Internet Routing Architectures, Second Edition
An Example of Static Versus Dynamic Routing: Mobile Networks
It is common in the military for units to be mobile; this creates a problem for assigning IP addresses. Usually these mobile units want to deploy their subnets and IP addresses wherever they go and operate as if they had never moved. If these networks are part of a global network and advertised via BGP, announcing them statically will not work well. The static commands would have to be removed from the border router of an AS in one location and installed in the border router of another AS in the new location every time the unit moves.
To avoid such complications, injecting these networks dynamically into BGP becomes mandatory. One solution is to inject the IGP into BGP in all locations. This way, whenever the IP addresses are moved from one location to another, the announcements will disappear from one location and reappear in the new one. In some cases, network administrators are not comfortable with this solution for reasons discussed earlier, such as mutual redistribution problems and the mandate for extensive filtering.
Another possibility is to define these networks in all the border routers of all the locations via the network command. Because BGP checks for the existence of these routes in the IP routing table before announcing them, BGP will announce only the routes in the location of the mobile unit. All other locations will automatically cease from announcing the routes because they are not part of the IGP of that particular AS.
Overlapping Protocols: Backdoors
With different IGPs and EGPs working together to achieve routing, routes can be learned via different protocols; choosing one protocol over another affects how the traffic flows. For example, if traffic follows a RIP route, it might traverse one link, whereas if it follows an external BGP route, it might end up on another link. Backdoor links offer an alternative IGP path that can be used instead of the external BGP path. IGP routes that can be reached over the backdoor link are called backdoor routes. With the existence of such alternative routes, a mechanism that gives one protocol preference over other protocols is needed. Cisco Systems offers a preference parameter called the administrative distance of a protocol. The lower a routing protocol's administrative distance, the higher the preference for the protocol.
It should be noted that administrative distance is a parameter that is relative only to the locally configured router and is not known by or communicated to any other routers in the AS. Thus, if you intend to modify the administrative distance of one router in the AS, it is highly recommended that the administrative distance be changed similarly on all routers in the AS in order to guarantee a consistent routing decision. Table 6-1 lists distances according to the Cisco implementation.
TIP
See the section "Overlapping Protocols: Backdoors" in Chapter 11.
page 137
|
Internet Routing Architectures, Second Edition |
|
|
|
|
|
Table 6-1. Protocol Distance Default Values |
|
Protocol |
|
Distance |
Directly connected |
|
0 |
Static |
|
1 |
EBGP |
|
20 |
EIGRP (internal) |
|
90 |
IGRP |
|
100 |
OSPF |
|
110 |
ISIS |
|
115 |
RIP |
|
120 |
EGP |
|
140 |
EIGRP (external) |
|
170 |
IBGP |
|
200 |
BGP local |
|
200 |
Unknown |
|
255 |
Table 6-1 indicates that a directly connected route is generally preferred over a static route, which in turn is preferred over an EBGP route, and so on. Note that EBGP routes with a distance of 20 are preferred over all the other IGP routes.
Figure 6-7 illustrates the use of backdoor routes. In the figure, AS1 is receiving updates about NetA from two different sources. AS1 is receiving routes via EBGP on the link to AS3 and via the backdoor link running RIP between AS1 and AS2. According to Table 6-1, the router will automatically give a distance of 20 to the EBGP route and a distance of 120 to the RIP route. In AS1, the routers that learn the route via EBGP (AS border routers) will install the lower distance in the routing table. Hence, traffic toward NetA will follow the indirect BGP route via AS3 and then AS2, rather than the direct RIP route via AS2.
Figure 6-7. Backdoor Routing Conflicts
page 138
Internet Routing Architectures, Second Edition
Cisco provides a way to force IGP routes to take precedence over EBGP routes. The concept is simple. Specific EBGP routes can be tagged as backdoor routes, which sets the distance of these routes to be the same as the "BGP local" route's distance (the default is 200). According to Table 6-1, this distance is higher than any IGP learned route, and the backdoor IGP route will be preferred.
Alternatively, as previously discussed, another option is to use the distance BGP subcommand to alter the administrative distance of all the BGP prefixes learned by the router.
The Routing Process Simplified
Until now, this chapter has examined discrete aspects of routing—specifically, peer negotiation and static versus dynamic routing. Before diving into details of routing configuration, it makes sense to pause here and briefly overview the BGP routing process in its entirety.
