BGP protocol presentation
Download as PPT, PDF15 likes12,961 views
The document provides an overview of Border Gateway Protocol (BGP) which is the routing protocol used to exchange routes between institutions and the KAREN network. BGP allows different autonomous systems (AS) to exchange routing information and is more than just a routing protocol as it contains additional route attributes that are used for policy rules. BGP can operate internally within an AS or externally between ASes to control route propagation based on commercial agreements.
BGP protocol presentation
- 1. Border Gateway Protocol (BGP) KAREN Technical Workshop François Prowse fprowse@juniper.net Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1
- 2. BGP Basics Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 2
- 3. What is BGP? BGP is the routing protocol used to advertise routes between institutions and the KAREN network More than just a routing protocol, BGP routes contain many additional attributes Controlled by flexible “Policy” rules that limit what routes we will learn and what we will advertise BGP policy is traditionally used as an interpretation of commercial arrangements between carriers, ISP’s etc BGP can be as simple or as complex as you wish Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 3
- 4. What RFC’s define BGP? RFC 1771 - A Border Gateway Protocol 4 (BGP-4) RFC 1772 - Application of the Border Gateway Protocol in the Internet RFC 1997 - BGP Communities Attribute RFC 1965 - Autonomous System Confederations for BGP RFC 1966 - BGP Route Reflection. An alternative to full mesh IBGP RFC 2270 - Using a Dedicated AS for Sites Homed to a Single Provider RFC 2283 - Multiprotocol Extensions for BGP-4 RFC 2385 - Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2439 - BGP Route Flap Damping RFC 2545 - Multiprotocol Extensions for IPv6 Inter-Domain Routing Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4
- 5. Routing Protocols IGP – Interior Gateway protocol • Figures optimal path from one node to another node in a network • Examples include RIP, OSPF, ISIS etc… • Runs under a single technical/administrative control (AS) • Can support either IPv4 and/or IPv6 EGP – Exterior Gateway protocols • Allows different AS’s to exchange routing information to allow traffic across two different areas of control • Only one EGP used in the KAREN network -> BGP • Policy allows Peers to control routes leant between sites based on established agreements • Best practice is to only advertise the routes you wish people to actually reach. Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 5
- 6. IGP – Interior Gateway protocol Each AS maintains their own IGP There is no interaction of IGP’s between any peers in the KAREN network IGP’s are required to allow routing inside a domain Examples include • Static routes • RIP • RIPng IPv6 capable • OSPF • OSPFv3 IPv6 capable • ISIS IPv6 capable • Other proprietary protocols Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 6
- 7. EGP – Exterior Gateway protocol BGP Can be used in two scenarios • Internally, inside an Autonomous System • Known as IBGP (Internal BGP) • Peers share the same AS number • Typically implemented as a full mesh • Typically peer between loopback addresses • Externally, between peers • Known as EBGP (External BGP) • Peers have different AS numbers • Single point-to-point peering • Typically peer between interface addresses All connections to the KAREN network use EBGP Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 7
- 8. IBGP – Full mesh, on top of IGP KAREN Internet AS 12345 IBGP Peering Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 8
- 9. EBGP, Peering to the Internet and KAREN KAREN Internet AS 12345 EBGP Peering Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 9
- 10. IBGP and EBGP in operation KAREN Internet AS 12345 IBGP Peering EBGP Peering Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 10 10
- 11. BGP Protocol Overview BGP Runs over TCP Any two routers that have formed a TCP connection to exchange BGP information are called “Peers” or ‘Neighbors” Once connection is made, Peers exchange their full BGP routing tables. Updates are then sent as the table changes or new routes are added to the network. BGP peers in the KAREN network should be capable of exhanging both IPv4 and IPv6 routes Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 11 11
- 12. BGP Routes BGP routes contain more that just the advertised prefix • Origin • AS Path • Next Hop • Local Preference • Multiple Exit Discriminator • Community BGP Policy looks at the prefix as well as route attributes for decision making BGP attributes can often be changed to influence downstream policy Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 12 12
- 13. Autonomous System Autonomous System (AS) • Group of routers belonging to a single administrative domain • Viewed externally as a single, coherent interior routing domain • Each AS runs their own chosen IGP AS Numbers • Public and private AS numbers are available for use • Public numbers assigned locally by APNIC to each institution • Larger tertiary institutions potentially already have one assigned You will need a Publicly Assigned AS number to connect to KAREN! Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 13 13
- 14. BGP Policy Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 14 14
- 15. BGP Policy BGP Policy controls what BGP routes are installed in the routers routing table and what routes are advertised to your peers Use BGP policy when • You don’t want to import all learned routes into the routing table • You don’t want to advertise all known routes to neighboring routers • You want BGP to receive routes from another protocol (Redistribution) • You want to modify information (BGP Attributes) associated with routes BGP Policy configuration varies with each router vendor and platform BGP Policy can be as simple or as complex as you wish Ensure your routers policy implementation is as flexible as possible Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 15 15
- 16. Default Policy BGP when left to its own devices will fall back to default policy for the import and export of routes. Can vary with vendor implementation Import • All routes learned from BGP neighbors are installed in the routing table Export • Transmit all routes learned from BGP neighbors to all BGP neighbors • Advertise only active route If you aren’t running IBGP in your network then you will need policy to redistribute IGP routes to KAREN Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 16 16
- 17. Import and Export Policy Control the flow of routes between your network and KAREN by creating specific policy rules! Import Policy • Apply an import routing policy to control the routes that the routing protocol process uses to determine active routes • Affects routes that BGP receives from a neighbor • Modify BGP attributes Export Policy • Apply an export routing policy to control the routes that a BGP router advertises to its neighbor • Modify BGP attributes Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 17 17
- 18. Why do we need policy 200.0.0.0/24 192.168.0.0/24 KAREN Internet AS 12345 200.0.0.0/24 200.0.0.0/24 192.168.0.0/24 192.168.0.0/24 Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 18 18
- 19. Policy enforcement Export Export Import Import KAREN Internet AS38022 AS 12345 Eg. Eg. Filter all RFC 1918 routes Import all AS38022 routes No export AS38022 routes Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 19 19
- 20. Platform requirements Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 20
- 21. Router requirements BGP peers in the KAREN network will be expected to perform the following • BGP peering of both IPv4 and IPv6, large number of routes • While the Internet is currently 160K+ routes, KAREN “should” be smaller • Forwarding of Ethernet Jumbo Frames • Interdomain Multicast forwarding Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 21 21
- 22. Router requirements Not all routers capable of the demands required • Does my platform of choice support all the relevant RFC’s? • Pay attention to maximum number of routes in Routing table and Forwarding Table for both IPv4 and IPv6 • Is the router forwarding in Software or Hardware? • Do Jumbo Frames limit my forwarding performance, while mixed with smaller packets? • Is there a flexible “Policy” implementation to control routes installed in route table • What are the default Policies of BGP • Is there any additional Security I should be concerned about? Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 22
- 23. More Information and Help? Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 23
- 24. More Information… Books Practical BGP BGP Illustrated JunOS Cookbook ISBN 0321127005 ISBN 0596002548 ISBN 0596100140 RFC’s • Specifically RFC 1771, 1772 and 1997 Online • http://www.bgp4.as • http://www.juniper.net/techpubs/software/junos/junos80/swconfig80-routing/frameset.htm Vendors, Consultants and your existing ISP Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 24
- 25. Q & A? Copyright ©© 2006 Juniper Networks, Inc. Copyright 2003 Juniper Networks, Inc. Proprietary and Confidential Proprietary and Confidential www.juniper.net www.juniper.net 25
- 26. Thank You