GregSowell Multihomed BGP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right hello and welcome to the first video I've recorded and what feels like forever so this one's going to be basically covering multi-home BGP design and configuration it's virtually the same thing I'm doing it the mum only there's going to be more detail I'm actually physically configuring devices here I'll be configuring a single device mikrotik one and all of the examples this will kind of speed things along all the interface IP address things in place and all of that good stuff like that it's just the the routing OSPF near the internal and then bgp d external that aren't in place so I skipped all the intro stuff about me just nobody cares about that I just wanted to quickly talk about brothers wisps new project we're doing it's myself Andrew Cox Justin Wilson JJ Boyd we all get together and just kind of ramble on about different wisps based stuff it could be anything from the way you wire your towers up to kind of enclosure you use to funny things you've done in the past we do it roughly once every week maybe every two weeks jump on take a look also for this mom I'm doing shirts again this time I'm going to try and sell them hopefully I'll be able to sell some on the side as well they're super fly crazy awesome and then it allows you to do site surveys like this from now on good times nothing around let's get to the real stuff so what is bgp bgp is border gateway protocol it's basically the core routing protocol that runs the internet and come back then a second i uses path attributes instead of metrics to let select best routes so autonomous system a s path is the default metric so instead of like hop count router to router you're looking at a s path to a s path and we'll talk a little bit later about what autonomous systems are as well as a ton of system numbers there's going to be a little bit of overlap in this video i'm going to digress for a second with my other routing video so i'm going to try and kind of lightly touch on these subjects because I know I've covered them more in depth in the other videos so it's just kind of a quick recap in the thoughts that you've already watched the other one path vector logic again that's ASAS hopped AAS hop uses TCP port 179 this is kind of your default information 60-second keepalive 3 three-minute hold-down timers ibgp means you're going to somebody your bgp peering with somebody else in the same a ssue bgp external means your peering with somebody in a different a.s so going back to BGP runs the internet I bolded it italicize and underline it so it's obviously important this is kind of the most stable routing protocol it is what carries the routes for the internet you know so there's a lot of power there there is a fair bit of complexity but you can start small and build from there and we'll kind of talk about that I'm going to show you the way things kind of build up in layers obviously if I was going to put something in place I would put all these layers in virtually at once but I wanted you to kind of see how things operate in flow as you add the different layers on so again whenever you're making changes with BGP you can actually watch them ripple across the country if not the world and there's a lot of power there you know you affect things globally which to me is you know actually pretty cool and it's not a whole lot of opportunity for me to do things like that so moving on when do you use BGP and since in this we're kind of focusing on multi-home BGP it's going to be when you have public addressing assigned you from your regional provider so like here in the States we use area merican registry for internet numbers they give you IP addressing are you multi home do you have multiple connections to different ISPs or multiple connections to the same ISP and this in effect will allow you to advertise your dressing from one location and if say for example that location dies you're addressing can then be advertised via a separate location dynamically you can do this all yourself you know so if you want to dry have half of your a dressing come from Dallas and a half of it come from New York you can do that you know it gives you that about that that ability to that power so what's BGP versus internal routing so BGP is definitely in this instance what we're talking about is going to be kind of your external routing protocol and even internally it's really kind of a different animal versus your internal routing protocol so kind of an easy analogy is to think of it as your your routers of the u.s. postal system so BGP within the state of Texas is the 18-wheeler trucker that's carrying your mail so it's only looking for what city to go to right it doesn't care what street you live on it just wants to know what city to dump it at right and so if it's got to go say from Austin to Dallas one of the main a s hops it's going to take his wake up because that's right in between so it's going to go Austin Waco and then Dallas right that's all at once the nose to get to that one terminal up there and so you can think of your city as an autonomous system right it's a conglomeration of routers so you're say your mail trucks your local mail truck so the different routers they're going to carry the mail so consider them routers inside and a/s right so you can have multiple devices in there so it's just a combination