• • Table of Contents Index Practical BGP By Russ White, Danny McPherson, Sangli Srihari Publisher : Addison Wesley Pub Date : July 06, 2004 ISBN : 0-321-12700-5 Pages : 448 Hands-on guidance for deploying and optimizing BGP networks enterprise and ISP Now there's a practical guide to deploying and managing BGPv4 in any environment-from small enterprises to the largest Tier 2 and Tier 3 service providers A team of the world's leading BGP experts brings together powerful insights into network design, configuration, and deployment with the latest version of BGP including hands-on guidance for leveraging its key enhancements Coverage includes Best practices and diverse real-world scenarios for applying BGPv4 Understanding the impact of BGP design on local networks and the global Internet backbone Building effective BGP policies: aggregation, propagation, accounting, and more Maximizing scalability and performance in BGPv4 networks BGP and network security, including Secure Origin BGP Deploying BGP/MPLS Layer 3 VPNs Extensive troubleshooting guidance unavailable in any other book If you're a network engineer or administrator looking to drive maximum reliability and performance from BGP-based networks, Practical BGP will help you get the job done-from start to finish • • Table of Contents Index Practical BGP By Russ White, Danny McPherson, Sangli Srihari Publisher : Addison Wesley Pub Date : July 06, 2004 ISBN : 0-321-12700-5 Pages : 448 Copyright Foreword Preface Chapter 1 The Border Gateway Protocol Exterior and Interior Gateway Protocols Distance Vector, Link State, and Path Vector BGP Peering BGP's Best Path Algorithm BGP Path Vector Implementation BGP Attributes Review Questions Chapter 2 BGP at the Edge Connecting to a Service Provider Single Homing to a Service Provider Dual Homing to a Single Service Provider Controlling Outbound Traffic Flow Dual Homing to Multiple Service Providers Forcing Symmetric Entry and Exit Points Intelligent Routing Considerations for All Service Provider Peering Situations Review Questions Chapter 3 Scaling the Enterprise Using BGP BGP Cores Implementing a BGP Core External Connections Review Questions Chapter 4 Core Design with iBGP Full Mesh iBGP Cores Route Reflectors BGP Confederations Review Questions Chapter 5 BGP Performance Peer Groups Update Packing Timers Transport-Level Issues Review Questions Chapter 6 BGP Policy Policy Instruments Local Preference Safety Nets Route Flap Damping BGP MED Deployment Considerations Communities in PracticeRFC 1998 and Other Routing Policies The AS Path Outbound Route Filtering Review Questions Chapter 7 New Features in BGP BGP Custom Decision Process Controlling Redistribution at Remote Points Multipath Interaction with Interior Gateway Protocols during Convergence Conditional Communities Outbound Route Filtering BGP Graceful Restart Inbound Route Summarization Flexible Communities Review Questions Chapter 8 Troubleshooting BGP Establishing Neighbors Update Exchange Inconsistent Routing Route Churn Next Hop Recursion Oscillation Review Questions Chapter 9 BGP and Network Security Protecting Peering Relationships Preventing Spoofing at the Edge Securing Routing Information within BGP Review Questions Chapter 10 Deploying BGP/MPLS Layer-3 VPNs What Is a Virtual Private Network? The BGP/MPLS-Based VPN Putting It Together: An MPLS/BGP VPN Example VPN Service Provider Deployment Considerations VPN Topologies Conclusion Review Questions Appendix A Answers to the Review Questions Chapter 1 Chapter 2 Chapter 4 Chapter 6 Chapter 8 Chapter 3 Chapter 5 Chapter 7 Chapter 9 Chapter 10 Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales For more information, please contact: U.S Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside of the U.S., please contact: International Sales (317) 581-3793 international@pearsontechgroup.com Visit Addison-Wesley on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data Copyright © 2005 by Pearson Education, Inc All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher Printed in the United States of America Published simultaneously in Canada For information on obtaining permission for use of material from this work, please submit a written request to: Pearson Education, Inc Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 Text printed on recycled paper 1 2 3 4 5 6 7 8 9 10 First printing, June 2004 Foreword Over lunch at the 12th IETF meeting in January 1989, Len Bosack, Kirk Lougheed, and myself came up with a protocol we called "A Border Gateway Protocol." The outcome of what we produced was written on three napkins, giving BGP its unofficial title as the "Three Napkins Protocol." Following lunch, Kirk and I expanded the context of the napkins into few handwritten pieces of paper (see p x) In less than a month after the meeting, we came up with the first two interoperable implementations of BGP BGP was built around few fairly simple ideas The first idea was to provide loop-free routing by carrying information about the path that the routing information traverses, and using this information to suppress routing information looping The second idea was to minimize the volume of routing information that has to be exchanged between routers by using the technique of incremental updates, in which a router, after an initial exchange of full routing information with a neighbor, exchanges only the