Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
77 Cards in this Set
- Front
- Back
|
What are 5 tools that filter BGP routes?
1 2 3 4 5 |
Four popular tools used to filter BGP routes:
1. Distribution lists 2. Prefix lists 3. AS_PATH filter lists 4. Route maps 5. Additionally, the aggregate-address command can be used to filter component subnets of a summary route. |
|
|
What are the common features of the four popular BGP filtering techniques?
All can filter... Peer group configurations... The filters cannot be ... Each tool's matching logic... If a filter's configuration... The clear command can... |
The four main tools have the following features in common:
■ All can filter incoming and outgoing Updates, per neighbor or per peer group. ■ Peer group configurations require Cisco IOS Software to process the routing policy against the Update only once, rather than once per neighbor. ■ The filters cannot be applied to a single neighbor that is configured as part of a peer group; the filter must be applied to the entire peer group, or the neighbor must be reconfigured to be outside the peer group. ■ Each tool’s matching logic examines the contents of the BGP Update message, which includes the BGP PAs and network layer reachability information (NLRI). ■ If a filter’s configuration is changed, a clear command is required for the changed filter to take effect. ■ The clear command can use the soft reconfiguration option to implement changes without requiring BGP peers to be brought down and back up. |
|
|
NLRI Filtering Tools
BGP Subcommand / Commands Referenced by neighbor Command / What Can Be Matched 1 neighbor distribute-list (standard ACL) 2 neighbor distribute list (extended ACL) 3 neighbor prefix-list 4 neighbor filter-list 5 neighbor route-map |
NLRI Filtering Tools
BGP Subcommand / Commands Referenced by neighbor Command / What Can Be Matched neighbor distribute list (standard ACL) / access-list, ip access-list / Prefix, with WC mask neighbor distribute list (extended ACL) / access-list, ip access-list / Prefix and prefix length, with WC mask for each neighbor prefix-list / ip prefix-list / Exact or “first N” bits of prefix, plus range of prefix lengths neighbor filter-list / ip as-path access-list / AS_PATH contents; all NLRIs whose AS_PATHs are matched considered to be a match neighbor route-map/ route-map / Prefix, prefix length, AS_PATH, and/or any other PA matchable within a BGP route map |
|
|
What are the differences between IGP distribute list and BGP distribute list?
|
One difference between BGP distribute lists and IGP distribute lists is that a BGP distribute list can use an extended ACL to match against both the prefix and the prefix length. When used with IGP filtering tools, ACLs called from distribute lists cannot match against the prefix length.
|
|
|
What is the overall logic for filtering using route maps?
|
The overall logic used by route maps to filter NLRIs is relatively straightforward—the Update is compared to the route map and the route is filtered (or not) based on the first-matching clause.
|
|
|
Explain the permit or deny confusion using ACLs inside of route maps.
|
Both the route map and any referenced ACL or prefix list have deny and permit actions configured, so it is easy to confuse the context in which they are used. The route-map command’s action—either deny or permit—defines whether an NLRI is filtered (deny) or allowed to pass (permit). The permit or deny action in an ACL or prefix list implies whether an NLRI matches the route map clause (permit by the ACL/prefix list) or does not match (deny in the ACL/prefix list).
|
|
|
What is BGP soft reconfiguration?
|
Soft reconfiguration allows a BGP peer to reapply its routing policies without closing a neighbor connection.
|
|
|
What is the command syntax for BGP soft reconfiguration, explain options?
|
clear ip bgp {* | neighbor-address | peer-group-name} [soft [in | out]]
The soft option alone reapplies the policy configuration for both inbound and outbound policies, whereas the inclusion of the in or out keyword limits the reconfiguration to the stated direction. |
|
|
Talk about what has to be configured for BGP soft reconfiguration?
|
Cisco IOS supports soft reconfiguration for sent Updates automatically, but BGP must be configured to support soft reconfiguration for inbound Updates. To support soft reconfiguration, BGP must remember the actual sent and received BGP Update information for each neighbor. The neighbor neighbor-id soft-reconfiguration inbound command causes the router to keep a copy of the received Updates from the specified neighbor. (IOS keeps a copy of sent Updates automatically.) With these Updates available, BGP can simply reapply the changed filtering policy to the Update without closing the neighbor connection.
|
|
|
When can you use soft reconfiguration and when do you want a full clearing?
|
Clearing the neighbor is required to pick up the changes to routing policies that impact Updates sent and received from neighbors. All such changes can be implemented using soft reconfiguration. However, for configuration changes that impact the local injection of routes into the BGP table, soft reconfiguration does not help. The reason is that soft reconfiguration simply reprocesses Updates, and features that inject routes into BGP via the redistribute or network commands are not injected based on Update messages.
|
|
|
Compare what a prefix list can match versus an ACL?
|
A prefix list can match in one line what would take multiple lines in an ACL to accomplish.
|
|
|
What is the best use of route-maps, when are they not overkill?
