zebra/quagga routing suite zebra/quagga routing suite anura abayaratne mtt network - sri lanka...
TRANSCRIPT
Zebra/Zebra/QuaggaQuagga Routing Suite Routing Suite
Anura AbayaratneAnura AbayaratneMTT Network - Sri LankaMTT Network - Sri Lanka
[email protected]@iee.org
APRICOT 2006APRICOT 2006
2222ndnd Feb – 3 Feb – 3rdrd Mar 2006 Mar 2006
Perth Western AustraliaPerth Western Australia
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 22
AgendaAgenda
OverviewOverview InstallationInstallation Basic commandsBasic commands Setting up BGPSetting up BGP FilteringFiltering
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 33
What is a routing daemon?What is a routing daemon?
Software running on serverSoftware running on server It maintains Routing InformationIt maintains Routing Information
Server
+ Daemon
Router
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 44
Routing daemonsRouting daemons
– – Low-cost solution Low-cost solution
– – Expertise required for set-upExpertise required for set-up
– – Lack of supportLack of support Commercial routersCommercial routers – – Pricy Pricy
– – Better performanceBetter performance
– – Fully supportedFully supported
Routing daemonsRouting daemons
– – Low-cost solution Low-cost solution
– – Expertise required for set-upExpertise required for set-up
– – Lack of supportLack of support Commercial routersCommercial routers – – Pricy Pricy
– – Better performanceBetter performance
– – Fully supportedFully supported
Daemons vs. commercial RoutersDaemons vs. commercial Routers
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 55
• Zebra Zebra http://www.zebra.orghttp://www.zebra.org
• Quagga Quagga http://www.quagga.nethttp://www.quagga.net
First daemonFirst daemon Wide support: RIP,OSPF,BGPWide support: RIP,OSPF,BGP Certain VulnerabilitiesCertain Vulnerabilities
Based on ZebraBased on Zebra Wide support: Wide support:
RIP,OSPF,BGP,ISISRIP,OSPF,BGP,ISIS Development librariesDevelopment libraries
Routing DaemonsRouting Daemons
OverviewOverview
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 77
OverviewOverview Distributed under the GNU General Public License Zebra is a routing software package that provides
TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+
Support BGP Route Reflectors and Route server behavior
IPv6 Routing protocols Zebra has interactive user interface for each
routing protocol and supports common client commands.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 88
About ZebraAbout Zebra Act as a dedicated serverAct as a dedicated server Exchange routing information with other routers using routing Exchange routing information with other routers using routing
protocolsprotocols Uses these information to update kernel routing table so that right Uses these information to update kernel routing table so that right
data goes to the right place.data goes to the right place. Can dynamically change the configuration and you may view Can dynamically change the configuration and you may view
routing table from Zebra terminal interfacerouting table from Zebra terminal interface If the network is small, Configuring Zebra is very easy : setup If the network is small, Configuring Zebra is very easy : setup
interfaces, Add static routes and/or default routesinterfaces, Add static routes and/or default routes If the network is rather large or structure change frequently, you If the network is rather large or structure change frequently, you
may need to setup Zebra dynamic routing protocol : RIP,OSPF or may need to setup Zebra dynamic routing protocol : RIP,OSPF or BGP.BGP.
Support unicast routing protocols.Support unicast routing protocols. Zebra has different system administration mode : Normal mode Zebra has different system administration mode : Normal mode
and Enable modeand Enable mode Unix account independent feature will be great help to the router Unix account independent feature will be great help to the router
administrator.administrator.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 99
System Architecture DiagramSystem Architecture Diagram
bgpdospfd ripd
zebra
Unix Kernel Routing Table
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1010
How Zebra/Quagga worksHow Zebra/Quagga works Collection of several daemons that work together Collection of several daemons that work together
to build the routing table. (protocol specific to build the routing table. (protocol specific routing daemons: routing daemons: ripd,ospfd,bgpdripd,ospfd,bgpd + kernel + kernel routing manager: routing manager: zebradzebrad))
Zebra daemon is an IP routing manager. It provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.
Each daemon has its own configuration file– For example, Static route – in zebrad configuration file– BGP – in bgpd configuration file
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1111
Supported PlatformSupported Platform
Linux 2.2.x and higher FreeBSD 4.x and higher NetBSD 1.6 and higher OpenBSD 2.5 and higher Solaris 2.6 and higher
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1212
How to get Zebra/QuaggaHow to get Zebra/Quagga
http://www.zebra.org/http://www.zebra.org/ http://www.quagga.net/http://www.quagga.net/
InstallationInstallation
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1414
StepsSteps
There are three steps for installing There are three steps for installing the software :Configuration, the software :Configuration, Compilation, InstallationCompilation, Installation
First unzip/extract the softwareFirst unzip/extract the softwaregzip –d zebra-0.95a.tar.gzgzip –d zebra-0.95a.tar.gztar –xvf zebra-0.95a.tartar –xvf zebra-0.95a.tarcd zebra-0.95acd zebra-0.95a
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1515
Configure the softwareConfigure the software
Zebra can detect the most host Zebra can detect the most host configuration automatically. There configuration automatically. There are additional configuration optionsare additional configuration options
%./configure --help%./configure --help– eg. eg.
