Código fonte Wiki de BGP peering with an ISP
Última modificação por Jean Franco em 2024/06/09 22:16
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | = Overview = | ||
| 2 | |||
| 3 | When you have your own IPv4/IPv6 address space, it's advantageous to announce it via your router to your ISP - especially if you have multiple providers (multi-homing). Even the lowest end EdgeRouters such as the ER-X and ERL can do a full BGP table. | ||
| 4 | |||
| 5 | == The Prefix Lists == | ||
| 6 | |||
| 7 | The prefix lists are used to control what routes you get from your ISP, as well as the ones you send (announce). | ||
| 8 | |||
| 9 | {{{policy { | ||
| 10 | prefix-list BGP-ISP-From { | ||
| 11 | rule 10 { | ||
| 12 | action permit | ||
| 13 | le 24 | ||
| 14 | prefix 0.0.0.0/0 | ||
| 15 | } | ||
| 16 | } | ||
| 17 | prefix-list BGP-ISP-To { | ||
| 18 | rule 10 { | ||
| 19 | action permit | ||
| 20 | prefix 192.0.2.0/24 | ||
| 21 | } | ||
| 22 | } | ||
| 23 | prefix-list6 BGP-ISPv6-From { | ||
| 24 | rule 10 { | ||
| 25 | action permit | ||
| 26 | le 64 | ||
| 27 | prefix 0::/0 | ||
| 28 | } | ||
| 29 | } | ||
| 30 | prefix-list6 BGP-ISPv6-To { | ||
| 31 | rule 10 { | ||
| 32 | action permit | ||
| 33 | le 48 | ||
| 34 | prefix 2001:DB8::/32 | ||
| 35 | } | ||
| 36 | } | ||
| 37 | }}}} | ||
| 38 | |||
| 39 | The -From prefix lists are for routes you receive (imported) from your ISP, while the -To lists are for routes being exported (announced) to your provider. In the case of IPv4, the smallest globally accepted size most if not all providers announce is /24. For IPv6, the smallest globally accepted size is /48. | ||
| 40 | |||
| 41 | 'le' means any prefix smaller (ie: 'le 48' won't allow a /64 IPv6 prefix from your ISP's routing table, but it will allow a /32). 'ge' means any prefix greater (ie: 'ge 56' won't allow a /48, but will allow a /56, /64, or even /128). | ||
| 42 | |||
| 43 | In the above examples, 192.0.2.0/24 is your IPv4 netblock, and 2001:DB8::/32 is your IPv6 one. 0.0.0.0/0 and 0::/0 means match all. | ||
| 44 | |||
| 45 | == The Route Maps == | ||
| 46 | |||
| 47 | While you can just use prefix lists with BGP to control routes imported and exported, route maps give you much more flexibility and control, and can even include AS path matching. | ||
| 48 | |||
| 49 | {{{policy { | ||
| 50 | route-map BGP-ISPv6-From { | ||
| 51 | rule 10 { | ||
| 52 | action permit | ||
| 53 | match { | ||
| 54 | ipv6 { | ||
| 55 | address { | ||
| 56 | prefix-list BGP-ISPv6-From | ||
| 57 | } | ||
| 58 | } | ||
| 59 | } | ||
| 60 | } | ||
| 61 | } | ||
| 62 | route-map BGP-ISPv6-To { | ||
| 63 | rule 10 { | ||
| 64 | action permit | ||
| 65 | match { | ||
| 66 | ipv6 { | ||
| 67 | address { | ||
| 68 | prefix-list BGP-ISPv6-To | ||
| 69 | } | ||
| 70 | } | ||
| 71 | } | ||
| 72 | } | ||
| 73 | } | ||
| 74 | route-map BGP-ISP-From { | ||
| 75 | rule 10 { | ||
| 76 | action permit | ||
| 77 | match { | ||
| 78 | ip { | ||
| 79 | address { | ||
| 80 | prefix-list BGP-ISP-From | ||
| 81 | } | ||
| 82 | } | ||