1. 2. |
However, only route maps can provide the following two functions for BGP routing policy configurations:
1. Matching logic that combines multiple of the following: prefix/length, AS_PATH, or other BGP PAs 2. The setting of BGP PAs for the purpose of manipulating BGP’s choice of which route to use |
|
|
How can the aggregate address command be used to filter routes?
|
Manual BGP route summarization, using the aggregate-address BGP router subcommand, provides the flexibility to allow none, all, or a subset of the summary’s component subnets to be advertised out of the BGP table. By allowing some and not others, the aggregate-address command can in effect filter some routes.
|
|
|
What are the filtering options with the aggregate address command?
1 2 3 |
The filtering options on the aggregate-address command are as follows:
1. Filtering all component subnets of the summary from being advertised, by using the summary-only keyword 2. Advertising all the component subnets of the summary, by omitting the summary-only keyword 3. Advertising some and filtering other component subnets of the summary, by omitting the summary-only keyword and referring to a route map using the suppress-map keyword |
|
|
What is tricky about the logic of the suppress map?
|
The logic behind the suppress-map option can be a little tricky. This option requires reference to a route map, with any component subnets matching a route map permit clause being suppressed in other words, routes permitted by the route map are filtered and not advertised. The router does not actually remove the suppressed route from its local BGP table; however, it does suppress the advertisement of those routes.
|
|
|
What are the two steps for AS_PATH filters?
1 2 |
The main two steps are as follows:
1 . Configure the AS_PATH filter using the ip as-path access-list number { permit | deny} regex command. 2. Enable the AS_PATH filter using the neighbor neighbor-id filter-list as-path-filter-number {in | out} command. Based on these commands, Cisco IOS examines the AS_PATH PA in the sent or received Updates for the stated neighbor. NLRI whose AS_PATHs match with a deny action are filtered. |
|
|
What are the AS_PATH segments? When do you see them?
Component/ Description/ Delimiters Between ASNs Character Enclosing the Segment |
Four types of AS_PATH segments.
Most common is AS_SEQUENCE, which is an ordered list of all the AS's through which the route has passed. Most recently added is the first or leftmost entry. The other three AS_PATH segment types come into play when using confederations and route summarization. Component/ Description/ Delimiters Between ASNs Character Enclosing the Segment AS_SEQUENCE / An ordered list of ASNs through which the route has been advertised/ Space None AS_SET / An unordered list of ASNs through which the route has been advertised/ Comma {} AS_CONFED_SEQ/ Like AS_SEQ, but holds only confederation ASNs/ Space () AS_CONFED_SET/ Like AS_SET, but holds only confederation ASNs/ Comma {} |
|
|
What construct is used to match AS_PATH segments?
What is the logic? 1. 2. 3. 4. |
Uses regular expressions.
The logic is then applied as follows: 1. The regex of the first line in the list is applied to the AS_PATH of each route. 2. For matched NLRI, the NLRI is passed or filtered based on that AS_PATH filter’s configured permit or deny action. 3. For unmatched NLRI, Steps 1 and 2 are repeated, using the next line in the AS_PATH filter, analyzing all NLRI yet to be matched by this list. 4. Any NLRI not matched explicitly is filtered |
|
|
What are the meanings of the regex metacharcters?
