Network Security Wiki

BGP OSPF Questions: Difference between revisions

Page Discussion

BGP OSPF Questions (view source)

Revision as of 02:04, 20 June 2021

31 bytes added ,  2 years ago
→‎BGP
Line 139:
= BGP =
 
*BGP SYnchronization rule -IF the AS is acting transient for other AS routes learn through BGP will not be advertized unless the all the routes learn this routes though IGP.
*If we turned on the synchronisation BGP router will not advertize the route learned from IBGP PEER to EBGP Peer unless that route is learned through IGP.
*Split horizon rule -Routes larn though IBGp nei will not be advertized to other IBGP nei .
*BGP path selection criterion -route is excluded if next hop is unreachable, hightest wieight, high local pref, route if locally orginated, shortest as path len, prefer lowest origin code (IGP<EGP<Unknown), lowest MED, ebgp over IBGP, between IBGP closed IGP nei, bet EBGP oldest route, lowest Router ID.
*BGP Message types - Keepalive, notification, open, update.
 
*Routes received from a Route-Reflector-client is reflected to other clients and non-client neighbors.So if we have two route reflectors we should also keep in separte clusters ,, to avoide loops .That means that if you have multiple RRs with different cluster ID, optimal path is selected by selecting shorter cluster list. Having multiple RRs in the same cluster creates partial connectivity during failure
If we turned on the synchronisation BGP router will not advertize the route learned from IBGP PEER to EBGP Peer unless that route is learned through IGP.
 
*The first route reflector also set an additonal BGP attribute called originator id and add it to BGP router -id of client.if any router receive the route which contains its own router id will ignore the route
Split horizon rule -Routes larn though IBGp nei will not be advertized to other IBGP nei .
 
*Confedrations - Breaking As into smaller As so that they can exchange routing updates using intra confedration EBGp Seesion.
BGP path selection cretiron -route is excluded if next hop is unreachable ,hightest wieight ,high local pref ,route if locally orginated ,shortest as path len,prefer lowest origin code (IGP<EGP<Unknown),lowest MED,ebgp overIBGP, between IBGP closed IGP nei ,bet EBGP oldest route,lowest Router ID.
but on the intraconfedration EBGP session parmaters for IBGP are still preserved. (like next hop self, metric, preference)
 
*Commands -under BGP process bgp confedration id x.x -Original As
BGP Message types -Keepalive ,notification ,open ,update .
-BGP confederation peers x.x ,y...- Need to specify the the intra confdration with in AS.
 
*MED Vs AS path prepend - MED doesnot goes beyond neibor As while As path prepeend goes beyond that.
*BGP always compare md - compares MED for a path from neighbors in different AS.
*BGP Determinsic-Med -comparison of MEd for a path from differnt Peers advertize in same AS.
 
*BGP conditional advertizement uses two terms advertize-map and non-exist-map, advertize the prefix in adtervertize map only if there is no route in BGPtable defined in non-exist-map.
Routes received from a Route-Reflector-client is reflected to other clients and non-client neighbors.So if we have two route reflectors we should also keep in separte clusters ,, to avoide loops .That means that if you have multiple RRs with different cluster ID, optimal path is selected by selecting shorter cluster list. Having multiple RRs in the same cluster creates partial connectivity during failure
*BGP conditonal Inject and Exist map -BGP conditional Route injection advertize the specific route defined in inject map from the summary route present in exist map .Its reverse of Aggregation .
*SOO - Site of orgin -is used to prevent routing loops and is used to identify the site from where the route is orginated and does not readvertize same route back to the site .
*SOO is enabled on PE routers - marked the customer prefixes.
*BGP communities are used to TAG the routes and they are used to perform policy routing in upstream router. Community attribute consist of four octets. Inorder to send community
*We need to use send community command under BGP process.
*BGP community are :
Internet: advertise these routes to all neighbors.
Local-as: prevent sending routes outside the local As within the confederation.
No-Advertise: do not advertise this route to any peer, internal or external.
No-Export: do not advertise this route to external BGP peers.
 
*Local AS command can be used in while migration of As - it will genrate BGP open message which is defined in local AS.
The first route reflector also set an additonal BGP attribute called originator id and add it to BGP router -id of client.if any router receive the route which contains its own router id will ignore the route
*nei x.x.x. local 100 no prepend replace as dual-as.( can be used for remote peer to configue whatever AS no has configured at there side ).
 
