INE Live Webinar: Introduction to BGP Path Attributes

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right welcome everybody and uh thanks for joining me in our webinar today where as the title shows we're gonna be talking about BGP path attributes so let's just jump right into it here if you've never seen me before seeing my videos or my webinars here's some information for me you can see I've got my email address my twitter handle and LinkedIn account so after this webinar is done if you have any subsequent questions or you know you just need any other help and your pursuits of certifications I'm here for you so feel free to reach out for me okay so there are just some prerequisites to make sure that you understand the concepts I'm going to talk about today clearly bgp is probably one of the most complex routing protocols and you know we're not gonna cover all the gory details of how it works and quite frankly even with roughly between 60 and 90 minutes even that's pretty tight just to talk about path attributes by themselves so we're gonna cram as many path attributes as we can into this discussion and I'm gonna demonstrate all of them for you as well so you can see how they work but in order to understand this stuff number one you do need to have an understanding of basic IP packet routing concepts if the whole concept of routing is foreign to you probably should watch the recording of this after you watch some basic routing videos first also a basic understanding of the bgp peering process and what i mean by that is I'm gonna start with a topology and Brittany has already a few times include the link to that topology in the chat window for you so you can follow along as I'm doing my demonstrations and in my topology the basics of BGP has already setup the routers have already got BGP running they're already paired with each other I've got my ebgp and my I BGP peer is already good to go because our focus and concentration is not on that so we're not going to cover the peering process so hopefully you already understand the basics of how we get two routers to talk to each other via BGP in the first place and then lastly I would hope that you'd have a high level knowledge of the differences between I bgp and ebgp you know for example if if I'm a router in your router my famous phrase right there okay and and let's say that we are a BGP peers you're in one autonomous system I'm in a completely different autonomous system if I send you a BGP update with a bunch of routes in it well because you received that from an external peer you can turn around and send that update to all the other peers you have however if you and I are I meet GP peer so if we're both in the same autonomous system and now I send you an update well there's a different rule set that gets invoked there so now once you've received that update from me because it's an AI BGP update you can send it to any external peers you've got but you cannot turn around and send it to any other internal Pierce you have so that's just like one example of some of the high-level differences between ibgp and ebgp which I hope you will know going into this alright so let's just go right into here so let's start out with this high-level question of what is a path attribute you know it's a fundamental component of BGP and it's a component within the BGP update message so you know all routing protocols have different messages different types of packets they use to accomplish different objectives in the case of BGP if I want to send you some new prefixes or I want to send you some prefixes that have gone away I want to say hey these prefixes I previously told you about they're gone can't get there anymore I use a packet called a BGP update message for that and the way the beach if the update packet is constructed is that at the very bottom of the update packet is where you actually have what we call the prefix you might call that the route but technically we call that the BGP prefix you know 10 10 10 0/24 the prefix and the length and then above that we have all these descriptive attributes of that prefix which we call path attributes so path attributes basically describe the properties or attributes of one or more prefixes and path attributes can be used for a variety of things for example some path attributes are used in the best path selection process what that means is if I'm a BGP speaker and I have to pee years and they both advertise to me the exact same prefix the exact same route I need to figure out which one is best that's the one I'm gonna put in my own routing table and that's the one I'm gonna forward on downstream to other peers that I have well some of these path attributes help me to select which of those two prefixes is the best one to install on my table and to advertise on other beats B path attributes are used for loop prevention you know is this a route that already went through my autonomous system left and then circle back around is coming back in again well there's path attributes that can be used to determine that some path attributes are used primarily for prefix classification and for further processing for example if you know a little bit about routing you know if you study anything with like ERP or OSPF you probably learned this concept of route tags or route tag it's just an artificial number you can stick it in a routing update you can make it whatever you want the route tag it means 7888 whatever and then another router downstream can match on that tag now once heating matches on that tag it's just choice what he wants to do with it a router downstream might say oh well if I see any route with a tag of eight eight eight eight I'm gonna filter that with a distribute well maybe if I see your route with eight and eight I'm gonna modify it or change it in some way so a route tag is just a classification tool it doesn't really do anything to the route it's not used to figure out which route is the best it's just used to lock on to a particular route and say oh there it is that's what I'm looking for and now you can do something well the same thing exists in BGP for example there's these BGP communities called BGP path attributes called communities and communities are just that they are a number you can stick in a BGP update that can be used for classification purposes and some BGP attributes are or path attributes are really just sort of purely informative you can't really do anything with them they're just there for you as the network administrator to say oh okay now that I see that particular variable that path add to be in the route that tells me something about the route for example there's one called the atomic aggregate path attribute that you can't really filter an eye you can't really do anything with it but when you see the atomic aggregated path attribute within an update within a prefix that tells you oh this particular route is a summarized route and I don't know the specifics some of the specifics of the route have been lost so the specifics of the like the subnets that I'm not seeing that were summarized those have been lost to me and that's what that atomic aggregate is telling me so it's not really something I used for filtering or best pass selection it's just informative and then a lot of these attributes can be used for multiple things they're not just one or the other some of these attributes can be used for two or even three of these purposes here okay so the next thing you need to know is that path attributes in general fall into one of four different categories now before I show you the categories you might be thinking well okay why do I care why do I care what the category is well there's a couple of big reasons why you'd want to know this let's say that you're googling a particular path attribute you know you read in some book or some paper somewhere about some path after view you've never heard of you google it and it tells you that it's one of these four categories that I'm about to show you well knowing the category will answer questions like okay number one is this a path attribute that that might be just proprietary to this particular vendor maybe it's something that they're routers and switches doing BGP understand but other devices don't well one of these four categories would help you to answer that question another question would be okay is this a path attribute that if I'm going to use it is only meant to stay within an autonomous system it's it's a meant to influence bgp peers within autonomous system but it can't be sent to another autonomous system some of these categories will answer that question too so let's just look right at these so number one we have the well-known mandatory path attributes so well-known means these path attributes any device that's capable of speaking BGP anything no matter who made it has to understand this path attribute there's an RFC for it it's clearly defined it is just part of the basic BGP code and mandatory meaning that when a router sends a BGP update it has to include these well-known mandatory path attributes there's only three of them and we'll look at those it's the next hop the AAS path and the origin code we'll look at all three of those but those have to be and every B should be updated every BGP speaker no matter who made it will understand what those things are then we have well-known discretionary once again well-known meaning hey every router every device out there that speaks BGP will understand this but it's discretionary as you as a network administrator it's up to you whether or not you want to use this thing you might not have any use for it then we have the optional path attributes now optional right there says okay no guarantees that every vendors equipment is going to understand this path attribute so there's some path attributes to fall in the optional category that yeah pretty much every device knows what it is you know it's been out there long enough there's pretty ubiquitous every device knows but then there's other path attributes that may be only Cisco devices or maybe only juniper devices can actually understand because it's proprietary to them so optional means that it meant or may not be understood transitive means that this is a path attribute it is allowed to go from one autonomous system to another okay so it can it can go multiple autonomous systems deep now also another characteristic of an optional path attribute you have to ask yourself is okay if I'm a b2b router and I receive a b2b update that's got one or more prefixes in it and I see one these optional attributes in there but I don't know what it is so I'm looking at this b2b updating hmm right here these bytes is normally where a path attribute would be but the numbers in there I have no idea what that's telling me okay so this is an example of you received an optional path attribute and you have no idea what it is so then here's the next question okay if that happens one of two things can occur okay it's the number one the question is are you allowed to even look at the rest of that update if I in a beach you could be updating there's a path attribute in there I don't know what it is should I just discard that whole update and say okay the rest of it the 99% I do understand forget about it because this is one little piece in here I don't or you know can I use it and just ignore that little slice the second question is okay if something comes in that don't understand let's say I decide well I'm gonna go ahead and use this update anyway even though I don't understand this piece the next question is okay now when I turn around and I send that prefix to somebody else should I still include that path attribute in there that I don't understand thinking that well maybe somebody else will even though I don't or she'll just forward the update to them and strip that little piece out because if I didn't understand it probably nobody else will either so in the case of an optional transitive attribute if you receive a BGP update and you don't understand that particular field the rules say hey hey look you can still use that update you can still use that prefix put in your beach to table just pretend like that