Introduction to BGP


(Rene Molenaar) #3

Hi Rob,

Good question, there’s not a really short answer to it :slight_smile: With routing protocols like RIP, OSPF or EIGRP we use default routes for outbound traffic so we really don’t know anything about the destination. When we use BGP, it’s possible that we learn about all possible destinations (entire Internet routing table) or a partial routing table.

BGP uses a lot of different attributes (weight, local preference, metric, etc) that we can use to decide which path we use for certain destinations. You can use these for traffic engineering to send an X amount of traffic to one BGP neighbor and the rest to another neighbor.

Another option is something called “bgp dmzlink-bw”. This allows you to do load balancing based on the bandwidth.

Rene


(Robert G) #4

Thanks Rene, appreciate the replies as always.
Cheers
Rob


(Nicholas C) #5

Great explanation!


(Kulwant K) #6

My company have two ISP connections but we only use 1 for all our traffic and the other was is for backup situation. We were planning to buy a netgear router (http://www.netgear.com.au/business/products/security/FVS336G.aspx#tab-features). There are two WAN port and it has load sharing capability. Are you saying that in the configuration we will not be able to set 80% to ISP 1 and 20% to ISP2 and it will be 50/50 distribution only? and if we do want to send 80% trafic through 1 ISP and 20% through another we don’t have an other option but to buy beefy routers to run BGP. Moreover, I heard that bgp is more about controlling incoming traffic flow from multiple ISPs to your network (you may be running multiple webserver in your network)rather than outgoing traffic from your network?


(Rene Molenaar) #7

Hi Kulwant,

It depends on the router, maybe it’s possible. You will have two default routers so most routers will just do “per packet” or “per destination” load balancing and you will have about 50/50 load balancing. Some routers might check the current load of the interfaces and then select the outgoing interface…

BGP is typically used to advertise your public IP space. You can also use it for outbound load balancing if you receive more than just the default route from your ISPs. Also, by using AS path prepending and/or MED we can influence how traffic enters our network.

Rene


(Lorenzo A) #8

Hi Rene! You write excellent articles about networking!

I have just started learn BGP, and there is question that bother me. I attached screenshot from some site, and as you can this is wireshark capture. Router sends bgp packets “OPEN Message, KEEPALIVE Message” and “KEEPALIVE Message, KEEPALIVE Message”. Meaning there are two messages in one packets. Why BGP process do that? I test that and in very beginning of bgp session initiation routers send “update message, update message” (meaning there are two update messages in one packet) to each other.


(Rene Molenaar) #9

Hi Lorenzo,

Thanks, glad to hear you like it!

That capture looks weird…I haven’t seen it before and I can’t find anything about it. Where did you find it?

Seeing multiple update messages in one frame is normal but I haven’t seen open + keepalive combined. Here’s a wireshark capture I just did on two IOS 15 routers with external BGP:

https://www.cloudshark.org/captures/89f1795591f6

Rene

 


(Lorenzo A) #10

Thank you for response.

I have seen it on http://linkmeup.ru/blog/65.html. That artcile is written in Russian, so I assume you will have difficulties to read it. But there is article in English with similar wireshark captures. http://www.4pronetworks.co.uk/blog/asa-bgp-pass-through/ written in English.

You said that two multiple update in one message it’s normal. Could you explain this?


(Rene Molenaar) #11

Hi Lorenzo,

I took a look, with google translate I can get pretty far :slight_smile:

About the update message…

  • When the path attributes for prefixes are the same then BGP will combine them in a single update message.
  • When the path attributes for prefixes are different then BGP will use multiple updates messages but they can be in the same frame.
 

Take a look at these two wireshark captures. In the first one the path attributes are the same and in the second one they are different.

BGP same path attributes

BGP different path attributes

Hope this helps.

Rene


(Lorenzo A) #12

Excellent explanation about multiple updates messages when the path attributes for prefixes are different. But I think there is another reason for such behavior. As you can see in your capture: https://www.cloudshark.org/captures/89f1795591f6 second update message is empty.
I get the same behavior in GNS3 when routers start session between each other they send “update message, update message” to each other and where second update is empty. I attaches screenshot from your capture.

