Agenda

• BGP Attributes

BGP Attributes and Policy • BGP Path Selection
Control • Applying Policy
ISP/IXP Workshops

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 1 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 2

What Is an Attribute?

Next
... Hop AS Path MED ... ...

• Describes the characteristics of prefix
BGP Attributes • Transitive or non-transitive
The “tools” available for the job • Some are mandatory

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 3 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 4

AS-Path AS-Path loop detection

• Sequence of ASes a AS 200 AS 100 AS 200 AS 100
route has traversed 170.10.0.0/16 180.10.0.0/16 170.10.0.0/16 180.10.0.0/16

140.10.0.0/16 500 300
• Loop detection 180.10.0.0/16 300 200 100 170.10.0.0/16 500 300 200
170.10.0.0/16 300 200 AS 300
• Apply policy AS 300
140.10.0.0/16
AS 400
150.10.0.0/16 180.10.0.0/16 is not accepted
AS 500 by AS100 the network has
AS100 in the AS-PATH – this is
180.10.0.0/16 300 200 100 180.10.0.0/16 300 200 100
loop detection in action
AS 500 170.10.0.0/16 300 200
170.10.0.0/16 300 200
150.10.0.0/16 300 400 140.10.0.0/16 300

Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 5 Cisco ISP Workshops © 2003, Cisco Systems, Inc. All rights reserved. 6

1

1. All rights reserved.2 150. Inc.0.1.2.1.1.2 220.10.10.10.2.0/16 220.0/24 150.3 • IGP should carry route to next hops 150. Inc.1.1.1. Next Hop iBGP Next Hop 220.2 • More efficient • No extra config needed Cisco ISP Workshops © 2003.1/24 prefix has topology A B next hop address of 150.1.1.0/23 150.0/24 passed on to RouterC decision AS 201 instead of 150.1 A AS 100 eBGP – address of external neighbour 220.0/16 150.1.254.3 – this is • Allows IGP to make intelligent forwarding 192. All rights reserved.1.0/16 150. Inc. EGP.2 160.1.68.1 iBGP Loopback C 220.10.1. Cisco Systems.0/16 A eBGP B 220.1.1.1.254.1.1.0.1.10. Cisco Systems.10. 8 Third Party Next Hop Next Hop (summary) AS 200 192. Cisco Systems. All rights reserved.3 iBGP – NEXT_HOP from eBGP Next hop is ibgp router loopback address Recursive route look-up Cisco ISP Workshops © 2003.0/24 150.1.1. Cisco Systems.2/32 AS 300 AS 300 D 150. 7 Cisco ISP Workshops © 2003. Inc. 9 Cisco ISP Workshops © 2003.1.10. 11 Cisco ISP Workshops © 2003.1.10. Inc.254. 12 2 . Inc. All rights reserved.68.3/32 iBGP C Loopback B AS 200 150.3 150.0/23 220.254.1.3 • 192. Cisco Systems. Cisco Systems. All rights reserved.1 160.0. incomplete • Conveys the IP address of the router/BGP speaker generating the aggregate route IGP – generated by BGP network statement • Does not influence path selection EGP – generated by EGP incomplete – redistributed from another routing protocol Cisco ISP Workshops © 2003.0.68.1.1. 10 Origin Aggregator • Conveys the origin of the prefix • “Historical” attribute • Influences best path selection • Useful for debugging purposes • Three values: IGP.1.1.1 C • eBGP between Router A • Recursive route look-up and Router C • iBGP between RouterA • Unlinks BGP from actual physical and RouterB 150. All rights reserved.0/24 220.1.1.

