy
ISP/IXP Workshops

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 1 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 2

What Is an Attribute?

Next
... Hop AS Path MED ... ...

• Describes the characteristics of prefix
BGP Attributes • Transitive or non-transitive
The “tools” available for the job • Some are mandatory

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 3 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 4

AS-Path AS-Path loop detection

• Sequence of ASes a AS 200 AS 100 AS 200 AS 100
route has traversed 170.10.0.0/16 180.10.0.0/16 170.10.0.0/16 180.10.0.0/16

140.10.0.0/16 500 300
• Loop detection 180.10.0.0/16 300 200 100 170.10.0.0/16 500 300 200
170.10.0.0/16 300 200 AS 300
• Apply policy AS 300
140.10.0.0/16
AS 400
150.10.0.0/16 180.10.0.0/16 is not accepted
AS 500 by AS100 the network has
AS100 in the AS-PATH – this is
180.10.0.0/16 300 200 100 180.10.0.0/16 300 200 100
loop detection in action
AS 500 170.10.0.0/16 300 200
170.10.0.0/16 300 200
150.10.0.0/16 300 400 140.10.0.0/16 300

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 5 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 6

1

2. 12 2 .1.10.10.3 iBGP – NEXT_HOP from eBGP Next hop is ibgp router loopback address Recursive route look-up Cisco ISP Workshops © 2003.2 220. 7 Cisco ISP Workshops © 2003.10. 11 Cisco ISP Workshops © 2003.0/16 A eBGP B 220.0.0/16 150. All rights reserved.0. All rights reserved. Cisco Systems.1. 8 Third Party Next Hop Next Hop (summary) AS 200 192. Inc. Inc.1.3 – this is • Allows IGP to make intelligent forwarding 192. Cisco Systems.0. 10 Origin Aggregator • Conveys the origin of the prefix • “Historical” attribute • Influences best path selection • Useful for debugging purposes • Three values: IGP.254.10.1/24 prefix has topology A B next hop address of 150.1.10. All rights reserved.1.1.2/32 AS 300 AS 300 D 150.0/16 150.2 • More efficient • No extra config needed Cisco ISP Workshops © 2003.1. Inc. Cisco Systems.1.1.2 160. All rights reserved.1. All rights reserved.2.0/16 220.0/24 150.0/24 150.10. Cisco Systems.0/23 220. Cisco Systems.68.10.1.1 160.1. EGP.1.3 • IGP should carry route to next hops 150.1.1 C • eBGP between Router A • Recursive route look-up and Router C • iBGP between RouterA • Unlinks BGP from actual physical and RouterB 150. Inc.1.1.3/32 iBGP C Loopback B AS 200 150.0/23 150.1.1. Inc. Next Hop iBGP Next Hop 220.1.254.1.1.1 iBGP Loopback C 220. incomplete • Conveys the IP address of the router/BGP speaker generating the aggregate route IGP – generated by BGP network statement • Does not influence path selection EGP – generated by EGP incomplete – redistributed from another routing protocol Cisco ISP Workshops © 2003. 9 Cisco ISP Workshops © 2003.3 150.1.1.1.254. All rights reserved.2 150.1.254.10.0.1 A AS 100 eBGP – address of external neighbour 220.68.68. Inc.1.1. Cisco Systems.0/24 passed on to RouterC decision AS 201 instead of 150.1.1.3 • 192.1.0/24 220.

