Tải bản đầy đủ - 0 (trang)
Chapter 5. Border Gateway Protocol and Enterprise Routing Policy

Chapter 5. Border Gateway Protocol and Enterprise Routing Policy

Tải bản đầy đủ - 0trang

operatorsthathasasingle,clearlydefinedroutingpolicy.

BGPisapath-vectorroutingprotocolthatreliesonthe

uniquenessofASpathnumbersforloopprevention.Rather

thanadvertisingasimplevector(prefix),asinthecaseofthe

RoutingInformationProtocol(RIP),BGP'sreachability

informationisaprefixwithassociatedattributesthatdescribe

thepathtothatprefix.Therichsetofsupportedattributesin

turnallowsforanequallyrichsetofpolicyactions.

BGPissomewhatuniqueinthatitusesareliableTransmission

ControlProtocol(TCP)-basedtransportforitscontroland

updatemessages.Reliabletransportmeansthereisnoneedfor

periodicrouteupdates,whichisreally,reallygood,considering

thatafullBGPtabletypicallycomprisesmorethan220,000

routes!BGPdoesgenerateperiodickeepalivetrafficinthe

absenceofrouteupdateactivitytoensurethattheunderlying

TCPtransportisstillfunctional.

BGPversion4hasbeeninuseformorethantwodecades,with

thecurrentversion(BGP4)originallydefinedinRFC1654back

in1994.ThisRFCwasobsoletedbyRFC1771,whichinturn

wasobsoletedbythecurrentspecification,RFC4271.Thefact

thatBGPstillenjoysagrowingdeploymentbase,withno

replacementloomingonthehorizon,isatestamenttothe

architects'forward-thinkingdesign.BGPisbasedontheuseof

parametertype,parameterlength,andparametervaluetuples

(sometimescalledtaglengthvalues,orTLVs).ItistheseTLVs

thatprovidetheinherentextensibilitywithouttheneedfor

significantprotocolchanges.YouwantIPv6addressfamily

support?Simple;justdefineanewnetworklayerreachability

information(NLRI)attribute.Youneedroutereflection?No

problem;addsomenewattributestocommunicateclusterand

originatorIDinformation.Meanwhile,thebasicoperationand

protocolmechanismsremainunalteredand,inmanycases,

backward-compatible.



5.1.1.Inter-ASRouting



Inseveralregards,youcanthinkofBGPastheantithesisofan

InteriorGatewayProtocol(IGP).Forexample,anIGPfunctions

withinanASandstrivestopromoteconnectivity,whereasa

BGPoperatesbetweenASsandtendstolimitconnectivity.That

lastpointmayrequireabitmoreclarification.AnIGPnormally

activelyseekstodiscoverroutingpeers(neighbordiscovery).

Oncetheneighborsarefound,routesareexchangedand

connectivityispromotedbyvirtueofalwaysseekingthebest

pathbetweenendpoints.BGP,ontheotherhand,hastobe

explicitlytoldwhichneighborstopeerwith,andthentheuseof

administrativepolicyisusedtofilterandmodifyrouting

informationtoselectthe"best"routethatmeetsthenetwork

operator'sdefinedpolicy.Thewordbestisquotedherebecause

whenroutingbetweenASs,theconceptofwhatconstitutesa

bestpathiscloudyatbest.Forexample,acompanymay

choosetofilterlargeportionsofBGPconnectivityfrombest

pathconsideration,basedsolelyonalocalpolicythatdoesnot

allowtheuseofaspecificcompetitor'sbackbone.Exactlywhy

suchapolicyisinplaceisnotthequestion,althoughmany

goodanswersspringtomind,includingpotentialconcernsof

corporateespionage.ThepointhereisthatwithBGP,youare

normallyasconcernedaboutrestriction/ignoringrouting

informationasyouareaboutreceivingitinthefirstplace.The

IGPisfocusedongettingyouthere,whereasBGPismore

concernedwithhowyougetthere.

Figure5-1illustratesasimpleinterdomainroutingscenario,

whereeachASisrepresentedbyacloud.Thecloudis,of

course,theuniversalsymbolfor"don'task,don'ttell."Thisisto

saythatspecificsofeachASarelefttotheadministratorsof

thatnetworkandaregenerallynotknownoutsideofthatscope.

