NetworkTalk & BGP

B.4) Notes on network pools aggregations within a BGP session.

1. You surely remarked previously some notes on the advertisement of the prefixes of 10.10.192.0/20 and 11.11.224.0/19, which are the two class-A IP blocks that ISP-A attributes to its customers. We advertise these blocks to all our Ebgp and Ibgp speakers through the following ways:

Router RT-A:
router bgp 1000
address-family ipv4
neighbor ibgp_client route-map IBGP-Neighbor-OUT out
neighbor 40.40.40.1 route-map AS-500-Link1-OUTGOING out
network 11.11.224.0 mask 255.255.224.0
network 10.10.192.0 mask 255.255.240.0

ip as-path access-list 2 permit ^$

route-map AS-500-Link1-OUTGOING permit 30
match as-path 2
set community 500:70

route-map IBGP-Neighbor-OUT permit 20


Router RT-B:
router bgp 1000
address-family ipv4
neighbor ibgp_client route-map IBGP-Neighbor-OUT out
neighbor 20.20.20.85 route-map AS-300-OUTGOING out
neighbor 30.30.30.127 route-map AS-400-OUTGOING out
network 11.11.224.0 mask 255.255.224.0
network 10.10.192.0 mask 255.255.240.0

ip as-path access-list 2 permit ^$

route-map AS-400-OUTGOING permit 20
match as-path 2
set community 400:70

route-map AS-300-OUTGOING permit 20
match as-path 2
set community 300:70

route-map IBGP-Neighbor-OUT permit 20

2. The main motive of advertising our aggregated block (in addition to all /24 prefixes destined to customers) is mainly due to redundancy purposes.

3. As we can see in Figure B.6 P38, some customer’s zones (B, D_E and G) are connected to both routers (through HSRP sessions).

What can happen if a router is down?

4. If router RT-B is down, Zone-B and Zone-G traffic are down too. Because :

  • Zone-B and Zone-G networks lists does not exist in RT-B.
  • and are not advertised anymore from RT-B to RT-A, through the Ibgp session,
  • and so is not advertised to ISP-D-Link1.

HSRP session here is useless.

In other words, RT-A does not see Zone-G and Zone-B prefixes from its Ibgp neighbor.

Same goes for router RT-B, in the case it is down. Zone-D_E ingress traffics will not stream too. Because the prefix list is not advertised anymore from RT-A to RT-B through Ibgp session; and so is not advertised to ISP-B …

For instance, below, we can note that if RT-B is down, its Ibgp neighbor RT-A is unable to advertise the networks blocks of Zone-B and Zone-G, since the network list has not been manually entered in the “router bgp 1000” session.

RT-A#sh ip bgp neighbors 40.40.40.1 advertised-routes
BGP table version is 74064532, local router ID is 10.10.193.62
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>11.11.224.0/24 0.0.0.0 0 32768 i
*>11.11.229.0/24 0.0.0.0 0 32768 i

*>i11.11.230.0/24 11.11.226.27 0 90 0 i
*>i11.11.231.0/24 11.11.226.27 0 90 0 i

*>i11.11.238.0/24 11.11.226.27 0 90 0 i
*>i11.11.239.0/24 11.11.226.27 0 90 0 i
*>i11.11.240.0/24 11.11.226.27 0 90 0 i
*>i11.11.241.0/24 11.11.226.27 0 90 0 i

*>i11.11.254.0/24 11.11.226.27 0 90 0 i
*>i11.11.255.0/24 11.11.226.27 0 90 0 i

*>i10.10.192.0/24 11.11.226.27 0 90 0 i
*>i10.10.193.0/24 11.11.226.27 0 90 0 i

*>i10.10.203.0/24 11.11.226.27 0 90 0 i
*>i10.10.204.0/24 11.11.226.27 0 90 0 i

*>10.10.205.0 0.0.0.0 0 32768 i
*>10.10.206.0 11.11.230.246 0 32768 i
*>10.10.207.0 0.0.0.0 0 32768 i
*>50.50.64.0 11.11.225.2 0 0 2000 i
*>50.50.64.0/18 11.11.225.2 0 0 2000 i
*>50.50.72.0/24 11.11.225.2 0 0 2000 i
Total number of prefixes 8

5. However, in the case that a router is down, if we advertise the aggregated blocks which include all the /24 blocs (and so the zones’ definitions), the Ebgp speakers will still see the customers’ network lists.

In order to make the advertisement possible, the routes for the two aggregated blocks must exist, learned dynamically or statically, so we force the presence of next-hop by using the null0 interface.

Furthermore, since we use static routes for the zones, to make the next-hop valid, we need to copy the routes on the opposite router too.

6. It happens often to forget about aggregation, which means announcing your whole address block received from the RIR to the other AS connected to your network.

Because of multi-homing reflexes, it results in a proliferation of /24s or class-C addresses blocs in the Internet routing table. Thinking of advertising your whole block network on the router which has the most stable links is strong requirement. Lot of times on terrestrial or submarine cable, maintenances and cuts happen, so it can occur that your prefixes appear and disappear from the Internet route table.

In case of accentuated flapping, some ISPs will damp your network. As a result if some Tier1 ISP damps your networks, you will not have access to some major parts of the Internet. To allow your network visible on the net, try to declare your whole block on your routers.

You should avoid advertising Sub prefixes of address unless traffic engineering is needed for redundancy and multi-homing reasons.

7. With aggregation statement, if a link fails, other one will still advertise your network with a higher mask. We suggest that you read and be informed on damping process. This is really important and can perturb and made your customers very angry if you encounter that matter. So be prepared.

8. Below we can see an example. Prefix 10.10.199.0/24 ingress traffic is coming back though ISP-B. The router which manages 10.10.199.0/24 customers is connected to RT-B and RT-A, through an HSRP session. Prefix 10.10.192.0/20 is not advertised.

Figure B.10 show network 10.10.192.0/20 is not advertised to ebgp and ibgp speakers.

  • In figure B.11, RT-B is down, as we can see customers do not have Internet anymore since prefix 10.10.199.0/24 disappears from internet.
  • In FigureB.12, we can see that both routers advertise the aggregated block 10.10.192.0/20. Even if RT-B is down, prefix for 10.10.192.0/20 is still present in Internet. Next-hop is still valid in RT-A thanks to these announcements. Customers are not cut.

top

Come back to Tutorial Index”

Advertisements