I have been fortunate to be working on one of the heavy duty routers found in the networking jungle. Juniper is an established and trusted brand among many ISPs and big enterprises. The MX series routers are industry leaders and combine the functionalities of an M series router and EX series switch. But this post will not delve into the product description. This post is more about how to configure a basic bgp session and putting some default policies to ensure that you receive and transmit correct routes.
You can do very cool things with BGP, the exterior gateway protocol that is used by everyone today to announce their route to everyone on the Internet.
How BGP works in a nutshell
This is a just a very brief introduction to BGP. Anyone even remotely interested in knowing BGP should google for more relevant links. We will also be concerned about a few attributes which we can manipulate traffic according to our whims and fancies.
Basically BGP is a path vector protocol which informs a router about the direction and the complete path to a particular destination. When two neighbors form a relationship they establish what is called a bgp session. After forming a bgp session and negotiating on timers such as holddown timer values they start sending all the bgp routes that they know. Whenever there is an update they send triggered updates although it may take a while for all the routers in the routers to know the update. Moreover whenever there is an update they have to run algorithms to figure out the new best route. When all routers have the new route they are said to have been converged. This state of stabilizing is called convergence.
From a practical viewpoint, each organisation tells their neighboring organisation ie an ISP aka peer what public routes they want to announce to the world. The ISP then advertises these routes to its upstream providers or a peer ISP (there is a heirarchy of ISPs). Soon all the ISPs in the world know each other's routes. It takes some diplomacy for two ISPs to peer with each other. Currently there are more than 400,000 routes.
Every organisation is assigned an AS Number(ASN) from their local internet registries or IANA. All routing devices in a particular AS belongs to a particular organisation, which need not be confined to a single geographical location. Suppose there is a company X which has its routers in USA,UK and India. Then all these routers will belong to a single AS. Two AS establish BGP session with each other.
That is all you need to know before setting a BGP session for your organisation.
Prerequisites for forming a bgp session:
1) Ensure that your router supports BGP.
2) It should have adequate memory. Run show task memory command to check available memory. All routes take a maximum of 100mbs of memory
Before showing the actual commands, remember the sub-goals we are trying to achieve
1) Establish a BGP session
2) Start receiving route
3) Start sending routes
4) Load balancing and applying firewall policies.
Establishing a BGP session
1) First make sure you have acquired an ASN for your organisation and partnered with an ISP who is willing to share the full routing table.
2) Note down the wan ips assigned and the next hop ip as well as their AS number.
Remember that the default routing policy of BGP is to accept all bgp routes and export all active routes. A general practice is to establish a bgp session and leave it without announcing any subnets for a day so as to ensure that the bgp session remains stable and does not hamper your production network.
The following configuration will set up a bgp session with 200.10.10.2/30, ASN 200 and will not send or receive any routes.
set policy-options policy-statement test reject any set protocols bgp group test type external export test import test peer-as 200 neighbor 200.10.10.2; set routing-options autonomous-system 300 ;//your-asn
The above commands are self-explanatory. I have basically created a policy to reject all routes and have applied it at the input and output interfaces.
To check whether the bgp session is up, run the command show bgp summary and show bgp neighbor in operational mode. You should see the neighbor's ip and active under the state column. Anything else means the BGP session is not yet established correctly. Ensure the wan ips are reachable from one another. Otherwise run show log messages | last 10. It should give the error message as to why bgp session failed.
To check if the session is flapping, note the flaps and Last Up/down column. If the number is rising it means BGP is not stable and you should contact your upstream provider. Last up/down column tells how much time back the flap happened.
Leave this link for about a day and start receiving routes when you are sure there won't be any bgp flaps.
A successfull bgp session between two routers |
Both routers are neither receiving nor sending any route |
In the subsequent parts I will discuss how to:
- start receiving and advertising routes
- Load balance incoming traffic
- Load balance outgoing traffic
- Applying appropriate filters and much more
After these tutorials you should be able to run and manage multihomed bgp sessions successfully.
Part 2: Configuring BGP session and implementing import and export policies
Important links
1) Wiki on Path vector protocol
2) Wiki on Autonomous system
3) Wiki on bgp
No comments:
Post a Comment