Configuring and verifying Basic BGP Operations
Download
Report
Transcript Configuring and verifying Basic BGP Operations
Configuring and
Verifying Basic
BGP Operations
Connecting an Enterprise Network to an ISP Network
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-1
Planning for BGP
Define network requirements
Define internal connectivity
Define external connectivity to ISP
Gather required parameters
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-2
Requirements for Basic BGP
Configuration
AS numbers
Neighbors (IP addresses)
Networks to be advertised
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-3
Steps to Configure Basic EBGP
Define the BGP process
Establish a EBGP neighbor relationship
Advertise the networks
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-4
Define BGP Process and Activate EBGP
Session
R2(config)#
router bgp 65010
Define the BGP process locally with a local AS number.
R2(config-router)#
neighbor 10.1.1.2 remote-as 65020
Activate EBGP session to the neighbor
Remote router IP Address and AS number
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-5
Advertise Networks
Option 1:
R2(config-router)#
network 10.2.2.0 mask 255.255.255.0
network 10.4.4.0 mask 255.255.255.0
Configure the local networks to be advertised and include them in
BGP
Option 2:
Redistribution from IGP to BGP
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-6
BGP network Command Details
R2(config-router)#
network 192.168.1.1 mask 255.255.255.0
The router looks for 192.168.1.1/24 in the routing table, but
cannot find it, so it will not announce anything.
R2(config-router)#
network 192.168.0.0 mask 255.255.0.0
The router looks for 192.168.0.0/16 in the routing table.
If the exact route is not in the table, you can add a static route to
null0 so that the route can be announced.
R2(config-router)#
network 192.168.1.0
The router looks for a C class 192.168.1.0 network in the routing
table.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-7
Basic EBGP Configuration
Option 1
R2#
!
<output omitted>
!
router bgp 65010
neighbor 10.1.1.2 remote-as 65020
network 10.2.2.0 mask 255.255.255.0
network 10.4.4.0 mask 255.255.255.0
!
© 2009 Cisco Systems, Inc. All rights reserved.
Option 2
R2#
!
<output omitted>
router ospf 10
network 10.2.2.0 mask 255.255.255.0
network 10.4.4.0 mask 255.255.255.0
!
router bgp 65010
neighbor 10.1.1.2 remote-as 65020
redistribute ospf
!
ROUTE v1.0—6-8
Basic IBGP and EBGP Configuration in
the Customer A Network
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-9
Shutting Down a BGP Neighbor
R2(config-router)#
neighbor 10.1.1.2 shutdown
Administratively brings down a BGP neighbor
Used for maintenance/policy changes to prevent route flapping
R2(config-router)#
no neighbor 10.1.1.2 shutdown
Reenables a BGP neighbor that has been administratively shut
down
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-10
IBGP Peering Issue
An IBGP neighbor relationship is established.
What happens if the link between R3 and R4 goes down?
Which IP address should be used to establish an IBGP session?
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-11
BGP Issues with Source IP Address
Create a BGP packet:
The destination IP address defined by the neighbor statement
The source IP address defined by the outbound interface
The source address of the received BGP packet is
compared to list of neighbor statements:
If a match is found in the list of neighbors, a relationship is
established.
If no match is found in the list of neighbors, the packet is ignored.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-12
IBGP Using Loopback Addresses
A loopback interface can be used as the source and destination IP
address of all BGP updates between neighbors.
The neighbor update-source command is normally used only with IBGP
neighbors.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-13
IBGP Next-Hop Behavior
IBGP does not modify next hop.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-14
BGP neighbor next-hop-self Command
Forces all updates for neighbor R4 to be advertised with this router as the
next hop—the same IP address as for the source of the BGP packet.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-15
BGP States
When establishing a BGP session, BGP goes through
the following states:
1. Idle: Router is searching the routing table to see whether a route
exists to reach the neighbor.
2. Connect: Router found a route to the neighbor and has
completed the three-way TCP handshake.
3. Open sent: Open message sent, with the parameters for the
BGP session.
4. Open confirm: Router received an agreement on the parameters
for establishing a session.
– Alternatively, the router goes into active state if no response
to open message
5. Established: Peering is established; routing begins.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-16
BGP Established and Idle States
Idle: The router cannot find the address of the neighbor in the
routing table.