*Peers Group -Peer groups are a way of defining templates/groups with settings for neighbor
Confedrations -Breaking As into smaller As so that they can exchange routing updates using intra confedration EBGp Seesion.
*Relationships - The same policy that goes to 1 neighbor in the peer group must go to all if it case one neighbor has a slightly different config we do not use peer-group for this neighbor the idea being a group with all required bgp settings and then add the neighbors to this group so they inherit the settings.
but on the intraconfedration EBGP session parmaters for IBGP are still preserved .(like next hop self,metric ,preference)
*Using BGP peer group one update is sent to peer group instead of individual updates helps in optimisation of updates .Configration makes its simpler.
 
*BGP route relector -Eliminates the need of bgp full mesh ,similar to ospf DR ,BDR elecltion, only peering needs to with RR.
commands -under BGP process bgp confedration id x.x -Original As
*When RR get the update from its client it sent to other RR and its client .
-BGP confdration peers x.x ,y...- Need to specify the the intra confdration with in AS.
*Modify the spilt horizon rule .BGP cluster id is used as loop prevention.
*Does not modiy the next hope attributes.
*Route reflectores modify split horizon rule now routes learn through IBGP can be forwarded to other IBGP nei ,route reflectore can do .
*if the client is having IBGP session with multiple routereflectores so each client will receive two copies of all routes.this can create the routing loops to avoid it each route reflector and its client form cluster which is identifed by cluster id which is unique in AS.
*whenver particular route is reflected route reflector router id is added to cluster list attirbute and set cluster id number in cluster -list.if for any reason route is reflected back to route reflectore for some reason it will reconganize cluster id includes its own router id . and will not forward it .
 
*The BGP Link Bandwidth feature used to enable multipath load balancing for external links with unequal bandwidth capacity. This feature is enabled under an IPv4 or VPNv4 address family sessions by entering the bgp dmzlink-bw command. This feature supports both iBGP, eBGP multipath load balancing, and eiBGP multipath load balancing in Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). When this feature is enabled, routes learned from directly connected external neighbor are propagated through the internal BGP (iBGP) network with the bandwidth of the source external link.
 
*The link bandwidth extended community indicates the preference of an autonomous system exit link in terms of bandwidth. This extended community is applied to external links between directly connected eBGP peers by entering the neighbor dmzlink-bw command. The link bandwidth extended community attribute is propagated to iBGP peers when extended community exchange is enabled with the neighbor send-community command.
MED Vs As path prepend -MED doesnot goes beyond neibor As while As path prepeend goes beyond that .
 
*It should be configured in conjuction with max path command:
bgp dmzlink-bw
neighbor ip-address dmzlink-bw
neighbor ip-address send-community [both | extended | standar
 
BGP always compare md -compares MED for a path from neibors in differnt AS.
 
*Aggreagate with AS set command - normal aggregation with summary command advertise the summary prefix only and suppress all the specific routes, so router which is performing the aggreagation will include its own AS while sending the update.
BGP Determinsic-Med -comparison of MEd for a path from differnt Peers advertize in same .As,
*So when Aggreagate with AS set command is used it will include all the AS in updates for summary prefix for those AS route performing the aggregation with AS list, this will prevent routing loop.
 
*Attribute map -can be used to modify the community received in aggregation router to none.(command) MAP. When particular is sending the prefix to router performing aggregation with community like no export attached, Aggregate router will inherit the communtiy and can cause issue to aggregate prefix while propagating, To avoid it we can modifiy the community to none using atrribute map command (aggrgate address x.x.x.x .x.x.x as-set summary only attribute map)
 
 
BGP conditional advertizement uses two terms advertize-map and non-exist-map ,advertize the prefix in adtervertize map only if there is no route in BGPtable defined in non-exist-map
 
*BGP Backdor link - used to modifiy the AD for external route from 20 to 200 so that IGP learned route can be prefered over EBGP.
*Command will be added to router which is learning the prefises from two routing ptotocols .
 
router bgp x.x.x.x
BGP conditonal Inject and Exist map -BGP conditional Route injection advertize the specific route defined in inject map from the summary route present in exist map .Its reverse of Aggregation .
network x.x.x.x mask backdoor
 
SOO -Site of orgin -is used to prevent routing loops and is used to identify the site from where the route is orginated and does not readvertize same route back to the site .
 