of multiple routers so once you get inside the city level that's where your internal routing process takes over in our instance it's going to be OSPF so it's actually going to take it from the terminal here are the little trucks and then deliver it to you know individual houses that's how it's going to get there and in some cases if say your city small enough you could use static routing just like in a small enough network you could actually if it's a linear network you could kind of use static in some situations so this is kind of a brief overview of how things get carried oh s PF really is what's going to carry your kind of links the the the point-to-point connections that carry routed traffic between routers so to get from router to router C OSPF is going to tell you know even if you had BGP on every router in your infrastructure BGP won't tell you how to get from router a to router C within your internal infrastructure you have to have an internal routing protocol to do that so if a chunk of addressing needs to live off of router C router a will use OSPF to know how to get to router C that's not something BGP does BGP really looks at the big picture it wants to go AS hop to a s hop I mean it's really what it's made for so here's an example of multiple connections to a single ISP so here's our a s right here this is us our organization these 1 2 3 & 4 routers are NRA s and RS number is 300 na s numbers and number assigned to you by Aaron again or your local register to designate all the routers that are inside your area or your a s I should say so I here's a single ISP on the outside that we're connecting to so is p1 and is p2 these are a single a s because they're in the same a s number so we could advertise some of our dressing here some of our dressing here you know gives us redundancy you can kind of load balance a little bit or send everything out one direction and if it fails it will kick over via bgp out the other interface here's multiple ISP connections so and this is really what we're going to be focusing on here's our a s again off of router one we've got is p1 see it's got a s number 100 off of router for we've got is p2 is number 200 now granted it looks nice and clean in a diagram like this and this is probably not realistically what your router looks like or rather your network it's probably going to look something more like this so internet comes into mikrotik one this is all all nras cloud you've got wireless hops maybe dark fiber maybe least fiber in between sites right it's going to jig jag and say this could be in a completely different city you know this this as2 so you've got ISP redundancy at opposite ends of your network and you want to be able to load balanced all this good stuff share traffic have failed over and we're going to show you how to do that so in our demo configuration here we have a slash 22 of addressing so we've basically got four slash 24/24 is the smallest addressing and upstream ISP will accept so whenever you're trying to advertise addressing out if you try and advertise say a slash 25/26 your upstream provider is going to ignore that right all they want to see is a slash 24 or larger and this is in effect to help keep the route tables down you know to a manageable level right now there's already a ton of like 380,000 routes on the internet so you don't need to add too much more confusion if you can help it we have two upstream providers we have two border routers opposite end of our network we have OSPF is the internal and in the end we're only going to accept default from our ISPs and we'll talk more about that when we get that section so starting with OSPF because this is the underlying infrastructure that's going to carry everything we've got to make sure it's up and operating in the mum demonstration it's actually going to have most of the infrastructure already put into place but since this is a more in-depth look at it we're going to do that here we're going to configure in just a second we're also configuring our public addressing excuse me into the into separate OSPF areas for route aggregation is what we're looking for so aggregation means basically you take all the smaller subnets so we said we've got a slash 25 and then several slash twenty eighths what it's going to do it's going to take all of those and just represent them as the larger slash 24 and drop it in what this really does is keeps our route table smaller right this less far right or have to keep up with it's going to converge faster and that's really what we're looking for there also if there is any fluctuation within the area you know that aggregated address is slash 24 as long as any sub component of that slash 24 exists that route never changes so we'll never actually see the fluctuation in the backbone area so again that's going to help keep things nice and and clean if there say were a change since it's a separate OSPF area in the backbone area they do what's called a partial calculation so instead of a full calculation across all routers it's just a partial and those routes would just drop off so I'm more efficient there as well so oh s PF diagram there's a lot of material here because we wanted to add a layer of complexity to this so you can kind of see the way the different infrastructures can kind of run here's our backbone area everything that's in the lore so all of our main tower links are in