Scribd
Upload
65 views38 pages

BGP: Border Gateway Protocol

Uploaded by

khelifitouhamimaissa11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views38 pages

BGP: Border Gateway Protocol

Uploaded by

khelifitouhamimaissa11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

BGP : Border Gateway Protocol

● BGP Overview
● When is it not appropriate to use BGP?

● When is it appropriate to use BGP?

● BGP tables

● BGP messages

● BGP Characteristics

● BGP Operations

● BGP Considerations

● BGP Attributes

● BGP Requirements
BGP : Border Gateway Protocol


The routing protocol of the internet


Routing through AS instead of routers


The slowest routing protocol


Primarly service provider, but also enterprise customer.
PBR : Policy Based Routing
Deep Packet Inspection (DPI):

DPI involves inspecting the actual payload of packets to identify patterns or

signatures associated with specific applications or protocols. VoIP traffic

often uses specific ports or protocols (e.g., SIP, RTP), while file downloads

may be identified based on the characteristics of file transfer protocols (e.g.,

HTTP, FTP).
PBR : Policy Based Routing
Port-Based Classification:

Many applications use specific well-known ports. For example, VoIP traffic

often uses ports like 5060 for SIP and a range of ports for RTP. Similarly,

HTTP (port 80) and FTP (port 21) are commonly associated with file

transfers.
PBR : Policy Based Routing
Quality of Service (QoS) Markings:

Some applications or protocols set specific Quality of Service (QoS)

markings in the IP header. For example, VoIP traffic may set the DiffServ

field to ensure low latency and prioritize real-time communication.

NetFlow and Traffic Analysis:

Utilize network monitoring tools like NetFlow or packet analyzers to

capture and analyze traffic patterns. These tools can provide insights into

the types of applications generating traffic.


PBR : Policy Based Routing
Commercial solutions:

1) Deep Packet Inspection appliances

2) Next-Generation Firewalls

3) AI-based solutions

All these solutions provide more advanced capabilities for traffic

classification.

Question : What are the limitations of DPI ?


BGP : Border Gateway Protocol

BGP : It is EGP path vector (as DV) standard protocol which is very stable between AS.

Designed for scalable networks

AS contains 16 bits

AS =[1, 65535] (until IOS version 12.4), now it is on 32 bits , 0 reserved

Public AS : [1, 64511] used for External BGP (eBGP, AD =20, TTL=1)

Private AS : [64512, 65535] used for Internal BGP (iBGP, AD=200, TTL=255)

New AS = 32 bits

For interoperability between the old and new numbering, they us AS 23456
When BGP is not appropriate ?
1) If single path exists to the destination (other AS)

Customer ISP
Static

Static
AS AS
When BGP is not appropriate ?
2) If no redundant link to the internet is available
3) You don’t really care what path is used to reach a route in another
AS.
4) If the link between AS is slow (<=1.5 MB) ie : no sufficient BW to
receive updates.
5) If your router in weak in terms of CPU and memory
(limited-performance)
6) If there is no understanding of BGP policies
When BGP is appropriate ?
1) If many paths exist to other AS
2) If your company is connected to many ISP

AS AS

3) BGP is a must if your AS is a transit AS (EGP + iBGP)

AS
AS Transit AS
BGP Characteristics
1) It is an application running over TCP (port 179)
2)It is a path vector EGP protocol
3)It supports VLSM and CIDR
4)Neighbors should be defined statically
5) Symbol in routing table is B
6) AD =200 (iBGP), 20 (eBGP)
7) Use rich metrics called attributes
8) Support Dynamic PRB
9) At change : batch updates every 30 seconds for external (5s
for internal)
eBGP vs iBGP vs IGP
1) eBGP and iBGP : neighborship doesn’t require to be directly

connected

2) iBGPs’ neighbors could reach each others via IGP routes

3) IGP : routes inside an AS to internal destinations

4) iBGP : routes inside an AS to external destinations

5) Hint : BGP edge router is also called as BGP speaker

6) A BGP table can contain more than 800,000 entries


eBGP vs iBGP vs IGP

Routers inside the same AS can consider the BGP edge router

as their next hop for routes learned via BGP, especially for

external destinations outside the AS. This helps in maintaining

a consistent routing policy within the AS and efficiently

directing traffic towards the exit point for destinations outside

the AS
BGP tables
1) Neighbor table : it is built manually

Neighbors never « discover » but manual configuration is


needed on both sides.
2) Neighbors must be reachable at port tcp 179.
3) Multiple session to the same neighbors not permitted
4) Neighborship could be built either by loopback @ or physical
ip @
Neighbor table
BGP tables - Neighbor table
- eBGP Relation :
(conf)#router bgp number of AS
(conf-router)#neighbor ip_of_neighbor remote-as neighbor_as

To create an eBGP relation between R1 and R4 :


R1(config)#router bgp 300
R1(config-router)#neighbor [Link] remote-as 100

R4(config)#router bgp 100


R4(config-router)#neighbor [Link] remote-as 300
BGP tables - Neighbor table
To display the neighbor table : show ip bgp summary

States : Idle, Connect, Open Sent State, Active State, Established State
BGP tables - Neighbor table
To create an eBGP relation between R3 and R5 :
R3(config)#router bgp 300 R5(config)#router bgp 200
R3(config-router)#neighbor [Link] remote-as 200 R5(config-router)#neighbor [Link] remote-as 300

iBGP relation: For an iBGP (Internal Border Gateway Protocol) relationship, it is


advisable to use a Loopback IP as the neighbor IP. Why ?
On R1 and R3, add a Loopback interface, then include this interface in the OSPF process.

