Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
The single biggest reason to consider using BGP between an Enterprise and an ISP is to influence
the choice of best path (best route). The idea of choosing the best path sounds appealing
at first. However, because the majority of the end-to-end route exists inside the
Internet, particularly if the destination is 12 routers and a continent away, it can be a challenge
to determine which exit point from the Enterprise is actually a better route.
As a result, Enterprises typically have two major classes of options for outbound routing
toward the Internet: default routing and BGP. Using default routes is perfectly reasonable,
depending on the objectives. This section examines the use of default routes toward the
Internet, and some of the typical Enterprise BGP designs and how they can be used to influence
outbound routes toward the Internet.
Comparing BGP and Default Routing for Enterprises
Chapter 4, “EIGRP Route Summarization and Filtering,” section “Default Routing to the
Internet Router,” introduced the concept of using default routes on branch office routers,
with static routes and redistribution on the WAN edge routers. With this design, the
branch router could use a default static route pointing toward the core of the network.
The WAN edge routers then needed static routes for the subnets at each branch, with the
WAN edge routers advertising these branch subnets into the core using an IGP.
The branch office default routing design results in less processing on the routers, less
memory consumption, and no IGP overhead on the link between the branch and WAN
distribution routers. In particular, the branch routers can have a single or a few default
routes, instead of potentially hundreds of routes for specific prefixes, all with the same
next-hop information.
The same general concept of using defaults and static routes at Enterprise branches can be
applied to the Enterprise network and its connections to one or a few ISPs. Similar to a
branch router, an entire Enterprise often has only a few connections to the Internet. If one
of those connections is considered better than the others, then all packets sent from the
Enterprise toward the Internet would normally follow that one Internet link, for all Internet
destinations. Likewise, the ISPs, similar to WAN distribution routers in this analogy,
could configure static routes for the Enterprise’s public IP address prefix and then use
BGP in the Internet to advertise those routes. Figure 12-8 shows the general idea.
not be significant. Alternatively, you could ask the ISP to advertise only a default route
with BGP.
Now that you have seen a few of the reasons why you may be fine using static routes instead
of BGP, consider why you might want to use BGP. First, it makes most sense to use
BGP when you have at least two Internet connections. Second, BGP becomes most useful
when you want to choose one outbound path over another path for particular destinations
in the Internet. In short, when you have multiple Internet connections, and you want to influence
some packets to take one path and some packets to take another, consider BGP.
The rest of this chapter examines different cases of Internet connectivity and weighs the
reasons why you might choose to use BGP. For this discussion, the perspective of the Enterprise
network engineer will be used. As such, outbound routing is considered to be
routes that direct packets from the Enterprise toward the Internet, and inbound routing
refers to routes that direct packets into the Enterprise from the Internet.
To aid in the discussion, this section examines four separate cases:
■ Single homed (1 link per ISP, 1 ISP)
■ Dual homed (2+ links per ISP, 1 ISP)
■ Single multihomed (1 link per ISP, 2+ ISPs)
■ Dual multihomed (2+ links per ISP, 2+ ISPs)
Note: The terms in the preceding list may be used differently depending on what book or
document you read. For consistency, this book uses these terms in the same way as the
Cisco authorized ROUTE course associated with the ROUTE exam.
Single Homed
The single-homed Internet design uses a single ISP, with a single link between the Enterprise
and the ISP. With single-homed designs, only one possible next-hop router exists for
any and all routes for destinations in the Internet. As a result, no matter what you do with
BGP, all learned routes would list the same outgoing interface for every route, which minimizes
the benefits of using BGP.
Single-homed designs often use one of two options for routing to and from the Internet:
■ Use static routes (default in the Enterprise, and a static for the Enterprise’s public address
range at the ISP).
■ Use BGP, but only to exchange a default (ISP to Enterprise) and a route for the Enterprise’s
public prefix (Enterprise to ISP).
The previous section, “Comparing BGP and Defaults for Enterprises,” already showed the
main concepts for the first option. For the second option, the concept still uses the IGP’s
mechanisms to flood a default throughout the Enterprise, causing all packets to go toward
the Internet facing router. Instead of static routes, however, the following must happen:
■ The ISP router uses BGP to advertise a default route to the Enterprise.
Key
Topic
www.CareerCert.info
Chapter 12: Internet Connectivity and BGP 405
■ You must configure the IGP on the Enterprise’s Internet-facing router to flood a default
route (typically only if the default route exists in that router’s routing table).
■ You must configure BGP on the Enterprise router and advertise the Enterprise’s public
prefix toward the ISP.
