Bgp on Aaron's Worthless Words

Junos Basics - Configuring BGP

Wed, 01 Aug 2012 00:00:00 +0000

I’m stuck deep in Junos these days. I mean deep. I have an F5 load balancer and an ASA 5520; the rest of my stuff is Juniper. That means I have some learning to do.

Here’s one of the basics in Junos - configuring BGP. I guess I’ve always said that BGP is BGP. How much different can it be from IOS? Well, the end result is the same, but it’s different enough to have to look up how to do it. :) The first difference is the fact that all BGP configuration is done with groups just like peer groups in IOS. You can act like you’re configuring neighbors, but there’s no way around using groups. After going back and forth, I just settled with an group for eBGP neighbors and another for iBGP neighbors. If settings are different, I just set them in the neighbor. Here’s an example of that.

VRF-Aware IPSec Tunnels

Tue, 13 Dec 2011 00:00:00 +0000

Man, time is hard to come by of late. I’ve had so little time to rest that’s it’s hard to get my thoughts together. It’s a good thing in this case, though, since it’s my fantastic job that’s taking all my time. It’s great to see new network and learn their internals…especially when they were designed by some long-time CCIEs who actually knew what they were doing.

One of the big things that I’m dealing with lately is VRFs. I’ve implemented some VRF-lite stuff, but I’ve never had any practical experience with the full force of them. I’m definitely learning here. Since the blog here is really about my sharing what I’ve learned, let’s go through something that came up recently - terminating VPNs on one VRF while passing traffic to another.

BGP Notes - Backdoor Routes

Sat, 11 Jun 2011 00:00:00 +0000

The fact that eBGP has an AD of 20 can be a problem.
- You may have a very short path via EIGRP (or OSPF or RIP or whatever other IGP), but the longer eBGP path will be preferred.
For God’s sake, do not lower the AD of EIGRP! Havoc will ensue.
Using backdoor routes causes eBGP routes to have an AD of 200.
- Allows the shorter-path IGP routes to be added to the routing table.

router bgp 123
 network 1.1.1.0 backdoor

-—-

BGP Notes - Confederations

Sat, 11 Jun 2011 00:00:00 +0000

RFC 3065
BGP confederations reduce the size of full mesh iBGP ASes by dividing it up into different areas.
Confederations also remove the need for BGP synchronization since all iBGP routers will have all routes.
In effect, your iBGP AS gets chopped up into different sub-ASes.
Each router is a member of a sub-AS and is a neighbor with every other router in that sub-AS (full mesh).
- Neighbors within a sub-AS are called confederation iBGP neighbors.
- Confederation iBGP neighbors act just like any other iBGP neighbor.
At least one member of each sub-AS is neighbored with members of different sub-ASes.
- Neighbors in different sub-ASes are called confederation eBGP neighbors.
- Confederation eBGP neighbors have a default TTL of 1 just like true eBGP neighbors.
- The NEXT_HOP PA is not changed when passing routes between sub-ASes.
- LOCAL_PREF is also preserved.
Confederations use the AS_CONFED_SEQ and AS_CONFED_SET fields in the AS_PATH PA.
- These fields act like AS_PATHs to prevent loops.
- These fields are cleared out when the route is passed to an eBGP neighbor.
- If components of a summary route (an aggregate-address) have different AS_CONFED_SEQ values, the AS_CONFED_SET is used.
Confederations ASes are not included when the router decides which route is best.
BGP confederation routers are configured to be in a private ASN.
- The confederations should be private to avoid AS conflicts.
- The confederation identifier defines the AS at it appears to the world.

router bgp 65001
 no synchronization
 bgp confederation identifier 123
 bgp confederation peers 65002 65003
 neighbor 2.2.2.2 remote-as 65002
 neighbor 3.3.3.3 remote-as 65003

-—- Comment with corrections, please.

BGP Notes - Route Reflectors

Sat, 11 Jun 2011 00:00:00 +0000

Route reflectors remove the requirement of having a full mesh iBGP network.
Any iBGP route a router reflector learns is sent to all route reflector clients.
- Non-client iBGP neighbors do not get the new route per iBGP rules.
RR clients are configured like normal iBGP routers.
- All RR client config is done on the route reflector.
RRs and clients are part of a cluster.
- RRs in each cluster must be neighbors with each other.
- Each cluster RR appends the cluster ID to the CLUSTER_ID PA; this is used similarly to AS_CONFED_SEQ.
The ORIGINATOR_ID PA is set by and preserved by the RR.
- If a route contains the ORIGINATOR_ID of the receiving router, the update is ignored.
Only best routes are passed to RR clients and non-client neighbors.

router bgp 123
 no synchronization
 bgp cluster-id 1
 neighbor 6.6.6.6 remote-as 123
 neighbor 6.6.6.6 route-reflector-client

-—- Comment with corrections, please.

BGP Notes - Synchronization

Sat, 11 Jun 2011 00:00:00 +0000

With synchronization on, route must be synchronized to an IGP in order for that routes to be able to be voted ‘best" by BGP.
- That means the exact route must already be in the routing table via an IGP.
- Static routes don’t count.
- This is traditionally accomplished by redistributing BGP routes into an IGP.
- With today’s Internet prefix count over 350k, this may not be such a good idea in some situations.
- Synchronization is off by default.
Synchronization prevents black hole routes from being advertised via iBGP.
- Unless every router is participating in iBGP, there’s no guarantee that any one router will have a route to NEXT_HOP.
Synchronization also prevents a router from advertising the black hole to an eBGP neighbor.
- You don’t want to tell the world you have a path to a prefix when you really have a !N.
Synchronization can be safely disabled with the use of route reflectors or confederations.

-—-

BGP Notes - Authentication

Fri, 10 Jun 2011 00:00:00 +0000

Corrections welcome.