^ $ | _ . ? * + (string) [string] |
Metacharacter Meaning
^ Start of line $ End of line | Logical OR applied between the preceding and succeeding characters1 _ Any delimiter: blank, comma, start of line, or end of line2 . Any single character ? Zero or one instances of the preceding character * Zero or more instances of the preceding character + One or more instances of the preceding character (string) Parentheses combine enclosed string characters as a single entity when used with ?, *, or + [string] Creates a wildcard for which any of the single characters in the string can be used to match that position in the AS_PATH |
|
|
What is the logic of matching with regex?
|
When the regular expression is applied to a BGP route, Cisco IOS searches the AS_PATH for the first instance of the first item in the regex; from that point forward, it processes the rest of the AS_PATH sequentially.
|
|
|
Example Regex What Type of AS_PATH It Would Match
.* ^$ ^123$ ^123 ^123. |
Example Regex What Type of AS_PATH It Would Match
.* All AS_PATHs (useful as a final match to change the default from deny to permit). ^$ Null (empty)—used for NLRIs originated in the same AS. ^123$ An AS_PATH with only one AS, ASN 123. ^123 An AS_PATH whose first ASN begins with or is 123; includes 123, 1232, 12354, and so on. ^123. An AS_PATH whose first ASN is one of two things: a four-digit number that begins with 123, or a number that begins with ASN 123 and is followed by a delimiter before the next ASN. (It does not match an AS_PATH of only ASN 123, because the period does not match the end-of-line.) |
|
|
Example Regex What Type of AS_PATH It Would Match
^123+ ^123+_ ^123* ^123*_ ^123? ^123_45$ |
^123+ An AS_PATH whose first ASN begins with 123, with 1233, or is 12333. For example, it includes ASNs 1231 and 12331 because it does not specify what happens after the +.
^123+_ An AS_PATH whose first ASN is one of three numbers: 123, 1233, or 12333. It does not match 1231 and 12331, for example, because it requires a delimiter after the last 3. ^123* An AS_PATH whose first ASN begins with 12, 123, or 1233, or is 12333. Any character can follow these values, because the regex does not specify anything about the next character. For example, 121 would match because the * can represent 0 occurrences of “3”. 1231 would match with * representing 1 occurrence of 3. ^123*_ An AS_PATH whose first ASN begins with 12, 123, or 1233, or is 12333. It does not include matches for 121, 1231, and 12331, because the next character must be a delimiter. ^123? An AS_PATH whose first ASN begins with either 12 or 123. ^123_45$ An AS_PATH with two autonomous systems, beginning with 123 and ending with 45. |
|
|
Example Regex What Type of AS_PATH It Would Match
^123_.*_45$ ^123_.*45 (^123_45$)|(^123_.*_45$) ^123_45$|^123_.*_45$ ^123(_[0..9]+)*_45 ^{123 [(]303.*[)] |
^123_.*_45$ An AS_PATH beginning with AS 123 and ending in AS 45, with at least one other AS in between.
^123_.*45 An AS_PATH beginning with AS 123, with zero or more intermediate ASNs and delimiters, and ending with any AS whose last two digits are 45 (including simply AS 45). (^123_45$)|(^123_.*_45$) An AS_PATH beginning with 123 and ending with AS 45, with zero or more other ASNs between the two. ^123_45$|^123_.*_45$ (Note: this is the same as the previous example, but without the parentheses.) Represents a common error in attempting to match AS_PATHs that begin with ASN 123 and end with ASN 45. The problem is that the | is applied to the previous character ($) and next character (^), as opposed to everything before and after the |. ^123(_[0..9]+)*_45 Another way to match an AS_PATH beginning with 123 and ending withAS 45. ^{123 The AS_PATH begins with an AS_SET or AS_CONFED_SET, with the first three numerals of the first ASN being 123. [(]303.*[)] Find the AS_CONFED_SEQ, and match if the first ASN begins with 303. |
|
|
What are the two commands for filtering with AS_PATHs and regex?
|
ip as-path access-list access-list-number {permit | deny} as-regexp
neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} |
|
|
What are three issues regarding BGP show commands and filtering?
1 2 3 |
The example also depicts a couple of broader issues regarding the Cisco IOS BGP show commands:
1. The show ip bgp neighbor neighbor-id advertised-routes command displays the routes actually sent—in other words, this command reflects the effects of the filtering by omitting the filtered routes from the output. 2. The show ip bgp neighbor neighbor-id received-routes command displays the routes actually received from a neighbor, never omitting routes from the output, even if the router locally filters the routes on input. 3. Output filter lists are applied before the router adds its own ASN to the AS_PATH. |
|
|
What are two ways to test a regex before implementing it?
|
show ip bgp neighbor x.x.x.x received-routes | include REGEX
This command parses the entire command output using the regex after the include keyword. However, note that this command looks at the ASCII text of the command output, meaning that some special characters (like beginning-of-line and end-of-line characters) do not exist. The other method to test a regex is to use the show ip bgp regexp expression command. This command parses the AS_PATH variables in a router’s BGP table, including all special characters, allowing all aspects of the regex to be tested. However, the regexp option of the show ip bgpcommand is not allowed with the received-routes or advertised-routes option. |
|
|
What are the two main categories of path attributes?
