Live Webcast: Border Gateway Protocol (BGP) Fundamentals and Troubleshooting

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to the Cisco super communities expert series webcast on border gateway protocol bgp fundamentals and troubleshooting a few housekeeping notes to begin as we enter the WebEx console you either join us via audio broadcast or by the phone which was automatically muted because our life out large audience in attendance today you will remain muted throughout the event when you have a question please feel free to enter it on the WebEx Q&A panel located at the bottom right corner of the console please leave the chat window available to communicate with the WebEx facilitator for any problems or issues you may experience today we will appreciate your feedback on today's event by taking the short survey after appears when you close your browser at the end of the event my name is Monica Lewis I am the community lead for the cisco support community and I am the moderators of today's event the Cisco super community is an online forum with other health million members where you can get answers to your technical questions prior to opening cases with attack you can answer many questions or contribute and great documents videos and blogs the community can help you boost your career by becoming a top contributor and getting the technical community to know about your expertise we invite you to use the community on a daily basis at support forums cisco.com we have few as the experts and webcast events that will be posted at the events area in the support community at the link posted in the chat you if you haven't already done so please be sure to join the Cisco support community where you can share current real-world technical support knowledge with your peers and experts check out the class of the new 2016 Cisco CCNA VIP and the spotlight award our these on the cisco support community if you are interested in conducting an event for us and becoming a top event contributors your self just submit a form to the experts bureau at the link in the chat you you take a moment to rate the content of your peers documents questions videos and blogs in doing so you will help us recognize the wonderful content that they contribute ratings encourage contributions you can read about more write more about the ranges on the Sisqo support community in the link located on the chat now onto today's presentation our expert joining us today is Bennett Jane we need is a technical lead with the Cisco high-tech technical support HTTP team supporting customers in areas of routing MPLS te ipv6 and multicast he also supports a wide variety of platform issues such as high CPU memory leaks cisco iOS iOS XE and iOS X axle software and an X OS codebase he has delivered training and Cisco on various technologies as well as platform troubleshooting topics he has also written a work book on Cisco IOS X our software fundamentals on the cisco support community and he has done a lot of events for the cisco support community beneath has expertise in troubleshooting service provider enterprise and datacenter environments and holds a CCIE in four areas routing and switching service providers data centers and security as well as multiple certifications on programming and databases he's giving a presentation on VDP at Cisco live berlin and if you are attending the the berlin session check out his breakout session that is he is going to deliver on february 19 and the link of the breakout session is in the chat we also have two experts from Cisco joining us today to help out with with the technical questions that you will be asking is Ryan Dunn and Manish Kumar Bryan is a technical lead in the HTTP team and is an expert in routing protocols Manish is a customer support engineer also explained routing protocols and he holds a CCIE in routing and switching we need will continue with the discussion in the math CX prevent now throughout January 22nd so if you are if you have more questions after this webcast please visit the events page on the cisco support community or reference at the event in in the chat window he will continue as answering questions until January 22nd if you would like to have a copy of the slide please click on the on the link on the chat to download the PDF version of the slide and then we will be recording the presentation and it will be available as soon as we are able to process it so bookmark the URL on the chat window where all the presentation they live Q&A and everything will be ready for you by the end of this week you you for today's expert series webcast our expert we'll start with a presentation and then we'll dive into the live Q&A submission for the remainder of the event during our live presentation you may submit questions for we need to answer during using the Q&A box on the bottom right side of the console we will be selecting these questions that Vanille will answer verbally at the end of the presentation when the webcast ends and you close your event please take out the survey and let us know how you rate this event now let me pass the mic to VIN it for him to start the presentation thanks Monica guys I believe Monica has already introduced me so I don't need to introduce myself again today we'll be talking about bgp border gateway protocol if you are already familiar with the protocol this is a good refresher session if you're not then it's a good start up session for you I have tried to cover some good basic topics related to BGP and also some troubleshooting scenarios based on those topics so that you not just understand the protocol but you also understand how you troubleshoot when you get into some problems with the protocol right so beginning will be having the following as the agenda so we'll be covering the refresher how bgp neighbor ships are formed how the prefix advertisement happened so between the two periods or multiple pairings how the prefix are advertised and how they're processed we'll be covering that how you first of the prefixes because you don't want all the prefixes to be installed or to be available to you so how do you filter them and we will see how to use bgp communities and based on this we have two scenarios where and we'll be seeing how to troubleshoot basically appearing issues and missing missing BGP routes well these two trouble chewing scenarios are basically a sneak peek of my Cisco live session it's a very small part of the session but still you'll get a feel of where we are starting with it all right if you have any questions please feel free to post it on the create panel and if I'm not able to answer all the questions today there's ask the expert even and you can also post your questions on Twitter or Facebook and pre active on the support forum as well so if there are questions anywhere I'll try to answer as as much as I can all right so let me begin with a polling question do we know how much or how big is the internet routing table there four options right 250k 500k 400 K or 600 k approximately so you you have some time to answer these questions I believe you have five minutes so I'll come back to this question later on while you answer this question but the reason I'm asking this question is it really depends on which protocol you use to manage the internet routing table right and we'll get to that later on all right so the refresher BCB was defined in RFC four 271 it's a path vector protocol which means it relies on the path that it is following or it's driver the prefix is following to reach to its destination right and and very exactly it is being advertised so for you have ten hops and there are multiple connections between those ten devices you may have you may follow different paths and based on the pods one of the path is selected is the best and best route is available to you so it's generally called a path vector protocol which is highly scalable and flexible so you can manipulate the various attributes and you can control which route you want which route you don't want and stuff like that pretty much the same with what you can do with IGP but you have more scalability and flexibility gets compared over here right bridge-ep was primarily designed for inter AF autonomous system connectivity so you can use it within your autonomous system but it depends on what is the purpose of using it but when you want to enter connect to different autonomous systems you use BGP and based on certain agreements between the two say for you have a service provider and you are taking a link or an internet connection from your service provider and you are using a protocol say BGP and