All rights reserved.0/16 • Local to an AS – non-transitive local preference set to 100 when heard from AS 200 AS 300 neighbouring AS D 500 800 E • Used to influence BGP path selection determines best path for outbound traffic A B 160.0/24 2000 192. 17 Cisco ISP Workshops © 2003.10. Inc. All rights reserved.68. Local Preference Local Preference AS 100 160.0/16 800 C Cisco ISP Workshops © 2003.0.68.5.5.0/16 192.0/16 500 AS 400 • Path with highest local preference wins > 160. Inc. 16 Multi-Exit Discriminator MED & IGP Metric • Inter-AS – non-transitive • set metric-type internal metric attribute not announced to next AS enable BGP to advertise a MED which • Used to convey the relative preference of entry corresponds to the IGP metric values points changes are monitored (and re-advertised if determines best path for inbound traffic needed) every 600s • Comparable if paths are from same AS bgp dynamic-med-interval <secs> • IGP metric can be conveyed as MED set metric-type internal in route-map Cisco ISP Workshops © 2003. All rights reserved.68.0/24 AS 201 Cisco ISP Workshops © 2003.10. All rights reserved. 14 Local Preference Multi-Exit Discriminator (MED) • Configuration of Router B: AS 200 router bgp 400 neighbor 220.10. Cisco Systems. Cisco Systems. Inc. Cisco Systems.0/24 1000 match ip address prefix-list MATCH set local-preference 800 ! A B ip prefix-list MATCH permit 160.0.10. Cisco Systems. All rights reserved.1. Inc. Cisco Systems.0. Cisco Systems.1.1. 13 Cisco ISP Workshops © 2003.1.1.1 route-map local-pref in C ! route-map local-pref permit 10 192. All rights reserved. Inc. 18 3 . Inc. 15 Cisco ISP Workshops © 2003.1 remote-as 300 neighbor 220.0.

Cisco Systems. Inc.10. All rights reserved.0/24 neighbor 220.0/16 300:1 C 170. Cisco Systems.0.3 filter-list 3 weight 50 Cisco ISP Workshops © 2003. 21 Cisco ISP Workshops © 2003.1. LOCAL_PREF • 32 bit integer Backup link.1 weight 100 set metric 1000 ! • Weight assigned to routes based on filter ip prefix-list MATCH permit 192. but RPF 100. 24 4 .0. Cisco Systems.10.7.10. Cisco Systems.0/16 300:1 • no-export X 200. All rights reserved. best path back to AS4 would be via B. 23 Cisco ISP Workshops © 2003. All rights reserved. All rights reserved. Inc.0/16 170. LOCAL_PREF 200 • Communities described in RFC1997 B AS4. Inc.0/16 300:9 D • no-advertise ISP 1 AS 300 do not advertise to any peer 160.0. Multi-Exit Discriminator Weight • Configuration of Router B: router bgp 400 • Not really an attribute – local to router neighbor 220.68.5. All rights reserved.7.10.0.10.5.0. All rights reserved.0/16 300:1 170. Cisco Systems. Inc.1.1. Inc. 19 Cisco ISP Workshops © 2003.5.0/16 Cisco ISP Workshops © 2003.0/16 AS 400 do not advertise to eBGP peers E 200.0.0. and the RPF check would fail Cisco ISP Workshops © 2003. 20 Weight – Used to help Deploy RPF Community AS4 Link to use for most traffic from AS1 C AS4. Inc. Cisco Systems. 22 Community Well-Known Communities ISP 2 160. weight 100 still needs to work A AS1 Commonly represented as two 16 bit integers (RFC1998) • Used to group destinations Each destination could be member of multiple communities • Best path to AS4 from AS1 is always via B due to local-pref • But packets arriving at A from AS4 over the direct C to A link • Community attribute carried across AS’s will pass the RPF check as that path has a priority due to the weight being set • Very useful in applying policies If weight was not set.10.1 remote-as 200 neighbor 220.5.10.0.1 route-map set-med out • Highest weight wins ! • Applied to all routes from a neighbour route-map set-med permit 10 match ip address prefix-list MATCH neighbor 220.10.0/16 300:1 • local-AS do not advertise outside local AS (only used with A B confederations) AS 100 AS 200 160.

