Border Gateway Protocol BGP

1
Border Gateway Protocol(BGP)
2
Contents

• Internet connectivity and BGP
• connectivity services, AS relationships
• BGP Basics
• BGP sessions, BGP messages, BGP attributes
• BGP Policy Control Examples
• Cisco filtering mechanisms
• BGP Misconfiguration

3
Autonomous System
Multiple Routers Same Routing policy Single
Routing Protocol Single Ownership
4
ASs AS Numbers (ASNs)
64512 through 65535 are private
5
U of Minnesota Neighborhood
AS 7018 ATT
AS 1 Genuity
AS 57 UMN GigaPoP
128.101.0.0/16
6
Having Internet Connectivity

• To have complete Internet connectivity you must
  be able to reach all destinations on the net.
• Your packets have to get delivered to every
  destination. This is easy (default routes).
• Packets from everywhere else have to find you.
  This is done by having your ISP(s) advertise
  routes for you.

7
IP Forwarding Process
1. Remove a packet from an input
queue
2. Check for sanity, decrement TTL
field
4. Place packet on correct output
queue
Forwarding Process
3. Match packets destination to a
table entry
If queues get full, just drop packets!
If queues get full, just drop packets!
IP Forwarding Table
Router
8
Dynamic Routing Intra- vs. Inter-AS
OSPF
AS 1
BGP
IGP Interior Gateway Protocol
EIGRP
Metric based OSPF, IS-IS, RIP, EIGRP (cisco)
AS 2
EGP Exterior Gateway Protocol
Policy basedBGP
9
BGP The Glue of Internet

• To allow networks (ASs) to tell other networks
  (ASs) about routes (parts of the IP address
  space) that they are responsible for and how to
  reach them
• Using route advertisements, or promises -
  also called NLRI or network-layer reachability
  information
• Path-vector routing protocol
• Policy-based allow ISPs to richly express their
  routing policy, both in selecting outbound paths
  and in announcing internal routes
• keep this in mind as we progress!
• Relatively simple protocol, but configuration
  is complex and the entire world can see, and be
  impacted by, your mistakes

10
BGP Some Basics

• BGP exchanges routes between ASs.
• When routes are exchanged, ASNs are stamped on
  the routes on the way out
• adding one AS hop per network traversed -gt AS
  path
• Routes are exchanged over peering sessions,
  which run on top of TCP, port 179.
• The routes are objects, or bags of
  attributes
• BGP is actually two protocols
• iBGP, designed for internal route exchange
• eBGP, designed for external route exchange
• 1995 BGP-4 RFC 1771 2006 BGP-4 RFC 4271

11
BGP Net Prefixes, ASNs and Route Advertisements
BGP route advertisement Net prefix
207.8.128.0/17 AS path 4969 6461
207.8.128.0/17
AS 12001
AS 4969
AS 6461
AS 701
AS 5000
12
BGP Route Advertisement

• Think of a BGP route as a promise
• If I advertise 207.8.128.0/17, I promise that if
  you deliver traffic destined to any IP address
  within 207.8.128.0/17 to me, I know how to
  deliver it (at least as well as anyone else)
• By making sure these routes, or promises, are
  heard by all ASes, your provider ensures a return
  path for all of your packets
• Sending routes out causes IP traffic to come in

13
BGP Route Advertisements and IP Address Space

• If my customer has 207.8.140.0/24, I generally
  will not announce that route separately, if it is
  covered by my 207.8.128.0/17, aggregate route.
• Recall that routers use longest prefix matching
  to look up forwarding table
• If one of my customers ISPs is advertising
  207.8.240.0/24, all incoming traffic from other
  networks will start flowing in that pipe.
• so I must punch a hole in my aggregate
  announcement and advertise 207.8.128.0/17 and
  207.8.240.0/24

14
Autonomous Routing Domains Dont Always Need BGP
or an ASN
Static routing is the most common way of
connecting an autonomous routing domain to the
Internet. This helps explain why BGP is a
mystery to many
15
Number of Used ASNs
Source Geoff Huston, http//bgp.potaroo.net
16
Growth of BGP Routes
Percentage of IPv4 space advertised
Source Geoff Huston, http//bgp.potaroo.net,
Nov. 3, 2002
17
BGP Operations (Simplified)
Establish session on TCP port 179
Exchange all active routes
While connection is ALIVE exchange route UPDATE
messages
Exchange incremental updates
18
BGP (Peering) Sessions