It’s simple as pie to enable MD5 auth to a BGP peer.

R102(config-router)#neigh 192.0.2.101 pass MYKEY

BGP Notes - Path Decision

Thu, 09 Jun 2011 00:00:00 +0000

This is required blogging…and reading for that matter. A good chunk of this is taken from my CCNP posts from last year. Corrections, please.

-—-

How does a BGP router decide which BGP route is the best?

Next-hop : Does the router have a route to the next-hop?

Weight : This is a numeric value where bigger is better. Weight is not passed onto other peers and is a Cisco proprietary feature.

BGP Notes - Path Attribute Categories

Wed, 08 Jun 2011 00:00:00 +0000

Make my corrections! Please!

Well-known mandatory : These PAs must be recognized by all BGP routers and passed along to other peers.

Well-known discretionary : These PAs do not need to be in every update, but they must be recognized by all BGP routers.

Optional transitive : These PAs don’t have to be recognized but they must be passed along to other BGP peers if they are present in an update.

BGP Notes - Message Types

Tue, 07 Jun 2011 00:00:00 +0000

Corrigeme, por favor.

Open : When a neighbor is configured, the router sends an open to that neighbor to get the ball rolling.

Destination:  The neighbor's configured IP
Important fields:
  My AS

Update : The routing information

Destination:  The neighbor's configured IP
Important fields:
  Advertised network Klonopin Online
  Path attributes

Keepalive : Sent every 60 seconds by default

Destination:  The neighbor's configured IP
Important fields:
  Nothing, really

Notification : When something is amiss, the router sends a notification message. The receiver then closes the connection.

BGP Notes - Neighbor States

Tue, 07 Jun 2011 00:00:00 +0000

Corrections appreciated.

Idle : There is no relationship, but the router sends out a TCP SYN to the neighbor to get the ball rolling.

Idle (admin) : The neighbor is admined down.

Connect : The router is waiting for the TCP connection to finish. If the TCP connection finishes, the router sends an open and transitions to OpenSent. If it times out, it transitions to Active.

Active : The router tries Cialis to initiate a TCP connection. If the TCP connection finishes, the router sends an open and transitions to OpenSent.

Routing IPv6 with BGP - The Basics

Thu, 10 Feb 2011 00:00:00 +0000

Are you sensing a theme lately? Since we covered the basics of the main IGPs (I’m an enterprise guy, so no IS-IS comments, please.), I thought I’d try to describe the basics of advertising IPv6 routes over BGP. Yet again, we’re not going to do any route manipulation or change any of the 948284928 BGP attributes. We’re just trying to get routes exchanged.

Configuration

There’s no new version of BGP for IPv6 here. It’s the standard BGP version 4 that we’ve all been using for years, but we’re going to take advantage of the multiprotocol support (MPBGP, RFC 2858 RFC 4760). We’ll get to the differences in a second, but the first thing to do is to set up the BGP process as normal.

Tagging External Routes in EIGRP

Fri, 03 Dec 2010 00:00:00 +0000

EIGRP allows you to tag external routes. That is, any route redistributed into EIGRP can be tagged with a numeric descriptor from 0 to 4294967295.

ROUTE Notes - Further IGP Redistribution

Sun, 18 Jul 2010 00:00:00 +0000

As always, corrections are requested.

Study Questions

I’ve got IGRP and EIGRP both configured with the same AS number. What’s special about this configuration?

If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.

When redistributing one IGP into another, where’s a good place to filter routes?

There’s no one good place, but at the router(s) that’s doing the redistribution is a good start. There’s no need to send an IGP a bunch of routes it doesn’t need.

ROUTE Notes - Controlling BGP

Tue, 06 Jul 2010 00:00:00 +0000

Corrections, please. I skipped a bunch of BGP intro stuff to get to the juicy center. I’ll see if I can come back later and finish the other parts for posterity.

Study Notes

Is BGP route selection a controversial subject?

Yes. If you ask 1000 network guys the best way to influence BGP, you’ll probably get 1000 different answers.

At what position in the PA list of a BGP update do you find the weight attribute?

You don’t. Weight is a Cisco-proprietary thing.

Stubby Post - show ip protocols

Thu, 10 Jun 2010 00:00:00 +0000

I’ve seen and used the command before, but I’ve never really seen any use of the show ip protocols command until tonight while reading up for my ROUTE test. There’s a lot of good information in the output, and, from the way the book is reading, this is a great candidate for use in a lab question.

To check it out a bit, I set up a small network with four routers connected only to a single Ethernet segment. I set up one router to run EIGRP, OSPF, and BGP to each one of the other routers just so I could see the output for the different routing protocols. Here’s what puked out after struggling with GNS for a few minutes.

Renesys Analysis of SuproNet Announcement Debacle

Wed, 18 Feb 2009 00:00:00 +0000

Earl Zmijewski of Renesys has an analysis of the SuproNet incident that took down a good bit of the Internet on Monday. From the blog:

This single Czech provider announcing a single prefix caused a huge increase in the global rate of updates, peaking at 107,780 updates per-second. This peak occurred at 16:30:54 UTC, less than 8 minutes after the first announcement.

ACLs and HSRP, BGP, OSPF, VRRP, GLBP...

Thu, 12 Jun 2008 00:00:00 +0000

Here’s a handy list of ACL entries to allow your devices to speak routing protocols, availability protocols, and some other stuff. We’ll assume you have ACL 101 applied to your Ethernet inbound; your Ethernet has an IP of 192.168.0.1.

BGP : Runs on TCP/179 between the neighbors

access-list 101 permit tcp any host 192.168.0.1 eq 179

EIGRP : Runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.10

access-list 101 permit eigrp any host 224.0.0.10