Presentation is loading. Please wait.

Presentation is loading. Please wait.

--- CCIE R&S Advanced Lab --- --- Session 5 BGP, Multicast ---

Published byMiles Nash Modified over 9 years ago

Similar presentations

Presentation on theme: "--- CCIE R&S Advanced Lab --- --- Session 5 BGP, Multicast ---"— Presentation transcript:

1 --- CCIE R&S Advanced Lab --- --- Session 5 BGP, Multicast ---

2 Copyright© Network Learning Inc. 2008 2 BGP Topics Covered BGP Confederation Order/Preference Aggregation Security Peer Groups Dampening

3 Copyright© Network Learning Inc. 2008 3 BGP Know where BGP is located on the DOC CD How can BGP be manipulated

4 Copyright© Network Learning Inc. 2008 4 BGP Confederations

5 Copyright© Network Learning Inc. 2008 5 Remove private AS Uses private AS for internal Need to remove the private AS information

6 Copyright© Network Learning Inc. 2008 6 BGP Path Selection 1.If the path specifies a next hop that is inaccessible, drop the update. 2.Prefer the path with the largest weight. 3.If the weights are the same, prefer the path with the largest local preference. 4.If the local preferences are the same, prefer the path that was originated by BGP running on this router. 5.If no route was originated, prefer the route that has the shortest AS_path. 6.If all paths have the same AS_path length, prefer the path with the lowest origin type (where IGP is lower than EGP, and EGP is lower than incomplete). 7.If the origin codes are the same, prefer the path with the lowest MED attribute. 8.If the paths have the same MED, prefer the external path over the internal path. 9.If the paths are still the same, prefer the path through the closest IGP neighbor. 10.Prefer the path with the lowest IP address, as specified by the BGP router ID.

7 Copyright© Network Learning Inc. 2008 7 Aggregating BGP Networks Aggregation creates summary routes (called aggregates) from networks already in BGP table Individual networks could be announced or suppressed Summarization is called aggregation in BGP Aggregation creates summary routes (called aggregates) from networks already in BGP table Individual networks could be announced or suppressed

8 Copyright© Network Learning Inc. 2008 8 Configuring Aggregation router bgp as-number aggregate-address address-prefix mask Specify aggregation range in BGP routing process The aggregate will be announced if there is at least one network in the specified range in the BGP table Individual networks will still be announced in outgoing BGP updates

9 Copyright© Network Learning Inc. 2008 9 Configuring BGP Communities BGP communities are configured in the following steps: Configure BGP community propagation Define BGP community-lists to match BGP communities Configure route-maps that match on community-lists and filter routes or set other BGP attributes Apply route-maps to incoming or outgoing updates

10 Copyright© Network Learning Inc. 2008 10 Community Setting Through Route-Map route-map name match condition set community value [ value … ] [additive] Any number of communities can be specified Communities specified in the set keyword overwrites existing communities unless you specify the additive option

11 Copyright© Network Learning Inc. 2008 11 Attaching Communities to a Route neighbor ip-address route-map map in | out router(config-router)# Applies a route-map to inbound or outbound BGP updates The route-map can set BGP communities or other BGP attributes redistribute protocol route-map map router(config-router)# Applies a route-map to redistributed routes

12 Copyright© Network Learning Inc. 2008 12 Configure Community Propagation neighbor ip-address send-community router(config-router)# By default, communities are stripped in outgoing BGP updates Community propagation to BGP neighbors has to be manually configured

13 Copyright© Network Learning Inc. 2008 13 Related Commands Set community none – Removes all community attributes Set comm-list delete – Removes specific communities ip community-list 1 permit 200:100 route map REM_COM permit 10 set comm-list 1 delete Set community additive – Appends to existing communities set community 450 additive ip community-list 1 permit 200:10 – Matches any route that has 200:10 ip community-list 3 permit 200:10 100:10 - Matches any route that has either or both communities

14 Copyright© Network Learning Inc. 2008 14 AS Path Filtering Several scenarios require BGP route filtering based on AS-path Announce only local routes to the ISP - AS-path needs to be empty Select routes based on a specific AS-number in the AS-path Accept routes for specific AS only from some BGP neighbors AS-path filters use regular expressions

15 Copyright© Network Learning Inc. 2008 15 Regular Expressions - Matching Delimiters ^matches beginning of string $matches end of string _matches any delimiter (beginning, end, white space, tab, comma)

