Tải bản đầy đủ - 0 (trang)
Chapter 14. Understanding Border Gateway Protocol Version 4 (BGP-4)

Chapter 14. Understanding Border Gateway Protocol Version 4 (BGP-4)

Tải bản đầy đủ - 0trang

intheearly1990scalledforaprotocolthatcouldprovide

classlessroutingandIPprefixadvertisementwithoutthe

conceptofnetworkclass.Furthermore,thisprotocolneededto

aggregateIPprefixestoshrinktheInternetroutingtablesize

androbustlyadvertisealargenumberofroutestoother

autonomoussystems.BGPofferedallthatand,amongother

things,offeredmechanismstocontroltrafficflowinandoutof

thenetworksrunningBGP.InInternetserviceprovider(ISP)

networkswhererevenuesaregeneratedbysellingInternet

accesstoothersmallISPsortoenterprisecustomers,itis

crucialthattrafficflowsaremanagedproperly.BGPofferedISPs

thecapabilitytoconfigurerouterswithnetworkpoliciesto

managetrafficrequirements.

ISPsmakethemostuseofBGP.WhetheritiscustomerIP

trafficdestinedtotheInternetorIPtrafficfromtheInternetto

acustomernetwork,BGPallowsmanipulationoftrafficpathsto

makethebestuseoftheISPnetwork.

BeforedelvingintothevariousaspectsofBGP,youneedto

(re)familiarizeyourselfwithafewterms:

IPprefixThisreferstotheIPsubnetassignedtonetworks

bytheofficialgoverningbodythatmanagesIPaddresses.

BGPfeedThisisacommonlyusedtermforaBGPsession

thatprovidesreachabilityinformationofIPprefixesonthe

Internet.Inthiscontext,termssuchasfullfeedandpartial

feedarealsoused.FullfeedreferstoalltheInternet

prefixes,whereaspartialfeedreferstoasubsetofthe

InternetIPprefixes,basedonthetrafficrequirements.

BGPpeerBGPpeersandBGPneighborsaretermsthat

refertonetworkdevicesinthesamenetworkthatrunBGP.

RouterID(RID)Thisisa32-bituniqueidentifier



representingaBGPspeaker.InCiscoIOSSoftware,theRID

isthehighestloopbackIPaddress.Whenloopbacksarenot

configured,thehighestIPaddressoftheinterfacethatisup

istakenastheRID.RIDcanalsobemanuallyconfiguredin

CiscoIOS.

ExitpointThisisarouterthatconnectstwoautonomous

systems,andtrafficcomesinandgoesouttoInternet

throughtheexitpoint.Inmostexamples,therewillbe

morethanonerouterrunningEBGPforredundancyandfor

otherrequirements.

SmallandlargeBGPnetworksThereisnofixed

definitionofasmallorlargenetwork.Justoneroutermight

existinthenetwork,orthenetworkmighthaveseveral

hundredroutesrunningtheIProutingprotocol.

ExternalBGP(EBGP)WhenBGPisrunbetweentwo

autonomoussystems,suchaBGPsessioniscalledExternal

BGP(EBGP).EBGPisprimarilyusedintwodifferent

environments:

-BetweenISPsandtheircustomersInthiscase,

customerIPprefixesareadvertisedthroughBGPtothe

ISPandtheISPadvertisesthemtotheInternet.

However,ISPmightadvertisefullfeedorpartialfeedof

theBGPtableoftheInternetroutestothecustomer.

-BetweendifferentISPsInthiscase,IPprefixesare

advertisedtopeeringISPconnections.Thisishowall

theInternetisgluedtogether.



InternalBGP(IBGP)ABGPsessionbetweentworouters

inthesameASiscalledanIBGPsession.Typically,thisis

betweentwoormorerouters.



InIPnetworkswheremultipleEBGPpeeringoccursat

multipleexit-pointrouterswiththesameordifferent

neighboringAS,itbecomesimperativetomanageIPtraffic

cominginandgoingouttothoseneighboringautonomous

systems.IBGPsolvesthisproblembysharingEBGPfeeds

betweentheexit-pointrouters.IBGPcandictatehowtraffic

willexitthenetwork.Forexample,anexit-pointroutercan

beconfiguredinBGPtosendsometraffictothedirectly

connectedEBGPlinkandthensendtherestofthetrafficto

theremoteIBGPneighbor.Thismanagesbandwidth

requirementsofEBGPlinksandotherbackbonelinks.In

essence,IBGPplaysasignificantroleinlargerouter-based

networkstomanagelinkbandwidthutilization.

Internetexchangepoints(IXP)IXPprovidesaRealStateinwhichmost,ifnotall,ofthebigISPsexchangeBGP

routeswitheachother.

