Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bgp-WoRkShOP Arturo Servin | Carlos Martínez. Acknowledges Special thanks to Phillip Smith (APNIC) and Alvaro Retana (Cisco Systems) whose material has.

Published byAmice Sullivan Modified over 8 years ago

Similar presentations

Presentation on theme: "Bgp-WoRkShOP Arturo Servin | Carlos Martínez. Acknowledges Special thanks to Phillip Smith (APNIC) and Alvaro Retana (Cisco Systems) whose material has."— Presentation transcript:

1 bgp-WoRkShOP Arturo Servin | Carlos Martínez

2 Acknowledges Special thanks to Phillip Smith (APNIC) and Alvaro Retana (Cisco Systems) whose material has provided an invaluable input for the creation of this presentation.

3 HOW THE INTERNET WORKS

4 IP address, where they come from? Sometimes the distribution is done through National Internet Registries (NIRs) Regional Internet Registris (RIRs) distribute IPv4, IPv6 and Autonomous System Numbers Standards Central Registry Distribution Allocations and Assignments End user * * Distribution

5 Regional Internet Registries

6 Autonomous System Numbers Collection of networks with same routing policy Single routing protocol Possibly multiple IGPs Usually under single ownership, trust and administrative control Identified by a unique 32-bit integer (ASN)

7 ASNs ASN 64511 ASN 65536 ASN 65537

8 More about ASNs Historically 2 bytes – 1 to 65535 But they were to run out and now are 4 bytes (RFC 4893) – 65536-4294967295

9 Special ASNs – 0 and 65535 reserved – 64496-64511, 65536-65551 documentation (RFC5398) – 64512-65534 Private use – 23456 Representation of 4 bytes ASNs in 2 bytes world

10 IGP vs EGP IGP – Interior Gateway Protocol – Exchange routes within an Autonomous Systems – Carries information about internal prefixes. – OSPF, ISIS, EIGRP, etc EGP – Exterior Gateway Protocol – Exchange routes between Autonomous Systems – BGP is standard EGP today – Connecting with outside networks

11 IGP vs EGP (more) IGP – Interior Gateway Protocol – Sub-second convergence – Generally Automatic discovery – Generally trust your IGP routers – Routes go to all IGP routers EGP – Exterior Gateway Protocol – Decoupled from the IGP – Specifically configured

12 Internet Routing BGP selects routes according to a decision algorithm and the values of some route “attributes” AS_PATH is the list of autonomous systems where an UPDATE has gone through

13 Internet Routing ASN 6057 announces 200.40.0.0/16 ASN 6057 announces 200.40.0.0/16 The prefix 200.40.0.0/16 is propagated with BGP to the Internet ASN 8158 receives 200.40.0.0/16 ASN 8158 receives 200.40.0.0/16 Atributos: 200.40.0.0/16 AS_PATH ASN1 ASN3 ASN6057 Atributos: 200.40.0.0/16 AS_PATH ASN1 ASN3 ASN6057

14 Transit and Peering Transit – Traffic and prefixes originating from one AS are carried across an intermediate AS to reach their destination AS – Usually for a fee Peering – Private interconnect between two ASNs – Usually for no fee

15 Transit and Peering ASN 64511 ASN 65536 ASN 65537 Peering ASN 65538 Transit

16 Peering in an Internet Exchange Point (IXP) Internet Exchange Point – Common interconnect location where several ASNs exchange routing information and traffic ASN 65536 ASN 65537 ASN 65538 ASN 65539

17 INTRO TO BGP

18 Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks Exterior gateway protocol Described in RFC4271 – RFC4276 gives an implementation report on BGP – RFC4277 describes operational experiences using BGP Works on TCP port 179 Path Vector Protocol

19 More about BGP Learns multiple paths via internal and external BGP speakers – Initial exchange of entire table Incremental Updates – Picks THE bestpath and installs it in the IP forwarding table – Policies applied by influencing the bestpath selection Keepalive messages exchanged Many options for policy enforcement Classless Inter Domain Routing (CIDR) Widely used for Internet backbone