10. Cisco Systems.0. All rights reserved. All rights reserved. 29 Cisco ISP Workshops © 2003. Cisco Systems.10. Inc. All rights reserved. install N parallel paths in forwarding table Client must be aware of Route Reflector attributes! If router-id is the same. Cisco Systems.10. All rights reserved. 25 Cisco ISP Workshops © 2003. go to next step If router-id is not the same.0/16 AS 100 AS 200 G B E C F BGP Path Selection Algorithm • AS100 announces aggregate and subprefixes Why is this the best path? aim is to improve loadsharing by leaking subprefixes • Subprefixes marked with no-export community • Router G in AS200 does not announce prefixes with no-export community set Cisco ISP Workshops © 2003.X. Inc. Inc. 28 BGP Path Selection Algorithm BGP Path Selection Algorithm (continued) (continued) • Prefer eBGP path over iBGP path • Lowest router-id (originator-id for • Path with lowest IGP metric to next-hop reflected routes) • For eBGP paths: • Shortest cluster-list If multipath is enabled. Cisco Systems. Inc. 27 Cisco ISP Workshops © 2003.0. order the paths before • Highest weight (local to router) comparing • Highest local preference (global within AS) If bgp always-compare-med. Cisco Systems. select the oldest path • Lowest neighbour address Cisco ISP Workshops © 2003. Inc. All rights reserved. 26 BGP Path Selection Algorithm BGP Path Selection Algorithm (continued) • Lowest origin code • Do not consider path if no route to next hop IGP < EGP < incomplete • Do not consider iBGP path if not synchronised • Lowest Multi-Exit Discriminator (MED) If bgp deterministic-med.X. then compare for all • Prefer locally originated route paths otherwise MED only considered if paths are from • Shortest AS path the same AS (default) Cisco ISP Workshops © 2003. Cisco Systems. 30 5 . All rights reserved.X A D 170.0/16 170. No-Export Community 170.10.X No-Export 170. Inc.

0.0. Inc. /11. /31 and • Permit the prefix 35. All rights reserved. ip prefix-list EG permit 192. 36 6 .0.0.16.16. Applying Policy with BGP • Policy-based on AS path.0/8 /32 in the address block 192. community or the prefix • Rejecting/accepting selected routes • Set attributes to influence path selection Applying Policy with BGP • Tools: Prefix-list (filters prefixes) How to use the “tools” Filter-list (filters ASes) Route-maps and communities Cisco ISP Workshops © 2003. 33 Cisco ISP Workshops © 2003.0 matches all possible addresses. Used to specify the range of the prefix length to be matched for prefixes familiar IPv4 address/mask format) that are more specific than <network>/<len> Cisco ISP Workshops © 2003. /28. /26. /10. /30.0.0.0/8 ge 25 ip prefix-list EG deny 0. Cisco Systems.0/8 It has the same effect as the previous example • Deny the prefix 172. /30. Cisco Systems.0/0 le 32 block. … and • In 192/8 allow up to /24 higher in the address block 193.0/8 address ip prefix-list EG permit 0. Inc.0. /26. /28.0. /31 and /32.0.0. “0 le 32” matches all possible prefix lengths Cisco ISP Workshops © 2003.0.0. All rights reserved. 31 Cisco ISP Workshops © 2003. /22.0. Inc. 35 Cisco ISP Workshops © 2003. apart from /25. /9.0/8. /29. 34 Prefix Lists – Examples Prefix Lists – Examples • Deny default route • In 192/8 deny /25 and above ip prefix-list EG deny 192. All rights reserved.0.0/0 This denies all prefix sizes /25.0/8 ge 12 le 20 ip prefix-list EG deny 172. Cisco Systems. /27. All rights reserved. Cisco Systems.0.0.0/12 • In 193/8 permit prefixes between /12 and /20 ip prefix-list EG permit 193.0.0. Inc.0.0/8 le 24 • Permit all prefixes This allows all prefix sizes in the 192. 0. /27.0.0. Cisco Systems. /21.0/12 This denies all prefix sizes /8. All rights reserved.0/8. ip prefix-list EG permit 35.0.0. Inc.0. Cisco Systems. Inc. /29. All rights reserved. 32 Policy Control – Prefix List Prefix-list Command • Per neighbour prefix filter [no] ip prefix-list <list-name> [seq <seq-value>] deny | permit <network>/<len> [ge <ge-value>] [le <le-value>] incremental configuration <network>/<len>: The prefix and its length • High performance access-list ge <ge-value>: "greater than or equal to" • Inbound or Outbound le <le-value>: "less than or equal to" • Based upon network numbers (using Both "ge" and "le" are optional.