you have been assigned an autonomous system number from ia na I now and you have your service provider running its own autonomous system number and you use the pairing to exchange the routing information from your service provider based on your requirements so that's where primarily the BGP use comes in but there are a BGP over the period of time has expanded and it's not just for entering s connectivity but intra is and it also extends itself to various at the edges families so now you can have peering for ipv4 ipv6 VPN v4 which is basically used for MPLS VPN scenarios VPN v6 as well which is for six p or six VP so MPLS VPN for ipv6 you can say MD D or L 2 VPN so you cannot just have MPLS l3 VPN spawn picket wire BGP but you can have the control plane running for l2 VPN as well which was earlier not possible it came later on with new RFC's and developments now with BGP most of the time it deals with attributes what are attributes attributes are associated with every prefix that you have advertised in your in your BGP environment so there are four actually four kind of attributes which are I mean actually divided into two categories well-known and optional well-known you have mandatory and discretionary so mandatory means even if you don't assign any attribute those attributes will still be present for any prefix that you have in BGP table those are the mandatory and what are those those are a s PAP origin and next hop it's mentioned in the in the notes section for your reference when you when you download slide you'll have that information but there's also link in the reference section later on which you can reference and get that information discretionary are the ones which may or may not appear in the update message so an update is coming from a BGP neighbor and that update might have some information or some attribute attached to it or might not have those kind of attributes are called discretionary and basically those two attributes are local preference or atomic aggregate right then you have optional attributes which are transitive and non transitive transitive attributes are those say for to be he be peers are communicating with each other but two different both of them have are having different capabilities so one router is having a capability of X whereas other one is not having so what happens is when I send an update to the peering router and it doesn't understand that attribute or capability it doesn't do anything with it it just forwards it to the next hop to the next BGP peer right with non transitive it doesn't forward those if it doesn't understand it so what are the transitive attributes so transitive you have like aggregator and you have community values and for non-transitive you have Emma D welcome at the exit discriminator or you have organizer ID and plus the list plus the list generally comes into play when you have a route reflectors conjugate we'll get to that in a moment in BP you know IGP has various like ERP or OSPF has its own loop prevention mechanism right using their own set of algorithms with BGP you don't have an algorithm you have ear spot doing the prevention of loops in your environment means if you see your own AF number within the path you ignore the trout so for any reason that route doesn't cause any kind of loop for the traffic in the network right so the algorithm is actually based on part selection not based on on a particular route it's based on what es number you have okay so for our propagation any packet or any loud received from an EVP neighbor so ebgp neighbor is pairing between two different AF numbers and i vgb that is internal BGP is pairing between two internal neighbors so say for you have a s hundred dealing with a s 100 it is called ibgp a 100 pairing with a s 200 called ebgp ok so what you have is you can have a route advertised from a BGP neighbor which can only be which can be advertised to ibgp neighbor or any other evcp neighbor but you have an i bgp route you can advertise it to ebgp neighbor but you cannot advertise directly to another ibgp neighbor if you want to advertise your internal BGP routes ibgp route to another bgp neighbor you need to have either a full mesh or you need to use features like stock reflector or concentrations what Rock reflector does is like you say that my job is only to reflect what you are sending me so you don't need to full mass connectivity so say for you have four routers a b c and d for full mesh you will have to have pairing of all the four routers with each the rest three of them so a needs to connect to two b c and d b needs to connect it to a C and D and similar so and so and for right so to avoid such scaling environments or complex pool mesh topologies route reflector solution was proposed and that helps overcome this challenge right and similar with the case configurations where you have multiple a SS within the a within a top-level root hairs you can say VB can hold almost the whole Internet routing table now I see the question being answered by by lot of folks the answer to D is the one one or two people have answered our 383 to option D now option D is near about approximate 600,000 drops that's near about what our present BGP tail internet routing table is looking at well it's past five and two already last year last two last year so we are way ahead okay so BB can hold the whole internet routing table so what it does it's there are two different kind of tables when you're running BGP you have your normal routing table which we call the rib or IB routing information base and you have the BGP table so all the information that you receive from a beefy peers are stored in the BGP table they have been processed and downloaded into the routing information base that is the routing table and based on the routing table you make your forwarding decisions so all the forwarding happens based on your routes present in the rep not based on just the routes present on the BGP table ok all right so e bgp route advertiser ibgp peer next up I will show this next hop I mean regarding this point I would say just hold on to an example that hi have for you because you will understand this concept in a much better way when I show you in a light film in a live example okay the BTB they're basically primarily for messages route refresh is a different capability because of which a new message was introduced and that is advertised but by default you have four messages open update notification and keep alive now open messages in the open your communication update messages when you are sending an update to the peers notification is when you receive an error from the remote peer so you send a notification when you receive an error something in some information that you cannot understand or your router cannot understand you say a notification say I do that I don't understand this information and I need to draw the session or do XYZ action based on what what needs to be done then we have keep life now this this tears keep alive generally keep live are used to keep a track off if the BGP or the session is alive or not right if the session is not alive up to the keeper lies hosana expires the bgp session goes down right but here's the thing when the BGP updates are being sent or exchanged you don't the router does not need to send the keepalive message it will only send the keep alive when the update message are not getting exchanged so if say for for sometimes a update message the next get exchanged so people I will keep sending its messages after a certain interval by default 60 seconds but for some reason updates are coming in so the people I message will not even trigger at all they don't have to worry about it right important thing with BGP is you need to have the next hop reach ability if you don't have the next hop reach ability the routes will not get installed in the RHIB so you will have reachability problems within your BGP environments and we'll see how that okay so before we move on how a bgp neighbor ship is established i will show you how to configure it because i planned that out to have a demo rather than showing the configuration on the slides so let me share my screen you mine desktop is the desktop visible the security window yes we can see it okay perfect so I am simulating this in while or you can have a CML of which you can download from swisco.com or purchase it and that's really helpful if you want to simulate different environments with iOS iOS XR or Nexus OS and similar to what you have in gns3 but it supports multiple platforms multiple code bases and not it does not perform hardware based forwarding but only control