BGP Routing Policy Configuration

1
BGP Routing Policy Configuration

• Prof. Gao
• ECE697A Fall 2003
• Advanced Computer Networks

2
Outline

• Introduction to routing policy
• Purposes
• Elements
• Goal of routing policy
• Redundancy
• Symmetry
• Load balancing
• Case studies
• Single homed
• Multi-homing

3
What Is Routing Policy?

• Import policy
• Allow/deny to receive updates from neighbors
• Export policy
• Permit/reject to announce updates to neighbors
• Conforms to relationships between external BGP
  peers

4
Routing Policy Purpose

• Purpose
• Conforms to commercial agreements
• Traffic engineering goal
• Control points
• Import
• Export

5
Routing Policy Example

• AS1 originates prefix d
• AS1 exports d to AS2
• AS2 imports
• AS2 exports d to AS3
• AS3 imports
• AS3 does not export d to AS5

AS4
AS5
AS2
d
d
Not export d
AS3
AS1 d
6
Elements of Routing Policy

• Handle different types of routes
• Customer Inbound
• Customer Outbound
• Provider/Peer Inbound
• Provider/Peer Outbound

Provider
Provider, inbound
Provider, outbound
Customer, outbound
Customer, Inbound
Customer
7
Customer Routes, Inbound

• Accept by prefix or by AS
• Maximum prefix length (/24)
• Customer Routes
• Highest local preference
• MED attribute
• Hint on preferred router into an AS
• Community attribute
• set appropriate communities on INGRESS

8
Customer Routes, Outbound

• What kinds of routes to send
• Full routes
• Partial routes
• Default route only
• Provide customers with community attributes
• Customer can do its own filtering
• Do not send bogus prefixes
• Private IP space
• Unallocated IP prefixes

9
Peer/Provider Routes Inbound

• Not filtered in most cases
• Sometimes filtered on prefix length
• For peers
• May set limits on number of prefixes
• Local Preference Hierarchy
• customer, private peering, public peering,
  transit, AS-Path length
• Set appropriate communities on INGRESS

10
Peer/Provider Routes Outbound

• Usually filtered on the /24 boundary
• MEDs are usually sent
• But are rarely listened to
• Aggregates are normally announced for your own
  blocks
• For peers
• Only customer and internal routes are announced
  in most cases

11
Complexity of Routing Policy

• Policy can get very complex
• Low level configuration language
• Manual configuration (text file!)
• Consistency on different routers

12
Routing Policy Goal

• Redundancy
• Multiple connections to one or more ASes
• Symmetry
• Exit point is the same with ingress point
• Load balancing
• Divide traffic optimally over multiple link
• Trade-offs in implementing routing policies

13
Redundancy

• Warranty on uninterrupted connectivity
• Physical equipment failures
• Human errors, e.g. configurations
• Advantage
• Improve connectivity/reliability
• Disadvantage
• May reduce symmetry
• Make the traffic more unpredictable

14
Impact on Size of Routing Tables

• Increasing the size of routing tables
• More alternative routes
• Solution
• Designate default routes.
• Default routing provides backup routes in case
  primary connection fails.
• Statically/dynamically set defaults

15
Traffic and Symmetry

• Symmetry
• traffic that leaves from a certain exit point
  returns through the same point
• Easy to achieve if there is only a single exit
• Tends to be asymmetric
• Redundancy and multiple connections
• Asymmetry means hard to control over how traffic
  flows into and out of ASes

16
Load Balancing

• Distribute traffic optimally over multiple links
• not to distribute traffic equally over
  connections
• Achieve a traffic distribution pattern
• Optimally utilizes the multiple links that
  provide redundancy

17
What Affects Load Balancing?

• Two types of traffic
• Incoming traffic
• Outgoing traffic
• Incoming traffic is affected by
• How the AS advertises its networks to the outside
• Outgoing traffic is affected by
• Routing updates coming in from outside ASes

18
Case Studies

• Set default route
• Statically
• Dynamically
• Single homing
• Multi-homing
• To a single provider
• To several providers

19
Example 1 Dynamically Learned Defaults

• RTA originates a default route 0.0.0.0/0 toward
  RTC only.
• RTF will not get the default.

AS3
172.16.20.2
iBGP
172.16.1.1
RTA
RTF
provider
192.68.11.1
AS1
RTC
172.16.20.1
customer
20
Example 1 configuration

• At Router A,
• Router bgp 3
• no synchronization
• network 172.16.1.0 mask 255.255.255.0
• neighbor 172.16.20.1 remote-as 1
• neighbor 172.16.20.1 default-originate
• (send default to RTC)
• no auto-summary
• The default-originate option of the neighbor
  router subcommand will cause 0/0 to be sent
  toward RTC.

