faq of ip routing protocols v1.1 20121231
DESCRIPTION
FAQ_of_IP_Routing_Protocols_V1.1_20121231TRANSCRIPT
-
2012-12-31 1 , 32
FAQ of IP ROUTING PROTOCOLS
Prepared by Date 2012-12-28
Reviewed by
Date
Approved by
Date
Authorized by
Date
Huawei Technologies Co., Ltd.
-
2012-12-31 2 , 32
1 OSPF
1.1 What is the usage of OSPF router-id and the selection principle of the
router-id?
The router ID of each OSPF process is the unique identity on AS. It can be
appointed by command, which has a highest priority. The configuration command is as
following:
[Router]OSPF 100 router-id 1.1.1.1
If the router-id is not configured by command, the system will select an IP
address of interfaces automatically. And the selection order will be: Firstly, select the
largest IP address from all Loopback interfaces as the router-id, if there is no loopback
interface, then the largest IP address of physic interfaces will be selected as the
router-id.
To ensure the stability of router-id, once the router-id has been selected, it will
not be changed even when a bigger IP address is configured, OSPF progress is deleted
and re-configured, and OSPF progress is reset. Only when the IP address which has
been selected as router-id is deleted or this interface is deleted, and OSPF progress is
reset change the router-id.
1.2 The principle of default route advertising for OSPF special area.
Stub area: because the ASBR summary LSA and external LSA cant be
advertised in stub area, so except ABR, the routers in stub area have no external routes.
To ensure the routers to access external network, ABR will generate a summary LSA
with link-id 0.0.0.0 and with mask 0.0.0.0 that advertises to this stub area.
Totally stub area: The difference between totally stub area and stub area is that
in totally stub area, neither ASBR summary LSA and external LSA, nor network
summary LSA can be advertised. To ensure the routers to access external network,
ABR will generate a summary LSA with link-id 0.0.0.0 and with mask 0.0.0.0 that
advertises to this totally stub area.
NSSA area: The difference between NSSA area and stub area is that the ASBR
can exist in NSSA area. NSSA area will filter ASBR summary LSA and external LSA
from backbone area, but will not include NSSA external LSA from ASBR in it.
ABR will generate a summary LSA with link-id 0.0.0.0 and with mask 0.0.0.0
that advertises to this NSSA area as the default route.
TOTALLY NSSA area: The difference between totally NSSA area and NSSA
area is that network summary LSA cant be advertised in Totally NSSA area. ABR will
generate a summary LSA with link-id 0.0.0.0 and with mask 0.0.0.0 that advertises to
this totally NSSA area as the default route.
1.3 If there are two ABR routes, both of which will advertise default route
in a special area. Will it generate a loop?
The answer is no. When ABR receive a LSA including default route information
from another ABR in same area, it will keep this LSA in LSDB, but will not calculate it
to avoid a loop.
When a router has advertised a LSA including default route information, it will
-
2012-12-31 3 , 32
not calculate the LSA including default route information from other routes.
1.4 If there are two ABR in NSSA area, will they both transmit Type 7 LSA
into Type 5 LSA?
The answer is no. In RFC 3101, it specifies that only the ABR with largest route
id will transmit Type 7 LSA into Type 5 LSA.
1.5 How many ways of filtering routes in OSPF, and whats the
differences?
There are many ways of filtering OSPF route, including filter-policy, filter and
route-policy. And their difference is as following:
Filter-policy and filter only can filter route; route-policy not only can filter route,
but also can add or modify tag or priority of the route.
OSPF route filter can be done in two ways. The first one is to filter the OSPF
routing table, which will only affect this router. It will not stop generating and
advertising LSA, so the route calculation on the other routers will not be affected. The
second one is to stop generating or advertising LSA, so the router and the other routers
in same area or in same AS will not have the related route.
1.6 Whats the difference between Virtual-link and sham-link?
Virtual-link can be used to solve the anomaly area problem in OSPF. Normally,
all non-backbone areas will directly connect to backbone area. Sometimes the
non-backbone area have to connect to backbone area through another area because of
some reasons, virtual-link can be used in this scenario. As shown in the following
figure, to connect area 2 to backbone, virtual-link will be configured between R3 router
and R2 router.
OSPF configured in VPN on PE2, the LSAs received from PE1 through MBGP
will become Type 3, Type 5 or Type 7. If there is a backdoor link between CEs as the
backup link, the routes learnt from the backdoor are internal routes and is better than the
routes learnt from MBGP, which results in the data transmission through the backdoor
link. Sham-link is used to solve this problem, which can keep the LSAs in Type 1 or
Type 2 leant from MBGP.
-
2012-12-31 4 , 32
1.7 What is the usage of the common OPSF LSA?
Router LSA (type 1):
Each router can generate a Router-LSA for each area it belongs to. The
Router-LSA (Type1) describes all of the link status and link cost of the router, and all of
the known OSPF peer of the link. Router-LSA only makes flooding for each area it
belongs to.
Network LSA (type 2):
Network LSA is generated by a DR. Network LSA describes all of the routers in
the multiple access network, which lists all of the routers which are connected the local
router, including DR itself.
Network summary LSA (type 3):
Network summary LSA is generated by ASR, and will advertise inter-area routes
to OSPF areas except the totally stub area and totally NSSA area.
ASBR summary LSA (type 4):
ASBR Summary LSA is generated by ASR, and is used to advertise the location
of ASBR to all the related areas except stub, totally stub, NSSA, totally NSSA and the
area to which the ASBR belongs. Why is LSA (type 4) needed here? Because that the
field of advertiser is always ASBR when LSA (type5) is in broadcasting, so all of the
routers in other areas dont know the location of the advertiser except the router in local
area. And the field of advertiser can automatically change to ABRs router-id when
LSA (type3) is broadcast, so each area knows the location of the advertiser. The field of
advertiser can automatically change to ABRs router-id when LSA (type4) is in
broadcasting.
Autonomous system external LSA (type 5):
AS-External-LSA (type5) is generated by ASBR, which describes the route to a
destination outside the AS or the default route and is advertised to all OSPF areas.
NSSA EXTERNAL LSA (TYPE 7):
The Type 7 LSA is generated by the ASBR in the NSSA, and is flooded only in
the NSSA area. The Type 7 LSA describes the route to a destination outside the AS or
the default route. Why is Type 7 LSA needed here? Because that the LSA (type4) and
LSA (type5) are filtered in NSSA area, but the route which is generated in local area
and the outside route which is learned should not be filtered, so the type7 LSA is
-
2012-12-31 5 , 32
defined.
1.8 What is the difference between Stub area and NSSA area?
In brief, the difference between Stub area and NSSA area is that stub area can not
include ASBR, but NSSA area can include ASBR.
1.9 OSPF supports multi-process, does an interface on the router
support multi-process OSPF supports multi-process, which means we can run multiple different OSPF
process on one router. But one interface only can belong to one OSPF process.
1.10 What parameters does OSPF need before establishing or
maintaining OSPF neighbor or adjacency?
The interface which runs OSPF protocol, the interval of Hello and Dead timer,
OSPF maximum retransmission number, LSA retransmission interval and the interval
of LSA flooding.
1.11 What's the calculation process of OSPF route?
OSPF route calculation process can be briefly described as follows:
1) Each OSPF device generates LSA based on the network topology around
them, and sends the LSA update packets to other OSPF devices in the
network.
2) Each OSPF equipment will collect LSAs sent from other routers, the LSDB
consists of all LSAs.
3) OSPF devices convert the LSDB into a weighted and directed graph, which
is a true reflection of the entire network topology.
