new ios features for isps -...

1ISP/IXP Workshops © 1999, Cisco Systems, Inc.

New IOS Features forISPs

New IOS Features forNew IOS Features forISPsISPs

ISP/IXP WorkshopsISP/IXP WorkshopsISP/IXP Workshops


Advanced IOSFeatures

Advanced IOSAdvanced IOSFeaturesFeatures

2ISP/IXP Workshops © 1999, Cisco Systems, Inc. www.cisco.com


IP MAC accountingIP MAC accounting

• Calculate total packet counts and bytecounts for a LAN interface whichreceives/sends IP packets from/to eachunique MAC address

• Record a timestamp for the last packetreceived/sent for each unique MACaddress

• Available only on ethernet, FastEthernetand FDDI

• Available from 11.1(19)CC


IP MAC AccountingIP MAC Accounting

• Use command ip accounting mac{input | output} to enable

• show interface <interface> mac

Example:Ethernet0/1/3 Input (511 free) 0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 20512ms ago Total: 9 packets, 1026 bytes Output (510 free) ffff.ffff.ffff(0 ): 16 packets, 960 bytes, last: 58108ms ago 0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 21060ms ago Total: 25 packets, 1986 bytes


IP MAC accounting - IP MAC accounting - the finethe fineprintprint

• Fast Ether Channel supported

• 512 mac address per interface perdirection(input or output)

• Support fast/optimum/flow/CEFswitching


IP Precedence AccountingIP Precedence Accounting

• Calculate the total packet counts and bytecounts for an interface which receives/sendsIP packets, and sorts out the results based ondifferent IP precedence

• 8 precedence levels

• Supported on any interface and sub-interface

• Switching mode supported:CEF/DCEF/Flow/Optimum


IP Precedence AccountingIP Precedence Accounting

• Use command ip accountingprecedence {input | output} to enable

• show interface <interface> precedence

Example:Ethernet0/1/3 Input Precedence 0: 9 packets, 1026 bytes Output Precedence 0: 9 packets, 1026 bytes Precedence 6: 16 packets, 960 bytes


RPF - Reverse PathRPF - Reverse PathForwardingForwarding

• Check source IP address of incomingpackets to see that the return path is via thesame interface as the one the packet hadarrived on

• Prevent an ISP from being used as a launchsite of a SMURF attack

To Internet

Customer Incoming packets

10/8 -> S020/8 -> S1

Router A’s routing table

AS0 S1Src IP 10.1.1.1

Src IP 20.1.1.1


RPFRPF

• Compatible with both per-packet and per-destination load-sharing

• Minimal CPU overhead and operates a fewpercent less than CEF rates

• Best used at the edge of the network forcustomer network terminations where routing issymmetric

• CEF switching or CEF distributed switchingneeds to be enabled on the router


RPFRPF

• Enable by ip verify unicast reverse-pathinterface subcommand

• To see the number of discard packets due toRPF

show ip traffic

• Supported in 11.1(17)CC on the RSP7000,7200 and 7500

• Not supported in 11.2 or 11.3 but issupported in 12.0


Advanced BGPFeatures

Advanced BGPAdvanced BGPFeaturesFeatures



BGP Policy PropagationBGP Policy Propagation

• Conveys IP precedence to be used inforwarding to specified destination prefixvia BGP community tag

• Allows ingress routers to prioritiseincoming traffic

• Also allows IP precedence setting based onAS-path attribute or access list

• Inter-ISP Service Level Agreements (SLAs)


BGP Policy PropagationBGP Policy Propagation(Continued)(Continued)

• Mapping a BGP prefix/community/as-pathinto a precedence value

It is done when a prefix is added from BGP tableinto IP routing table

This precedence value is moved fromrouting table to CEF table

The precedence value in the CEF table is usedto set on the packet and executing otherfunctions in the core