field wasn't even there pretend like you didn't even see it and you can forward it on to another peer just you know leave that part out basically and then there is the optional non-transitive so once again optional meaning there may or may not be an RFC for this that might be proprietary and non-transitive means okay when you get it from a peer it cannot leave your autonomous system okay it has to stay within your autonomous system you can't send it to another external peer okay so as I mentioned these path attributes that we're going to get into can serve a variety of purposes the main thing that people use path attributes for is the best path selection process once again meaning I've received two or three or four updates all containing the exact same route you know the 70 70 70 route now I need to figure out which one is best and so most the time we think of path attributes in that context answering that question which prefix is best all right so now I'm going to show you the best path selection process at the moment if you don't have any familiarity with path attributes a lot of stuff is probably not gonna make a lot of sense to you but we'll come back to this as we look at this so the order is this number one the next hop of the BGP route has to be reachable if I send you a b2b update okay let's say I am 1 1 1 1 so you know me you know how to get to me because we're peers but if I send you a b2b updating I say hey here's the prefix of the 19 etwork and the next hop is 125 dot 777 so not me even though I'm sending it to you I'm giving you a different next hop if you don't know how to get to that next hop that I'm advertising it's done all bets are off you you will put that update in your BGP table but you cannot install it your routing table you can't pass it on anybody else because the next hop is in accessible so you need to be able to get to that next hop now let's assume that's not a problem the next hop you know where it is you know how to get there we're good ok now we start looking at some of these path attributes so the first one we're going to look at is weight now this one's a little bit weird because weight is a Cisco proprietary thing okay so this would fall in the optional category of path attributes and what makes it weird is that it's not actually in the beats you can update anywhere if you're familiar with routing protocols and routing on cisco routers you've probably heard of something called administrative distance right so cisco routers and and other non cisco stuff has a similar concept which is that a router could learn about ralph via lots of different ways right connected static OSPF and administrative distance is a value that sort of ranks and sorts all the ways you could learn over route right to lower the administrative distance of a particular routing method the more preferred it is but administering distance it's just something that's local to your own router I can't take my administrative distance value and push it to you there's no message type that I can use to tell you what my administrative distance value is it's locally significant only to me that's like wait wait even though we call it a path attribute and it sort of falls into this process here it's like administrative distance it's locally significant it's only used on a router that's locally programmed to use it it cannot be transported between routers but this is at the top of the food chain the very first thing that's considered is weight and if I have if I have two neighbors that send me the exact same prefix they both send me like the 9090 Network and I've locally configured saying hey anything I get from that neighbor right there I'm gonna give him a weight of five anything I received from that neighbor over there I'm gonna give a weight of one well the higher weight is preferred so anytime I get the redundant routes from these two guys if I'm automatically giving this guy here a higher weight than this guy I will prefer him and neither one of those guys know that they have no idea I'm using weight that's just something I've configured on myself and we'll look at how to configure that then we drop down to local preference so if there if weight is not a factor if they're all identical then the highest local preference is preferred followed by locally originated routes and then the a s path link I'm just going to sort of go through these really really fast and we're gonna demonstrate them and I'll come back to this and then we go the origin code so routes that were learned with an Origin code of IGP which is typically in Cisco world routes that were originated using the network command in BGP are preferred over routes with an origin code of incomplete which are routes that were originated with the redistribute command and then we keep going the smallest met is preferred ebgp neighbors are preferred over ibgp neighbors this next one here only refers to ibgp neighbors so if you know one of the things about the BGP that's kind of unique from other routing protocols is that with BGP I could have a peering relationship with a router who's not even physically connected to me there could be around it's like two or three routers away from me I got two or three hours in the middle and I could still form a beach be peering connection with him so imagine this scenario where in my autonomous system that's what's going on I've got some neighbors then connected to other neighbors are like multiple hops away and so you have to ask yourself okay well how do I get to those neighbors who are multiple hops away well I'm using some kind of a GP routing protocol I've learned about those neighbors via OSPF or a IG RP or rip and using my ICP routing protocol BGP now knows oh I know how to get to that neighbor of seven seven seven seven even though he's not connected to any of my interfaces OSPF has told me how to reach seven seven seven or EIT RP has but once again in this scenario here if I have a couple of ibgp neighbors let's say neighbor one a neighbor - neither one of them is connected to me neighbor one is like let's use rip as an example neighbor one is for rip hops away neighbor two is seven rip hops away so I'm paired with both of them if they both send me the exact same prefix and I've already gone through all this other stuff and everything is equate is equal local preference is equal this is equal this is equal and now I get down to this I'll say oh well neighbor one is for hop counts away neighbor two is seven council way smallest IGP metric wins so I'll prefer the route from neighbor one because he's closer to me now if that's both the same we keep going on then if you learned about the route from an EB chief neighbor it's whichever one came in first whichever neighbor sent you their out first that's the winner now at this point we start getting kind of weird because okay let's say I got routes from two neighbors at exactly the same time we got to keep going then then it's the lowest neighbors bgp router ID follows by the lowest neighbor IP address so you can see as we go through this best path selection process if I do receive the exact same prefix from two or more neighbors eventually as I go through this process I will find something that's different that will enable to me say that's the best neighbor that is the best route that's the one I'm going to put my routing table now as far as we go through this process here what path attributes assist us in this process and I put little gray boxes around here so in the end Willa on the ole try to memorize that but in that best pass selection process the W and the L the a and the O and the M those are all things are carried by BGP path attributes the other stuff is not and like I said even though we call weight a path attribute it's not carried in an update so let's go ahead and demonstrate all this stuff and I'll just go ahead and use that n will on the all to sort of go through this alright so here is our topology once again you guys should all have a link to this so you can download a PDF of this topology I've already got this pre-built right here and let's see how this works also I'm gonna open up Wireshark as well so we can see the update and we can actually see the path attributes inside that update which is kind of fun all right so it's going to be on this interface right here and we'll just do a filter on BGP so we'll filter on port 179 so we don't have to see all this other garbage you alright okay so so let's start with n next hop okay so at the moment right now CSR one so everything inside here inside a s 1:34 is running OSPF and the way I've currently got it configured is that the routers that have external connections like CSR one he's using redistribution to redistribute these external connections into OSPF right and the same thing is happening with router for keys re distributing the 4242 network so in order to demonstrate next hop reach ability here's what I'm just simply gonna do I'm gonna go on a CSR one and I'm gonna turn off redistribution so by turning it off that will mean that router 3 in router for will have no way of knowing where the 11-11-11 or the 21 20 21 21 networks are they won't know about it alright so let's go to CSR 1 now real quick and do that see sr1 there we are so router OSPF one no redistribute connected subnets all right so to prove this now we're gonna go to router three and we're gonna see if we're out of three knows about the eleven eleven eleven or the 21 21 21 he should not know about those networks okay yep the 11 network is gone the 21 network is gone okay so that's gone now alright so now we're gonna do is we're gonna move our focus here over to router one and one of router one's loopback interfaces is the 12/12/12 network right here on loopback 0 so I'm gonna tell router 1 to advertise that 12/12/12 network downstream to csr one now this is going to come in as an external bgp update so what that means is when router 1 advertises it to csr one router one's gonna say hey the next hop for this network is me is 11-11-11 one now it's perfectly fine for csr one because he knows how to get to that next hop he's directly connected to it but what we're gonna see now when csr one forwards that update to our 3 and our 4 because those are considered ibgp updates because he's sending it to ibgp pierce he's gonna leave the next hop alone he's not gonna change it so router 3 and router for gonna learn of that route still with the 11-11-11 one next hop and they're gonna say uh ok totally useless to me because I have no idea how to get to 11 11 11 1 so let's see that in action alright so let's go over here to router 1 and you can see right now that my BGP configuration is is pretty simplistic basically just have a couple of naked bird commands and that's it on router one so here we're gonna go so a router bgp autonomous system 12 now we're gonna say I want you to advertise your look back 12 12 12 0 and your mask for that I have to include that because that's a subnet address r1 now should have learned about it show IP route BGP okay so we see he's got that beaching you're out in his table now we dig a little bit deeper into it show IP BGP and we look for that specific network okay so it says four available now you might say well wait a second four available how do you get four of them well let's look at our picture again real quickly here so if we look at our diagram what happened was router one has appear with CSR one so he sent it that way router one also has a peering relationship with router - so then router two got it and advertised it onto csr one so that's the second update router two also has a peering relationship with csr two csr two got it advertised it - router three who sent it - csr one and advertise it - router for who sent it to see us our one so that's why router csr one is saying hey I just got this update from four different places but here's what I want - here's the main thing I want to point out okay so let's look at the one that he got directly from router one your rather than focusing in on any of the other ones so the one from router one and by the way I've made I've made it easy to figure out where these routes came from because each one of these