– Solution: Check for an IGP problem. Is the neighbor
announcing the route?
Established: Proper state for BGP operations.
– Output of the show ip bgp summary command has a number
in the state column indicating the number of routes learned
from this neighbor.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-17
Example: show ip bgp neighbors
Command
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-18
BGP Active State Verification
Active: The router has sent an open packet and is waiting
for a response.
The state may cycle between active and idle.
The neighbor may not know how to get back to this router
because of the following reasons:
– No route to the source IP address of the BGP open packet
– The neighbor is peering with the wrong address
– No neighbor statement for this router
– The AS number is misconfigured
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-19
Example: BGP Active State Verification
AS number misconfiguration:
At the router with the wrong remote AS number:
– %BGP-3-NOTIFICATION: sent to neighbor 172.31.1.3 2/2
(peer in wrong AS) 2 bytes FDFC
– FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 FDFC
00B4 AC1F 0203 1002 0601 0400 0100 0102 0280 0002 0202 00
At the remote router:
– %BGP-3-NOTIFICATION: received from neighbor 172.31.1.1 2/2
(peer in wrong AS) 2 bytes FDFC
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-20
Example: BGP Peering
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-21
BGP Neighbor Authentication
BGP authentication uses MD5
Configure a key—password; router generates a message digest
(is sent), or hash, of the key (is not sent) and the message
Router generates and checks the MD5 digest of every segment
sent on the TCP connection
Router authenticates the source of each routing update packet
that it receives
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-22
Example: BGP Neighbor Authentication
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-23
Example: BGP Configuration
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-24
Example: show ip bgp Command
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-25
Example: show ip bgp rib-failure
Command
Displays networks that are not installed in the RIB and the reason
that they were not installed.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-26
Clearing the BGP Session
When policies change, the change takes effect immediately.
The next time that a prefix or path is advertised or received,
the new policy is used. This can take a long time for all networks.
You must trigger an update for immediate action.
Ways to trigger an update:
– Hard reset
– Soft reset
– Route refresh
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-27
Hard Reset of BGP Sessions
A BGP session makes the transition from established to
idle; everything must be relearned.
R2#
clear ip bgp *
Resets all BGP connections with this router.
The entire BGP forwarding table is discarded.
R2#
clear ip bgp 10.1.1.2
Resets only a single neighbor.
Less severe than a clear ip bgp * command.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-28
Soft Reset Outbound
R2#
clear ip bgp 10.1.1.2 soft out
Routes learned from this neighbor are not lost.
This router resends all BGP information to the neighbor without
resetting the connection.
This option is highly recommended when you are changing the
outbound policy.
The soft out option does not help if you are changing an inbound
policy.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-29
Inbound Soft Reset
R2(config-router)#
neighbor 10.1.1.2 soft-reconfiguration inbound
This router stores all updates from this neighbor in case the
inbound policy is changed.
The command is memory intensive.
R2#
clear ip bgp 10.1.1.2 soft in
Uses the stored information to generate new inbound updates.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-30
Route Refresh: Dynamic Inbound Soft
Reset
R2#
clear ip bgp {*|10.1.1.2} [soft in | in]
Routes advertised to this neighbor are not withdrawn
Does not store update information locally
The connection remains established
Introduced in Cisco IOS Software Release 12.0(2)S and 12.0(6)T
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-31
Monitoring Soft Reconfiguration
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-32
debug ip bgp updates Command
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-33
Summary
For a BGP configuration, the following must be defined: BGP
requirements, BGP parameters, and connectivity.
BGP is configured with the following basic BGP commands:
router bgp autonomous-system, neighbor ip-address remoteas autonomous-system, network network-number [mask
network-mask]
The neighbor shutdown command administratively shuts down
a BGP neighbor.
When creating a BGP packet, the neighbor statement defines the
destination IP address and the outbound interface defines the
source IP address.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-34
Summary (cont.)
When establishing a BGP session, the BGP goes through the
following states: idle, connect, open sent, open confirm, and
established.
You can configure MD5 authentication between two BGP peers,
which means that each segment sent on the TCP connection
between the peers is verified.
One EBGP neighbor exists in a single-homed environment.
The show and debug commands are used to troubleshoot the
BGP session.
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-35
© 2009 Cisco Systems, Inc. All rights reserved.
ROUTE v1.0—6-36