Routing policies

1.5.c i Attribute manipulation

General information on “BGP Attribute manipulation”:

• Inbound manipulation affects outbound traffic
• Outbound manipulation affects inbound traffic
• Manipulation can be done in two ways:
  • Recommended: With route-maps on a per-neighbor basis inbound/outbound
  • Also possible: Under the neighbor statement and defining the attributes per neighbor (weight only)
• Manipulation can affect traffic flow of the whole BGP structure (all AS’es)

Attribute manipulation “WEIGHT”:

• Normally used inbound
• Only locally significant
• Important: Significant for a whole AS when its done on a RR since he does the best path selection for all clients!

Attribute manipulation “LOCAL_PREFERENCE”:

• Normally used inbound
• Significant within an AS

Attribute manipulation “AS_PATH”:

• Normally used outbound
• Adds AS’es to the AS_PATH of a route which a defined BGP peer receives
• AS-Path access-list specifies the AS which must be included in the advertised routes who you want to modify

Attribute manipulation “MED”:

• Normally used outbound
• Significant between two AS’es only because the attribute is optional nontransitive
• Increases the metric of a route
• Should be applied at the edge routers of an AS

“BGP Attribute manipulation” CLI configuration commands:

## Attaching a route map to a BGP neighbor
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] route-map [ROUTE-MAP-NAME] [in | out]

## Configuring BGP attribute manipulation using WEIGHT
Router(config)# route-map [NAME] permit
Router(config-route-map)# set weight <value>

## Configuring BGP attribute manipulation using LOCAL_PREFERENCE
Router(config)# route-map [NAME] permit
Router(config-route-map)# set local-preference <value>

## Configuring BGP attribute manipulation using AS_PATH
Router(config)# ip as-path access-list <id> permit [regexp]

Router(config)# route-map [NAME] permit
Router(config-route-map)# match as-path <AS-PATH-ACL>
Router(config-route-map)# set as-path [prepend] [asn1 asn2 asn... | last-as]

## Configuring BGP attribute manipulation using MED
Router(config)# route-map [NAME] permit
Router(config-route-map)# set metric <value>

1.5.c ii Conditional advertisement

General information on “BGP Condition advertisement”:

• Normally routes are advertised regardless of the existence of a different path
• With conditional advertisement, the following logics can be accomplished:
  • If route A exists in the local BGP table, then DO advertise route B
  • If route A exists in the local BGP table, then DO NOT advertise route B
  • If route A DOES NOT exist in the local BGP table, then DO advertise route B
  • If route A DOES NOT exist in the local BGP table, then DO NOT advertise route B
• Two components are needed:
  • MANDATORY: An advertise-map (= route-map) which defines the prefixes to be advertised
  • EITHER: An exist-map (= route-map) which defines the routes to be tracked if they’re existing
  • OR: A non-exist-map (= route-map) which defines the routes to be tracked if they’re not existing
• All components need to be linked to a route-map
• Important: The networks to be conditionally advertised need to have a network statement within BGP!

“BGP Conditional advertisement” CLI configuration commands:

## Configuring BGP conditional advertisement with an exist-map
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] advertise-map [ROUTE-MAP-NAME] exist-map [ROUTE-MAP-NAME]

## Configuring BGP conditional advertisement with a non-exist-map
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] advertise-map [ROUTE-MAP-NAME] non-exist-map [ROUTE-MAP-NAME]

1.5.c Conditional Route Injection (Not on blueprint)

General information on “BGP Conditional Route Injection”:

• Conditional route injection can be used to add (more specific) routes to the local BGP table
• This is useful if neighbors only advertise a summary (aggregate) route without the more specific prefixes
• Problem: BGP neighbors only advertise a summary (aggregate) route of 192.168.0.0/23. For traffic engineering the more specific prefixes 192.168.0.0/24 and 192.168.1.0/24 are needed.
• Solution: Conditional route injection can be used for this:
  1. A inject-map (= route-map) matching the aggregated prefix and route-source is created (both linking to an individual ip prefix-list).
  2. An exist-map (= route-map) setting the unaggregated prefixes is created (linking to an ip prefix-list).
• Important: Injected routes will be advertised to peers. This should be filtered out outbound if it’s unwanted!