routers has a distinctive router ID that I I preset so we could tell so for example the router IDs take the form of autonomous system number autonomous system number autonomous system number dot router number so for example in 134 here all these guys have router IDs of 134 134 134 this guy would be dot for this guy would be dot 3 this guy here is 12 12 12 1 so those are how we can see it so for we're looking for the route from router 1 let's go back to here all right so we're looking for the one that came from twelve twelve twelve one and that would be this one right here right so there's the router ID of where it came from okay and notice this is the next hop all right 11 11 11 1 now for csr one that's fine he's directly connected to that but the problem is gonna come into play when he folds that route on to let's say router 4 let's take a look at router for for a moment show IP VGP 12 12 12 0/24 okay so now we're looking at we want to see router 4 when he received it from csr 1 so here it is right there right there csr 1 134 134 130 4.1 he advertised it saying hey that route has a next hop of 1111 1 and router for saying in accessible I have no idea how to get there I can't use that so that particular entry cannot go any further cannot be considered for routing in the routing table because it is in accessible so that's how the next hop works and we could actually see that that in the BGP ah see here in the sea here and the Wireshark if I can sort of put everything on here so we got enough room there we go alright so back when that update came here it is right here here's an example of one of them hopefully you guys can see that let's see here this might be a way here I can make this zoom in here so soom is just just zoom in like that alright okay so here in the b2b update before we scroll down we don't care about the TCP right there the b2b message all right so here down at the bottom is the network itself network layer reach ability information 12 12 12 0 and above that all the descriptive path attributes and what we're looking at right now is next hop right so that that is a that is a mandatory path attribute that must be in there now this next hop says 42 42 42 22 and so that must be so if we look at our picture right so right now this is the guy who's doing sniffing so next top of 42 must be this one so we were seeing the update that came in here that was forwarded by router 4 so this guy said hey the next hop is me 42 42 dot 22 and so that's what we're capturing here in Wireshark I just want to show you that you know it is a component of the bgp update if I expand that right there you know it's it's a transitive well-known update next hop and that actually shows us what it is all right so that's it for next hop so now if we go back in that pest path selection process the next thing was weight which was a locally significant thing so now before I continue let's go back to CSR 1 here and let's get that redistribution turn back on I want to make sure that everybody knows how to get to his connected networks all righty okay so now from this point on in order to demonstrate the rest of these path attributes we really need to have at least two routers advertising the exact same route to somebody else so we can use these path attributes to manipulate which is considered best and that is why if we look back at our picture here we can see that on router 1 in router 2 I configured to loop backs that are both in the exact same subnets the 12/12/12 network and the 12 21:21 networks and now what I'm going to do is I'm going to go to router 2 and I'm just gonna have him also advertise his 12/12/12 network that way csr 1 will be getting redundant prefixes from two different peers so let's go ahead and go to router 2 here and do that router bgp 12 and the same statement i put in the router 1 okay and just to just to make things a little bit easy because right now I don't want taking that long roundabout passer of on the bottom there I am going to on router to kill his connection going down over to see SR 2 and then what I'm going to do is I'm going to go into here and type a command into everybody which is clear IP bgp star just kill all their neighbor relationships they'll come back up really quickly though and because I did that in the bottom of the secured CRT it's sending it to all of my tabs all my routers all right so let's go to CSR one now it looks like his four neighbors are up that's good show IP BGP alright so he hasn't learned of that 12 Network yet that's one of the things you learn about beach B's you start working with it that it's it's not the quickest protocol to propagate things that sometimes takes a while but we will get it it will come in here show IP BGP neighbor include neighbor state just make sure all my neighbors are established and they are that all looks good there alright show IP BGP should be coming in that's just taking an awful long time let's just verify show IP BGP okay so router one Scott in his local BTB table he's just taking off a long time to advertise it and router two has it okay so we should you seen that in CSR one here any moment there we go it's took a bit okay all right so let's dig into this a little bit more show IP BGP 12/12/12 0/24 alright so right now we've received it from two neighbors CSR one has received it with the next hop of 21 21 21 2 so that is his that's when he got it from router 2 in the lower right hand corner he also received it from 11 11 11 1 which is router 1 in the upper right hand corner and you can see here it says the best route is number 2 now if we go through the N Willa Omni it'd be a little ways down as to why he selected that as number 2 but what I want to focus in on right now is wait so notice no mention of wait right here as a matter of fact when we looked at it up top here under the weight category the weight is 0 right so by default cisco routers do not assign a weight of anything to a route that they've learned from somebody else okay so now let's change that alright so let's take a look here all right now in reality you know why did he select this one as the best well if we went through that n will a Omni best pack selection process this actually got down to the oldest ebgp route because he already had their route from router one and then it came in like a second or two later from router two he selected the oldest route the one he had in his table the longest as the best route because everything above that was equal in these two updates all right so let's do this let's uh let's have router CSR one prefer that route from router two by applying weight so here's what I'm gonna do I'm gonna create an access list matching on that route all right now I'm going to create a route map that references that ACL all right and now what I'm going to do is I'm going to use the set weight command and remember higher weight is more preferred now right now he's just given a default weight of zero to every route that he's learning from any peer so I'm gonna do now is I'm gonna set the weight to one okay one is higher than zero next I'm gonna create another instance of that route map it just matches on everything else but doesn't change it right because if I didn't have that second sequence number as I start advertising more routes they would be dropped because there wouldn't be another sequence number of my route map to match on those so it's sort of like act like a filter and I don't want that alright so that's that so now what I'm gonna do is I'm going to go to let's go back here so right now he's saying this is my best route he's also receiving from here so now I'm gonna do is I'm gonna say okay I'm gonna apply my route map against my neighbor of router - I'm gonna go into CSR one I'm gonna say hey neighbor 21 21 21 - whenever you receive anything inbound from him apply the route map of INE that i just created which means now when he advertises anything if it matches that access list if it matches 1212 0 I will bump up the weight from 0 to 1 and that should make CSR 1 always prefer router 2 because he's got the higher weight so I've already configured the route map I've already configured the access list the only thing left to do on CSR 1 is to go into my BGP statement my BGP process if I could type and say neighbor 21 21 21 2 - map I&E in so what that's gonna do is now it now one thing about bgp also if you're not familiar with it is that when you apply policy like this a new policy or you're changing your existing policy it does not take effect on the routes you currently have in your routing table and your BGP table your route policy applications or changes only take effect if something new is coming in or something new is going out and so we'll see that right I'm gonna apply it here to my neighbor inbound statement okay here but you know router two has no reason to resend the route to me right now so if I do show IP BGP notice my weight is still zero my route map has not taken effect so I need to get router two to resend that route to CSR one so I can now run it through my new route map and actually make that change so for that I'm actually gonna use the route refresh feature I'm gonna say clear IP BGP I'll say star in and what that's gonna do is now CSR one's gonna send this special BGP message we'll see it inside the the Wireshark called a route refresh message out to all of his peers and say hey can you please resend to me all of your routes again and because they support route refresh that's a that's a standard thing that Cisco routers support they will do it all right so let's go ahead and there go so we don't see anything in the background but we look in our sniffer trace right there route refresh message so type route refresh me saying hey no I want unicast routes can you please resend your unicast routes to me again and we should see and I don't know why we don't see another b2b update in here it might just not have been caught well let's see here show IP BGP okay now it worked because now we can see that the 12 toll 12 network was received from router 2 and this time the weight is 1 and this little greater than sign right there that means that is the best route because we have two paths to that route the greater than sign means that's the one I'm preferring is the best route because it has the higher weight okay now like I said weight is not carried on anybody else so if we go further on downstream for example to router 3 show IP BGP his weight is still zero right because we haven't configured weight on him so that's a locally significant value okay so that's weight now let's say I receive two of the exact same route from two peers and the next hop is reachable the weight is the same maybe they're both zero the next thing I look at is something called local preference now local preference if I receive a route from an external peer local preference is not in their local preference if if you're going to put the local preference path attribute into a BGP update if you're gonna put it in there you can only do that when you're sending that update to an internal peer so one internal peer can advertise local preference to another internal peer but that is not a transitive attribute so it cannot go from one autonomous system to another it's used to influence your local autonomous system so for example let's see here so here's what we're gonna do so I'm gonna reinstitute this link down here and what we're gonna see once I do that is that let's just look on router three for example he's gonna learn about that 12/12/12 Network from this direction he's gonna learn about from csr one he's gonna learn about directly from csr - and there's also a very good chance that he'll learn about it from an ibgp neighbor of router for so he'll learn about from three different directions now I can use local preference to influence which path router 3 chooses to get to that 12 12 12 0 Network now when CSR 2 sends that update to router 3 so when csr 2 does it that is an external update that's an EB TV update CSR 2 cannot send local preference in that update but he can get it from csr 1 and router 4 now you might say okay well you know if if my ultimate objective is I want router 3 to go this way