|
whether a particular implementation of BGP software must support the PA (well known) or support for the PA is not required (optional).
|
|
|
What are the two subcategories of the first main category of path attributes?
|
mandatory - the PA must be in every BGP Update
discretionary - the PA is not required in every BGP Update |
|
|
What are the two subcategories of the second major subcategory of path attributes?
|
Optional PAs can be:
transitive - the router should silently forward the PA to other routes without needing to consider the meaning of the PA nontransitive - the router should remove the PA so that it is not propagated to any peers. |
|
|
Path Attribute /Description /Characteristics
A N A A O O C |
AS_PATH / Lists ASNs through which the route has been advertised / Well-known mandatory
NEXT_HOP / Lists the next-hop IP address used to reach an NLRI / Well-known mandatory AGGREGATOR / Lists the RID and ASN of the router that created a summary NLRI / Optional transitive ATOMIC_AGGREGATE / Tags a summary NLRI as being a summary / Well-known discretionary ORIGIN / Value implying from where the route was taken for injection into BGP; i (IGP), e(EGP), or ? (incomplete information) / Well-known mandatory ORIGINATOR_ID / Used by RRs to denote the RID of the iBGP neighbor that injected the NLRI into the AS / Optional nontransitive CLUSTER_LIST / Used by RRs to list the RR cluster IDs in order to prevent loops / Optional nontransitive |
|
|
BGP Decision Process Steps 0-3
|
0. Is the NEXT_HOP reachable?—Many texts, as well as RFC 1771, mention the fact that if a router does not have a route to the NEXT_HOP PA for a route, it should be rejected in the decision process.
1 . Highest administrative weight—This is a Cisco-proprietary feature. The administrative weight can be assigned to each NLRI locally on a router, and the value cannot be communicated to another router. The higher the value, the better the route. 2. Highest LOCAL_PREF PA—This optional nontransitive PA can be set on a router inside an AS, and distributed inside the AS only. As a result, this feature can be used by all BGP routers in one AS to choose the same exit point from their AS for particular NLRI. The higher the value, the better the route. 3. Locally injected routes—Pick the route injected into BGP locally; (using the network command, redistribution, or route summarization). (This step is seldom needed, and is sometimes omitted from other BGP references.) |
|
|
BGP Decision Process Steps 4-6
|
4. Shortest AS_PATH length—The shorter the AS_PATH length, the better the route. The length calculation ignores both AS_CONFED_SET and AS_CONFED_SEQ, and treats an AS_SET as 1 ASN, regardless of the number of ASNs in the AS_SET. It counts each ASN in the AS_SEQUENCE as 1. (This step is ignored if the bgp bestpath as-path ignore command is configured.)
5. ORIGIN PA—IGP (I) routes are preferred over EGP (E) routes, which are in turn preferred over incomplete (?) routes. 6. Smallest Multi-Exit Discriminator (MED) PA—Traditionally, this PA allows an ISP with multiple peer connections to a customer AS to tell the customer AS which of the peer connections is best for reaching particular NLRI. The smaller the value, the better the route. |
|
|
BGP Decision Process Steps 7-9
|
7. Neighbor Type—Prefer eBGP routes over iBGP. For this step, treat confederation eBGP as equal to iBGP.
8. IGP metric for reaching the NEXT_HOP—IGP metrics for each NLRI’s NEXT_HOP are compared. The lower the value, the better the route. 9. Keep oldest eBGP route. If the routes being compared are eBGP, and one of the paths is the currently best path, retain the existing best path. This action reduces eBGP route flaps. |
|
|
BGP Decision Process Steps 10-11
|
10. Choose smallest neighbor RID. Use the route whose next-hop router RID is the smallest. Only perform this step if bgp bestpath compare-routerid is configured.
