Last updated: 10-06-2019 22:57

• Revision
  • Autonomous System (AS)
  • Border Gateway Protocol (BGP-4)
  • Interior Gateway Protocol (IGP)
• Intermediate System to Intermediate System (IS-IS)
  • Comparison of terminology between OSPF and IS-IS
  • Adjacency
  • IS-IS levels
  • Multiprotocol
  • IS-IS Links
  • Designated Intermediate System (DIS)
  • IS-IS in IOS
  • IS-IS costs
  • IS-IS Neighbour Authentication
  • Other IS-IS Features
  • IPv6 in IS-IS
  • Conclusion
• Border Gateway Protocol (BGPv4)
  • Path Vector Protocol
  • Default Free Zone
  • Autonomous System (AS)
  • BGP operation
  • AS dot notation
  • Configuring BGP on Cisco
  • Constructing the Forwarding Table
  • eBGP & iBGP
  • Configuring External BGP
  • Internal BGP (iBGP)
  • Configuring Internal BGP
  • Inserting prefixes into BGP
    • redistribute static
    • network command
  • Configuring Aggregation
  • Viewing configurations
  • BGP Summary

Revision

Routing Information Base (RIB) tables → Forwarding Information Base (FIB) table

Static; OSPF Link State Database (LSDB); BGP → RIB → FIB

  router# show ip cef     # Check the FIB
  router# show ip route   # Check the RIB
  

Egress and Ingress routing. Policies.

Autonomous System (AS)

• Neighbours
• Announce - Send info to a neighbour
• Accept - receive routing info from neighbour
• Originate - insert IGP routes into routing info
• Peers

    AS1 [ Outbound filtering ] → Announce → AS2
    AS1 [ Inbound filtering  ] ←  Accept  ← AS2
    
  

  Routing policies: Control packet flow

Border Gateway Protocol (BGP-4)

• Scaling
• Administrative boundary
• Policy

Interior Gateway Protocol (IGP)

• IS-IS: Runs on the links (L2)
• OSPF: Runs on the router (L3)

Similar level of features.

Intermediate System to Intermediate System (IS-IS)

• ISO 10589 specifies OSI IS-IS routing protocol Connectionless-mode Network Protocol (CLNP) for Connectionless-mode Network Service (CLNS) traffic
  • A Link State protocol with a 2 level hierarchical architecture
  • Type/Length/Value (TLV) options to enhance the protocol
  • RFC 1195 added IP support

• Integrated IS-IS (I/IS-IS)
  • Runs on top of the Data Link Layer

Comparison of terminology between OSPF and IS-IS

IS-IS and OSPF Terminology

Routers with IS-IS enabled on them look for neighbouring routers also running IS-IS. 'Hello' Protocol Data Units (PDUs) are exchanged, these includes the list of known neighbours and details such as hello interval and router dead interval.

• Hello interval – how often the router will send Hellos.
• Router dead interval – how long to wait before deciding router has disappeared.

The values of hello interval and router dead interval must match on both neighbours. When a neighbouring router responds with matching details, a neighbour relationship is formed.

Adjacency

A relationship is formed between neighbouring routers for the purpose of exchanging routing information.

Once an adjacency is formed, neighbours share their link state information. Information goes in a Link State PDU (LSP). LSPs are flooded to all neighbours. New information received from neighbours is used to compute a new view of the network. On a link failure, new LSPs are flooded and the routers recompute the routing table.

All routers across the network form neighbour relationships with their directly attached neighbours. Each router computes the routing table Once each router has the same view of the network, the network has converged. The IGP design for a network is crucially important to ensure scalability and rapid convergence. Generally: the fewer the prefixes, the faster the convergence.

IS-IS levels

IS-IS has a 2 layer hierarchy, Level-2 (the backbone) and Level-1 (the edge).

and a router can be:

• Level-1 (L1) router
• Level-2 (L2) router
• Level-1-2 (L1L2) router

Most small to medium networks (up to ~400 routers) can happily exist in Level-2.

Multiprotocol

I/IS-IS carries CLNS and IPv4 address families,RFC5308 adds IPv6 address family support and RFC5120 adds multi-topology support. IS-IS extended to carry IPv6 prefixes by either sharing topology with IPv4 when IPv4 and IPv6 topologies are identical or using multi-topology, independent of IPv4 which allows incremental roll-out of IPv6.