for the 1212 Network and I want to use local preference to influence that but Keith you're telling me that CSR 2 can't send him local preference well then how can I use that path attribute well when a router learns of a BGP update ok the default behavior is this when the update comes in if it comes in from an ibgp peer by default there will already be a local preference in there of 100 100 is the default value for local preference so even if I do nothing we will see that this update that comes in this way and this update that comes in this way we'll both have local preference values of 100 that CSR won and router for already applied without me doing anything now the other default behavior is if you receive an e BGP update from an external peer yes it's true there's no local preference in there but you apply it yourself so we'll actually see that router 3 even though he did not receive local preference from CSR 2 when he says oh this is an external update well when I put it in my own BGP table I will put local preference of 100 in there even though I didn't learn it from that guy I will apply it myself and here's how you can visualize that so let's go ahead and bring up that link now between router 2 and CSR 1 to make sure that happens so router 2 right there so interface gig 0 0 no shut alright and then we got to wait for the beach be peering a start up let's go over to CSR 2 and wait for him to get it ok so the neighbor is up show IP BGP 12/12/12 0/24 alright and see here 12-12-12 yes so right there that very first one this one cuz look here's the router ID right so he learned that directly from 12/12/12 2 and that is router 2 ok and here's actually a classic example of this let's you know look in router looking in CSR - right now he's at the very far left of the topology if I do show IP BGP ok notice that the local preference column has nothing in it and that's because that column is only populated when you learn local preference from somebody else well the only peers at CSR 2 has his external peers he's never gonna learn local preference from them so that is 0 but we can see here if I scroll up a little bit inside the guts of that route inside the BGP table he actually assigned a local preference of 100 himself to those routes so if later on I added an IB GBP R to autonomous system number - CSR - could forward that local preference to them that he put in himself all right so let's just go ahead and use local preference now to influence our routes so once again let's go back to router 3 here and let's see what best path he is currently using so for you if we think about through it logically next top should be reachable that shouldn't be a problem and Willa wait well he should not have any wait wait is zero so shouldn't be any wait local preference should be the same right when he learned about it this way CSR one told him the local preference was 100 what he learned about this way same thing local preference was 100 we learned about this way local preference was zero but he added 100 to it himself so local preference isn't gonna help us so that's an Willa so then we go to locally originated well router 3 did not locally originate the 12 12 12 Network he doesn't own it it wasn't his job to use the network command to inject it in BGP so it's not locally originate from his perspective okay then we go to in the end Willa we have the a which is AAS path and here's where a lot of times it stops the prefix that has the shortest AAS path is the winner so if let's see here just to do ok so the ones that he received this way will have the a s path of 12 in the list and the he received this way we'll say to 12 started a s12 went through a s2 so we definitely know that router 3 is not going to prefer csr to by default because csr to SAS path is longer than the other one she's getting so let's use local preference to influence that let's tell the router three hey I actually do want you just use csr two and prefer him so we're gonna do the same thing so here in router router 3 I'm gonna perform a lot of the same steps here I'm gonna create an access list XS - list 1 matching on that route all right and now create a route map let's call it LP for local preference will match on that access list and we'll set the beach of you local preference now remember the default is 100 right and just like wait how a higher weight is more preferred a higher local preference is more preferred so I'll just give it a local preference of 101 again I want to create a second instance of that route map that catches everything else but just leaves it untouched unchanged all right so now go into router bgp 134 and we'll apply this route map against inbound stuff we receive from CSR too so neighbor 32 32 32 dot 22 route - map ALP in and once again this is not going to immediately take effect it does not affect the stuff that's currently in his table so I have to send a route refresh message clear IP BGP star in get all my neighbors to resend me their routes again and now I do show IP BGP I could type there we go all right something has not happened yet where is it there we go okay just took a little bit of time all right so now we can see that this first entry right there is my best path once again it's got that greater than symbol right the beginning right there that tells me that that is my best path next hop is 32 32 32 22 that is the route that I learned from CSR too and it is the best because it has a local preference of 101 which is higher than the same route that he learned from who do you learn that from 21 21 21 - that would be the route he learned from CSR one right that would be the one he learned from CSR one so there we see it local preference was used to influence which was which route was the best and once again we did that with a route map and we did that with the set local preference so right there mashed on my ACL set local preference and gave it a number higher than the default okay we could also make routes look worse right we could set their local purpose to something less than 100 with the which would make them look worse than other routes that were set with the default okay so that's in Willa so now so locally originated routes that means that a router itself has used either the redistribute or the network command to take a route out of his IGP table like a rip route or an OSPF route or a static route and inject it into bgp that's what we consider to be a locally originated route and if that's the case and then he learns of that same route from somebody else his locally originated route will be preferred now once again that's after weight is considered and after local preference is considered locally originally routes will then be preferred okay so that's not really something cured with a path attribute so the next thing then is a s path and I mention to you how the way a s path works is that let's say this is the route that I've learned X X X X and I've learned it via two different peers 1.1.11 and via two two two two okay and let's say that there's no weight so the weight is zero for both of them let's say the local preference is the default of 100 for both of them but as we go further on down their autonomous system path looked like this maybe this guy is 10 100 this guy is 20 22 and 99 okay so these numbers are showing you the autonomous systems where this route went through so the way you read this the a/s path is the number on the far right or the last number that's what we call the originating autonomous system so this is where the route actually lives so X X X X whatever that route is that actually lives well we couldn't have this two different numbers here good we'd have to have the same we have to have the same number here so let's just do it like this just to make it technically correct 99 and let's just put here for okay so let's and go back to this okay so both of these routes with its exact same route that route lives an autonomous system number 99 that is my originating autonomous system now once it left autonomous system number 99 it actually took two different paths the routing update that contained this prefix went first into neighboring AAS 100 and then two neighboring a s10 a s4 and a s4 so on this particular router a s4 is our neighbors autonomous system so our ISP or our partner they are an autonomous system number four they are our external peer and they sent it to us okay so that was the last autonomous system number it hit before it came into our autonomous system so we can see here that this particular path has a total of four autonomous systems in it right 410 199 whereas this path only has three autonomous systems in it so once again if wait and local preference were not a factor this one would be considered our best route because of the shorter a.s path now we can actually use this to our advantage you didn't use the knowledge of this let's go back to looking at our picture right here okay so right now router1 and router 2 are both advertising the 12 network let's get them now to advertise that second loop back the 12 21 21 21 network okay now here's what I want to do now you know router 1 router 2 they only have a limited ability to influence csr number one because you know if csr number one is using weight or local preference there's nothing that router 1 and router 2 can do to say hey CSR number one um I want you to forget about weight local preference and instead we want you to do it this way in other words what if I what if I was a network administrator for a s 12 ok that's my autonomous system and here's what I want when a s 12 advertises the exact same routes into another autonomous system like into a s1 34 what I would prefer is I want that autonomous system to prefer this path okay so when they actually send packets into my autonomous system number twelve I want them to send their packets into my router one I really don't want them to use router two to get into my autonomous system and the less it's like a backup or something like that okay so I'm not the autonomous I'm not the administrator of a s1 34 I can't jump on those routers and manipulate them so using path attributes is there a path attribute I could send in my updates ok so if router 1 and router 2 are both going to send at 12.20 one network if they're both going to do that and my objective is I want CSR one to prefer as his best path the top link the link going to router one what I can do is you know I can't send wait I can't send local preference but I can manipulate the autonomous system path normally both router one in router to what they would just say ok well the a s path is 12 because it's leaving our autonomous system in it and it lives here well why don't I do this why don't I go down to router 2 and say hey router 2 when you advertise this route I actually want you to artificially make that path longer why don't we add some more instances of 12 to that a/s path so you're a s path is not as good because it's longer than the a s path that router one is advertising this is actually called a s path prepending what we're talking about right here so I'm gonna go into router 2 and I'm gonna say hey when you advertise stuff outbound to CS are one that matches the 12 21 21 Network I want you to artificially inflate the path by adding some additional instances of 12 to it now a little caveat here if you're doing this in a lab environment you can artificially inflate that with any numbers you want I could use a s path prepending to say hey router 2 and you send it's a 12 and then the next a s is 99 the next day after that is 714 you could put whatever numbers you want in there in a lab environment in a real production environment you probably wouldn't want to do that because you might accidentally be putting someone's real legitimate a/s into your prepended path and that could cause some issues we don't want to do that so the the rules of polite society say that if you're gonna use a s path prepending you should only add multiple instances of your own AAS into the path so that's what we're gonna do right here alright so first of all let's get router 1 and router r2 to advertise that 1221 route you all right so router bgp 12 network 12 21 21 21 nope that's