AWS Networking Tutorial (AWS BGP – Critical Cloud Architect Skills Training)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
would you like to learn about networking for cloud architects if so this video is for you hi my name is michael gibbs and i've been working in technology for well over 25 years and i'm one of the original cisco certified internet experts and today we're going to be talking about bgp for cloud architects i'd like to begin this discussion with what is bgp bgp is a routing protocol more specifically it's an exterior gateway protocol that's used to connect to external organizations what do i mean by an exterior gateway protocol inside of organizations they run a routing protocol which is called an igp and that's what they use for their internal routing but when an organization determines it needs to connect to an external organization it still needs to share some routing information and it needs to ensure some routing information to ensure there's connectivity between both organizations and the way you do that is you use an exterior gateway protocol and the exterior gateway protocol that's widely used is bgp or border gateway protocol now bgp is what you would call a path vector routing protocol and it will determine a path to get to the destination and by determining the best path to the destination it can enable you to traffic engineer your traffic as well as make sure your data gets from point a to point b now when you're dealing with a cloud computing environment you're going to be using bgp for a lot of reasons for example when using aws if you want to connect to aws over direct connection you must use bgp and if you're going to be dealing with a lot of bpc pairing or a lot of vpns again you're going to be using bgp you're going to be using with cloud hub now there's lots of places you would be using bgp in a cloud computing environment but today we're just going to talk about what is bgp how it works and then i will give you several examples to show you how to manipulate traffic over bgp and a cloud computing environment so let's describe bgp so bgp is again it's a path vector routing protocol but it resides on top of the tcp protocol most specifically port 179 so if you're going to run a tcp session if you're going to run a bgp session which we'll talk about in a minute called bgp pairing you must make sure that on both sides of the connection tcp port 179 is open so if you're behind a firewall please open tcp port 179 or bgp will never establish a session now bgp actually does something called the neighbor adjacency so what happens is a bgp speaker connects to another bgp speaker over tcp port 179 and then they start exchanging information each bgp person peer person that connects to each other is referred to as a peer so when you're setting up bgp you're setting up bgp peering sessions you may hear the term peering a lot like vpc pairing where do you think it all comes from it comes from the bgp world so basically you have one bgp router speaking to another bgp router and they're called peers and they must establish a peer adjacency and a neighbor relationship long before they can exchange any routing information now while we're talking about bgp there's two forms of bgp that we must talk about in a cloud computing environment you're going to be using something called ebgp or external or exterior bgp and that's a form of bgpus when you would be connecting your organization to an aws cloud for example over your direct connection or when you'd be connecting your organization also called an autonomous system to an internet service provider or multiple internet service providers again you're going to be using evgp because it's exterior internal gateway protocols or igps are used inside of your organization and they're things like ospf or eigrp and exterior gateway protocols are typically bgp and used to connect to external organizations so now that you know what bgp is let's talk about what bgp does and by it has a path algorithm it'll use to determine the best route which we'll talk about in a minute because you need to know the algorithm before you think about manipulating factors because the factors that you manipulate are based upon the algorithm and the algorithm determines the path selection so we talked a little bit about why organizations use bgp but let's talk a little bit more about bgp and what makes it so special first bgp is incredibly scalable what do i mean by scalable when you're dealing with aws they say you can have 100 routes and with bgp but when you're dealing with an internet routing table you're dealing with three quarters of a million routes plus so if an organization connects to five internet service providers they're gonna take in three quarter of a million routes from five different internet service providers and bgp is the only protocol that can scale to that and that's why bgp is used so extensively internet routing scalability same reason amazon's you're going to use it or any of the other cloud providers will use it scalability but it's not just scalability that makes bgp so great it's actually the tune ability and the and what i mean by the tunability is you can easily manipulate bgp path selection to promote traffic engineering for example if you've got two internet connections and you want to use this connection for some traffic and this connection for other traffic with bgp you can do so because you can manipulate the path of traffic and you can also manipulate the path inbound based upon your connections and you must if you're going to use bgp successfully make sure that you deal with outbound routes and inbound routes because if you don't your traffic can go over one connection and come back in another connection and when we give you some examples we'll show you how to avoid those challenges so when people use bgp to connect to the internet service provider it's for one reason they want to load share across direct connections if they didn't want a load chair they would just set a direct connect they would set a default route to one connection and they'd have a backup default route to another direct connection and everything would work perfectly but in this particular case we want a load share so now that we know what bgp is what it it why you would use it let's talk about how to tune it a little bit so let's first talk about the algorithm itself now i mentioned bgp is tunable because it's got a decision tree and the algorithm that determines how your traffic is sent so i will tell you the first component is the most specific route will always be chosen which means if you have two routes to the same destination and one route is more specific like a 192 168 0.0 24 and if you had that same route but a summary route or an aggregate route of 192.168.0.0.16 the path to the slash 24 will be