16 Copyright© Network Learning Inc. 2008 16 Regular Expressions - Operators * matches zero or more instances ? matches zero or one instances + matches one or more instances. Matches any single character [ ] Matches characters or a range of characters

17 Copyright© Network Learning Inc. 2008 17 Sample Regular Expressions _100_ ^100$ _100$ ^100_.* ^ [0-9]+$ ^$.* Going through AS 100 Directly connected to AS 100 Originated in AS 100 networks behind AS 100 AS paths one AS long networks originated in local AS matches everything

18 Copyright© Network Learning Inc. 2008 18 Configuring BGP AS-path Filters ip as-path access-list number permit | deny regexp R1(config)# Configures AS-path access list neighbor ip-address filter-list as-path-filter in | out R1(config-router)# Configures inbound or outbound AS-path filter for specified BGP neighbor

19 Copyright© Network Learning Inc. 2008 19 Conditional Route Injection Used to inject more specific routes into BGP based on existence of certain routes R1(config)# router bgp 50000 R1(config-router)# bgp inject-map ORIGIN exist-map LEARNED copy-attributes R1(config)# ip prefix-list ROUTE permit 10.1.1.0/24 R1(config)# ip prefix-list ROUTE_SOURCE permit 10.2.1.1/32 R1(config)# ip prefix-list ORIGINATED_ROUTES permit 10.1.1.0/25 R1(config)# route-map LEARNED permit 10 R1(config-route-map)# match ip address prefix-list ROUTE R1(config-route-map)# match ip route-source prefix-list ROUTE_SOURCE R1(config)# route-map ORIGIN permit 10 R1(config-route-map)# set ip address prefix-list ORIGINATED_ROUTES

20 Copyright© Network Learning Inc. 2008 20 BGP Authentication Authentication is MD5 Configured on a per neighbor basis R1(config)# router bgp 10 R1(config-router)# neighbor 10.1.1.2 remote-as 10 R1(config-router)# neighbor 10.1.1.2 password CISCO R2(config)# router bgp 10 R2(config-router)# neighbor 10.1.1.1 remote-as 10 R2(config-router)# neighbor 10.1.1.1 password CISCO

21 Copyright© Network Learning Inc. 2008 21 Route Flap Dampening Every time an eBGP route flaps it gets 1000 penalty points (only for eBGP) The penalty placed on a route is decayed using the exponential decay algorithm When the penalty exceeds “suppress limit”, the route is dampened (no longer used or propagated to other neighbors) A dampened route is propagated when the penalty points drops below “reuse limit”

22 Copyright© Network Learning Inc. 2008 22 Configuring BGP Route Flap Dampening bgp dampening [half-time reuse-limit suppress-limit max-suppress] [route-map route-map] R1(config-router)# Parameter meaning: Half-timeExponential decay half-time (time in which the penalty is halved) Suppress-limitPenalty value where the route is starting to be dampened Reuse-limitPenalty value where the dampened route is reused Max-suppressMaximum suppression time Route-map controls where BGP route dampening is enabled

23 Copyright© Network Learning Inc. 2008 23 Default BGP Dampening Parameter Values The following default dampening parameter values are used if you don’t specify them: half-time15 minutes per-flap penalty1,000 (non-configurable) suppress limit2,000 reuse limit750 max-suppress-time60 minutes

24 Copyright© Network Learning Inc. 2008 24 Limiting the Number of Routes Received from a Neighbor Problem definition: A misconfigured BGP neighbor can send a huge number of prefixes that exhaust router’s memory or overload the CPU All other filtering mechanisms only specify what we’re willing to accept but not how much Need to control the number of prefixes received from a neighbor

25 Copyright© Network Learning Inc. 2008 25 Maximum-Prefix Command neighbor ip-address maximum-prefix maximum [threshold] [warning-only] R1(config-router)# Controls how many prefixes can be received from a neighbor Optional threshold parameter specifies the percentage where a warning message is logged (default is 75%) Optional warning-only keyword specifies the action on exceeding the maximum number (default is to drop neighborship )

26 --- CCIE R&S Advanced Lab --- --- Session 5 continued, Multicast ---

27 Copyright© Network Learning Inc. 2008 27 Multicast Address RPF Dense / Sparse mode Source / shared tree Static RP Auto-RP BSR B-M-B MSDP / Anycast