0.200. 39 Cisco ISP Workshops © 2003. All rights reserved. like programmes ^[0-9]+_[0-9]+$ Match AS_PATH length of two • Each line is a separate condition/action ^[0-9]*_[0-9]+$ Match AS_PATH length of one or two • Concept is basically: ^[0-9]*_[0-9]*$ Match AS_PATH length of one or two (will also match zero) if match then do expression and exit ^[0-9]+_[0-9]+_[0-9]+$ Match AS_PATH length of three else _(701|1800)_ Match anything which has gone if match then do expression and exit through AS701 or AS1800 else etc _1849(_. All rights reserved. Match one character . Inc. Inc.200. brace _790_1800_ via AS1800 and AS790 | Or _(1800_)+ multiple AS1800 in sequence () brackets to contain expression (used to match AS-PATH prepends) _\(65530\)_ via AS65530 (confederations) Cisco ISP Workshops © 2003. Policy Control – Prefix List Policy Control – Filter List • Example Configuration router bgp 200 • Filter routes based on AS path network 215.0.1 prefix-list PEER-OUT out router bgp 100 ! network 215. Inc.0. Cisco Systems. All rights reserved.1. end.0/0 le 32 ip as-path access-list 6 permit ^150$ Cisco ISP Workshops © 2003.* match anything . 41 Cisco ISP Workshops © 2003.0.200.+_)12163$ Match anything of origin AS12163 and passed through AS1849 Cisco ISP Workshops © 2003.0.1 prefix-list PEER-IN in • Example Configuration: neighbor 220. Cisco Systems. Cisco Systems. 37 Cisco ISP Workshops © 2003.1 filter-list 6 in ip prefix-list PEER-OUT permit 215.1.0. Cisco Systems.0.0 ip prefix-list PEER-IN deny 218.200.0/0 le 32 neighbor 220. Inc.1.1 filter-list 5 out ip prefix-list PEER-IN permit 0. white-space. All rights reserved.10.1 remote-as 210 • Inbound or Outbound neighbor 220.7.1.1.7.0/16 ! ip as-path access-list 5 permit ^200$ ip prefix-list PEER-OUT deny 0. All rights reserved.+ match at least one character * Match any number of preceding expression ^$ match routes local to this AS + Match at least one of preceding expression _1800$ originated by AS1800 ^ Beginning of line ^1800_ received from AS1800 $ End of line _1800_ via AS1800 _ Beginning. Cisco Systems.200. Inc. Inc. All rights reserved.0 neighbor 220. 38 Policy Control – Regular Expressions Policy Control – Regular Expressions • Simple Examples • Like Unix regular expressions .7. 42 7 .0.0/16 neighbor 220. 40 Policy Control – Regular Expressions Policy Control – Route Maps • A route-map is like a “programme” for IOS • Not so simple Examples ^[0-9]+$ Match AS_PATH length of one • Has “line” numbers. Cisco Systems.