4) Each OSPF equipment calculates a shortest path tree using itself as the root
according to the graph, this tree gives the route to each node in the
autonomous system.
1.12 Whats the difference between ABR and ASBR?
ABR can simultaneously belong to two or more areas, one of which must be the
backbone area. ABR is used to connect the backbone area and non-backbone area. It
could be a physical connection or a logical connection between non-backbone area
and the backbone area.
ASBR is a device to exchange routing information with other AS. It may be a
router in the region or ABR. As long as a single OSPF device imports external routing
information, it becomes an ASBR.
1.13 What kind of network type does OSPF define?
OSPF defines four types of network, point-to-point network, broadcast network,
NBMA network and point-to-multipoint network.
Point-to-point network consists of only two routers which are directly
connected.
Broadcast network supports two or more routers, and it has the ability of
broadcast.
In the NBMA network, OSPF simulates the operation of a broadcast network,
but it needs to manually configure each router's neighbors. NBMA makes the routers
form a fully connected network.
-
2012-12-31 6 , 32
Point-to-multipoint network makes the entire non-broadcast network as a set of
point-to-point networks. Each router can discover neighbors using the underlying
protocol, such as Inverse ARP. Point-to-multipoint mode should be used when it's not
able to form fully connected network. Point-to-multipoint network type is not a
default network type.
1.14 What is the difference between neighbors and adjacency
relations?
After the start of the OSPF, OSPF interface will send out Hello packets. Some
of the parameters defined in the packet will be checked by OSPF routers which
received the Hello packet. It will form a neighbor relationship if the two sides achieve
an agreement.
Routers formed a neighbor relationship are not necessarily able to form an
adjacency relationship. Only when the two sides exchange DD packets and LSA, they
can form an adjacency relationship.
1.15 Will all types of OSPF network have a DR and a BDR?
Not all types of network will have a DR and a BDR, only a broadcast or NBMA
network will.
1.16 What function does each type of OSPF packet have OSPF have five types of packets.
Hello packets are used to discover and maintain neighbor relationship. In a
broadcast or NBMA network, Hello packets are also used to elect the DR and BDR.
Database Description packets describe the link state summary information
through carrying LSA header information.
Link State Request packets are used to send the download request information
of LSA. Those LSAs are found by receiving DD packets, but the router does not
originally have them.
Link State Update packets synchronize the link state database by sending LSA
details.
Link State Ack packets ensure that the exchanging process of routing
information is reliable through flooding confirm information.
In addition to the Hello packets, all other packets can be sent only between the
router with adjacency relations.
1.17 How many router types are there in OSPF protocol?
OSPF routers can be divided into four categories according to the different
locations in the AS.
Routers within the region: all the interfaces of this kind of router belong to one
OSPF area.
Area Border Router: This kind of router can simultaneously belong to two or
more areas, but one must be the backbone area. ABR is used to connect the backbone
area and non-backbone area. The connection can be either a physical connection or a
logical connection.
Backbone router: This kind of router has at least one interface belongs to
backbone area. Therefore, all the ABR routers and routers located in area0 are
-
2012-12-31 7 , 32
backbone routers.
Autonomous system boundary router: Router exchanging routing information
with other AS is called ASBR. ASBR does not necessarily located at the boundary of
the AS, it may be a IR or ABR.
1.18 How many route types are there in OSPF protocol?
Intra area route: It describes AS internal network structure within an area and
the default routing priority is 10.
Inter area route: It describes AS internal network structure between areas and
the default routing priority is 10.
Type1 external route: It describes how to reach outside of the AS and the
default routing protocols priority is 150. The total route cost equals to the route cost
from the local router to the ASBR plus the route cost from ASBR to the destination
network.
Type2 external route: It describes how to reach outside of the AS and the
default routing protocols priority is 150. The total route cost equals to the route cost
from ASBR to the destination network.
1.19 What is GR?
The Graceful Restart refers to a gentle function of restarting the router. It can
guarantee traffic forwarding non-interrupted. The oscillation of the route will not be
occurred because of the router restart in a short time.
If the router cant restart OSPF protocol with Graceful Restart, the adjacent
routers will delete it from the list of neighbors and notice to the other routers. It will
lead to recalculate the routes. If the restart time is very short, it will cause routing
oscillation.
In order to avoid unnecessary route calculation, when the router restart the
OSPF protocol with GR, it will notice the adjacent router that it just shut down for a
while. The adjacent routers will not delete GR router from the neighbors list, thus
avoiding the route oscillation caused by neighbor relationship changed.
1.20 Which kinds of routing aggregation does OSPF protocol have?
OSPF has two types of aggregation: the ABR aggregation and the ASBR
aggregation
ABR aggregation: when the ABR send routing information to other areas,
Type3 LSA will be generated. If there is continuous network segment in the region,
we can use the command of abr-summary aggregate these segments into one
segment. ABR only sends an aggregated LSA, which can reduce the scale of the other
areas LSDB.
ASBR aggregation: If the local router is ASBR, one Type5 LSA with
aggregated routes will be generated. And one Type7 LSA with aggregated routes will
be generated in NSSA.
1.21 What is the difference between the inter-area LSA and intra-LSA?
The intra-LSA describes the link status of router within the area. The inter-LSA
describes the route information of each network segment instead of the detailed link
status information.
-
2012-12-31 8 , 32
1.22 How to achieve non-forwarding OSPF protocol packet?
OSPF protocol packets are encapsulated in IP packets. The OSPF protocol
packets not forwarding can be realized, if TTL value inside the IP packet is set to one.
1.23 What is the role of DR and BDR in OSPF protocol?
In Broadcast and NBMA networks, the routing information is transmitted
between any two routers. If there are n routers in the network, it need to establish n *
(n-1) / 2 adjacency. Any route change will result in multiple transfer and a waste of
bandwidth resources. To solve this problem, OSPF protocol defines the DR
(Designated Router). All routers only send information to the DR.
If the DR fails, the network router must re-elect DR and synchronize with the
new DR. It will take a long time to re-elect DR. In order to shorten the process, OSPF
introduce the concept of BDR (Backup Designated Router).
In fact, BDR is a backup of DR and is elected at the same time with DR. BDR
establish adjacency and exchange route information with all the other routers. When
the DR fails, the BDR will become the DR. The process is very short-lived, because
adjacencies have been established. Although it still need to take a long time to
re-election a new BDR, but it does not affect the calculation of the route. DR other
router will no longer establish adjacencies and cant exchange any routing
information. And adjacencies will be reduced among routers on broadcast and NBMA
networks.
1.24 Why is it divided into areas in OSPF network?
OSPF LSDB is very big in a large network and also takes up a lot of storage
space. OSPF is link-state protocol, so the LSDB include not only route information.
After the division of areas, the numbers of LSA will be greatly reduced.
Link-state algorithm is more complex than distance vector algorithm. SFP
calculation will cost more time and CPU resource.
After the division of the area, it use link-state algorithms within region and use
the distance vector algorithm between regions.
Network topology changes frequently in large network, which will make the
network to be in the turbulence. The oscillation can be limited in one area by ABR
after the network topology changed.
1.25 What method does OSPF uses to solve the loops between the
areas?
It resolve loop problem by connecting different areas to the backbone and only
the backbone area can exchange the LSA with non-backbone areas.
2 ISIS
2.1 Is there any router-id in ISIS like in OSPF? Should the system-id be
changed or not if the loopback interface IP address is changed in
ISIS?