20 Neighbors BGP speakers – Internal (iBPG) if they are in the same ASN – External (eBGP) if they are in different ASN ASN 65536 ASN 65538 eBGP iBGP

21 Where to use BGP: Stub Network ASN 65536, Transit Provider ASN 65538, Customer Only one exit for customer Not really need to add BGP

22 Multihomed Network ASN 65536 ASN 65537 ASN 65538 ASN 65539 Transit Providers Peering in IXP Different situations possible Multiple links to same ISP Secondary for only backup Load share between primary and secondary Selectively use different ISPs Peering at IXP

23 BGP State-Machine BGP States 1 - Idle 2 - Connect 3 - Active 4 - OpenSent 5 - OpenConfirm 6 - Established BGP Events 1 - BGP Start 2 - BGP Stop 3 - BGP Transport connection open 4 - BGP Transport connection closed 5 - BGP Transport connection open failed 6 - BGP Transport fatal error 7 - ConnectRetry timer expired 8 - Hold Timer expired 9 - KeepAlive timer expired 10 - Receive OPEN message 11 - Receive KEEPALIVE message 12 - Receive UPDATE messages 13 - Receive NOTIFICATION message

24 Basic config IPv4 router bgp xxxx neighbor a.b.c.d. remote- as neighbor X:X:X:X::X … network A.B.C.D. mask no synchronization exit address-family IPv6 no bgp4 default unicast bgp router-id a.b.d.f router bgp xxxx neighbor X:X:X:X::X remote- as … neighbor X:X:X:X::X … address-family ipv6 neighbor X:X:X:X::X activate neighbor X:X:X:X::X … network 2001:DB8::/32 no synchronization exit address-family

25 Basic Config (IPv4 eBGP) Router A router bgp 65536 network 150.10.0.0 mask 255.255.0.0 neighbor 131.108.10.2 remote-as 65537 Router B router bgp 65537 network 131.108.0.0 mask 255.255.0.0 neighbor 131.108.10.1 remote-as 655536 ASN 65536 ASN 65537 131.108.0.0/16 150.10.0.0/16 131.108.10.1 131.108.10.2 Be careful, this need filters!! Do not try it in production yet!!

26 Basic Config (IPv4 iBGP) Router A router bgp 65536 neighbor 131.108.10.1 remote-as 65536 Router B router bgp 65536 network 131.108.0.0 mask 255.255.0.0 neighbor 131.108.10.2 remote-as 655536 ip route 131.108.0.0 255.255.0.0 null 0 ASN 65536 131.108.0.0/16 131.108.10.1 131.108.10.2

27 More about iBGP BGP peer within the same AS Not required to be directly connected IGP takes care of inter-BGP speaker connectivity iBGP speakers must be fully meshed: – They originate connected networks – They pass on prefixes learned from outside the ASN – They do not pass on prefixes learned from other iBGP speakers

28 Verifying Operation Summary of BGP – Show ip bgp summary – Show bgp ipv6 [unicast|multicast] summary Routing table – Show ip bgp (empty shows all the routes) – Show bgp ipv6 [unicast|multicast]

29 Show command example sh ip bgp BGP table version is 11, local router ID is 192.168.255.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> N10.2.4.0/24 192.168.255.2 100 0 2 4 i *> V10.4.0.0/16 192.168.255.2 200 0 2 4 i *> V192.168.1.0 0.0.0.0 0 32768 i *> V192.168.2.0 192.168.255.2 0 200 0 2 i I192.168.2.128/25 192.168.255.6 0 50 0 3 ?