0/24 2000 192.1. 17 Cisco ISP Workshops © 2003.1.1.68. All rights reserved. Inc. Inc. 14 Local Preference Multi-Exit Discriminator (MED) • Configuration of Router B: AS 200 router bgp 400 neighbor 220. Inc. 16 Multi-Exit Discriminator MED & IGP Metric • Inter-AS – non-transitive • set metric-type internal metric attribute not announced to next AS enable BGP to advertise a MED which • Used to convey the relative preference of entry corresponds to the IGP metric values points changes are monitored (and re-advertised if determines best path for inbound traffic needed) every 600s • Comparable if paths are from same AS bgp dynamic-med-interval <secs> • IGP metric can be conveyed as MED set metric-type internal in route-map Cisco ISP Workshops © 2003.5.0/16 500 AS 400 • Path with highest local preference wins > 160.1.10.0/24 AS 201 Cisco ISP Workshops © 2003.5.0/16 • Local to an AS – non-transitive local preference set to 100 when heard from AS 200 AS 300 neighbouring AS D 500 800 E • Used to influence BGP path selection determines best path for outbound traffic A B 160.0. All rights reserved. 18 3 .0.68. All rights reserved.68. Cisco Systems. Cisco Systems. All rights reserved.0. Cisco Systems.1.0/16 800 C Cisco ISP Workshops © 2003. Cisco Systems. Inc. Inc.10.1 route-map local-pref in C ! route-map local-pref permit 10 192.10. 13 Cisco ISP Workshops © 2003.0.0/16 192.1 remote-as 300 neighbor 220. Inc. All rights reserved. Cisco Systems. 15 Cisco ISP Workshops © 2003.0/24 1000 match ip address prefix-list MATCH set local-preference 800 ! A B ip prefix-list MATCH permit 160. Cisco Systems. All rights reserved.10. Local Preference Local Preference AS 100 160.

10. Inc. and the RPF check would fail Cisco ISP Workshops © 2003.7.0/16 Cisco ISP Workshops © 2003.5.1.10.0/16 300:1 170. but RPF 100. All rights reserved. 19 Cisco ISP Workshops © 2003.1.0/16 300:9 D • no-advertise ISP 1 AS 300 do not advertise to any peer 160. best path back to AS4 would be via B.1 weight 100 set metric 1000 ! • Weight assigned to routes based on filter ip prefix-list MATCH permit 192. Inc. All rights reserved. LOCAL_PREF 200 • Communities described in RFC1997 B AS4.0.0/16 300:1 • local-AS do not advertise outside local AS (only used with A B confederations) AS 100 AS 200 160. LOCAL_PREF • 32 bit integer Backup link. 20 Weight – Used to help Deploy RPF Community AS4 Link to use for most traffic from AS1 C AS4. 24 4 .5. Cisco Systems. 21 Cisco ISP Workshops © 2003.0.68. Inc.10.5. 22 Community Well-Known Communities ISP 2 160.0/16 300:1 C 170.10. All rights reserved. Cisco Systems.0.0/16 300:1 • no-export X 200. All rights reserved. weight 100 still needs to work A AS1 Commonly represented as two 16 bit integers (RFC1998) • Used to group destinations Each destination could be member of multiple communities • Best path to AS4 from AS1 is always via B due to local-pref • But packets arriving at A from AS4 over the direct C to A link • Community attribute carried across AS’s will pass the RPF check as that path has a priority due to the weight being set • Very useful in applying policies If weight was not set.0/16 AS 400 do not advertise to eBGP peers E 200. Cisco Systems.0.0. Inc.1 remote-as 200 neighbor 220.7.1 route-map set-med out • Highest weight wins ! • Applied to all routes from a neighbour route-map set-med permit 10 match ip address prefix-list MATCH neighbor 220.0/24 neighbor 220.0/16 170.10.10. 23 Cisco ISP Workshops © 2003. Inc.10. All rights reserved. Inc. Cisco Systems. All rights reserved.0.0.0. Cisco Systems.10. Multi-Exit Discriminator Weight • Configuration of Router B: router bgp 400 • Not really an attribute – local to router neighbor 220.1. Cisco Systems.3 filter-list 3 weight 50 Cisco ISP Workshops © 2003.5.