There is the concept of router-id in ISIS. But it is not called router-id but
system-id. For example: ISIS 100 Network-entity 49.0000.0010.0100.1001.00
-
2012-12-31 9 , 32
As shown ISIS 100 defined above, the system-id is 0010.0100.1001 (it is also the
leading six bytes of the seven bytes in network-entity by reciprocal). System-id can be
configured according to IP address on the loopback interface (the example of
0010.0100.1001.00 is generated by the loopback interface IP address 1.1.1.1) or the
MAC address, as long as the system-id in ISIS system is unique. So it is not necessary
to change loopback interface IP address with changing system identifier at the same
time. In order to avoid conflict, it is suggested that the system-id should be consistent
with the routers loopback interface IP address or MAC address.
2.2 How to select System-ID in ISIS?
1. Use IP address on loopback interface to configure system-id. (Loopback
interface IP address is 192.168.3.25)
192.168.3.25
192.168.003.025
1921.6800.3025: System ID
2. Use MAC address to configure system-id. (MAC address is 0011-1130-4422)
0011.1130.4422system-id Generally, it is suggested to use IP address on loopback interface to generate
system-id.
2.3 Which types of network can be supported by ISIS?
ISIS can support P-2-P network and broadcast network. ISIS cant really support
NBMA network, but it can support NBMA links sub-interface by configuring NBMA
link to sub-interface with P-2-P or broadcast type.
2.4 ISIS is running on data-link layer, so ISIS neighbor establish should
have nothing to do with IP. Why they cant establish neighbor
relationships when local interface IP address and remote interface IP
address are not in the same IP segment?
ISIS neighbor establishment has nothing to do with IP address. But ARP can
ensure the reachability of neighbors, if the address is not unnumbered, the local
interface can check remote routers route, if the route of remote router and local routers
route is not belonging to the same IP segment, the two sides cant establish neighbor
-
2012-12-31 10 , 32
relationships.
2.5 Whats the difference among IS, ES and DIS?
IS (Intermediate System): Network nodes with packet forwarding capability,
similar to the IP router.
ES (End System): Network nodes without routing capability or data packet
forwarding capability, similar to the IP host.
DIS (Designated Intermediate System): In ISIS broadcast network type, it need
to elect a designated intermediate system, flooding LSDB to other routers periodically.
The function is similar to the DR (Designated Router) in OSPF. There is a concept of
backup BDR(Backup Designated Router) In OSPF, which doesn't exist in ISIS.
2.6 How many levels does ISIS have?
ISIS routing protocol has a two-level structure: Level-1 area and Level-2 area.
All the routers in Level-1 area must have the same area address and build a
Level-1 neighbor relationship with each other. There's Level-1 LSDB in the whole
area but no Level-2 routing information of backbone area. It's similar to the total
Stubby area of OSPF.
Level-2 area consists of all the Level-2 routers and L1/L2 routers. Level-2
neighbor relationship is formed between routers in the region. There are both Level-2
LSDB and Level-1 routing information in the whole area.
L1/L2 router can simultaneously form Level-1 neighbor relationship with L1
routers and form Level-2 neighbor relationship with L2 routers. L1/L2 router has a
Level-1 LSDB and a Level-2 LSDB. It advertise the Level-1 routing information to
the Level-2 backbone area at the boundary of the area.
2.7 In ISIS Protocol, how to elect the DIS?
In ISIS, the DIS election is carried out automatically. It is based on the interface
priority of the same network. If there are more than one interfaces with the highest
priority, then the maximum MAC address from those interfaces with same priority
will be elected . DIS is elected in the IS based on the neighbor information of the
interface. Neighbor information is consistent throughout the network, so the the
respective election results are the same.
Only broadcast network type will elect DIS. It's no need to elect DIS in the
Point-to-Point network type.
Different levels have different levels of DIS.
Backup DIS doesnt exist in ISIS. When the DIS does not work, another DIS
will be elected directly.
Interval of Hello packets sent by the DIS is 1/3 the interval of the ordinary
router, so it's easy for the other router to rapidly detect DIS failure and quickly elect a
new DIS.
DIS router is not permanent, once the priority of a new router in the network is
higher than the priority of the current DIS, or the current DIS does not work, the
network will re-elect the new DIS. So the stability of the network is poor .
2.8 What is the function of route injection in ISIS?
In ISIS, intra-area routings was managed by the router in Level-1 area and all
-
2012-12-31 11 , 32
Level-2 routers constitute a Level-2 area.
An IS-IS routing domain can contain many Level-1 areas, but only one Level-2
area. Level-1 areas must be connected to the Level-2 area, and different Level-1 areas
can not connect to each other. The routing information of level-1 area through the
Level-1-2 router communicated to the Level-2 area. Therefore, Level-2 routers know
the routing information of entire IS-IS routing domain. However, by default, Level-2
router does not communicate other Level-1 areas and Level-2 area routing
information to Level-1 area, so Level-1 routers will not have the routing information
outside of the region. That may result that the best route is not chosen for the
destination network outside of the region. To solve this problem, ISIS provides
routing injection function. The Level-2 routers can advertise the routing information
of other Level-1 areas and Level-2 areas to the designated Level-1 area.
3 BGP
3.1 How many kinds of topologies does BGP have BGP has three basic network topologies.
Stub AS: An AS that reaches extraterritorial network through a single exit;
Multi-homed AS: An AS that has more than one exit to reach extraterritorial
network, but it does not allow the traffic from other network to another network through
itself.
Transit AS: An AS that has more than one exit to reach extraterritorial network,
and it allows the traffic from other network to another network through itself.
From the view of BGP , the entire topology of the Internet is composed of a series
of stub AS, Multi-homed non-transition AS and transit AS. BGP ensures the
establishment of path tree by aggregating all paths that do not forms loop, which is the
route to a certain destination.
3.2 How to configure the router_id of BGP? How to choose it
automatically?
The global router_id should be configured in system_view by the command:
For example:
system
[HUAWEI] router id 1.1.1.1
If the ID is not configured, the system chooses an ID for the router from the IP
addresses of the current interfaces. Selection In the following order:
The largest IP address of current loopback interfaces;
The largest IP address of current physical interfaces;
The router_id will be re-selected, just when router_id is removed or the interface
which the IP address of the router_id is configured in is deleted.
In order to increase the reliability of the network, it is recommended that the
Router ID manually should be configured with the IP address of the loopback interface.
You can also configure BGP router_id by following command, or else BGP will
use the global router_id.
For example:
-
2012-12-31 12 , 32
system
[HUAWEI] bgp 100
[HUAWEI-bgp-100] router-id 1.1.1.1
Modification of the BGP router-id will cause the entire BGP neighbors
rebuilding.
3.3 Policies for BGP Route Selection
When there are multiple routes to the same destination, BGP selects routes
according to the following policies:
1. BGP prefers the route with the largest PreVal.
2. BGP prefers the route with the highest Local_Pref.
3. BGP prefers the aggregated route. The preference of an aggregated route is
higher than that of a non-aggregated route.
4. BGP prefers the local route that is manually aggregated. The preference of the
local route that is manually aggregated is higher than that of the local route that is
automatically aggregated.
5. BGP prefers the local route that is imported by using the network command.
The preference of the route that is imported by using the network command is higher than
that of the local route that is imported by using the import-route command.
6. BGP prefers the route with the shortest AS_Path.
7. BGP compares Origin attributes, and selects routes whose origin types are IGP,
EGP, and Incomplete in sequence.
8. BGP prefers the route with the smallest MED.
9. BGP prefers the routes learned from EBGP. The preference of an EBGP route
is higher than that of an IBPG route.