30 More show commands Verifying neighbors – Show ip bgp neighbor – Show bgp ipv6 [unicast|multicast] neighbor – Show ip bgp ] neighbor advertised- routes – Show bgp ipv6 [unicast|multicast] neighbor advertised-routes – Show ip bgp neighbor routes – Show bgp ipv6 [unicast|multicast] neighbor routes – Show ip bgp neighbor received-routes – Show bgp ipv6 [unicast|multicast] neighbor received-routes

31 ATTRIBUTES

32 What’s an attribute Part of a BGP Update Describes the characteristics of prefix It can either be transitive or non-transitive Some are mandatory, some optional Well known mandatory attributes, Well known discretionary attributes, Optional transitive attributes, Optional non-transitive attributes

33 Routes attributes sh ip bgp BGP table version is 11, local router ID is 192.168.255.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> N10.2.4.0/24 192.168.255.2 100 0 2 4 i *> V10.4.0.0/16 192.168.255.2 200 0 2 4 i *> V192.168.1.0 0.0.0.0 0 32768 i *> V192.168.2.0 192.168.255.2 0 200 0 2 i I 192.168.2.128/25 192.168.255.6 0 50 0 3 ?

34 List of attributes (but not worry, we just need AS_PATH for now) ValueCodeReference 0 Reserved 1 ORIGIN [RFC4271] 2 AS_PATH [RFC4271] 3 NEXT_HOP [RFC4271] 4 MULTI_EXIT_DISC RFC4271] 5 LOCAL_PREF [RFC4271] 6 ATOMIC_AGGREGATE [RFC4271] 7 AGGREGATOR [RFC4271] 8 COMMUNITY [RFC1997] ValueCodeReference 9 ORIGINATOR_ID[RFC4456] 10 CLUSTER_LIST [RFC4456] 14 MP_REACH_NLRI [RFC4760] 15 MP_UNREACH_NLRI [RFC4760] 16 EXTENDED COMMUNITIES [RFC4360] 17 AS4_PATH [RFC6793] 18 AS4_AGGREGATOR [RFC6793]!

35 Decision Process in BGP #Step 1Verify if NEXT HOP is reachable 3Select route with the highest LOCAL PREFERENCE 4Select route with locally originated 5Select shortest AS_PATH 6Select lowest origin code (IGP < EGP < Incomplete) 7Select path with the lowest MED 8Select eBGP paths over iBGP 9Select path with the lowest IGP metric to the NEXT HOP 10Select the oldest path 11Select path with the lowest Router_ID

36 AS-Path Sequence of ASes a route has traversed Mandatory transitive attribute Used for: – Loop detection – Applying policy

37 ASN 65536 ASN 65537 ASN 65538 ASN 64496 ASN 64511 2001:db8::/32 2001:db8::/32 65538 65536 65537 2001:db8::/32 64511 65537 AS-Path Example Best Path

38 Next-hop eBGP: address of external neighbour iBGP: NEXT_HOP from eBGP (but it could be changed) Mandatory non-transitive attribute ASN 65537 2001:db8::1 ASN 65536 NH=2001:db8::1 2001:db8:1:10 NH=2001:db8::1

39 Next-hop (cont.) To avoid carring external next-hop IP addresses use command: next-hop self – neighbor x.x.x.x next-hop-self Use loopbacks as NH in iBGP

40 Origin The origin of the prefix Historical attribute used in transition from EGP to BGP Transitive and Mandatory Attribute Three values: IGP, EGP, incomplete – IGP – generated by BGP network statement – EGP – generated by EGP – incomplete – redistributed from another routing protocol

41 Aggregator Conveys the IP address of the router or BGP speaker generating the aggregate route Optional & transitive attribute Created by using “aggregate-address”: router bgp 65537 aggregate-address 10.1.0.0 255.0.0.0

42 Local Preference Indication of preferred path to exit the local AS Non-transitive and optional attribute Global to the local AS Paths with highest LOCAL-PREF are most desirable (default = 100)

43 Local Preference Example ASN 65536 ASN 65537 Set local pref to 110 Set local pref to 150 ASN 65535 Traffic to 2001:db8::/32 exits to ASN 65337 ASN 64496 2001:db8::/32