21
Example 2 Statically Set Defaults

• Router can set its own default statically. RTC
  sets default to point toward network
  192.78.0.0/16 (AS6)

Customer
Provider 1
AS1
192.68.11.1
172.16.6.1
192.68.6.2
AS2
RTC
172.16.20.1
Provider 3
RTF
172.16.20.2
192.68.8.3
192.68.8.1
RTA
172.16.1.1
AS6
AS3
192.78.0.0/16
RTF
Provider 2
22
Example 2 Configuration

• Router bgp 1
• network 192.68.11.0
• neighbor 172.16.20.2 remote-as 3
• neighbor 192.68.6.1 remote-as 2
• no auto-summary
• Ip route 0.0.0.0 0.0.0.0 192.78.0.0
• (Choose Provider 3 as default route)

23
Single homing

• Customer connects to the Internet via a single
  connection to an ISP
• Not necessary to run BGP
• Customer usually can be served by pointing
  defaults towards the provider
• Provider can install static route to reach the
  customer

Outgoing traffic
ISP
Customer
Incoming traffic
24
Single homing

• Advantage
• Least expensive and more effective
• Reduce memory usage and processing overhead
• Static default configuration
• Disadvantage
• Poor reliability

25
Multi-homing

• Multi-homing Definition
• More than one link external to the local network
• Multi-homing Scenarios
• Multi-homing to a single provider
• Multi-homing to different providers
• Customers of the same provider with a backup link
• Customers of different providers with a backup
  link

26
Multi-homing to a single provider

• Definition Two or more links to the same ISP
• Case
• Default only, one primary, and one backup

27
Example Default only, one primary, and one
backup (single provider)

• AS1 provider
• AS3 customer multi-homed to AS1
• RTA running default toward AS1
• NY link is primary
• SF link is a backup if NY link fails

28
Routing Policies at RTA (AS3)

• Outbound traffic
• Use NY link unless it fails
• Configuring two static routes in RTA pointing the
  defaults toward AS 1
• Loc Pref of NY link is higher
• Inbound traffic
• Use NY link unless it fails
• Send MED toward AS1 on both links with a lower
  metric on the NY link.
• Prevent any BGP updates from coming into AS3
• Configuring a route map or prefix list

29
RTA configuration

• router bgp 3
• network 172.16.220. 0 mask 255.255.255.0
• neighbor 172.16.20.1 remote-as 1
• neighbor 172.16.20.1 route-map BLOCK in
• neighbor 172.16.20.1 route-map SETMETRIC1
  out (RTC)
• neighbor 192.68.9.2 remote-as 1
• neighbor 172.68.9.2 route-map BLOCK in
• neighbor 172.68.9.2 route-map SETMETRIC2 out
  (RTD)
• no auto-summary
• ip route 0.0.0.0 0.0.0.0 172.16.20.1 50
  (RTC SF backup)
• ip route 0.0.0.0 0.0.0.0 192.68.9.2.40
  (RTD NY primary)
• (NY link has higher preference, default 100)
• route-map SETMETRIC1 permit 10 (RTC)
• set metric 100
• route-map SETMETRIC2 permit 10 (RTD)
• set metric 50
• ( routes sent to RTD with lower MED)
• route-map BLOCK deny 10 (incoming BGP updates)

30
Multi-homing To Different ISP Providers

• Definition Two or more links to different ISP
• Case
• Default, primary, and backup, plus full and
  partial routing

31
Example Default, primary and backup,
Full/Partial Routing

• AS 3 uses SF link to AS 1s local or customers
• AS 3 use NY as primary link
• AS 3 use SF as backup
• Traffic to RTA goes through SF link
• All others go through NY link

Internet
RTD
RTC
AS1
AS2
172.16.20.1
192.68.5.2
NY
SF
192.68.5.1
172.16.20.2
BGP
RTA
RTF
172.16.1.1
172.16.1.2
172.16.10.1
172.16.220.1
AS3
32
Routing Policies of AS 3

• RTA
• For outbound traffic, accepts
• Routes originated from AS 1 or its customers
• Default-route from AS 1
• For inbound traffic,
• Announces IP address block in RTF with AS prepend
• RTF
• For outbound traffic, accepts
• All routes via NY link
• For inbound traffic
• Announces IP address block in RTA with AS prepend
• AS3 cannot be a transit network from AS1 and AS2

33
RTA configuration (1)

• router bgp 3
• no synchronization
• network 172.16.1.0 mask 255.255.255.0
• network 172.16.10.0 mask 255.255.255.0
• network 172.16.220.0 mask 255.255.255.0
• neighbor 172.16.1.2 remote-as 3
• neighbor 172.16.1.2 update-source Loopback0
• neighbor 172.16.1.2 next-hop-self
• neighbor 172.16.20.1 remote-as 1
• neighbor 172.16.20.1 route-map ACCEPT_LOCAL in
• neighbor 172.16.20.1 route-map PREPEND_PATH out
• no auto-summary