• BGP session set up over TCP
• When session set up, both sides flood the other
  end with all of their best BGP routes
• Over time, only incremental updates are exchanged
• If session dies, all associated routes must be
  withdrawn
• BGP peers (neighbors) must be specified
  explicitly
• BGP session set-up Cisco Example
• Router A in AS 1
• router bgp 1
• neighbor 129.213.1.1 remote-as 2
• Router B in AS 2
• router bgp 1
• neighbor 129.213.1.2 remote-as 1

19
EBGP vs. IBGP Sessions

• EBGP between (usually directly-connected)
  routers in different ASs
• IBGP between (BGP-speaking) routers in same AS
• Different (operational) rules and polices apply!

20
iBGP

• IBGP speakers are (usually) fully meshed
• IBGP session set up
• Router A in AS 3847
• router bgp 3847
• neighbor 129.213.1.1 remote-as 3847
• neighbor 128.28.10.2 remote-as 3847
• Router B in AS 3847
• router bgp 3847
• neigbhor 129.213.1.2 remote-as 3847
• neighbor 127.101.1.1 remote-as 3847
• Router C in AS 3847
• router bgp 3847
• neigbhor 128.28.10.1 remote-as 3847
• neigbhor 127.101.1.2 remote-as 3847

AS 3847
A
c
B
21
BGP Messages Four Types

• Open Establish a peering session.
• Keep Alive Handshake at regular intervals.
• Notification Shuts down a peering session.
• Update Announcing new routes or withdrawing
  previously announced routes.

route announcement
prefix attributes values
22

23

24

25

26
What Is an Attribute?

• Attribute encoded in a TLV (type-length-value)
  format.
• Attribute length is 4 bytes long
• Attributes can be transitive (across ASs) or
  non-transitive (between AS neighbors only)
• Some are mandatory e.g., AS Path, Next-Hop, etc.

27
BGP Attributes
28
AS Path Attribute
29
AS Path Attribute

• Sequence of AS(s) a route has traversed.
• Provides a mechanism for loop detection.
• Policies may be applied
• based on AS path.
• Local AS added only when
• send to external peer.
• Shortest AS path preferred

AS3561 204.70.0.0/15
AS701192.67.95.0/24
G
F
D
AS3847 207.240.0.0/16
AS1673 140.222.0.0/16
C
B
E
A
192.67.95.0/24 3847 701 i 140.222.0.0 3847
1673 i 204.70.0.0/15 3847 3561
i 207.240.0.0/16 3847 i
AS6201
30
Next Hop Attribute

• Next-hop IP address to
• reach a network.
• Router A will advertise 198.3.97.0/24 to router
  B with a next-hop of 207.240.24.202.
• With IBGP, the next-hop does not change.
• IGPs should carry route to next-hops, using
  intelligent forwarding decision (i.e., via IGP).

AS 6201
198.3.97.0/24
A
A
.202
207.240.24.200/30
AS 3847
.201
B
B
C
31
Attributes are Used to Select Best Routes
192.0.2.0/24 pick me!
192.0.2.0/24 pick me!
192.0.2.0/24 pick me!
Given multiple routes to the same prefix, a BGP
speaker must pick at most one best route (Note
it could reject them all!)
192.0.2.0/24 pick me!
32
Route Selection Summary
Enforce relationships (provider-customer, peer)
Highest Local Preference
Shortest ASPATH
Lowest MED
traffic engineering
i-BGP lt e-BGP
Lowest IGP cost to BGP egress
Throw up hands and break ties
Lowest router ID
33
Local Preference Attribute

• Local to AS
• transitive throughout your network. It is never
  advertised to an eBGP peer.
• Used to influence BGP
• path selection

AS 3847
F
E
G
C
D
208.1.1.0/24 80

• Default 100
• Highest local-pref preferred
• For example, you can express the policy prefer
  private connect by making the local_pref be
  150 and leaving all other peers at 100.

208.1.1.0/24 100 Preferred by all AS3847
routers
A
B
208.1.1.0/24
AS 6201
34
eBGP vs. iBGP Revisited

• eBGP Rules
• By default, only talks to directly-connected
  router.
• Sends the one best BGP route for each
  destination.
• Sends all of the important attributes omits
  the local preference attribute.
• Adds (prepends) the speakers ASN to the
  AS-Path attribute.
• Usually rewrites the next-hop attribute.