11 . Smallest neighbor ID. To get to this step, the local router has at least two neighbor relationships with a single other router. For this atypical case, the router now prefers the route advertised by the lowest neighbor ID, as listed in that router s neighbor commands. |
|
|
3 key items about the BGP decision process logic
1 2 3 |
The following statements summarize the logic:
■ If the best path for an NLRI is determined in Steps 0 through 8, BGP adds only one BGP route to the IP routing table—the best route, of course. ■ If the best path for an NLRI is determined after Step 8, BGP considers placing multiple BGP routes into the IP routing table. ■ Even if multiple BGP routes are added to the IP routing table, BGP still chooses only one route per NLRI as the best route; that best route is the only route to that NLRI that BGP will advertise to neighbors. |
|
|
BGP Decison process pneumonic
|
|
|
|
Proprietary Features and BGP Path Attributes that Affect the BGP Decision Process
PA-Other /Description /BGP PA Type N W L A O M N I B |
NEXT_HOP / Lists the next-hop IP address used to reach an NLRI. / Well-known mandatory
Weight / Local Cisco-proprietary setting, not advertised to any peers. Bigger is better. / — LOCAL_PREF / Communicated inside a single AS. Bigger is better; range 0 through 2 to the power of 32 – 1. / Well-known discretionary AS_PATH length / The number of ASNs in the AS_SEQ, plus 1 if an AS_SET exists. / Well-known mandatory ORIGIN / Value implying the route was injected into BGP; I (IGP), E (EGP), or ? (incomplete information). / Well-known mandatory MULTI_EXIT_DISC (MED) Multi-Exit Discriminator. / Set and advertised by routers in one AS, impacting the BGP decision of routers in the other AS. Smaller is better. / Optional nontransitive Neighbor Type / The type of BGP neighbor from which a route was learned. Confederation eBGP is treated as iBGP for the decision process./ — IGP metric to reach NEXT_HOP / Smaller is better./ — BGP RID / Defines a unique identifier for a BGP router. Smaller is better./ — |
|
|
a picture of the show ip bgp command to see where the path attributes are displayed
|
|
|
|
The show ip bgp command does not display all the information BGP uses to determine best path, what items are left and what commands to view them?
|
Advertising router RID, neighbor ID can be seen with the show ip bgp x.x.x.x (x.x.x.x is a route)
IGP metric is viewed with the show ip route command. |
|
|
Key Features of Administrative Weight
Feature / Description Is it a PA? Purpose Scope Default Changing the defaults Range Which is best? Configuration |
Is it a PA? No; Cisco proprietary feature
Purpose Identifies a single router’s best route Scope In a single router only Default 0 for learned routes, 32,768 for locally injected routes Changing the defaults Not supported Range 0 through 65,535 (216 – 1) Which is best? Bigger values are better Configuration Via neighbor route-map in command or the neighbor weight command (if a route is matched by both commands, IOS uses weight specified in route map) |
|
|
Key Features of Local Pref
Feature / Description Is it a PA? Purpose Scope Default Changing the default Range Which is best? Configuration |
PA? Yes, well known, discretionary
Purpose Identifies the best exit point from the AS to reach the NLRI Scope Throughout the AS in which it was set, including confederation sub-ASs Default 100 Changing the default Using the bgp default local-preference <0-4294967295> BGP subcommand Range 0 through 4,294,967,295 (2^32 – 1) Which is best? Higher values are better Configuration Via neighbor route-map command; in option is required for Updates from an eBGP peer |
|
|
what is the jist of the origin step in the BGP decision process?
|
When the same NLRI is locally injected into BGP from multiple methods, pick the route with the better ORIGIN PA.
|
|
|
Features that Impact the Total Number of ASs in the AS_PATH Length Calculation
Feature /Description AS_SET Confederations Aggregate-address command neighbor remove private-as command neighbor local-as noprepend command AS_PATH prepending bgp bestpath as-path ignore command |
AS_SET / Regardless of actual length, it counts as a single ASN.
Confederations / AS_CONFED_SEQ and AS_CONFED_SET do not count at all in the calculation. aggregate-address command / If the component subnets have different AS_PATHs, the summary route has only the local AS in the AS_SEQ; otherwise, the AS_SEQ contains the AS_SEQ from the component subnets. Also, the presence/absence of the as-set command option determines whether the AS_SET is included. neighbor remove private-as command / Used by a router attached to a private AS (64512–65535), causing the router to remove the private ASN used by the neighboring AS. neighbor local-as noprepend command / Allows a router to use a different AS than the one on the router bgp command; with the no-prepend option, the router does not prepend any ASN when sending eBGP Updates to this neighbor. AS_PATH prepending / Using a neighbor route-map in either direction, the route-map can use the set as-path prepend command to prepend one or more ASNs into the AS_SEQ. bgp bestpath as-path ignore command / Removes the AS_PATH length step from the decision tree for the local router. |
|
|
Cisco IOS has several restrictions regarding whether a private AS is removed as a protection against causing routing loops:
1 2 3 |
■ Private ASNs can be removed only at the point of sending an eBGP Update.