0. All rights reserved. All rights reserved.0. go to next step If router-id is not the same. Inc. 30 5 .0/16 AS 100 AS 200 G B E C F BGP Path Selection Algorithm • AS100 announces aggregate and subprefixes Why is this the best path? aim is to improve loadsharing by leaking subprefixes • Subprefixes marked with no-export community • Router G in AS200 does not announce prefixes with no-export community set Cisco ISP Workshops © 2003. Cisco Systems.10. Inc. All rights reserved. All rights reserved. All rights reserved.10. Inc. order the paths before • Highest weight (local to router) comparing • Highest local preference (global within AS) If bgp always-compare-med.X No-Export 170. 29 Cisco ISP Workshops © 2003.0/16 170. Cisco Systems. 26 BGP Path Selection Algorithm BGP Path Selection Algorithm (continued) • Lowest origin code • Do not consider path if no route to next hop IGP < EGP < incomplete • Do not consider iBGP path if not synchronised • Lowest Multi-Exit Discriminator (MED) If bgp deterministic-med. 25 Cisco ISP Workshops © 2003. Cisco Systems. All rights reserved.10. Cisco Systems. select the oldest path • Lowest neighbour address Cisco ISP Workshops © 2003. Cisco Systems.X.X. No-Export Community 170. Inc. Inc. then compare for all • Prefer locally originated route paths otherwise MED only considered if paths are from • Shortest AS path the same AS (default) Cisco ISP Workshops © 2003.X A D 170. 27 Cisco ISP Workshops © 2003. install N parallel paths in forwarding table Client must be aware of Route Reflector attributes! If router-id is the same. Cisco Systems.10. 28 BGP Path Selection Algorithm BGP Path Selection Algorithm (continued) (continued) • Prefer eBGP path over iBGP path • Lowest router-id (originator-id for • Path with lowest IGP metric to next-hop reflected routes) • For eBGP paths: • Shortest cluster-list If multipath is enabled. Inc.

Cisco Systems. 35 Cisco ISP Workshops © 2003. /11. /30.0.0. /30.0. /27. /21.0/8. Cisco Systems.0.0. ip prefix-list EG permit 35.0. /27. All rights reserved. community or the prefix • Rejecting/accepting selected routes • Set attributes to influence path selection Applying Policy with BGP • Tools: Prefix-list (filters prefixes) How to use the “tools” Filter-list (filters ASes) Route-maps and communities Cisco ISP Workshops © 2003.0.0. Inc. /26. 0.0.0.0. Used to specify the range of the prefix length to be matched for prefixes familiar IPv4 address/mask format) that are more specific than <network>/<len> Cisco ISP Workshops © 2003. /31 and /32.0. 34 Prefix Lists – Examples Prefix Lists – Examples • Deny default route • In 192/8 deny /25 and above ip prefix-list EG deny 192. ip prefix-list EG permit 192. /28.16. Cisco Systems.0.0/8 le 24 • Permit all prefixes This allows all prefix sizes in the 192.0. 36 6 .16. Inc. /31 and • Permit the prefix 35. All rights reserved.0. All rights reserved. Inc.0/8 /32 in the address block 192.0/8.0/0 le 32 block.0. /29. /29. … and • In 192/8 allow up to /24 higher in the address block 193.0/12 This denies all prefix sizes /8. “0 le 32” matches all possible prefix lengths Cisco ISP Workshops © 2003. apart from /25.0/8 ge 25 ip prefix-list EG deny 0.0. All rights reserved. /22. Cisco Systems. Cisco Systems. /28. Inc. Cisco Systems.0 matches all possible addresses.0.0/0 This denies all prefix sizes /25. Inc.0/12 • In 193/8 permit prefixes between /12 and /20 ip prefix-list EG permit 193. /26.0/8 address ip prefix-list EG permit 0.0/8 ge 12 le 20 ip prefix-list EG deny 172. Applying Policy with BGP • Policy-based on AS path. 32 Policy Control – Prefix List Prefix-list Command • Per neighbour prefix filter [no] ip prefix-list <list-name> [seq <seq-value>] deny | permit <network>/<len> [ge <ge-value>] [le <le-value>] incremental configuration <network>/<len>: The prefix and its length • High performance access-list ge <ge-value>: "greater than or equal to" • Inbound or Outbound le <le-value>: "less than or equal to" • Based upon network numbers (using Both "ge" and "le" are optional.0.0.0.0/8 It has the same effect as the previous example • Deny the prefix 172. All rights reserved. /9. /10.0.0. 33 Cisco ISP Workshops © 2003.0. 31 Cisco ISP Workshops © 2003. Inc. All rights reserved.

