Thursday 28 March 2019

BGP Series 18: BGP Address-family Configuration

bgp complete

BGP Address-family Configuration:

.

  • The technical name of BGP is MBGP (multiprotocol BGP) which means it was designed from ground up to advertise multiple L3 protocol to its neighbors (independent of IPv4 or IPv6)...though it was initially used for IPv4

  • BGP doesn’t consider the routes as a route, for BGP, all routes whether IPv4 or IPv6 are all NLRI. So, in the same BGP update, we could have NLRI for IPv4 routes, NLRI for IPv4 multicast and IPv6 routes

  • Multiprotocol because BGP can advertise reachability to many different ‘routes’:

    • IPv4 unicast routes
    • IPv4 multicast routes
    • IPv6 unicast routes
    • VPNv4 routes (used in MPLS VPNs)

  • By default, BGP only advertises IPv4 prefixes

  • Address-families are used to inform BGP that it needs to advertise other types of NLRI. In the Open message, BGP will tell that it supports the additional NLRI capabilities as well when address-families are configured

  • By default, when we type in the ‘network’ command in router BGP it will consider it under IPv4 address-family automatically. We couldn’t type in IPv6 network even if we wanted to.

    • img

  • Say we have two routers R1 and R2 and the link between them is only configured with IPv4, but, we have both IPv4 and IPv6 links behind us--> theoretically, we could send IPv6 routes over to the neighbor along with the IPv4 routes. But, it doesn’t make sense since I don’t know if you understand IPv6 at all in this link. So, an IPv4 network and an IPv6 network must be configured on the link the both routers share

    • This point is because if we have to advertise IPv4 routes over the wire, we need to be able to speak IPv4 across the wire
    • Similarly, if we need to exchange IPv6 routes over this wire, we need to be able to speak IPv6 across this wire
    • So, we need to configure both IPv4 and IPv6 on the same link between the two routers

  • The main question to be answered (this is a design question, both are good):

    • Do you want two (2) BGP sessions-per-peer?

      • One IPv4 session and another IPv6 session?

    • Or only a single BGP session per peer?

      • Peering done via IPv4, and a single BGP update carries both IPv4 and Ipv6 prefixes, or….
      • Peering done via IPv6, and a single BGP update carries both IPv4 and Ipv6 prefixes

  • Thus, we have 3 options:

    • Two sessions- one for Ipv4, one for Ipv6
    • One session- IPv6 over IPv4
    • One session- IPv4 over IPv6

  • In the second methods above, we could have only one BGP session and save CPU/memory and that one session will have IPv4 section and IPv6 section...This is implemented via the number of neighbor statements we have under the router bgp

  • OPTION 1: One for IPv4, One for Ipv6:

    • img
    • For IPv4 addresses, we could have configured the network directly under router bgp, but this is a bit more elegant if we do it under address-family since it is more readable for third-person
    • For Ipv6 networks that we want to advertise, it has to be done under ipv6 address-family

  • OPTION 2: Single IPv4 BGP session with Multiple Address Families:

    • img

    • We can know that we have a single IPv4 session since we have only a single neighbor command under the bgp process

    • Now, under the address-family IPv6, we are actually configuring the Ipv4 address of the neighbor to activate

    • But, there is an important gotcha here...If we are forming neighborships using Ipv4, then, all the routes advertised to the neighbor will be having the IPv4 interface address as next-hop which isn’t going to work for IPv6 prefixes (actually, it wouldn’t advertise it at all)...So, how do we make the router to use Ipv6 interface address as next-hop...we need to use route-map for that

      • img
      • We need to manually configure this route-map

  • OPTION 3: Single IPv6 BGP session with Multiple Address Families:

    • This is not common, but can be done
    • img
    • Now, the neighborship is done with IPv6 address
    • So, there is no need of route-map for Ipv6 address
    • But, for IPv4 address-family, we will be advertising those routes with Ipv6 next-hop address which needs to be fixed using a route-map...All this is the above case inverted for Ipv4 and Ipv6

  • Notice that all the above examples had ‘no bgp default ipv4-unicast’ configured under router-bgp. Normally, we wouldn’t need to configure that command. What that command does is it tells that I do not want to advertise IPv4 routes at all and only want IPv6 routes to be advertised. So, in the above cases, it was configured for elegancy since again we are enabling support for IPv4 routes under address-family Ipv4 using the ‘activate’ command

    • To enable BGP for only IPv6 neighborships and advertise only IPv6 routes, we need to use ‘no bgp default ipv4-unicast’ under router bgp. If we use this command and we want to also include Ipv4 routes for advertisement, we need to activate that neighbor under address-family ipv4
    • Alternatively, we can use ‘bgp default ipv6-unicast’ to enable IPv6 bgp neighborships as well apart from the default ipv4-unicast.
    • The best way is Ipv6 is automatically enabled when we configure ‘address-family ipv6’ so no manual intervention is needed at all!

  • Note that for any kind of IPv6 routing, we need to configure ‘ipv6 unicast-routing’ under global config to enable IPv6 routing...This command is needed for all routing protocols, both IGP and BGP

  • EXAMPLE:

    • img

    • This is the physical topology. R2 is establishing BGP directly with R3 via R1 since BGP can form neighborships like that since it used unicast after configuring eBgp multihop and IGP is already configured between them for all IPv4 addresses.

    • Let’s configure BGP between R1 and R2 with single IPv4 which will carry both Ipv4 and IPv6:

      • Router 1:

        • img

      • Router-2:

        • This is only going to receive routes, there is no routes to be advertised, so doesn’t have any network commands

        • Since, no network commands for advertising, no need route-maps for changing next-hosp either

        • img

        • One thing to note is we do not need global ipv6 address between two directly connected Ipv6 neighbors...they will use the link-local address as next-hops automatically

        • So, in this case, between R1 and R2, the loopback on R2 will be advertised chosen the link-local address of the interface to R1 as next-hop…..R1 will advertise both global and link-local as next-hop, but R2 will see that it is directly connected and choose to use the link-local as next-hop

        • img

           

      • Now, to bring up the neighborship between R2 and R3 which are not directly connected, we need to enable eBGP multihop. Also, in this case we will see that R3 will not even advertise the link-local address to R2 as next-hop since it knows that it is not directly connected and no point in giving link-local address:

      • Changes on R2:

        • We need to add the below under router-bgp on R2 apart from the above configuration):
        • img

      • Changes on R1:

        • When R3 advertises its Ipv6 routes with the next-hop, it will be unreachable for R2...we need to fix that by advertising the Ipv6 prefix to R2 from R1
        • img

      • Router-3:

        • On router 3, we will also need a route-map to advertise the IPv6 next-hop correctly
        • img

      • That’s all and we can see the loopback on R3 being present in the routing table with the global Ipv6 address of R3 as the next-hop on R2!!!

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)