10. BGP prefers the route of an IGP with the smallest metric in an AS. If load
balancing is configured and there are multiple external routes with the same AS_Path,
load balancing is performed according to the number of configured routes.
11. BGP prefers the route with the shortest Cluster_List.
12. BGP prefers the route with the smallest Originator_ID.
13. BGP prefers the route advertised by the router with the smallest router ID.
14. BGP compares IP addresses of its peers, and prefers the route that is learnt
from the peer with a smaller IP address.
3.4 What are the Policies of Route Advertisement in BGP?
BGP adopts the following policies to advertise routes:
The BGP speaker advertises only the optimal route to its peer when there are
multiple valid routes.
-
2012-12-31 13 , 32
The BGP speaker advertises the routes learned from EBGP routers to all BGP
peers, including EBGP peers and IBGP peers.
The BGP speaker does not advertise the routes learned from IBGP routers to its
IBGP peers.
The BGP speaker advertises the routes learned from IBGP routers to its EBGP
peers.
The BGP speaker advertises all BGP routes to the new peers when the peer
relationship is established.
3.5 How to avoid loop for BGP?
BGP is different from other IGP protocol; BGP contains rich routing attributes,
so BGP is able to filter routing through routing attributes, one of the properties for the
AS_PATH.
The AS_Path is used to record all ASs that a route passes through from the local
end to the destination in the distance-vector (DV) order. Router will check the
AS-PATH attribute when it receives new routes, if there have found its own AS number
in the AS_PATH attribute, then it means that the self-published route again return to
itself, so there have been a routing loop, this route will be discarded , thus avoiding he
routing loop produces.
Of course, BGP router will not release the route come from IBGP peer to others
IBGP peers, this is also a method to avoid routing loop.
Under normal circumstances BGP discards the route contains its own AS number
in the AS_PATH attribute. But in certain circumstances repeating AS number is
reasonable, so you can control by the following command:
[HUAWEI] peer {group-name | peer-ipv4-address} allow-as-loop [number]
The number in the range of , the default value is 1, that is allowed to
receive routing that contains a selfs AS number in AS-PATH attribute.
3.6 Which reasons could cause BGP connection cannot be established?
The most common reasons are as follows
1) The IPs of BGP peer cannot ping each other. At this time, you can use
extended ping to check the TCP connection.
For example:
ping -a source-ip-address destination-ip-address
2) The wrong configuration of peer IP or peer AS;
3) OPEN packet negotiation failsOPEN packet will negotiate BGP version
Holdtime, Router_id, optional parameter and so on; Generally due to failure to
correctly identify the parameters, in particular the parameters of others
informational firms;
-
2012-12-31 14 , 32
4) MD5 authentication configuration errors;
5) Router-id conflicts
6) The wrong configuration of BGP connection between Confederation and
non-confederation;
7) Marker error, it appears rarely
8) And so on;
3.7 Trouble shooting for BGP connection cant be established.
The normal methods are as follow:
1) Open debug bgp xxx all to confirm the bgp status
2) If BGP is keeping in active status, that means TCP cant establish, we
must consider about the low-layer problem and routing unreachable
problem.
3) Then we need to eliminate MD5 problem
4) If step3 is ok, we need to check the BGP configuration just like IBGP
connect-interface and EBGP ebgp-max-hop.
5) If there is open massage error, though the debugging, V5 can easily
find out the error class and information.
3.8 What are capacity parameters of BGP open massage?
There are 2 types of BGP capacity parameters, multi-protocol capacity and
routing refreshing capacity; the definitions are different by different manufactory. For
example RFC4761, VPLS capacity has been defined to 25/26 (L2vpn is also 25/26).
The detail parameter is as follow:
CODE AFI SAFI
IPv4 Unicast Multiprotocol
(1)
1 1
IPv4
Multicast
Multiprotocol
(1)
1 2
IPv4 VPNV4 Multiprotocol
(1)
128
L2vpn Multiprotocol
(1)
196 128
IPv6 Unicast Multiprotocol
(1)
2 1
IPv6 Multiprotocol 2 2
-
2012-12-31 15 , 32
Multicast (1)
VPLS (H3C) Multiprotocol
(1)
155 128
VPLS
(RFC4761)
Multiprotocol
(1)
25 65
ORF (cisco) Multiprotocol
(1)
130 7
Refresh Route refresh
(2)
- -
3.9 Why loopback interface cant establish IBGP peers.
IBGP peer cannot establish normally because BGP must establish TCP
connection first but TCP source IP is the out-going interface IP, thus the source IP must
defined as the loopback interface. Use command peer x.x.x.x connect-interface.
3.10 Directly connected EBGP peer cant be establish by loopback
interface.
Similar as the previous case, EBGP peer is established by outbound interface, we
must use command Ebgp-max-hop, because loopback interface is not directly
connected.
Normally using loopback to establish EBGP is not recommended.
Using physical interface is recommended, for example the L3vpn environment.
3.11 Why the indirectly connected EBGP peer cant establish.
If the EBGP peer is not directly connected, the peers are routing reachable and
are directly connected physically, please check whether the ebgp-max-hop is
configured.. Please configure ebgp-max-hop , the default value is 64.
3.12 What reasons will cause the BGP connection down after the peer
is established.
The normal reasons are as follow:
1) After BGP peer established, during hold-time the keep-alive massage cant be
received, error code 4/0.
2)Receiving illegal update massage cause BGP disconnected for security
consideration. BGP automatically disconnect the peer and print error
message.
3) MTU problem, routers may use some special chip or manually define a
MTU which cause the massages are encapsulated many times then
dropped by BGP.
4) If MTU and QOS are not appropriately configured, the large update
-
2012-12-31 16 , 32
packets may be dropped caused by TCP re-transmission. When many
update massages are re-transmitted, keep-alive massage maybe
suppressed, making BGP consider the peer as down.
5) The network congestion may cause the keep-alive massage lost, the
peer status will change repeatedly, and in addition if the BGP peer is
found by IGP routing, the network congestion may cause the IGP routes
lost then the BGP peer will be down.
6) Some other reasons cause TCP179 port cant be used.
Of course BGP support many operations, so many reasons will cause BGP
session reset:
1) Peer close the session, for example BGP peer configure command ignore
2) Configure the routes limitation (peer x.x.x.x route-limit), when the routes
number exceeds the peer will be down; different device has different values.
3) Remote peer AS changes.
4) Route-reflect client configuration changes.
5) Peer groups policy and capacity changes
6) Configure or modify the BGP router-id
7) BGP confederation is configured or removed; confederation nonstandard
command can also cause this.
3.13 Why the local routes cannot be published via BGP with network
command?
If the local direct routes or the IGP protocol routing 172.16.1.0/24, run the
network 172.16.1.0 commands in BGP view to pass this route to BGP routing table.
However, when viewing the BGP routing table, this route does not exist.
When we publish the BGP route via the network commandprefix and mask must match exactly, 172.16.0.0 is a Class B segment address, The natural mask is 16
by default without mask parameters. But the above routing mask is 24.So we must
configure 24 masks in the mask parameters to publish the BGP routing.
The network command in BGP configuration mode can take the mask
parameters or not, using the natural mask of the route by default without the mask
parameter, the route can be published normally if the prefix and mask is the same in
the global routing table.