0.0 neighbor 220. Cisco Systems.0.1. white-space. Inc. 42 7 .200.0/0 le 32 ip as-path access-list 6 permit ^150$ Cisco ISP Workshops © 2003.0.200. All rights reserved. 39 Cisco ISP Workshops © 2003. All rights reserved. end. Cisco Systems. Inc.0.0/16 ! ip as-path access-list 5 permit ^200$ ip prefix-list PEER-OUT deny 0.0. Cisco Systems.+_)12163$ Match anything of origin AS12163 and passed through AS1849 Cisco ISP Workshops © 2003.0/0 le 32 neighbor 220.7.0.1.1 prefix-list PEER-IN in • Example Configuration: neighbor 220. brace _790_1800_ via AS1800 and AS790 | Or _(1800_)+ multiple AS1800 in sequence () brackets to contain expression (used to match AS-PATH prepends) _\(65530\)_ via AS65530 (confederations) Cisco ISP Workshops © 2003. All rights reserved. 41 Cisco ISP Workshops © 2003.1. All rights reserved. Match one character . Inc. Inc.0/16 neighbor 220.1. Inc. Policy Control – Prefix List Policy Control – Filter List • Example Configuration router bgp 200 • Filter routes based on AS path network 215. All rights reserved.1 filter-list 6 in ip prefix-list PEER-OUT permit 215.10.200. Cisco Systems.0.0. Inc.1 prefix-list PEER-OUT out router bgp 100 ! network 215. 37 Cisco ISP Workshops © 2003. 40 Policy Control – Regular Expressions Policy Control – Route Maps • A route-map is like a “programme” for IOS • Not so simple Examples ^[0-9]+$ Match AS_PATH length of one • Has “line” numbers.200.1 remote-as 210 • Inbound or Outbound neighbor 220. 38 Policy Control – Regular Expressions Policy Control – Regular Expressions • Simple Examples • Like Unix regular expressions . All rights reserved.7. Cisco Systems.200.1 filter-list 5 out ip prefix-list PEER-IN permit 0.1.7.0 ip prefix-list PEER-IN deny 218. Cisco Systems. like programmes ^[0-9]+_[0-9]+$ Match AS_PATH length of two • Each line is a separate condition/action ^[0-9]*_[0-9]+$ Match AS_PATH length of one or two • Concept is basically: ^[0-9]*_[0-9]*$ Match AS_PATH length of one or two (will also match zero) if match then do expression and exit ^[0-9]+_[0-9]+_[0-9]+$ Match AS_PATH length of three else _(701|1800)_ Match anything which has gone if match then do expression and exit through AS701 or AS1800 else etc _1849(_.+ match at least one character * Match any number of preceding expression ^$ match routes local to this AS + Match at least one of preceding expression _1800$ originated by AS1800 ^ Beginning of line ^1800_ received from AS1800 $ End of line _1800_ via AS1800 _ Beginning.* match anything .