Itmightbepossibleforatransitnetworktodeployanavianbasedtransporttechnology,asperRFC1149;[2]aslongasthey

meettheirservicelevelagreements(SLAs),thedetailsofhow

theymanagetopullitoffaretypicallynotamatterofconcern.

[2]RFC1149isoneofthemorenotorious"lessthanserious"RFCs,asindicated



byitsApril1publicationdate.



Figure5-1.InterdomainroutingwithBGP



BGPoperatesonthelinksthattiethesenetworkstogether,in

effectservingasthepublicfaceofeachnetwork.TheBGP

speakersineachASadvertisenetworkreachabilitytotheASs

theyareconfiguredtopeerwith,undertheconfinesoftheir

specificexportpolicy.Inlikefashion,eachBGPspeakerfilters

receivedinformationthroughitsrespectiveimportpolicybefore

placingwhatremainsintoitsroutetableforconsiderationfor

theactiverouteselectionprocess.Figure5-1showsthat

ProviderD'spolicypreventstheadvertisementofthe

10.0.20/24prefixfromSite2toProviderA.ProviderAwillhave

toreceivetheSite2prefixfromProviderB.Asaresult,thetwo

customersiteswillbeforwardingoveradditionalAShopsto

reacheachother.ThispointhelpstodemonstratethatforBGP,

connectivityisasmuchamatterofpoliticsasitisperformance.



5.1.2.BGPRouteAttributes

BGPadvertisesroutereachability(NLRI),alongwithvarious

attributesthatdescribethepathtothatprefix.ThetermsNLRI,

route,andprefixaresynonymousandareusedinterchangeably

inthischapter.ThissectiondescribeskeyBGPpathattributes.

Policydiscussionslaterinthischapterrequirethatyou

understandwhattheseattributesdoandhowyouworkwith

themtoachieveyourroutinggoals.



AllBGProuteattributesfallintooneofthefollowingcategories

basedonwhetherallBGPspeakersareexpectedtounderstand

theattributeandwhethertheattributehaslocal-ASorend-toendscope:



Well-knownmandatory

Awell-knownmandatoryattributemustbesupportedbyall

BGPspeakersandmustbepresentinallBGPupdatesthat

containanNLRI.



Well-knowndiscretionary

Awell-knowndiscretionaryattributemustbesupportedby

allBGPspeakersandmayormaynotbepresentinagiven

NLRIupdate.



Optionaltransitive

Anoptionaltransitiveattributeisanoptionalattributethat

maynotbeunderstoodbyallspeakersandisexpectedto

transitthelocalAS,evenifitisnotunderstoodbythelocal

speaker.



Optionalnontransitive

Anoptionalnontransitiveattributeisanoptionalattribute

thatmaynotbeunderstoodbyallspeakersanddoesnot

transitthelocalAS—thatis,itisnotreadvertisedto

another,remoteAS.

CommonBGPpathattributesinclude:



Nexthop

ThenexthopisamandatoryattributethatcarriestheIP

addressofaBGPspeaker(orathirdpartywhenpermitted)

toidentifywherepacketsshouldbeforwardedwhenusing

theassociatedroute.Thenexthopischangedbydefaultfor

EBGPandisunchangedforInternalBGP(IBGP);however,

thisdefaultbehaviorcanbealteredwithpolicy.



Localpreference

Localpreferenceisawell-knowndiscretionaryattribute

usedtoinfluenceBGPpathselectionwithregardtothe

desiredegresspointfortrafficfromwithinanAS.Traffic

flowstowardthepeeradvertisingthehighest(most

preferred)localpreference.Localpreferenceispresentonly

inIBGPupdates(nontransitive).



ASpath

ThemandatoryattributeASpathliststheASnumbersthat

willbecrossedwhenforwardingtotheassociatedNLRI.The

ASpathattributeisusedforlooppreventionandinfluences

pathselectioninaccordancewiththemotto"thefewerASs

inapath,thebetter."EachASaddsitsASnumbertothe

frontofthecurrentASsequencewhengeneratingEBGP

updates;thelackofupdatedASpathinformationinIBGP

updatesiswhyIBGPspeakersarenotpermittedto

readvertiserouteslearnedfromIBGPbacktootherIBGP

speakers.Bydefault,BGPdiscardsanyrouteadvertisement

thatcontainsitslocalASnumberintheASpath,because

thisindicatesthattheroutehasalreadypassedthroughthe

localASonce;thatis,aloophasformed.