BGP is a fairly simple protocol, which is why it's so flexible. Routes are exchanged between BGP peers via UPDATE messages. BGP routers receive the UPDATE messages, run some policies or filters over the updates, and then pass the routes to other BGP peers. An implementation is required to keep all BGP updates in a BGP routing table separate from the IP routing table. In case multiple routes to the same destination exist, BGP does not flood its peers with all those routes; rather, it picks the best route and sends it. In addition to passing along EBGP routes from peers or IBGP routes from route reflector clients, a BGP router can originate routing updates to advertise internal networks that belong to its own autonomous system. Valid local routes originated in the system and the best routes learned from BGP peers are then installed in the IP routing table. The IP routing table is the final routing decision and is used to populate the forwarding table.
To model the BGP process, imagine that each BGP speaker has different pools of routes and different policy engines applied to the routes (although in reality only one pool may exist). The model would involve the following components:
•A pool of routes that the router receives from its peers
•An Input Policy Engine that can filter the routes or manipulate their attributes
•A decision process that decides which routes the router itself will use
•A pool of routes that the router itself uses
•An Output Policy Engine that can filter the routes or manipulate their attributes
•A pool of routes that the router advertises to other peers
Figure 6-8 illustrates this model. The subsequent discussion provides more details about each component.
page 139
Internet Routing Architectures, Second Edition
Figure 6-8. Routing Process Overview
BGP Routes: Advertisement and Storage
As specified in RFC1 771:
For the purpose of this protocol, a route is defined as a unit of information that pairs a destination with the attributes of a path to that destination:
Routes are advertised between a pair of BGP speakers in UPDATE messages: the destination is the system whose IP addresses are reported in the Network Layer Reachability Information (NLRI) field, and the path is the information reported in the path attributes field of the same UPDATE message.
Routes are stored in the Routing Information Bases (RIBs): namely, the Adj-RIBs-In, LocRIB, and the Adj-RIBs-Out. Routes that will be advertised to other BGP speakers must be present in the Adj-RIB-Out; Routes that will be used by the local BGP speaker must be present in the Loc-RIB, and the next hop for each of these rout es must be present in the local BGP speakers forwarding information base (FIB); and routes that are received from other BGP speakers are present in the Adj-RIBs-In.
If a BGP speaker chooses to advertise a route, it may add to or modify the route's path attributes before advertising it to the peer.
Note that from this point forward, the term route used in the context of BGP will represent a unit of information that pairs a destination with the attributes of a path to that destination, as just defined.
The BGP Routing Information Bases
As illustrated in Figure 6-9, the BGP routing table consists of three distinct parts: AdjRouting Information Base (RIB)-In, Loc-RIB, and Adj-RIB-Out.
page 140
Internet Routing Architectures, Second Edition
Figure 6-9. Logical Representation of BGP Routing Table
An Adj-RIB-In is logically associated with each individual peer of a BGP speaker. It stores routing information that has been learned from the peer via inbound UPDATE messages. The contents of all the Adj-RIBs-In are available as input to the BGP decision process after being manipulated or perhaps even filtered by the Input Policy Engine associated with the peer.
The Loc-RIB contains only the preferred routes that have been selected as the best path to each available destination. The Loc-RIB is the result of the BGP decision process after incoming local policies have been applied by the Input Policy Engines.
An Adj-RIB-Out is logically associated with each individual peer of a BGP speaker. It stores routing information that the BGP speaker has selected for advertisement to the peer. The Adj- RIB-Out contains information from the Loc-RIB to be advertised to the peer after the associated Output Policy Engine has been applied.
Although the conceptual model presented here distinguishes between Adj-RIBs-In, Loc-RIB, and Adj-RIBs-Out, storing three separate copies of the routing information is not a requirement. In reality, most implementations actually store one copy of the information with pointers in order to conserve memory.
page 141
Internet Routing Architectures, Second Edition
Routes Received from Peers
A BGP speaker receives routes (and their associated attributes) from external and/or internal peers via UPDATE messages. Depending on what is configured in the Input Policy Engines, some or all of these routes will make it into the Loc-RIB.
Input Policy Engine
The Input Policy Engine handles route filtering and attribute manipulation. Filtering is done based on different parameters such as IP prefixes, AS_PATH, and other BGP attribute values. BGP also uses the Input Policy Engine to manipulate the path attributes in order to influence its own decision process and hence affect what routes it will actually use to reach a given destination. For example, if BGP chooses to filter a certain prefix coming from a given peer, this indicates that BGP does not want to reach that destination via that peer. Or, if BGP gives a certain prefix a better LOCAL_PREF value, this indicates that BGP prefers the prefix from a specific peer to a similar prefix from other peers. The Input Policy Engine applies incoming policies configured by the operator.
