BGP Case Studies in the field

  • Published on
    03-Jan-2016

  • View
    56

  • Download
    1

Embed Size (px)

DESCRIPTION

BGP Case Studies in the field. Traffic . Inbound Traffic ISP/ Inbound Traffic Outbound Traffic Outbound Traffic Inbound Traffic - PowerPoint PPT Presentation

Transcript

  • BGP Case Studiesin the field

  • Traffic Inbound Traffic ISP/ Inbound Traffic Outbound Traffic Outbound Traffic Inbound Traffic Outbound Traffic 100% BGP 1Best Path 1100% 50:50 traffic AS-Path & Prefix Filtering

  • Traffic Inboundas-path MED prefix Outboundweight (only Cisco IOS)local_preferenceas-path MED Wegiht: best pathLocal Preference: best pathAs-path : best pathMED: best pathprefix : best path

  • Example-1as-path DACOMAS3786KTAS4766KTAS3559CUSTAS100ISP1AS2000ISP2AS300010.1.1.0/24*>10.1.1.0/24 3786 100 i 10.1.1.0/24 4766 3559 100 i

  • Example-2as-path router-ID best path DACOMAS3786INETAS3976CUSTAS100ISP1AS2000ISP2AS300010.1.1.0/24*>10.1.1.0/24 3786 100 i 10.1.1.0/24 3976 100 i 10.1.1.0/24 3786 100 i*>10.1.1.0/24 3976 100 i

  • Example-3 ISP MED inbound traffic DACOMAS3786INETAS3976CUSTAS100ISPAS20012.1.1.0/2414.1.1.0/24Set MED=10 outfor 12.1.1.0/24Set MED=10 out for 14.1.1.0/2412.1.1.0/24 traffic14.1.1.0/24 trafficMED External BGP Neighbor AS .)

  • Example-4ISP MED ISP MED inbound traffic DACOMAS3786CUSTAS10012.1.1.0/2414.1.1.0/24Set MED=10 outfor 12.1.1.0/24Set MED=10 out for 14.1.1.0/24*>12.1.1.0/24 n-h1 med=null 100 i 12.1.1.0/24 n-h2 med=10 100 i 14.1.1.0/24 n-h1 med=10 100 i*>14.1.1.0/24 n-h2 med=null 100 i12.1.1.0/24 traffic14.1.1.0/24 trafficn-h1n-h2Lowest MED

  • Example-5as-path prepend inbound traffic DACOMAS3786KTAS4766KTAS3559CUSTAS100Internet10.1.1.0/24as-path prepend 100 out*>10.1.1.0/24 3786 100 10.1.1.0/24 4766 3559 100 10.1.1.0/24 3786 100 100*>10.1.1.0/24 4766 3559 100DACOM Inbound traffic 100% KT Inbound traffic 50%

  • Example-6as-path prepend inbound traffic DACOMAS3786INETAS3976CUSTAS100Traffic DACOMAS3786INETAS3976CUSTAS100As-path prepend100 out

  • Example-7as-path prepend inbound traffic CUSTAS10012.1.1.0/2414.1.1.0/24As-path prepend100 for 12.1.1.0/24As-path prepend100 for 14.1.1.0/24*>12.1.1.0/24 3786 100 12.1.1.0/24 3976 100 100 14.1.1.0/24 3786 100 100*>14.1.1.0/24 3976 100DACOMAS3786INETAS3976Internet

  • Example-8Prefix Length inbound traffic CUSTAS10012.1.0.0/16 12.1.0.0/17 12.1.128.0/17DACOMAS3786KTAS3559Internet12.1.0.0/1612.1.0.0/1712.1.0.0/1612.1.128.0/1712.1.128.0/1712.1.128.0/1712.1.0.0/1712.1.0.0/17DACOM 50%, KT 100% ()

  • Example-9MED outbound path DACOMAS3786INETAS3976CUSTAS100CUSTAS20010.1.1.0/2412.1.1.0/24InternetSet MED=10 in for AS200*>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i

  • Example-10MED outbound DACOMAS3786INETAS3976CUSTAS100CUSTAS20012.1.1.0/2414.1.1.0/24Set MED=10 in for 12.1.1.0/24*>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i 14.1.1.0/24 MED=10 3786 200 i *>14.1.1.0/24 MED=null 3976 200 iSet MED=10 in for 14.1.1.0/24

  • Example-11Default outbound traffic BGP DACOMAS3786INETAS3976Internetdefaultdefault

  • Example-122 unbalanced outbound traffic InternetdefaultdefaultDACOMAS3786INETAS3976