■ If the current AS_SEQ contains both private and public ASNs, the private ASNs will not be removed. ■ If the ASN of the eBGP peer is in the current AS_PATH, the private ASNs will not be removed, either. This feature works with confederations as well, with the same restrictions being applied to the AS_CONFED_SEQ. |
|
|
How do you perform AS_PATH prepending?
|
To do so, a router simply configures a route map, refers to it with a neighbor route-map command, with the route map using the set as-path prepend asn1 asn2… command. As a result, the route map prepends additional ASNs to the AS_SEQUENCE.
|
|
|
Route aggregation (summarization) with the BGP aggregate-address command impacts the AS_PATH length in a couple of ways:
1 2 |
■ The router checks the component subnets’ AS_PATH AS_SEQ values. If all the component subnets’ AS_SEQ values are identical, the aggregate route uses that same AS_SEQ.
■ If the component subnets’ AS_SEQ values differ at all, the aggregating router uses a null AS_SEQ for the aggregate. (When advertised to an eBGP peer, the router does prepend its local ASN, as normal.) Of course, this process shortens the AS_PATH length. |
|
|
Additional AS_PATH implications from the aggregate-address command and as-set option?
|
Additionally, the aggregate-address command with the as-set option may lengthen the AS_PATH length calculation as well. When a router uses this command with the as-set option, and the aggregate empties out the AS_SEQ as described in the previous paragraph, the router adds an AS_SET segment to the AS_PATH. (Conversely, if the aggregate does not empty the AS_SEQ, the router does not create the AS_SET, as it is not needed for loop prevention in that case.) The AS_SET includes all ASNs of all component subnets.
The BGP AS_PATH length calculation counts the entire AS_SET as 1, regardless of the actual length. |
|
|
What is the jist of the ORIGIN PA step in the BGP decision process?
|
If the set of routes to reach a single NLRI includes only one route of ORIGIN code IGP (i), and all the others as incomplete (?), then the route with ORIGIN i is the best route.
|
|
|
How is the BGP ORIGIN_PA set and how is it determined?
|
BGP routing policies may set the ORIGIN code explicitly by using the set origin route map subcommand, although the earlier steps in the BGP decision process are typically better choices for configuring BGP policies. BGP determines the ORIGIN code based on the method used to inject the routes, along with the options used with the aggregate-address command
|
|
|
Key Features of MED
Feature / Description Is it a PA? Purpose Scope Default Changing the default Range Which is best? Configuration |
Is it a PA?/ Yes, optional nontransitive
Purpose / Allows an AS to tell a neighboring AS the best way to forward packets into the first AS Scope / Advertised by one AS into another, propagated inside the AS, but not sent to any other ASs Default / 0 Changing the default / Using the bgp bestpath med missing-as-worst BGP subcommand; sets it to the maximum value Range / 0 through 4,294,967,295 (2^32 – 1) Which is best? / Smaller is better Configuration / Via neighbor route-map out command, using the set metric command inside the route map |
|
|
What is with the default MED value, how can you change it to make it more logical? any caveat?
|
A better default for MED can be set by using the bgp bestpath med missing-as-worst BGP subcommand, which resets a router’s default MED to the largest possible MED value, instead of the lowest. Note that it is important that all routers in the same AS either use the default of 0 or configure this command; otherwise, routing choices will be affected.
|
|
|
By default, a Cisco router ignores MED when… why does this make sense?
|
By default, a Cisco router ignores MED when the multiple routes to a single NLRI list different neighboring ASNs. This default action makes sense—normally you would not expect two different neighboring ISPs to have chosen to work together to set MEDs.
|
|
|
How to override the default action with MED? What is the result?
|
To override this default and consider the MED in all cases, a router needs to configure the bgp always-compare-med BGP subcommand. If used on one router, all routers inside the same AS should also use the bgp always-compare-med command, or routing loops may result.
|
|
|
With MED and the order of the the entries in the BGP table, what is the default behavior?
|
Depending on that order, in some cases in which the competing routes for the same NLRI have different MEDs from different autonomous systems, the order of the entries impacts the final choice of the best route. In part, the difference results from the fact that Cisco IOS (by default) processes the list sequentially—which means it processes the first pair of routes (newest), picks the best of those two, then compares that one with the next newest, and so on.