“BGP Route Injection” CLI configuration commands:

## Configuring conditional route injection
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# bgp inject-map [ROUTE-MAP-NAME] exist-map [ROUTE-MAP-NAME] copy-attributes

1.5.c iii Outbound Route Filtering

General information about “BGP Outbound Route Filtering”:

• Route filtering can be done outbound and inbound
• Problem: With inbound route filtering the router still has to process the routers before discarding it which results in unnecessary waste of CPU and memory power.
• Solution: Outbound route filtering which means that unnecessary routes aren’t even sent out to a peer who doesn’t need it.
• Prefix-lists are configured locally and “sent” to the remote peer.
• Important: After changing a prefix-list, it needs to be re-sent by the router!

Configuration information:

• ORF needs to be enabled on both sides of the link (Example: one side send-only and one side receive-only)
• When enabling ORF after a peering established, the peering needs to be flapped

“BGP Outbound Route Filtering” CLI configuration commands:

## Enabling BGP Outbound Route Filtering on a per-peer basis
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] capability orf prefix-list [send | receive | both]

## Defining the prefix-list which gets sent to the BGP neighbor
Router(config-router-af)# neighbor [IP | peer-group] prefix-list [PREFIX-LIST-NAME] in

## Re-sending the prefix-list to the BGP neighbor after a change
Router# clear ip bgp [IP | *] in prefix-filter

1.5.c iv Standard and extended communities

General information on “BGP Standard and extended communities”:

• Communities are basically tags that are attached to BGP routes
• Communities are optional and transitive
• Communities need to be explicitly enabled
• Can be used for local route-manipulation based on pre-defined communities
• Example: A BGP router can pre-define a route-map with different match/set statements (eg. match ASN:123, set localpref 123). This route-map can be configured inbound on every neighbor so that the BGP router automatically sets the LOCAL_PREF to what the BGP neighbor requests.

Well-known standard communities:

• NO-EXPORT: Don’t advertise to eBGP neighbors
• NO-ADVERTISE: Don’t advertise to any peers
• LOCAL-AS: Don’t advertise to confederation eBGP neighbors
• INTERNET: Advertise the prefix to all BGP neighbors

Configuration considerations:

• Setting a community is done directly in the route-map
• Matching a community is done with a route-map linked to an ip community-list
• Within a RR cluster all clients need to have the the send-community enabled or else the communities get stripped
• With the additive keyword all other communities will get preserved, otherwise they will be overwritten

“BGP Standard and extended communities” CLI configuration commands:

## Attaching a route map to a BGP neighbor
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] route-map [ROUTE-MAP-NAME] [in | out]

## Changing the CLI display format of communities into two 16-bit values separated by a colon
Router(config)# ip bgp-community new-format

## Enabling sending of communities on a per-peer basis
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] send-community

## Adding a community to a route (and optionally preserving the already existing ones)
Router(config)# route-map [NAME] permit
Router(config-route-map)# set community <community> [additive]

## Deleting all communities of a route
Router(config)# route-map [NAME] permit
Router(config-route-map)# set community none

## Deleting a subset of communities of a route (must be linked to an ip community-list)
Router(config)# route-map [NAME] permit
Router(config-route-map)# set comm-list delete [NAME]

## Configuring an IP community list (to be used standalone or with route-maps)
Router(config)# ip community-list [standard | extended] [NAME] [permit | deny] <community-string>

## Configuring a route-map (to be configured inbound) to change parameter x based on a received community
Router(config)# route-map [NAME] permit
Router(config-route-map)# match community [NAME]
Router(config-route-map)# set [command]

1.5.c v Multi-homing

General information on “BGP Multi-homing”:

• There are four possible “Homing” constellations:
  • Single Homing: Single link to a single ISP
  • Dual Homing: Multiple links to a single ISP
  • Single Multi-Homing: Single link to multiple ISPs
  • Dual Multi-Homing: Multiple links to multiple ISPs