0.1. Inc. Inc. 43 Cisco ISP Workshops © 2003.200.0/8 ip as-path access-list 1 permit _150$ ip as-path access-list 2 permit _210_ Cisco ISP Workshops © 2003.0.200. 44 Policy Control – Route Maps Policy Control – Route Maps • Example Configuration – route map and filter lists • Example Configuration – route map and prefix-lists router bgp 100 neighbor 220. 46 Policy Control – Route Maps Policy Control – Route Maps • Example configuration of AS-PATH prepend • Route Map MATCH Articles router bgp 300 as-path ip next-hop network 215.2 remote-as 100 clns address ip route-source neighbor 2.1.2.0 neighbor 2. 47 Cisco ISP Workshops © 2003. Inc. Route Maps – Caveats Route Maps – Caveats • Lines can have multiple set statements but only • Example one match statement omitting the third line below means that • Line with only a set statement prefixes not matching list-one or list-two are dropped all prefixes are matched and set any following lines are ignored route-map sample permit 10 match ip address prefix-list list-one • Line with a match/set statement and no following set local-preference 120 lines ! only prefixes matching go through route-map sample permit 20 match ip address prefix-list list-two the rest are dropped set local-preference 80 ! route-map sample permit 30 ! Don’t forget this Cisco ISP Workshops © 2003. Inc.2. All rights reserved. All rights reserved. 48 8 . Cisco Systems.2.0/8 ! ip prefix-list LOW-PREF permit 20. Cisco Systems. Cisco Systems. Inc.7.2 remote-as 200 router bgp 100 neighbor 220.1.2 route-map filter-on-as-path in neighbor 1.1. All rights reserved. All rights reserved. Inc. All rights reserved.2.0.0. All rights reserved. Cisco Systems.1 route-map infilter in ! ! route-map infilter permit 10 route-map filter-on-as-path permit 10 match ip address prefix-list HIGH-PREF match as-path 1 set local-preference 120 set local-preference 80 ! ! route-map infilter permit 20 route-map filter-on-as-path permit 20 match ip address prefix-list LOW-PREF match as-path 2 set local-preference 80 ! set local-preference 200 ip prefix-list HIGH-PREF permit 10.0. 45 Cisco ISP Workshops © 2003. Cisco Systems. Cisco Systems.2 route-map SETPATH out clns next-hop length ! clns route-source metric route-map SETPATH permit 10 set as-path prepend 300 300 community nlri • Use your own AS number when prepending interface route-type Otherwise BGP loop detection may cause disconnects ip address tag Cisco ISP Workshops © 2003.

200. 51 Cisco ISP Workshops © 2003.0/21 le 32 ip prefix-list SUPPRESS deny 0. Inc. Cisco Systems.0 prefixes (e. Cisco Systems. ip prefix-list SUPPRESS permit 220. 50 Policy Control – Policy Control – Matching Communities Setting Communities • Example Configuration • Example Configuration router bgp 100 router bgp 100 network 215.0 255. defined through a route-map) network 220. All rights reserved. All rights reserved.33.10. Inc.10.200. Cisco Systems.200.0/0 le 32 ! Cisco ISP Workshops © 2003.0.1.168.1.8.1 remote-as 200 neighbor 220. route-map block-net permit 10 match ip address prefix-list SUPPRESS specific prefixes per BGP peering when the ! summary-only keyword is in use.7. Cisco Systems. Inc.7.1.0.0 network 220.5.0. 54 9 .0 aggregate-address 220. 53 Cisco ISP Workshops © 2003.0/16 ge 17 ip community-list 1 permit 150:3 200:5 ip prefix-list EVERYTHING permit 0.0.10.2 remote-as 200 neighbor 220.0.10. network 220.0 suppress-map block-net • Unsuppress Map neighbor 222. All rights reserved.0.0/0 le 32 ip community-list 2 permit 88:6 Cisco ISP Workshops © 2003.2 route-map filter-on-community in neighbor 220.2 remote-as 200 ! Used to unsuppress selected more. Inc.200.10.0 neighbor 220.34.0. Policy Control – Route Maps Policy Control – Route Maps • Route map SET Articles • Route map SET Articles ip precedence next-hop as-path dampening ip qos-group nlri multicast automatic-tag default interface ip tos nlri unicast clns interface level origin comm-list ip default next-hop local preference tag community ip next-hop metric traffic-index metric-type weight Cisco ISP Workshops © 2003. Inc.1.200.255. Cisco Systems. Cisco Systems.0.1 route-map set-community out route-map filter-on-community permit 10 ! match community 1 route-map set-community permit 10 set local-preference 50 match ip address prefix-list NO-ANNOUNCE ! set community no-export route-map filter-on-community permit 20 ! match community 2 exact-match route-map set-community permit 20 set local-preference 200 match ip address prefix-list EVERYTHING ! ! ip prefix-list NO-ANNOUNCE permit 172.10.1.10. 49 Cisco ISP Workshops © 2003. All rights reserved.0 keyword. All rights reserved. Inc. 52 Aggregation Policies – Aggregation Policies Suppress Map • Suppress Map • Example Used to suppress selected more-specific router bgp 100 network 220.11.g.10. All rights reserved.0 in the absence of the summary-only network 220.12.1 send-community ! neighbor 220.