3.14 What is the function of the Peer Ignore command?
Peer ignore command is used to stop the specified active peer / peer group
session artificially,clear all routing information, and prohibit to establish a session
with the specified peer / peer group, The BGP neighbors will remain in idle state. If
the command is used for a peer group, that means that a large number of peer session
suddenly terminated, By default, it is allowed for BGP peer / peer group to establish a
session. When Peer ignore command is configured, display bgp peer the result is as
follows:
4.4.4.4 4 100 0 0 0 0 02:35:59 Idle (Admin)
3.15 How does BGP publish a default route?
BGP can control the default route via the peer default-route-advertise and
-
2012-12-31 17 , 32
default-route import command. Peer default-route-advertise can publish the default
route to the peer directly without the local exist default route. But the default-route
import only allow the introduction of the local default route, which means we must
import IGP default route that exist in the local routing table, then configure the
default-route import to import the default route properly.
3.16 Why the route is invalid when published the route from direct
connected EBGP neighbor to IBGP neighbor?
The next hop processing is different in BGP when sending routing to IBGP and
EBGP neighbors. When advertising a route to EBGP neighbors (spread between the
ASs) ,The next-hop will be change to the export IP address.(When the hop address is
subject to third-party next hop before and after the modification, it will not be
modified); when advertising a route to IBGP neighbors (spread within the AS), the
next-hop is the same.
Because the BGP did not modify the next hop address when forwarding to other
IBGP neighbors from EBGP's routing.
So, if the IBGP neighbor's device does not have the route to the next hop
address, it will cause the routing failure for the neighbor route from the IBGP
neighbor routing is unreachable.
There are several solutions:
You can configure the next-hop-local, thus when received EBGP route which
send to the IBGP neighbor will force to change the next hop for the address of their
outgoing interface; Within Autonomy system all devices are configured IBGP
neighbors and full links, learning the next hop by bgp, Then we can Ensure that all the
device within the autonomous system can know all the interface address by BGP
protocol.
3.17 Why does not choose the small MED value routing between the
same route comparing?
The EBGP neighbor was established between the three AS inconsistent MSR,
which the RTC received internet routing from RTA and RTB. According to the
requirements of the RTC, RTA will send RTC routing which setting the MED value
of 50, while the RTB sent to the RTC with MED 100. RTC hopes to choose the
smallest MED value as the best route for the same destination, for the same
destination, the RTA link as the primary link through RTB link as a backup link.
RTC does not choose the route from RTA as the best, why?
When the MSR router chooses the route, a number of factors need to be
considered, including local priority, AS path length, origin type, and MED value. In
the case when all values are same except the MED, the route with smaller MED value
should be selected as the best route. It should be noted that the MED value is only
comparable between routing from the same AS. In order to be able to compare MED
values between different AS from the same route, the route with smallest MED value
is the best route, we need to configure the compare-different-as-med command in
BGP, BGP VPN view.
-
2012-12-31 18 , 32
3.18 Why is the cost (MED) added with 1 after OSPF routing is
imported into BGP?
There is a description In RFC4577OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks, as below:
MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the
value of the OSPF distance associated with the route, plus 1.
When the OSPF route is imported into BGP, MED value will plus 1.
3.19 The Effects of OSPF MCE on BGP MED
The vpn-instance-capability simple command is not used to enable the VPN
instance but used to enable the Multi-VPN-Instance CE.
If the vpn-instance-capability simple command is not configured , the routers
imported into the multiple instance process of BGP will carry the similar attributes,
such as: Ext-Community :, , the above extended community attributes imported to a peer PE by BGP is used to revert LSA on
the OSPF process; As a common PE, when the OSPF router is imported to BGP, the
value of MED equals to the value of OSPF router cost add one.
[MSR50-40-BGP-vpn-a]dis BGP vpn vpn vpn-a routing-table 172.32.0.0
BGP local router ID : 104.104.104.104
Local AS number : 100
Paths: 1 available, 1 best
BGP routing table entry information of 172.32.0.0/16:
Imported route.
From : 0.0.0.0 (0.0.0.0)
Original nexthop: 10.10.1.2
Ext-Community :, , ,
AS-path : (null)
Origin : incomplete
Attribute value : MED 2, pref-val 0, pre 150
State : valid, local, best,
Not advertised to any peers yet
When the vpn-instance-capability simple command is configured, the PE is
-
2012-12-31 19 , 32
changed to MCE. Then the OSPF router to import to BGP will only carry the
extended group attribute without the other extended group attributes.
Then when BGP import OSPF, the value of MED equals to the value of OSPF
routers cost.
[MSR50-40-OSPF-1000]
#
OSPF 1000 vpn-instance vpn-a
vpn-instance-capability simple
area 0.0.0.0
network 10.10.1.0 0.0.0.255
#
return
[MSR50-40-OSPF-1000]dis BGP vpn vpn vpn-a routing-table
Total Number of Routes: 3
BGP Local router ID is 104.104.104.104
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 16.16.16.16/32 0.0.0.0 1 0 ?
*> 50.1.1.0/24 0.0.0.0 1 0 ?
*> 172.32.0.0 0.0.0.0 1 0 ?
[MSR50-40-OSPF-1000]dis OSPF routing
OSPF Process 1000 with Router ID 10.10.1.1 Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.10.1.0/24 10 Transit 10.10.1.1 16.16.16.16 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
-
2012-12-31 20 , 32
172.32.0.0/16 1 Type2 1 10.10.1.2 16.16.16.16
50.1.1.0/24 1 Type2 1 10.10.1.2 16.16.16.16
16.16.16.16/32 1 Type2 1 10.10.1.2 16.16.16.16
Total Nets: 4
Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0
3.20 How to realize the BGP multi processes and network transfer
As we all know, a router support only one BGP process, with one single AS
number configured. But in some special cases such as network migration with
changing the AS number, we require some features to switch the network smoothly.
The literature reference is BGP Support for Dual AS Configuration for Network AS
Migrations, the URL: http://tech/article.php/4728. In the V5, the fake-as command is
used to set up a fake AS number for a designated PEER, and this feature is only used
for EBGP PEER.
Using this command (same as the local-as command of Cisco), you can specify
BGP peer to configure a fake AS number different from the as number designated by
BGP.
After the command peer { group-name | peer-ipv4-address } fake-as [ number ]
is run , this EBGP peer user the fake-as number but the real as number to establish peers
with the local BGP router. For Example, local RTX local ip 57.0.0.1BGP configuration is as follows:
BGP 100
router-id 1.1.1.1
undo synchronization
peer 57.0.0.2 as-number 57
peer 57.0.0.2 fake-as 88
Then RTX establish peers with 57.0.0.2 will be 88, not 100. Meanwhile, the remote
AS number of RTY (57.0.0.2) will also be 88, not 100.
Related BGP configuration is as follows:
BGP 57
peer 57.0.0.1 as-number 88
undo synchronization
In the real use, this command usually is combined with peer { group-name |
peer-ipv4-address } substitute-as.
-
2012-12-31 21 , 32
3.21 What is synchronization policy of BGP?
The purpose of synchronization is to prevent transition black hole happening in
certain circumstances. When synchronization is brought into operation, BGP speaker
will always check whether the route which is received from IBGP neighbor is already
exist in the IGP route table. Only when it is already exist in the IGP route table can this
route be effective in the BGP route table. On the contrary, it is non-effective. If
synchronization is shutdown, BGP speaker will not check whether the route which is
received from IBGP neighbor is already exist in the IGP route table and make it
effective directly, in this case, problem will occur in this topology as follows:
172.16.1.0/24
AS100
AS200
AS300RTA
RTB
RTC
RTD
RTE
EBGP
IBGP
EBGP
As shown in figure above, BGP is not operated on RTC, synchronization is
shutdown on RTD. 172.16.1.0/24 is send out by RTA first, and direction is
RTA----------- --RTB--------------- ----------------
RTBRTDRTE receive this route and make it effective. At this time, if RTE forwards a packet with destination IP 172.16.1.10, the process is shown as follows:
step1: RTE sends the packet with destination ip 172.16.1.10 to RTD
step2: after RTD received this packet, it will be send to RTB (next-nop-local has
been used in RTB). Because the IBGP connection between RTD and RTB is logical
connection, the practical next hop is RTC, RTD will send this packet to RTC.