44 Example router bgp 65535 bgp router-id 3.3.3.3 neighbor 2001:db8::1 remote-as 65535 neighbor 2001:db8::1 update-source Loopback0 address-family ipv6 neighbor 2001:db8::1 activate neighbor 2001:db8::1 next-hop-self neighbor 2001:db8::1 route-map LOCAL_PREF out exit-address-family ipv6 prefix-list 10 seq 5 permit 2001:db8::/32 ! route-map LOCAL_PREF permit 10 match ipv6 address prefix-list 10 set local-preference 150 ! route-map LOCAL_PREF permit 20

45 Multi-Exit Discriminator (MED) Indication (to external peers) of the preferred path into an AS – Used in multiple entry AS – Non-transitive & optional attribute Determines best path for inbound traffic Comparable if paths are from same AS Path with lowest MED wins, default = 0 (RFC4271)

46 Communities Communities are described in RFC1997 Transitive and Optional Attribute 32 bit integer, Represented as two 16 bit integers (RFC1998) Common format is :xx 0:0 to 0:65535 and 65535:0 to 65535:65535 are reserved

47 Communities (Cont.) Used to group destinations, each destination could be member of multiple communities Very useful in applying policies within and between Ases It is like a tag applied to an update. Typical communities: – Destinations learned from customers – Destinations learned from ISPs or peers – Destinations in VPN

48 Well-Know communities Several well known communities – www.iana.org/assignments/bgp-well-known- communities www.iana.org/assignments/bgp-well-known- communities no-export = do not advertise to eBGP peers (65535:65281) no-advertise = do not advertise to any peer (65535:65282) local-AS = do not advertise outside local AS (used with confederations)

49 Example Set community Set community 65536:200 router bgp 65536 neighbor 10.1.1.1 remote-as 65537 neighbor 10.1.1.1 send-community neighbor 10.1.1.1 route-map set_community out ! route-map set_community 10 permit match ip address 1 set community 65536:200 ! access-list 1 permit 10.10.0.0 0.0.255.255

50 Example Set local pref Set local pref based on community router bgp 65537 neighbor 10.1.1.2 remote-as 65536 neighbor 10.1.1.2 route-map filter_on_community in ! route-map filter_on_community 10 permit match community 1 set local-preference 150 ! ip community-list 1 permit 65537:150

51 FILTERING, POLICIES AND SCALING BGP

52 Applying Policies with BGP As we have seen in some examples Policy-based on AS path, community or prefix Rejecting/accepting selected routes Set attributes to influence path selection Use – Prefix-list (filters prefixes) – Filter-list (filters Ases) – Route-maps and communities

53 Prefix-list Per-peer prefix filter, inbound or outbound Allows coverage for ranges of prefix lengths (ge, le) Based upon network numbers in NLRI (using familiar IPv4 address/mask format) ip prefix-list list-name [seq seq-value] permit|deny network/len [ge ge-value] [le le-value]

54 Examples Deny default route ip prefix-list EG deny 0.0.0.0/0 Permit the prefix 35.0.0.0/8 ip prefix-list EG permit 35.0.0.0/8 Deny the prefix 172.16.0.0/12 ip prefix-list EG deny 172.16.0.0/12 In 192/8 allow up to /24 ip prefix-list EG permit 192.0.0.0/8 le 24

55 Example router bgp 65535 neighbor 2001:cafe::1 remote-as 65536 ! address-family ipv6 neighbor 2001:cafe::1 activate neighbor 2001:cafe::1 prefix-list IPv6-BOGUS in exit-address-family ! ipv6 prefix-list IPv6-BOGUS deny 2001:db8::/32 le 128 ipv6 prefix-list IPv6-BOGUS permit 2002::/16 ipv6 prefix-list IPv6-BOGUS deny 2002::/16 le 128 ipv6 prefix-list IPv6-BOGUS deny 0000::/8 le 128 ipv6 prefix-list IPv6-BOGUS deny fe00::/9 le 128 ipv6 prefix-list IPv6-BOGUS deny ff00::/8 le 128 ipv6 prefix-list IPv6-BOGUS permit 0::/0 le 48 ipv6 prefix-list IPv6-BOGUs deny 0::/0 le 128