| 83 | } | ||
| 84 | } | ||
| 85 | } | ||
| 86 | route-map BGP-ISP-To { | ||
| 87 | rule 10 { | ||
| 88 | action permit | ||
| 89 | match { | ||
| 90 | ip { | ||
| 91 | address { | ||
| 92 | prefix-list BGP-ISP-To | ||
| 93 | } | ||
| 94 | } | ||
| 95 | } | ||
| 96 | } | ||
| 97 | } | ||
| 98 | }}}} | ||
| 99 | |||
| 100 | Like the prefix lists, -To and -From are your specific directions in and out (import and export). They're pretty self explanatory and reference the prefix lists used before. | ||
| 101 | |||
| 102 | == BGP Protocol Configuration == | ||
| 103 | |||
| 104 | {{{protocols { | ||
| 105 | bgp 65501 { | ||
| 106 | address-family { | ||
| 107 | ipv6-unicast { | ||
| 108 | network 2001:DB8::/32 { | ||
| 109 | } | ||
| 110 | } | ||
| 111 | } | ||
| 112 | neighbor 100.64.100.1 { | ||
| 113 | remote-as 65502 | ||
| 114 | route-map { | ||
| 115 | export BGP-ISP-To | ||
| 116 | import BGP-ISP-From | ||
| 117 | } | ||
| 118 | soft-reconfiguration { | ||
| 119 | inbound | ||
| 120 | } | ||
| 121 | update-source 100.64.100.2 | ||
| 122 | } | ||
| 123 | neighbor fd00::1 { | ||
| 124 | address-family { | ||
| 125 | ipv6-unicast { | ||
| 126 | route-map { | ||
| 127 | export BGP-ISPv6-To | ||
| 128 | import BGP-ISPv6-From | ||
| 129 | } | ||
| 130 | } | ||
| 131 | } | ||
| 132 | remote-as 65502 | ||
| 133 | soft-reconfiguration { | ||
| 134 | inbound | ||
| 135 | } | ||
| 136 | update-source fd00::2 | ||
| 137 | } | ||
| 138 | network 192.0.2.0/24 { | ||
| 139 | } | ||
| 140 | parameters { | ||
| 141 | router-id 100.64.100.2 | ||
| 142 | } | ||
| 143 | redistribute { | ||
| 144 | connected { | ||
| 145 | } | ||
| 146 | kernel { | ||
| 147 | } | ||
| 148 | static { | ||
| 149 | } | ||
| 150 | } | ||
| 151 | } | ||
| 152 | }}}} | ||
| 153 | |||
| 154 | In the above example, our local router has the IPv4 address of 100.64.100.2 and the IPv6 address of fd00::2 with an ASN of 65501. The BGP enabled router on our ISP side is 100.64.100.1 and fd00::1 with an ASN of 65502. We are assuming that our routers are connected over a non-shared link within one hop. If the BGP router is more than one hop away, you need to configure 'ebgp-multihop' with the appropriate amount of hops away your ISP's router is. | ||
| 155 | |||
| 156 | == Showing BGP Information == | ||
| 157 | |||
| 158 | {{{user@router1:~$ show ip bgp neighbor | ||
| 159 | BGP neighbor is 100.64.100.2, remote AS 65502, local AS 65501, external link | ||
| 160 | BGP version 4, remote router ID 100.64.100.2 | ||
| 161 | BGP state = Established, up for 01w0d05h | ||
| 162 | Last read 01w0d05h, hold time is 90, keepalive interval is 30 seconds | ||
| 163 | Neighbor capabilities: | ||
| 164 | Route refresh: advertised and received (old and new) | ||
| 165 | 4-Octet ASN Capability: advertised and received | ||
| 166 | Address family IPv4 Unicast: advertised and received | ||
| 167 | Address family IPv4 Multicast: received | ||
| 168 | Received 2838376 messages, 0 notifications, 0 in queue | ||
| 169 | Sent 20788 messages, 0 notifications, 0 in queue | ||
