橡C14.PDF

Size: px

Start display at page:

Download "橡C14.PDF"

さみにばし
4 years ago
Views:

1 BGP4 (( ) InternetWeek 98 ( ) Internet Week Toshiya Asaba, Japan Network Information Center

2 1. 2. BGP ISP 2.3. IX BGP BGP EBGP IBGP 3.3. BGP AS 3.4. AS AS BGP 5.1. IBGP 5.2. Route Flapping Dampening : Cisco

3 1. ISP BGP4 BGP4 BGP4 2. BGP 2.1. user IX IX IX 2.1.: IX ISP ISP 2.2. ISP ISP IX ISP ISP Internet Service Provider ISP

4 IX ISP 2.3. IX - ISP IX Internet exchange) ISP FDDI ATM ISP Network Access Point (NAP) Metropolitan Area Exchange (MAE) LINX, NSPIXP,JPIX, MEX,HKIX, etc. ISP ISP LAN Network Access Point(NAP) MCIWORLDCOM MFS Metropolitan Area Exchange NAP MAE West NAP NSF( ) NSF ISP MAE LINX London Internet Exchange NSPIXP JPIX MEX Media Exchange HKIX Hong Kong IX PHIX

5 ISP ISP ISP Ethernet, FDDI, ATM ISP ISP ISP IX IX LAN ISP ISP IX ISP IX ISP ISP ISP

6 2 ISP ISP Interior Gateway (or Routing) Protocol (IGP) OSPF, RIP2 Exterior Gateway (or Routing) Protocol (EGP) BGP4 ISP ISP ISP ISP ISP Exterior Gateway Protocol BGP4 ISP ISP ISP OSPF RIP CIDR Class-less Inter-Domain Routing (RFC1918) IPv6 (RFC1883)

7 IP 32 CIDR IPv6 10 CIDR(Classless Inter-Domain Routing) IPv = /26 CIDR v4

8 CIDR CIDR ( /26) Classless VLSM / / Supernet / Glassful all-0, all-1 Classless CIDR VLSM(Valuable Length Subnet Mask) ( Supernet ) all-0 all-1

9 ( ) OS CIDR

10 ISP / /18 ISP A / / /19 ISP B ISP C User E User F / / / /21 User A User B User C User D 2.5.2: ISP ISP ISP / ISP A ISP A /16 ISP /18 ISP /18 /27 User A /19 User F ISP /23 / /22 ISP C

11 U ser F U ser E /27 ISP A / /16 ISP / / /23 U ser A ISP B /22 U ser B ISP C /19 U ser C /21 U ser D 2.5.3: ISP B /23 A /22 B ISP B ISP B A ISP B B A B ISP B /18 CIDR 10 ISP C ISP A ISP A

12 CIDR IPv IPv4 IPv6 v6

13 <SURFNET E Eric-Jan Boss > 2.5.5: ( ) CIDR CIDR 1994 ISP 2,000 3,000

14 3. BGP BGP4 BGP4 BGP3 ISP CIDR CIDR BGP4 BGP4 CIDR BGP4(Border Gateway Protocol) RFC1771 AS de-facto Autonomous System (AS) ISP AS AS CIDR CIDR BGP4 RFC1771 AS CIDR BGP4 AS(Autonomous System) ISP AS ISP ISP AS AS UUNET SPRINTLINK AS ISP AS BGP4 AS BGP4 TCP 179 (peer) 1 1

15 RIP Incremental 16 AS ( IIJ AS2497) Path Vector Preference, etc. Path Attribute) AS Path, Origin, Next Hop, Multi-Exit-Discriminator(MED), Local TCP BGP TCP BGP peer peer RIP ( 30 T3 ) BGP Incremental AS AS BGP 16 IIJ AS2497 AS Path Vector AS Path Origin Next Hop Path Vector