%./configure %./configure %./configure –-prefix=/home/zebra%./configure –-prefix=/home/zebra %./configure –disable-ripd%./configure –disable-ripd
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1616
Build the SoftwareBuild the Software After configuring the software, you After configuring the software, you
will need to compile it for your will need to compile it for your systemsystem
Issue the command Issue the command makemake in the root in the root of the source directory.of the source directory.
%make%make
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1717
Install the SoftwareInstall the Software
copying the compiled programs and supporting files to a standard location.
issue the following command at your shell prompt: make install.
%make install default working directory: default working directory:
/usr/local/bin and /usr/local/etc/usr/local/bin and /usr/local/etc
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1818
Install the Software Contd…Install the Software Contd… Zebra daemons have their own terminal interface
or VTY. After installation, you have to setup each beast’s port number to connect to them. Please add the following entries to‘/etc/services’.
zebrasrv 2600/tcp # zebra servicezebra 2601/tcp # zebra vtyripd 2602/tcp # RIPd vtyripngd 2603/tcp # RIPngd vtyospfd 2604/tcp # OSPFd vtybgpd 2605/tcp # BGPd vtyospf6d 2606/tcp # OSPF6d vty
Additionally for Quaggaospfapi 2607/tcp # ospfapiisisd 2608/tcp # ISISd vty
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 1919
Access the RouterAccess the Router Telnet to the port
– telnet <ipaddress> 2601ports on zebra
2601 # zebra vty2602p # RIPd vty2603 # RIPngd vty2604 # OSPFd vty2605 # BGPd vty2606 # OSPF6d vty
Additionally quagga support:2607 # ospfapi2608 # ISISd vty
Use VTY shellUse VTY shell– To use vtysh, specify —enable-vtysh to configure script.– Username stored in vtysh.conf file.
username testuser nopassword
Basic Commands Basic Commands
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2121
Config CommandsConfig Commands
Command common to all routing protocolCommand common to all routing protocol
Config command are generally found in Config command are generally found in /usr/local/etc/*.conf or path specified in -–/usr/local/etc/*.conf or path specified in -–prefix option prefix option (eg. /home/zebra/etc/*.conf)(eg. /home/zebra/etc/*.conf)
The daemon name + `.conf` is the default config The daemon name + `.conf` is the default config file name file name (eg. /home/zebra/etc/zebra.conf)(eg. /home/zebra/etc/zebra.conf)
Config file can be specified using Config file can be specified using –f–f or – or –config_fileconfig_file options when stating the daemon options when stating the daemon (eg. (eg. /home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)/home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2222
Basic Config CommandsBasic Config Commands
hostname hostname - Set hostname of the router.
password password - Set password for vty interface. If there is no password, a vty won’t accept connections.
enable password password -Set enable password.
log stdout - Set logging output to stdout. no log stdout -
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2323
Basic Config Commands….Basic Config Commands….
log file filename - If you want to log into a file please specify filename as follows.
(eg. log file /usr/local/etc/bgpd.log log syslog - Set logging output to
syslog. no log syslog
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2424
Basic Config Commands…Basic Config Commands…
write terminal - Displays the current configuration to the vty interface.
show running-config write file - Write current
configuration to configuration file. copy running-config startup-config configure terminal -Change to
configuration mode. This command is the first step to configuration.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2525
Basic Config Commands…Basic Config Commands… who, list – List commandwho, list – List command service password-encryption – Encrypt
password show version - Show the current version of
the Zebra and its build host information. line vty - Enter vty configuration mode. banner motd default - Set default motd
string. no banner motd - No motd banner string
will be printed.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2626
Basic Config Commands…Basic Config Commands… exec-timeout minute exec-timeout minute secondSet VTY connection timeout value. When
only one argument is specified it is usedfor timeout value in minutes. Optional
second argument is used for timeout value in seconds. Default timeout value is 10 minutes. When timeout value is zero, it means no timeout.
no exec-timeout - Do not perform timeout at all. This command is as same as exec-timeout 0 0.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2727
Basic Config Commands…Basic Config Commands…
access-class access-list - Restrict vty connections with an access list.
Example:access-list log-in permit 192.168.1.0/24
line vty access-class log-in
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2828
Sample Config FileSample Config File
for the zebra daemon.hostname Routerhostname Routerpassword zebrapassword zebraenable password zebraenable password zebra!!interface lointerface lo!!interface eth0interface eth0 ip address 172.16.1.2/24ip address 172.16.1.2/24!!line vtyline vty
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 2929
Sample Config FileSample Config File ’ !’ and ’#’ are comment characters. If the first
character of the word is one of thecomment characters then from the rest of the line forward will be ignored as a comment.
password zebra!password If a comment character is not the first character
of the word, it’s a normal character. So in the above example ’ !’ will not be regarded as a comment and the password is set to
’zebra!password’.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3030
Common Invocation Options
Usage : zebra [OPTION...]Usage : zebra [OPTION...]
