© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP...
-
Upload
daniel-park -
Category
Documents
-
view
221 -
download
1
description
Transcript of © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP...
![Page 1: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/1.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1
BGP Overview
Establishing BGP Sessions
![Page 2: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/2.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-2
Outline
• Overview • BGP Neighbor Discovery• Establishing a BGP Session• BGP Keepalives• MD5 Authentication• Summary
![Page 3: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/3.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-3
BGP Neighbor Discovery
• BGP neighbors are not discovered; they must be configured manually.
• Configuration must be done on both sides of the connection.• Both routers will attempt to connect to the other with a TCP
session on port number 179.• Only the session with the higher router-ID remains after the
connection attempt.• The source IP address of incoming connection attempts is
verified against a list of configured neighbors.
![Page 4: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/4.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-4
BGP Neighbor Discovery (Cont.)
Small BGP Network
![Page 5: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/5.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-5
BGP Neighbor Discovery (Cont.)
Initially, all BGP sessions to the neighbors are idle.
![Page 6: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/6.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-6
Establishing a BGP Session
• A TCP session is established when the neighbor becomes reachable.
• BGP Open messages are exchanged.
![Page 7: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/7.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-7
Establishing a BGP Session (Cont.)
The BGP Open message contains the following:• BGP version number• AS number of the local router• Holdtime• BGP router identifier• Optional parameters
![Page 8: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/8.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-8
Establishing a BGP Session (Cont.)
BGP neighbors―steady state• All neighbors shall be up (no state information).
![Page 9: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/9.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-9
BGP Keepalives
• A TCP-based BGP session does not provide any means of verifying BGP neighbor presence:– Except when sending BGP traffic
• BGP needs an additional mechanism:– Keepalive BGP messages provide verification of neighbor
existence.– Keepalive messages are sent every 60 seconds.
![Page 10: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/10.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-10
BGP Keepalives (Cont.)
• Keepalive interval value is not communicated in the BGP Open message.
• Keepalive value is selected as follows:– Configured value, if local holdtime is used– Configured value, if holdtime of neighbor is used and
keepalive < (holdtime / 3)– Smaller integer in relation to (holdtime / 3), if holdtime of
neighbor is used and keepalive > (holdtime / 3)
![Page 11: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/11.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-11
MD5 Authentication
• BGP peers may optionally use MD5 TCP authentication using a shared secret.
• Both routers must be configured with the same password (MD5 shared secret).
• Each TCP segment is verified.
![Page 12: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/12.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-12
Summary
• With interior routing protocols, adjacent routers are usually discovered through a dedicated hello protocol. In BGP, neighbors must be manually configured to increase routing protocol security.
• BGP neighbors, once configured, establish a TCP session and exchange the BGP Open message, which contains the parameters that each BGP router proposes to use.
• BGP keepalives are used by the router to provide verification of the existence of a configured BGP neighbor.
• MD5 authentication can be configured on a BGPsession to help prevent spoofing, DoS attacks, or man-in-the-middle attacks.
![Page 13: © 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.](https://reader036.fdocuments.us/reader036/viewer/2022062601/5a4d1bdb7f8b9ab0599dc504/html5/thumbnails/13.jpg)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-13