16 3.2. EBGP IBGP BGP ( ) BGP EBGP (External BGP) AS BGP BGP IBGP (Internal BGP) AS BGP BGP full mesh BGP IBGP peer TCP peer BGP BGP BGP AS BGP BGP EBGP AS BGP IBGP AS AS AS BGP IBGP BGP BGP IBGP IBGP EBGP IBGP IBGP peer IBGP peer IBGP peer

17 3.3. BGP AS user user ISP AS user ISP user ISP user AS user IX IX IX ISP ISP ISP AS AS user user AS user user user 3.5: BGP AS ISP AS ISP AS ISP AS 3.5 AS BGP AS BGP ISP

18 3.4. AS AS AS ψ EBGP AS AS ψ IBGP E BGP A S ψ IGP N LRI BGP IGP IGP EBGP IBGP 3.6: AS AS AS BGP AS EBGP AS 3.6 AS BGP AS BGP AS EBGP AS BGP IBGP BGP IBGP IBGP peer IBGP peer IBGP BGP AS EBGP OSPL RIP IBGP NLRI(Network Layer Reachability Information) BGP IGP BGP IBGP IGP BGP IBGP IBGP IGP IGP

19 AS BGP

20 3.5. Transitive) Non-Transitive) Mandatory) Optional) BGP peer Origin BGP : IGP, EGP, Incomplete IGP EGP Incomplete( ) AS Origin IGP EGP External Gateway Protocol External Gateway Protocol EGP BGP Origin EGP E BGP4 BGP4 BGP4 Cisco ridistribute Origin EGP Incomplete IGP EGP

21 AS Path AS / AS Path prepend, stuffing AS Path AS AS AS Path RIP AS Path RFC AS Path RFC AS Path AS Path AS Path prepend stuffing prepend Cisco stuffing Bay Networks /16 AS2 AS4 AS /16 AS3 AS / / / / AS /16 AS / : AS Path AS1 AS / /16 AS5 AS /16 AS2 AS3 AS5 AS AS2 AS3 AS5 3 2 AS Path AS2

22 AS4 AS5 AS Path /16 AS2 3 5 AS2 4 5 AS Path AS AS Path AS5 Next Hop AS1 R /16 R3 prefix /16 Next hop AS2 R2 EBGP R2 prefix /16 Next hop R4 prefix /16 Next hop AS R4 EBGP R3 IBGP AS IP IBGP R3 R1 IGP 3.7.3: Next Hop Next Hop IGP OSP RIP Next Hop BGP Next Hop AS AS Next Hop AS /16 EBGP R2 R3 IBGP AS3 R4 EBGP R1 R2 R2 Next Hop R1 IBGP R3 Next Hop R1 AS Next Hop R3 AS AS Next Hop R3 Next Hop R3 Next Hop IGP

23 Multi-Exit Discriminator (MED) AS IGP IGP OSPF RIP MED AS MED ISP MED MED AS AS AS1 A S2 Link1 Link2 Link1 EBGP MED=100 R1 R3 MED=100 AS1 IBGP IBGP AS2 MED=200 R2 R4 MED=200 EBGP Link MED AS1 AS2 EBGP MED Link1 Link2 MED MED Link1 100 Link2 Link1 200 AS1 AS2 Link1 Link1 Link2

24 Local Preference AS AS AS AS AS AS Preference( ) MED Preference MED

25 MED AS Local Preference AS AS5 AS1 AS4 AS Path AS3 AS5 A S4 Local_Pref 1 AS2 2 1 AS4 AS /16 1 AS3 3 1 AS5 Local_pref=100 Local_pref= : Local Preference AS /16 AS5 AS Path AS5 AS4 AS Path AS4 AS2 AS1 AS AS3 3 1 AS3 AS1 AS Path AS3 Cisco AS5 Local Preference AS Path AS4 Local Preference 100 AS5 Local Preference 90 AS5 AS4 AS AS 10 Atomic Aggregate Aggregator Atomic Aggregate : Aggregate)