plane features can be tested all right so we have r1 r2 and r3 we are running ICP between r1 and r2 and this is r2 and r3 we are not running any IGP they're just having a plain link IP conjugant so I'll show you show IP ospf neighbors this is is XR so how do you configure HP neighbor ship I'll show you the configuration of both IV GP and EVPs neighbors right router bgp hundred bgp router ID it's a good practice to configure BGP route ready but even if you don't configure it the bgp sessions will still come up so the remote is 21.1 peel out writing once you configure it okay let me do this let me go to iOS router first so that you are much familier with that one and then let me come back to is X I and show you what the differences are okay router bgp hundred bgp router ID one nine two one six eight or 2.2 right neighbor 192.168.1.1 the mode is one hundred okay neighbor one nine two one six eight dot one dot one update source low back zero so first we define what is the peering gemo deus number and then we say what is the sourcing interface now if you don't specify the sourcing interface by default it will take the outgoing interface so whichever link it's having a reach ability it's going to take that interface as its source but if you are peering over the loopback interfaces which is a much better way and more reliable way because loopback interfaces don't go down automatically and it can be reachable why are different paths if you have multiple paths within your IGP environment that really helps okay address family ipv4 unicast and you say neighbor 192.168.1.1 activate okay all right so here we do it differently on ifx are what we do is you have to configure the edges family first okay you enable that the family and then you conjugate the neighborhood so you say neighbor 192.168.0 to and it's hierarchical so that you have don't have to put everything in line you just want to get the neighbor and all the subsections will lie under that so you say room yeah so sorry to interrupt your your computer is not refreshing can use only share and share again oh okay I'm sorry about that sure no problem you is it looking better yes thank you oh okay sorry about that guys um update - source look back zero and once you have updated that configured both the remote ES and upload update source interface you specify the address family ipv4 unicast because that's what you have enabled and you say nothing right now you don't need anything if you want the parent to be found on different IDs family under the same neighbor configuration you can configure another just family VPN v for unicast right but note that it will not work because we don't have that configured here we don't have that enable here right so let me commit it and see what happens all right we got an error now why we got an error because we enabled an address conjugate and edges family which is not supported so show configuration failed I would say not configured has not been initialized okay so just wanted to give you an heads up on how you configure it so you disable that and you say commit and you will see that the bgp neighbor will come up show IP BGP summary okay so we have our ibgp session up okay and then for configuring an ebgp session you can configure the neighbor IP and here we need yeah sorry but your screen and has stopped refreshing again oh I guess there's a glitch but anyways I'll show the configuration again shouldn't be a problem and it's something to do with when I change the tabs so just to show you guys shoe IP BGP sundry will show you when the session comes up okay and you will get a notification message that you know the session has come up fine so this is how you have your configure BGP session all right so when coming back to the slides when a BGP session is established it goes through multiple stage where you have a connect then it goes to an open sent open conformed and Bend into established state well the beach procession actually starts with the idle state where it's an initial state and listens for a new connection from the pier okay when is it it is in connect state what happens it says that it has received an open message from the pier active state is when it says that it starts the TCP session establishment okay and when you have an open sent it's that when you have the open message send and waiting for your open message from the reply from from your neighbor and it is when you make the checks on the beach be version the source IP is number and all that stuff when you once you have the open confirm Beach PD waits for a keepalive or notification and if everything goes fine you move to the established state okay like I should before show IP b2b summary is the command that you look that you execute to understand if or which neighbor has been established if you are not seeing a particular neighbor established you rather than seeing a numeric value over here you will see the state in which the session is in it might be an idle state it might be an active state or any of the same okay but not in not showing a number when it's not showing a number means it's not an established state okay few fields that are so part of this output that you need to look on is the neighbor so it will show you the neighbor IP yes number the table version is how many updates you have I mean what is your how many updates you have mail received and based on how many updates you have replicated on to the beef table it's useful when you're troubleshooting some flapping routes issue right I'm sorry I'm not covering that today but you can have that from my Cisco live website oh sorry slight input and output queue those are the cues that are maintained by the beach be on an update group or on a per neighbor basis which holds the messages that you're being that are being sent to a particular neighbor or to a day trip okay the state and then you have the state and the prefix means how many prefixes you have received you can look at the number of when you execute this command you look at the number of prefixes received from the neighbor not advertised now how the advertisement works you can advertise the prefixes in BGP you keep using four different methods right the first and the most used method is the Network statement right you can't you put the command Network the prefix mask and the subnet so if you are putting an exact prefix use the exact mask say for you are putting Network 192.168.1.1 put the mask of 255 five 255 255 but if you are putting in subnet of 10.1.1.10 role then you put a mask of a shape it's a slash 24 Network you put a mask of 25 255 255 255 +0 okay that's how I do it when you are running two different protocols and you're in a redistributed I like to do it in IEP as well using redistribution you can redistribute your igb land routes into the BGP table and vice versa okay you can summarize the routes summarization occurs using the command aggregate address using this method you summarize a bunch of routes say for two or three cell Nets into a single now a single prefix or subnet and advertise it to the pier so that this helps in reducing the size of the BGP and the routing table okay if you want to advertise a default route you can use default information originated command okay so we look at how how the prefix advertisement works so if you look at the router 3 right you have IP BGP 3.3333 get the network statement right network 3 3 3 3 mask 255 255 of try to fly and you see that in the local BGP table on our three on the right hand side you have local as 0.0 or 0 or 0 means it was a it is advertised locally ok if you go to the left-hand side of the output on r2 you will see that the next hop information is shown as 10.23 or 23 or 23 so the next hop value is what we have for our each a BGP pair what we receive from the ebgp pair it has not changed right what you are advertising towards the neighbor you can use the command show IP BGP neighbor neighbor IP and advertise out so you can see a list of um prefixes that you are advertising to appear it can be IV GBP or it can be an e BGP pair you can use either of in either direction to understand whatever outs you are advertising to your peer routers right if you want to know what you are receiving you can use two IP BGP neighbor neighbor IP and routes command we will see that in a bit okay so route filtering now route filtering happens again with four different methods you can use distribute lists I am pretty sure a lot of folks are already familiar with the distribute list in IGP that we use you can use prefix list you can use filter list and you can use route maps right each of them have their own use cases but