Daemon which manages kernel routing table management and Daemon which manages kernel routing table management and redistribution between different routing protocols.redistribution between different routing protocols.
-b, --batch Runs in batch mode-b, --batch Runs in batch mode -d, --daemon Runs in daemon mode-d, --daemon Runs in daemon mode -f, --config_file Set configuration file name-f, --config_file Set configuration file name -i, --pid_file Set process identifier file name-i, --pid_file Set process identifier file name -k, --keep_kernel Don't delete old routes which installed by zebra.-k, --keep_kernel Don't delete old routes which installed by zebra. -l, --log_mode Set verbose log mode flag-l, --log_mode Set verbose log mode flag -A, --vty_addr Set vty's bind address-A, --vty_addr Set vty's bind address -P, --vty_port Set vty's port number-P, --vty_port Set vty's port number -r, --retain When program terminates, retain added route by zebra.-r, --retain When program terminates, retain added route by zebra. -v, --version Print program version-v, --version Print program version -h, --help Display this help and exit-h, --help Display this help and exit
Example: /home/zebra/sbin/zebra -dExample: /home/zebra/sbin/zebra -d
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3131
Virtual Terminal InterfacesVirtual Terminal Interfaces
VTY – Virtual Terminal Interface is a command line interface (CLI) for user interaction with the routing daemon.
To enable a VTY interface, you have to setup a VTY password. If there is no VTY password, one cannot connect to the VTY interface at all.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3232
VTY OverviewVTY Overview % telnet 192.168.8.9 2601
Hello, this is zebra (version 0.95a).Copyright 1996-2004 Kunihiro Ishiguro.
User Access VerificationPassword:Router> enablePassword: XXXXXRouter# configure terminalRouter(config)#password zzzzzzzRouter(config)# enable password yyyyyyyRouter(config)# interface eth0Router(config-if)# ip address 10.1.0.1/24Router(config-if)# exitRouter(config)#access-list log-in permit 192.168.1.0/24Router(config)#line vtyRouter(config-line)# access-class log-inRouter(config-line)# endRouter#disableRouter>
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3333
VTY ModesVTY Modes
Three VTY modesThree VTY modes VTY View Mode : Read-Only access to VTY View Mode : Read-Only access to
the CLIthe CLI VTY Enable mode : Read-write access VTY Enable mode : Read-write access
to the CLIto the CLI VTY Other modesVTY Other modes
Zebra DaemonZebra Daemon
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3535
Interface CommandsInterface Commands
interface interface ifnameifname shutdown , no shutdown – up or down the shutdown , no shutdown – up or down the
current interfacecurrent interface ip address ip address address (e.g. 10.0.0.1/8)address (e.g. 10.0.0.1/8) description description descriptiondescription …… …… multicast , no multicast - Enable or multicast , no multicast - Enable or
disable multicast flag for the interfacedisable multicast flag for the interface bandwidth <1-10000000> bandwidth <1-10000000> Bandwidth in kilobitsBandwidth in kilobits
no bandwidth <1-10000000>no bandwidth <1-10000000>
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3636
ExampleExample
Router> enablePassword: XXXXX
Router# configure terminalRouter# configure terminal
Router(config)# interface eth0Router(config)# interface eth0
Router(config-if)# ip address 10.0.1.2/24Router(config-if)# ip address 10.0.1.2/24
Router(config-if)# no ip address 10.0.2.2/24Router(config-if)# no ip address 10.0.2.2/24
Router(config-if)#endRouter(config-if)#end
Router#exitRouter#exit
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3737
Static Route Commands
It defines static prefix and gateway. ip route network gateway ip route network netmask gatewayip route 10.0.0.0/8 10.0.0.2ip route 10.0.0.0/8 ppp0ip route 10.0.0.0 255.255.255.0 10.0.0.2 ip route network gateway distanceip route 10.0.0.0 255.255.255.0 10.0.0.3 50
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3838
Static Route C…… Router# show ip routeRouter# show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - Codes: K - kernel route, C - connected, S - static, R - RIP, O -
OSPF,OSPF, B - BGP, > - selected route, * - FIB routeB - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.8.1, eth0K>* 0.0.0.0/0 via 192.168.8.1, eth0 S 10.0.0.0/24 [1/0] via 10.0.0.3 inactiveS 10.0.0.0/24 [1/0] via 10.0.0.3 inactive S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0 S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0 K * 127.0.0.0/8 is directly connected, loK * 127.0.0.0/8 is directly connected, lo C>* 127.0.0.0/8 is directly connected, loC>* 127.0.0.0/8 is directly connected, lo K * 192.168.8.0/24 is directly connected, eth0K * 192.168.8.0/24 is directly connected, eth0 C>* 192.168.8.0/24 is directly connected, eth0C>* 192.168.8.0/24 is directly connected, eth0
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 3939
Zebra Terminal Mode Commands
show interfaceshow interface show ip forward - show ip forward - Display whether the
host’s IP forwarding function is enabled or not. Almost any UNIX kernel can be configured with IP forwarding disabled. If so, the box can’t work as a router.