26 Aggregator : BGP IP AS AS1 AS / /24 AS /16 Atomic_Aggregate, Aggregator={3, } Atomic Aggregate Aggregator 3.7.6: CIDR Aggregate AS1 2 3 AS3 AS /24 AS /24 AS /16 AS3 Atomic Aggregate Aggregator AS Atomic Aggregate Aggregate Aggregator AS AS Aggregate Community RFC

27 Aggregator RFC1771 BGP4 Community RFC1997 AS AS

28 Community ( ) 0x x0000FFFF 0xFFFF0000-0xFFFFFFFF Well-Known Community: NO_EXPORT(0xFFFFFF01): AS NO_ADVERTISE(0xFFFFF02): NO_EXPORT_SUBCONFED(0xFFFFFF03): AS Community 32 Well-Known Community AS NO_EXPORT Community ISP AS Community Community NO_ADVERTISE BGP IBGP peer NO_EXPORT_SUBCONFED AS (AS Confederation) AS BGP Community Well-Known Community Community ( ) AS Community 16 : Community AS 16 : AS Community : AS : Community AS Community AS AS AS Community AS Ingress Filter Community 2497:10

29 2497:20 peer Community Egress Filter 2497:10 Community upstream AS Community 16 Community AS AS Community AS Community 2497:10 Community 2497:20 peer IX AS Community Community2497:10 AS Egress Filter Ingress Filter Community Egress Filter update Community Egress Filter Community Community AS (Confederation) RFC1965 AS AS AS AS AS AS ) AS IGP AS AS IBGP EBGP AS Next Hop, MED, Local Preference AS IBGP

30 AS (AS Confederation) RFC1771 RFC1965 AS AS AS BGP Confederation AS AS AS AS AS AS AS Confederation AS AS BGP4 AS AS AS IGP IGP OSPF AS External OSPF update Confederation AS OSPF AS AS AS AS BGP peer AS peer IBGP EBGP EBGP IBGP AS EBGP Next Hop Confederation AS EBGP MED EBGP Confederation AS Confederation MED Next Hop AS EBGP Local Preference AS IBGP BGP

31 Confederation ID2 AS65002 IBGP AS1 EBGP AS Path: 1 AS65001 EBGP AS Path: (65001) 1 AS Path: ( ) 1 AS65003 EBGP AS3 AS Path: : AS Confederation AS Confederation AS AS1 AS3 EBGP Confederation AS65001 AS65002 AS65003 EBGP IBGP Confederation AS AS EBGP AS IBGP AS IGP Confederation AS AS Path:1 AS Path AS1 AS65001 IBGP AS AS Path:(65001) AS AS Confederation 1 Confederation AS AS AS65002 AS Path AS AS Path:( ) 1 AS65003 AS3 EBGP AS AS (Confederation ID) 2

32 Route Reflector RFC1966 AS BGP AS BGP BGP Route Reflector RFC1771 RFC1966 IBGP peer peer IBGP BGP IBGP peer IBGP Route Reflector AS ( ) BGP BGP IBGP EBGP EBGP IBGP AS Cluster 1 Cluster : Route Reflector Route Reflector Cluster 1 Cluster2 Route Reflector Route Reflector

33 IBGP BGP Route Reflector IBGP EBGP Route Reflector Route Reflector Route Reflector IBGP peer Route Reflector EBGP IBGP Route Reflector

34 ISP(AS) ISP BGP IBGP OSPF AS ISP OSPF ISP ISP BGP AS

35 4.2. AS AS AS AS AS upstream AS( IX Peer) AS IX peer AS AS upstream AS AS AS AS AS AS AS Path upstream AS

36 4.3. (2 ) (1 ) (3 ) 1. A S : 2. A S : 3. A S : 4.3: 4.3 AS AS AS AS AS AS AS AS Ingress ( ) Egress ( ) BGP Local_pref, MED, AS Path Prepend Community BGP Ingress Filtering Egress Filtering AS Path AS Path Local_pref MED AS Path Prepend Community AS Community