Both options–using static defaults and BGP learned defaults–have some negatives. Some
packets for truly nonexistent destinations flow through the Enterprise to the Internet-facing
router (E1 in the example of Figure 12-8), and over the link to the Internet, before being
discarded for lack of a matching route. For example, if the Enterprise used private
network 10.0.0.0/8 internally, packets destined for addresses in network 10.0.0.0/8 that
have not yet been deployed will match the default route and be routed to the Internet.
To avoid wasting this bandwidth by sending packets unnecessarily, a static route for
10.0.0.0/8, destination null0, could be added to the Internet-facing router but not advertised
into the rest of the Enterprise. (This type of route is sometimes called a discard
route.) This route would prevent the Internet-facing router from forwarding packets destined
for network 10.0.0.0/8 into the Internet.
Dual Homed
The dual-homed design has two (or more) links to the Internet, but with all links connecting
to a single ISP. This type of design can use a pair of routers, two pairs, or a combination,
as shown in the three cases in Figure 12-9.
Comparing the dual-homed case to the single-homed design, the second link gives the Enterprise
a choice. The Enterprise router(s) could choose between one of two links, and in
the case with two Enterprise routers, the choice of a different link also means the choice
of sending packets to a different router.
Each of the cases shown in Figure 12-9 is interesting, but the case with two Enterprise
routers provides the most ideas to consider. When considering whether to use BGP in this
case, and if so, how to use it, first think about whether you want to influence the choice
of outbound route. The common cases when using defaults works well, ignoring BGP, are:
■ To prefer one Internet connection over another for all destinations, but when the better
ISP connection fails, all traffic re-routes over the secondary connection.
■ To treat both Internet connections as equal, sending packets for some destinations out
each path. However, when one fails, all traffic re-routes over the one still-working path.
The text now examines each option, in order, including a discussion of how to choose the
best outbound routing using both partial and full BGP updates.
Preferring One Path over Another for All Destinations
When the design calls for one of the two Internet connections to always be preferred, regardless
of destination, BGP can be used, but it is not required. With a goal of preferring
one path over another, the routers can use default routes into the Internet.
To demonstrate the concept, Figure 12-10 shows a dual-homed design, this time with two
routers (E1 and E2) connected to the Internet. Each router has a single link into the single
ISP. (Using the terminology from the ROUTE class, dual homed means two or more links
www.CareerCert.info
406 CCNP ROUTE 642-902 Official Certification Guide
ASN 1000
E1 I1-1
ASN 1, ISP1
ASN 1000
ASN 1, ISP1
E1
I1-2
I1-1
ASN 1000 ASN 1, ISP1
I1-2
I1-1
E2
E1
Figure 12-9 Dual-Homed Design Options
but to a single ISP; dual multihomed means two or more links each to two or more different
ISPs.) Figure 12-10 shows the routes that result from using default routes to forward
all traffic toward Router E1.
Figure 12-10 shows that all routers forward the Internet-destined packets toward Router
E1, because this router has the faster Internet connection to ISP1 (100 Mbps in this case).
Again in this example, the other connection from Router E2 to ISP3 uses a 10 Mbps link.
To make this design work, with failover, both E1 and E2 need to advertise a default route
into the Enterprise, but the route advertised by the primary router (E1) needs to have metrics
set so that it is always the better of the two routes. For example, with EIGRP, E1 can
configure a static default route with Router I1-1 as the next hop, but with very high bandwidth
and very low delay upon redistribution into EIGRP. Conversely, E2 can create a default
for Router I1-2 as the next-hop router, but with a low bandwidth but high delay.
Example 12-1 shows the configuration of the static default route on both E1 and E2, with
the redistribute command setting the metrics.
Key
Topic
www.CareerCert.info
Chapter 12: Internet Connectivity and BGP 407
ASN 1 ISP1
I1-1
I1-2
WAN1 E1
WAN2 E2
Default
Default
Default
100 Mbps
10 Mbps
Enterprise
Figure 12-10 Dual-Homed Design, Using Defaults to Favor One Link
Example 12-1 Default Routing on Router E1
! Configuration on router E1 – note that the configuration uses
! a hostname instead of I1-1’s IP address
ip route 0.0.0.0 0.0.0.0 I1-1
router eigrp 1
redistribute static metric 100000 1 255 1 1500
! Configuration on router E2 - note that the configuration uses
! a hostname instead of I2-1’s IP address
ip route 0.0.0.0 0.0.0.0 I2-1
router eigrp 1
redistribute static metric 10000 100000 255 1 1500
Note: With EIGRP as the IGP, do not forget that the delay setting must be set higher to
avoid cases where some routers forward packets toward the secondary Internet router (E2).
The reason is that EIGRP uses constraining bandwidth, so a high setting of bandwidth at
the redistribution point on E1 may or may not cause more remote routers to use that route.