Step3:RTC will check routing table after received this packet, because RTC
doesnt operate BGP, it couldnt find out the match and the next hop. At last, this packet
with destination IP 172.16.1.10 will be discarded.
As shown in figure above, the routing table of RTBRTC and RTD dont have the route of 172.16.1.0/24. If synchronization has been operated, when RTD received this
route from RTB, RTD will not make it effective and also not send it to RTE, which
avoids the problem above at last.
In actual situations, BGP will be operated on all of the routes which is at AS
forward path, the problem above will not happen, so synchronization can be shutdown.
In specific implementations, v3 doesnt support synchronization; v5 can support
synchronization, but it is asynchronization by default.
3.22 How does V5 realize the route aggregation?
There are two ways for V5 to realize route aggregation, as follows:
-
2012-12-31 22 , 32
Automatic aggregation function: configure through the summary automatic
command in BGP/BGP VPN view, by default it is disabled. Automatic aggregation
only aggregate the kinds of protocol routes which are imported by the command
import-route (BGP routes from a neighbor do not become effective), and do not
aggregate default routes while suppress the subnet routes imported by the IGP which
participate in aggregation automatically to decrease the amount of routes. This method
is rigid, and is in accordance with the natural mask for aggregation; sometimes it cant
meet the requirements.
Manual aggregation: Configure by the command aggregate in BGP/BGP VPN
view, the command carries many parameters, and it not only brings more flexibilities to
aggregation, but also neatly integrate into route policies in order to achieve the purpose
of precise control, specific methods can refer to MSRrouter BGP route aggregation test
experiences summaryand the reference URL is http://tech/article.php/5211 What should pay attention is that it is complicated to use the parameters of
aggregate command. Compared with Cisco, there are some differences on the
implementation of aggregate. You can learn about it by related documentations.
Especially be careful that if you do not set the mask in manual aggregation, it will
be aggregated by nature mask.
3.23 By which changes does the BGP support the IPV6
According to RFC2858, BGP4+ includes two new attributes
(MP_REACH_NLRIMP_UNREACH_NLRI) to support BGP4+, in the update message there are three fields related with IPV4 which contains next-hopaggregator and NLRI. These fields inherit attribute and application rules of BGP. About this aspect
you can read Multiprotocol Extensions for BGP-4_RFC2858. The URL is http://tech/article.php/1982;
About the realization in V5, as well as the difference between BGP and
BGP4+,you can read the text the introduce of MSR router-BGP4+,the URL is:
http://tech/article.php/5028.
3.24 Whether the realization of BGP4+ are completely identical with
that of BGP at the present time
At the present time , compare with V3, the reliability of the V5 has improve
much, meanwhile it provides the support for BGP4+; About the significant properties it
can only support community & reflect unicast but not support some import properties such as the route aggregate VPNV4.
The realization of BGP4+ is based on the IPV6 address family. In fact it also can
be understood as the Multi-protocol Extensions for BGP-4RFC2238 for the application of IPV6.However because the distance of the next hop has changed, the
single IP address cannot meet the real requirements. For this, the update message
contains two optional non-transitive route properties to control the routing for the
relevant address family which are Multi-protocol Reachable NLRI -
MP_REACH_NLRI (Type Code 14, HEX:0x0E) and Multi-protocol Unreachable
NLRI - MP_UNREACH_NLRI (Type Code 15, HEX:0x0F). MP_REACH_NLRI is
used to distribute the route, and MP_UNREACH_NLRI is used to withdrawn the
-
2012-12-31 23 , 32
route.
3.25 Can BGP use the condition of equivalence route to create
iterative For example: there are two default route, one outgoing is null 0, the other is
GE0/1.1, How does BGP deal with this use the iterative? Why when use this command
dis ipv6 relay-tunnel,but the null 0 did the count ?
In the actual processing in V5,BGP route iterative to the default route,but not to
the GE0/1.1,when there are two equivalence default route. Every learnt BGP route will
generate a derived route, which will create an equal-cost route. The iteration is actually
performed on : :/. So the times of iteration is only one in 55: : /64 (ipv6 route-static : : 0 :
55: 1), and 10000 in: : / (all BGP routes).
3.26 What rules of filtering can V5 route-policy support?
V5 can support many route-policies to control route receipt and send, for the
BGP peer or peer group there are ways below:
as-path-acl,AS path filtrate the control list
ip-prefix,IP prefixal list(can support IPV6)
route-policy,route-policy
filter-policy(advance acl),route app filtrate-policy
Route-policy contain many rules:
if-match as-path,match as-path list
if-match community,match community list
if-match extcommunity
if-match cost,match route med
if-match interface,BGP cant support
if-match mpls-lable,BGP can support,BGP distribute lables can replace
IGP+LDP, used in L3VPNs c2c and muti domain.
If-match acl(advanced acl),match accessing control list
If-match ip/IPv6 match next jump,can specify the acl or address prefixal
list
If-match ip-prefix, match address prefixed list, can support IPv6
3.27 Basic matching rules of Route-policy
BGP is known as the leading protocol in routing. The route-policy plays a key
role in this. On the usage of route-policy, vendors have different rules and convensions.
The configuration and usage is complicated. However, if you follow the basic
principles shown as below, many related problems will be resolved.
one route-policys among all the node are or relationships
in one node all if-match are and relationships
one if-match all the parameters are or relationships
Simply put, one route-policy contains many nodes, and every node is the
matching test unit. the node will first match according the node-number, Every node
contains a group of if-match and apply clauses, where if-match define the matching
rules, and the objects to be matched is the route information any attribute. The same
nodes different if-match is and relationship. Only all the conditions fulfill the
-
2012-12-31 24 , 32
if-match, the match test can be passed. Apply clause defines the actions which means
that after the matching test is passed, set some parameters for the route.
One route-policys different nodes are or relation, if any of the nodes is passed,
that means all the node passed the test, so no need to test the next node.
For some if-match clauses, you can add multiple parameters of the same kind,
and these parameters are or relationships.
For example:
Route-policy 1 permit node 1
If-match cost 20
If-match route-type internal external-type1
Route-policy 1 permit node 2
If-match cost 30
Route-policy 1 configured 2 nodes, node1 and node2,but configured different
if-match. For node1,if you want to fulfill the conditions must cost is 20 and route type is
OSPF internal or type1.internal and external-type1 belong to the same if-match ,so they
are or relationship.
For the node1, where there are many if-match clauses, so they are and
relationships, must be fulfilled at the same time:
If-match cost 20
If-match route-type internal external-type1
For the node2,if the node1 passed the matching test, the node2 will not do
match test.
Please note, if the if-match clause has passed the matching test and the condition
of if-match clause is DENY, the next node will be performing the matching test,
regardless of the fact that the node is configured as permit or deny. If none of the nodes
fails the matching test, it will be considered as DENY.
Non-existing route-policy will be allowed pass by default.
3.28 Matching the prefixed list, but route of opposite site is not
received.