  • Config-110.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1router bgp 3786 neigh 1.1.1.1 remote-as 100 neigh 1.1.1.1 filter-list 50 in neigh 1.1.1.1 distribute-list 120 in no sync no auto-summary!ip as-path access-list 50 permit ^(100_)+$!access-list 120 permit host 10.1.1.0 host 255.255.255.0router bgp 3976 neigh 2.2.2.1 remote-as 100 neigh 2.2.2.1 filter-list 11 in neigh 2.2.2.1 distribute-list 130 in no sync no auto-summary!ip as-path access-list 11 permit ^(100_)+$!access-list 130 permit host 10.1.1.0 host 255.255.255.0

  • Config-210.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3559AS3786AS100Interface loopback 0 ip address 192.168.1.1 255.255.255.252!router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3559 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 3.3.3.1ip route 192.168.2.1 255.255.255.252 2.2.2.1ip route 192.168.2.1 255.255.255.252 3.3.3.13.3.3.23.3.3.1192.168.1.1/30192.168.2.1/30Interface loopback 0 ip address 192.168.2.1 255.255.255.252!router bgp 3786 neigh 192.168.1.1 remote-as 100 neigh 192.168.1.1 ebgp-multihop 3 neigh 192.168.1.1 update-source loopback0 neigh 192.168.1.1 filter-list 10 in neigh 192.168.1.1 distribute-list 100 in no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 192.168.2.1 255.255.255.252 2.2.2.2ip route 192.168.2.1 255.255.255.252 3.3.3.2

  • Config-3AS3786 inbound traffic 10.1.0.0/161.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0!access-list 110 permit host 10.1.0.0 host 255.255.0.0access-list 110 permit host 10.1.128.0 host 255.255.128.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-4AS3786 inbound traffic 10.1.0.0/161.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3559AS100router bgp 100 network 10.1.0.0 mask 255.255.0.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0!route-map PREPEND permit 10 set as-path prepend 100!ip route 10.1.0.0 255.255.0.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-5AS3786 inbound traffic 10.1.0.0/161.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.128.0 host 255.255.128.0!access-list 110 permit host 10.1.128.0 host 255.255.128.0!route-map PREPEND permit 10 match ip address 110 set as-path prepend 100route-map PREPEND permit 20!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-6Network inbound traffic / 10.1.0.0/161.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.128.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.128.0 host 255.255.128.0!access-list 110 permit host 10.1.0.0 host 255.255.0.0access-list 110 permit host 10.1.0.0 host 255.255.128.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.128.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-7 1.1.1.22.2.2.23.3.3.24.4.4.21.1.1.12.2.2.13.3.3.14.4.4.110.1.0.0/1610.1.0.0/1810.1.64.0/1810.1.128.0/1810.1.192.0/18AS100192.168.0.1192.168.1.1192.168.2.1192.168.3.1Interface loopback 0 ip address 192.168.0.1 255.255.255.252!router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.0.0 host 255.255.192.0access-list 100 permit host 10.1.64.0 host 255.255.192.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.192.0 null0ip route 10.1.64.0 255.255.192.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 10.1.0.2 10ip route 192.168.2.1 255.255.255.252 1.1.1.1ip route 192.168.2.1 255.255.255.252 2.2.2.1AS378610.1.0.110.1.0.2

  • Config-8 1.1.1.22.2.2.23.3.3.24.4.4.21.1.1.12.2.2.13.3.3.14.4.4.110.1.0.0/1610.1.0.0/1810.1.64.0/1810.1.128.0/1810.1.192.0/18AS100192.168.0.1192.168.1.1192.168.2.1192.168.3.1Interface loopback 0 ip address 192.168.0.1 255.255.255.252!router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.0.0 host 255.255.192.0access-list 100 permit host 10.1.64.0 host 255.255.192.0access-list 100 permit host 10.1.128.0 host 255.255.192.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.192.0 null0ip route 10.1.64.0 255.255.192.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 10.1.0.2 10ip route 192.168.2.1 255.255.255.252 1.1.1.1ip route 192.168.2.1 255.255.255.252 2.2.2.1AS378610.1.0.110.1.0.2

  • Config-9 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-10 default outbound traffic 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 deny .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-11 AS3786 , 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out no neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 deny .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-12AS3559, AS3786 , 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3559AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 3786$ip as-path access-list 30 3559$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-13AS3786 , KT , 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3559AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 permit 3786$ip as-path access-list 30 permit .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-14AS3786,AS3976 AS3786 , 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3559AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 30 deny (3786|3976)ip as-path access-list 30 permit .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Config-15AS4766,2563,1237,3608 traffic AS3786 , 10.1.1.0/241.1.1.21.1.1.12.2.2.22.2.2.1AS3786AS3976AS100router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out n...