the more if you want to choose between an access list or distribute list and prefix list prefix list is more optimized because it for like example with ACLs you go in a sequential way right you don't have to do that in the code for prefix list so that is more optimized and it's better to use prefix list rather than using a different method if you are working with different neighbors route maps and multiple policies are being applied it is very useful to use route maps because you can control what to permit what to deny what options or what attributes to set what to match you have more flexibility with route maps okay so here's another example where and we can see how we can attach an attribute to particular prefix or what we are receiving from the neighbor so if you look at the router two configuration on the right hand side right the by default let me tell you this the by default the local preference the attribute has a value of 100 okay but we can change that to manipulate the flow of the routes or the prefixes how we can do that on the router - you can take your neighbor ten or twenty three or twenty three dot 3 which is the ebgp pure IP right route map name of the route map and interaction local preference is always configured inside direction to influence the outbound traffic ok local preference conjugate on inbound direction to influence the outbound traffic so if you see if you go down the configuration you can see we configure a prefix list and match a particular subnet IP so you can have your attributes set on certain prefixes not just the whole prefixes being received from the remote end right so in the route map we say route map local preference permit can match the IP address which we defined in the perfect list and set the local preference to 200 right now if you see the output on the left-hand side the initial output you can see that the local preference is set to hundred so show IP BGP 3 dot 0 dot 0 dot 0 it's it's another subnet because we are only setting the local preference on three dot zero dot one dot 0 slash 24 right so if you look at the second output show IP bgb three dot zero dot one dot zero you can see that the local preference value is 200 okay so this is how you can influence different attributes and influence your traffic accordingly so if you have multiple links between the two neighbors or between multiple neighbors and you want to prefer one link over to other you can use these attributes to influence your traffic outbound or inbound okay there are different attributes using which serve different purposes so we are back on to this policy influencing the traffic so outbound policies so the policy if you see in this configuration we configured the route map in the indirection we can configure the route maps in out direction as well but those out direction those outbound policies will influence the incoming traffic and what we configure in the inside direction inbound policies are used to call influence the outbound traffic that is the traffic going out of your a s okay so what all different attributes you can use you can use weight local preference or community values to have more control or what you want to send what traffic or which link you want to have your traffic flow through right so in a way you can say that with BGP you can really you know engineer your traffic the way you want to flow between a SS right which you really cannot do so easily with with a GPS okay without gone in for outbound policies you can use es path you can use different other attributes that are supported to influence the incoming traffic okay now a BGP next-hop example this is what I was talking about earlier in one of the slides where I said let's hold on to the port over here okay so let's let's see what is happening here now let's take an example of just router one router two and router three in the topology that we see here okay in this topology if you notice our three is advertising a prefix set of three dot 0 dot 0 dot 0 slash 24 1.0 / 24 2.0 / 24 and so on right when it advertises and like I said before a BGP routes can be learned it can be advertised to ibgp neighbors as well right so louder to receive stir out in its solving table in its BGP table non-traveling table vqp table right in the BGP table you look at your IP BGP or you can also use show BGP ipv4 unicast this demand will show the routes or the prefixes present in the BGP table okay now we can see that we can see all the four prefixes are present in the BGP table correct and we can see the next top value like I said before since there are two paths over here you will see one path wire for 10.14 5.45 dot 45.5 IP and one path why attend dot twenty-three dot twenty-three dot three IP okay and one of them will be chosen the best based on a certain criterias well the criteria is I have put a reference slide which tells you about how the best path selection happens because that will really help you understand why a particular route is being selected as the best and installed in the routing table only the best routes are installed in the routing table not all routes and installed in the routing table so you may have ten different routes but only three of them are selected as best only three of those routes will be installed in the routing table not all of them okay now if you look at this here's the arrow mark indicates that this child is selected as the best on router to show IP bgb 10:23 23.3 okay now when you go to r1 we cannot see that prefix in the IEP in the BGP table so if you do show IP route the routing doesn't have that information show IP BGP 3.0 or 2.0 we see the prefix in the BGP table but notice that you're seeing ten dot twenty-three dot twenty-three dot three in accessible right so what you can do is when you see such kind of things try to ping this IP from r1 so if you paint 10.23 or 23.3 from router one you will not be able to that you will thing will not go successfully the reason is the other one does not has this IP or the subnet in its routing table and it says it has become inaccessible I cannot access it so what do I do I make the prefix inaccessible and none of those prefixes will be selected as the best like I said before next hop reach abilities and for important and if the next hop reach ability is not there those prefixes will not be selected as best and will only remain in the BTB tables so no traffic will be forwarded out of r1 towards those prefixes okay what you can do either there are two solutions one you can one what you can do is you can redistribute on our to the subnet ten dot twenty-three dot twenty-three dot 0 into IGP the OSPF that you're running between r1 r2 and r3 you can try configuring network statement you can try configuring redistribute connected to have that advertised into the routing table and that will have the information to r1 but what is a better solution because the radius root method will increase your routing table size which we don't want what we can do is use this method neighbor neighbor IP next hop sells you configure this command on router to what it does is say is that in order to reach this perfect or the prefix that I am advertising to you which are probably EVP neighbors I am the next hop because I know how to reach that destination right so when you advertise this or configure this command on r2 and r4 you can see go back to r1 and see the prefix show IP BGP 3.0 or 2.0 and you will notice that the next hop value from 1020 320 3.0 has changed to the loopback address of r2 and r4 respectively and all one knows how to reach that because it is forming an e BGP ibgp neighbor ship on the slow backs and at the same time it is running IGP to have the loopback information so having the route and present in the routing in the routing table okay so this really helped with a single command you can save a lot of resources on the router by not having to redistribute multiple routes in your BGP table and your IEP table for sure okay so now like I said is that also is used to influence the traffic the smaller the is bad the highest preference a particular path cats so if router one has two paths to reach to are three one is why our r1 r2 and r3 another one is why R one R 4 R 5 and R 3 right but what you can do is since R 1 2 R 2 R 3 is a smaller path crap that will be preferred because it doesn't have any it's just to a s is a 100 and a is 200 or different ace numbers that are configured here those are private es numbers so apart from those you can influence the routing by prepending the ace numbers what you do is you can't figure out map and say that set es map prepend what it does is on top of