backbone area area zero and off of these guys I just added a bridge interface with a slash 30 for the equivalent dressing so mikrotik one has one one one one in effect it's really one one one zero slash 24 mikrotik two has the twos 3 has 3 s 4 has the fours it shows you all of our interface configurations as well all those interface IP addresses as well as these loop backs loop backs are actually just bridge interfaces with no ports in the bridge and then just rename the loopback so this is going to be a floating IP address it's going to be accessible from any interface so it's a convenient way to kind of connect to the routers as well as give OSPF IDs and BGP IDs where this is hairy so all the interface addressing is already done so we're just going to do the OSPF configuration here so this little slide tells you kind of in effect what I'm going to be doing what I'm going to do is connect to my critique 1 here it is so first things first routing OSPF so we've got an extra area because this is mikrotik one and I'll switch back to the diagram briefly here's our diagram so mikrotik one has area 1 so first we have to create area 1 so we go into areas backbones there by default area 1 and we'll just give it 1 we click apply it'll go ahead and add the zeros in front of it so area 1 is created next we're going to add our network statements this actually starts the OSPF process once you add the first Network statement in and it tells which interfaces to which areas they're going to join again this is overlap from the routing video what I'm talking about that's one I'm not spending too much time on it so we want this point to point here this point to point covered so we're going to add 10 1 0 4 / 31 don't 0.4 / 13 I'm usually very specific about the subnets I use you can use large sweeping subnet numbers to cover large amounts of things but I don't generally like to do that 1000 one loop backs see if it's here 0/24 because there's only ever going to be one on this interface in that subnet and then we also want to add any of the one one one addressing into area one so we'll say anything one one note 1.0 / 24 it's always going to be an area one alright so we got that going now we're going to do an area range which is our summary route you know doing our aggregation so I want to aggregate this one one one one that / starting into a / 24 so we're going to say and you say area one because it's the area where that addressing lives when it will not one that 0/24 want to advertise out say okay so let's check our route tables real quick IP routes okay you can see the D stands for dynamic a stands for active o stands for OSPF so it's picking up routes and we've got everything coming from our network as you can see here we've got the 1 1 1 0 / 24 that's our summary route that we just created with that aggregate command as well as you can see from the other routers 2 3 & 4 their summary routes popped in here now you see in our since we have directly connected that route pops in for the slash 30 but you don't see any of the other / 30 to come from the other routers because that summary suppresses everything but the summary route that's keeping our route tables smaller so you can see all the point-to-point links all that good stuff in there as well as default route that's being ejected from the other border router but we'll get to that in just a second so we've got our initial configuration done here and we're going to move on excuse me so now we're going to crank on some of our BGP so here's a BGP peering in the interface information what we're going to do is configure our own mikrotik one here while I was going to do our configuration on mikrotik one we're going to configure his instance his peer and then we're going to throw in some Network statements and we'll talk about each in turn so the first thing we're going to do is configure our instance and I'll leave this diagram up there's a couple more pages but we'll talk about those as we get to them let's see mikrotik one OSPF we'll go ahead and get rid of that routing BGP so under the instance tab default RAS number goes here and Ras number is 300 300 and that's all we're going to do here now I'm gonna go ahead and put in a router ID and I'll use the directly connected interface IP 10 102.1 dot 0 dot 2 okay next step our peers so we click the plus peer one I'm going to give this a name that actually means something so this is going to be two is p1 it's the connection to him remote address is what IP address are we peering with in this instance we're and in most instances you're going to appear the directly connected interface so that interface right there in theory you could if you had multiple connections from this router to this router you could peer with his loopback address in that case you would have to enter the multi-hop command because by default BGP peers have a TTL of one because they don't expect you to go to one router in advance but in this instance it's just the directly connected and it was 10101 easy enough to remember 10.1 dot zero dot one next we're going to put in remote a s number and if you look right here his a s number is 100 and that should be it for this peer so we added the peer information as you can see the peer actually came up all right so when the peer comes up we should go ahead and start accepting routes from him so let's check our route table as you can see