You are previewing Practical BGP.
O'Reilly logo
Practical BGP

Book Description


“I would recommend this book to network engineers, Internet service providers, network software developers, and IT staff who need to deal with network planning and routing.”

–Enke Chen, Redback Networks

Hands-on guidance for deploying and optimizing BGP networks–enterprise and ISP

Now there’s a practical guide to deploying and managing BGPv4 in any environment–from small enterprises to the largest Tier 2 and Tier 3 service providers. A team of the world’s leading BGP experts brings together powerful insights into network design, configuration, and deployment with the latest version of BGP–including hands-on guidance for leveraging its key enhancements. Coverage includes

• Best practices and diverse real-world scenarios for applying BGPv4

• Understanding the impact of BGP design on local networks and the global Internet backbone

• Building effective BGP policies: aggregation, propagation, accounting, and more

• Maximizing scalability and performance in BGPv4 networks

• BGP and network security, including Secure Origin BGP

• Deploying BGP/MPLS Layer 3 VPNs

Extensive troubleshooting guidance unavailable in any other book

If you’re a network engineer or administrator looking to drive maximum reliability and performance from BGP-based networks, Practical BGP will help you get the job done–from start to finish.

RUSS WHITE is a Network Protocols Deployment Engineer in Cisco Systems Routing DNA Team specializing in routing protocols. A widely recognized expert in networking, he co-chairs the IETF Routing Protocols Security working group, and co-authored Advanced IP Network Design, IS—IS for IP Networks, and Inside Cisco IOS Software Architecture.

DANNY McPHERSON is a member of the Architecture Team at Arbor Networks. He has held technical leadership positions with several global ISPs, is active within the IETF, and is an acknowledged expert in Internet architecture and security. He co-authored Internet Routing Architectures, Second Edition.

SRIHARI SANGLI, Senior Manager for MPLS and routing development at Procket Networks, was formerly Senior Technical Leader in Cisco’s IOS Routing Protocols group. He, along with others at Cisco, coded the industry-first implementation of BGP/MPLS based Layer-3 VPN.