taken because it's a more specific route so once we know that routers always choose the most specific route now let's look at the bgp decision tree first and foremost it's going to determine the pass with the largest weight on routers that support weight aws and cisco support weight if the weight is not set on the router the bgp decision tree is going to use the highest local preference so again you can modify local preference in order to tune the way outbound traffic would go the next part of the decision tree is the route bgp router is going to basically choose routes that are originated on the router it's not really something you have to deal with in cloud computing but what that means is if you're on a router and you advertise a route on that router the router where you advertise the route is going to be more believable than if you learned the route from somebody else of course because it's not whisper down the lane if i tell you that i own this and somebody else tells you that milk owns this which is more believable well if i tell you i own it i'm the owner it's more believable and the router the generation of the route is the same thing now this next thing is very important and it's going to choose the path with the shortest autonomous system path see what happens when you learn a route is you get to figure out the path that the route took so if you go through five internet service providers along the way you're gonna see five as paths and if you see four as paths on the other link you have that's gonna be the more preferred route all things being equal but you can tune that and you can manipulate inbound and outbound traffic with autonomous system paths via pre-pending and this is one of the few ways you can modify both sides of the traffic without owning both sides so we'll talk about how to do that in one of the examples then it's going to choose the past with the lowest origin code we don't need to talk about that and then it's going to choose the route with the lowest matter multi-exit discriminator which is basically a metric and you can tune this and obviously it's going to pick an ebgp route over an ib gp route because generally speaking ebtp routes are deemed more reliable and if you're dealing with a cisco router you're going to be dealing with a lower administrative distance but if you're dealing with routers in general they know to prefer an ebgp route over an ibgp route because it tends to be more reliable now once we get past this this is where the routing algorithm starts getting goofy first it's going to choose the route to the lowest igp the shortest path to the rgp neighbor then it's going to pick things like the lowest router id and the lowest ip address you never ever ever want to leave these things to chance the reason bgp will make a past determination is to make sure that it can determine the best path and it's got to have an election process and when all styles think like lowest router id or lowest i p address so now let's talk about some of the tunable factors in bgp that you can use to engineer your traffic first and foremost you can use the more specific route and we'll walk you through an example of that coming up soon the other thing you can do is you can manipulate your outbound traffic by changing the weight basically by manipulating the weight you can manipulate your outbound traffic now if you're on a router that doesn't support weight and many of them do but not all bgp routers support weight you can use the next best thing which is the local preference and you can manipulate your outbound traffic by manipulating the local preference now you can actually use manipulate your inbound and outbound traffic by using something called as path prepending and what does that mean if you if let's say you have two links if the link to a route is five as passed here and four ais pass here all things being equal the traffic is going to use the one with four as paths because it looks to be shorter than the routing algorithm so i mentioned you can manipulate inbound and outbound traffic with local preference so it's a really good tunability factor here's what happens when you receive a route via bgp you can manipulate the local preference by prepending or adding multiple autonomous systems there and it will make it look longer and make it a less preferred route for outbound traffic and therefore if you wanted this link for example to take the shorter path and you prepended this one to make it look less desirable your outbound traffic will take this path now bgp routing is bi-directional so you must configure it in both directions so if you wanted for example to make this route look ugly so this one's preferred then on this router you'd also have to make sure on the far end that you can make the routes advertised on this one look uglier so this one will be chosen and that way your traffic goes where it wants if you don't optimize your inbound and alpha on traffic on bgp what will happen is you'll send your data out one link and it'll come back another link and that's never a good thing because your traffic when it starts arriving via asynchronous routing you get out of order packages voice applications video applications never a good thing so you want to make sure if you're going to manipulate any traffic you manipulate outbound and inbound and as path prepending is a great way to influence inbound trafficking and is one of your only ways to do it why because while it's easy for you to blame the weight or the local preference on your router you can't tell the internet service provider to do that for you but you can or aws in many cases but you can just prepend your ass and their router is going to basically sell longer path less desirable that's how you manipulate inbound and outbound quite easily the last thing that you can do is you can manipulate the med um and you can make one one route look better than another there are other ways to do this but realistically speaking there are the things you're going to tune and most frequently you're going to use nothing other more than either a more specific route manipulate the weight local preference or prepend as paths so now what we're going to do is we're going to walk you through some traffic engineering situations so now let's talk about load sharing across redundant direct connections to aws as i mentioned previously when you connect to aws via direct connection bgp or ebgp is required for the connection and that's actually quite a good thing why because it means you can exchange routing information dynamically so you'll know from your data center how to reach your aws subnets and your bpc will know how to reach back to your on-premises environment and that way we'll have full reachability so there's a couple ways we're going to suggest manipulating traffic now the easiest means