we've got a be here for BGP we can actually do a little filtering so you hit the filter button BGP is yes and filter and then you can see what our BGP routes are now with BGP and your peers usually there's kind of three options you can say give me the full internet route table and they'll send you everything they have you can say send me the full Internet and the default route you can say send me just the default route and for our instance that's what we actually requested to the ISP we said hey send me the default route only but you can see there's some extra subnets that are coming in extra routes in lri Network layer each ability information coming from them so we're going to have to filter that I tell you what I never trust anybody else never trust the up streams never trust down streams from me always put filters in place to protect that and we'll show you that later and as a third option or maybe a fourth or fifth I don't know how many I've already named off but you can tell them partial routes so sometimes they'll send you just a portion of the internet roundtable to kind of keep your tables a little bit smaller but in our case we're just going with default so you could see if we jump here we're advertising everything out because we had these Network statements in here that we weren't supposed to have yet so we dropped those okay good there we go had some legacy stuff still in there so as you can see from the advertisement section we have nothing in here because there's nothing currently in our BGP table before before this router were ever to ever advertise anything out he has to have information in his existing BGP table his BGP table is separate table from his route table his route table is something that's built-in it's ready to start routing packets via the engine the OSPF 2 or rather the BGP table is a table of routes that are learned via BGP or injected from some source and are eligible to be put into the route table but won't necessarily be put in there say there's a static route that equally matches the BGP route the static routes going to have a better distance setting so it's going to be taken instead of so external is going to have administrative distance of 20 whereas a static route will have one so the static routes better so even though that BGP route that's in the BGP table was eligible it's not in the route table so having said that we have a clean install and we've injected no routes in our BGP table yet so we're not sending anything because nothing's eligible so how do we do that we add Network statements so going back over the router to network section hit the plus and we're going to say one dot one dot one dot zero slash 24 and we're going to say synchronize okay we're going to do this a couple more times to to a 2.0 4/24 synchronize that guy we'll do our threes synchronize 4.4 4.0 /t four synchronize okay jump back over to our advertisement section and now as you should see our advertisements going out to that guy so why did I say synchronize what is synchronized me and I believe it's in the other route video but I'll go ahead and talk about it synchronized basically means I only send this route if it is exactly like this in the route table it has to exist in the route table already so I have to know about 1 1 1 0 slash 24 or 2 2 2 0 slash 24 etc etc before I'll ever have that eligible to be advertised out and that really is kind of the core of how we are so dynamic and so full tolerant in this configuration so if this guy's routes don't exist in my route table here I'll never tell this is P that I have them right why would we want to do that say this link right here gets severed this link is no more so we don't have a way to actually route packets over to this subnet anymore would we want to advertise out this is P that we have that routing if we did in this connection was broken that those routes would head in this way and then would black hole and die right my default route would send a bagging he would send it back no just ping pong and never actually reach there so if the routes don't exist in here I don't want to tell my upstream that I have them because I don't want that traffic trying to come in this direction which is why we have the synchronize option in there all right so let's let's move on he's on down the road here so when we're talking about configuring instance we edited the instance we added our a s number and again a s numbers assigned you by say errand for multihoming in our case we'll probably need a public a s number from Aaron to connect to multiple different providers sometimes if you're connecting to a single provider either with one connection or multiple connections they'll assigned you a private es number which is something like 65,000 above I can't remember exactly what the range is but that is only locally significant to that a s whenever it gets ready to traverse the internet whenever it gets ready to advertise your addressing out it actually strips your private and puts on their public a s number so if you want to connect to multiple people you have to have your own public that way it can be sourced from multiple locations set the router ID it'll be Auto config if you don't and I like to just make sure everything specific set your peer we did that and your network statements set your Network statements as well which we did with the synchronization command and we already