Sunday, March 5, 2023

BGP Attributes LAB - Local Preference and AS-Prepend

This LAB demonstrates the use of BGP attributes such as Local Preference and Prepending AS-Path to influence inbound and outbound traffic within an Autonomous System.

  • Local Preference
    • As you all know that this attribute is only applicable within an Autonomous System and the routes with higher Local Preference value are more preferred than the lower. Therefore, this attribute is applicable to all the outbound traffic exiting your AS if you have multiple exit points. The default value is 100.
  • Prepend AS-Path
    • In this attribute, we add ASN numbers of the local AS to the routes advertised outbound to another AS. Let's say our Local AS is 1234 and the other AS is 2000. Then the other AS will not choose its original path through AS 2000 to reach the destination networks but instead it will choose another path through AS 3000 to reach the destination networks. This is because BGP always chooses the route with the shortest AS-Path value in its routing table.
Host-A and Host-B are connected to R1 and R2 respectively. All these devices are in Autonomous System 1234. R1 is peering with R2 through iBGP configurations.
ISP01, ISP02, and ISP03 are service provider networks where each router is in different Autonomous systems as shown below.
  • ISP01 is in ASN 2000
  • ISP02 is in ASN 3000
  • ISP03 is in ASN 4000
The webserver exists on ISP03 network.

The primary task in this LAB is to influence the traffic flow from Host01 and Host02 to reach the webserver and vice versa.
We will follow two main conditions for the traffic flow between Host01, Host02 to reach the Webserver.

Condition-1: BGP configurations with default attributes

The “next-hop-self” feature on BGP will give us proper gateway IP for an alternate route to reach destination networks

Configuration for R1
configure terminal
interface GigabitEthernet0/0
ip address 192.168.30.0 255.255.255.254
no shut
exit
!
interface serial2/0
ip address 45.45.45.1 255.255.255.254
no shut
exit
!
interface ethernet3/0
ip address 192.168.10.1 255.255.255.0
no shut
exit
!
ip dhcp pool HOST-A
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
exit
!
router bgp 1234
neighbor 192.168.30.1 remote-as 1234
neighbor 45.45.45.0 remote-as 2000
address-family ipv4
redistribute connected
neighbor 192.168.30.1 activate
neighbor 192.168.30.1 next-hop-self
neighbor 45.45.45.0 activate
neighbor 45.45.45.0 next-hop-self
exit
!
end
wr

Configuration for R2
configure terminal
interface GigabitEthernet0/0
ip address 192.168.30.1 255.255.255.254
no shut
exit
!
interface serial2/0
ip address 54.54.54.0 255.255.255.254
no shut
exit
!
interface ethernet3/0
ip address 192.168.20.1 255.255.255.0
no shut
exit
!
ip dhcp pool HOST-A
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 192.168.20.1
exit
!
router bgp 1234
neighbor 192.168.30.0 remote-as 1234
neighbor 54.54.54.1 remote-as 3000
address-family ipv4
redistribute connected
neighbor 192.168.30.0 activate
neighbor 192.168.30.0 next-hop-self
neighbor 54.54.54.1 activate
neighbor 54.54.54.1 next-hop-self
exit
!
end
wr

R1#
*Mar  5 17:39:18.071: %BGP-5-ADJCHANGE: neighbor 192.168.30.1 Up
R1#

Configuration for ISP1
configure terminal
interface GigabitEthernet0/0
ip address 192.168.40.1 255.255.255.254
no shut
exit
!
interface serial2/0
ip address 45.45.45.0 255.255.255.254
no shut
exit
!
router bgp 2000
neighbor 192.168.40.0 remote-as 4000
neighbor 45.45.45.1 remote-as 1234
address-family ipv4
redistribute connected
neighbor 192.168.40.0 activate
neighbor 192.168.40.0 next-hop-self
neighbor 45.45.45.1 activate
neighbor 45.45.45.1 next-hop-self
exit
!
end
wr

ISP1#
*Mar  5 17:07:53.479: %BGP-5-ADJCHANGE: neighbor 45.45.45.1 Up
ISP1#

Configuration for ISP2
configure terminal
interface GigabitEthernet0/0
ip address 192.168.50.0 255.255.255.254
no shut
exit
!
interface serial2/0
ip address 54.54.54.1 255.255.255.254
no shut
exit
!
router bgp 3000
neighbor 192.168.50.1 remote-as 4000
neighbor 54.54.54.0 remote-as 1234
address-family ipv4
redistribute connected
neighbor 192.168.50.1 activate
neighbor 192.168.50.1 next-hop-self
neighbor 54.54.54.0 activate
neighbor 54.54.54.0 next-hop-self
exit
!
end
wr