your your own a s number it also prevents the a s number that you have put in the route map so what it does is it actually makes the a s path length a bigger one so a particular neighbor so here 10 neighbor 10 23 23 or 2 is saying that depend these three es numbers right so the a spot has increased by 3 more right what it will do is it will choose make the path preferred by a R 4 because that is not having such configuration the other path is having is being learned why r 6 6 5 5 3 4 and 3 more I creations which we prepend it but the path yr r 4 is having 6 5 5 3 4 just one a s by default right so that becomes the best route so this is another example how you can influence your routing or your traffic forwarding okay and how do you validate your prefixes like I mentioned before you can use two IP BGP neighbors neighbor IB and the routes command that will show you what you have received and show IP BGP neighbor neighbor I be advertised routes that will show you what you have advertised right so you can use on either of the ibgp or a BGP neighbors alright so this is what I had for theory section from the refresher point of view here's a quick question a polling question for all of you which protocol would you prefer for carrying internet routing table I believe most of you might have the answer but I'm still looking forward for your feedback on the poles okay let me move forward and we'll come back to the polling question it's a very simple question I haven't made it too complex but based on what we have learned so far the challenge is coming in the next section okay so we what we all will be you know troubleshooting some scenarios and certain things to see how we can troubleshoot be clearing issues or filled or missing routes okay so you suppose you're configuring an IV GP or ebgp neighbor ship and you notice that your sessions are not coming up or maybe your sessions were fine working fine before and now the sessions are not up now I mean they're just down what do you do okay so you have various steps that you can follow to understand where the problem is and how you mitigate the problem okay all we start by looking at the consecration beat ibgp or beat ebgp it is always important to look at the configuration right if you are having multiple hobs between your a BGP table so let me give you a brief more overview on how a BGP works right generally ebgp is between two routers by default behavior we try to set it up between two directly connected routers on a physical link and most of the scenarios in that situation but the default behavior of BGP is it sends the BGP packet with the pto value of 1 right so that's how those packets reach to the destination and the behavior sessions are fond but when you are trying to peer it on your loopback addresses or if you have multiple hops between your router to your two routers say for routed to and router 3 is having another routed firewall between it right or it may be having another router in between that right I'm not talking about a layer to switch because it's not really counted as a harp because you directly connected still at the layer three level if you have a routed firewall or a routed node a router in that scenario you have an additional hob to reach the destination so in that scenario you used you will need to have ebgp multi-hop command conjugate right so if you are having EB C the ebgp neighbors over loop back to loop back you will need to configure minimum of a BGP multi-hop - if you don't configure the hopper al you it will by default take 255 and it will accept anything any value from 2 to 254 as a tdo value ok the second step you do is when you're troubleshooting B species you look at the reach ability if you don't have reach ability to the peering IP that's the problem but notice if you are peering between Lu back to Lu back always perform the ping test sourcing the loop back if you don't do that that means if your new back-to-back reach ability is not there your session will not be formed so you need to ensure your loop back your IGP is configured properly or you have your static routes if you are using static routes configured properly to have the reach ability on both sides if you don't have the reach ability your session is not going to come up the thread step you do is verify any ACS in the path if you have a firewall right most of the enterprise environments does have Farwell implemented to protect from outside intruder traffic or any any IPS solutions to it prevent from any viruses or any kind of attacks in such scenarios you have a ciose configured or you might also have another routed node where and you still have your ACLs conjugate router is working like a firewall to prevent certain traffic you don't want so ensure that you have proffered proper entries to allow BGP traffic if you do not have a COS entry to allow BGP traffic and specifically for the neighboring IPs we'll drop because the node in the middle will drop that traffic will drop those packets and it will need them it will not make it to the either side so one side you may still be able to send it but the other side packets you may not be able to receive it the fourth step is verify using TCP session so we know that BGP works on TCP port 179 right so what you can do is if your session is not getting established you have verified your reach abilities there you have verified your firewall entries are proper and your configuration is perfectly fine you can do this test right what you can do is tell it tell it to the destination in the face order destination IP and port number 179 if you are preparing using a loopback do specify the source interface to look back there or or any other interface for that matter if your if your destination is not reachable right that is a problem if your T that this is another way of verifying that TCP traffic is getting blocked somewhere so sometimes what happens is you have two different sites located two remote locations and you are being provided service by your service provider right the service provider provides you link on both the sides and it's blocking certain traffic using this talent method you do not have control over the service provider network so what do you do you think this method you can actually confirm if the traffic for the TCP port 179 is being blocked or not this is really helpful well in iOS XR I'm not sure how many how many folks on the call on the WebEx today are familiar with Isaac's are but is XR is a distributed platform so every routing protocol every feature has its own set of process and threads which are working for the processes performing different tasks right first thing you need to ensure that your process is in running state so when you do show process BGP on is XR you should see the state in running state okay and look at the threads but the same command will show you at the bottom there are different threads look at the states of the threads if it's something other than receive or mutex like here in this case gone where which means conditional variable it's actually dependent on another process and another process is actually blocking it you need to understand why it's blocking and for the troubleshooting is required from that perspective if such certain processes are blogged or are not available or they are busy doing something else your bgp session can be impacted and not just one multiple bgp sessions can be impacted for that matter so always use the command show processes block this will give you an idea of how many process especially if TCP related or BGP related processes are blocked if they are blocked you need to figure out why or maybe open a tack case and they can help you figure out why it's blocked one of the most important tools that during troubleshooting over the past few years we have experiences sniffer captures sniffer though it's a last resort for us because if you're running out of options sniffer is the best way to deal with a problem to understand where the packet loss is happening or if any of the devices is actually sending a packet or not I wouldn't really recommend running debug in the light production environment because a lot of services might be running into their own router and it is not good practice to enable some high impacting or high CPU utilization debug right so what you can do is you can have sniffer captures like you have Wireshark software you can install it on a laptop connect your PC with the switch and on the switch you configure monitor spam spam session which says that any traffic coming in or out of that particular interface redirect it or make a copy of it to on the switch and