© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.21-1 BGP Overview Establishing BGP Sessions.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Label Assignment and Distribution Discovering LDP Neighbors.
Advertisements

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Monitoring and Troubleshooting BGP.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Using Outbound Route Filtering.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Module Summary Service providers use an IGP to carry internal routes and to provide optimal.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Processing BGP Routes.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Understanding BGP Path Attributes.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Implementing BGP Explaining BGP Concepts and Terminology.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Attributes Setting BGP Local Preferences.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Scaling Service Provider Networks Introducing Route Reflectors.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Using Multihomed BGP Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Transit Autonomous Systems Configuring a Transit AS.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Optimizing BGP Scalability Implementing BGP Peer Groups.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Module Summary The multihomed customer network must exchange BGP information with both ISP.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Scaling Service Provider Networks Designing Networks with Route Reflectors.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Discovering Neighbors on the Network.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v Scaling Service Provider Networks Introducing Confederations.
Транксрипт:

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Establishing BGP Sessions

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Outline Overview BGP Neighbor Discovery Establishing a BGP Session BGP Keepalives MD5 Authentication Summary

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Neighbor Discovery BGP neighbors are not discovered; they must be configured manually. Configuration must be done on both sides of the connection. Both routers will attempt to connect to the other with a TCP session on port number 179. Only the session with the higher router-ID remains after the connection attempt. The source IP address of incoming connection attempts is verified against a list of configured neighbors.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Neighbor Discovery (Cont.) Small BGP Network

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Neighbor Discovery (Cont.) Initially, all BGP sessions to the neighbors are idle.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Establishing a BGP Session A TCP session is established when the neighbor becomes reachable. BGP Open messages are exchanged.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Establishing a BGP Session (Cont.) The BGP Open message contains the following: BGP version number AS number of the local router Holdtime BGP router identifier Optional parameters

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Establishing a BGP Session (Cont.) BGP neighbors steady state All neighbors shall be up (no state information).

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Keepalives A TCP-based BGP session does not provide any means of verifying BGP neighbor presence: –Except when sending BGP traffic BGP needs an additional mechanism: –Keepalive BGP messages provide verification of neighbor existence. –Keepalive messages are sent every 60 seconds.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Keepalives (Cont.) Keepalive interval value is not communicated in the BGP Open message. Keepalive value is selected as follows: –Configured value, if local holdtime is used –Configured value, if holdtime of neighbor is used and keepalive < (holdtime / 3) –Smaller integer in relation to (holdtime / 3), if holdtime of neighbor is used and keepalive > (holdtime / 3)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v MD5 Authentication BGP peers may optionally use MD5 TCP authentication using a shared secret. Both routers must be configured with the same password (MD5 shared secret). Each TCP segment is verified.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary With interior routing protocols, adjacent routers are usually discovered through a dedicated hello protocol. In BGP, neighbors must be manually configured to increase routing protocol security. BGP neighbors, once configured, establish a TCP session and exchange the BGP Open message, which contains the parameters that each BGP router proposes to use. BGP keepalives are used by the router to provide verification of the existence of a configured BGP neighbor. MD5 authentication can be configured on a BGP session to help prevent spoofing, DoS attacks, or man-in-the-middle attacks.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v