Origin

Theorigincodeisawell-known,mandatoryattributethat

identifiestheoriginalsourceofarouteasbeinglearned

fromanIGP,EGP,orunknownsource.Inrouteselection,a

BGPspeakerwillpreferIGPtoEGP,andEGPtounknown.

Originispresentinallrouteupdatesandissubjectto

modificationwithpolicy(transitive).



Multipleexitdiscriminator

Themultipleexitdiscriminator(MED)attributeisan

optional,nontransitiveattribute,whichmeansthatsome

BGPspeakersmaynotunderstandoruseMED.MEDis

addedonupdatessentoverEBGPlinks,andisthen

advertisedbyIBGPwithinthereceivingAStoinfluenceits

outboundrouting.However,theMEDattributedoesnot

transitbeyondtheASintowhichitwasoriginallyadvertised

—BGPspeakersinupstreamASseitherreceivenoMEDor

receiveanewMEDvaluecreatedbythatpeeringAS.

MEDfunctionslikeaconventionalroutingmetricinthat

speakersprefertheroutewiththelowestMEDwhenall

precedingdecisionpointsareequal.TheMEDadvertisedby

theoriginatingAStoanadjacentASprovidesacluetothe

adjacentASregardingwhatlinksshouldbeusedforegress

fromtheneighborASbacktowardtheoriginatingAS,and

thereforewhatlinksareusedasingresstothelocalAS.

Stateddifferently,theMEDisusedbythelocalASto

influencetheroutingdecisionsinanadjacentASfortraffic

thatisinboundtothelocalAS.Whenabsent,JUNOS

softwareassumesanMEDvalueof0,whichisthemost

preferredsetting.Incontrast,theabsenceofalocal

preferenceisassumedtobeavalueof100.



Community



Thecommunityattributeallowsforthearbitrarygroupingof

routesthatshareoneormorecharacteristicsviathe

additionofacommoncommunitytagvalue.Thecommunity

tagscanbeusedforavarietyofpurposes,suchasroute

filteringandattributemodification.Forexample,allroutes

learnedfromcustomersmaybeassignedthecommunity

valueof65000:100.Whenthiscommunityisseenona

route,thelocalpolicywillsetamorepreferredlocal

preference.Asanotherexample,considerthewell-known

community,no-export.Whenattachedtoaroute,this

communitytellstheadjacentASthattheassociatedroute

shouldnotbereadvertisedtoanyremoteASs.



5.1.3.BGPPathSelection

ABGPspeakerthatispresentedwithtwoormoreupdates,

specifyingthesameprefix,performsarouteselectionprocess

toselectthebestBGPpathforthatprefix.Oncethebestpathis

selected,therouteisinstalledintheroutetable,whereitmay

becomeactiveifthesameprefixisnotbeinglearnedbya

protocolwithabetterglobalpreference.TheJUNOSsoftware

BGPpathselectionprocessconsistsofthefollowingdecision

steps:

1. CantheBGPnexthopberesolved?

2. Preferthepathwiththehighestlocalpreferencevalue.

3. PreferthepathwiththeshortestAS-pathlength.

4. Preferthepathwiththelowestoriginvalue.

5. PreferthepathwiththelowestMEDvalue.

6. PreferthepathlearnedusingEBGPoverpathslearned

usingIBGP.

7. PreferpathswiththelowestIGPmetric:

a. Examineroutetablesinet.0andinet.3forthe



BGPnexthop,andtheninstallthephysicalnext

hop(s)fortheroutewiththebetterpreference.

b. Forpreferenceties,installthephysicalnext



hop(s)foundininet.3.

c. Forpreferencetieswithinthesameroutetable,



installthephysicalnexthop(s)wherethe

greaternumberofequal-costpathsexists.

8. Preferpathswiththeshortestclusterlength.

9. PreferroutesfromthepeerwiththelowestrouterID(RID),

unlessmultipathisenabled:

a. ForexternalroutesfromdifferentASs,donot



altertheactiveroutebasedonthelowestRIDto

preventMEDoscillation.

10. PreferroutesfromthepeerwiththelowestpeerID(BGP

peeringaddress),unlessmultipathisenabled.