ISP2#
*Mar  5 17:07:41.835: %BGP-5-ADJCHANGE: neighbor 54.54.54.0 Up
ISP2#

Configuration for ISP3
configure terminal
interface GigabitEthernet0/0
ip address 192.168.40.0 255.255.255.254
no shut
exit
!
interface GigabitEthernet1/0
ip address 192.168.50.1 255.255.255.254
no shut
exit
!
interface ethernet3/0
ip address 192.168.60.1 255.255.255.0
no shut
exit
!
ip dhcp pool Web-Server
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
dns-server 192.168.60.1
exit
!
router bgp 4000
neighbor 192.168.40.1 remote-as 2000
neighbor 192.168.50.0 remote-as 3000
address-family ipv4
redistribute connected
neighbor 192.168.40.1 activate
neighbor 192.168.40.1 next-hop-self
neighbor 192.168.50.0 activate
neighbor 192.168.50.0 next-hop-self
exit
!
end
wr

ISP3#
*Mar  5 17:09:08.387: %BGP-5-ADJCHANGE: neighbor 192.168.50.0 Up
*Mar  5 17:09:09.011: %BGP-5-ADJCHANGE: neighbor 192.168.40.1 Up
ISP3#

Run “ip dhcp” on Host-A, Host-B and Web-Server, so that they get IP assigned.

Host-A> ip dhcp
DDORA IP 192.168.10.2/24 GW 192.168.10.1 

Host-B> ip dhcp
DDORA IP 192.168.20.2/24 GW 192.168.20.1

Web-Server> ip dhcp
DORA IP 192.168.60.2/24 GW 192.168.60.1

Let us do some verifications on the routes taken when we have not modified any attributes. BGP will go through all attributes one by one in selecting the best route to reach the destination.

Host-A> ping 192.168.60.2
84 bytes from 192.168.60.2 icmp_seq=1 ttl=61 time=91.788 ms
84 bytes from 192.168.60.2 icmp_seq=2 ttl=61 time=92.158 ms
84 bytes from 192.168.60.2 icmp_seq=3 ttl=61 time=91.214 ms
84 bytes from 192.168.60.2 icmp_seq=4 ttl=61 time=91.939 ms
84 bytes from 192.168.60.2 icmp_seq=5 ttl=61 time=92.687 ms
Host-A>

The PING results show that the connectivity is established between Host-A and the Web-Server. Now we will check the BGP routing table on R1 to see what path it takes to reach the webserver.

R1#show ip bgp
BGP table version is 9, local router ID is 192.168.30.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 
     Network          Next Hop            Metric LocPrf Weight Path
 *   45.45.45.0/31    45.45.45.0               0             0 2000 ?
 *>                   0.0.0.0                  0         32768 ?
 *>i 54.54.54.0/31    192.168.30.1             0    100      0 ?
 *>  192.168.10.0     0.0.0.0                  0         32768 ?
 *>i 192.168.20.0     192.168.30.1             0    100      0 ?
 * i 192.168.30.0/31  192.168.30.1             0    100      0 ?
 *>                   0.0.0.0                  0         32768 ?
 *>  192.168.40.0/31  45.45.45.0               0             0 2000 ?
 *   192.168.50.0/31  45.45.45.0                             0 2000 4000 ?
 *>i                  192.168.30.1             0    100      0 3000 ?
 * i 192.168.60.0     192.168.30.1             0    100      0 3000 4000 ?
 *>                   45.45.45.0                             0 2000 4000 ?
R1#

R1#show ip bgp 192.168.60.2
BGP routing table entry for 192.168.60.0/24, version 9
Paths: (2 available, best #2, table default)
  Advertised to update-groups:
     3
  Refresh Epoch 1
  3000 4000
    192.168.30.1 from 192.168.30.1 (192.168.30.1)
      Origin incomplete, metric 0, localpref 100, valid, internal
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  2000 4000
    45.45.45.0 from 45.45.45.0 (192.168.40.1)
      Origin incomplete, localpref 100, valid, external, best
      rx pathid: 0, tx pathid: 0x0
R1#

The BGP routing table on R1 tells us that to reach 192.168.60.0/24 network it is going through ISP1 route. This is because according to the BGP attribute it has selected the best path external over the internal path as shown above.

Condition-2: BGP configurations with modified attributes

Let’s assume that our network is not stable through ISP01 because we are experiencing a packet loss beyond ISP01.