Table of Contents

  1. Copyright
  2. Foreword
  3. Preface
  4. 1. The Border Gateway Protocol
    1. Exterior and Interior Gateway Protocols
      1. Routing Domains
      2. Why Not Use a Single Protocol for Both Internal and External Routing?
        1. Preventing Changes in Other Routing Domains from Impacting Network Operation
        2. Hiding Information about Your Network
        3. Policies between Domains
    2. Distance Vector, Link State, and Path Vector
      1. Link State
      2. Distance Vector
      3. Path Vector
    3. BGP Path Vector Implementation
    4. BGP Peering
      1. BGP Transport
        1. Transporting Data between Peers
        2. BGP Routes and Formatting Data
      2. Interior and Exterior Peering
      3. BGP Notifications
        1. Message Header Errors
        2. Open Message Errors
        3. Update Message Errors
        4. Cease
      4. BGP Capabilities
      5. The BGP Peering Process
    5. BGP Attributes
      1. Origin Code
      2. AS Path
      3. Next Hop
      4. Multiple Exit Discriminator (MED)
      5. Local Preference
      6. Communities
      7. Extended Communities
      8. Multiprotocol Addresses
      9. Attributes and Aggregation
        1. Aggregation and the AS Path
        2. The Atomic Aggregate
    6. BGP's Best Path Algorithm
      1. Interior Gateway Protocol Cost
      2. BGP Identifier
      3. Weight
    7. Review Questions
  5. 2. BGP at the Edge
    1. Connecting to a Service Provider
      1. The Physical Connection
      2. IP Addressing
      3. Security
    2. Single Homing to a Service Provider
    3. Dual Homing to a Single Service Provider
      1. Advantages
      2. Disadvantages
      3. When Should You Run BGP?
      4. Do You Need an Autonomous System Number?
      5. Inbound Traffic Flow Control
      6. Inbound Load Balancing
        1. BGP Multipath Inside the Service Provider's Network
        2. Controlling Inbound Flow Using Longer Prefix Advertisements
    4. Dual Homing to Multiple Service Providers
      1. Controlling Inbound Traffic Flow
        1. Getting Traffic to Flow on Both Inbound Links
        2. Controlling the Choices Other Providers Make through AS Path Prepend
      2. Using Only One Link at A Time
        1. Conditional Advertisement
    5. Controlling Outbound Traffic Flow
      1. Controlling Outbound Traffic Flow Using Interior Gateway Protocols
      2. Using BGP for Controlling Outbound Traffic Flow
        1. Accepting Full Routes and Using Interior BGP Multipath or BGP Policies
        2. Using a Multihop BGP Session
        3. Accepting Partial Routes
    6. Forcing Symmetric Entry and Exit Points
      1. Symmetric Paths versus Symmetric Entry and Exit Points
        1. Using Two Address Pools
        2. Using One Address Pool
    7. Intelligent Routing
    8. Considerations for All Service Provider Peering Situations
      1. How Not to Transit Traffic
      2. Peering Techniques
      3. Route Origination
    9. Review Questions
  6. 3. Scaling the Enterprise Using BGP
    1. BGP Cores
      1. A Large Network Split into Domains
        1. Areas 40 and 41
        2. The Data Center
        3. Area 51
        4. The Smaller Areas (Areas 28 through 39)
        5. IBGP or eBGP?
      2. Using a BGP Core to Implement a Network Redesign
      3. A Network Managed by Multiple Teams
        1. Networks Divided along Geographic Regions
        2. Merging Networks with a BGP Core
    2. Implementing a BGP Core
      1. eBGP Cores versus iBGP Cores
      2. Routing within the Core
      3. Originating Routes into the Core and the Domains
        1. Redistributing Route among the Core and the Routing Domains
        2. Aggregation
        3. Reoriginating Routes
        4. Which Origination Method Is Preferred by BGP?
        5. Suboptimal Routing with Restricted Reachability Information
    3. External Connections
      1. Single Internet Connection
      2. Multiple Internet Connections
        1. Multiple Connection Points and Confederations
    4. Review Questions
  7. 4. Core Design with iBGP
    1. Full Mesh iBGP Cores
      1. Why Full Mesh?
      2. Implications of Full Mesh Cores on Scaling
    2. Route Reflectors
      1. How Route Reflection Works
        1. Rules for Reflecting Routes
        2. New Attributes Added to Prevent Loops
        3. Modification of Other Attributes
      2. Deploying Route Reflectors
        1. How Many Route Reflectors?
        2. Cluster IDs with Multiple Route Reflectors
        3. Physical Topology versus Logical Topology
        4. Impacts of Reflection on the Best Path
        5. Hierarchical Route Reflectors
    3. BGP Confederations
      1. How Confederations Work
        1. New Attributes
        2. Tracking an Update Through a Confederation
      2. Deploying Confederations
    4. Review Questions
  8. 5. BGP Performance
    1. Peer Groups
      1. Impact on Convergence
      2. Update Groups and Peer Templates
        1. Are Policy Configuration and Performance Really Unlinked?
    2. Update Packing
    3. Timers
      1. Hold and Keepalive Timers
      2. Connect Retry
      3. Open Delay
      4. Minimum Origination Interval
      5. Minimum Route Advertisement Interval
    4. Transport-Level Issues
      1. Fast External Fallover
      2. TCP Path Maximum Transmission Unit (MTU)
      3. TCP and Packet Buffer Overflows
    5. Review Questions
  9. 6. BGP Policy
    1. Policy Instruments
      1. Access Lists
        1. Extended Access Lists