wrong zero mask 255 255 255 0 ok and say anything for router 2 ok so now they're both advertising the exact same route to CSR 1 I have not done any prepending yet I just want to make sure the CSR 1 does indeed get that route alright so there it is right and only has one a s in the path which is the originating ASAS 12 ok so now what I'm gonna do and it looks like he's actually preferring router 1 at 11 11 11 1 is the next hop ok so I bet that's fine that's what I want but I'm gonna show you prepending so I'm gonna go back onto router 2 now same process so I'm gonna create an access list and you could use a prefix list as well if you're more comfortable with prefix list I'm just using access list because I think more people know ACLs and they know prefix lists so access - list let's just say to permit 12 21 21 0 okay route - map we'll just call this prepend and we'll say match IP address to set a s - path prepend and let's just add some additional instances of 12 to it there we go we'll add four more and once again we want to create a second instance of our route map so that we don't accidentally filter out other things all right so a router bgp 12 so remember one route or two here so now I'm gonna say neighbor 21 21 21 11 route - map prepend out so anytime I send an outbound routing update to that neighbor I'm gonna run it through this route map called prepend and if it matches the 12 21 21 I'm gonna artificially increase the length of the AAS path and once again it's not gonna take any effect unless I get router 2 to resend his routes so I'm gonna say clear IP bgp star outbound and now if we go back to CSR 1 and same command-c it worked so now there's that 1221 Network learn from router two and now we have multiple instances of a s12 we have prepended the path we have made it artificially longer which makes it worse than the exact same route he learned from router 1 so that is a s path prepending alright I got a little bit of time left here so see here what else do we want to look at so I I don't have any personal first-hand experience with this but I have heard from from multiple I need clients and other customers I've had it as learners in my classes they've told me that sometimes when you're talking to an Internet service provider and you know you're setting up your contract with them to do bgp peering with them some Internet service providers will actually tell you we don't allow a s path prepending don't do that when you send routes to us as a matter of fact if you do that we have filters set up in place where we will just drop that route as if we never got it in the first place so don't do prepending ok well if that's the case let's go right back here once again if my objective is hey I want to influence csr 1 I want him to prefer router 1 but I can't use a s path prepending to do that well is there any other attribute I could send to CSR 1 which would sort of accomplish the same objective and there is there's a path attribute called the multi exit discriminator med now it would be nice if things were always consistent right so so far we've learned that when it comes to weight the higher the value the better it is local preference the higher the value the better it is well guess what with med it's just the opposite the lower the value the better it is so in the N will Omni hey I'm skipping the O for just a moment we'll get back to that this is the M okay so this is the the med in the N Willa Omni and lower is better now by default if you and I are external bgp peers when I send you a med value it's gonna be zero that's the default med value now you might say well wait a second how can you get less than zero does med support negative numbers no it doesn't you can only make med bigger than zero but here's how we can do this all right so now before I do med I'm going to clear my route map statement from router to okay let's get rid of this guy right here all right clear IP bgp star out so we should be back at a nice clean state there alright so here's what I do once again if my objective is I want to try to influence CSR 1 and when these guys send see us r1 the exact same route I want CSR 1 at least for the 12.20 1 Network I want him to prefer router 1 and I've been told don't use a as path prepending not allowed okay well I can use med knowing as I do that a lower value is preferred why don't I do just do this I know that when router 1 sends that route by default he's gonna send it with a med equal to 0 and actually if I looked at one of my previous sniffer traces we would see that in there so right in here let's see--let's whereas a bgp update here we go update message just clap some of these things here that we're not talking about next hop right here Multi exit discriminator and notice the value by default is 0 ok so that's in there that's 1 the path attributes so here's something to do knowing that lower is better I'm gonna let this guy advertise the 1221 network with a med of 0 I'm not gonna change him but I'm gonna go to this guy here and I'm gonna have him advertise it with a med of 1 once again if lower is better everything else being equal if CSR one's not considering weight or local preference or a s path and he gets down to the M in Omni he will prefer the path to router 1 because of the lower med alright so let's go ahead and do that so let's go to router 2 here and I'm just gonna reuse that same access list that I already have I think it's access list - yep I'm gonna create another route map route - map we'll just call it med permit 10 match IP address - for that access list now here's the one little little weird thing with weight it was the set weight command with local preference it was the set local preference command here with even though the attribute is called the multi exit discriminator it's not set med or set multi exit discriminator is actually set metric that's how you do it in the cisco router in the route maps set metric and i'll just to set metric of one all right let's do a second instance of that route map all right so now we'll go router bgp 12 1 SAP in apply it outbound against my neighbor neighbor 21 21 21 dot 11 route - map med out clear IP bgp star out all right so now when we go to CSR one Sonos before I did anything he had the default metric what we call the med value of zero for everything now let's take a look at the difference there we go so now for this route right here okay the weight is zero on both of them that doesn't factor in the local preference well he didn't learn any local preference so we assigned a default local preference of 100 to both of them which doesn't show here but a would show in the the other output of show IP BGP 12.20 120 1.0 and so local preference wasn't a factor he did not locally originate this route both of them have the same AAS path length just a single s in the path just one number number 12 so now we get to the M so origin code we sort of skip past that we'll talk about that in a second but the origin code is listed right here well we can see they're both exactly the same origin code now we get to the M in med and sure enough we have 1 and 0 we know that lower is better so that's why this bottom route here ended up becoming the best path because 0 is better now here's one other thing to know about the multi exit discriminator and for this and this going to do a little bit of a actually you can reference our same diagram here so let's take a look at router 4 okay now multi exit discriminator is a non transitive attribute which means if you and I are external peers and I send you an EB GB update like router 2 is doing the CSR one and in that ABG update I give you a med value like 1 or 12 or whatever it is you and all the people in your autonomous system number that you can use that but you cannot advertise that med value to another autonomous system number so when you go to send an e bgp update or any of your other friends do you got to strip out that med value you can put in your own med belyeu but you can't forward my med value into another a s it is a non transitive so imagine this for just a moment ok so imagine that we have it coming like this alright actually so remember with it with bgp once you select the best route the best route is what goes in your own IP routing table and that's the one you average to other people so when these came in like this with a med of one here and a Med of zero here well what he's going to advertise out is the Med of zero because that's his best path well let's say we did this let's go ahead and sort run out time here this might be a little try to fit in origin code real quickly after this I'm gonna go to router one do the same type of thing come on router one wake up list to permit 12:21 21.0 route - map med permit 10 match IP address to up set metric let's just say five exit 20 okay and out router bgp 12 up trying to hurry too much here router bgp 12 neighbor 11 11 11 11 route - map med out clear IP bgp star out all right so now we should see on csr one is a mid value of 1 and a med value of 5 from those 2 different neighbors ok so here we go right 1 & 5 so now router 2 is a preferred router because his med value is lower alright so this brings us to what I was about to talk about which is alright so let's look at router for right here so what's going to happen is we had 5 coming in this way one coming in this way so CSR one is going to advertise out the best route so the one with a med value of 1 okay now when router 2 advertised that same route to CSR - we didn't have any route maps applied to that so the med value is 0 there now CSR to he cannot forward that med value into asn.1 34 but what he can do is strip it out and put his own default med of 0 so here we have something like this coming in 0 okay so you're looking at router for you might think okay well if I go with that n Willa Omni best path selection process okay then it as if everything was identical okay which it won't be here but if it was I think oh well then in this case the update that he got from CSR to will be preferred because the Med is lower than the update he got from CSR one hmm that wouldn't work because there's another rule of med med says look if I get down to the M in n Willa Omni and I'm starting to compare med from all these different neighbors who sent me the same prefix I can only compare med if neighbors are in the same autonomous system number so what that means is let's say he got some updates that look like this these came from AAS 200 and he got some other updates from here you know just making up some stuff these came from a s 777 okay he could look at the mid value of these two guys compare them against each other to figure out which of those two was best among them he might say okay of those two that guy's best and he could look at the med value of these two guys and figure out which one was best you know maybe that guy right there but then when he compared this guy against this guy he could not look at their med values to make that determination because those are in different autonomous systems so he'd have to proceed further on down the chain of the N will Omni to try to figure out which one was best now there is a command you can use in BGP what says you know what I always want you to compare med I don't care if they're from different autonomous systems or not that command is BGP always compare med now I'm not sure why you'd want to do that because when you think about it the med value coming from a s1 34 you know what's the reason for that what was the logic behind why they set their med what we don't know right we're not the network admins in 134 we don't know what's going through their head we just know they're sending us med values and med values coming from a s 999 same thing what's the logic what's the reasoning why they're setting net value chances are pretty good that what these guys are thinking is not the same is what those guys are thinking ok but this this command here says hey we don't care what their thought process is if they're both sending us med from different autonomous systems we'll go ahead and compare those numbers to see which one is better all right so the last one I want to look at today and then we've run