A slightly different approach can be taken in other variations of the dual-homed design, as
seen back in Figure 12-9. The first two example topologies in that figure show a single
router with two links to the same ISP. If the design called to using one link as the preferred
link, and the engineer decided to use default routes, that one router would need two default
routes. To make one route be preferred, that static default route would be assigned a
better administrative distance (AD) than the other route. For example, the commands ip
route 0.0.0.0 0.0.0.0 I1-1 3 and ip route 0.0.0.0 0.0.0.0 I1-2 4 could be used on Router E1
in Figure 12-9, giving the route through I1-1 a lower AD (3), preferring that route. If the
link to I1-1 failed, the other static default route, through I1-2, would be used.
Choosing One Path over Another Using BGP
The big motivation to use BGP occurs when you want to influence which link is used for
certain destinations in the Internet. To see such a case, consider Figure 12-11, which adds
www.CareerCert.info
408 CCNP ROUTE 642-902 Official Certification Guide
I1-1
I1-2
S0/0 eBGP
ASN 1 ISP1
ASN 2 ISP2
S0/0 eBGP
ASN 13
iBGP Mesh
I3
192.135.250.0/28
dest = 192.135.250.1
Company 3
Core2
B2
B3
B1
E2
WAN2
E1
I1-3
WAN1 Core1
1
2
3
4 5
6
Figure 12-11 Preferring One Outbound Link over Another
Company 3 to the design. In this case, Company 3 uses prefix 192.135.250.0/28 as its
public address range. Company 3 may be located closer to I1-2 inside ISP1 than to
Router I1-1, and in such cases, the BGP design calls for making the packets flow over the
route as shown.
Two notable actions must take place for this design to work, beyond the basic configuration
of the eBGP peers as shown. First, the engineers at the Enterprise and ISP must agree
as to how to make BGP specify a prefix as being best reached through a particular link. In
this particular case, the routes advertised by I1-2 for prefix for 192.135.250.0/28 must
have BGP PA settings that appear better than those learned from I1-1. In this case, you
cannot just rely on the default of checking the AS_Path length, because the AS_Path
length should tie, because I1-1 and I1-2 are in the same ASN. So when planning with the
engineers of ISP1, the Enterprise network engineer must discuss what kinds of prefixes
that might work better through I1-1, which would be better through I1-2, and how the ISP
might set PA values to which the Enterprise routers (E1 and E2) can react. (Chapter 15 discusses
some of the options to influence the outbound routes.)
The second big consideration occurs inside the Enterprise network with a need to run
BGP between multiple routers. So far in this chapter, the Enterprise routers all used default
routes to send packets to the Internet-facing routers, and only those routers knew Internet
routes. However, for the design of Figure 12-11 to work, E1 and E2 must communicate
BGP routes using an iBGP connection. And because packet forwarding between E1 and
E2 goes through other routers (such as Core1 and Core2), those routers typically also need
to run BGP. You might even decide to run BGP on theWAN routers as well. By doing so,
the core routers know the best BGP routes; for instance, they all know that the better
www.CareerCert.info
Chapter 12: Internet Connectivity and BGP 409
Key
Topic
route for Company 3’s 192.135.250.0/28 public address space is through E2, so the packet
is forwarded to E2. The following list outlines the logic matching Figure 12-11:
Step 1. A host at Branch B1 sends a packet to 192.135.250.1.
Step 2. Router B1 matches its default route, forwarding the packet to Router WAN2.
Step 3. WAN2 matches its iBGP-learned route for 192.135.250.0/28, forwarding to
Core2.
Step 4. Core2 matches its iBGP-learned route for 192.135.250.0/28, forwarding to E2.
Step 5. E2 matches its eBGP-learned route for 192.135.250.0/28, forwarding to I1-2.
Step 6. The routers in ISP1 forward the packet to Router I3, in Company 3.
The routers in the core of the Enterprise need to run BGP because without it, routing
loops can occur. For example, if WAN1, WAN2, Core1, and Core2 did not use BGP, and
relied on default routes, their default would drive packets to either E1 or E2. Then, E1 or
E2 might send the packets right back to Core1 or Core2. (Note that there is no direct link
between E1 and E2.) Figure 12-12 shows just such a case.
In this case, both E1 and E2 know that E2 is the best exit point for packets destined to
192.135.250.0/28 (from Figure 12-11). However, the core routers use default routes, with
WAN1 and Core1 using defaults that send packets to E1. Following the numbers in the figure
ISP1
R
192.135.250.0/28
Company 3
Core2 I1-2
192.135.250.0/28
to E2
WAN2 E2
I1-1
Default
WAN1 Core1 E1
Default (Again)
Default
1 2
3
4
Figure 12-12 A Routing Loop Without BGP in the Enterprise Core
www.CareerCert.info
410 CCNP ROUTE 642-902 Official Certification Guide
Key
Topic
Step 1. WAN1 gets a packet destined for 192.135.250.1 and forwards the packet to
Core1 based on its default route.