reformat it out of a certain interface where your laptop is connected this will help you capture all the traffic and understand the flow of packets between the two devices right so this is really helpful different environments different code bases have different support for it there are some internal software's as well that can be used here's our span as well if you do not have if your PC where your Wireshark is installed if located somewhere remotely say 10 horse away or 15 hops away you can use remote span wherein you specify a source one at one place you will have to go and make some configurations on middle note as well but your you can capture the packets remotely it's it's a no generally used in environment where you have pre decided where you want to have your permanently have your Wireshark capturing PC and based on that you can use our span feature but most of the times regular span features are used and this is it looks like you can look at the packets level and understand what is going on which packet is coming in from which IP source IP and destination and what kind of packet is coming in and based on that you can understand where the problem lies okay this is just for your reference there are certain platform level captures that you can perform on the router itself you don't need an external Y shark - if you are working on any of these platforms you can use those those in both iOS or is XR or Nexus softwares or which captured the packet on the router itself those are really helpful when we are performing any platform level troubleshooting we used that in a day to day life more details about this can be found on a Cisco live session I have mentioned the reference for that and in the in the notes window you can refer to that alright so moving to the next session that is the scenario that is of missing routes who I hope I'm not going too fast BGP is really a vast protocol and it is really hard to cover that in one hour but if you still have any questions at any point of a presentation or anything apart from the presentation do not feel to you know post your questions on our Expo and I'll try to answer them as much as I can all right coming back to the missing route so there are updates for things like you mentioned before they can happen on multiple you can install or configure multiple kind of scissors you have terrific scissors you have a spot filters you have community based filters and you have route maps based on different attributes or IP addresses you miss and match and set conditions you you do the filtering right and those filtering can be applied in in an out direction so here's a scenario you have two routers router one and router 2 ok so here I'll be needing all of your help they use the QA orbit yeah Q&A panel wherein you can post your answers when I ask the question so that we can troubleshoot all together ok so R 1 and R 2 so R 1 is advertising artoo is advertising prefix 10.1.1.1 t4 but when you check it on r1 show IP bgp neighbor 2.2 or 2.2 routes you see zero prefixes you don't see any prefixes if you want if you are if you already know a specific perfect you can use the command show IP BGP 10.1.1.1 but here if you notice there are no prefix is being received from our - so what do you do you go to r2 right so what do we see here show run begin BGP we see that the network statement is conjugate and we are setting a community value so we say Network statement allowed map set community this is the router name and you notice that route map set community has the statement set community 2 : 2 + 1 : 50 right and you can also look at the prefix and you can see the same value attached over here ok now r1 is filtering those routes based on the community value let's look at our one okay so this is how the configuration looks on our to L I'll move on to the r1 configuration so let's look at the Arvin configuration so r1 says I want Tula Tula Tula to route map and it says r1 out out and it says match community and it said so local preference so if you notice the community list is configured now can you say what is the call what is missing in this configuration or what's wrong is there in the configuration I will rely on your output into that so somebody mentioned that yes the network is advertiser r2 okay because our to do not have subnet so our to does have the subnet n n in its routing table and the BGP table what else at any other inputs Oh perfect so Jeffrey hi-c has mentioned that the are one community list does not match the community on our two interesting very interesting right notice that sometimes typo error happens when you are typing the community values we conjugate the community value of 2 : 2 1 : 50 but here you're configuring 1 : 1 50 as a match statement so it's matching either of those community values but 1 : 150 is not the correct match so it's not correct right so you need to be you need to ensure that you're configuring the correct community values when you are configuring community ok all right so community no one expects 1 1 : 150 but are they sending 1 : 50 right so our 2 is not receiving those out so what if I mean I'm giving her a I've given an example on how you can use the Miss match statements or how the flow within the code happens when you're using the match statements in drought maps so it's like if match certain statement set and exit route map if the map first match statement doesn't matches move to the next match statement or another sequence of the road map right that's how you you look at the route maps ok so if you are still not able to receive the routes on our one here's a quick way you can run conditional debugs now if you run a default regular debug leave a live ebgp 2.2 dot - I mean debug IP BGP and for a particular neighbors you will receive whole lot of updates say for you are advertising from our 2,000 able thousand prefixes so you will get the update for all those thousand prefixes but you don't want that you're troubleshooting only a particular perfect so create an ACL specify the subnet get your troubleshooting ok and use that a co while running the debug shows run debug IP bgp neighbor IP update and the ACL name a lot of Cisco IOS software and even is X or supports running the conditional debug this really helps minimizing the debug output and having less impact on on the router right one other quick note that I want to make here is if you look at the configuration in this scenario the law dumb the routes might still not be advertised or received on our one router right and the reason is because you are forgetting to use the command send community if you're not you and community command community value is not attached or advertised to the peer so you need to use that okay I just wanted to give you a brief on that as well so these are the two scenarios that are that I'm covering today if you out there are more different scenarios but due to the time constraint I cannot really cover all of them there are reference sections wherein I have given the link for the RFC its initially you can refer to the configuration guide and the troubleshooting B document on Cisco to see how the protocol functions and how you can configure it but if you want to go really deep into VDP I would suggest after your read this go read the RFC because it gives you a much better understanding of the protocol itself okay that's it from my side Monica over to you sure thank you only you want to mute the Avenue so thank you and great presentation is also thanks everyone for participating there every polling it was very active now it is time to answer some of the technical questions that you guys have if you cannot stay with us for the Q&A please be sure to click on the evaluation link that will appear when you close the event window and let us know how this session that your business needs and expectations right now starting with the first with the first question we need is which protocol should we use within an AAS should we use a GP or BGP so it totally depends because if you're not having any external BGP or external connections with a different AF number and if you are not having a bit issued scale environment I would suggest just running an IDP should be fine but if you are running different services like chip or a lot of enterprises have now moved to using MPLS VPN into their enterprise environment with the autonomous system so in that scenario is good to have B B well B B also gives you more control over how you want to influence your traffic so you can use that as well so it only depends but you can run these be on top of IDP as well okay within your environment perfect and the