out of time is the origin code this one's pretty easy to show you here so the origin code in the end will Omni so we had in Willa oh right there so this is the O in Omni this is what's called the origin code this is a mandatory path attribute and we see it right here there's the origin code and in the BGP RFC technically there are three origin codes you could possibly see let me go back to here so I have a little bit more space okay so the three origin codes you could see are IGP eg P and incomplete now you're never gonna see this eg P was actually the precursor to BGP there was a another exterior gateway protocol that was called the exterior gateway protocol that was out many decades ago and it's gone I don't think any routers ever support anymore so you'll never see that all right eight so all you're gonna see our origin codes of IGP or incomplete here's basically what it boils down to in a Cisco router we have two ways primarily that we can take in OSPF or a static or a connected route out of our igb table and inject it into bgp one way is by using the network command and that's what i've been doing in all these demonstrations when you use the network command that sets the origin code to IGP the other way is you could use the read it should be a command you know in bgp I could say redistribute OSPF or redistribute static if I do that that will set the origin code to incomplete if I use the redistribute command well as far as the bgp best path selection process is concerned they say that IGP is better than incomplete so if I get if two different neighbors send me the exact same route but one of them has an origin code of I GP the other has an origin code of incomplete if I get all the way down to the oh and n will Omni I will prefer that I GP versus the incomplete alright so here's how we're gonna do this real simple I'm gonna go to first of all let's strip out some of the route map stuff we have here let's go to router one actually we'll just create a new loopback just to do it real quick in-your-face loopback let's say three IP address 33 3333 oh we've already got no we don't have the 33 Network in here let's just go 133 133 133 . let's just say 1 all right and router 2 okay so now they both contain the same network all right here's what I'm gonna do on router 2 I'm going to advertise that network using the network command so router EG p12 network 133 133 133 0 now before I do that let's just go ahead and stop this and then start it again so we can get a clean slate here BAM okay so there's our b2b update message for that please scroll down here let's collapse some of these alright so there's the 133 Network and the origin code is I GP because I use the network command and in receiving routers that shows up in the BGP table at the very end right there that little eye so that's where your origin coat is IGP now I'm going to do is I'm going to go to router one and I'm going to have it advertised that exact same route but this time on him I'm just going to use the redistribution and I'm gonna say redistribute connected you know what let's just make this specific here cuz I only want to affect that 133 Network so access - list let's say for permit 133 1 33 1 33 0 alright Ralph - map we'll just call it origin match IP address for we don't have to change anything here I just want to use this for matching purposes alright and do show run section eg P let's remove any existing route maps we have in here so we don't muddy the waters here so let's get rid of this guy ah come on and now let's say neighbor 11:11 11.11 route - map origin out okay so right now I haven't changed anything all I've done is I say when you send anything 11-11-11 running through the route map called origin or what's origin doing well right now the first sequence of origin is matching on this access list but we're not changing anything there's no set commands they're just advertising it as is um it's saying if we advertise it we're not going to change it and the second sequence number is matching on everything else once again not changing it so now here's what we're gonna do we're gonna say redistribute connected but I want to run my connected subnets through the route map called origin redistributed route map origin actually before I do that actually I don't want that second sequence number the whole purpose here is I just want to redistribute the 133 no networks all say no route - map origin permit 20 let's get rid of that one okay so redistribute connected route - map origin all right so now router one should be advertising that same 133 Network and let's see here update want to get the one from router one well this will probably well we're not unfortunate I don't think we're gonna see it in the sniffer trace because if we look at the positioning of where my wireshark capture device is right here see now we're coming down with an origin code of incomplete here we're coming down with an origin code of IGP and the only thing that the csr is gonna advertise this way is his best path so he's not gonna advertise the he's not gonna forward the update that's got the incomplete origin code he's only gonna forward the update this got the origin code of IGP so we're not gonna see that in there but we can see it in CSR ones table at least even though we can't see it in the BGP in the wireshark capture so CSR one here alright and here's how you see it this way is right there that little question mark that means the origin code is incomplete which means we use the redistribute command we can also dive a little bit deeper in there and we can say show IP bgp 133 133 133 0/24 and it shows it in here as well all right here's the one that says origin incomplete here's the one that says origin IGP this was done as a result of redistribution this one was done as a result of using the BGP Network command alright that my friends is all we have time for today so I will go ahead and now take a look at whatever questions you have there are a few other remaining BGP path attributes but I don't want to take another hour hour and a half of your time going through that maybe another day we'll get into that so let's go ahead and check out the Q&A here and see if we have any questions ok so starting at the top here so Risa asks a very good question saying why do we need ibgp when in case we also have an interior gateway protocol alright good question three reasons I can think of reason number one could be due to scalability for example your interior gateway protocols of rip OSPF EIGRP they work really well up until you've got about oh four thousand routes roughly so I actually worked once with a customer who had started out using AI GRP azure interior gateway but their internal network had grown so massive and so huge that they are getting traced back messages and EIGRP errors and things because they had so many routes that ERP couldn't handle it and that particular case our solution was to take their core network that needed to know everything it migrated over to using BGP because BGP can actually handle hundreds of thousands of routes literally no other routing protocol can do that so that was an example of where a cup a customer needed to run BGP in that case I BGP because all the routers were in the same autonomous system to handle that massive scalability that's reason number one reason number two is if you're a control freak like if you're the type of person that needs to that likes to have a lot of bells and whistles and and different ways to manipulate their routes you really like to get your hands dirty with route filtering and route manipulation well BGP gives you more ways to do that than any other routing protocol so if that's the type of thing that floats your boat BGP will give it to you and then reason number three is if you want or you need your autonomous system number to be a transitive autonomous system and for a transit autonomous system number for example imagine if we got this situation or you've got Time Warner Cable here you've got sprint here and you've got a right here alright and sprint as a bunch of routers like this well all these routers are gonna need to learn all the BGP route so that routes to come in this way can continue on through them to AT&T so all these routers here would need to run IBG PP i-- BGP so that Sprint's a s could be what's called a transit autonomous system so that would be answers to that question thank you for your question Riza is there a way to remember the order like a sentence or something ah I wish there was I always remember as you know n Willa on the OL it's just so weird it sticks in my head I'm sure there's some I've tried searching you know Google start to see if anybody came up with some fancy acronyms for that or you know memory you know mnemonics or something I'm sure somebody has but I wasn't able to find anything so if you can find one go ahead and post it here into the QA so that other people can benefit from that but yeah it's a pretty weird nasty thing to try to remember so sorry anonymous I couldn't give you a better answer to that okay so how do you learn the order and do you need to remember it well yes like I said there's no easy way to remember but do you need to absolutely two reasons number one if you're ever gonna take any certification test like let's focus on Cisco for a second if you take like a cisco ccnp on up you will absolutely need to know what that best path selection algorithm is you'll need to know those in the correct order the answer your multiple choice questions secondly if you're actually running BGP in a production environment there will be situations where you might be scratch your head and say why was this route preferred you know I've learned I'm looking at my topology diagram right here and and I thought it was going to go this way but for that exact same prefix he's going this way why is that well if you did not know what the best path selection process was you would have no way of answering that question so that's the practical reason why you would need to know it um and anonymous also writes can I use path attributes to influence my IGP route selection no you cannot this is just strictly a BGP thing this is all you know this is just for the b2b protocol you know other protocols like OSPF and EIGRP they have their own methods like route tags and things like that but like I said there's far less ways you can manipulate your interior gateway protocols then you can manipulate BGP myself thank you anonymous all right so MD measure newer can you give a little bit of over UAS path prepending well I pretty much figure we did that we did a demonstration of that in the lab and once again just to review a s path prepending means okay when I send you my autonomous system path and my update I'm just gonna artificially make it long I'm just gonna stick some other autonomous system numbers in the path to make it longer than this guy over here because I want you to prefer him not me that's a s path prepending okay so we've done that let's see here can I use local preference to configure beach B failover or which attribute would you recommend yes you absolutely can use local preference for that so certainly if if this is my autonomous system number two I can give myself a little bit more room here a little bit more black screen to draw on okay so if this is my autonomous system number right here and let's say we're using is p1 and is p2 and they're both sending us this exact same route and in my autonomous system number let's just say my ASN is 65,000 okay we want to use a is P number one we could certainly say okay well when is p number 1 sends us a route let's just put a local preference value in there of let's say 200 and when is - sends us the exact same route we're just gonna leave that with the default local preference of 100 and so now as long as is p1 is sending us the route we will always use them we'll always go out this way but if this connection is this is P fails and goes down well then this route will now be used as our backup route it's still there just has a lower local preference and remember with local preference higher is better a higher numbers preferred so you can certainly use that for uh for