cat /proc/sys/net/ipv4/ip_forwardcat /proc/sys/net/ipv4/ip_forward To enable ip forward on Linux boxTo enable ip forward on Linux box
sysctl -w net.ipv4.ip_forward=1sysctl -w net.ipv4.ip_forward=1
BGPBGP
Border Gateway ProtocolBorder Gateway Protocol
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4141
Introduction to BGPIntroduction to BGP
Routing Protocol used to exchange routing information between networks - Exterior gateway protocol Exterior gateway protocol
Path Vector Protocol Incremental Updates Many options for policy enforcement Classless Inter Domain Routing (CIDR) Widely used for Internet backbone BGP used internally (iBGP) and externally
(eBGP)
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4242
Autonomous SystemAutonomous System
AS100
It is used to uniquely identify networks with common routing policy
Usually under single ownership, trust and administrative control
AS100
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4343
Autonomous System Number AS number is an identification of
autonomous system. BGP protocol uses the AS number for
detecting whether the BGP connection is internal one or external one.
An ASN is a 16 bit number Public AS numbers 1 - 64511 Private AS numbers 64512 – 65535 0 and 65535 are reserved ASNs are distributed by the Regional
Internet Registries
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4444
Starting BGPStarting BGP
Default configuration file of bgpd is ‘bgpd.conf’. (eg. /home/zebra/etc/bgpd.conf)
/home/zebra/sbin/bgpd -d/home/zebra/sbin/bgpd -d
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4545
Configuring the routerConfiguring the router
Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of
neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP
– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS
– Announced routesAnnounced routes– Receiving routesReceiving routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4646
BGP RouterBGP Router Configure BGP router with router bgp command.
To configure BGP router, you need AS number. router bgp asn
Enable a BGP protocol process with the specified asn. After this statement you can input any BGP Commands. You can not create different BGP process under different asn without specifying multiple-instance
no router bgp asn Destroy a BGP protocol process with the specified
asn.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4747
Configuration exampleConfiguration example
% % telnet 192.168.8.139 2605telnet 192.168.8.139 2605Connected to 192.168.1.139Escape character is ’^]’.Hello, this is zebra (version 0.95a)User Access VerificationPassword: XXXXXRouterA> RouterA> enableRouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#RouterA(config-router)#exitRouterA#exit
AS100 AS200
bgpdbgpdA B
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4848
bgp router-id A.B.C.DThis command specifies the router-ID. If bgpd
connects to zebra it gets interface and address information. In that case default router ID value is selected as the largest IP Address of the interfaces. When router zebra is not enabled bgpd can’t get interface information so router-id is set to 0.0.0.0. So set router-id by hand.
RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#bgp router-id 172.16.1.1
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 4949
Configuring the routerConfiguring the router
Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of
neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP
– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS
– Announced routesAnnounced routes– Receiving routesReceiving routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5050
Inserting prefixes into BGP
To add address prefix to be announced Two ways :
– redistributing internal routing protocol– network command
network A.B.C.D/M
router bgp 100 network 10.1.0.0/16 no network 172.16.0.0/16
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5151
AS100 AS200
Configuration exampleConfiguration example
RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)# network 10.1.0.0/16RouterA(config-router)#endRouterA#exit
bgpdbgpdA B
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5252
Redistribute to BGP
redistribute kernel– Redistribute kernel route to BGP process.
redistribute static– Redistribute static route to BGP process.
redistribute connected– Redistribute connected route to BGP process.
redistribute rip– Redistribute RIP route to BGP process.
redistribute ospf– Redistribute OSPF route to BGP process.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5353
Configuration exampleConfiguration example
router bgp 100
network 10.1.0.0/16
redistribute static redistribute connected
neighbor 192.168.8.140 remote-as 200
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5454
Configuring the routerConfiguring the router
Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of
neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP
– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS
– Announced routesAnnounced routes– Receiving routesReceiving routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5555
BGP Peers
neighbor peer remote-as asn– Creates a new neighbor whose remote-
as is asn. peer can be an IP address
router bgp 1neighbor 10.0.0.1 remote-as 2
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5656
Configuration exampleConfiguration example
RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#neighbor 192.168.8.140 remote-as 200RouterA(config-router)# network 10.1.0.0/16RouterA(config-router)#endDisplay commands- A>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes
AS100 AS200
bgpdbgpdA B
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5757
Configuration example ……Configuration example ……RouterA#show ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.8.140 4 200 99 113 0 0 0 00:03:30 1Total number of neighbors 1
RouterB# show ip bgp neighbors 192.168.8.139 routes
BGP table version is 0, local router ID is 172.16.1.2Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,r RIB-failure, S Stale, R RemovedOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path*> 10.1.0.0/16 192.168.8.139 0 0 100 i
Total number of prefixes 1
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5858
BGP Peer commands
neighbor peer shutdown no neighbor peer shutdownShutdown the peer. We can delete the
neighbor’s configuration by no neighbor peer remote-as as-number but all configuration of the neighbor will be deleted. When you want to preserve the configuration, but want to drop the BGP peer, use this syntax.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 5959
BGP Peer commands….
neighbor peer ebgp-multihop num no neighbor peer ebgp-multihop num
– Peer not directly connected neighbor peer description ... no neighbor peer description ...