talked about it so inbound bgp routes full vs. default and again in our specifications we said we just wanted the default route so when would you want full versus default this is kind of an important question for you and something you have to decide right now the full internet route table again is around 380,000 routes but you really need that the full internet route table is really useful if you have a lot of outbound traffic so instead of having a lot of routes that rather a lot of traffic that comes in you've got a lot of traffic goes out or say you have both you have a lot of outgoing traffic if those full internet route tables are there and in place and ready to go then you'll be able to easily kind of load balance and find which device is the the best the shortest distance is wise to the destination right so it'll maybe get there a little bit quicker also since you have a better look at the internet sometimes things load balance a little bit easier that way too it allows you to also manipulate kind of that outbound traffic kind of a purse m-net basis right so it's good for that instance most ISPs where they're just residential ISPs your outbound is 10 percent of what your handout is so say you are downloading right now your ISPs downloading 60 Meg's traffic your upload is generally going to be six Meg's if you're downloading at 100 Meg's your uploads generally going to be at 10 so it's only 10% of what you normally see so most of these links when you're talking about BGP are big symmetric links so if you're buying 100 Meg's down you're also getting how to Meg's up so say you have to 100 mega links you're doing 100 50 Meg's down aggregate you're only doing 15 Meg's up right so at that point either ISP can easily support that load it's not quite as big a problem anymore also if you have say some downstream customers that are multihomed as well you're one of their providers and they're appearing with you via BGP as well as they're getting connectivity from another provider and they want the full on our route table the only ready to hand it to them is if you have it yourself so at that point you're going to have to support the full Internet round table if you want them to have it as well but for us just taking default that means our peers going to come up really fast all of our work routes are going to be learned extremely quick because we're only pulling one route in so that's going to keep our tables smaller we're not going to consume as much memory we're not going to consume as much CPU resources whatever those peers come up everything's just going to move a lot quicker and it's going to keep everything a lot simpler in your network so moving on the BGP routes we've learned again you saw that on the router it had two routes even though we only asked for the default they are accidentally sending us an additional route I just throw in to some random number droughts in there it will pop up just for example so we're going to clean that up in a minute also redistribute default so this is something important you know because since we're only pulling in default we got to get that throughout the rest of our network so that people know how to exit our network and we're going to do this via OSPF we're going to carry that default via OSPF in our border router we're going to jump into the SPF instance and redistribute that as a type 1 if it exists and let's do that now so we're going to jump into this guy we're routing OSPF and bump over here the instance and if you look right here redistribute default route we're going to say if installed as type 1 so if we choose the always option that means it'll always spit that default route out what happens if our upstream ISP dies well then people will still try and route out and they'll get black hole which we don't want if installed means if that default route exists in my routing table then go ahead and redistribute it so when BGP teaches us that default route it's in our route table OSPF we'll pick that up and shoot it into the rest of our network BGP fails for any reason the peer goes down the neighboring router gets severed you know the link dies anything like that that default route dies and we no longer tell anybody else that we have default as type 1 type 1 or type 2 external type 2 is the default and what it does is it whenever your route gets injected it gets a default metric associated with it and that's the default metric that carries with that route all the way through the infrastructure as type 1 says take that metric when it's inserted as well as add in the cost to reach that advertising router so you get a better idea of how far that guy away how far away that guy actually is so you'll generally choose whichever border router injecting default is closest to you so if installed as type 1 there you go now let's switch back and see what else traffic flow outbound so traffic is currently split as you saw all there were I think on the next one shows our diagram right here yeah you've got two routers here and we're just going to kind of logically split it so 1 & 2 will go out this direction right & 3 & 4 will split and go out this direction that's how we want to set up if there's a failure in either ISP the default route well the default route from BGP will get dropped it's being injected and so say this link right here dies then the default route that's being learned here and