SOO is enabled on PE routers -marked the customer prefixes.
 
BGP communities are used to TAG the routes and they are used to perform policy routing in upstream router .Community attribute consist of four octets .. Inorder to send community
we need to use send community command under BGP process .
BGP community are :
Internet: advertise these routes to all neighbors.
Local-as: prevent sending routes outside the local As within the confederation.
No-Advertise: do not advertise this route to any peer, internal or external.
No-Export: do not advertise this route to external BGP peers.
 
 
Local AS command can be used in while migration of As - it will genrate BGP open message which is defined in local AS.
nei x.x.x. local 100 no prepend replace as dual-as.( can be used for remote peer to configue whatever AS no has configured at there side ).
 
 
Peers Group -Peer groups are a way of defining templates/groups with settings for neighbor
relationships . The same policy that goes to 1 neighbor in the peer group must go to all if it case one neighbor has a slightly different config we do not use peer-group for this neighbor the idea being a group with all required bgp settings and then add the neighbors to this group so they inherit the settings.
using BGP peer group one update is sent to peer group instead of individual updates helps in optimisation of updates .Configration makes its simpler.
 
 
BGP route relector -Eliminates the need of bgp full mesh ,similar to ospf DR ,BDR elecltion, only peering needs to with RR.
When RR get the update from its client it sent to other RR and its client .
Modify the spilt horizon rule .BGP cluster id is used as loop prevention.
Doesnot modiy the next hope attributes.
Route reflectores modify split horizon rule now routes learn through IBGP can be forwarded to other IBGP nei ,route reflectore can do .
if the client is having IBGP session with multiple routereflectores so each client will receive two copies of all routes.this can create the routing loops to avoid it each route reflector and its client form cluster which is identifed by cluster id which is unique in AS.
whenver particular route is reflected route reflector router id is added to cluster list attirbute and set cluster id number in cluster -list.if for any reason route is reflected back to route reflectore for some reason it will reconganize cluster id includes its own router id . and will not forward it .
 
 
the BGP Link Bandwidth feature used to enable multipath load balancing for external links with unequal bandwidth capacity. This feature is enabled under an IPv4 or VPNv4 address family sessions by entering the bgp dmzlink-bw command. This feature supports both iBGP, eBGP multipath load balancing, and eiBGP multipath load balancing in Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). When this feature is enabled, routes learned from directly connected external neighbor are propagated through the internal BGP (iBGP) network with the bandwidth of the source external link.
 
The link bandwidth extended community indicates the preference of an autonomous system exit link in terms of bandwidth. This extended community is applied to external links between directly connected eBGP peers by entering the neighbor dmzlink-bw command. The link bandwidth extended community attribute is propagated to iBGP peers when extended community exchange is enabled with the neighbor send-community command.
 
it should be configured in conjuction with max path command .
 
bgp dmzlink-bw
neighbor ip-address dmzlink-bw
neighbor ip-address send-community [both | extended | standar
 
 
Aggreagate with AS set command -normal aggregation with summary command advertise the summary prefix only and suppress all the specific routes ,so router which is performing the aggreagation will include its own AS while sending the update .
so when Aggreagate with AS set command is used it will include all the AS in updates for summary prefix for those AS route performing the aggregation with AS list ,this will prevent routing loop.
 
 
attribute map -can be used to modify the community received in aggregation router to none.(command ) MAP.When particular is sending the prefix to router performing aggregation with community like no export attached ,Aggregate router will inherit the communtiy and can cause issue to aggregate prefix while propagating ,TO avoid it we can modifiy the community to none using atrribute map command (aggrgate address x.x.x.x .x.x.x as-set summary only attribute map )
 
 
 
BGP Backdor link- used to modifiy the AD for external route from 20 to 200 so that IGP learned route can be prefered over EBGP .
command will be added to router which is learning the prefises from two routing ptotocols .
 
router bgp x.x.x.x
 
network x.x.x.x mask backdoor
 
= OSPF =
Retrieved from "https://aman.awiki.org/wiki/Special:MobileDiff/4422"