– Set description of the peer. neighbor peer version version
– Set up the neighbor’s BGP version. version can be 4, 4+ or 4-. BGP version 4 is the default value used for BGP peering.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6060
Configuration exampleConfiguration example
RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#neighbor 192.168.8.140 remote-as 200RouterA(config-router)#neighbor 192.168.8.140 description eBGP to RouterBRouterA(config-router)#neighbor 192.168.8.140 version 4RouterA(config-router)#neighbor 192.168.8.140 shutdownRouterA(config-router)# network 10.1.0.0/16
AS100 AS200
bgpdbgpdA B
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6161
BGP Peer commands….
neighbor peer next-hop-self– This command specifies an announced route’s
nexthop as being equivalent to the address of the bgp router. In eBGP, changing the next-hop is handled automatically. But not in iBGP
no neighbor peer next-hop-self neighbor peer update-source interface no neighbor peer update-source neighbor peer default-originate
– announce default routes to the peer no neighbor peer default-originate
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6262
BGP Peer commands….
neighbor peer send-community neighbor peer weight weight
– specifies a default weight value for the neighbor’s routes. Local to the router
– Higher weight wins
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6363
Configuration exampleConfiguration example
RouterA#router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 update-source ehternet0 neighbor 192.168.8.140 default-originate neighbor 192.168.8.140 send-community neighbor 192.168.8.140 weight 50
To apply changes : clear ip bgp 192.168.8.140 out
RouterB#show ip route bgpRouterB#show ip routeRouterB#show ip bgp
AS100 AS200
bgpdbgpdA B
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6464
Configuration example ……Configuration example ……
RouterB# show ip bgpRouterB# show ip bgp Network Next Hop Metric LocPrf Weight PathNetwork Next Hop Metric LocPrf Weight Path
*> *> 0.0.0.0 192.168.8.139 0 0 100 i0.0.0.0 192.168.8.139 0 0 100 i
*> 10.1.0.0/16 192.168.8.139 0 0 100 i*> 10.1.0.0/16 192.168.8.139 0 0 100 i
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6565
Configuring the routerConfiguring the router
Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of
neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP
– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS
– Announced routesAnnounced routes– Receiving routesReceiving routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6666
Policy ControlPolicy Control
Policy based on AS path, community and Policy based on AS path, community and prefixesprefixes
Rejecting, accepting selected routesRejecting, accepting selected routes Set attribute to influence path selectionSet attribute to influence path selection
Zebra provides many very flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6767
Tools for policy controlTools for policy control
Prefix-list (Filter prefixes) Filter-list (Filter ASes) Route-map and communities
neighbor peer distribute-list name [in|out]– This command specifies a distribute-list for the
peer. direct is ‘in’ or ‘out’. neighbor peer prefix-list name [in|out] neighbor peer filter-list name [in|out] neighbor peer route-map name [in|out]
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6868
Prefix ListPrefix List
ip prefix-list provides the most powerful prefix based filtering mechanism.
add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.
If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 6969
Prefix List commandPrefix List command ip prefix-list name (permit|deny) prefix [le len]
[ge len] ip prefix-list name seq-number (permit|deny)
prefix [le len] [ge len] ip prefix-list name description desc no ip prefix-list name no ip prefix-list name description [desc]
show ip prefix-list– Display all IP prefix lists.
show ip prefix-list name– Show IP prefix list can be used with a prefix list name.
show ip prefix-list name seq num
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7070
Configuration exampleConfiguration exampleRouterArouter bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out
ip prefix-list PEER-IN deny 172.16.2.0/24ip prefix-list PEER-IN permit 0.0.0.0/0 le 32ip prefix-list PEER-OUT permit 10.1.0.0/16
To apply changes :clear ip bgp 192.168.8.140 inclear ip bgp 192.168.8.140 outA>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7171
Filter ListFilter List
Filter routes based on AS path Both direction – in/outBoth direction – in/out
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7272
Configuration exampleConfiguration example
router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out
ip as-path access-list 5 permit ^100$ip as-path access-list 6 permit ^200$
To apply the changesclear ip bgp 192.168.8.140 inclear ip bgp 192.168.8.140 out
A>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7373
Regular Expressions
AS path regular expression can be used for displaying BGP routes and AS path access list.
. Matches any single character.* Matches 0 or more occurrences of pattern.+ Matches 1 or more occurrences of pattern.? Match 0 or 1 occurrences of pattern.^ Matches the beginning of the line.$ Matches the end of the line._ Character _ has special meanings in AS path regular expression.