        2. Application of Nonexistent Access Lists
      2. Prefix Lists
        1. Empty Prefix Lists
      3. Regular Expressions
      4. Community Lists
        1. Extended Communities
      5. AS Path Access Lists
        1. Empty AS Path Access Lists
    2. Local Preference
      1. Route Maps
        1. Route Map Match Statements
        2. Route Map Set Statements
        3. The Continue
      2. Policy Lists
    3. Communities in Practice—RFC 1998 and Other Routing Policies
      1. Setting Routing Policy in Connected Autonomous Systems Using Communities
      2. Using Local Preference to Set Policy
      3. Sending and Accepting Communities
      4. Effects on Update Packing
    4. Safety Nets
      1. Acceptable Advertisement Length
      2. Bogon Filters
        1. Team CYMRU
      3. Maximum Prefixes
    5. The AS Path
      1. Remove Private AS
      2. Enforce First AS
      3. Common AS Path Filters
        1. Allowing Only Locally Originated Destinations
        2. Filtering on the Number of Autonomous Systems in the Path
    6. Route Flap Damping
    7. Outbound Route Filtering
    8. BGP MED Deployment Considerations
      1. MEDs and Potatoes
        1. Hot Potato Routing
        2. Cold Potato Routing
        3. Which Potato—Hot or Cold?
      2. Implementation and Protocol Considerations
        1. MED Is an Optional Nontransitive Attribute
      3. MED Values and Preferences
      4. Comparing MEDs between Different Autonomous Systems
      5. MEDs, Route Reflection and AS Confederations for BGP
      6. Route Flap Damping and MED Churn
      7. Effects of MEDs on Update Packing Efficiency
      8. Temporal Route Selection
      9. Effects of Aggregation on MEDs
      10. MED Security Considerations
    9. Review Questions
  10. 7. New Features in BGP
    1. BGP Custom Decision Process
    2. Controlling Redistribution at Remote Points
      1. Redistribution Communities
      2. No Peer
    3. Multipath
      1. Unequal Cost Multipath and the Exit Link Bandwidth
    4. BGP Graceful Restart
      1. Graceful Restart Deployment Considerations
    5. Interaction with Interior Gateway Protocols during Convergence
      1. OSPF “Stub Router” Advertisement
      2. IS-IS Overload Bit
    6. Inbound Route Summarization
    7. Conditional Communities
    8. Flexible Communities
    9. Outbound Route Filtering
    10. Review Questions
  11. 8. Troubleshooting BGP
    1. Establishing Neighbors
      1. No IP Connectivity
      2. eBGP Multihop
      3. Mismatched Session Endpoints
      4. Open Parameters Mismatch
      5. Flapping Peers
    2. Update Exchange
      1. Missing Prefixes
        1. Synchronization
        2. Misconfigured or Misapplied Filtering
        3. Next Hop Reachability
        4. Local Origination Problems
        5. Duplicate Router IDs
        6. Duplicate Cluster IDs
        7. Troubleshooting Tools for Update Problems in Cisco IOS Software
    3. Inconsistent Routing
      1. Multiple Exit Discriminator Indeterminism
      2. Oldest Route versus the Highest Router ID
    4. Next Hop Recursion Oscillation
      1. Oscillating between Two Next Hops
      2. Oscillating between Installing and Removing the Routes from the Local Routing Table
      3. Troubleshooting Next Hop Recursion Oscillation
    5. Route Churn
      1. Troubleshooting Route Churn
      2. Resolving Route Churn
    6. Review Questions
  12. 9. BGP and Network Security
    1. Protecting Peering Relationships
      1. Infrastructure ACLs (iACLs)
      2. MD5 Authentication
      3. BGP over IPsec
      4. The Generalized TTL Security Mechanism
    2. Preventing Spoofing at the Edge
    3. Securing Routing Information within BGP
      1. soBGP
        1. The Entity Database and the EntityCert
        2. The Directed Graph and the PolicyCert
        3. The Address Block Database and the AuthCert
        4. Validating Received Routing Information
        5. Route Validation and the Security Preference
        6. Propagating the Certificates
        7. Partial Deployment of soBGP
        8. Edge-to-Edge Deployment of soBGP
        9. Server to Server Deployment of soBGP
        10. Key Rollover and Certificate Revocation in soBGP
        11. soBGP Summary
      2. Secure BGP
        1. Cryptographic Optimizations
    4. Review Questions
  13. 10. Deploying BGP/MPLS Layer-3 VPNs
    1. What Is a Virtual Private Network?
      1. Overlay and Peer-to-Peer VPNs
        1. The Overlay Model
        2. The Peer-to-Peer Model
        3. Which Model Is Best?
        4. Intranet and Extranet VPNs
      2. Other Terms
    2. The BGP/MPLS-Based VPN
      1. CE to PE routing
      2. Supporting Overlapping Addresses
      3. Multiple Routing and Forwarding Tables
      4. BGP as the Signaling Protocol
        1. Carrying Reachability Information
        2. Extended Communities Carried with VPN-IPv4 Routes
      5. VPN Colors
      6. Exporting and Importing VPN-IPv4 Routes
      7. MPLS Forwarding
    3. Putting It Together: An MPLS/BGP VPN Example
      1. Examining the Control Plane
      2. Examining the Forwarding Plane
    4. VPN Topologies
      1. Hub and Spoke
      2. Any to Any (Full Mesh) Topology
      3. Partial Mesh Topology
    5. VPN Service Provider Deployment Considerations
      1. MPLS/BGP VPNs and Confederations
      2. Route Reflectors
      3. Carrier's Carrier
    6. Conclusion
    7. Review Questions
  14. A. Answers to the Review Questions
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10