56 Regular expressions. Match one character * Match any number of preceding expression + Match at least one of preceding expression ^ Beginning of line $ End of line \ Escape a regular expression character _ Beginning, end, white-space, brace | Or () brackets to contain expression [] brackets to contain number ranges

57 Examples of Regular Expressions.* Match anything ^$ Match routes local to this AS (as-path is empty) _65536$ Originated by 65536 (as-path ends with 65536) ^65536_ Received from 65536 (as-path starts with 65536) _65536_ 65536 is somewhere in the as-path _65536_65537_ Passing through 65536 then 65537

58 More examples ^[0-9]+$ Match AS_PATH length of one ^[0-9]+_[0-9]+$ Match AS_PATH length of two ^[0-9]*_[0-9]+$ Match AS_PATH length of one or two ^[0-9]*_[0-9]*$ Match AS_PATH length of one or two (will also match zero) ^[0-9]+_[0-9]+_[0-9]+$ Match AS_PATH length of three _(65536|65537)_ Match anything which has gone through AS65536 or AS65537 _65536 (_.+_) 65537$ Match anything of origin AS65536 and passed through AS65537

59 Filter-lists Filter routes based on AS path, Inbound or Outbound router bgp 65537 network 10.7.0.0 mask 255.255.0.0 neighbor 10.10.1.1 filter-list 5 out neighbor 10.10.1.1 filter-list 6 in ! ip as-path access-list 5 permit ^65536$ ip as-path access-list 6 permit ^65539$

60 Route-maps A sequence of statements Has “line” numbers, each line is a separate condition/action if match then do expression and exit else if match then do expression and exit else etc Route-map “continue” let us apply multiple conditions and actions in one route-map

61 Example Route-maps route-map sample permit 10 match ip address prefix-list list-one set local-preference 120 ! route-map sample permit 20 match ip address prefix-list list-two set local-preference 80 ! route-map sample permit 30

62 Controlling Inbound Traffic  The first rule of controlling inbound traffic… – You do not have ultimate control of how traffic enters your AS – Your peers may have outbound policies that will override all of your attempts to influence inbound traffic So, what can you do? – Leaking specific routes – MED – AS-PATH Prepending

63 AS Path Prepends ASN 65536 ASN 65537 ASN 65535 ASN 64496 2001:db8::/32 2001:db8::/32 65535 65535 65535 65536 2001:db8::/32 65535 65537 Prepend 65535 65535 65535 No Prepend

64 AS Path Prepends Use your own AS number when prepending otherwise BGP loop detection may cause disconnects router bgp 65535 neighbor 2001:cafe::1 remote-as 65536 address-family ipv6 neighbor 2001:cafe::1 activate neighbor 2001:cafe::1 route-map SETPATH out ! route-map SETPATH permit 10 set as-path prepend 65535 65535

65 No-export Community ASN 65536 2001:db8::/32 ASN2 ASN1 2001:db8::/32 2001:db8:100::/40 No-export 2001:db8:200::/40 No-export 2001:db8::/32 2001:db8:100::/40 2001:db8::/32 2001:db8:200::/40 ASN 65537

66 No Export Community router bgp 65536 neighbor 2001:cafe::1 remote-as 65537 address-family ipv6 neighbor 2001:cafe::1 activate neighbor 2001:cafe::1 route-map set_community out exit-address-family ! route-map set_community permit 10 match ip address prefix-list NO-EXPORT set community no-export ! route-map set_community permit 20 ! ipv6 prefix-list NO-EXPORT permit 2001:db8:100:/40

67 Order of policy application For inbound updates: – Route-map – Filter-list – Prefix-list For outbound updates: – Prefix-list – Filter-list – Route-map