IS-IS Links

Two types of links in IS-IS:

• Point-to-Point (P2P) link, only one other router on the link, forming a P2P adjacency
• Multi-access network (e.g. Ethernet) - Potential for many other routers on the network, with several other adjacencies.

IS-IS in multi-access networks has optimisations to aid scaling. One router is elected to originate the LSPs for the whole multi-access network called Designated Intermediate System (DIS). Other routers on the multi-access network form adjacencies with the DIS.

Designated Intermediate System (DIS)

There is ONE designated router per multi-access network which generates network link advertisements, assists in database synchronisation and scales IS-IS for multi-access (Ethernet) networks.

Configured priority (per interface) and configure high priority on the router to be the DIS.

  Router(config)# interface gigabitethernet0/1
  Router(config-if)# isis priority 127 level-2
  

Else priority determined by highest MAC address. Best practice is to set two routers to be highest priority then in case of failure of the DIS there is deterministic fall back to the other.

To find CLNS adjacency state, use:

  Router# show clns neighbor
  
  System Id   Interface   SNPA            State Holdtime Type Protocol
  Router2     Fa0/0       ca01.9798.0008  Up    23       L2   M-ISIS
  Router3     Se1/0       *HDLC*          Up    26       L2   M-ISIS
  
  Router# show isis neighbor
  System Id   Type Interface   IP Address    State Holdtime Circuit Id
  Router2     L2   Fa0/0       10.10.15.2    UP    24       Router2.01
  Router3     L2   Se1/0       10.10.15.6    UP    27       00
  

IS-IS in IOS

IS-IS process ID is unique to the router, in this example the ISP AS number as42 is used as the process ID.

  Router(config)# router isis as42
  

This gives possibility of running multiple instances of IS-IS on one router. The process ID is not passed between routers in an AS. Some Internet Service Providers (ISP) configure the process ID to be the same as their BGP ASN.

IP based routing protocols have the router-id to uniquely identify a router and IS-IS uses the NSAP address which can be from 64 to 160 bits long. ISPs typically choose NSAP as follows:

• First 8 bits – pick a number (usually 49)
• Next 16 bits – area
• Next 48 bits – router loopback address
• Final 8 bits – zero

Example:

• Router: 192.168.1.1 (loopback)
• Area: 1
• 49.<area>.<loopback address>.00

Loopback conversion: 192.168.1.1 → 192.168.001.001 → 1921.6800.1001
To get NSAP: 49. + 0001. + 1921.6800.1001 + .00 → 49.0001.1921.6800.1001.00

Resulting NSAP: 49.0001.1921.6800.1001.00

A simpler alternative, assuming a well documented ISP design:

• First 8 bits – pick a number (usually 49)
• Next 16 bits – area
• Next 16 bits – PoP identifier
• Next 16 bits – Router identifier
• Final 8 bits – zero

Example for router #3 in PoP 9 in Area 1.

NSAP: 49.0001.0009.0003.00

Cisco IOS default is for all routers to be L1L2 which is suboptimal, all routers need to be L2 only. Once IS-IS is started, other required configuration under the IS-IS process includes:

Capture adjacency changes in the system log

  Router(config-router)# log-adjacency-changes
  

Set metric-style to wide

  Router(config-router)# metric-style wide
  

Set IS type to level 2 only (router-wide configuration)

  Router(config-router)# is-type level-2-only
  

Set NET address

  Router(config-router)# net 49.0001.1921.6800.1001.00
  

Activate IS-IS on an interface as follows. This puts the interface subnet into the Link State Database (LSDB) and enables CLNS on that interface.

  Router(config)# interface POS4/0
  Router(config-if)# ip router isis as42
  

To disable IS-IS on an interface do the following, this disables CLNS on that interface and puts the interface subnet address into the LSDB.

  Router(config)# router isis as42
  Router(config-router)# passive-interface GigabitEthernet 0/0
  

If there is no IS-IS configuration for an interface then no CLNS run on interface, no interface subnet in the LSDB.