R1(config)#interface loopback 0 R3(config)#interface loopback 0


R1(config-if)#ip address [Link] [Link] R3(config-if)#ip address [Link] [Link]
R1(config)#router ospf 1 R3(config)#router ospf 1
R1(config-router)#network [Link] [Link] area 0 R3(config-router)#network [Link] [Link] area 0

Then, we configure the iBGP relation :


R1(config)#router bgp 300 R3(config)#router bgp 300
R1(config-router)#neighbor [Link] remote-as 300 R3(config-router)#neighbor [Link] remote-as 300
BGP tables - Neighbor table

This is because when R3 sends a message to R1, the message has a source of [Link] (the IP of
the sending interface), however, R1 expects to receive messages from [Link].
Therefore, the source of the messages for this neighbor relationship needs to be changed.
R1(config-router)#neighbor [Link] update-source loopback 0
R3(config-router)#neighbor [Link] update-source loopback 0
BGP tables - BGP table
2) BGP table (BGP forwarding database)

To check the table, use the command : R1#show ip bgp

It contains all learned routes from neighbors (all routes to reach
the destination)

To advertise a network, we have two solutions :
Solution 1 : using the network command
R1(config)#router bgp AS_N
R1(config-router)#network ……….mask………
[Link]/24
[Link]/24 R1 R2
[Link]/24
[Link]/24
BGP tables (cond’t)
BGP tables (cond’t)
R4(config)#router bgp 100
R4(config-router)#network [Link] mask [Link]
R4(config-router)#network [Link] mask [Link]
R4(config-router)#network [Link] mask [Link]
BGP tables (cond’t)
Solution2: Redistribution (route map is a type of PBR in CISCO)
R5(config)#access-list 1 permit [Link] [Link]
R5(config)#access-list 1 permit [Link] [Link]
R5(config)#route-map BGPRedistribution
R5(config-route-map)#match ip address 1
R5(config)#router bgp 200
R5(config-router)#redistribute connected route-map BGPRedistribution

Here, the BGP route-map is used to filter routes advertised to a BGP neighbor.
BGP tables (cond’t)

3) IP routing table : It contains the best path in BGP table.


BGP messages
NB : all the BGP messages are unicast

1) Open messages : it is a startup hello that will be sent to establish the

neighborship and it will be sent only one time.

2) Keepalive messages : it is a periodic hello (every 60 sec) to make sur that the

neighbor still here. HoldTime : 3 keepalive = 180 seconds

3) Update : it contains Network, Mask & Attribute of the best path in BGP tables

4) Notification : used by BGP router to notify other routers about errors, memory,

CPU problems.
BGP Operations
Phase 1 : neighbor discovery states :
AS 100 AS 200

I : Idle
C : Connect
O : Open Message Sent
A : Active
O : Open Message Confirmed
E : Established State
BGP Operations (cont’d)
1) Idle state: Router A is searching the neighbor in the routing table and didn’t find it
(no messages have been sent in this phase)
2) Once router B types the neighbor command, BGP app layer sends the open message
to the TCP for 3 way handshake.
3) After finishing the 3 way handshake, the state will be changed to Connect
4) Connect state : here BGP established a session
5) Open sent state: Router A will send open message to router B and waiting for
router B to reply the Open message.
6) Active state : After a while, if router B didn’t send the open message to router A,
the latter will be in active state.
BGP Operations (cont’d)

7) Open confirm state : one router B sends the open message, then the state
will be changed from Active state to Open confirm state.
8) Established : After the open confirm, the router A will put itself in the
Established state.
BGP Consideration
● BGP updates/Data Blackholes
BGP Consideration
● To avoid data blackholes : run iBGP inside Transit AS (on all routers)

● To avoid loops : BGP uses Split Horizon and BGP split horizon

● BGP Split Horizon : routes learned from iBGP neighbor should never

advertised to any iBGP neighbor.


BGP Consideration

BGP Split Horizon

NB : Inside transit AS, you should run iBGP on all routers in full mesh fashion
BGP Requirements

1) Authentication : Authentication in BGP plays a crucial role in

ensuring the security and integrity of the routing information

exchanged between BGP peers - Null or Hashed (MD5)

Router1(config)# router bgp 65001

Router1(config-router)# neighbor [Link] remote-as 65002

Router1(config-router)# neighbor [Link] password your_secret_key


BGP Requirements

Router2(config-router)# router bgp 65002

Router2(config-router)# neighbor [Link] remote-as 65001

Router2(config-router)# neighbor [Link] password your_secret_key


BGP Requirements
Importance of Authentication in BGP:

● Preventing Unauthorized Access: Authentication ensures that only

legitimate and authorized BGP peers can exchange routing

information.

● Protecting Against Spoofing: It guards against malicious entities

attempting to impersonate BGP routers and inject false routing

information.
BGP Requirements

● Peer groups : Peer Groups play a significant role in simplifying

configuration and improving scalability. A Peer Group is a mechanism

that allows you to apply the same configuration parameters to

multiple BGP neighbors, making BGP configuration more efficient

and manageable

● Question : What are the advantages of BGP peer groups


BGP Requirements
● Peer groups : neighbors groups :

● router bgp 65001

● neighbor noor remote-as 65002

● neighbor noor peer-group

● neighbor noor password secret

● neighbor [Link] peer-group noor

● neighbor [Link] peer-group noor

● neighbor [Link] peer-group noor


BGP Metric Attributes
● Up to 14 (de 0 au 13)

● Attributes : well-known (for all vendors) or optional (supported by

some vendors only, e.g., CISCO)

● Mandatory (obligatoire dans updates) or discritionary (pas forcément

envoyés dans les mises à jours)

● Transitive (ils peuvent passer d’AS en AS) or non-transitive (ne

dépassent pas AS)

You might also like