Configuring BGP Interactions with IGPs
If your autonomous system will be passing traffic through it from another autonomous system to a third autonomous system, make sure that your autonomous system is consistent about the routes that it advertises. For example, if your BGP were to advertise a route before all routers in your network had learned about the route through your IGP, your autonomous system could receive traffic that some routers cannot yet route. To prevent this condition from occurring, BGP must wait until the IGP has propagated routing information across your autonomous system, thus causing BGP to be synchronizedwith the IGP. Synchronization is enabled by default.
In some cases, you need not synchronize. If you will not be passing traffic from a different autonomous system through your autonomous system, or if all routers in your autonomous system will be running BGP, you can disable synchronization. Disabling this feature can allow you to carry fewer routes in your IGP and allow BGP to converge more quickly. To disable synchronization, use the following command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# no synchronization
|
Disables synchronization between BGP and an IGP.
|
See the "BGP Path Filtering by Neighbor Examples" section at the end of this chapter for an example of BGP synchronization.
In general, you will not want to redistribute most BGP routes into your IGP. A common design is to redistribute one or two routes and to make them exterior routes in IGRP, or have your BGP speaker generate a default route for your autonomous system. When redistributing from BGP into IGP, only the routes learned using eBGP get redistributed.
In most circumstances, you also will not want to redistribute your IGP into BGP. List the networks in your autonomous system with network router configuration commands and your networks will be advertised. Networks that are listed this way are referred to as local networks and have a BGP origin attribute of "IGP." They must appear in the main IP routing table and can have any source; for example, they can be directly connected or learned via an IGP. The BGP routing process periodically scans the main IP routing table to detect the presence or absence of local networks, updating the BGP routing table as appropriate.
If you do perform redistribution into BGP, you must be very careful about the routes that can be in your IGP, especially if the routes were redistributed from BGP into the IGP elsewhere. Redistributing routes from BGP into the IGP elsewhere creates a situation where BGP is potentially injecting information into the IGP and then sending such information back into BGP, and vice versa. Incorrectly redistributing routes into BGP can result in the loss of critical information, such as the autonomous system path, that is required for BGP to function properly.
Networks that are redistributed into BGP from the EGP protocol will be given the BGP origin attribute "EGP." Other networks that are redistributed into BGP will have the BGP origin attribute of "incomplete." The origin attribute in the Cisco implementation is only used in the path selection process.
Configuring BGP Weights
A weight is a number that you can assign to a path so that you can control the path selection process. The administrative weight is local to the router. A weight can be a number from 0 to 65535. Any path that a Cisco router originates will have a default weight of 32768; other paths have weight 0. If you have particular neighbors that you want to prefer for most of your traffic, you can assign a higher weight to all routes learned from that neighbor.
Weights can be assigned based on autonomous system path access lists. A given weight becomes the weight of the route if the autonomous system path is accepted by the access list. Any number of weight filters are allowed. Weights can only be assigned via route maps.
Disabling Autonomous System Path Comparison
To prevent the router from considering the autonomous system path length when selecting a route, use the following command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# bgp bestpath as-path ignore
|
Configures the router to ignore autonomous system path length in selecting a route.
|
Configuring BGP Route Filtering by Neighbor
You can filter BGP advertisements in two ways:
•
Use autonomous system path filters, as with the ip as-path access-list global configuration command and the neighbor filter-list router configurationcommand
Use autonomous system path filters, as with the ip as-path access-list global configuration command and the neighbor filter-list router configurationcommand
•Use access or prefix lists, as with the neighbor distribute-list router configuration command.
Use access or prefix lists, as with the neighbor distribute-list router configuration command.
Filtering using prefix lists is described in the "Configuring BGP Filtering Using Prefix Lists" section.
If you want to restrict the routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. You can either define an access list or a prefix list and apply it to the updates.
To filter BGP routing updates, use the following command in router configuration mode:
Configuring BGP Filtering Using Prefix Lists
Prefix lists can be used as an alternative to access lists in many BGP route filtering commands. The section "How the System Filters Traffic by Prefix List"describes the way prefix list filtering works. The advantages of using prefix lists are as follows:
•Significant performance improvement in loading and route lookup of large lists.