IS-IS costs

All interfaces have a default metric of 10 which is fine for a uniform network, but most backbones have different link capacities between routers and Point of Presence (POP). Many operators develop their own interface metric strategy:

  Router(config-if)# isis metric 100 level-2
  

This sets the interface metric to 100. Care needed as the sum of metrics determines the best path through the network. ISIS chooses lowest cost path through a network and it will load balance over paths with equal total cost to the same destination.

IS-IS Neighbour Authentication

Neighbour authentication is highly recommended, this prevents unauthorised routers from forming neighbour relationships and potentially compromising the network. Create a suitable key-chain:

  Router(config)# key chain isis-as42
  Router(config-keychain)# key 1
  Router(config-keychain)# key-string <password>
  

There can be up to 255 different keys in each key chain.

To apply a key-chain per interface:

  Router(config)# interface POS 4/0
  Router(config-if)# isis authentication mode md5 level-2
  Router(config-if)# isis authentication key-chain isis-as42 level-2
  

Then to apply key-chain to ISIS process (all interfaces):

  Router(config)# router isis as42
  Router(config-router)# authentication mode md5 level-2
  Router(config-router)# authentication key-chain isis-as42 level-2
  

Other IS-IS Features

Originating a default route into IS-IS which will originate a default route into the IS-IS LSDB if a default route exists in the RIB.

  Router(config)# router isis as42
  Router(config-router)# default-information originate
  

If IS-IS is running on P2P Ethernet link then a DIS election is not needed on a P2P link – so it is disabled, which is more efficient.

  Router(config)# interface fastethernet0/2
  Router(config-if)# isis network point-to-point
  

IPv6 in IS-IS

To add IPv6 support in IS-IS:

  Router(config)# interface POS4/0
  Router(config-if)# ipv6 router isis as42
  

For single topology, nothing else is required; however, for multi-topology, include:

  Router(config)# router isis as42
  Router(config-router)# address-family ipv6
  Router(config-router)# multi-topology
  

Conclusion

IS-IS is a Link State Routing Protocol that is quick and simple to get started. IS-IS has a myriad of options and features to cover almost all types of network topology. ISPs keep their IS-IS design SIMPLE. IS-IS can feasibly support up to ~400 routers in a single area.

Border Gateway Protocol (BGPv4)

A Routing Protocol used to exchange routing information between different networks is described in RFC4271. It is an Exterior Gateway Protocol (EGP).

• RFC4276 gives an implementation report on BGP
• RFC4277 describes operational experiences using BGP

The Autonomous System is the cornerstone of BGP, it is used to uniquely identify networks with a common routing policy.

• Path Vector Protocol
• Incremental Updates
• Many options for policy enforcement
• Classless Inter Domain Routing (CIDR)
• Widely used for Internet backbone
• Autonomous systems.

Path Vector Protocol

BGP is classified as a path vector routing protocol (see RFC 1322). A path vector protocol defines a route as a pairing between a destination and the attributes of the path to that destination. Consider the route below and the AS path is highlighted.

  12.6.126.0/24 207.126.96.43 1021 0 6461 7018 6337 11268 i 

• Transit – carrying traffic across a network, commercially: for a fee.
• Peering – exchanging routing information and traffic, commercially: between similar sized networks, and for no fee.
• Default – where to send traffic when there is no explicit match in the routing table.

BGP runs over TCP port number 179. It is a path vector protocol that carries out incremental updates. There are two types, internal BGP (iBGP) and external BGP (eBGP).

Default Free Zone

The default free zone is made up of Internet routers which have routing information about the whole Internet, and therefore do not need to use a default route. NB: It is not related to where an ISP is in the Internet hierarchy.

Autonomous System (AS)

An Autonomous System (AS) is a collection of networks with same routing policy and a single routing protocol. An AS is usually under single ownership, trust and administrative control and is identified by a unique 16-bit or 32-bit integer AS Number (ASN).

• 16-bit: 0-65535
• 32-bit: 65536-4294967295 (RFC5396/RFC6793)
• 0 and 65535: (reserved)
• 1-64495: (public Internet)
• 64496-64511: (documentation – RFC5398)
• 64512-65534: (public Internet)
• 23456: (represent 32-bit range in 16-bit
• 65536-65551: (documentation – RFC5398)
• 65552-4199999999: (public Internet)
• 4200000000-4294967295: (private use only – RFC6996)

ASNs are distributed by the Regional Internet Registries (RIR). They are also available from upstream ISPs who are members of one of the RIRs.