advertised in what we get picked up and they'll use this but in normal operation these two will go this way you still go this way that's in essence what we want it to do so let's see we want to verify OS PS default so we want to jump in these routers and see it actually working so let's go to IP routes and let's clear that filter out all right so as you can see here's our default route that's coming in let's jump over here on mikrotik to let's look at his IP routes let's jump back to one really quick let's go routing BGP here refresh that guy real fast all right so as you saw what I did right there is I shut the BGP peer down and brought them back up what happens is in mikrotik whenever you make an adjustment on the instance say for that that default route injection if bgp was already up right our BGP peers up and then we make an instance change those don't actually get picked up until we bring the BGP peer down and back up it's something about whenever you make a fundamental change the instance itself it doesn't automatically get picked up you have to flash that BGP peer before he gets picked up so if you're testing this in the lab and you see that happen don't freak out it's just kind of the way mikrotik works so once you get the OSPF again you're going to put all these OSPF things in place first and you're going to work on your BGP we're just doing in this order so that you can kind of see how all the layers build on each other so this won't be a problem for you but if you jump into mikrotik too you can see that default route right so at this point I'm gonna go ahead and put in put in a filter just for default just so we can see that excuse me on the second mikrotik so let me see if I got a diagram here we go here's a diagram I'll use this diagram so mikrotik - if he's functioning properly he's getting the normal default route it'll always go out ether one right mikrotik one ether one to head in the right direction ether three if everything's normal ether one carries them up mikrotik for ether one if for any reason there's a failure in here you'll see this guy go through ether two if there's a failure anywhere in the chain this guy will go ether two as well so if you ever seen anybody heading out ether two that means he's in his backup route for example so we're going to verify what happens when we inject some failures in here so let's open up three IP where are you at routes destination is so you know let's filter it all right and then four I'll just leave this guy normal IP routes and you can see his default there so this guy's heading out his ether one default like he should - ISP - and he's picking that up via BGP cuz you see the be there this guy is picking up via OSPF he's going out either one which is normal because he's mikrotik three mikrotik two's going out ether one he's picking that via OSPF so let's go to our peer here we go ahead and kill that start round list here's our BGP so let's kill that peer and then come back over here and you saw how fast that OSPF route actually picked up for either two so now all the way over here on one we're picking up our default route to head backwards down to ether two right there so this guy's heading this way and so if he's picked up that and then you can look at two and his default routes going to either two so now everything's now this is failed it's down that default route disappeared he's no longer advertising that he owns it so this guy is heading this way so all traffic is flowing this way right and subsequently since our peer failed we're not going to have those routes being sent out anymore right the one two three and four routes don't exist anymore so traffic won't try and come in that way so everything's leaving this way and everything's coming back in this way right so it's working the way it's supposed to if we go back to one the BGP bring that peer back up head of the route tables you see the OSPF being depreciated BGP coming back and on ether two or rather mikrotik two you can see either one pick back up and it's heading back out so all no no traffic is heading the right direction now everything is proper so route flow and filtering so currently we're not doing any filtering no manipulation all and outgoing Orion going for that matter which means whichever ISP happens to be the shortest ai's path to reach these subnets will carry the traffic which means we're both advertising the exact same distance out to our ISPs whichever one happens to be the closest is the one it's going to come in so right now we have no control or rather no controls in place on where the traffic is going to return to us so we need to fix that we want is subnets 1 & 2 to be homes as their main out of my isp one with failover option to converse ly 3 & 4 need to be home doubt of ISP to and failover to one so we're also going to show that we're only advertising out our publics and that we're only accepting default routes from our ISP so we're going to put a filter in place to protect that as well so this is what it's going to look like one in two heading out this way normal 3 & 4 we're going to prepend over here 1 & 2 heading out this way prepended 3 & 4 heading out this way normally so what is prepending prepending is what we're going to use to manipulate the flow of traffic so in a traffic pattern say I say our route in the BGP tables it'll have your a s hops you know for the the a s path