BGP NEXT HOP - BGP In Depth 7

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello guys this is Joe Neverland I'm back with another bgp in-depth video in this one I'm going to be talking about the BGP next-hop attribute now what is next hop and why should you care well it's a well known mandatory attribute well known means that all BGP speakers must know it a mandatory means that it must be included in BGP updates so that's when one BGP speaker sends an update listing all of the prefixes that it knows about it must include the next hop information the information itself is a router IP address that is used as the next hop to destinations that are listed in the update message sounds simple enough but there's a number of nuances to the way that next hop is applied which complicates this and I'll be going into in this video in the interest of time we won't be going into all the different permutations but the general rule to remember is ebgp peers alter the next top four prefixes to themselves when they're sending an update ibgp peers do not change the next hop when they send an update here's one network we're going to be using for vs ours if you've seen any of my other videos then you'll be well aware that I'm running the whole thing on my laptop what we have is two vs ARS running in the same a s running ibgp between them and I've got OSPF as the IGP then we have e BGP sessions out from v SL 101 out to two zero one and then another ebgp session out to 3 0 1 so 2 0 1 & 3 0 1 are in different a SS and I'm going to focus on how this prefix 192 168 99 / 24 how the next hop of that changes as it is advertised through the network from vs R 3 0 1 2 2 0 1 2 1 0 1 and finally 2 1 0 2 firstly let's have a look at vs r 3 0 once configuration there you can see I've got the address family ipv4 unicast and I've got the network statement and there is a Pierce statement over to VSR 2:01 looking at the BGP table there you can see our injective prefix and you can see that the next hop is 192 168 99 - 5 4 and that is the interface on this device so it's using itself as a next hop that's because it's injecting the network now let's look at that prefix on the neighboring device for your SAR 2:01 here's the network and you can see that it is valid it is best it is an e bgp update so we've got an e next to it for external and the next hop has changed so it's changed to 3000 - if you look over on the diagram 3000 - is the vs are 3 0 1 so the next hop has changed from a local IP address on 3 0 1 it's changed to an IP address on VSR 3 0 1 as it was advertised - 2 0 1 so let's carry on along the chain and have a look at V SL 1 0 1 and 1 0 2 here we have vsr-10 1 at the top and vsr-10 2 at the bottom let's have a look at VL 1 0 1 speed EP routing table there's our prefix and the next hop has changed just like with the exchange between the v sr 3 0 1 2 vs r 2 0 1 we can see that next hop has altered so that's the advertising vs our IP address so 2500 - look at the diagram over on the right there you can see 2500 2 is an IP address on vs r 2 0 1 okay so that's ebgp and that's meeting the expected behavior finally we look at vsr-10 2 and we see our prefix but there's something strange here we can see that there's a 9 X 2 it is ibgp but there's no valid and there's no best against it if you can see there that it's blank actually if you look at the routing table you can see the extent of the problem here there's not actually a route in the routing table for this prefix the reason is that you can have a prefix in your BGP table but unless it's valid and best it won't get passed to your routing table so essentially we have no route to this destination now why is that well if you think back to what I said about ebgp versus ibgp with the next hop ibgp in general does not change the next hop attribute when it advertised on cording to those rules vsr-10 one as advertised this prefix to one zero two with the same next hop if you look here at the top you've got 2500 - so remember that's VSR - zero ones IP address and we've got the same next hop on one zero two that's in accordance with the rules but it's causing a problem and why is that well the reason is because we do not have a route on via cell one zero two to the next hop and for a route to be valid in the table to get this Asterix to make it a valid route we need to have a root in our routing table to the next hop so let's just prove that there we've got no route to the next help now obviously if you think about one zero one it's got a root two to the next hop now we've got a direct connection that's because it has an IP address configured in the same subnet so it's directly connected to this prefix thus it knows that this interface is the route that it must take to get to that subnet but vsr-10 2 doesn't have that it doesn't have a directly connected interface and it doesn't have any kind of route via its IGP about how to get to this route how can we solve that then how can an internal router learn about external next hops well