failover for redundancy absolutely and that's probably the preferred way to do it as well alright so thank you Sam Matteo could you explain the same process with prefix instead of an ACL sure real quickly here so with a prefix list in router 1 if I want to match on one of those loop backs like let's say the 12/12/12 zero network I would simply say IP prefix - list give it a name like ine ok at this point you could give it a sequence number if you want to if you leave off the sequence number the first one of I&E will be sequence 10 the next one I configure with the name of ine will be sequenced 20 and they'll be in increments of 10 so I'm just gonna leave that alone permit or deny and if I want to match a specific network 12-12-12 0/24 and that will match that particular network so in this particular case the slash 24 so remember in your BGP update ok at the bottom we had two fields we had the prefix field and we had the length field all right so 12/12/12 would look like that and length would say slash 24 or just just the number 24 so if in my prefix list I say slash 24 then that's actually matching on two things that's saying okay look at the prefix field if the first 24 bits of that number matches the first 24 bits of this number it's a match and look in the length field if the length field which contains a subnet mask is the number 24 it's a match so this is an and statement slash 24 means the prefix the first 24 bits and the lengths have to match now with a prefix list you can get a lot more complicated though for example I could say something like this I could say greater than or equal to 27 I could do that so now if I did it like that now what we be seeing is in the prefix field we'd say okay the slash 24 now is only matching on this saying the first 24 bits of this number need to match 12 12 12 if it matches that's a hit it's not matching on the length field now the length field is being matched by this is saying if the subnet mask is saying at 27 or 28 all the way up to a host rata of slash 32 then we have a match so that's a quick overview of using prefix lists to match on something instead of an access list good question Matteo a question here from Todd what are the commands to filter a s prepending from neighbors is it using a route map to apply an ACL prefix list no um I know the theory here but it's been like ages since I've actually done it so when you want to win the thing you want to match on is the actual a s path itself you would not use an access list or a prefix list to do that you would configure something called an IP that 8ip a s - path access - list 10 MIT yeah okay this is what you would use you would use something called an a s path access - list and honestly I'm not sure why they even have IP in the front of that because this isn't even looking necessarily at the protocol this is just looking at the a s path and here you would use regular expressions I am NOT a regular expressions guru I know some of them for example if you said something like this okay what that would be doing is it's saying okay here's the a s path maybe I've got you know 17 200 maybe this route originated in a s 88 and if my neighboring a s is 65 that's a match that's what that means I don't know what the regular expression is to match on prepending I know there is one but you would create a regular expression that says if you see the same number multiple times that's a prepended route and then in your route map you would match on your a s path access list that you've created here so that's how you would do that I just don't know what the actual regular expression is to match on prepended routes you can google that I'm sure you can find what that is so thank you Todd um so Ross you said when you when you type in clear IP bgp star out is an update message or route refresh great question so when I do clear IP bgp star in that so if i did to you right let's say that you are my neighbor of one-one-one-one so let's say on me I did clear IP BGP one-one-one-one in well then I would send you a route refresh request you would send me your b2b update maybe multiple updates sending me all your routes again that's in if I do clear IP BGP one one one one out that's just kick-starting me to send me you send you all of my updates again so the outbound means just resend your BGP update messages to that peer again you know if nothing's changed just resend all of your routes to that guy inside of a beach beat update message so the only time you'll see route refresh is when you do the inbound direction Thank You Ross alright so that is several of them right there you okay measure newer I think we've already talked about a s path prepending in med I you know we've talked about that quite extensively and I I think we've covered that so you know because you're in here you will get the recording of this so just watch over the recording again where I talked about a s path prepending and med and the difference is between them I I think we cover that pretty well see okay so radec you're just asking for some other topics we could cover in the future okay so yeah thank you we can definitely cover that in the future yeah absolutely thank you for that suggestion and ash juani you said what should be the right attribute to be considered for bgp load-balancing ah okay so here's how the way load-balancing works and once again this is the something I haven't touched in a while but I you know I I can give you the high level overview of it so we know the default behavior of BGP is if I receive the exact same prefix from two or more peers I'm gonna go through that best pass selection process and eventually I will find something in that list that's different or I can say AHA that's the winner that's the best path so BGP by default never does load-balancing it just it doesn't do that but you can get it to do that so there's um I don't remember what the command was but there's a command that you can type in that says look if the first five or six path attributes all line up and they're all the same and I don't remember if it's the first four or five or six but there's a command that says look if the first several attributes are all the same at that point you can use both of those paths and put them in your routing table and you can load balance between them now that command does not stop or negate the best path selection process you see what will happen is it will still go through those paths and select one of them is best and only the best one will be advertised to your neighbors that command will just allow you to do load balancing locally in your own router on your routing table but does not allow you to send those exact same paths to other neighbors downstream I just I'm sorry I don't remember what that command was or what the path attributes are they have to line up I just remember is like the first five or six of them that did that once again I would just Google BGP load-balancing and you'll be able to find that pretty easily okay missioner also asked an MPLS infrastructure can I run ibgp absolutely yeah you can run that I think I think the label distribution protocol LDP relies on some sort of IGP routing protocol in order to create and distribute labels I don't believe the label distribution protocol will look at bgp routes for that but you can certainly you know run ibgp to propagate your own routes or route you know internet routes in tandem with your MPLS environment okay so Monterey asks what are the attributes we can use to manipulate the path from the outside well we talked about a s path prepending you can do that that could R so I'm interpreting your question as this I'm a trippin you're saying look how do i influence my neighbors autonomous system i want to influence what they select as their best path how do i do that from within my autonomous system well we talked about a s path prepending if they allow that you can do that we talked about the multi exit discriminator that will do it we also know that the origin code will pass from one a s to the other so if we have two routers right here in my a s and i want to influence you I want you to prefer this guy right here so let's say both of these routers are gonna advertise the 75000 network they're both going to advertise it which lives here in my a s well one thing I could do is I could say okay on this router here I'm gonna advertise the 75 Network with the bgp network command which will cause an origin code of IGP to be sent to you this router right here I'm gonna redistribute that route which will cause an origin code of incomplete and now you if everything else you know when the end will Omni lines up and you get down to the the O in Omni you will prefer the origin code of IGP versus incomplete so that's another way I could influence you but those are those are the three methods I'm aware of a s path med and origin code that you could try to influence a neighboring autonomous system so thank you for that question Silas can't really answer that question you're asking for the for the new Cisco exams how much depth will be GPB examined I would expect quite a bit of depth if you think about it it doesn't seem to be in the new CCNA so if you look at the CCNA blueprint the old CC Nader they just did away with actually did have a little bit of BGP in there they decide to strip that out so you're not going to encounter BGP until you get to the CCNP level now BGP is listed in both the CCNP enterprise infrastructure is listed in the encore exam and the NRC exam and if you look at those blueprints it looks like the anarse e exam is where you'd need to know all this stuff and more so the Narsee exam is going to get into the gory details of it but the encore exam also does mention it in there as well and if you think about it you know the encore exam is also what sort of replaced the routing and switching written exam so if if cisco is telling us which they are look if you want to take the CCIE enterprise infrastructure lab you have to first pass the encore I would expect the encore exam to have the same level of BGP as what the previous CCIE routing and switching written exam had which was pretty much everything so I would expect it to be a very great detail so thank you Silas so Badri we just answered that question already what attributes can influence another autonomous system we covered that autonomous asks is there any reason you would not prefer redistributed ebgp into your IGP absolutely scalability right it goes back to what I said earlier which is your IGP routing protocols of OSPF rip and EIGRP they're gonna choke and die if you send them tens of thousands or hundreds of thousands of routes BGP has no problem with that so if if my internet facing router has actually learned of the full global beat forget about the full global routing table which is like eight hundred thousand routes now let's say I've learned a meager 15,000 routes via BGP well if you try to redistribute that into OSPF rip or ERP you'd better go looking for another job because your router is gonna blow up and die it's not going to be able to handle that so that's the biggest reason why you would not want to redistribute your BGP routes into your interior gateway protocol might blow up and kill you devyn yep we love oranges as oranges mean pure refreshment that that that's right that is one I forgot about that one I forgot about that one yeah so that is a mnemonic you can use we for weight love for local preference origins problem with that one is that that's skipping a couple of things it's not covering the few the full and will Omni but it does get you close so yeah that does help thank you for that Devon I totally forgot about that one so syed says what is the preferred way of a path selection a s path prepending or med in a production network well that's a difficult one to say because I would say if you're trying to influence a neighbor's autonomous system it would probably be better to use med instead of a s path prepending while on the one hand I've heard stories of some ISPs and stuff saying don't do prepending we will filter if we see prepending don't do it I've never heard any stories of an ISP saying don't use med don't do that so since