37 AS

38 4.4. AS1 AS2 AS4 AS3 A S4 A S1 A S3 A S_PATH 4.4: AS4 AS1 AS3 AS_PATH 4.4 AS4 ISP AS1 AS3 AS1 AS3 AS4 AS1 AS3 AS3 AS AS AS AS_PATH AS AS AS Path Local Preference NEXT_HOP IGP (Hot Potato) Next Hop Hot Potato Hot Potato Next Hop Next Hop

39 AS OSPF Next Hop External External IX IX AS PATH AS4 (1) AS Path: AS2 AS1 (2) AS Path: AS3 AS2 AS1 AS Path (1) Ingress Filter (2) AS Path Local_pref AS5 AS4 AS1 IX-A AS2 AS3 IX-B AS4 AS5 AS4 ψ AS Path: AS2 AS1 ψ AS Path A S3 AS2 AS1 ψ AS Path ψ Ingress Filter AS Path Local_Pref AS5 A S : AS PATH AS Path AS4 AS1 AS1 AS2 AS4 AS Path AS2 AS1 AS show ip bgp 2 1 AS4 AS3 IX-A AS2 AS1 AS3 AS2 AS1 IX-B AS4 Ingress Filter Local Preference IX-A

40 AS4 AS5 AS4 AS1 IX-B AS2 AS5 AS5 AS4 AS3 IX-A AS2 AS1 AS5 AS4 IX-B AS2 AS1 BGP Path AS5 AS4 Cisco BGP AS MED MED AS1 R1 R2 MED=100 MED=100 MED=200 MED=200 R3 R4 AS : AS AS MED MED=100 MED=200 MED AS MED AS (Hot Potato) AS

41 MED Next Hop IGP IX ISP A S M E D N ext H op IG P IX ISP A S 1 R 1 R 2 R 3 R 4 A S : AS (Hot Potato) Hot Potato AS Hot Potato ITU RFC MED MED MED Next Hop IGP AS1 AS2 Next Hop AS Next Hop IGP IGP BGP IGP Next Hop IBGP MED Next Hop Next Hop Next Hop BGP IBGP OSPF ISP IX

42 MED Hot Potato 4.6. ψ ψ ψ M ED,A S PATH Prepend, Com m unity 4.6. AS AS AS MED AS AS Path Prepend Community AS AS AS

43 AS1 AS4 AS2 AS1 Ingress Filter local_pref AS4 AS /16 AS4 AS2 AS3 AS2 AS4 local_pref=100 IBGP AS1 AS3 AS4 local_pref=90 Prefix Local_Pref / / AS Path AS3 AS4 AS2 AS : AS AS1 AS4 AS Path AS1 AS1 Ingress Filter AS Path: AS2 AS4 local_pref=100 AS Path: AS3 AS4 local_pref=90 Local Preference BGP AS Path Local Preference (1) AS4 AS1 AS2 AS4 egress filter AS Prepend AS4 AS /16 Prepend AS4 AS4 AS4 AS2 AS3 AS2 AS4 AS3 AS4 AS4 IBGP AS1 Prefix AS Path /16 AS3 AS4 AS /16 AS2 AS : (1) AS4 AS AS AS4 Ingress Filter AS1 AS Path Prepend AS Path Prepend AS Path AS1

44 (2) AS4 AS1 AS4 egress filter community AS2 AS1 ingress filter AS Community RFC1998 community local_pref ISP /16 community=1:90 community=1: EBGP AS4 EBGP AS2 AS3 EBGP local_pref=100 IBGP AS1 EBGP local_pref=90 Prefix Local_Pref / / Community 1:90 1: : (2) Community AS4 AS1 AS2 AS4 Community AS3 community=1:100 AS2 community=1:90 community AS AS1 Community AS4 AS1 Community 1: Local Preference AS4 Community AS1 AS ISP MCI RFC IIJ 4.7. (RR) AS (RS) 2 ISP BGP RR ISP RR