there's two approaches to solving this one of them is the BGP peer command next top local we can figure that on our device that's on the edge of the a s and that will rewrite the next hops to point to itself the other approach is to leak the external into your IGP that means that your internal device will learn about the external subnets and thus the next hops via the IGP in my case it will be learnt via OSPF i'll demonstrate both of those now firstly I'll configure the BGP P next top local command so that will be on the VSO one zero one it's a capir command that will point to vs r two zero one and it will essentially rewrite that next hop so rather than it pointed to this 2500 to the bgp update will be sent with an update which is local to vsr-10 one thus one zero two will know how to get to it making the route valid there we are that's the next hop local command let's check on vsr-10 too and you can see the difference there so previously we had the NIC sort of 2500 to which we didn't know about so no star because we didn't have a route to next hop so it wasn't valid now as you can see here the next hop has been changed and it's been changed to one dot one dot one dot one now that's the route ID of vsr-10 one vsr-10 to knows how to get to that address that's in our routing table already thus making this prefix valid we'll just prove that if I inject the local network into bgp then VSR 3:01 will get a route back to us so we'll be able to ping the 192 168 99 to five for address and there we are so let's take that command off and show you the other approach which is to leak the external subnets into the IGP I've taken off that peer next top local the prefix has gone back to an invalid state try to do the ping again and it fails so for the second approach it's the same principle the reason why the prefix is not valid is because vsr-10 2 doesn't know how to get to the next hop that's being advertised by one zero one so we simply dump that prefix into the IGP so it does have a route to it as mentioned I'm running SPF as the ITP so what I'll do is I will turn on OS PF on the external interface between 1 0 1 and 2 0 1 here's the interface I've dumped it into area 0 as you can see the second approach solves a problem in a different way rather than manipulating the next hop in bgp we're just giving the internal router of route to the next top so as you can see there I've done the display I pee route 2500 - and we do have a route to it via OSPF let's check the BGP routing table or on 1:02 there you can see now the next hop is the same we're still pointing out 2 vs r to 0 once IP address but we do have a route to it and that allows the route to be valid a BGP is passing a route to the routing table and we can successfully ping there we are so that's two different approaches to solving the same problem and the obvious question is which one is best well the answer like usual is it depends but in general it is better to have in your network a clear divide between the internal network and any external network injecting or leaking the external link into your IGP means that any flaps any activity on that link on that subnet will affect your internal network so if you're running OSPF and the link is bouncing rapidly that means that you're going to have recalculations you're going to be having lsas flooded into your network and the whole point being that that's essentially beyond your control that's an external link which is not internal to your domain therefore in general the next hop local approach is preferred i should add a disclaimer here though that's just a general observation your network may be different and so should be evaluated as such ok so that's it for BGP next hop I hope you found that useful and it went some way to explaining some of the nuances around the next hop attribute please do like comment and subscribe lots more BGP and IP routing videos coming up but that's all for now thanks for watching my name's Joe Neville and goodbye
Info
Channel: Airheads Broadcasting
Views: 11,080
Rating: undefined out of 5
Keywords: ip, networking, tutorial, bgp, technology, IT, bgp next hop, hp, hpe, aruba, bgp attributes, ebgp, ibgp, data center, spine and leaf, attribute, bgp attribute, bgp next hop attribute, next hop self
Id: Ok90zoinKgc
Channel Id: undefined
Length: 12min 6sec (726 seconds)
Published: Fri Sep 30 2016
Related Videos
Using Nexthopself - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012
Sikandar Shaik
55K
Cisco ASA Firewall Fundamentals in 1.5 hours
Knowledge Power
21K
31 MPLS Layer 3 VPN Overview
Boneless Man
2.9K
BGP Next hop self
Network Beats
4.9K
904 BGP filtering using Route maps
Sikandar Shaik
4.3K
High Availability on Vultr with BGP and FRRouting
Christian McDonald
721
Huawei Advanced IP Technologies - MPLS VPN Basics
Huawei Documentation Insights
3.1K
BGP Path Attribute
Jayachandran
89K
BGP Split Horizon Rule - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012
Sikandar Shaik
78K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.