It matches to space and comma , and AS set delimiter { and } and AS confederation delimiter ( and ). And it also matches to the beginning of the line and the end of the
line. So _ can be used for AS value boundaries match. show ip bgp regexp _7675_ matches to all of BGP routes which
as AS number include 7675.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7474
ExamplesExamples
.* match anything
.+ match at least one character^$ match routes local to this AS_100$ originated by AS100^100_ received from AS100_100_ via AS100_200_100_ via AS100 and AS200_(100_)+ multiple AS100 in sequence(used to match AS-PATH prepends)_\(65530\)_ via AS65530 (confederations)
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7575
AS Path Access List
AS path access list is user defined AS path.
ip as-path access-list word {permit|deny} line– This command defines a new AS path
access list. no ip as-path access-list word no ip as-path access-list word
{permit|deny} line
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7676
ExampleExample
ip as-path access-list 1 permit _100$ ip as-path access-list 2 permit _200_
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7777
Route Maps
Route map is a very useful function in zebra. There is a match and set statement permitted in a route map.
conceptsif match then do expression and exitelseif match then do expression and exitelse etc
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7878
Example - Route Map & prefix-listsExample - Route Map & prefix-lists
router bgp 100 bgp router-id 172.16.1.1 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-in in
route-map filter-in permit 10 match ip address prefix-list list-1 set local-preference 120
route-map filter-in permit 20 match ip address prefix-list list-2 set local-preference 80
route-map filter-in permit 30
ip prefix-list list-1 permit 10.2.0.0/16ip prefix-list list-2 permit 10.3.0.0/16
To apply the changesclear ip bgp 192.168.8.140 in
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 7979
Example - Route Map & prefix-lists. Example - Route Map & prefix-lists. Before applying policiesBefore applying policiesRouterA# show ip bgp 10.2.0.0RouterA# show ip bgp 10.2.0.0BGP routing table entry for 10.2.0.0/16BGP routing table entry for 10.2.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.2)192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, Origin IGP, metric 0, localpref 100localpref 100, valid, external, best, valid, external, best Last update: Mon Jan 30 12:40:11 2006Last update: Mon Jan 30 12:40:11 2006
After applying policiesAfter applying policiesRouterA# show ip bgp 10.2.0.0RouterA# show ip bgp 10.2.0.0BGP routing table entry for 10.2.0.0/16BGP routing table entry for 10.2.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.2)192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, Origin IGP, metric 0, localpref 120localpref 120, valid, external, best, valid, external, best Last update: Mon Jan 30 12:48:11 2006Last update: Mon Jan 30 12:48:11 2006
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8080
Example - Route Map & prefix-lists.Example - Route Map & prefix-lists. Before applying policiesBefore applying policiesRouterA# show ip bgp 10.3.0.0 RouterA# show ip bgp 10.3.0.0 BGP routing table entry for 10.3.0.0/16BGP routing table entry for 10.3.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer200200 192.168.8.140 from 192.168.8.140 (172.16.1.1)192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, Origin IGP, metric 0, localpref 100localpref 100, valid, external, best, valid, external, best Last update: Mon Jan 30 12:41:41 2006Last update: Mon Jan 30 12:41:41 2006
After applying policiesAfter applying policiesRouterA# sh ip bgp 10.3.0.0RouterA# sh ip bgp 10.3.0.0BGP routing table entry for 10.3.0.0/16BGP routing table entry for 10.3.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.1)192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, Origin IGP, metric 0, localpref 80localpref 80, valid, external, best, valid, external, best Last update: Mon Jan 30 12:52:11 2006Last update: Mon Jan 30 12:52:11 2006
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8181
Example - Route Map & Filter lists
router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-as-path in
route-map filter-as-path permit 10match as-path 1set local-preference 90
route-map filter-as-path permit 20match as-path 2set local-preference 150
route-map filter-as-path permit 30
ip as-path access-list 1 permit _200$ip as-path access-list 2 permit _300_
To apply the changesclear ip bgp 192.168.8.140 in
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8282
Example - Route-map & Example - Route-map & AS-PATH prepend
RouterArouter bgp 100network 10.1.0.0/16neighbor 192.168.8.140 remote-as 200neighbor 192.168.8.140 route-map set-as-path out!route-map set-as-path permit 10 match ip address prefix-list list-3 set as-path prepend 100 100
route-map set-as-path permit 20
ip prefix-list list-3 permit 10.1.0.0/16
Use own AS number when prependingTo apply the changesclear ip bgp 192.168.8.140 out
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8383
Example - Route-map & Example - Route-map & AS-PATH prepend …..
RouterB# show ip bgp 10.1.0.0RouterB# show ip bgp 10.1.0.0BGP routing table entry for 10.1.0.0/16BGP routing table entry for 10.1.0.0/16Paths: (1 available, best #1, table Default-IP-Paths: (1 available, best #1, table Default-IP-
Routing-Table)Routing-Table) Not advertised to any peerNot advertised to any peer 100 100 100100 100 100 192.168.8.139 from 192.168.8.139 192.168.8.139 from 192.168.8.139
(172.16.1.1)(172.16.1.1) Origin IGP, metric 0, localpref 100, valid, Origin IGP, metric 0, localpref 100, valid,
external, bestexternal, best Last update: Mon Jan 30 14:17:01 2006Last update: Mon Jan 30 14:17:01 2006
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8484
Route Aggregation policies
aggregate-address A.B.C.D/M– This command specifies an aggregate address.
no aggregate-address A.B.C.D/M aggregate-address A.B.C.D/M summary-
only– This command specifies an aggregate address.
