BGP Tips

Collection of BGP Tips and Tricks

BGP Error Handling;
BFD - http://wiki.nil.com/Bidirectional_Forwarding_Detection_(BFD)
  interface <uplink>
    bfd interval <timer> min_rx <timer> multiplier <n>
    !
    router bgp 65000
    neighbor <ip> remote-as <ISP-AS>
    neighbor <ip> fall-over bfd

* Fast External Neighbour Failover (beware 0/0) - http://wiki.nil.com/Fast_BGP_neighbor_loss_detection
  interface <uplink>
    ip bgp fast-external-fallover permit

    - * In networks using summary routes or default routing, you have to configure a route map which matches potential BGP next-hops to prevent the router from using a default-route or a summary route as the potential valid path toward BGP neighbour's peer IP!

BGP Next-Hop tracking (beware 0/0)
    - BGP next-hop tracking is enabled by default on Cisco IOS; you can adjust the tracking interval with the "bgp nexthop trigger delay" router configuration command.
    - In environments using default routing, you should limit the valid prefixes that can be used for BGP next hop tracking with the "bgp nexthop route-map" router configuration command.
    - Do not change the BGP next hop on IBGP updates. Do not use "next-hop-self" router configuration command.
    - Advertise the IP subnets of the directly-connected links towards the ISPs into IGP (example: OSPF redistribute connected).
    - Use a route-map to prevent the default route from being used as a valid path toward external BGP next hop.

Pre-installs backup paths in BGP RIB (BGP Best Ext) and FIB (PIC);
BGP best external paths
BGP Prefix Independant Convergence - http://blog.ipspace.net/2012/01/prefix-independent-convergence-pic.html

    - BGP PIC is a feature that allows a router to pre-install alternate routes to BGP destinations in its forwarding table. The drastic changes caused by external link failure or EBGP session failure are thus easier to implement in the forwarding table.


It’s impossible to document a generic one-size-fits-all BGP prefix filtering policy. Possibly always accepting prefixes originated by ISPs, their customers, and their peering partners is the best you can get. But even then you should filter for over padded prefixes. In most cases, filters based on AS-path lengths work well.


Some ISPs attach BGP communities to BGP prefixes they advertise to help their customers implement well-tuned filters (http://onesc.net/communities/).

    Any Single AS;
ip as-path access-list 100 permit ^[0-9]+$ (does not support AS path prepending)
    One or more specific Single AS; 
ip as-path access-list 100 permit ^65001(_65001)*$ (not always good to accept highly padded paths)
    One or more any single AS;
ip as-path access-list 100 permit ^([0-9]+)(_\1)*$ (not always good to accept highly padded paths)
    Block routes with AS path repeated more than 5 times;
ip as-path access-list 100 deny _([0-9]+)_\1_\1_\1_\1_

    You can use the show ip bgp regexp command to test a regular expression on the actual data stored in the BGP table

Choosing iBGP OR eBGP?
There are numerous differences between EBGP and IBGP and their nuances sometimes make it hard to decide whether to use EBGP or IBGP in a specific scenario.
However, you the following guidelines usually result in simple and stable designs:
- If you plan to use BGP as the sole routing protocol in (a part of) your network, use EBGP.
- If you’re using BGP in combination with another routing protocol that will advertise reachability of BGP next hops, use IBGP. You can also use IBGP between routers residing in a single subnet.
- It’s easier to implement routing policies with EBGP. Large IBGP deployments need route
reflectors for scalability and some BGP implementations don’t apply BGP routing policies on reflected routes.
- All routers in the same AS should have the same view of the network and the same routing policies.
- EBGP should be used between routers in different administrative (or trust) domains.
Default loop prevention filters built into BGP reject EBGP updates with local AS number in the AS path, making it impossible to pass routes between two remote sites when they use the same AS number.

How to set BGP Local Preference or OSPF Metric (IGP metric is copied in BGP MED attribute) of received routes according to received Community

Eg; EBGP routes with BGP community 65000:1 (Backup route) will get local preference 50. These routes will be redistributed into OSPF as external type 2 routes with metric 10000.
- EBGP routes with BGP community 65000:2 (Primary route) will get local preference 150. These routes will be redistributed into OSPF as external type 1 routes with metric 1.
ip community-list 1 permit 65000:1
ip community-list 2 permit 65000:2
route-map Peer-R3 permit 10
 match community 1
 set local-preference 50
 set metric 10000
 set metric-type 2
 match community 2
 set local-preference 150
 set metric 1
 set metric-type 1

References; IPSpace.net, Cisco's Running an IXP, myself

(To be finished)

Working with Logical Volumes

• Physical Volume = pv
• Volume Group = vg
• Logical Volume = lv

 A Physical Volumne is a physical disk.
Volume Groups are made up of Physical Disk.
And Logical Volumes are created using a portion of a Volume Group

LVM is like an abstraction layer for storage, between your OS and the physical drives.

All these commands are "root" commands as we are changing system wide stuff here..