R1:
Peer X.X.X.X ip-prefix 1 import
ip ip-prefix 1 index 20 permit 10.0.0.0 16
The configuration of prefixal list is wrong, It should be permit 10.0.0.0 8,When
you config it, you should attention the mask and logic.
-
2012-12-31 25 , 32
3.29 Configured route-policy and apply community, but the opposite
route received contains no community attribute.
R2:
Peer X.X.X.X route-policy 1 export
Route-policy : 1
permit : 0
apply community 1 2 3
apply extcommunity rt 0.0.0.0:0
BGP don't send community attribute and extensible community attribute by
default,if want to send this kind of attribute, you should configure commands as below
on peer or peer group:
Peer X.X.X.X advertise-community
Peer X.X.X.X advertise-ext-community
3.30 How to use Regular Expression of as-path to control the route?
Its difficult to use as-path to control the route because it is complicated and not
easy to remember, you can refer to the document Applications of Commenly used BGP
Regular Expression and the url is:
http://tech/article.php/2038
3.31 Why doesnt BGP support if-match interface routing policy?
Obviously, there is no concept of routing information interface in BGP,and
VRP5 does not support it too ; the command if-match interface is used to configure
the match conditions of outbound interface of routing information ,so BGP will skip the
checking of if-match interface policy when it checks routing policy.
3.32 Why does routing policy check routing twice?
After we debug RM policy, we can see RM will always check routing policy
twice for single routing when we change routing policy every time, why?
So as to reduce the usage of memory, it is realized currently in VRP5 as
follwoing, routing policy will decide whether the routing matches the strategy for the
first time after we change the routing policy, and determine the specific properties of
routing the second time after getting through the policy in order to send packet by group,
so that VRP5 do not save specific properties of policy passed through after it passed
first check and reduce the amount of memory usage. Of course, this will definitely
sacrifice part of the efficiency. We are looking forward to more reasonable
implementation after this.z
-
2012-12-31 26 , 32
3.33 Why add community attribute when policy is quoted, but
advertises policy not do?
The ability to advertise the community attribute and extend community attribute
to peer is turned off default, the following command should be used to enable the ability
when we need:
peer { group-name | peer-ipv4-address } advertise-community
peer { group-name | peer-ipv4-address } advertise-ext-community 3.34 What are the characteristics of BGP reflection? How can we
configure it ?
Within an AS, IBGP must require fully connected logically, but with the
increasing complexity of network topology, the fully network connection is costly, in
order to solve this problem, we get the idea of BGP reflection. The basic idea of route
reflector concept is: specify a centralized router as the center of the session point, a
plurality of BGP routers to establish the peer session with this center point, and then
more than one reflector router to establish the BGP peer session.
Characteristics of routing reflector:
1. Easy to understand
2. Transplantation (without changing the existing network topology)
3. Good compatibility (do not need all routers support reflection mechanism,
reflection is transparent for customers)
Please note that when the reflector reflects routes, NEXT-HOP, AS_PATH,
MED, and LOCAL_PRE properties should not be modified. At the same times, after
the attributes applied in the routing policy in reflector was modified, the new attributes
will not be applied to the reflecting route.
V5 reflector support general BGP, VPNV4, BGP VPN, in the specified view it
should be configured as following:
Reflector cluster-id 4294967295 / / reflector ID
Peer 104.104.104.104 reflect-client / / specified the IBGP peer as reflector client
reflect between-clients / / the default configuration
3.35 What are redundant reflector and nested reflector?
The reflection related configuration is quite flexible. Besides common
configuration, in order to strengthen the robustness and flexibility of the reflection, we
can also configure redundant reflectors and nested reflector:
As the logic structure changes in the AS domain, the reflector becomes the
bottleneck of the route released, once the reflector get a problem, the transmission of
the routing in the entire domain will be greatly affected, in this case, we can configure
redundant reflector to resolves this ,i.e., a group can exist more than one reflector, each
of reflector CLUSER_ID is the same and is fully connected with the customer, when
the problem occurs in one reflector, the other reflector still work properly. The
redundant reflector concept can further reference below.
In addition, we can configure nested reflector that is to configure a reflection
group within a group, the reflection group ID is different from the group CLUTER_ID.
Nested reflectors is usually used in the VPNV4, for example, in the MPLS L3vpn
-
2012-12-31 27 , 32
environment, multi-level reflection can share the pressure of PE.
To avoid routing loops, we can quote originator-id attributes and cluster-list
attributes, originator-id attribute is generated by the reflector, whose value is the
router-id of neighbors of the route originated from ; cluster-list is also generated by the
reflector, if reflector find cluster-list attributes in update packet, it will add the
cluster-list attributes to the end; If not, reflector will create a cluster-list attributes, put
its own cluster-id on above, and then advertise to other neighbors; if the cluster-id is
the same with local cluster-id ,reflector will discard the route to avoid loop. The value
of cluster-id can be configured on the reflector, if not, it will be configured by default to
use router-id of the reflector.
3.36 Why does BGP discard the routing when it received the routing
carried the same originator-id attribute with originator-id attribute of
local Router ID?
R1 and R2 are as RR, R3 and R4 are as RRC, and R4 advertises a single route, R2
received this route, but R1 and R3 are not received.
During routing transmission, the routing carry an originator-id attribute and a
cluster-list attribute. The value of the originator-id is the ID of the originating router,
and the value of the cluster-list is the ID of along the route of reflector. When a client
receives the reflection routing it will check these two attributes of the routing, if
originator-id attribute from received routing is its own router ID, the router will reject
the route. This the reason why does the BGP process of the R1 and R4 have the same
ID.
-
2012-12-31 28 , 32
3.37 Why does the route with the same cluster-list property as local
cluster-id will be discarded when converging?
R1 and R2 are RRR3 and R4 are RRC, R4 advertised one routeR2 and R1 have
received this routebut R3 has not received it. Outgoing route will carry one originator-id property and one cluster-list property.
And the value of originator-id is the ID of originator router. The value of cluster-list is
the cluster-id of RR on the routes. The router will check these two properties when
receiving the reflection route, if it finds its own cluster-id in cluster-list property, the
router will reject this route. Because R1 and R2 have the same cluster-id, when R1 gets
the route reflected from R2, the router will be discarded.
If R1 and R2 have the same cluster-id, and R3 wants to get the route from R4, we
could use the concept of redundancy reflection, connect R3 to R2, then R1 and R2 will
be RR and have the same cluster-id, form redundancy reflection condition, R4 will send
to R3 directly.
3.38 What rules should be followed in route reflection?
The reflector has two kinds of IBGP neighbors: customer neighbor and
non-customer neighbor, the reflector and customer form a group (cluster), the customer
in the group should not form IBGP connection with BGP neighbor outside. All the
route reflectors and non-customer routers form a totally meshed network.
1) reflector sends the routes which are received from non-customer router to
customer router 2) the customer router sends the routes which are received from other routers to
all the customer and non-customer routers(including itself) 3) when the EBGP neighbor receives routes, it will send them to all the customer
and non-customer routers.
3.39 The property of reflected route should not be changed!
The property of reflected route (such as confederation property etc.) should not
be changed by reflector.
Configuring the BGP route reflection could reduce iBGP connection numbers,
the reflected route should add its cluster-id to cluster_list property, but the
configuration of cluster-id is not necessary. When BGP has configured reflector
-
2012-12-31 29 , 32
cluster-id, it will adopt this configured value, if this value is not configured, BGP will
add local router id to corresponding route property of cluster_list.