35
eBGP vs. iBGP Revisited (contd)

• iBGP Rules
• Can talk to routers many hops away by default.
• Sends all attributes.
• Leaves the as-path attribute alone.
• Doesnt touch the next hop attribute.
• With iBGP, next-hop is not a router directly
  connected.
• So a recursive lookup is needed.
• After the next-hop is found, a second lookup is
  made to figure out how to send the packet in the
  direction of the next-hop.

36
iBGP and Next-Hop Example

• In AS 2828
• Router A next hop for 170.10.0.0/16 will be
  the serial interface on Router D in AS1239 router
• This is true even in Router Bs and Router Cs
  forwarding table.

D
E
170.10.0.0/16
AS 1239
37
BGP Route Processing
Open ended programming. Constrain
ed only by vendor configuration language
Apply Policy filter routes tweak attributes
Apply Policy filter routes tweak attributes
Receive BGP Updates
Transmit BGP Updates
Based on Attribute Values
Best Routes
Best Route Selection
Apply Import Policies
Best Route Table
Apply Export Policies
Install forwarding Entries for best Routes.
IP Forwarding Table
38
BGP Router - Processing Routes

• For each route received
• If its a valid route AND passes any filters, it
  must be put into the BGP routing table.
• Then, unless it is replacing a duplicate, a
  best-path computation must be run on all
  candidate BGP routes of the same prefix.
• Then, if the best route changed, the RIB and/or
  FIB must be updated.
• This process is done for ALL incoming BGP routes.
  

39
BGP Policy Control

• To decide what routes can and cant go to various
  other routers, you can filter using
• distribute lists (prefix filters) - lists of
  routes
• filter lists (as-path filters) - lists of
  regular expressions matching or denying ASs
• route maps (BGP Basic programs) that allow
  you to match and change most BGP attributes

40
Applying AS Path Filtering
701
6201
A
F
E
B
3847
6202
D
C
G
The following configuration could be used on
router B to accept routes from AS6201 6202 and
deny all others. ip as-path access-list 10
permit 6201 ip as-path access-list 10 permit
6201_6202 ip as-path access-list 10 deny .
41
Misconfiguration of BGP

• The configuration errors of the routers that
  result in the unintended production or
  suppression of BGP routing announcements.
• Includes slips ( inadvertent errors) and mistakes
  (design errors) in human factors terminology.
• Emphasis on human operator error.
• 20-70 of system failures

42
Our Goal

• How frequently do these misconfigurations occur?
• What is their impact on global connectivity and
  routing load?
• Why do the misconfigurations occur?
• What can be done to reduce their frequency and
  impact?

43
Configuration Example

• Router bgp 200
• Network 192.0.2.0
• Neighbor 1.1.1.1 remoter-as 100
• Neighbor 4.4.4.4 remoter-as 400
• Neighbor 4.4.4.4 route-map RMAP out
• !
• Route-map RMAP permit 10
• Match ip-address 1
• !
• Access-list 1 deny 192.0.2.0 0.0.0.255

44

• How frequently do these misconfigurations
  occur?
• 200-1200 prfixes, equivalent to 0.2-1 of the
  global table size, suffer from misconfiguration
  each day.
• Close to ¾ of the new route announcements per day
  are the result of misconifguration.

45

• The impact
• Increase routing load by generating unnecessary
  BGP updates.
• Can disrupt connectivity, either partially or
  globally.
• Violate the intended policy of the AS.

46

• Causes of Misconfiguration
• Origin Misconfiguration(unintentional insertion)
• Initialization bug, old config, redistribution,
  community, hijack, forgotten filter, incorrect
  summary, unknown config error, miscellaneous,
  unclassified
• Export Misconfiguration(an inadvertent export in
  violation of the exporters policy)
• prefix based config, old config, initialization
  bug, bad ACL or rout map, typo, forgotten filter,
  community, unknown config error, miscellaneous,
  unclassified

47

• Resolution
• User Interface Design instead of CLI(comand line
  interfaces)
• safe defaults, the more serious the consequences
  of the error, consistency across versions, large
  edit distances btween correct and incorrect
  settings.
• High-level Languages and Checkingonnectivity,
  either partially or globally.
• Database Consistency and Registries.
• Protocol Extensions.
• S-BGP (Secure BGP )