Aggregated routes will not be announce.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8585
Configuring the routerConfiguring the router
Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of
neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP
– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS
– Announced routesAnnounced routes– Receiving routesReceiving routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8686
AS200
AS300
AS100
CB
A
10.1.0.0/16
10.2.0.0/16 10.2.0.0/16
192.168.1.2
192.168.2.2
192.168.1.1 192.168.2.1
AS400
Example NetworkExample Network
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8787
AS200AS300
AS100
C B
A
10.1.0.0/16
10.2.0.0/16 10.2.0.0/16
192.168.1.2192.168.2.2
192.168.1.1 192.168.2.1
AS400
RouterARouterA
router bgp 100router bgp 100 network 10.1.0.0/16network 10.1.0.0/16 neighbor 192.168.1.2 remote-as 200neighbor 192.168.1.2 remote-as 200 neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.2.2 remote-as 300neighbor 192.168.2.2 remote-as 300 neighbor 192.168.2.2 prefix-list PEERB-OUT outneighbor 192.168.2.2 prefix-list PEERB-OUT out neighbor 192.168.2.2 route-map set-as-path outneighbor 192.168.2.2 route-map set-as-path out
ip prefix-list PEERB-OUT permit 10.1.0.0/16ip prefix-list PEERB-OUT permit 10.1.0.0/16ip prefix-list PEERC-OUT permit 10.1.0.0/16ip prefix-list PEERC-OUT permit 10.1.0.0/16ip prefix-list list-3 permit 10.1.0.0/16ip prefix-list list-3 permit 10.1.0.0/16
route-map set-as-path permit 10route-map set-as-path permit 10 match ip address prefix-list list-3 match ip address prefix-list list-3 set as-path prepend 100 100set as-path prepend 100 100
route-map set-as-path permit 20route-map set-as-path permit 20
RouterCRouterC
router bgp 200router bgp 200 network 10.2.0.0/16network 10.2.0.0/16 neighbor 192.168.1.1 remote-as 100neighbor 192.168.1.1 remote-as 100 neighbor 192.168.1.1 prefix-list PEERA-IN inneighbor 192.168.1.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 inneighbor 192.168.1.1 filter-list 5 inip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip as-path access-list 5 permit ^100ip as-path access-list 5 permit ^100
RouterBRouterB
router bgp 300router bgp 300 network 10.3.0.0/16network 10.3.0.0/16 neighbor 192.168.2.1 remote-as 100neighbor 192.168.2.1 remote-as 100 neighbor 192.168.2.1 prefix-list PEERA-IN inneighbor 192.168.2.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 inneighbor 192.168.1.1 filter-list 5 in
ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip as-path access-list 5 permit ^100ip as-path access-list 5 permit ^100
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8888
BGP Scaling Techniques BGP Scaling Techniques
Route Refresh and Soft Reconfiguration
Peer GroupsPeer Groups
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 8989
Route RefreshRoute Refresh BGP session to that neighbor has to be cleared so BGP session to that neighbor has to be cleared so
that it’s reinitialized after every policy change that it’s reinitialized after every policy change because the router does not store prefixes that are rejected by policy
Hard BGP reset Hard BGP reset – Tear down BGP peeringTear down BGP peering– Consume CPUConsume CPU– Disrupts connectivity for all networkDisrupts connectivity for all network
clear ip bgp peer clear ip bgp *
Peer IP address/ASN
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9090
Route Refresh CapabilityRoute Refresh Capability
No disrupts connectivityNo disrupts connectivity No additional memory is used No configuration is needed Requires peering routers to support “route
refresh capability” – RFC2918 clear ip bgp x.x.x.x in
– ask the peer to resend full BGP announcement clear ip bgp x.x.x.x out
– to resend full BGP announcement to peer
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9191
Soft Reconfiguration
Copies of all routes received from that peer are Copies of all routes received from that peer are stored separately from the regular BGP table. stored separately from the regular BGP table.
After configuring the policy change, It is possible After configuring the policy change, It is possible to apply the new policy to the stored copies of the to apply the new policy to the stored copies of the BGP information without having to reset the BGP information without having to reset the session.session.
router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 soft-reconfiguration inbound
clear ip bgp 192.168.8.140 soft [in | out]
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9292
BGP Scaling Techniques BGP Scaling Techniques
Route Refresh and Soft Reconfiguration
Peer GroupsPeer Groups
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9393
BGP Peer Groups
Some routers have long list of neighbors. It’s is then common to have several setting that are same for each neighbors.