34
RTA configuration (2)

• ip as-path access-list 1 permit 1 ?0-9
• ip as-path access-list 2 permit
• (define routes from originated from AS 1 and its
  customers)
• access-list 1 permit 172.16.10.0 0.0.0.255
• (define routes from RTA)
• route-map PREPEND_PATH permit 10
• match ip address 1
• set as-path prepend 3
• (AS prepend with routes from RTA, 3 is AS
  number)
• route-map PREPEND_PATH permit 20
• match as-path 2
• route-map ACCEPT_LOCAL permit 10
• match as-path 1
• (Accept the routes of AS 1s local and its
  customers)

35
RTF configuration (1)

• router bgp 3
• no synchronization
• network 172.16.1.0 mask 255.255.255.0
• network 172.16.10.0 mask 255.255.255.0
• network 172.16.220.0 mask 255.255.255.0
• neighbor 172.16.1.1 remote-as 3
• neighbor 172.16.1.1 next-hop-self
• neighbor 192.68.5.2 remote-as 2
• neighbor 192.68.5.2 route-map PREPEND_PATH out
  
• no auto-summary

36
RTF configuration (2)

• ip as-path access-list 2 permit
• (routes originated from AS 3)
• access-list 1 permit 172.16.220.0 0.0.0.255
• (routes originated from RTA)
• route-map PREPEND_PATH permit 10
• match ip address 1
• set as-path prepend 3
• (AS prepend with routes from RTA, 3 is
  AS number)
• route-map PREPEND_PATH permit 20
• match as-path 2
• (advertised as usual)

37
Customers of the same provider with a backup link

• The private link can be used as a backup link
  when an Internet link fails
• AS 3 is provider of AS 1 and AS 2
• AS1 and AS 2 have a private link as backup

38
Example private link used as backup (customers
of the same provider)
39
Routing Policies on RTC (AS 1)

• AS3 offers services to AS1 and AS2
• AS1 and AS2 have a private link as backup
• For outbound, accepts
• All routes from AS 3
• All routes from AS 2, but less preferred
• For inbound
• Handle by default BGP behavior, shortest AS path

40
RTC configuration (customers of the same provider)

• router bgp 1
• network 192.68.11.0
• neighbor 172.16.20.2 remote-as 3
• neighbor 172.16.20.2 route-map PREF_FROM_AS3 in
• neighbor 192.68.6.1 remote-as 2
• neighbor 192.68.6.1 route-map PREF_FROM_AS2 in
• no auto-summary

41
RTC configuration (customers of the same provider)

• ip as-path access-list 1 permit _2_
• route-map PREF_FROM_AS3 permit 10
• match as-path 1
• set local-preference 100
• (routes received from AS3, which match _2_,
  have lowest loc_pref)
• route-map PREF_FROM_AS3 permit 20
• set local-preference 300 (all other updates)
• (all other routes received from AS3 have highest
  loc_pref)
• route-map PREF_FROM_AS2 permit 10
• set local-preference 200
• (routes from AS2 have loc_pref 200)

42
Customers of different providers with a backup
link

• AS 1 and AS 2 have private link
• AS 4 is provider of AS 1, AS 3 is provider of AS
  2
• AS 3 connects to AS 4
• AS 1 and AS 2 use providers as backup
• The community approach
• Dealing with adding and removing customers with
  dynamically setting the customers policies
• The AS path manipulation approach
• An alternative to the community approach

43
Example community approach (Customers of
different providers)
44
Routing Policies at RTC (AS 1)

• For outbound traffic
• Use loc pref
• For inbound traffic
• For those routes which pass via AS 2, set
  community to 440
• Not announce routes originated from AS 3 to AS 4
• Only announce routes originated from AS 1 and AS
  2
• Definition on the usage of community at AS 4
• 440 ---- set loc_pref to 40
• Default ---- set loc_pref to 100

45
RTC configuration (AS 1)

• router bgp 1
• network 192.68.11.0 mask 255.255.255.0
• neighbor 172.16.20.2 remote-as 4
• neighbor 172.16.20.2 send-community
• neighbor 172.16.20.2 route-map setcommunity out
• neighbor 172.16.20.2 filter-list 10 out
• neighbor 192.68.6.1 remote-as 2
• no auto-summary

46
RTC configuration (Customers of different
providers)

• ip as-path access-list 2 permit _2_
• ip as-path access-list 10 permit
• ip as-path access-list 10 permit 2
• (Not announce routes originated from AS 3 to AS
  4)
• route-map setcommunity permit 10
• match as-path 2
• setcommunity 440
• (via AS2 match_2_, set community 40)
• Route-map setcommunity permit 20
• (do not have community set)

47
Conclusions

• Configure for one router or peering session
• More session for each router
• Typically store in a large text file
• All for edge ASs so far
• More complex for tier-1 providers
• Many looong configuration (1000 lines) files!
• Routing policies can be complex
• It is even harder to configure routers (Assembly
  language like configuration language!)
• High-level language is needed