28 Copyright© Network Learning Inc. 2008 28 Multicast Address Range

29 Copyright© Network Learning Inc. 2008 29 Reverse Path Forwarding

30 Copyright© Network Learning Inc. 2008 30 RPF Calculation

31 Copyright© Network Learning Inc. 2008 31 RPF with two paths

32 Copyright© Network Learning Inc. 2008 32 Multicast Distribution Trees Dense Mode uses Source Push Technology

33 Copyright© Network Learning Inc. 2008 33 Shared Distribution Tree Sparse mode uses Shared Pull Technology

34 Copyright© Network Learning Inc. 2008 34 Characteristics of Distribution Trees

35 Copyright© Network Learning Inc. 2008 35 Multicast Tree Creation

36 Copyright© Network Learning Inc. 2008 36 PIM Sparse Mode

37 Copyright© Network Learning Inc. 2008 37 How does the network know about the RP?

38 Copyright© Network Learning Inc. 2008 38 Static RPs

39 Copyright© Network Learning Inc. 2008 39 Auto RP Uses Intended for PIMv1 C_RP Candidates Mapping Agent (Collects announcements and sends RP discovery messages on 224.0.1.40) The RPs announce on 224.0.1.39 Recommended to locate C_RP and Mapping Agent on same router Uses dense mode to find the RP

40 Copyright© Network Learning Inc. 2008 40 Auto-RP configured

41 Copyright© Network Learning Inc. 2008 41 BSR Overview PIM join messages that might inadvertently cross the border ip pim bsr-border

42 Copyright© Network Learning Inc. 2008 42 Configuring BSR Hash Mask Priority

43 Copyright© Network Learning Inc. 2008 43 Anycast – RP Overview

44 Copyright© Network Learning Inc. 2008 44 MSDP

45 Copyright© Network Learning Inc. 2008 45 Anycast RP

46 Copyright© Network Learning Inc. 2008 46 Anycast RP - cont.

47 Copyright© Network Learning Inc. 2008 47 Broadcast-Multicast-Broadcast interface ethernet 0 ip pim sparse-mode ip multicast helper-map broadcast 239.1.1.1 105 access-list 105 permit udp host 126.1.22.1 host 126.1.22.255 eq 4000 ip forward-protocol udp 4000 126.1.22.255 126.1.22.1 interface serial 0 ip pim sparse-mode ip multicast helper-map 239.1.1.1 131.1.1.255 105 interface ethernet 1 ip directed-broadcast access-list 105 permit udp host 126.1.22.1 any eq 4000 ip forward-protocol udp 4000

48 --- CCIE R&S Advanced Lab --- --- Session 6 QOS, Security ---

49 Copyright© Network Learning Inc. 2008 49 QOS Modular QoS CLI (MQC) LLQ CAR – Committed Access Rate WRED, CBWRED Marking Shaping, FRTS Fragmenting NBAR – Network Based Application Recognition

50 Copyright© Network Learning Inc. 2008 50 MQC Class-maps class-map [match-all | match-any] Lab (match all is the default) match xxx match yyy match ? Classify input interface f0/0 destination Mac address source Mac address fr-de, fr-dlci cos, dscp, IP-prec any access-group protocol NBAR (download PDLMs) –CEF requires –Can run ip protocol NBAR protocol discovery packet length min or max

51 Copyright© Network Learning Inc. 2008 51 Policy-Map and DSCP policy-map Test class Lab set cos, ip-dscp, ip-prec, … bandwidth xxx … DSCP has 64 different colors to mark traffic mls qos map dscp-mutation Map 31 to 41

52 Copyright© Network Learning Inc. 2008 52 CBWFQ int f0/0 max reserve bandwidth 80 (75% is default) policy-map can use Kbps or Percent but not both policy-map Voice class CONTROL bandwidth 10 class Media priority 1000 can have 255 classes total When applying a strict priority queue To a class, it is referred to as a LLQ

53 Copyright© Network Learning Inc. 2008 53 CAR - Committed Access Rate Used on edge routers to classify and / or rate limit traffic Can be applied to all traffic or a subset of the traffic selected by an access list Configured on an interface rate-limit {input|output} bps normal-burst max-burst conform-action action exceed-action action rate-limit {input|output} access-group index bps normal-burst max-burst conform-action action exceed-action action normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds extended burst = 2 * normal burst

54 Copyright© Network Learning Inc. 2008 54 CBWFQ Architecture policy

55 Copyright© Network Learning Inc. 2008 55 Applying RED

56 Copyright© Network Learning Inc. 2008 56 Configuring WRED on an interface mark probability denominator When the average queue size is above the minimum threshold, RED starts dropping packets. The rate of packet drop increases linearly as the average queue size increases, until the average queue size reaches the maximum threshold. The mark probability denominator is the fraction of packets dropped when the average queue size is at the maximum threshold. For example, one out of every 100 packets is dropped when the average queue size is at the maximum threshold. minimum threshold (number of packets) maximum threshold (number of packets)