68 Route-reflectors BGP cannot advertise a path from one iBGP to another. iBGP has no way to detect loops (as opposite to eBGP that uses AS-PATH) iBGP requieres a full-mesh, but that does not scale Route-reflectors are central points to distribute routes among iBGP peers

69 BEST PRACTICES

70 Loopbacks Loopback peering promotes stability If the link between two neighbors fails – Without loopback, peering to the interface IP would bring down the BGP session – With loopback, Peering to a loopback allows the session to stay up Used to load-balance traffic over multiple links In iBGP make sure there is an IGP route to loopbacks

71 Loopbacks router bgp 65536 bgp log-neighbor-changes no bgp default ipv4-unicast bgp router-id 192.168.99.70 ! neighbor 2001:db8:3::1 remote-as 65537 neighbor 2001:db8:3::1 update-source Loopback0 ! address-family ipv6 neighbor 2001:db8:3::1 activate no synchronization network 2001:db8:100::/40 network 2001:db8:200::/40 exit-address-family Ipv6 route 2001:db8:3::1 serial0 ASN 65536 ASN 65537 2001:db8:100::/40 2001:db8:1::11 2001:db8:1::10 2001:db8:2::1 loopback0 2001:db8:3::1 loopback0 Serial0

72 Routing Table Growth Fuente: http://bgp.potaroo.net/

73 Disaggregation ASN 3 ASN 1 ASN 2 ASN 4 2001:db8::/32 2001:db8::/40 2001:db8:100::/40 2001:db8::/40 2001:db8:100::/40 2001:db8::/32 ASN2 ASN1 2001:db8::/40 ASN2 ASN1 2001:db8:100:/40 ASN2 ASN1

74 Aggregation Just announce the aggregate to your peers Use prefix-list to control what it gets out from your network and what it gets to it. Use no-export communities Try to avoid to disaggregate as much as possible

75 Example router bgp 65536 network 10.10.0.0 mask 255.255.0.0 network 10.108.0.0 mask 255.255.0.0 network 10.0.0.0 mask 255.0.0.0 neighbor 10.108.10.1 remote-as 65537 neighbor 10.108.10.1 route-map set_community out neighbor 10.108.11.1 remote-as 65537 neighbor 10.108.11.1 prefix-list ANNOUCE-OUT out ! route-map set_community permit 10 match ip address prefix-list NO-EXPORT set community no-export ! route-map set_community permit 20 ! ip prefix-list NO-EXPORT permit 10.10.0.0/16 ip prefix-list NO-EXPORT permit 10.108.0.0/16 ! ip prefix-list ANNOUNCE-OUT permit 10.0.0.0/8 ! ip route 10.0.0.0 255.0.0.0 null 0 Apply no-export to this neighbor To this one just announce the aggragate

76 Receiving and sending prefixes Always apply outbound filters to announce only your prefixes and your customers Always apply inbound filters, you never know what it may come in from your peers Not doing this produces problems such as “Route-hijacking” and “Route-leaks”

77 Filtering special IPv4/IPv6 addresses You can add these addresses to your input filters to avoid receive invalid announces Examples of these prefixes are 10.0.0.0/8, 192.168.0.0/16, 2001:db8::/32 Check RFC 6890 for details Cisco, Juniper and other ACLs templates in: – http://www.team- cymru.org/Services/Bogons/http.html

78 IPv6 special addresses ipv6 prefix-list IPv6-BOGUS deny 2001:db8::/32 le 128 ipv6 prefix-list IPv6-BOGUS permit 2002::/16 ipv6 prefix-list IPv6-BOGUS deny 2002::/16 le 128 ipv6 prefix-list IPv6-BOGUS deny 0000::/8 le 128 ipv6 prefix-list IPv6-BOGUS deny fe00::/9 le 128 ipv6 prefix-list IPv6-BOGUS deny ff00::/8 le 128 ipv6 prefix-list IPv6-BOGUS permit 0::/0 le 48 ipv6 prefix-list IPv6-BOGUs deny 0::/0 le 128