attribute so it'll say how many asses you've gone through so maybe it goes through a s 1 & 2 & 3 then 4 right so if I am a s 1 and I want to make this route not look usable anymore so in our example 300 I don't want people to come in this way via 3 or 4 I want that route to exist down the internet but I want it to look so far away that it'll never get used so what we do is we prepend by prepending we take our a s number 300 and we add it several times in our case we're going to add it three times for this example you can add it 10 times say if you want so it'll look three extra hops away or if you prepend 10 times it will look 10 extra hops away so technically it exists and it's usable but it's just so far away that's not feasible to use it right so 3 & 4 will be advertised out of here with just a single a US hop so the traffic will always want to come in here so say for some reason this peer disconnects right it drops 3 & 4 still looks 10 ops away but the one that's one hop away 1 AS hop away I should say no longer exists so is better than none at all so traffic will start to flow in here as soon as this guy comes back on he's a shorter a as distance traffic will then switch back over and now we use filters to manipulate this traffic so let's go in here and add these filters so I'm going to start by going to routing and filters and we'll start with our inbound well what we'll do the inbound one that'll be easy so we'll say is p1 in for inbound and what would do we want from them all we want is defaults of 0 0 0 / 0 and if we don't specify a prefix link that means match exactly and we'll say action accept ok easy peasy so we'll hit the + again chain now we should have the drop down for is p1 in and we're going to say prefix again 0 0 / 0 all right but we're going to say prefix length 0 to 32 0 to 32 right so what that basically means is match this route which is anything but the prefix link can be anything between 0 and 32 which means match everything absolutely every address so we're going to say actions and discard there you are so what do we have here on our inbound we say take the default route exactly because we didn't specify anything here so that means this exact route except that and then anything else any absolute any other addressing discard it so inbound only default and then we want to apply that come to the pier here and we say in filter is p1 say okay let's check our routes see that picked up IP routes and we'll do the little filter for BGP so you can say is yes filter and now all we have is the default route so that's 6 6 6 0 route that the ISP was sending us before is now gone so we've accomplished that all we're getting is default so now we want to limit what goes out as well as manipulate what is going out so we're going to say IP rather routing filters let's go back there and we're going to say is p1 out is we're going to name this is p1 out prefix so we want 1 1 dot one dot 0 / 24 and we're matching that exact prefix and again this is is p1 so we're going to set that out and then we're going to say ISP out again prefix 2.0 2.0 / 24 except that out easy enough now same thing again is p1 out and we're going to say 3.3 dot 3.0 / 24 now this is one of the ones that we want to do prepending on right it's the one of the ones that we so right here in our example 1 1 and rather 1 1 1 2 2 2 going out normal just accept now we're going to say 3 3 3 0 / 24 and fors prepend that and we're just going to prepend three times so allow those out but prepend them so we're going to go to bgp action it's just this easy set bgp prepend this is the number of times you want to prepend not the a.s number you want prepended so just the number of times and you say ok matchers I'm going to say is p1 out prefix 4.4.4 dot 0/24 match exactly bgp prepend three actions accept okay let make sure I put action except on this guy as well now those are all we want to go out and then we want to drop everything else so we've got all the stuff that we want to go out so I spew out prefix slash 0 and then again prefix link 0 to 32 actions discard so we don't send anything else out 1 & 2 normal 3 & 4 prepended 3 times and then at the very end drop everything else so now that we've done that we can go into our peer if you look just a little bit lower you've got your outgoing filter to that peer and you're going to say is p1 out and okay oh goodness so we've now filtered and prepended how do we know that that actually is valid in working what we're going to do is I have a lookingglass server here now if you're like bgp advertisements yeah we talked about that verifying all right so here's our diagram showing our I just have a Cisco router in here because they're really good about showing you the route table he's connected to both these ISP so we should be able to look at what they're sending is pretty easily I'm going to restart this session give you a little hint password at Cisco and show IP BGP should render the BGP tables so remember for us is p1 in our looking glass is actually a s he's 400 it's irrelevant at this point but you can see coming from 100 that's our ISP 1 you can see the 1 1 1 1 0 so that's some that we're just sending out remember we didn't want to pre pin so here's is p1 if you jump back that's Ras number one hop right again for the two addressing coming from is p1 one hop 3 addressing coming from is p1 see into the 100 1 2 3 so it's