| 170 | Route refresh request: received 0, sent 0 | ||
| 171 | Minimum time between advertisement runs is 30 seconds | ||
| 172 | Update source is 100.64.100.1 | ||
| 173 | For address family: IPv4 Unicast | ||
| 174 | BGP table version 6603726, neighbor version 6603716 | ||
| 175 | Index 2, Offset 0, Mask 0x4 | ||
| 176 | Inbound soft reconfiguration allowed | ||
| 177 | Community attribute sent to this neighbor (both) | ||
| 178 | Inbound path policy configured | ||
| 179 | Outbound path policy configured | ||
| 180 | Route map for incoming advertisements is *BGP-ISP-From | ||
| 181 | Route map for outgoing advertisements is *BGP-ISP-To | ||
| 182 | 688930 accepted prefixes | ||
| 183 | 1 announced prefixes | ||
| 184 | |||
| 185 | Connections established 1; dropped 0 | ||
| 186 | External BGP neighbor may be up to 1 hops away. | ||
| 187 | Local host: 100.64.100.2, Local port: 60803 | ||
| 188 | Foreign host: 100.64.100.1, Foreign port: 179 | ||
| 189 | Nexthop: 100.64.100.1 | ||
| 190 | BGP connection: shared network | ||
| 191 | |||
| 192 | BGP neighbor is fd00::1, remote AS 65502, local AS 65501, external link | ||
| 193 | BGP version 4, remote router ID 100.64.100.1 | ||
| 194 | BGP state = Established, up for 01w0d05h | ||
| 195 | Last read 01w0d05h, hold time is 180, keepalive interval is 60 seconds | ||
| 196 | Neighbor capabilities: | ||
| 197 | Route refresh: advertised and received (old and new) | ||
| 198 | 4-Octet ASN Capability: advertised and received | ||
| 199 | Address family IPv4 Unicast: advertised | ||
| 200 | Address family IPv6 Unicast: advertised and received | ||
| 201 | Received 686685 messages, 0 notifications, 0 in queue | ||
| 202 | Sent 10394 messages, 0 notifications, 0 in queue | ||
| 203 | Route refresh request: received 0, sent 0 | ||
| 204 | Minimum time between advertisement runs is 30 seconds | ||
| 205 | Update source is fd00::2 | ||
| 206 | For address family: IPv4 Unicast | ||
| 207 | BGP table version 6603726, neighbor version 6603716 | ||
| 208 | Index 1, Offset 0, Mask 0x2 | ||
| 209 | Inbound soft reconfiguration allowed | ||
| 210 | Community attribute sent to this neighbor (both) | ||
| 211 | 0 accepted prefixes | ||
| 212 | 0 announced prefixes | ||
| 213 | |||
| 214 | For address family: IPv6 Unicast | ||
| 215 | BGP table version 858622, neighbor version 858620 | ||
| 216 | Index 1, Offset 0, Mask 0x2 | ||
| 217 | Community attribute sent to this neighbor (both) | ||
| 218 | Inbound path policy configured | ||
| 219 | Outbound path policy configured | ||
| 220 | Route map for incoming advertisements is *BGP-ISPv6-From | ||
| 221 | Route map for outgoing advertisements is *BGP-ISPv6-To | ||
| 222 | 49892 accepted prefixes | ||
| 223 | 1 announced prefixes | ||
| 224 | |||
| 225 | Connections established 1; dropped 0 | ||
| 226 | Local host: fd00::2, Local port: 179 | ||
| 227 | Foreign host: fd00::1, Foreign port: 8044 | ||
| 228 | Nexthop: 100.64.100.1 | ||
| 229 | Nexthop global: fd00::1 | ||
| 230 | BGP connection: shared network}}} |