45 AS AS ISP ISP IX IX IX AS AS update IX ISP B G P R S Policy Info. R R ISP Policy D B ISP ISP ISP ISP 4.7: 4.7 RR RS RR

46 ITF

47 5. BGP ISP 5.1. IBGP BGP IBGP IGP AS IBGP IGP IBGP "HACK" IGP OSPF BGP flapping IBGP IBGP IGP Next Hop IGP IBGP BGP BGP AS IBGP IGP AS IBGP IGP AS IGP OSPF Cisco 7500 BGP OSPF OSPF AS External BGP BGP IGP IBGP AS IBGP IGP flapping IGP BGP IGP BGP peer AS

48 update Route Flapping IBGP "HACK" IBGP IGP BGP IGP IBGP AS IBGP AS BGP IBGP OSPF BGP OSPF IBGP IBGP "HACK" BGP IBGP OSPF BGP BGP OSPF BGP IBGP IBGP "HACK" IBGP BGP IBGP "HACK" n IBGP n IBGP ψ N 2 IBGP ξ peer update ξ 7 BGP 21 IBGP EBGP IBGP AS 5.1.1: IBGP

49 5.1.1 AS BGP IBGP "HACK" 21 IBGP Confederation 2 A S 2 EBGP 9 I B G P AS 2 AS 1 Confederation 5.1.2: Confederation Confederation Confederation AS IBGP Confederation 9 IBGP Route Reflector IBGP AS 5.1.3: Route Reflector Route Reflector Confederation AS AS 28 Route Reflector 2 IBGP 9 IBGP

50 Confederation Route Reflector IBGP Route Reflector IGP Confederation AS AS OSPF IGP OSPF BGP OSPF AS AS OSPF Confederation AS AS AS 5.2. Route Flapping Dampening (Route Flapping) UPDATE WITHDRAW CPU Dampening) flap dampening Route Flapping ISP BGP Incremental update update BGP AS EBGP update Dampening

51 AS Dampening update Flap Dampening Dampening Dampening ψ ψ ψ ψ 5.2: Dampening 5.2 Dampening Flap Flap Flap Dampening (Suppress Limit) Flap (Reuse Limit) ISP Dampening Flap Dampening Dampening AS

52 5.3. AS AS AS AS Hot Potato Cold Potato MED peer ISP AS Closest Exit Hot Potato Hot Potato Cold Potato AS MED MED peer IX ISP Local Preference ISP IX peer AS IX 24

53 AS M ED A S A S A S1 R1 R2 Local_pref=90 Local_pref=100 MED=100 R3 R4 MED=200 A S : ( AS ) AS2 MED AS1 Local Preference Local Preference AS1 MED Local Preference MED AS1 AS2 AS AS2 AS1 peer peer AS4 A S2 A S3 AS2 A S1 AS1 A S3 p eer A S ψ AS1 AS4 AS1 A S2 A S4 AS4 AS1 A S3 A S4 AS Local_pref=100 Local_pref=110 AS1 IX AS3 AS2 Local_pref=110 AS

54 5.3.2 AS4 AS2 AS3 AS2 AS1 AS1 AS3 IX peer AS Path AS4 AS1 2Hop AS AS4 AS2 AS2 AS1 AS1 AS4 AS1-AS2-AS4 AS4 AS1-AS3-AS4 AS1 Community Local Preference Community AS1 IX 5.4. AS origin AS more specific route Aggregate more specific IX BGP AS Next Hop AS Origin AS AS AS CIDR Aggregate IX AS BGP AS Next Hop IX IX