0. local router ID is 222. > best.0. local router ID is 222.0.5.EGP. d damped.12.10.10.10.0 0.0.5. Cisco Systems. All rights reserved.0.0 222.internal BGP table version is 90.12.8.10.0.2 Status codes: s suppressed.internal unsuppress-map to suppress-map to Origin codes: i .10. * valid.7.7.33. Cisco Systems.0.0.10.11.11. ? .7. local router ID is 222.10.5.0. h history.0 0.10. All rights reserved.10.10. h history.10.1 0 0 100 i *> 220. Inc.1 0 100 i s> 220. 55 Cisco ISP Workshops © 2003. ? . > best.0 255.10.1 0 0 100 i configuration *> 220. d damped.IGP.0 32768 i ! s> 220.EGP.5.0.10. Aggregation Policies – Aggregation Policies – Suppress Map Suppress Map • show ip bgp on the local router • show ip bgp on the remote router router1#sh ip bgp BGP table version is 11.0. Inc. d damped.internal Network Next Hop Metric LocPrf Weight Path Origin codes: i .0 0 32768 i s> 220.7.0.10.11. Inc.10.0.34.7. > best. 59 Cisco ISP Workshops © 2003.incomplete Status codes: s suppressed. * valid.10.2 unsuppress-map leak-net *> 220.2 remote-as 200 Network Next Hop Metric LocPrf Weight Path neighbor 222.0 0 32768 i match ip address prefix-list LEAK s> 220.10.0 0.0 0. i . > best.0 • show ip bgp on the local router network 220.2 Origin codes: i .IGP.0 0 32768 i Cisco ISP Workshops © 2003.EGP. Inc. ? .34.5.10.0/21 le 32 ip prefix-list LEAK deny 0.0 222. 58 Aggregation Policies – Aggregation Policies – Unsuppress Map Aggregate Address • Summary-only used • Absence of summary- only • show ip bgp on the remote router all subprefixes no subprefixes router2#sh ip bgp suppressed suppressed BGP table version is 90. Cisco Systems.0 0.0 summary-only Origin codes: i .5. ? .10.5.incomplete *> 220. e .10.12. e .7.0 0 32768 i *> 220.255.5.7.7.0.0 0 32768 i *> 220. 56 Aggregation Policies – Aggregation Policies – Unsuppress Map Unsuppress Map • Example router bgp 100 network 220.1 router2#sh ip bgp Status codes: s suppressed.10.0/16 0. d damped.33.0.1 0 0 100 i bgp per neighbour bgp global configuration *> 220.5.0.0 0. e .10.0.0 network 220.7. All rights reserved. 60 10 .7. i . * valid.0 0 32768 i route-map leak-net permit 10 s> 220.0.0. local router ID is 222.0/16 222. i .0 0.0 0 32768 i *> 220.5.34.1 0 0 100 i Cisco ISP Workshops © 2003.10.0 32768 i Network Next Hop Metric LocPrf Weight Path s> 220.0 0.33.0 0 32768 i ip prefix-list LEAK permit 220.0/0 le 32 ! Cisco ISP Workshops © 2003. Cisco Systems.10.0/16 0.0.0 router1#sh ip bgp network 220.5.0 0.0.1 network 220.0 Status codes: s suppressed.0.5. Inc.11. i -internal aggregate-address 220.incomplete selectively leak selectively suppress Network Next Hop Metric LocPrf Weight Path subprefixes subprefixes *> 220.7. e .0.0 BGP table version is 11.1 0 100 i *> 220.0.10. 57 Cisco ISP Workshops © 2003.10.10.0. All rights reserved.0.33.7.0 222. Cisco Systems.0 222. Inc.0 0 32768 i ! s> 220.10.incomplete neighbor 222.10.10.0.34. All rights reserved.IGP.0 0. * valid.12.0 0 32768 i *> 220. Cisco Systems.0. h history.7.EGP.5.0.0.0. All rights reserved. h history.0.0 222.1 0 0 100 i s> 220.IGP.0/16 222.

61 11 . Cisco Systems. Inc. BGP Attributes and Policy Control ISP/IXP Workshops Cisco ISP Workshops © 2003. All rights reserved.