And about different messages in the same frame. On the http://linkmeup.ru/blog/65.html is written that in the “open message, keepalive message” keepalive message is sent as response to previous open message and this keepalive indicates to router that session can change state from open to established. But I think it’s not valid reason for such behavior and besides neither your nor mine captures don’t indicates that type of messages. And “keepalive message, keepalive message” seems very stange, what is the reason for sending two keepalive messages in one frame? Maybe it’s ASA thing? Because in the second article http://www.4pronetworks.co.uk/blog/asa-bgp-pass-through/ these messages ( “open message, keepalive message” and “keepalive message, keepalive message”) sent only by ASA and router don’t send those messages in one frame instead it sent them separatly.

Thank you for response!

 


(Lorenzo A) #13

No, it wasn’t ASA. In case of http://www.4pronetworks.co.uk/blog/asa-bgp-pass-through/ ASA was just in between two routers, and it only passed through bgp packets which two routers were sending to each other.


(Rene Molenaar) #14

Hi Lorenzo,

That’s right, the empty update message also has a function. This is called the EOR (End of RIB) marker and it’s always 23 bytes (you can see it in the screenshot). It’s an empty update to tell the other side that all routes have been sent.

The “double keepalive” and “open keepalive” don’t make much sense to me…I haven’t seen this before, very strange. I searched around if I could find anything about it but nothing…

Rene


(Lorenzo A) #15

Hi Rene,

Thank you for response! I think it’s not so important to know why bgp sends “double keepalive” and “open keepalive”, but I wanted to know it just out of curiosity and for better understanding bgp, but really it’s not so important. And by the way, you can find “double keepalive” and “open keepalive” also in the cloudshark bgp captures, for example: https://www.cloudshark.org/captures/004f81c952b7 and https://www.cloudshark.org/captures/00249be4441f I tried to understand the need of those “double keepalive” and “open keepalive” by looking inside, but I couldn’t find nothing special about, for example, second keepalive. Two keepalive in one packets are absolute identical! Thank you for providing useful information about “double update” messages.


(Rene Molenaar) #16

Hi Lorenzo,

No problem. It was interesting to take a look at that capture file, the two keepalive messages are indeed exactly the same so I have no idea why they are there :slight_smile:

Rene


(Jie C) #17

Hi Rene,
A question regarding to bgp redundance for isp. The isp is using as number as 1 for example, they har deliver two line to the customer. The ISP has decided to use as 65000 for ebgp peering with the customer. In this case since the as is not unique, other as 65000 is existing in other location anywhere in the world. Because of the loop prevention, the customer for sure can not reach some locations right? Or should i say the private as nr like public ip address will not be visable from the internet bgp point of view?

  1. In this scenario, i would assume if the isp is using the 65000 for another customer this two customer could not reach each other via internett right? To solve this we use as-overide or we have better option to solve this?

(Andrew P) #18

Jie,
I think you are asking two questions:

  1. unless you are assigned an ASN by an Internet authority, like ARIN, then it is common practice for ISPs to use a private BGP AS when they peer with you. These AS numbers are not allowed on the Internet, so the ISP will translate them into their own AS number before routes leave their AS to another ISP or organization. Think of it like BGP “NAT” where inside the ISP a private range is used, and gets translated to a publicly recognized range. Because of this, the customer will not have any problems with loop prevention with BGP

  2. It is also possible (and common) for ISPs to use the same private AS number among many of their customers. They can get away with this by use VRFs (virtual routing and forwarding). The setup of this feature can get a little complex because you have to use things called Route Distinguishers and Route Targets (both import and export). Here is a link where Cisco talks about how BGP works with VRF
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/per-vrf_assignment_of_bgp_router_id.html


(Nanu N) #19

Hi Rene,

In one of the scenario which you have discussed above,where we have only one ISP and we want our web servers and mail servers to be reachable from the internet.for this you said we still dont need BGP.so the only option for our web servers to be reachable from internet is that the ISP need to configure static routes to our servers which are having public IPs…right?

Regards,
Nanu


(Rene Molenaar) #20

Hi Nanu,

If we are connected to a single ISP then we could use a couple of IP addresses from the public address space of the ISP and be done with it. We need a default route on our end towards the ISP and the ISP can use a static route towards us.

Once you are connected to multiple ISPs and you want to use your own address space then it would be a good idea to use BGP. This allows you to advertise your own address space to both ISPs.

Rene


(Nanu N) #21

Thanks Rene


(Paul L) #22

Hello Rene,

Will a BGP Neighbor adjacency form if keepalives are set to 0?

Thanks in advance

Paul