Current 16-bit ASN assignments up to 64297 have been made to the RIRs. Around 50200 are visible on the Internet and about 200 are left unassigned. Each RIR has also received a block of 32-bit ASNs and out of 9300 assignments, around 7200 are visible on the Internet. (www.iana.org/assignments/as-numbers).

The link between ASs is called the Demarcation Zone (DMZ).

BGP operation

BGP learns multiple paths via internal and external BGP speakers. It picks the best path and installs it in the Routing Information Base (RIB), the routing table. The best path is sent to external BGP neighbours. Policies are applied by influencing the best path selection.

AS dot notation

AS numbers larger than 65535 are represented using ASDOT notation as follows:

  <higher two bytes in decimal>.<lower two bytes in decimal>
  
  {x times 65546}.<lower two bytes in decimal>
  
  For example: AS65546 
  
  {1 * 65535} . {65546 - 65535}
  {1} . {10} → 1.10       
  
  i.e. AS65546 = 1.10 
  

Configuring BGP on Cisco

To enable BGP in Cisco IOS:

  Router(config)# router bgp 100
  

For ASNs > 65535, the AS number can be entered in either plain or dot notation:

  Router(config)# router bgp 131076
  

Or

  Router(config)# router bgp 2.4
  

IOS will display ASNs in plain notation by default. Dot notation is optional:

  Router(config)# router bgp 2.4
  Router(config-router)# bgp asnotation dot
  

Constructing the Forwarding Table

BGP in process receives path information from peers and results of BGP path selection placed in the BGP table best path flagged.

BGP out process announces best path information to peers and the best path stored in Routing Table (RIB) if the prefix and prefix length are unique, and the lowest protocol distance. Best paths in the RIB are installed in forwarding table (FIB).

eBGP & iBGP

BGP is used internally (iBGP) and externally (eBGP). iBGP is used to carry some/all Internet prefixes across ISP backbone and ISP's customer prefixes.

eBGP is used to exchange prefixes with other ASes and for the implementation of routing policies. It is used between directly connected BGP speakers in different AS. Never run an IGP between eBGP peers.

Configuring External BGP

For the following network.

Router A in AS100.

  Router(config)# interface FastEthernet 5/0
  Router(config-if)# ip address 102.102.10.2 255.255.255.240
  
  Router(config)# router bgp 100
  Router(config-router)# network 100.100.8.0 mask 255.255.252.0
  Router(config-router)# neighbor 102.102.10.1 remote-as 101
  Router(config-router)# neighbor 102.102.10.1 prefix-list RouterC-in in
  Router(config-router)# neighbor 102.102.10.1 prefix-list RouterC-out out
  

Router C in AS101.

  Router(config)# interface FastEthernet 1/1/0
  Router(config-if)# ip address 102.102.10.1 255.255.255.240
  
  Router(config)# router bgp 101
  Router(config-router)# network 100.100.64.0 mask 255.255.248.0
  Router(config-router)# neighbor 102.102.10.2 remote-as 100
  Router(config-router)# neighbor 102.102.10.2 prefix-list RouterA-in in
  Router(config-router)# neighbor 102.102.10.2 prefix-list RouterA-out out
  

Internal BGP (iBGP)

For the following network.

BGP peers within the same AS and are not required to be directly connected. IGP takes care of inter-BGP speaker connectivity and iBGP speakers must be fully meshed. They originate connected networks, they pass on prefixes learned from outside the ASN; however, they do not pass on prefixes learned from other iBGP speakers.

• Topology independent
• Each iBGP speaker must peer with every other iBGP speaker in the AS.
• Peer with loop-back interface because the loop-back interface does not go down and you do not want iBGP session to depend on state of a single interface or the physical topology.

For iBGP to peer with the other iBGP speakers on the network an underlay IGP protocol like IS-IS or OSPF must be in place first. Why overlay iBGP? Well for scalability. It would not be possible to carry your entire internet routing table in the IGP. IS-IS and OSPF were not designed to handle many thousands of routes in Internet BGP tables. If for example an ISP accidentally redistributed their BGP table into their IGP it would likely cause major outages.

Configuring Internal BGP

Router A in AS100.