Significant performance improvement in loading and route lookup of large lists.
•Support for incremental updates. Filtering using extended access lists does not support incremental updates.
Support for incremental updates. Filtering using extended access lists does not support incremental updates.
•More user-friendly command-line interface (CLI). The command-line interface for using access lists to filter BGP updates is difficult to understand and use because it uses the packet filtering format.
More user-friendly command-line interface (CLI). The command-line interface for using access lists to filter BGP updates is difficult to understand and use because it uses the packet filtering format.
•Greater flexibility
Greater flexibility
Before using a prefix list in a command, you must set up a prefix list, and you may want to assign sequence numbers to the entries in the prefix list.
How the System Filters Traffic by Prefix List
Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list. When there is a match, the route is used. More specifically, whether a prefix is permitted or denied is based upon the following rules:
•An empty prefix list permits all prefixes.
An empty prefix list permits all prefixes.
•An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
•When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.
When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.
The router begins the search at the top of the prefix list, with the sequence number 1. Once a match or deny occurs, the router need not go through the rest of the prefix list. For efficiency, you may want to put the most common matches or denies near the top of the list, using the seq argument in theip prefix-list global configuration command. The show commands always include the sequence numbers in their output.
Sequence numbers are generated automatically unless you disable this automatic generation. If you disable the automatic generation of sequence numbers, you must specify the sequence number for each entry using the sequence-value argument of the ip prefix-list global configuration command.
Regardless of whether the default sequence numbers are used in configuring a prefix list, a sequence number need not be specified when removing a configuration entry.
show commands include the sequence numbers in their output.
Creating a Prefix List
To create a prefix list, use the following command in router configuration mode:
To remove a prefix list and all of its entries, use the following command in router configuration mode:
Configuring a Prefix List Entry
You can add entries to a prefix list individually. To configure an entry in a prefix list, use the following command in router configuration mode:
The optional ge and le keywords can be used to specify the range of the prefix length to be matched for prefixes that are more specific than thenetwork/length argument. An exact match is assumed when neither ge nor le is specified. The range is assumed to be from ge-value to 32 if only the geattribute is specified, and from len to le-value if only the le attribute is specified.
A specified ge-value or le-value must satisfy the following condition:
len < ge-value <= le-value <= 32
For example, to deny all prefixes matching /24 in 128.0.0.0/8, use the following command:
ip prefix-list abc deny 128.0.0.0/8 ge 24 le 24
Configuring How Sequence Numbers of Prefix List Entries Are Specified
By default, the sequence numbers are automatically generated when you create a prefix list entry. Sequence numbers can be suppressed with the no ip prefix-list sequence-number global configuration command. Sequence values are generated in increments of 5. The first sequence value generated in a prefix list would be 5, then 10, then 15, and so on. If you specify a value for an entry and then do not specify values for subsequent entries, the assigned (generated) sequence values are incremented in units of five. For example, if you specify that the first entry in the prefix list has a sequence value of 3, and then do not specify sequence values for the other entries, the automatically generated numbers will be 8, 13, 18, and so on.
To disable the automatic generation of sequence numbers, use the following command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# no ip prefix-list sequence-number
|
Disables the automatic generation of the sequence numbers for prefix list entries.
|
To re-enable automatic generation of the sequence numbers of prefix list entries, use the ip prefix-list sequence number command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# ip prefix-list sequence-number
|
Enables the automatic generation of the sequence numbers of prefix list entries. The default is enable.
|
If you disable automatic generation of sequence numbers in a prefix list, you must specify the sequence number for each entry using the sequence-valueargument of the ip prefix-list global configuration command.
Regardless of whether the default sequence numbers are used in configuring a prefix list, a sequence number need not be specified when deconfiguring an entry. show commands include the sequence numbers in their output.
Deleting a Prefix List or Prefix List Entries
To delete a prefix list, use the following command in router configuration mode:
You can delete entries from a prefix list individually. To delete an entry in a prefix list, use the following command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# no ip prefix-list seq sequence-value
|
Deletes an entry in a prefix list.
|
Note The sequence number of an entry need not be specified when you delete the entry.