next question is can we sit your BGP connection like IGP yes so BGP supports connection using or securing the connection using md5 authentication there are different techniques you can secure BP connection say for what you can do is you can have a BGP session established over an IPSec tunnel or IPSec session that will help you secure all the messages exchanged between the two neighbors well you cannot run IPSec everywhere it's generally when you're running between two remote locations or two different sites it's where you generally prefer to have your IPSec down but otherwise you can still secure connection using md5 authentication where in a hash is generated and exchanged between the neighbors based on the pre shared key and an accession is established perfect yeah we got another one how many VDP neighbors can we can see you're on a router it totally depends on the scale of another how much memory how much when what kind of CPU are you using a for a router is behaving as a router flexure there in the router flexure router have multiple neighbor ships or sessions with it it can literally scale up to thousands of neighbors but it again depends on what amount of memory you have on the router it is better to know the scale of the platform before you configure the number of the extended number of bgp neighbors on that platform perfect perfect good let me just remind the audience that they can keep posting their technical questions and we will be having here like another 10 minute like another 20 minute of being able to answer your questions and the next question we need is can we have two or more bgp connections between two peers not on the same IP so you can have different loop loop backs configure between the two bgp neighbors so if I understand the collective question properly is that can we have two or more neighbor ships between same two peers right for that you can have multiple loop backs glue back addresses configured on both sides and you can peer or you can have multiple connections over those different look back addresses but on the same IP you can only have one connection but you can have connection on different edges family but within the same address family you can only have one connection perfect and it is the load balancing possible in BGP yes so basically supports advertising multiple paths with but why of which the other end gets to know about the prefixes being learned why are two paths and you can use for load balancing purposes fit perfect and then we have another question is why do we need full mesh bgp sessions with in Nis sorry can you repeat that question again please why do we need a full mesh bgp sessions with in an Aes like an alpha normal system okay so the question is is why do we need a full mesh now remember in the presentation I said that IP route cannot be advertised to another i bgp routes why because the loop prevention mechanism will block the ears from you know receiving or learning the child and it would I are installing in the CDP table right so for in order to overcome that you can have full mesh connections to all the neighbors so that you don't have to rely on any of one particular BG being able to advertise it to its another pair alternatively you can have that behavior achieved using route reflector but can be I mean all the neighbors will be connecting to the route reflector not with each other so be the way you can achieve it but a scalable way is to use round reflectors perfect the next question is what is the use of meed use of meed so it's it's kind of a metric like we have in our IG B's it's again used as an attribute and used to influence the traffic perfect and so between between different dances for sure correct and can we advertise subnets less than 24 just netmask yes you can and what is the role of a router ID on BGP so router ID really helps kind of making uniquely identify a particular router but at the same time it is it is some information that is exchanged between the BGP peers as well it is good practice to configure the loopback addresses as the router ID that has been recommended throughout that you configure your loopback addresses and form your pairings as well especially the ibgp pairings over your loopback so that you know how to reach a particular particular router within your network but apart from that it's not really required for for forming any kind of BGP neighbor ship okay and what is the meaning of prefix in BJP so prefix is something that is not that is advertised to appear it becomes a route when it's selected as the best and and installing the routing table perfect and why are we using no SPF and ibgp both are the same I GP okay so here's the thing if you notice the ibgp configuration we did the peering and I'm really sorry that the screen was not refreshing on on WebEx I was out of my control but when we are using peering why a loopback addresses you need to have the loopback reach ability right your base our GP provides that loop back to loopback reach ability you can also have static routes but if we have say for within your autonomous system environment you have hundreds of routers it is not really a scalable scalable way to run static routes everywhere right the better option is to configure an ICP within those hundred routers within your autonomous system wire which you can have reach ability to all of this loop backs the benefit is it's not necessary you want to form a ibgp connection between two directly connected routers you can form a BGP connection between router a and router C or routers e which is sitting like 20 hops away 2500 hops away no matter what you can still form the BGP connection and then another question is how to see the VDP route coming from a visited here so sure IP BGP neighbor neighbor IP route another way is if you configure soft reconfiguration inbound for a particular neighbor it maintains another table within the memory and you can see what routes you are receiving using the command show IP BGP neighbor neighbor IP received routes you cannot use the command received routes without configuring of pre-configuration inbound like to remember soft free configuration inbound has its downside that it consumes more memory for bgp because it maintains a separate table hey prefer and then the next question is why it is recommended to use router ID when configuring B GPS kind of have to do with the previous question as well alright so direct why it is recommended is that safe or you are not using you're using different edges families right and safer you're using VRS so it it becomes difficult if you're using VRS flight condition to identify which IP is the router ID or which router it is exactly unless you are describing it in the description the better way is using router ID you can identify a particular node properly and and it it makes it really simpler form an ability of the network okay the next question is can you please talk about more detail about the family address okay so edges family is like like now we already know that you know ipv4 addresses are getting depleted ipv6 is taking pace so routing protocols a lot of routing protocols already support both ipv4 and ipv6 and the systems already support dual stack that is both IP for ipv6 so address families help you provide a benefit of using the same routing process to connect or to form neighbor ship with neighbors using different edges spaces with ipv4 beat ipv6 within the edge assemblies your sessions are only dedicated to bed edges families and and you don't have to worry about C so it may be possible that your session to a particular router is only for a particular edges family and you don't form a neighbor ship to arm to other ipv4 so router a and B forming neighbor ship over ipv6 and router a and C forming neighbor ship over ipv4 they can have their own different edges families and they cannot have their information exchange written within that routing information base of that edges family and based on the edges family again the information that you receive is stored in the local ipv4 or ipv6 routing edges families routing abled have five more minutes to go another question is where where are communities where are they used for so communities are you can take it as route bags so you assign bags and those tags can be useful to match the communities and and to take certain actions on them there are some predefined communities tools have their predefined notions on what they are supposed to do and you cannot change the behavior but there are other communities which can be manually configured or manually assigned as per your own a s number values or your internal