Makes configuration easier Makes configuration less prone to error Makes configuration more readable
neighbor word peer-group– This command defines a new peer group.
neighbor peer peer-group word– This command bind specific peer to peer group word.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9494
Configuration example Configuration example (Without peer groups)(Without peer groups)
router bgp 100 network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out
neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 prefix-list PEER-IN in neighbor 192.168.8.150 prefix-list PEER-OUT out neighbor 192.168.8.150 filter-list 6 in neighbor 192.168.8.150 filter-list 5 out
ip prefix-list PEER-IN deny 172.16.2.0/24ip prefix-list PEER-IN permit 0.0.0.0/0 le 32ip prefix-list PEER-OUT permit 10.1.0.0/16ip as-path access-list 5 permit ^100$ip as-path access-list 6 permit ^200$
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9595
Configuration exampleConfiguration example (With peer groups)(With peer groups)
router bgp 100 network 10.1.0.0/16
neighbor ebgp peer-group neighbor ebgp filter-list 6 in neighbor ebgp filter-list 5 out neighbor ebgp prefix-list PEER-IN in neighbor ebgp prefix-list PEER-OUT out neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 peer-group ebgp neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 peer-group ebgp
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9696
BGP Scaling Techniques BGP Scaling Techniques
Route Refresh and Soft Reconfiguration
Peer GroupsPeer Groups
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9797
Display BGP Routes
show ip bgp regexp line– This commands display BGP routes that matches AS
path regular expression line.– show ip bgp regexp _100_
show ip bgp summary show ip bgp show ip bgp A.B.C.D show ip route bgp show ip bgp neighbors <peerIPAddr> advertised-
routes show ip bgp neighbors <peerIPAddr> routes
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9898
Route Server
At an Internet Exchange point, many ISPs are connected to each other by external BGP peering. Normally these external BGP connection are done by full mesh method. As with internal BGP full mesh formation, this method has a scaling problem.
Route Server is a method to resolve the problem.
Each ISP’s BGP router only peers to Route Server.
Route Server serves as BGP information exchange to other BGP routers.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 9999
several routing tables for managing different routing policies for each BGP speaker (Different views)
bgpd can work as normal BGP router or Route Server or both at the same time.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 100100
Multiple instance
To enable multiple view function of bgpd, you must turn on multiple instance feature beforehand.
bgp multiple-instance no bgp multiple-instance bgp config-type zebra
– Zebra style BGP configuration. This is default. bgp config-type cisco
– Cisco compatible BGP configuration output.– When bgp config-type cisco is specified,“no synchronization” is displayed. “no auto-summary” is
desplayed.“network” and “aggregate-address” argument is displayed as
“A.B.C.D M.M.M.M”Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregate-
address 192.168.0.0 255.255.255.0
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 101101
– In case of “bgp config-type cisco” is specified, community attribute is not sent to the neighbor by default. To send community attribute user has to specify “neighbor A.B.C.D send-community” command.
– router bgp 1 neighbor 10.0.0.1 remote-as 1 neighbor 10.0.0.1 send-community
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 102102
ExampleExampleRouterA#configure terminalRouterA(config)# bgp multiple-instance RouterA(config)# bgp config-type ciscoRouterA(config)# Ctrl ZRouterA#
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 103103
BGP ViewsBGP Views BGP view is almost same as normal BGP process.
The result of route selection does not go to the kernel routing table. BGP view is only for exchanging BGP routing information.
router bgp as-number view namebgp multiple-instance!router bgp 1 view 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.2 remote-as 3!router bgp 2 view 2neighbor 10.0.0.3 remote-as 4neighbor 10.0.0.4 remote-as 5
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 104104
BGP instance and view
You can setup different AS at the same time when BGP multiple instance feature is enabled.
router bgp as-number– Make a new BGP instance. You can use arbitrary word for the name.bgp multiple-instance!router bgp 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.2 remote-as 3!router bgp 2neighbor 10.0.0.3 remote-as 4neighbor 10.0.0.4 remote-as 5
The result of route selection goes to the kernel routing table.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 105105
Routing policy
You can set different routing policy for a peer. For example, you can set different filter for a peer.
bgp multiple-instance!router bgp 1 view 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.1 distribute-list 1 in!router bgp 1 view 2neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.1 distribute-list 2 in
access-list 1 permit 192.168.1.0 0.0.0.255access-list 2 permit 192.168.2.0 0.0.0.255
This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. On the other hand, when the update is inserted into view 2, distribute-list 2 is applied.
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 106106
Viewing the views
show ip bgp view name– Display routing table of BGP view name.
FilteringFiltering
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 108108
ToolsTools
IP Access List IP Prefix List Route Map
APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 109109
IP Access List access-list name permit ipv4-network access-list name deny ipv4-network Basic filtering is done by access-list as
shown in the following example.access-list filter deny 10.0.0.0/9access-list filter permit 10.0.0.0/8access-list 100 permit ip any 192.168.1.0
0.0.0.255access-list 90 permit 192.168.1.0 0.0.0.255
Example vty access restrict, route-map match statement, distribute-list
Zebra/Zebra/QuaggaQuagga Routing Suite Routing Suite
Thank youThank you
Zebra/Zebra/QuaggaQuagga Routing Suite Routing Suite
Anura AbayaratneAnura AbayaratneMTT Network - Sri LankaMTT Network - Sri Lanka
[email protected]@iee.org
APRICOT 2006APRICOT 2006
2222ndnd Feb – 3 Feb – 3rdrd Mar 2006 Mar 2006
Perth Western AustraliaPerth Western Australia