Inc.2 remote-as 100 clns address ip route-source neighbor 2.200. Cisco Systems.0.1.1.0/8 ! ip prefix-list LOW-PREF permit 20.2. 43 Cisco ISP Workshops © 2003. All rights reserved. All rights reserved. Cisco Systems. Inc.0.200. All rights reserved.0. 46 Policy Control – Route Maps Policy Control – Route Maps • Example configuration of AS-PATH prepend • Route Map MATCH Articles router bgp 300 as-path ip next-hop network 215. Inc. All rights reserved.1. All rights reserved.0 neighbor 2. Cisco Systems.7.2.2 route-map filter-on-as-path in neighbor 1. Cisco Systems.1 route-map infilter in ! ! route-map infilter permit 10 route-map filter-on-as-path permit 10 match ip address prefix-list HIGH-PREF match as-path 1 set local-preference 120 set local-preference 80 ! ! route-map infilter permit 20 route-map filter-on-as-path permit 20 match ip address prefix-list LOW-PREF match as-path 2 set local-preference 80 ! set local-preference 200 ip prefix-list HIGH-PREF permit 10.0. Route Maps – Caveats Route Maps – Caveats • Lines can have multiple set statements but only • Example one match statement omitting the third line below means that • Line with only a set statement prefixes not matching list-one or list-two are dropped all prefixes are matched and set any following lines are ignored route-map sample permit 10 match ip address prefix-list list-one • Line with a match/set statement and no following set local-preference 120 lines ! only prefixes matching go through route-map sample permit 20 match ip address prefix-list list-two the rest are dropped set local-preference 80 ! route-map sample permit 30 ! Don’t forget this Cisco ISP Workshops © 2003.1. 47 Cisco ISP Workshops © 2003. Cisco Systems. Inc.0. 48 8 .2.2 remote-as 200 router bgp 100 neighbor 220.0/8 ip as-path access-list 1 permit _150$ ip as-path access-list 2 permit _210_ Cisco ISP Workshops © 2003.2. Cisco Systems. 44 Policy Control – Route Maps Policy Control – Route Maps • Example Configuration – route map and filter lists • Example Configuration – route map and prefix-lists router bgp 100 neighbor 220.2 route-map SETPATH out clns next-hop length ! clns route-source metric route-map SETPATH permit 10 set as-path prepend 300 300 community nlri • Use your own AS number when prepending interface route-type Otherwise BGP loop detection may cause disconnects ip address tag Cisco ISP Workshops © 2003. 45 Cisco ISP Workshops © 2003. All rights reserved. Inc. Inc.

200. All rights reserved. ip prefix-list SUPPRESS permit 220.0.8. defined through a route-map) network 220.2 remote-as 200 neighbor 220. Cisco Systems.200. All rights reserved.255.1.0 network 220.10. All rights reserved. Cisco Systems.10.2 remote-as 200 ! Used to unsuppress selected more. Inc.0 prefixes (e. route-map block-net permit 10 match ip address prefix-list SUPPRESS specific prefixes per BGP peering when the ! summary-only keyword is in use. Cisco Systems. All rights reserved. 52 Aggregation Policies – Aggregation Policies Suppress Map • Suppress Map • Example Used to suppress selected more-specific router bgp 100 network 220.200. 51 Cisco ISP Workshops © 2003. All rights reserved.10.10.10.34. Inc.0.0/0 le 32 ! Cisco ISP Workshops © 2003.10.1. Inc.0 suppress-map block-net • Unsuppress Map neighbor 222.0 255.0.g. Inc. Policy Control – Route Maps Policy Control – Route Maps • Route map SET Articles • Route map SET Articles ip precedence next-hop as-path dampening ip qos-group nlri multicast automatic-tag default interface ip tos nlri unicast clns interface level origin comm-list ip default next-hop local preference tag community ip next-hop metric traffic-index metric-type weight Cisco ISP Workshops © 2003.7.0. All rights reserved.1 remote-as 200 neighbor 220.0 keyword.0. Cisco Systems.0/21 le 32 ip prefix-list SUPPRESS deny 0.0/16 ge 17 ip community-list 1 permit 150:3 200:5 ip prefix-list EVERYTHING permit 0. 54 9 .1.7.200.1 route-map set-community out route-map filter-on-community permit 10 ! match community 1 route-map set-community permit 10 set local-preference 50 match ip address prefix-list NO-ANNOUNCE ! set community no-export route-map filter-on-community permit 20 ! match community 2 exact-match route-map set-community permit 20 set local-preference 200 match ip address prefix-list EVERYTHING ! ! ip prefix-list NO-ANNOUNCE permit 172.10. Inc.0.168. Inc.33.0 aggregate-address 220.1. 49 Cisco ISP Workshops © 2003.0.0.0 neighbor 220.0/0 le 32 ip community-list 2 permit 88:6 Cisco ISP Workshops © 2003. Cisco Systems. Cisco Systems.5.12. network 220.1 send-community ! neighbor 220. 53 Cisco ISP Workshops © 2003.2 route-map filter-on-community in neighbor 220.10.11. 50 Policy Control – Policy Control – Matching Communities Setting Communities • Example Configuration • Example Configuration router bgp 100 router bgp 100 network 215.1.200.0 in the absence of the summary-only network 220.