|
|
|
How does Cisco solve the BGP list of entries problem with MED?
|
Cisco solved this nondeterministic behavior for MED processing problem by creating an alternative process for analyzing and making the MED decision. With this new process, BGP processes the routes per adjacent AS, picking the best from each neighboring AS, and then comparing those routes. This logic provides a deterministic choice based on MED—in other words, it removes the possibility of BGP picking a different route based on the order of the routes in the BGP table. To enable this enhanced logic, add the bgp deterministic-med command to the routers in the same AS. In fact, Cisco recommends this setting for all new BGP implementations.
|
|
|
MED has a TTL like behavior, describe it?
|
The MED PA is not intended to be advertised outside the AS that heard the MED in an incoming BGP Update. Typically, and as shown in the examples in this section, the MED can be set in an outbound route map by a router in one AS to influence the BGP decision process in another AS. So, the MED value is set by routers in one AS, and learned by routers in another AS. However, after reaching the other AS, the MED is advertised inside the AS, but not outside the AS.
|
|
|
What happens if MED is set inbound to an AS?
|
MED can also be set via inbound route maps, although that is not the intended design with which to use MED. When setting MED via an inbound route map, the MED is indeed set. The router can advertise the MED to iBGP peers. However, the MED is still not advertised outside the local AS.
|
|
|
With the comparison of eBGP versus iBGP routes at step 7, why is the winner the logical one?
|
The assumption is two peering points with the same ISP. Each border router learns the same routes, adverstises them to iBGP neighbors, which ends up with cross learning on the border routers. They have a route from the other AS and from internal to their AS. Choose the eBGP route because it is "closer" to the source than through your own AS.
|
|
|
The goal of the BGP decision tree is to …
|
The goal of the BGP decision tree is to find the one best BGP route to each NLRI, from that router’s perspective. That router then considers only its best routes for advertising to other routers, restricting those routes based on AS_PATH loop prevention and routing policy configuration. That router also attempts to add that best route, and that best route only, to its IP routing table. In fact, as long as another routing source has not found a route to the same prefix, with a better administrative distance, the best BGP route is placed into that router’s routing table.
|
|
|
After what step is there a tiebreaker decision... what the two things that happen then
|
After steps 0 through 8.
At this point, BGP needs to make two important decisions: ■ Which route is best—BGP uses two tiebreakers, discussed next, to determine which route is best. ■ Whether to add multiple BGP routes for that NLRI to the IP routing table—BGP considers the setting of the maximum-paths command to make this decision, as described after the discussion of Steps 9 and 10. |
|
|
Even if BGP adds to the IP routing table multiple BGP routes to the same prefix...
|
Even if BGP adds to the IP routing table multiple BGP routes to the same prefix, it still picks only one as the best route in the BGP table.
|
|
|
The first tiebreaker has two steps, what are they
|
The first tiebreaker is to pick the route with the lowest RID. The logic is actually two steps, as follows:
1 . Examine the eBGP routes only, picking the route advertised by the router with the lowest RID. 2. If only iBGP routes exist, pick the route advertised by the router with the lowest RID. |
|
|
What is the exception to the first tiebreaker?
What is the reasoning? How to change? |
If a best route is already known by eBGP do not replace with an new one just because it has a lower Router ID.
The reasoning is to prevent route flaps. This behavior can be changed so that the lowest RID is always used, by configuring the bgp bestpath compare-routerid BGP subcommand. Note that this exception only applies to eBGP routes; if the currently best route is an iBGP route, the decision is simply based on the lowest advertising router’s RID |
|
|
IF the first tiebreaker did not pick the best route, what do you have?
What does the router do now? |
Then the router has at least two neighbor commands that point to the same router, and that router happens to have the lowest RID of all current neighbors advertising the NLRI in question.
At this point, the router looks at the IP addresses on the neighbor commands corresponding to all the neighbors from which the route was received, and it picks the lowest neighbor IP address. Note that, as usual, it considers all routes again at this step, so it may not pick the neighboring router with the lowest RID at this point. |
|
|
BGP defaults the maximum-paths command to…
Different or same for iBGP and eBGP |
A setting of 1.
different |
|
|
What are the four rules for maximum paths with eBGP?