79 Stable Prefixes Use static routes to keep your routes stable and independent of interface changes Use loopbacks to peer with your neighbors – With iBGP use them as next-hop, it avoids to carry external routes in your IGP – With eBGP it increases stability

80 INTERNET EXCHANGE POINTS

81 Recall: Transit and Peering ASN 64511 ASN 65536 ASN 65537 Peering ASN 65538 Transit

82 Transit and Peering Transit – Traffic and prefixes originating from one AS are carried across an intermediate AS to reach their destination AS – Usually for a fee Peering – Private interconnect between two ASNs – Usually for no fee

83 Peering in an Internet Exchange Point (IXP) Internet Exchange Point – Common interconnect location where several ASNs exchange routing information and traffic ASN 65536 ASN 65537 ASN 65538 ASN 65539

84 Recommendations and Best Practices Only announce your aggregates and your customer aggregates at IXPs Only accept the aggregates which your peer is entitled to originate Never carry a default route on an IXP (or private) peering router Failing to do so leads to route-hijacks and leaks

85 Route Hijacking This occurs when a participant in the Internet Routing announces a prefix for which it has no authority Malicious or by operational errors More know cases: – Pakistan Telecom vs. You Tube (2008) – China Telecom (2010) – Google in Eastern Europe (various AS, 2010) – Latin American cases (beginning 2011)

86 Route-Hijacking AS 15358 announces 200.40.235.0/24 ASN 8158 receives 200.40.0.0/16 y 200.40.235.0/24 ASN 8158 receives 200.40.0.0/16 y 200.40.235.0/24 200.40.0.0/16 AS_PATH ASN1 ASN3 ASN6057 200.40.235.0/24 AS_PATH ASN1 ASN15358 200.40.0.0/16 AS_PATH ASN1 ASN3 ASN6057 200.40.235.0/24 AS_PATH ASN1 ASN15358 AS 6057 announces 200.40/16 ASN 8158 receives 200.40.0.0/16 ASN 8158 receives 200.40.0.0/16

87 Leaks There is not a standard definition of leaks But it happens when an ASN “leaks” non- customer or self-originated routes to other peers. The effects is to give transit to those networks for the peers of the ASN

88 Simple Topology Layer 2 fabric N^N BGP relations ASN 65536 ASN 65537 ASN 65538 ASN 65539

89 Route-server It allows to scale the BGP mesh All prefixes sent to a Route Server are usually distributed to all ASNs that peer with the Route Server BGP configuration to peer with a Route Server is the same as for any other ordinary peer Do not forget inbound and outbound filters too

90 Topology with route-server ASN 65536 ASN 65537 ASN 65538 ASN 65539 Route-server

91 Thanks! Questions? aservin@lacnic.net

Download ppt "Bgp-WoRkShOP Arturo Servin | Carlos Martínez. Acknowledges Special thanks to Phillip Smith (APNIC) and Alvaro Retana (Cisco Systems) whose material has."

Similar presentations

BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2010.

BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2010.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
BGP.

BGP.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
BGP. 2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net BGP Overview Is an inter-domain routing protocol that communicates prefix reachablility.

BGP. 2 Copyright © 2009 Juniper Networks, Inc. BGP Overview Is an inter-domain routing protocol that communicates prefix reachablility.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)

Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
The Border Gateway Protocol (BGP) Sharad Jaiswal.

The Border Gateway Protocol (BGP) Sharad Jaiswal.
Computer Networking Lecture 10: Inter-Domain Routing

Computer Networking Lecture 10: Inter-Domain Routing
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.
Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)

Ion Stoica October 2, 2002 (* this presentation is based on Lakshmi Subramanian’s slides) EE 122: Inter-domain routing – Border Gateway Protocol (BGP)
CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim 02.18.2009.

CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
ROUTING PROTOCOLS PART IV ET4187/ET5187 Advanced Telecommunication Network.

ROUTING PROTOCOLS PART IV ET4187/ET5187 Advanced Telecommunication Network.

Similar presentations

Ads by Google