blueprints of your network design and you can manipulate the routing based on those community values so it's actually useful when when you want to you know control or influence the routing based on the middle match statements perfect then another question came in what are the disadvantages of bgp securing mechanisms well it's a white question disadvantage is that it consumes some amount of bytes in a memory it depends what mechanism you are implementing there huge set of mechanisms that are available for securing bgp like ipv6 ik i mentioned right so I've read IP IPSec the IPSec header consumes some kind of some number of bytes which are you know gone so you cannot trance or cannot make full use of the interface bandwidth say for an interface bandwidth of 1500 bytes when you are using IPSec tunnel and with GRE you go down to 13 80 bytes or something oh that's our value that reduces the maximum exchange segment size between your two neighbors that is one example with a md5 authentication the only downside comes in when you are not or when there typo issues or when you are using dynamic key rings otherwise there isn't much downside with md5 perfect another one is as a customer happen we checked how many ISPs have set I I don't really get the question as a customer how can we subject how many ISPs yeah how many ISP have said on the configuration oh how many ISP so you need to look at your van connections and look if you look at the show IP BGP some recommend output you will notice the peering IPS and those peering IPS if you are able to locate it or match it with your van interface IPS you will come to know that those are your external van connections or with your service provider that will help you understand that I mean you can always differentiate between your private addresses and your public addresses right so that is how you can differentiate that crania Oh another one is how to remove private is from a path oh there there is a command remove private s with a particular neighbor you can contribute that and that will remove the private es numbers if I would prefer this question posted on the hasta expert forum because it was a lot of folks don't know about this one or so yeah you can still post it and we can discuss it again perfect yes yes and then another question is what is the advantage of using AES path over local preference when configuring BGP to prefer one path over another so like you said before there was a slide which mentions that influencing the inbound traffic and the outbound traffic your local preference is influencing the outbound traffic your a s path you decide upon which path is going to be preferred right from where you want a particular traffic to enter into the autonomous system you can use that s Bab the one benefit I can see is the es path is a default or mandatory attribute so if you do anything with that it is obviously prepend statement is going to add some more memory to it but it's again and an action on a default attribute so you're not configuring any extra attribute so save some memory there perfect and the next question is can I roam BGP on an ipv6 only Network yes you can perfect then the next question is does it matter which router is the server when BGP TCP session is established it only depends on your who is your what is your ID and your lowest and highest IP addresses then the next question is can you comment on use of route packs in BGP and in OSPF so the question is can I set a tag in BGP route then match that pack on the distribution into SBS I don't think you can do that but I think you can do the other way around wherein you can match a bag in in OSPF and while Reed is building always preferring to wire me GP you can match the tag okay cool but I don't have to check again on on that I can get back to you on that sure we have time for a few more questions this one is referring to MPLS VPNs and the question is do you recommend ibgp for PE to cee connection or extend that overall SPF for p2 see it totally depends on what the C requirement is obviously it is not a good practice to run ibgp because there's a new RFC that has been introduced that says that you can use ibgp between b and c which logically should be an e bgp connection but it is not really a good practice according to me you can use any other routing protocol but on top of that again it totally depends on your C router what they support and what the requirements are good then another question is what is the use of null synchronization command on VIP non synchronization command port this one I would say I I will post you a document or a blog post which explains it in a good way because you understand it in a bad way when you have a good example of how the BGP table looks with and without the configuration command I can do that if you if you can post a question on the AUSA export I'll explain you with the help of an example and I'm expecting okay let me just another question comes is where what attributes do I lose when I reduce the views BGP into OSPF so I don't think any of those attributes are copied any of the BGP attributes are copied into SPF right you only or when you read this view you redistribute based on your your your readings building protocol way into which your leaders building so you say that when you're reading spitting into OSPF you say what is the subjects that you want to allow or reading or OSPF OSPF process name and subnets or without subnets or you want to you want to use a route map to match any prefixes but I don't think any any attributes will be copied because both the attributes on BGP and OSPF are different perfect and we have time for just one more question and this is for MPLS what IDP do you recommend to use when running MPLS again this would depend on how big is your environment both is is and OSPF have been pretty stable I wouldn't recommend anything apart from those because with OSPF and eyesize you have the flexibility of implementing traffic engineering which is really good to use to control or to engineer your traffic within your autonomous system or your whole network so apart from anything apart from those you can still run MPLS on top of ERP but it's not a good practice perfect well thank you this concludes the the Q&A portion we will have banette will continue to answer questions in this as the X prevent from now until the 28th 22nd so please feel free to continue asking your questions there also we have we have a lot of social media channels where you can collaborate and be friends with and we have Facebook Twitter YouTube Google+ LinkedIn Instagram and you can also subscribe to the newsletter that we send monthly where you can learn about all these events and many other things and all the links are on the chat for you to use we continue to expand in many different languages and we have five different languages Spanish Portuguese Japanese Russian and Chinese so if you speak any of those languages we can we invite you to participate in your own language and I have put the links on the chat for each of the local languages there so that you can help yourself on on your any of these languages if you speak them also if you are looking for more information on IT and technical training log on to the Cisco Learning Network and take advantage of the technical webinars that they offer so you can go to the link at the end that is posted on the chat and then as appreciation for having attended this event you can redeem with your 35% discount at Cisco press and you combine any of the Cisco press books by entering the code C S C capital letters when you are checking out so you can redeem your code at the link posted in the chat so please take advantage of this offer any of the books that have a 35% discount when you put in that code so before signing up please take a minute take few minutes to complete your evaluation in today's session this will help us to address your business needs and interest in the future and we take the feedback very seriously and this concludes the our session today thanks a lot to be neat and for sharing the his expertise and also thanks to Bryan and Manish for answering many of the technical questions you have a great day and see you in the cisco support community hey thanks Monica thanks everyone for joining in and feel free to post your questions and I'll try to answer them as much as I can thank you everyone hey thank you you you
Info
Channel: Cisco Community
Views: 39,756
Rating: 4.7309942 out of 5
Keywords:
Id: CZUzB9T1LLA
Channel Id: undefined
Length: 91min 36sec (5496 seconds)
Published: Tue Jan 19 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.