Now  let focus on outbound traffic flow. So, if we want Host-A to take the ISP02 path instead of ISP01, we can manipulate it using Local Preference for the inbound traffic on R2 for ISP02 neighbor.

Configuration for R2
configure terminal
router bgp 1234
address-family ipv4
neighbor 54.54.54.1 route-map INBOUND in
exit
exit
route-map INBOUND permit 10
set local-preference 200
!
end
wr

Now if we see the path from Host-A to Webserver, it will take the path from ISP02 instead ISP01, as the local preference value is higher for ISP02 path.

Host-A> trace 192.168.60.2
trace to 192.168.60.2, 8 hops max, press Ctrl+C to stop
 1   192.168.10.1   15.462 ms  15.850 ms  16.167 ms
 2   192.168.30.1   47.279 ms  47.549 ms  46.231 ms
 3   54.54.54.1   61.104 ms  76.163 ms  77.495 ms
 4   192.168.50.1   91.609 ms  92.555 ms  92.682 ms
 5   *192.168.60.2   106.949 ms (ICMP type:3, code:3, Destination port unreachable)
Host-A>

R1#show ip bgp 192.168.60.2
BGP routing table entry for 192.168.60.0/24, version 29
Paths: (2 available, best #1, table default)
  Advertised to update-groups:
     5
  Refresh Epoch 1
  3000 4000
    192.168.30.1 from 192.168.30.1 (192.168.30.1)
      Origin incomplete, metric 0, localpref 200, valid, internal, best
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 2
  2000 4000
    45.45.45.0 from 45.45.45.0 (192.168.40.1)
      Origin incomplete, localpref 100, valid, external
      rx pathid: 0, tx pathid: 0
R1#

But now the issue is the inbound traffic from Webserver to Host-A is still coming from ISP01 circuit as from below trace:

Web-Server> trace 192.168.10.2
trace to 192.168.10.2, 8 hops max, press Ctrl+C to stop
 1   192.168.60.1   15.396 ms  15.341 ms  15.842 ms
 2   192.168.40.1   46.686 ms  45.724 ms  45.938 ms
 3   45.45.45.1   91.782 ms  90.778 ms  90.307 ms
 4   *192.168.10.2   105.879 ms (ICMP type:3, code:3, Destination port unreachable)
Web-Server>

So, to manipulate the inbound traffic flow, we can use AS Prepend so that the traffic will get diverted through ISP02, as ISP02 will have shortest AS path.

Configuration for R1
configure terminal
router bgp 1234
address-family ipv4
neighbor 45.45.45.0 route-map OUTBOUND out
exit
exit
route-map OUTBOUND permit 10
set as-path prepend 1234 1234 1234
!
end
wr

So, now if we check on ISP01 for route towards Host-A, it will show  the other path as best paths instead of ISP01 circuit

ISP1#show ip bgp 192.168.10.2
BGP routing table entry for 192.168.10.0/24, version 33
Paths: (2 available, best #1, table default)
  Advertised to update-groups:
     2
  Refresh Epoch 1
  4000 3000 1234
    192.168.40.0 from 192.168.40.0 (192.168.60.1)
      Origin incomplete, localpref 100, valid, external, best
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 1
  1234 1234 1234 1234
    45.45.45.1 from 45.45.45.1 (192.168.30.0)
      Origin incomplete, metric 0, localpref 100, valid, external
      rx pathid: 0, tx pathid: 0
ISP1#

We can also verify through traceroute on Webserver to reach the Host-A.

Web-Server> trace 192.168.10.2
trace to 192.168.10.2, 8 hops max, press Ctrl+C to stop
 1   192.168.60.1   15.593 ms  15.446 ms  15.611 ms
 2   192.168.50.0   47.276 ms  48.049 ms  46.417 ms
 3   54.54.54.0   76.942 ms  77.174 ms  77.605 ms
 4   192.168.30.0   107.766 ms  108.474 ms  106.352 ms
 5   *192.168.10.2   122.066 ms (ICMP type:3, code:3, Destination port unreachable)
Web-Server>

In my scenario, I have selected Local Preference and Prepend AS-PATH metric to influence the inbound and outbound routes for the hosts in ASN1234 to reach the Webserver because these metrics can be configured on the edge routers within the ASN-1234 and we don’t have to tell our ISP to influence the BGP routes for us because mostly the ISPs are not responsible to route the traffic within our ASN-1234.

Thank you for following my Blog and let me know if you have any questions?

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)