The sequence number of an entry need not be specified when you delete the entry.Displaying Prefix Entries
To display information about prefix tables, prefix table entries, the policy associated with a node, or specific information about an entry, use the following commands in EXEC mode as needed:
Clearing the Hit Count Table of Prefix List Entries
To clear the hit count table of prefix list entries, use the following command in EXEC mode:
Command
|
Purpose
|
Router# clear ip prefix-list prefix-list-name[network/length]
|
Clears the hit count table of the prefix list entries.
|
Configuring BGP Path Filtering by Neighbor
In addition to filtering routing updates based on network numbers, you can specify an access list filter on both incoming and outbound updates based on the BGP autonomous system paths. Each filter is an access list based on regular expressions. To specify the access list filter, define an autonomous system path access list and apply it to updates to and from particular neighbors. See the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide for more information on forming regular expressions.
To configure BGP path filtering, use the following commands beginning in global configuration mode:
See the "BGP Path Filtering by Neighbor Examples" section at the end of this chapter for an example of BGP path filtering by neighbor.
Disabling Next Hop Processing on BGP Updates
You can configure the Cisco IOS software to disable next hop processing for BGP updates to a neighbor. Disabling next hop processing might be useful in nonmeshed networks such as Frame Relay or X.25, where BGP neighbors might not have direct access to all other neighbors on the same IP subnet. There are two ways to disable next hop processing:
•Provide a specific address to be used instead of the next hop address (manually configuring each address).
Provide a specific address to be used instead of the next hop address (manually configuring each address).
•Use a route map to specify that the address of the remote peer for matching inbound routes, or the local router for matching outbound routes (automatic method).
Use a route map to specify that the address of the remote peer for matching inbound routes, or the local router for matching outbound routes (automatic method).Disabling Next Hop Processing Using a Specific Address
To disable next hop processing and provide a specific address to be used instead of the next hop address, use the following command in router configuration mode:
Command
|
Purpose
|
|---|---|
Router(config-router)# neighbor {ip-address | peer-group-name} next-hop-self
|
Disables next hop processing on BGP updates to a neighbor.
|
Configuring this command causes the current router to advertise its peering address as the next hop for the specified neighbor. Therefore, other BGP neighbors will forward to it packets for that address. This configuration is useful in a nonmeshed environment because you know that a path exists from the present router to that address. In a fully meshed environment, this configuration is not useful because it will result in unnecessary extra hops and because there might be a direct access through the fully meshed cloud with fewer hops.
Disabling Next Hop Processing Using a Route Map
To override the inbound next hop setting for BGP routes and specify that the next hop of the matching routes is to be the IP address of the remote peer, or to set the peering address of the local router to be the next hop of the matching routes, use the neighbor next-hop-self router configuration command.
To configure the neighbor peering address to be used for the next hop address, use the following command in route map configuration mode:
Configuring BGP Next Hop Propagation
The BGP Next Hop Propagation feature provides additional flexibility when designing and migrating networks. The BGP Next Hop Propagation feature allows a route reflector to modify the next hop attribute for a reflected route and allows BGP to send an update to an eBGP multihop peer with the next hop attribute unchanged.
The configuration of this feature in conjunction with the iBGP Multipath Load Sharing feature allows you to use an outbound route map to include BGP route reflectors in the forwarding path.
The BGP Next Hop Propagation feature allows you to perform the following tasks:
•Bring the route reflector into the forwarding path, which can be used with the iBGP Multipath Load Sharing feature to configure load balancing.
Bring the route reflector into the forwarding path, which can be used with the iBGP Multipath Load Sharing feature to configure load balancing.
•Configure interprovider Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) by not modifying the next hop attribute when advertising routes to an eBGP peer.
Configure interprovider Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) by not modifying the next hop attribute when advertising routes to an eBGP peer.
•Turn off the next hop calculation for an eBGP peer. This feature is useful for configuring the end-to-end connection of a label-switched path.
Turn off the next hop calculation for an eBGP peer. This feature is useful for configuring the end-to-end connection of a label-switched path.
To configure an eBGP multihop peer to propagate the next hop unchanged, use the following command in router configuration mode:
No comments:
Post a Comment