BGPpeeringarrangementInEBGPconnections,thetwo

autonomoussystemsmustagreeonthekindofBGP

peering.Thefollowingarethemostpopularkindsusedin

theInternettoday:

-TransitpeeringSupposethatASAisrunningEBGP

withASB.IfBisconfiguredsothatitwillpassall

InternettrafficfromA,BisatransitproviderofA.

Typically,BwillprovideafullBGPfeedtoA.

-PublicpeeringAnEBGPsessionatIXPiscalled

publicpeering.

-PrivatepeeringAnEBGPsessiononaprivatelink

betweentwoautonomoussystemsiscalledprivate

peering.Itoffloadstrafficfrompublic-peeringlocations

thataretypicallycongested.



DualormultihomingWhenanASrunsmorethanone

EBGPsessionwiththesameordifferentAS,itisconsidered

dualormutlihomedtothatAS.Dual-homednetworksmight

havesingleormultipleroutersintheAS.Thisprovides

redundantconnectionstotheInternetandalsoprovides

loadsharing.

BGPpoliciesTheseareBGPrulesdesignedtopredicthow

BGPinfluencestraffic-flowpoliciescominginorgoingoutof

thenetwork.Policiesareeitherconfiguredoraretakenfrom

thedefaultbehaviorofBGPprotocol.

Administrativedistance(AD)CiscoIOSSoftwareassigns

anADtoeachprotocol.ADhaslocalsignificanceinthe

routerandisnotexchangedwithanyotherrouters.In

CiscoIOSSoftware,EBGPandIBGPhaveanADof20and

200,respectively.Whenaprefixislearnedbytwodifferent

protocolsinthesamerouter,ADdoesthetiebreakingand

thelowerADprefixisinstalledintheIProutingtable.Cisco

IOSSoftwarealsoenablesyoutoreconfigureADvalues

undertheroutingprotocolcommandsetusingthe

distancecommand.

BGPbestpathBydefinitionofRFC1771,BGPmustdecide

onasinglebestrouteoutofmanytoinstallintherouting

table.IfBGPreceivesmultipleadvertisementsfrommultiple

neighborsforthesameprefix,itmustdecideonasingle

bestroutethroughBGPbest-pathselection,discussedlater

inthischapter.ItisthisbestroutethatBGPinstallsinthe

IProutingtableandadvertisestootherBGPneighbors.

HotpotatoAcommonlyusedtermforaBGPpolicythat

governsthattrafficwillexittheASfromtheclosestexitpointrouter.

ColdpotatoAcommonlyusedtermforaBGPpolicythat



governsthattrafficwillbedeliveredthroughthepaththatis

closesttothedestination.Optimalroutingcanbeviewedas

coldpotatorouting.

Figure14-1showsthatASA,C,andDarerunningEBGP

sessionswithASB.RoutersASBnamely,R1,R2,R3,R4,and

R5areshowntorunIBGPwitheachother,andtheyarefully

meshedwitheachother.ASAisdualhomedtoASBfor

redundancyandloadsharing.ASAhasonehigh-bandwidthlink

andonelow-bandwidthlinktoASB.Inaddition,ASBis

providingtransitservicestoASC,andASCalsohasaprivate

peeringsessionwithASD.



Figure14-1.SampleBGPNetwork



Figure14-1providesasimpleviewofanISPBnetwork.All

suchISPsconnectwitheachothertoformthisInternet.These

ISPsmightconnectatIXP,ortheymighthaveprivatepeering

witheachother,likeASCandASDdointhisfigure.



Figure14-1showsthatallautonomoussystemsexceptforASC

mustgothroughASBtoreachothernetworks.ASCmayuse

itsprivatepeeringlinkwithASDforallInternettrafficorsome

othertraffic,dependingonthekindofBGPfeed(fullorpartial)

exchanged.ThekindofBGPfeedfromASDtoASCandlocal

BGPpolicyofCdictateshowtrafficgoesoutoftheCnetwork.

ThisisoneexampleofBGPpolicy.Inanotherexamplefrom

Figure14-1,ASAisdualhomedwithASBbuthasonehighbandwidthlinkandanotherlow-bandwidthlink.ASAmightuse

ahigh-bandwidthlinktoitsfullcapacityandmightnotuselow

bandwidthatall;ASAcanchoosetousealow-bandwidthlink

forsometraffic,andtherestofthetrafficcangoonthebigger

link.AllthesepoliciesandrequirementscanbeservicedbyBGP,

andthatmakesusageofBGPsoimportantandpowerful.