Step 2. Core1 gets the packet and has no specific route, so it forwards the packet to E1
based on its default route.
Step 3. E1’s BGP route tells it that E2 is the better exit point for this destination. To
send the packet to E2, E1 forwards the packet to Core1.
Step 4. Core1, with no knowledge of the BGP route for 192.135.250.0/28, uses its default
route to forward the packet to E1, so the packet is now looping.
A mesh of iBGP peerings between at least E1, E2, Core1, and Core2 would prevent this
problem.
Partial and Full BGP Updates
Unfortunately, Enterprise routers must pay a relatively large price for the ability to choose
between competing BGP routes to reach Internet destinations. As previously mentioned,
the BGP table in the Internet core is at approximately 300,000 routes as of the writing of
this chapter in 2009. To make a decision to use one path instead of another, an Enterprise
router must know about at least some of those routes. Exchanging BGP information for
such a large number of routes consumes bandwidth. It also consumes memory in the
routers and requires some processing to choose the best routes. Some samples at
Cisco.com show BGP using approximately 70 MB of RAM for the BGP table on a router
with 100,000 BGP-learned routes.
To make matters a bit worse, in some cases, several Enterprise routers may also need to
use BGP, as shown in the previous section. Those routers also need more memory to hold
the BGP table, and they consume bandwidth exchanging the BGP table.
To help reduce the memory requirements of receiving full BGP updates (BGP updates that
include all routes), ISPs give you three basic options for what routes the ISP advertises:
■ Default route only: The ISP advertises a default route with BGP, but no other routes.
■ Full updates: The ISP sends you the entire BGP table.
■ Partial updates: The ISP sends you routes for prefixes that might be better reached
through that ISP, but not all routes, plus a default route (to use instead of the purposefully
omitted routes as needed).
If all you want to do with a BGP connection is use it by default, then you can have the ISP
send just a default route. If you are willing to take on the overhead of getting all BGP
routes, then asking for full updates is reasonable. However, if you want something in between,
the partial updates option is useful.
BGP partial updates give you the benefit of choosing the best routes for some destinations,
while limiting the bandwidth and memory consumption. With partial updates, the
ISP advertises routes for prefixes that truly are better reached through a particular link.
However, for prefixes that may not be any better through that link, the ISP does not advertise
those prefixes with BGP. Then the Enterprise routers can use the better path based on
www.CareerCert.info
Chapter 12: Internet Connectivity and BGP 411
the routes learned with BGP, and use a default route for the prefixes not learned with BGP.
For example, previously in Figure 12-11, Router I1-2 could be configured to only advertise
routes for those such as 192.135.250.0/28, from Company 3 in that figure–in other words,
only routes for which Router I1-2 had a clearly better route than the other ISP1 routers.
Single Multihomed
A single-multihomed topology means a single link per ISP, but multiple (at least 2) ISPs.
Figure 12-13 shows a couple of single-multihomed designs, each with two ISPs:
The single-multihomed design has some similarities with both the single-homed and dualhomed
designs previously seen in this section. The single-multihomed design on the top
of the figure, which uses a single router, acts like the single-homed design for default
routes in the Enterprise. This design can flood a default route throughout the Enterprise,
drawing traffic to that one router, because only one router connects to the Internet. With
the two-router design on the lower half of Figure 12-13, defaults can still be used in the
Enterprise to draw traffic to the preferred Internet connection (if one is preferred) or to
balance traffic across both.
The single-multihomed design works like the dual-homed design in some ways because
two (or more) links connect the Enterprise to the Internet. With two links, the Internet design
might call for the use of defaults, always preferring one of the links. The design engineer
might also choose to use BGP, learn either full or partial updates, and then favor one
connection over another for some of the routes.
Figure 12-14 shows these concepts with a single-multihomed design, with default routes
in the Enterprise to the one Internet router (E1).
Dual Multihomed
The last general category of Internet access topologies is called dual multihomed. With
this design, two or more ISPs are used, with two or more connections to each. A number
of different routers can be used. Figure 12-15 shows several examples.
Figure 12-15 does not show all design options, but because at least two ISPs exist, and at
least two connections per ISP, much redundancy exists. That redundancy can be used for
backup, but most often, BGP is used to make some decisions about the best path to reach
various destinations.
No comments:
Post a Comment