57 Copyright© Network Learning Inc. 2008 57 Traffic Shaping

58 Copyright© Network Learning Inc. 2008 58 Shape Peak Peak rate = CIR(1+Be/Bc) Router(config-pmap-c)# shape {average | peak} cir [bc] [be] Shape adaptive – BECN field set to 1 25% slow down is BECN received if 16 TCs received with no BECNs increase 1/16 every TC Can also use FECN-adapt to send information ahead to other end with BECN field. Test

59 Copyright© Network Learning Inc. 2008 59 Frame Relay Traffic Shaping Time Committed (TC) = 125ms

60 Copyright© Network Learning Inc. 2008 60 Network Based Application Recognition (NBAR)

61 Copyright© Network Learning Inc. 2008 61 NBAR Application Support

62 Copyright© Network Learning Inc. 2008 62 Packet Description Language Module

63 Copyright© Network Learning Inc. 2008 63 NBAR Protocol Discovery

64 --- CCIE R&S Advanced Lab --- --- Session 6 continued security ---

65 Copyright© Network Learning Inc. 2008 65 Security Unicast Reverse Path Forwarding (uRPF) Context Based Access Control (CBAC)

66 Copyright© Network Learning Inc. 2008 66 Unicast Reverse Path Forwarding (uRPF) Unicast Reverse Path Forwarding (uRPF) is a feature originally created to implement Network Ingress Filtering. Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing

67 Copyright© Network Learning Inc. 2008 67 Configuring uRPF By enabling Unicast Reverse Path Forwarding (uRPF), all spoofed packets will be dropped at the first device. To enable uRPF, use the following commands. R1(config)# ip cef R1(config)# interface f0/0 R1(config-if)# ip verify unicast reverse-path

68 Copyright© Network Learning Inc. 2008 68 CBAC - Context-Based Access Control The CBAC inspects TCP and UDP packets at the application layer. CBAC monitors all the outgoing requests by creating temporary openings for outbound traffic at the firewall interface. The return traffic is allowed in only if it is the part of the original outgoing traffic. CBAC inspects all the outgoing packets and maintains state information for every session. CBAC then decides whether to deny or permit the incoming traffic, based on its state information

69 Copyright© Network Learning Inc. 2008 69 How CBAC Works ip inspect name FWRULE tcp 1 Control traffic is inspected by the CBAC rule. 2 CBAC creates a dynamic ACL allowing return traffic back through the firewall. Port 2447 Port 23 4 CBAC detects when an application terminates or times out and removes all dynamic ACLs for that session. 3 CBAC continues to inspect control traffic and dynamically creates and removes ACLs as required by the application. access-list 102 permit TCP host 172.30.1.50 eq 23 host 10.0.0.3 eq 2447

70 Copyright© Network Learning Inc. 2008 70 CBAC Configuration

71 Copyright© Network Learning Inc. 2008 71 Enable Audit Trails and Alerts

72 Copyright© Network Learning Inc. 2008 72 Enable TCP SYN and FIN times (30s) (5s)

73 Copyright© Network Learning Inc. 2008 73 TCP UDP and DNS Idle Times (3s) (1h) (30s)

74 Copyright© Network Learning Inc. 2008 74 Port to Application Mapping

75 Copyright© Network Learning Inc. 2008 75 Port Mapping Configuration

76 Copyright© Network Learning Inc. 2008 76 Configuring Inspection Rules

77 Copyright© Network Learning Inc. 2008 77 Apply Inspection Rule to an Interface

78 Copyright© Network Learning Inc. 2008 78

Download ppt "--- CCIE R&S Advanced Lab --- --- Session 5 BGP, Multicast ---"

Similar presentations

BGP Overview Processing BGP Routes.

BGP Overview Processing BGP Routes.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: EIGRP Advanced Configurations and Troubleshooting Scaling.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)

Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.
BGP Attributes and Path Selections

BGP Attributes and Path Selections
Introduction to BGP 1. Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks – Exterior gateway protocol.

Introduction to BGP 1. Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks – Exterior gateway protocol.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.5: Configuring CBWFQ and LLQ.

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.5: Configuring CBWFQ and LLQ.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Similar presentations

Ads by Google