BGP-4ProtocolSpecificationandFunctionality

RFC1771definesthecurrentBorderGatewayProtocol4(BGP4)implementation.BGPreliesonareliabletransport

mechanismtoestablishitsconnectionandforexchanging

informationbetweenBGPpeers.BGPusesTCPport179forthis

purposeandbenefitsfromtheTCPprotocoltoofferreliable

communicationbetweenBGPspeakers.RFC1771describesin

detailtherequirementsofBGPneighborrelationships,BGP

updateformat,errornotifications,andhandlingofspecial

cases.

ProperBGPfunctionalityrequiresproperconfigurationonthe

routersandcorrectimplementationoftheprotocolperRFC

1771.

ThesectionsthatfollowaddresstheseaspectsofBGP:

Neighborrelationships(peering)

Advertisingroutesandtheconceptofsynchronization

Receivingroutes

Best-pathcalculation

Policycontrolthroughthefollowing:

-UseofBGPattributes(LOCAL_PREF,AS_PATH,

MULTI_EXIT_DISC(MED),ORIGIN,NEXT_HOP)

-Useofroutemapsinpolicycontrol

-Useoffilterlistsinpolicycontrol



-Useofdistributelistsinpolicycontrol

-Useofcommunitiesinpolicycontrol

-Useofprefixlist

-Useofoutboundroute-filtering(ORF)capabilityin

policycontrol

-AggregationinBGP

ScalingIBGPinlargenetworks

Routereflectors

Confederations



NeighborRelationships

BGPrequiresaneighborrelationshiptobeestablishedbefore

anyinformationisexchangedbetweenBGPspeakers.BGPdoes

notdynamicallydiscoverroutersinterestedinrunningBGP;

instead,BGPisconfiguredwithaspecificneighborIPaddress.

Likemostotherdynamicprotocols,BGPusesperiodickeepalive

messagestoensureavailabilityofBGPneighbors.

Thekeepalivetimerisonethirdoftheholdtime.Ifthree

consecutivekeepalivemessagesaremissedfromaparticular

BGPneighbor,theholdtimeexpiresandthatneighboris

considereddead.InRFC1771,thesuggestedvalueforthe

holdtimeis90seconds,andthesuggestedvalueforthe

keepalivetimeris30seconds.Thesevaluesarenegotiated

betweenBGPneighborswhentheneighborsfirstcomeup.RFC

1771alsorequiresthat"animplementationofBGPmustallow

thesetimerstobeconfigurable."

WhenBGPisconfiguredwithaneighborIPaddress,itgoes

throughaseriesofstagesbeforeitreachesthedesired

EstablishedstateinwhichBGPhasnegotiatedalltherequired

parametersandiswillingtoexchangeBGProutes.BGPgoes

throughthefollowingstagesofneighborrelationship,perRFC

1771:

1. IdleNoBGPresourcesareallocatedinIdlestate,and

noincomingBGPconnectionsareallowed.

ConnectBGPwaitsforaTCPconnectiontobecompleted.If

successful,theBGPstatemachinemovesintoOpenSentstate

aftersendingtheOPENmessagetothepeer.Failureinthis

statecouldresultineithergoingintoActivestateorConnect

state,orrevertingbacktoIdlestate,dependingonthefailure

reasons.



ActiveInthisstate,aTCPconnectionisinitiatedtoestablish

aBGPpeerrelationship.Ifsuccessful,BGPsendsitsOPEN

messagetothepeerandmovestoOpenSentstate.Failurecan

resultingoingtotheActiveorIdlestates.

OpenSentAftersendinganOPENmessagetothepeer,BGP

waitsinthisstatefortheOPENreply.

Ifasuccessfulreplycomesin,theBGPstatemovesto

OpenConfirmandakeepaliveissenttothepeer.Failurecan

resultinsendingtheBGPstatebacktoIdleorActive.

OpenConfirmTheBGPstatemachineisonestepawayfrom

reachingitsfinalstate(Established).

BGPwaitsinthisstateforkeepalivesfromthepeer.If

successful,thestatemovestoEstablished;otherwise,thestate

movesbacktoIdlebasedontheerrors.

EstablishedThisisthestateinwhichBGPcanexchange

informationbetweenthepeers.Theinformationcanbe

updates,keepalives,ornotification.

Figure14-2highlightsasimpleBGPstatemachinethatruns

whileBGPisinoperation.Somedetailsareleftoutfor

simplicity.RefertoRFC1771foramoredetailedexaminationof

theBGPstatemachineoperation.



Figure14-2.BGPStateMachine



ExternalBGPNeighborRelationships

ThissectionexplainsasampleconfigurationofEBGPsessions.

InFigure14-3,R1andR2belongtodifferentautonomous

systems109and110,respectively.



Figure14-3.ExternalBGPNeighborRelationship

Example



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 14. Understanding Border Gateway Protocol Version 4 (BGP-4)

Tải bản đầy đủ ngay(0 tr)

×