Prefix 210.210.1.0/24 Community 210:5

BGP Policy PropagationBGP Policy Propagation(Continued)(Continued)

iBGP Peers

ServiceProvider

AS

210.210.1.0/24

R1 R2

Prefix Next-hop Precedence

210.210.1.0/24 h0/0/0 5

210.210.2.0/24 h0/0/0 0

FIB Table

IP HeaderData

Src Addr: x.x.x.x

Dest Addr: 210.210.1.1

IP Precedence: 5

TrafficSource

PremiumCustomer


BGP Policy Propagation—BGP Policy Propagation—Sample ConfigurationSample Configuration

R2#write term

!router bgp 210 neighbor 210.210.14.1 remote-as 210 neighbor 210.210.14.1 route-map commcomm-relay--relay-precprec out neighbor 210.210.14.1 send-communitysend-community!ip bgp-community new-format!ip prefix-list premium permit 210.210.1.0/24!route-map commcomm-relay--relay-precprec permit 10 match ip address prefix-list premium set community 210:5!route-map commcomm-relay--relay-precprec permit 20 set community 210:0!



R1#write term!router bgp 210 table-map precedence-maptable-map precedence-map neighbor 200.200.14.4 remote-as 210 neighbor 200.200.14.4 update-source Loopback0!ip bgp-community new-formatip bgp-community new-format!ip community-list 1 permit 210:5!route-map precedence-map permit 10 match community 1 set ip precedence 5set ip precedence 5!route-map precedence-map permit 20 set ip precedence 0set ip precedence 0!


Configuring BGP PolicyConfiguring BGP PolicyPropagationPropagation

• Configuring BGP policypropagation

[no] bgp-policy ip-[no] bgp-policy ip-precprec-map-map



!int hssi0/0/0 ip address 210.210.2.1 255.255.255.252 bgp-policy ip-bgp-policy ip-precprec-map out-map out!


BGP Policy PropagationBGP Policy Propagation Inter-AS Inter-AS

AS200 AS210

R1 R2

Prefix Community

210.210.1.0/24

210.210.2.0/24

210.210.3.0/24

200:5

200:4

200:0


BGP Policy PropagationBGP Policy Propagation AS-Path AS-Path

!router bgp 210 table-map as-path-precedence-map neighbor “R1” remote-as 200!ip as-path access-list 101 permit ^200$!route-map as-path-precedence-map match ip as-path 101 set precedence 3!interface hssi/0/0/0 bgp-policy ip-prec-map!

AS200 AS210

R1 R2


BGP extensionsBGP extensionsOPEN MessageOPEN Message

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+ | Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | My Autonomous System | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Hold Time | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BGP Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Opt Parm Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Optional Parameters | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Capabilities NegotiationCapabilities NegotiationCapabilities Negotiation

• Allows for theadvertisement ofcapabilities (type 2)

• Backwards Compatible

new error subcodeintroduced to indicatewhich capabilities are notsupported - the sessionmust be reset

• Documented in RFC2842

+------------------------------+| Capability Code (1 octet) |+------------------------------+| Capability Length (1 octet) |+------------------------------+| Capability Value (variable) |+------------------------------+


Capabilities NegotiationCapabilities NegotiationCapabilities Negotiation

• Current Capabilities

1 Multiprotocol

128 Route Refresh

129 Outbound Route Filter


Route Refresh CapabilityRoute Refresh CapabilityRoute Refresh Capability

• Facilitates non-disruptive policychanges

• No configuration is needed

• No additional memory is used

• clear ip bgp x.x.x.x [soft] in


Outbound Route FilterCapability

Outbound Route FilterOutbound Route FilterCapabilityCapability

• Allows for the use of the neighbour’sinbound prefix-list as part of the localoutbound policy (currently only forIPv4 unicast NLRI)

reduces the number of updates

5 sec. delay after session is establishedbefore updates are sent

incremental updates not currentlysupported


Outbound Route FilterCapability

Outbound Route FilterOutbound Route FilterCapabilityCapability

• By default, this capability is notadvertised to any neighbor

neighbor x.x.x.x capability prefix-filter

Can’t be applied a to a peer-group or oneof its members.