All the following commands can be preceeded with with pv or lv
s
display
create
rename
change
move
extend
reduce
resize
split
merge
convert
import
export
importclone
cfgbackup
cfgrestore
ck
scan
mknodes
remove
dump

E.g.
pvdisplay
pvs

Show Logical Volumes
lvdisplay
lvs


Setting up a new VLM
Setup Physical Disk(s)
fdisk -l
fdisk /dev/sdb

n = create new partition
p = create primary partition
1 = makes partition first on disk
t = change parition type
8e = changes to LVM
p = verify partition setup
w = write changes to disk

Create "LVM Physical Volume" on the new partition
pvcreate /dev/sdb1

Create "Volume Group" named vgroup1 made up of "Physical Volume" /dev/sdb1
vgcreate vgroup1 /dev/sdb1

Create Logical Volume on VG vgroup1, of size 10GB, named lvm1
lvcreate -L 10G -n lvm1 vgroup1

Format the new volume
mkfs -t ext3 /dev/vgroup1/lvm1

Mount it
mkdir /mnt/lvm1
mount -t ext3 /dev/vgroup1/lvm1 /mnt/lvm1


Resizing LVMs

• resize – can shrink or expand physical volumes and logical volumes but not volume groups
• extend – can make volume groups and logical volumes bigger but not smaller
• reduce – can make volume groups and logical volumes smaller but not bigger

Grow Logical Volume
Add new drive to Volume Group to increase the VG free space (disks joined linearly, N-1 redundancy!)
vgextend vgroup1 /dev/sdc1

Extend a Logical Volume within a VG (ensure to use + otherwise will resize)
lvextend -L+100G /dev/vgroup1/lvm1






Extend filesystem within expanded Logical Volume
resize2fs /dev/vgroup1/lvm1

Shrink Logical Volume
Follow the same procedure to increase the size of the VM, in reverse, using vgreduce and lvreduce instead of XXextend.


Backup a Logical Volume Snapshot (online)
First add an additional temporary logical volume using the "-s" flag to the "lvm1" LV, to store all the tracked reads and writes made to the LVM since the snapshot, whilst the snapshot is being backed up. After backed up, you can remove this temp volume.
 lvcreate -L512M -s -n lvbackup /dev/vgroup1/lvm1

Mount Tmp Snapshot
mkdir /mnt/lvbackup
mount /dev/vgroup1/lvbackup /mnt/lvbackup

Copy Snapshot and Delete Temp LVM
  tar -cf /usbpath/lvm1-ss /mnt/lvbackup
Whilst the tar job is running, all the reads/writes that would be written to lvm1 are being tracked in lvbackup.

Clean up
umount /mnt/lvbackup
lvremove /dev/vgroup1/lvbackup 

Delete Logical Volume, Volume Group and Physical Volume
umount /mnt/lvm1
lvremove /dev/vgroup1/lvm
vgremove vgroup1 
pvremove /dev/sdb1 /dev/sdc1
 
  http://www.howtogeek.com/howto/40702/how-to-manage-and-use-lvm-logical-volume-management-in-ubuntu/



(To be finished)

BGP Route Reflectors

NB; All Route Reflectors must be clients of each other so they replicate

1) Routes from a nonclient peer—Reflects to all the clients within the cluster.
2) Routes from a client peer—Reflects to all the nonclient peers and also to the client peers.
3) Routes from an eBGP peer—Sends the update to all client and nonclient peers.

neighbor route-reflector-client

The router with this command is the RR, and the neighbors at which the command points are the clients of that RR. The combination of the RR and the clients is a "cluster".

An AS can have more than one RR (more than one cluster, e.g. large AS with RR's in different countries). In this situation, an RR treats other RRs just like any other iBGP speaker.

Other RRs can belong to the same cluster (client group) or to other clusters. In a simple configuration, you can divide the AS into multiple clusters. You configure each RR with other RRs as nonclient peers in a fully meshed topology (when each RR is in its own cluster). Clients should never peer with iBGP speakers outside the client cluster.


The RR scheme has a few methods to avoid loops:
1) 'originator-id' - This is an optional, nontransitive BGP attribute that is 4 bytes long. An RR creates this attribute. The attribute carries the router ID (RID) for the originator of the prefix in the local AS. If, due to poor configuration, the routing information comes back to the originator, the information is ignored.
2) 'cluster-list' - A single cluster can have more than one RR. You need to configure all RRs in the same cluster with a 4-byte cluster ID so that an RR can recognize updates from other RRs in the same cluster.

If a cluster of clients has a single RR. In this case, the router ID of the RR identifies the cluster.

A cluster list is a sequence of cluster IDs that the route has passed. When an RR reflects a route from the RR clients to nonclients outside of the cluster, the RR appends the local cluster ID to the cluster list. If this update has an empty cluster list, the RR creates one. With this attribute, an RR can identify if the routing information has looped back to the same cluster due to poor configuration. If the local cluster ID is found in the cluster list, the advertisement is ignored.


Important Note: This configuration does not use peer groups. Do not use peer groups if all the clients inside a do not have direct iBGP peers among one another, and the clients only  exchange updates through the RR. If you configure peer groups, a potential withdrawal of the source of a route on the RR transmits to all clients inside the cluster. This transmission can cause problems. I.e. withdrawals are tracked at the peer group level, and not per peer.

The router subcommand bgp client-to-client reflection is enabled by default on the RR. If you turn off BGP client-to-client reflection on the RR and you make redundant BGP peering between the clients, you can safely use peer groups. Refer to Limitations of Peer Groups for more information.

RR Node;

interface loop1

ip add 10.10.10.10 255.255.255.255

router bgp 60868

template peer-session RR

  remote-as 64512

  update-source loop1

template peer-policy RR

  route-reflector-client

neighbour 1.1.1.1 inherit peer-session RR

address-family ipv4

  neighbor 1.1.1.1 activate

  neighbor 1.1.1.1 inherit peer-policy

neighbour 10.10.10.12 inherit peer-session RR

address-family ipv4

  neighbor 10.10.10.12 activate

  neighbor 10.10.10.12 inherit peer-policy

The configuration on the BGP Client peer is exactly the same as if it was a normal full mesh peer. The Route-Reflector-Client command is all that is required to change the rules of operations and implement the Reflector function, and all that comes with it.

To be finished..