  Router(config)# interface loopback 0
  Router(config-if)# ip address 105.3.7.1 255.255.255.255
  
  Router(config)# router bgp 100
  Router(config-router)# network 100.100.1.0
  Router(config-router)# neighbor 105.3.7.2 remote-as 100
  Router(config-router)# neighbor 105.3.7.2 update-source loopback0
  Router(config-router)# neighbor 105.3.7.3 remote-as 100
  Router(config-router)# neighbor 105.3.7.3 update-source loopback0
  

Router B in AS100.

  Router(config)# interface loopback 0
  Router(config-if)# ip address 105.3.7.2 255.255.255.255
  
  Router(config)# router bgp 100
  Router(config-router)# network 100.100.1.0
  Router(config-router)# neighbor 105.3.7.1 remote-as 100
  Router(config-router)# neighbor 105.3.7.1 update-source loopback0
  Router(config-router)# neighbor 105.3.7.3 remote-as 100
  Router(config-router)# neighbor 105.3.7.3 update-source loopback0
  

Inserting prefixes into BGP

Two ways to insert prefixes into BGP are by use of the redistribute static or the network commands.

redistribute static

Static route must exist before redistribute command will work. It forces origin to be “incomplete”. Care is required!

  Router(config)# router bgp 100
  Router(config-router)# redistribute static
  Router(config-router)# ip route 102.10.32.0 255.255.254.0 serial0
  

Care is required with redistribute. redistribute <routing-protocol> means everything in the <routing-protocol> will be transferred into the current routing protocol. It will not scale if uncontrolled and is best avoided if at all possible. Redistribute normally used with route-maps and under tight administrative control.

network command

A matching route must exist in the routing table before the network is announced . It forces origin to be IGP.

  Router(config)# router bgp 100
  Router(config-router)# network 102.10.32.0 mask 255.255.254.0
  Router(config-router)# ip route 102.10.32.0 255.255.254.0 serial0
  

Configuring Aggregation

Three ways to configure route aggregation:

• redistribute static
• aggregate-address
• network command

Static route to null0 is called a pull up route. Packets only sent here if there is no more specific match in the routing table. Care is required.

  Router(config)# router bgp 100
  Router(config-router)# redistribute static
  Router(config-router)# ip route 102.10.0.0 255.255.0.0 null0
  

Configuring with the network command. A matching route must exist in the routing table before the network is announced. It is the easiest and best way of generating an aggregate.

  Router(config)# router bgp 100
  Router(config-router)# network 102.10.0.0 mask 255.255.0.0
  Router(config-router)# ip route 102.10.0.0 255.255.0.0 null0
  

Configuring with the aggregate-address command. Requires more specific prefix in BGP table before aggregate is announced. The [summary-only] keyword is an optional keyword which ensures that only the summary is announced (the more specific routes are suppressed).

  Router(config)# router bgp 100
  Router(config-router)# network 102.10.32.0 mask 255.255.252.0
  Router(config-router)# aggregate-address 102.10.0.0 255.255.0.0 [summary-only]
  
  Router(config)# ip route 102.10.32.0 255.255.252.0 null 0
  

Viewing configurations

  Router# show ip bgp summary
  BGP router identifier 10.0.15.246, local AS number 10
  BGP table version is 16, main routing table version 16
  7 network entries using 819 bytes of memory
  14 path entries using 728 bytes of memory
  2/1 BGP path/bestpath attribute entries using 248 bytes of memory
  0 BGP route-map cache entries using 0 bytes of memory
  0 BGP filter-list cache entries using 0 bytes of memory
  BGP using 1795 total bytes of memory
  BGP activity 7/0 prefixes, 14/0 paths, scan interval 60 secs
  
  Neighbor        v   AS   MsgRcvd MsgSent  TblVer  InQ OutQ  Up/Down   State/PfxRcd
  10.0.15.241     4   10         9       8      16    0    0  00:04:47          2
  10.0.15.242     4   10         6       5      16    0    0  00:01:43          2
  10.0.15.243     4   10         9       8      16    0    0  00:04:49          2 
  

BGP Summary

BGP4 is a path vector protocol which has both internal, iBGP and external, eBGP modes. It announces prefixes and aggregate prefixes to peers. in iBGP mode it is very stable when peering with loopback interfaces. Typically with eBGP peering is conducted between the shared DMZ interfaces.