0 0.0 222.10.34. e .0.0 222.0 0 32768 i route-map leak-net permit 10 s> 220.2 Origin codes: i . Inc.10. Cisco Systems. * valid.0. Cisco Systems.0/16 0. h history. All rights reserved. e .10. local router ID is 222.0 0 32768 i ! s> 220.10.0.0 Status codes: s suppressed.7.0.internal unsuppress-map to suppress-map to Origin codes: i . e .10. Cisco Systems.0 0.0 0 32768 i s> 220.5.10.incomplete *> 220.IGP.0 0 32768 i Cisco ISP Workshops © 2003. All rights reserved.1 network 220.0.0 0 32768 i *> 220.IGP. ? .0 summary-only Origin codes: i .0. > best.5.0. * valid. 59 Cisco ISP Workshops © 2003.5.0.1 0 0 100 i bgp per neighbour bgp global configuration *> 220.0.0.8.0.7.0.10.7. d damped.34.0.10. local router ID is 222.10. ? .0/16 0.11. ? .internal Network Next Hop Metric LocPrf Weight Path Origin codes: i .5.0/0 le 32 ! Cisco ISP Workshops © 2003. All rights reserved.0.1 router2#sh ip bgp Status codes: s suppressed.0.0 255. h history.incomplete selectively leak selectively suppress Network Next Hop Metric LocPrf Weight Path subprefixes subprefixes *> 220. Cisco Systems. Inc.incomplete Status codes: s suppressed. 56 Aggregation Policies – Aggregation Policies – Unsuppress Map Unsuppress Map • Example router bgp 100 network 220.0 • show ip bgp on the local router network 220.0.0.11.5.11.2 unsuppress-map leak-net *> 220. > best.EGP.0 32768 i ! s> 220. d damped.0/21 le 32 ip prefix-list LEAK deny 0.1 0 100 i *> 220. i .7.5.0 router1#sh ip bgp network 220.0.5.0/16 222.0.0 0. i .0 0 32768 i *> 220.2 Status codes: s suppressed.34. > best. 58 Aggregation Policies – Aggregation Policies – Unsuppress Map Aggregate Address • Summary-only used • Absence of summary- only • show ip bgp on the remote router all subprefixes no subprefixes router2#sh ip bgp suppressed suppressed BGP table version is 90.10. h history. * valid.33.7. All rights reserved.10.10.0.10.IGP.0 222.10.5.0 0 32768 i *> 220.0 0 32768 i match ip address prefix-list LEAK s> 220. h history.0. Inc.1 0 0 100 i configuration *> 220.7.10.10.10.10. i -internal aggregate-address 220.0.0 0. e . 55 Cisco ISP Workshops © 2003.incomplete neighbor 222.12. Cisco Systems.1 0 0 100 i *> 220.5. All rights reserved.10.10.0 0 32768 i *> 220.10.0. d damped.internal BGP table version is 90.5.10.EGP.12.EGP.11. > best.7.0 222.0 0. All rights reserved.0 0. i .33.0 BGP table version is 11.0 0.0.EGP.255.0/16 222. Inc.5.0 network 220.0 0.1 0 0 100 i s> 220.1 0 0 100 i Cisco ISP Workshops © 2003.0. Aggregation Policies – Aggregation Policies – Suppress Map Suppress Map • show ip bgp on the local router • show ip bgp on the remote router router1#sh ip bgp BGP table version is 11.34. local router ID is 222. Inc.0.0.12.7.0.0 0 32768 i ip prefix-list LEAK permit 220.0 222. Cisco Systems.10.10. * valid.33.10.0 0. ? .10.10.5.5.10.7.1 0 100 i s> 220.0. 57 Cisco ISP Workshops © 2003.12.IGP. 60 10 .10. Inc.7.0.2 remote-as 200 Network Next Hop Metric LocPrf Weight Path neighbor 222.0 0.7. d damped.33.0.7.7. local router ID is 222.0 32768 i Network Next Hop Metric LocPrf Weight Path s> 220.0.10.

61 11 . Cisco Systems. BGP Attributes and Policy Control ISP/IXP Workshops Cisco ISP Workshops © 2003. All rights reserved. Inc.