Routes Used by the Router
The best routes, as identified by the decision process, are placed in the Loc-RIB. These routes become candidates that can be advertised to other peers or placed in the IP routing table. If a route is not placed in the Loc-RIB, it cannot be placed in the Adj-RIB-Out for advertisement to peers.
In addition to routes passed on from other peers, the router (if configured to do so) originates updates about the networks inside its autonomous system. This is how an AS advertises its internal networks to the outside world.
Output Policy Engine
This is the same engine as the Input Policy Engine, applied on the output side. Routes used by the router (the best routes) in addition to routes that the router generates locally are given to this engine for processing. The Output Policy Engine might apply filters and might change some of the BGP attributes (such as AS_PATH or metric) before sending the update.
The Output Policy Engine also differentiates between internal and external peers; for example, routes learned from one internal peer cannot be passed on to another internal peer.
Routes Advertised to Peers
The set of routes advertised to peers consists of those routes that successfully pass through the Output Policy Engine and are advertised to the BGP peers, internal or external.
Sample Routing Environment
Figure 6-10 illustrates the process applied to BGP routes in a sample environment. In the figure, AS5 receives routes from both AS1 and AS2 and originates its own routes (172.16.10.0/24). To simplify, consider just the flow of updates in one direction, left to right.
page 142
Internet Routing Architectures, Second Edition
Figure 6-10. Sample Routing Environment
By applying the engine model to AS5, you will get these results.
Routes received from peers (the routes coming from AS1 and AS2) consist of the following:
•192.213.1.0/24 via AS1
•0/0 (this is a default route) via AS1
•193.214.10.0/24 via AS2
•0/0 (this is a default route) via AS2
•192.213.1.0/24 via AS2
Input Policy Engine criteria dictate the following:
•Do not accept default route 0/0 from AS1.
•Give route 192.213.1.0/24 coming from AS1 better preference than route 192.213.1.0/24 coming from AS2.
•Accept all other routes (this will accept 193.214.10.0/24).
The decision process concludes the following:
•Because 192.213.1.0/24 has better preference via AS1, I will reach 192.213.1.0/24 via AS1.
•I will reach 193.214.10.0/24 via AS2.
•I will accept 0/0 via AS2.
page 143
Internet Routing Architectures, Second Edition
Routes used by the router conclude the following:
•I will use 0/0 as the default from AS2.
•I can reach 192.213.1.0/24 via AS1.
•I can reach 193.214.10.0/24 via AS2.
•Network 172.16.10.0/24 is one of my local networks that I want to advertise.
Output Policy Engine criteria dictate the following:
•Do not propagate the default route 0/0.
•Do not advertise 193.214.10.0/24 to AS4.
•Give 192.213.1.0/24 a metric of 10 when sent to AS3. Routes advertised to peers toward AS3 consist of the following:
•192.213.1.0/24 (via AS5 AS1) (this means first AS5 and then AS1) with a metric of 10
•172.16.10.0/24 (via AS5)
•193.214.10.0/24 (via AS5 AS2)
Routes advertised to peers toward AS4 consist of the following:
•192.213.1.0/24 (via AS5 AS1)
•172.16.10.0/24 (via AS5)
BGP Decision Process Summary
BGP bases its decision process on the attribute values. When faced with multiple routes of the same prefix length to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP chooses the best route:
1.If the next hop is inaccessible, the route is ignored. (This is why it is important to have an IGP route to the next hop.)
2.Prefer the path with the largest weight. (Weight is a Cisco proprietary parameter, local to the router.)
3.If the weights are the same, prefer the route with the largest local preference value.
4.If there are no locally originated routes and the local preference is the same, prefer the route with the shortest AS_PATH.
5.If the AS_PATH length is the same, prefer the route with the lowest origin type (where IGP is lower than EGP and EGP is lower than INCOMPLETE).
6.If the origin type is the same, prefer the route with the lowest MED value if the routes were received from the same AS (or if bgp always-compare-med is enabled).
7.If the routes have the same MED value, prefer EBGP paths to IBGP paths.
8.If all the preceding scenarios are identical, prefer the route that can be reached via the closest IGP neighbor—that is, take the shortest internal path inside the AS to reach the destination. (Follow the shortest path to the BGP NEXT_HOP.)
9.If the internal path is the same, the BGP ROUTER_ID will be a tiebreaker. Prefer the route coming from the BGP router with the lowest RID. With Cisco IOS, the RID is the loopback address if one is configured; otherwise, it's the highest IP address on the router. RID determination is vendor-specific.
page 144