changes to that information with the neighbor Using incremental updates requires reliable transport of these updates between neighbors The third idea was to use TCP as the necessary reliable transport, rather than (re)invent a new transport protocol The last idea was to encode the information carried by BGP as a collection of attributes, with each attribute encoded as a triplet Doing this facilitates adding new features to BGP in an incremental fashion All these ideas remain essential in today's BGP At the time of this writing, it has been fifteen years since BGP was originally designed The evolution of BGP over these fifteen years came in several major "waves." The first wave produced support for IPv4 Classless Inter-Domain Routing (CIDR) The second wave produced such features as BGP Confederations, BGP Route Reflectors, BGP Communities, and BGP Route Dampening The third wave produced such features as MultiProtocol Extensions, and Capability Advertisement The most recent wave produced such features as BGP/MPLS IP VPNs (also known as 2547 VPNs), BGP-based VPN auto-discovery, and BGP-based Virtual Private LAN Services (VPLS) It is precisely the last wave that expanded the scope of BGP well beyond supporting just inter-domain routing for the Internet During the first six years of its life (19891995), BGP changed its version number four times (from BGP-1 to BGP-4) However, since 1995, BGP has not changed its version number even oncein 2004 we still have BGP-4 This is because the introduction of Capability Advertisement provided a much more flexible mechanism for adding new, even backward incompatible features to BGP than did traditional version negotiation When BGP was originally designed in 1989, it was intended to be a short/medium term solution to Internet inter-domain routing As a result the original design goals for BGP were fairly modestto support inter-domain routing with a few thousand classful IPv4 routes without imposing any restrictions on the inter-domain topology (remember that BGP's predecessor, EGP2, constrained inter-domain topology to a spanning tree) Fifteen years later BGP remains the sole inter-domain routing protocol for the Internet Yet current use of BGP extends well beyond its original design goals From a protocol designed to support inter-domain routing in the Internet that had just a few thousand classful IPv4 routes BGP evolved into a protocol that supports inter-domain routing in the Internet with well over 120,000 thousands classless (CIDR) IPv4 routes Moreover, today's BGP is no longer restricted to simply distributing IPv4 (or IPv6) routes BGP evolved from being an inter-domain routing protocol for the Internet to a protocol that supports constrained, loop-free distribution of information, both within a single autonomous system, as well as across multiple [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] open message errors Open Shortest Path First efficiency networks, large, usage in stub router advertisement 2nd tag mechanisms (technique similar to) topology map Origin Code Origin Code, route 2nd origin codes example codes 2nd Incomplete types OSPF [See Open Shortest Path First] Outbound Route Filtering description 2nd operations sample code configurations 2nd usage outbound route filters overlay model [See also virtual private network] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] packet format, BGP attributes transmittal 2nd 3rd Packet Over SONET path vector 2nd 3rd 4th 5th path vector protocols 2nd peer groups, BGP CISCO IOS Software definition convergence, impact on 2nd outbound policies overview update groups [See update groups] peer-to-peer model peering, BGP Cease code [See Cease code] data formatting establishing relationships example configuration programming 2nd exterior (eBGP) [See eBGP] groups [See peer groups, BGP] message header errors 2nd notifications 2nd 3rd 4th open message errors overview protecting relationships 2nd routes techniques 2nd 3rd traffic transport, what not to do 2nd transporting data between peers 2nd update message errors 2nd update-source-loopback performance, BGP overview 2nd policy configuration, relationship between policies, interdomain 2nd 3rd policy, BGP access lists [See access lists] common, most community lists [See community lists] instruments 2nd lists, in Cisco IOS software local preference, using to set policy 2nd 3rd primitives regular expressions route maps [See route maps] routing 2nd 3rd 4th 5th PolicyCert 2nd 3rd 4th 5th serial numbers POS [See Packet Over SONET] prefix lists design and implementation 2nd 3rd 4th 5th 6th [See access lists] displaying [See access lists] empty 2nd [See access lists] explicit 2nd [See access lists] filters [See access lists] keyword extension [See access lists] prefixes, originating, BGP 2nd 3rd prefixes, routing definition 2nd 3rd originating 2nd troubleshooting [See prefixes, routing;troubleshooting] privacy, network provider edge router [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] Regional Internet Registries 2nd 3rd Rekhter, Yakov remove-private-as configuration RFC 1771 RFC 1997 RFC 1998 2nd 3rd RFC 2409 RFC 2796 2nd 3rd RFC 3354 RFC 3682 2nd RIP [See Routing Information Protocol] RIPv2 [See Routing Information Protocol] RIRs [See Regional Internet Registries] route best exit 2nd [See routing domainsrouting protocols] churn [See routing domainsrouting