MP_REACH_NLRI AttributeAddress Family Identifier (2 Octets)Address Family Identifier (2 Octets)

Subsequent Address Family Identifier (1 Octet)Subsequent Address Family Identifier (1 Octet)

Length of Next Hop Network Address (1 Octet)Length of Next Hop Network Address (1 Octet)

Network Address of Next Hop (Variable)Network Address of Next Hop (Variable)

Number of First SNP As (1 Octet)Number of First SNP As (1 Octet)

Length of First SNP A (1 Octet)Length of First SNP A (1 Octet)

Length of First SNP A (1 Octet)Length of First SNP A (1 Octet)

First SNP A (Variable)First SNP A (Variable)

……

Length of Last SNP A (1 Octet)Length of Last SNP A (1 Octet)

Last SNP A (Variable)Last SNP A (Variable)

Network layer Reachability Information (Variable)Network layer Reachability Information (Variable)

Multiprotocol Extensions -rfc2283

Multiprotocol Extensions -Multiprotocol Extensions -rfc2283rfc2283


Address Family IdentifiersAddress Family IdentifiersAddress Family Identifiers

• Address Family Identifier - rfc17001 IPv4

2 IPv6

8 E.164

• Sub-AFI (for IPv4)1 Unicast

2 Multicast

3 Unicast + Multicast


Multiprotocol Extensions IMultiprotocol Multiprotocol Extensions IExtensions I

• mBGP

used to propagate multicast sourceinformation

• The different NLRI types allow fordiverging topologies

the NEXT_HOP information is different


MBGP OverviewMBGP OverviewMBGP Overview

• MBGP: Multiprotocol BGP(aka Multicast BGP in Multicast networks)

Defined in RFC 2283 (Extensions to BGP)

Can carry different types of routes Unicast Multicast

Both routes carried in same BGP Session

Does NOT propagate multicast state info

Same path selection & validation rules

AS-Path, LocalPref, MED, …



• New Multiprotocol Attributes MP_REACH_NLRI

MP_UNREACH_NLRI

• MP_REACH_NLRI & MP_UNREACH_NLRI

Address Family Information (AFI) = 1(IPv4)

Sub-AFI = 1 (NLRI is used for unicast)

Sub-AFI = 2 (NLRI is used for multicast RPF check)

Sub-AFI = 3 (NLRI is used for both unicast and multicast RPF check)



• Separate BGP tables maintained

Unicast RRouting IInformation BBase (RIB)

MMulticast RRouting IInformation BBase (MRIB)

• RIB

Contains unicast prefixes for unicast forwarding

Populated with BGP unicast NLRI: AFI = 1, Sub-AFI = 1 or 3

• MRIB

Contains unicast unicast prefixes for RPF checking

Populated with BGP multicast NLRI: AFI = 1, Sub-AFI = 2



• MBGP allows different unicast and multicasttopologies and different policies

Same IP address may have differentsignification

Unicast routing information Multicast RPF information

For same IPv4 address two different NLRI withdifferent next-hops

Can use existing or new BGP peering topologyfor multicast


Multiprotocol Extensions IIMultiprotocol Multiprotocol Extensions IIExtensions II

• MPLS VPN

used to carry both intra and inter VPNrouting information

• New AFI == VPN-IPv4

• NLRI format for VPN addressesTag

VPNID (32 bits)

Prefix (variable length, 0 - 32 bits)


Extended CommunityAttribute

Extended CommunityExtended CommunityAttributeAttribute

• Extended range8 octets

• Structuretype:value

type is 2 octets - 0-32767 from IANA, the rest arevendor specific

value is 6 octets of the form AS:xxxx

• Same functionality as existing attributedraft-ramachandra-bgp-ext-communities-02

Sept 1999

new ios features for isps -...

Documents