is to basically use the path of most specificity what i mean by that is routers will always choose the most specific route so if you've got a slash 24 and a slash 25 to the same destination it's going to choose the slash 24 over the slash 25 and because it's going to be a more specific route so looking in this environment let's look about some ways that we actually manipulated traffic so in this particular example and you can see in the graphic what i've done i have two links on the top link i've basically advertised as 16 and on the bottom link i've also advertised another 16 going to aws now they're different slash 16s and that way each one of these links is going to be preferable when aws wants to send the traffic back to my vpc now if i just did that on its own on the top link i'd be able to reach one set and on the bottom of the link i'd be able to reach another subnet which would be perfect until one link brings so what i also do is i send a summary route over both links and what happens with the summer route is it's a less preferred route so what will typically happen is you'll use your more specific route on the top link the more specific route on the bottom like and then you're going to have perfectly good traffic engineering in one direction now what you would do on the aws side in this particular case you can see on the top link i sent one one subnet that was more specific or i should say super net and the bottom link i sent in another subnet or summary or super net whichever you choose to call it that's going to be more specific and again i made sure that one path was desirable by being more specific on the top and more specific on the bottom for a different route now again i have to send a summary route in case one link breaks and by doing that now i've manipulated the top length to be used for certain subnets and the bottom length to be used for certain subnets and we don't have anything to worry about about out of order packets because what we've done is we've used a more specific route now the the next thing that we could do is we could just simply manipulate the weight for outbound path selection so for example on our router the one that's going to connect we could obviously just change the the weight to one set of routing routing subnets and we could do that on the top then we could change the weight for another set of routing subnets and that will change the outbound traffic based upon the different weight and of course on the aws side we're actually in control of that so we can manipulate the weight on the top and the bottom and by doing that we can make sure we can traffic engineer on both sides now the next way that you can actually do this if you wanted to make something more preferred versus not preferred or block one link or not block link is you doing something called as path prepending now i previously mentioned to you that you know at some point bgp is going to use the shortest as path meaning if one's two hops away and one's one hop away the one as path hop is going to be more preferred so you could do the same thing here on the way on your routers going to aws you can prepend certain routes on one of the links to make it less desirable and you can prepend other routes on the top link to make it less desirable and by being less desirable on both sides but still having both there automatically if one link breaks the other link is going to take over in the traffic so you can traffic engineer in that direction and you've also got the capability to fall over now you would do the same thing when manipulating your traffic to aws you could prepend your asses on the way to aws and therefore it would be done automatically from your side or on the aws router if you have control over it what you could also do is you could basically take the internal routes and prepend them when you have control over both sides of the environment it's basically a much better situation but on the easiest way to do this is from your organization since you have complete control of the routers and when you're dealing with external organizations you may have control one day but not another day so make sure that you take care of this all on your end pre-pen routes on the way in to determine which is preferred and which for one way route set of routes and another set of routes and pre-pend on the way out and that way you can influence your traffic on the service provider side too now that's really three great ways to engineer traffic more specific routes changing the weight or modifying the local preference now there's lots of ways you can tune bgp and for people like me that have spent ten thousand hours working on bgp um something we've done in all kinds of traffic engineering environments we can talk about communities in another video if you'd like to learn a lot more about bgp let me know in the comments section below and i will happily create more bgp for cloud architect videos i'd like to thank you for watching this video and i'd like to tell you about some free offerings our organization does to help the cloud architect community every monday and every thursday we have a free online webinar and we teach you how to get your first cloud architect job we teach you what hiring managers desire we teach you things to do to improve your resume we teach you ways to avoid hr to get your hands directly in that your resume directly in the hands of the hiring manager so you can be hired and then we teach you how to interview when we give you all this great information that's for free and we do it every monday and thursday most wednesdays we actually do a live stream on youtube where you can ask us any kind of cloud computing career question you want and we will answer them real time we have an aws certified solution architect associate ebook it's completely free it's everything you need to pass the aws certified solution architect associate exam and on mondays we do free aws certified solution architect associate mentoring we have a group zoom call and we have all kinds of fun doing tutoring on aws environments again it's completely free so please enjoy this thank you all so much for watching this video and i look forward to seeing you in another video next week
Info
Channel: Go Cloud Architects
Views: 7,207
Rating: undefined out of 5
Keywords: Cloud architect career, AWS Career Tips, cloud computing jobs, cloud computing career, Cloud Computing Career Guidance, Cloud Architect Career Tips, Cloud Architect, Cloud Architect Brand, networking skills training, cloud architect skills, cloud computing skills, cloud computing career skills, aws bgp, aws networking tutorial, cloud architect training, Go Cloud Architects
Id: gXca5faMp0o
Channel Id: undefined
Length: 18min 1sec (1081 seconds)
Published: Wed Mar 31 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.