Quarter 1998 Border Patrol -- BGP The Border Gateway Protocol (BGP), a powerful, flexible, and sophisticated routing protocol designed to handle the Internet's "network-to-network" backbone traffic, is now coming into its own in the private sector. Corporations are eagerly taking advantage of powerful features provided by the Internet service providers' (ISPs') internetworking standard, including load sharing, traffic engineering, redundancy, quality of service (QoS), and the ability to control who gets access to which networks. In short, these companies are using BGP to set up more flexible connections with their ISPs. BGP was created within the Internet Engineering Task Force (IETF) as RFC 1771 and first implemented by service providers in the early 1990s as a scalable, standardized scheme for routing traffic between their customers' and other service providers' autonomous systems (ASs). An AS is a network under a single administrative domain. Most corporate internetworking infrastructures, for example, comprise a single AS domain. That's beginning to change now, however. Corporations are merging into mega-corporations, often with an eye to achieving a global presence. The result: thousands and thousands of network routes, each spanning multiple locations, that must be integrated into a single networking infrastructure. To better manage traffic across this complex, extensive, and geographically dispersed network, more and more corporations are splitting their internal network ASs into multiple ASs that are linked by a backbone of routers running BGP. Within each AS, devices running Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) and Open Shortest Path First (OSPF) continue to route traffic among subnetworks. However, propagation of table updates among these routers remains internal to a given AS domain. BGP devices also route traffic addressed to networks in other corporate ASs; this traffic is handled by one or more ISPs. One of the main attractions of BGP for corporate users is its ability to set up flexible connections between the corporate network and ISPs. For example, enterprise users can multihome; that is, they can set up connections from different routers or points in the network to one or more ISPs. They can also set up BGP routers to automatically reroute traffic among two or more ISPs for load-sharing or backup purposes. As AS reachability information traverses the Internet, augmented Key BGP Advantages by the list of ASs that have been Two major features differentiate BGP from traversed thus far, other routing schemes: BGP forms an AS path to allow * BGP uses aggregation as a way of straightforward disseminating network-layer suppressions of reachability information (NLRI) repeated routing across routers. information loops among AS nodes. * BGP uses path attributes to implement routing policies. In NLRI aggregation, information about how to reach a given network in a given AS is passed along by BGP speakers chain fashion, with each BGP speaker along the way appending information about its own identity and the preceding AS in the chain. As AS reachability information traverses the Internet, augmented by the list of ASs that have been traversed thus far, BGP forms an AS path to allow straightforward suppression of repeated routing information loops among AS nodes. The appending of AS numbers in the AS path also notifies routers of alternate paths to the same destination. For example, AS 3 could get a second message about Network X from AS 4, including information that the message traversed AS 5 and AS 6. After the preferred topology has been defined, network administrators can begin to set policies that determine which network destinations and communities of network destinations can exchange information and what the optimal paths are. With BGP Node A [BGP Route Reflectors] acting as a reflector for Nodes B and C, a direct Policy Control Tools B-to-C link is unnecessary. BGP comes with a number of tools for defining policies to control route selection. Among the capabilities they support are the following: Selective advertising of routes between neighboring network destinations, which ensures that only the right systems and people can access certain routes. For example, an ISP might want to ensure that one of its service providers can't get access to the other providers' routing information. Or a corporation might want to ensure that all network traffic west of the Mississippi goes through one particular ISP, while all traffic east of the Mississippi goes through another. Filtering can be done according to IP address, network prefix, or AS path. For example, it's possible to filter the information a router learns from, or advertises to, a particular network prefix. A policy could say, "Don't advertise network X (with this IP prefix) to anyone." Alternatively, it could say, "Don't advertise network destination information received from AS 1, but do advertise information from AS 2." Defining communities, which comprise a group of destinations to which routing decisions (such as acceptance, preference, and redistribution) can be applied. For example, the route to a given community of devices could be labeled "no-export," meaning "Do not advertise this route to external BGP (EBGP) peers." Alternatively it could be labeled "Internet," meaning "Advertise to all routers." Weighting of paths with use of the weight attribute, which is unique to the Cisco IOS BGP implementation. Weighting is used in the path selection process when there is more than one possible route to a destination. The weight attribute is local to the router on which it is assigned; it is not propagated in routing updates. If there are multiple paths to the same destination, weight can be used to define preference for one over the others. When the preferred path goes away, the next preferred path is used. How BGP Works BGP is considered a "path vector protocol." The initial data-flow across a BGP backbone makes up the entire BGP routing table. Routers send incremental updates as the routing tables change. BGP does not require periodic refresh of the entire BGP routing table, so a BGP "speaker" must retain the current versions of all of its peers' BGP routing tables for the duration of the connection. To ensure that connections are still up, routers periodically send keepalive messages. BGP nodes communicate via the Transmission Control Protocol (TCP), the most reliable transport protocol available. The Cisco IOS® BGP implementation additionally supports the MD5 algorithm for authentication of routing updates (also supported by Enhanced IGRP), in which each IP packet maintains a keyed digest of router sources to prevent the entering of unauthorized or false routing messages from unapproved sources. Before it exchanges information with an external AS, BGP ensures that networks within the AS are reachable. This step is done by a combination of internal BGP peering among routers within the AS and by redistributing BGP routing information to interior gateway protocols that run within the AS. Recent BGP Enhancements BGP users recently gained two different methods for alleviating the need to set up a full logical mesh between BGP peer nodes within an AS. By reducing the number of BGP neighbors, this capability decreases the amount of BGP processing that routers must do. One method of avoiding the need for BGP peering is to set up a route reflector, which allows a BGP node to act as a passalong or reflector of traffic between two or more other nodes. A second method is to create confederations by subdividing an AS into a group of smaller, subautonomous systems that communicate with each other using regular, external BGP (EBGP). This approach limits the need for full-mesh configurations to within the subautonomous systems themselves. More New BGP Functionality Other key recent enhancements to BGP include the following: The ability to define peer groups so that policy updates can be calculated and sent once to a whole group, rather than calculated and sent separately to each group individually. Route dampening, which allows BGP-based traffic to circumvent routes where "flapping" routers are threatening the stability of communications. A router flaps when it withdraws from the network and then comes back on again. In route dampening, BGP nodes assign a penalty value to a flapping router, based on the frequency of flaps. If the penalty reaches a certain value, BGP nodes will stop using that route. For an ISP, this occurrence can be a serious penalty. A penalty value begins to degrade over time after the flapping stops. BGP Multipath Support, which enables a BGP speaker to install multiple best paths to a neighboring AS in its routing table. When a BGP speaker learns two identical external BGP (EBGP) paths for a prefix from a neighboring AS, it chooses the path with the lowest route ID as the best path and installs it in the IP routing table. However, with BGP multipath support enabled on the router, the BGP speaker will install as many as six paths in the IP routing table in instances when the EBGP paths are learned from the same neighboring AS. During packet switching, either per-packet or per-destination load balancing is performed among the multiple paths, depending on the user's configuration mode. By default, BGP will install only one path to the IP routing table. The ability to aggregate multiple network routes -- say, ten Class C networks -- under a single route. Aggregating network routes reduces the number of routes that all BGP nodes need to keep track of in their routing tables. There are more than 40,000 such routes on the Internet. BGP is definitely a high-end, industrial-grade routing protocol, built to handle the heavy and volatile routing demands of an ISP backbone. The popular interior gateway protocols Enhanced IGRP and OSPF can satisfactorily meet the needs of most corporate networks in most situations, now and in the foreseeable future. At the same time, a growing number of corporations are finding a use for BGP's flexibility, scalability, and intelligence: not as a replacement, but as a complement to popular intra-AS routing protocols. For that particular reason, the Cisco IOS line supports -- and will continue to support and enhance -- all three. [Image] Atif Khan, a Network Consulting Engineer in Cisco's Network Supported Accounts group, created the presentation, "BGP Configuring and Troubleshooting." He delivered the popular session at both of this year's US Networkers events. To contact him, e-mail aakhan@cisco.com. ----------------------------------------------- Copyright © 1998 Cisco Systems, Inc.