there's a possibility that a s path prepending could be a negative thing and could cause your ISP to filter and just kill your routes that's not going to happen with med so med is probably a safer bet and then anonymous asks what is what happens when everything in an Willa omni is equal which path is preferred it's not it's not going to be equal if we go back here let's take a look at this look those last few things here if you get down to that last thing there's no way it's going to be equal right lowest neighbors IP address if I'm getting the whole purpose of n Willa Omni is I'm getting the exact same prefix from two or more neighbors well there's no way that two or more neighbors are going to be using the exact same IP address to reach them it's not gonna happen so add it at the very least when you get down to that last thing one neighbor is gonna have a lower IP address than the other neighbor and that's going to be your winner so it you will never have a tie good question though and ten minutes of questions here so some of your questions here are related to path attributes other questions are not so in the interest of time I'm gonna cover the questions I see that are directly relate to path attributes and then if we have a minute or two left I'll circle back and hit the ones that are not related to that so Phil you asked about community strings all right so just a quick overview of bgp communities so a bgp community at a real high level is kind of like route tagging in the world of a jarppi and OSPF so a bgp community string so by default there are no committee strings in a b2b update but you can put them in there it's its own unique path attribute it's it's a number right and with bgp communities there's two different types of communities there's what's called standard communities which is a 32-bit number and you can put anything you want in there anything you want and you can you got what billions of possibilities with a 32-bit number that's a standard community and then later on they came out with something called extended communities which is like a wait no I think I got that wrong I think a standard community is a 16-bit number and an extended community is a 32-bit number all right that's right so the idea let's just focus on the standard communities because that's what's used most often so yeah 16-bit number right which is anywhere from community of zero up to like 65 535 and everything in between well a handful of those community numbers actually mean something there's like four or five of them that actually mean something I don't think I have slide up here right now but for example there's one community that if I select it well let's just actually take a look at right here so we can actually see all right so route - map I'll say Community remit ten match IP address it doesn't matter it's gonna match something fake set community all right okay all right this must be a 32-bit number then because look at that that is that's the range of a so this is a standard community here okay so these ones right here are well-known communities and they they match up with certain specific numbers I don't remember what the actual number was but for example if if I sent you a BGP update and inside that update using my route map I put in there the community called no advertise and like I said that maps to a particular number I just don't know what it is but you would recognize X that's a well-known number once you've got that Beach the update you could use it for yourself but because you see that no advertised community in there it's just like it sounds that would mean you are not allowed to advertise that update to anybody else you can use it yourself can advertise it anybody else um the no export community right if you got that if I sent you that that means you can use that update you can pass that update along to other ibgp neighbors in your same a s but you can't export that update to another autonomous system to an external peer so that's you know these ones here have well-known meanings other than that we could use a community for whatever we want for example you could say hey Keith um well let's turn around okay let's say you are my ISP okay and and I represent the ine router I say hey ISP um I'm just gonna pick on CBT Nuggets here okay so I'm gonna say hey ISP if you ever send me routes that belong to CBT Nuggets it originated in CBT Nuggets autonomous system number I want to know about that because I want to filter those out not to pick on CBT Nuggets but just as an example here so here's my problem at I&E I don't know what prefixes CBT Nuggets uses I don't know if they use the 90 network or the 200 Network I have no idea so I can't create a prefix list or an ACL and match on that also I might not know what autonomous system number they are otherwise I could match on that but you know that stuff so here's why I say I say hey when you send me raus that originated at CBT Nuggets I want you to put community in there of let's just pick a number one two three four five one two three four so what you would do as the ISP you would match on those routes because you know what the prefix is you know what the a s is you know whatever you would match on that and then you had set the community to one two three four five you would send it to me and on my side I would match on that community and I would filter it out so you see that number that community number of one two three four five it didn't have any implicit meaning like local a s or no export I assigned it a meaning and then I told you to flag the routes with that number so that's what a bgp community is in most circumstances outside of these four or five here they have a specific number it's just a classification tool to match on a route alright so Thank You Phil for asking that question and Matteo you're saying which BGP attributes should you know better than the others in the in the exams well at the top of the list I would say you definitely want to know how the a s path community community how the a s path path attribute is used and there's some permutations of that so you should know what that's used for and how you can manipulate it you want to know the origin code that's a really important one oh wait and local preference if I was just gonna focus on four it would be those four AAS paths origin code weight and local preference definitely know those ones really really well how to manipulate them how to change them how they affect the BGP table but you don't want to neglect the other ones like community as I just talked about you want to know about that you wanna know about med and those other things too so don't neglect the hose alright so Matteo thanks for asking that let's see are there any other questions here related to path attributes ah Lian Oh or Leonel gave us the command the neighbor whatever the neighbor is multipath that's the command we were looking at to say okay if these five or six path attributes line up on the front and then you can install these multiple paths the same destination in your routing table great thank you for that that's the command we were looking for all right just to the circle back now real quickly here what's the difference between beach B's star in out and soft so we talked about be chippy star in and out right when you do clear B to B star in that's sending your neighbor a route refresh request message when you do clear B G B star out that means you're just resending your beach meet updates to that neighbor even though nothing has changed soft what's soft used to refer to as something called soft reconfiguration inbound so here is sort of like the idea behind that a long time ago people said okay I have a problem I've just received you know let's say I've got let's just do it like this and then it's this will be the last thing we talked about today and then we'll bring this to a close okay I've got a neighbor one neighbor too and neighbor three and here's me right here and I've got this main BGP table where anytime they send me something it goes into my main b2b table and then from my main BGP table it may or may not end up in my routing table and they said here's my problem is that you know every once in a while I'm changing my policy you know I'm changing my route Maps I'm introducing a new filter list you know whatever may be on a particular neighbor like neighbor three and as we've talked about and this is for inbound maybe my inbound policy and as we've talked about you know I can I can manipulate my inbound route maps in my inbound filtering all day long but once I hit the enter key and I apply that new inbound policy it does not take effect against what's already in my BGP table and it only takes effect if this neighbor resends me his stuff cuz he'll when he resends me stuff now it'll run through my new policy and so people say well you know it's a hassle to try to get ahold of the network administrator for neighbor number three get that person to log into router number three and then resend all of his routes to me you know you could be on the phone all day long finding the person who can actually do that they said well this is how they thought a long time ago they said here's what we could do why don't we do this when our neighbors send me their stuff rather than just dumping it all into the BGP table why don't we use a little bit more memory in my router and create like these I just call them shadow tables that's not a technical term or anything so when router1 sends me his stuff it's gonna I've got a special table just for his routes I got a special table for Justice router - a special table for just for router 3 and then all those routes will go here into the main BGP table and so now on my router once I implement it my new inbound policy for router 3 I can say clear IP BGP let's say router 3 is 3 3 3 3 soft in what that'll do is it doesn't send any messages to router 3 router 3 is not involved at all what it does is I will take all the routes here in the shadow copy table and I will take those routes and run those routes through my new BGP policy which will then end up influencing my b2b table this was called soft reconfiguration where your neighbor you applied soft reconfiguration against selective neighbors so you didn't have to do it against all of your neighbors maybe I just do it just against router 3 but whatever neighbor you applied soft reconfiguration against you are now consuming twice the memory because although all the stuff he sent you was put in like a shadow table here and then was also dumped into your main BGP table but the benefit to this was now if I ever need to change my policy I wouldn't have to get router 3 on the phone and get him to do anything I could just take the routes that I had in a shadow table here and run it through my route new policy but people start realizing wow but if my neighbors are sending me tens of thousands or hundreds of thousands of routes this routers can have to have a lot of memory to not only store all those routes in the main BGP table but in these like shadow soft reconfiguration tables as well that's why they came out with route refresh they said now all I got to do is send you a little message called a route refresh request and you'll resend me all of your routes I don't have to store duplicate copies of them in a soft reconfiguration table for that purpose so that's sort of like the difference between soft reconfiguration and route fresh all right so everybody that concludes what we were talking about today I really appreciate everybody joining us in the webinar today I hope this was a useful and good learning experience for you and stay tuned for future webinars as a matter of fact in in a few weeks coming up another great instructor here at a tiny Tracy Wallace and I will be doing a joint webinar talking about how you network cisco gear into and as your virtual cloud and we'll talk about that so i stay tuned for that as well so thank you everybody for watching and thank you for joining the show

Info

Channel: INEtraining

Views: 27,416

Rating: undefined out of 5

Keywords:

Id: Ly6wg4PdunM

Channel Id: undefined

Length: 121min 44sec (7304 seconds)

Published: Tue Mar 03 2020