55 AS /16 N ext Hop IGP EBGP A S1 AS2 AS3 IX AS1 AS /24 EBGP IX AS / /24 Next Hop: EBGP AS2 IGP /24 IBGP / /16 Next Hop: : IX AS1 AS2 AS3 IX AS1-AS3 AS3-AS2 peer AS1 AS2 IX /24 AS /16 EBGP AS2 AS /16 Next Hop IBGP IBGP "HACK" Next Hop OSPF IGP /16 Next Hop IGP AS /24 AS IGP ridistribute BGP AS /24 Next Hop EBGP IBGP AS2 AS2 IGP BGP Cisco BGP IGP BGP BGP AS /16 Next Hop BGP Next Hop AS1 IX IGP BGP

56 5.5. Ingress AS RR RR ( ) ISP Ingress Filter peer AS AS peer AS BGP update 5.6. DNS Secure BGP AS DNS AS draft-bates-bgp4-nlri-orig-verif-00.txt IPSEC peer PKI Public Key Infrastructure)

57 DNS AS CIDR AS DNS AS DNS BGP update AS AS DNS-based NLRI origin AS verification in BGP Secure BGP IPSEC peer Public Key Infrastructure

58 6. BGP4 AS BGP4 BGP BGP BGP BGP4 AS AS ISP BGP4 AS AS BGP BGP BGP AS BGP AS AS 16 AS RR RS RR UPDATE route flapping

59 Route Flapping BGP

60 7. : Cisco Cisco AS65001 R1 R2 AS / /16 router bgp network neighbor remote-as router bgp network neighbor remote-as MED / / /30 EBGP MED=100 R1 R3 MED=100 AS1 IBGP IBGP AS2 MED=200 R2 R4 MED=200 EBGP / / /30

61 MED 1 interface loopback 0 ip address router bgp 1 no synchronization neighbor remote-as 1 neighbor update-source loopback0 neighbor remote-as 2 neighbor route-map MED-OUT out route-map MED-OUT permit 10 match as-path 10 set metric 100 ip as-path access-list 10 permit ^$ 2 interface loopback 0 ip address router bgp 1 no synchronization neighbor remote-as 1 neighbor update-source loopback0 neighbor remote-as 2 neighbor route-map MED-OUT out route-map MED-OUT permit 10 match as-path 10 set metric 200 ip as-path access-list 10 permit ^$

62 Aggregate AS1 AS / / /32 AS / /16 Atomic_Aggregate, /32 Aggregator={3, } AS PATH= PATH= 3 3 {1, 2} interface loopback 0 ip address router bgp 3 no synchronization network aggregate-address as-set summary-only neighbor remote-as 3 neighbor update-source loopback0 neighbor remote-as 3 neighbor update-source loopback0 neighbor X.X.X.X remote-as XX

63 Local-preference 1 AS2 2 1 AS4 AS /16 1 AS / /30 AS5 3 1 AS1 AS4 AS5 cisco local-preference router bgp neighbor remote-as 3 neighbor fromas3 in ip as-path access-list 10 permit ^3_1$ route-map fromas3 permit 10 match as-path 10 set local-preference AS PREPEND 1 AS2 2 1 AS4 AS / / / AS AS5 AS1 router bgp 1 network mask neighbor remote-as 2 neighbor remote-as 3 neighbor route-map PREPEND out route-map PREPEND permit 10 set as-path prepend 1 1

64 Community local_pref=100 AS4 IBGP local_pref=90 EBGP EBGP EBGP AS /30 AS1 AS3 AS1 ip bgp new-format access-list router bgp 1 neighbor remote-as 2 neighbor send-community neighbor route-map toas2 out neighbor remote-as 3 EBGP / /30 neighbor send-community neighbor route-map toas3 out route-map toas2 permit 10 match ip address 10 set community 4:100 route-map toas3 permit 10 match ip address 10 set community 4:90

All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 1

asaba@iij.ad.jp All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 1 All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 2 user IX IX IX All Rights Reserved. Copyright(c)1997

橡C14.PDF

橡C14.PDF