1 2 3 4 |
First, consider eBGP routes. The following rules determine if and when a router will add multiple eBGP routes to the IP routing table for a single NLRI:
1 . BGP must have had to use a tiebreaker (Step 9 or 10) to determine the best route. 2. The maximum-paths number command must be configured to something larger than the default of 1. 3. Only eBGP routes whose adjacent ASNs are the same ASN as the best route are considered as candidates. 4. If more candidates exist than that called for with the maximum-paths command, the tiebreakers of Steps 9 and 10 determine the ones to use. Although the list is detailed, the general idea is that the router can trust multiple routes, but only if the packets end up in the same adjacent AS. |
|
|
What are the 4 rules for maximum paths and iBGP?
1 2 3 4 |
The rules for iBGP have some similarities with eBGP, and a few differences, as follows:
1 . Same rule as eBGP rule 1. (BGP must have had to use a tiebreaker (Step 9 or 10) to determine the best route.) 2. The maximum-paths ibgp number command defines the number of possible IP routes, instead of the maximum-paths number command used for eBGP. 3. Only iBGP routes with differing NEXT_HOP settings are considered as candidates. 4. Same rule as eBGP rule 4. (If more candidates exist than that called for with the maximum-paths command, the tiebreakers of Steps 9 and 10 determine the ones to use.) |
|
|
BGP maximum-paths Command Options
Command /Conditions for Use |
Command /Conditions for Use
maximum-paths number / eBGP routes only maximum-paths ibgp number / iBGP routes only maximum-paths eibgp number / Both types, but MPLS only |
|
|
What is the general purpose of BGP communities?
Why are they powerful? |
The BGP COMMUNITY PA provides a mechanism by which to group routes so that routing policies can be applied to all the routes with the same community.
BGP communities are powerful in that they allow routers in one AS to communicate policy information to routers that are one or more autonomous systems distant. In fact, because the COMMUNITY PA is an optional transitive PA, it can pass through autonomous systems that do not even understand the COMMUNITY PA, and then still be useful at another downstream AS. |
|
|
What is the old community format?, what is the new?
How to use the new format? |
old = 32 bit decimal number
new = 32 bit decimal number AA:NN the global command ip bgp-community new-format |
|
|
The COMMUNITY PA also supports multiple entries.
The set community 10 20 30 command, applied within a route map, would … . However, the set community 10 20 30 additive command would … |
actually create a COMMUNITY with all three values. In that case, any existing COMMUNITY value would be replaced with 10, 20, and 30.
add the values to the existing COMMUNITY string. |
|
|
Why does the matching of community values requires sophisticated commands?
|
As a result of the multi-entry COMMUNITY, and as a result of the literal “:” inside the COMMUNITY string when using the new format, Cisco IOS requires some more sophisticated matching capabilities as compared with IP ACLs.
|
|
|
community lists can list multiple values on the same ip community-list command; to match such a command, …
Also, extended community lists (numbered 100–199) allow matching of the COMMUNITY PA with .. |
the COMMUNITY must include all the values. (The COMMUNITY values are unordered, so the order in which the values are listed in the community list does not matter.)
regular expressions. |
|
|
Comparing Standard and Extended Community List
Feature / Standard/ Extended L Can match... Can match... More than ... |
Feature / Standard/ Extended
List numbers / 1–99 / 100–99 Can match multiple communities in a single command? / Yes / Yes Can match the COMMUNITY PA with regular expressions / No / Yes More than 16 lines in a single list? / No / Yes |
|
|
how can you empty a community value?
How can you delete just one entry in the community string? |
with a route-map clause set community none (which clears everything)
by using the set comm-list community-list-number delete command. |
|
|
COMMUNITY Values Used Specifically for NLRI Filtering
Name / Value / Meaning N N L How do these values need to be advertised in iBGP? |
Name / Value / Meaning
NO_EXPORT / FFFF:FF01 / Do not advertise outside this AS. It can be advertised to other confederation autonomous systems. NO_ADVERT / FFF:FF02 / Do not advertise to any other peer LOCAL_AS / FFFF:FF03 / Do not advertise outside the local confederation sub AS. iBGP peers inside AS 2 must enable COMMUNITY using the neighbor send-community command. |
|
|
BGP Protocol / RFC
BGP-4 The NOPEER Community BGP Route Reflection BGP Communities |
BGP-4 / 4271
The NOPEER Community / 3765 BGP Route Reflection / 4456 BGP Communities / 1997 |