got our own a s number on there three times that's the prepending in place here's the 4 again you can see the pre pending in place now the opposite street as well if you look at the one routes coming from a mikrotik 4 here remember the 1 & 2 or prepend & 3 & 4 are not so if you look the one addressing coming from is p2 prepended prepended and then 3 & 4 coming with - tree not and not right so everything's working our internal route flow still the same it's our external route flow that now is manipulated so at this point these routes are prepended the 3 & 4 s so that all that traffic is going to choose to come in this direction right as well as our 1 & 2 or prepended over here so traffic will choose to come over here all the addressing technically exists from both but they look so far away the prepended traffic that is never going to get used in case of emergency that's the only time it's actually going to get used so we did verify our good stuff there so let's let's look at what happens when we kill some of our addressing actually see things flow around and move so let's go to mikrotik one and let's kill that BGP peer right so when we kill that BGP peer if we go to mikrotik two like at his rally table you can see that his routes pick up and he's heading out the door the other direction so all that stuff should be moving as it you know as it properly should be those routes are going to be advertised out so if we jump in our route table or route server I should say our lookingglass everything's only source from ISP 2 right because we killed the peer when you come back over here to mikrotik 1 bring him back up let's see how long it takes pretty quick and our lookingglass server has the routes back up and all of our internal routing is going to pick back up and go the right direction now what happens say if we kill this link right here right the one subnet exists here so he should continue to advertise out if we drop this two three and four aren't going to exist in this table because that link doesn't exist anymore so two three and four should be advertised out here right but they should not be advertised out here only the one addressing should be advertised here so let's try that let's go to mikrotik one interface interface two is the one that adds back in we should be able to kill that IP routes and it's unfilter so the one addressing is the only thing we have in so that should be the only thing we're advertising out and you jump in our looking glass server and one addressing comes from is p12 addressing comes from two so even though that's prepended the two addressing it still only exists from two so it's a valuable route we're going to use it so even though we have this failure here everything's routing the way it should be whenever we return this all of our traffic will return back to normal as well so go back to interface we'll bring that guy back up so everything should be let's see IP routes give it a second that pier has that actually the low SPF Jason C has to come up but when we see the OSPF routes pop in so now he's BGP going to start advertising all that addressing back out again come back to our route server IP BGP and all of our routes are in and back to normal so you see everything converges pretty quickly again it's not going to converge across the United States entirely this fast but it's actually going to be pretty quick and you can see the failover in action so it actually it does work so one more thing on this set of slides that we're going to talk about we've already verified that is reaching disconnected subnets so what happens if we have a failure here right right in between so two one and two addressing still exists here so three and four those routes never exist in here so they don't get advertised out over here one and two don't exist in this route table so they don't get advertised out so it ends up looking like this it's just the one and two go in this direction three and four go in this direction now say our NOC hangs off of mikrotik three here right and we still want to be able to try and connect into mikrotik two or one to troubleshoot you know reach services over there anything like that how do we get over there well technically we have default route that exists in here so even though we're not connected to public IP one or two our default route will grab it carry it out and it will come back in and reach it now this guy on the return trip doesn't technically have the connection here it doesn't have the route for 3 & 4 so that stuff will then take default back out hit the internet come back around and then connectivity is established obviously we have to go out to the internet kind of loop back around but everything's still established it still works our connectivity still functions right and that's the ultimate goal that's what we're looking for so as we demonstrated you get internal failover for traffic heading out you get external failover for traffic heading in and we're also able to load balanced how our traffic is going to come in which I we got to virtually choose which is Pio is going to come in and that in a nutshell really is the the power of the BGP in this configuration

Info

Channel: TheBrothers WISP

Views: 25,674

Rating: undefined out of 5

Keywords: GregSowell, Multihomed, BGP

Id: eFDIiJE_ZLk

Channel Id: undefined

Length: 53min 7sec (3187 seconds)

Published: Sun Sep 30 2012