3.40 How to configure confederation and what is the function of
confederation RFC3065 definesThis document describes an BGP extension which may be
used to create a confederation of autonomous systems that is represented as a single
autonomous system to BGP peers external to the confederation, thereby removing the
"full mesh" requirement. The intention of this extension is to aid in policy
administration and reduce the management complexity of maintaining a large
autonomous system.
So confederation is similar to reflectorit is used to resolve the problem of IBGP connection of whole large-scale network. The concept of confederation is based on that
one AS can be divided into several sub-ASand the sub-AS uses totally close IBGP networkand connections between sub-AS and inside of confederation & outside of confederation are special EBGP connections. Although the route between sub-AS and
sub-AS switches by EBGP, all of the IBGP rules are available, so for routers outside of
AS, the confederation is just like a single AS. The next relay, metric value and local
priority of EBGP transmit inside.
The routers participated in confederation follow the configuration below
generally confederation id 6500 //Large AS numbermust be the same in one confederation,
cannot be the same with local AS number.
Confederation peer-as 600 // Confederation peer-as number
3.41 Two newly added properties in confederation Currently, BGP specifies that the AS_PATH attribute is a well-known
mandatory attribute that is composed of a sequence of AS path segments. Each AS
path segment is represented by a triple . In [1], the path segment type is a 1-octet long field with the two
following values defined:
Value Segment Type
1 AS_SET: unordered set of ASs a route in the UPDATE message has traversed
2 AS_SEQUENCE: ordered set of ASs a route in the UPDATE message has
traversed
RFC3065 has added two properties customized for confederation 3 AS_CONFED_SEQUENCE: ordered set of Member AS Numbers in the local
confederation that the UPDATE message has traversed
4 AS_CONFED_SET: unordered set of Member AS Numbers in the local
confederation that the UPDATE message has traversed
These two properties are preventing the loop of confederation.
3.42 How does parameter of AS-PATH transmit in confederation For AS_CONFED_SEQUENCE and AS_CONFED_SETthe way of dispose in
confederation is almost the same with AS_SEQUENCE and AS_SET, and at the same
time
-
2012-12-31 30 , 32
1 The property of AS_PATH should not be changed when routes are transmitting in sub-AS of confederation.
2When routes are transmitting in sub-AS of confederation a) If the first AS_PATH is AS_CONFED_SEQUENCEBGP will put the AS
number of itself in the leftmost.
b) Otherwisecreate a AS_CONFED_SEQUENCE including the sub-AS number of itself.
3When routes are transmitting to EBGP out of confederation a) If the first AS_PATH is AS_CONFED_SEQUENCEdelete the subsequent
AS_CONFED_SEQUENCE and AS_CONFED_SETto b). b) If the first AS_PATH is AS_SEQUENCEput the confederation AS number
in leftmost.
c) If the first AS_PATH is AS_SETadd one AS_SEQUENCEand put the confederation AS number in leftmost.
4 For the transmission of local original routes a) Send the empty property of AS_PATH to IBGP in own AS.
b) Send to EBGP inside the confederation and outside the own AS, carrying
property of AS_CONFED_SEQUENCE.
cSend to EBGP outside the confederation, carrying property of AS_SEQ. 3.43 What is the usage of V5 confederation nonstandard command?
RFC1965 specified: AS-PATH Segment Type 3 is AS_CONFED_SET
attributes, Type 4 is AS_CONFED_SEQUENCE attributes. In the past, Cisco Type 3
as AS_CONFED_SEQUENCE attributes, Type 4 is not used. This has led to Union
AS-PATH attribute format and RFC inconsistent in the Cisco router BGP update
packets , leading to our company does not recognize a legal Union AS-PATH attribute
of BGP packets during intercommunication process
In order to solve the intercommunication problem in the past, you need to
configure the confederation nonstandard command to be compatible with Cisco
treatment. But there is no similar problem with 12.3 Series in Cisco ISR router
intercommunication
3.44 Why does BGP route still cannot form equal-cost routes with the
same destination network segment and set balance?
Unfortunately, the implementation of V5 equivalent BGP routing contains many
limitations, as follows
1) the routes that participate in BGP load balancing routing must be valid
2) the routes that participate in BGP routing load balancing, theORIGIN,
LOCAL-PREFERENCE, MED, and AS-PATH path attribute of them must be the same.
According to the source of the route BGP can be divided into IBGP learned routes, the
EBGP learned Routing, The NETWORK command imported routing,
IMPORT-ROUTE command imported routing, automatic to aggregate routing and
manually aggregated routing , Routing between different origins cannot formed load
balancing;
3) BGP routes of different sources cannot be formed load balancing;
-
2012-12-31 31 , 32
4) Routes of labeled and non-labeled cannot be formed load balancing. Labeled routes
refers to BGP public network with labels routing which follow RFC3107;
5) BGP routes of the reflective and non-reflective cannot be formed load balancing;
6) BGP routes with the same next hop cannot be formed load balancing;
7) When forwarding route, one randomly selected route will be used to send
packets if there aremultiple equal-cost routes.
To ensure the above rules, you also need to configure equivalent load balancing
command balance in the BGP view or BGP VPN view, because there is no load
balancing by default , and the maximum number of equal-cost routes 8 in MSR.
3.45 Equal-cost BGP routing next hop set
In IBGP load balancing routing, when configured reflection to forward equal-cost routes
to IBGP neighbors, the next hop does not change, Next hop is the selected initial next hop of
equal-cost route; in any other cases, the next hop is the BGP local address that forms the load
balancing.
3.46 How to achieve load balancing via BGP?
BGP cannot be formed equal-cost routes by default, when there are equal cost
routes, please set balance command in the BGP or BGP vpn view, which can enable
equivalent routing functions. Formation of equal-cost routing has many limitations, and
you can refer to chapter 7.1.
Theoretically, between the peers there can easily form equal-cost routes, But pay
attention to the impact of loop. At the same time, formation by importing the IGP
routing between autonomous domains to form the equal-cost routing is also more
common way. As used in Multihomed AS topology Central Standing Committee load
balancing features, and, of course, this simple load balancing does not distinguish
traffic and business, but uniformly distributed.
There is another load balancing method according to the different services and
traffic load balancing overall, As shown in the following figure, set a different priority
for different services X and Y routing, will result in the service X flow from link1 , the
service Y flow from link2 .
3.47 How to achieve link backup by BGP?
From the inter-domain routing, after entering the local AS we often set the
priority of local border router, making that there are active and standby routes when
making a selection, there is a backup in the border route. In a fully connected
topology this backup method is frequently used.
-
2012-12-31 32 , 32
As shown in the following figure, the routing of the customer is sent through two
paths to the ISP, the two edge routers will form the two routes, but due to the different
priority the packets will be passed to the top of the ISP router which makes that there is
a master and standby router.
3.48 How the traffic to forward via equal-cost routing?
Packets sent by MSR router forward via the equal-cost routes is using per
package rather than per-flow forwarding method, the packets are forwarded through the
round robin of the interface. When packets are forwarded again after the traffic was
stopped, they will be forwarded according to the next hoop that was used last time.
3.49 What message does BGP use?
The messages in BGP are OPEN, UPDATE, KEEPALIVE and
NOTIFICATION.
OPEN message will be sent during TCP connection establish.
After the connection is established, if the route changes or needs to be sent,
UPDATE message will be sent.
In order to maintain the validity of the BGP connection, KEEPALIVE
messages will be sent regularly after the connection established.
NOTIFICATION messages will be sent after the error is occurred.