Configuringthemultipathoptiondeactivatesthelasttwo

decisionpoints,whicharenormallyusedastiebreakers.When

multipathisenabled,allpathsthatareequaluptostep9are

installedintheroutetable.MultipathsupportsEBGPandIBGP,

butisnormallyassociatedwithEBGPsessionsbecauseIBGPwill

oftenachieveitsload-balancingfunctionalitythroughthe

underlyingIGPwhenequalcostpathstotheIBGPspeaker

exist.UsemultipathforIBGPwhentwoormoreIBGPspeakers

advertisethesameprefixandyouwishtoinstallbothspeakers

asviablenexthops.

Figure5-2demonstratestheBGPpathselectionprocessat

work.

Figure5-2.BGPpathselection



Here,NLRI10.0.20/24isoriginatedintoBGPbyAS65000.

NotethatwhenadvertisedtoASs65010and65069,thisNLRI

isassociatedwithanASpathattributethatconsistsofasingle

ASandhasanoriginvalueof"I"indicatingIGPlearned.This

valuecouldbeadefaultvalueforredistributionofstaticroutes

intoBGPortheresultofpolicysetting.TheNLRIisthen

readvertisedintoAS65069byAS65010.Initially,routersR1

andR2prefertheirlocalcopyofthispath,sobothR1andR2

selectitasactiveandadvertisetheNLRItoallIBGPpeers,

whichmeansthatR3receivestwoupdatesforthesamepath.

Inthisexamplepolicy,R2causestheroutetobesentintoIBGP

withamodifiedlocalpreferencevalueof80.Alsonotethatthe

routereceivedfromAS65010hasanASsequencethatisone

ASlongerthantheroutesenttoR2directlyfromAS65000.

Runningthroughthepathselectionprocessstepslisted

previously,it'ssafetoassumethatR3willmakeadecision



earlyintheprocess,preferringthecopyoftheroutewitha

defaultlocalpreferenceof100.Hadbothlocalpreference

valuesbeenthesame,theselectioncriterionwouldnow

becometheshortestASpathlength,resultinginR3forwarding

throughR2.NotethatR1andR2willalsosendtheir10.0.20/24

updatestoeachother.ThismeansthatR2prefersthepath

throughR1,andthereforenowsendsanotherupdatetoR1and

R3,withdrawingitsearlierIBGPupdatefor10.0.20/24.The

examplealsohelpstodemonstratehowlocalpreferenceisused

toinfluencetheegresspointinthelocalAS.

JUNOSsoftwareisdesignedtodisplayallvalidBGPpaths,and

evenincludesthereasonwhyagivenpathwasnotselected.

Thisgreatlysimplifiesthenetworkadministrator'sjobwhenthe

goalistomakeacurrentlyinactivepaththeactivepath;policy

canbeappliedtoalterthecriterionthatleadstotheoriginal

pathbeingpreferred.Here'stheoutputfromashowroute

detailcommand,toillustratethispoint:

CodeView:



user@host>showroute10.0.20/24detail

inet.0:52destinations,94routes(52active,0holddown,0hi

10.0.20.0/24(3entries,1announced)

*BGPPreference:170/-201

Source:192.168.32.1

Nexthop:10.222.28.2viafe-0/0/0.0,selected

Protocolnexthop:192.168.32.1Indirectnexth

858b4e073

State:

LocalAS:65069PeerAS:65069

Age:18:57Metric2:3

Task:BGP_65432.192.168.32.1+1042

ASpath:6500065010I

Localpref:100

RouterID:192.168.32.1

BGPPreference:170/-101

Source:10.222.29.2



Nexthop:10.222.29.2viage-0/1/0.0,selected

State:

Inactivereason:LocalPreference

LocalAS:65069PeerAS:65069

...

Localpref:80

























Fromthesampleoutput,itisquiteclearthatbecauseofthe

localpreferencecomparison,thepaththrough192.168.32.1is

preferred.KnowingthatthisBGProutewasnotchosendueto

thelocalpreferencevaluemakesitarelativelysimpletaskto

changetheselectionofthepaththrough192.168.32.1by

settingitspreferencetobehigherthan100.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 5. Border Gateway Protocol and Enterprise Routing Policy

Tải bản đầy đủ ngay(0 tr)

×