protocols, route churn] closest exit 2nd [See routing domainsrouting protocols] cold potato 2nd [See routing domainsrouting protocols] flap, reordering due to [See routing domainsrouting protocols] hot potato 2nd 3rd [See routing domainsrouting protocols] inconsistent, troubleshooting [See routing domainsrouting protocols, prefixes, routing;troubleshooting] intelligent [See routing domainsrouting protocols, intelligent routing] maps [See routing domainsrouting protocols, route maps] origination 2nd [See routing domainsrouting protocols] re-originating 2nd [See routing domainsrouting protocols] relection, in full mesh iBGP [See routing domainsrouting protocols, full mesh iBGP cores] suboptimal 2nd [See routing domainsrouting protocols] validating 2nd 3rd 4th [See routing domainsrouting protocols] route churn causes costs example code 2nd 3rd 4th resolving RFC 3354 troubleshooting 2nd route flap damping operations overview parameters 2nd reordering route maps match statements 2nd 3rd 4th 5th 6th policy instruments, as set statements 2nd Route Target routing domains definition eBGP connections [See eBGP] impact of changes in one influencing another 2nd interdomain policies 2nd 3rd Routing Information Protocol routing protocols distribution routing tables growth, Internet 2nd inbound summarization 2nd 3rd 4th 5th size routing, intelligent [See intelligent routing] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] S-BGP cryptographic optimizations overview safety nets advertisement length, acceptable 2nd [See security] bogon filters [See security, bogon filters] common AS Path filters 2nd 3rd 4th [See security] maximum prefixes 2nd [See security] role/usage [See security] Secure Origin BGP [See soBGP] security BGP over IPsec 2nd 3rd BGP Security message generalized TTL security mechanism 2nd hacking information, hiding infrastructure ACLs, protecting MD5 authentication 2nd 3rd MEDs, considerations related to overview 2nd preference [See security preference] routing information, securing within BGP overview 2nd soBGP [See soBGP] S-BGP [See S-BGP] safety nets, autonomous systems [See safety nets] soBGP [See soBGP] spoofing [See security;spoofing] viruses [See viruses] security preference 2nd shared secret shortest path first algorithm show ip bgp 2nd 3rd show ip BGP commands show ip bgp summary show ip route site, definition (in VPN terms) soBGP address block database and AuthCert 2nd 3rd certificate revocation 2nd 3rd 4th certificates, propagating directed graph and PolicyCert 2nd edge-to-edge deployment 2nd 3rd 4th entity database and EntityCert key rollover 2nd 3rd 4th keys used 2nd overview partial deployment 2nd route validation/security preference 2nd S-BGP [See S-BGP] server to server deployment 2nd 3rd summary validating routing information 2nd 3rd spoofing, preventing at edge 2nd 3rd 4th Subsequent Address Family Identifier summarization [See aggregation] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] tagging, routes 2nd TCP Transport Connection timers Cisco IOS Software wait time connect retry 2nd hold keepalive minimum origination interval minimum route advertisement interval 2nd open delay role in routing protocols TLVs [See type-length vectors] traffic share count Transmission Control Protocol fast external fallover 2nd packet buffer overflows 2nd 3rd 4th path maximum transmission unit 2nd 3rd slow start 2nd transport connection 2nd troubleshooting, BGP eBGP multihop 2nd flapping peers 2nd 3rd inconsistent routing multiple exit discriminator indeterminism 2nd 3rd 4th oldest route vs highest router ID 2nd overview IP connectivity, no 2nd 3rd mismatched session endpoints 2nd neighbors/peering relationships, establishing Next Hop recursion 2nd 3rd [See Next Hop] open parameters mismatch prefixes, missing duplicate cluster IDs duplicate router IDs 2nd local origination problems 2nd misconfigured or misapplied filtering 2nd 3rd next hop reachability 2nd synchronization 2nd route churn [See route churn] tools for update problems in Cisco IOS Software type-length vectors [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] update groups description/definition policy configuration [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] vector distance [See distance vector] path [See path vector] virtual private network BGP/MPLS-based [See BGP/MPLS-based VPN] colors 2nd customer edge router extranet 2nd full mesh topologies 2nd hub and spoke topologies 2nd intranet 2nd overlay model 2nd overview 2nd partial mesh topologies provider edge router provider router service provider considerations 2nd 3rd 4th 5th 6th site viruses [See also security] VPN [See virtual private network] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] whitelist table ... performance from BGP- based networks, Practical BGP will help you get the job done-from start to finish • • Table of Contents Index Practical BGP By Russ White, Danny McPherson, Sangli Srihari Publisher : Addison Wesley. .. Scaling the Enterprise Using BGP BGP Cores Implementing a BGP Core External Connections Review Questions Chapter 4 Core Design with iBGP Full Mesh iBGP Cores Route Reflectors BGP Confederations... During the first six years of its life (19891995), BGP changed its version number four times (from BGP- 1 to BGP- 4) However, since 1995, BGP has not changed its version number even oncein 2004 we still have BGP- 4 This is because the