Introduction to the Border Gateway Protocol – Case Study Using GNS3

Home , Administrative distance, Border Gateway Protocol, IP routing, Routing table

Introduction to The Border Gateway Protocol – Case Study using GNS3

Sreenivasan Narasimhan1, Haniph Latchman2

Department of Electrical and Computer Engineering

University of Florida, Gainesville, USA

Abstract – As the internet evolves to become a vital resource for many organizations, configuring The Border Gateway protocol (BGP) as an exterior gateway protocol in order to connect to the Internet Service Providers (ISP) is crucial. The BGP system exchanges network reachability information with other BGP peers from which Autonomous System-level policy decisions can be made. Hence, BGP can also be described as Inter-Domain Routing (Inter-Autonomous System) Protocol. It guarantees loop-free exchange of information between BGP peers. Enterprises need to connect to two or more ISPs in order to provide redundancy as well as to improve efficiency. This is called Multihoming and is an important feature provided by BGP. In this way, organizations do not have to be constrained by the routing policy decisions of a particular ISP. BGP, unlike many of the other routing protocols is not used to learn about routes but to provide greater flow control between competitive Autonomous Systems. In this paper, we present a study on BGP, use a network simulator to configure BGP and implement its route-manipulation techniques.

Index Terms – Border Gateway Protocol (BGP), Internet Service Provider (ISP), Autonomous System, Multihoming, GNS3.

1. INTRODUCTION Figure 1. Internet using BGP [2].

Routing protocols are broadly classified into two types – Link State In the figure, AS 65500 learns about the route 172.18.0.0/16 through routing (LSR) protocol and Distance Vector (DV) routing protocol.. ISP A. Suppose that route is announced to ISP B. ISP B may decide In Distance vector routing protocol, each node shares its routing table that the best path to 172.18.0.0/16 in ISP A is through AS 65500. with the neighbors periodically in contrast to Link State where Thus AS 65500 becomes a transit AS between 172.18.0.0/16 in ISP updates are event-triggered. Examples of Link State would be Open A and ISP B. This may not be acceptable for AS 65500 which is Shortest Path First (OSPF) and Intermediate System-to-Intermediate connected to both ISP A and ISP B in order to provide redundant System (ISIS) while Routing Information Protocol (RIP v1 and 2) are connection to the Internet rather than to be a transit AS. BGP’s policy examples of Distance Vector. BGP is called a Policy Based routing based routing helps mitigate such problems. protocol because the route-selection is done based on routing policies Version 4 of BGP has been deployed in the Internet since 1994. of an Autonomous System(AS). BGPv4 supports Classless Inter-Domain Routing (CIDR) and When BGP is running between routers belonging to different Variable Length Subnet Masking (VLSM). CIDR incorporates Autonomous Systems, it is called EBGP while BGP running between VLSM techniques and aggregation wherever necessary so that the routers belonging to the same Autonomous system is called IBGP. number of routes in the global routing table does not increase Administrative Distance (AD value) is the first criterion that a router exponentially. With the growing use of the Internet, the routing table uses to determine which routing protocol to use if two protocols of a core router of a major ISP, without CIDR, would typically provide route information for the same destination [5]. BGP has an contain more than 2000000 entries. However, by using CIDR the AD (Administrative Distance) value of 200 for IBGP (Inter-domain BGP routes in the routing table would be reduced to just about routes learnt by BGP) routes and 20 for EBGP (Exterior routes learnt 170000 routes, thereby reducing the memory and CPU power wasted by BGP) routes. BGP allows path- manipulations to be done by the on lookup. AS. However, It is expected that the System Administrator has a clear understanding of its working.

2. BGP AND OTHER IGP PROTOCOLS 5. ATTRIBUTES

Firstly, IGPs are routing protocols which are used to route packets BGP has a number of metrics each of which is called an “attribute”. within an autonomous system. On the other hand, BGP is an example When routers exchange routing information, attributes are also of Exterior Gateway Protocol which is used to route packets between exchanged so that the path-selection process is based on a particular autonomous systems. IGPs decide the best path based on a certain attribute known to both the routers. predefined metric. For e.g. RIP uses hop count (number of layer 3 devices to be passed). EIGRP uses composite metric. BGP is a policy Attributes are basically of four types: based routing protocol used for traffic flow control between autonomous systems. Unlike IGPs, it has multiple metrics - which 1. Well-known– most popularly used attributes. are called as “attributes” using which it decides the route to the 2. Mandatory– as the name suggests, are mandatory destination. 3. Transitive or Non-Transitive. BGP is a complicated routing protocol which should not be used 4. Partial. unless one has a complete understanding of route filtering and BGP’s path Selection process. It is not advisable to configure BGP on Combinations of these path attributes are also possible as in well- routers having low memory or when there is low bandwidth link known - mandatory, well- known - discretionary etc. between autonomous systems. An alternative is to use static (routes Well-known attributes are usually the most manipulated attributes on entered manually by the network administrator) or default routes. all BGP implementations. They are usually propagated through the BGP provides multi-homing options, that is, BGP can be configured BGP routing information that is exchanged between BGP routers. when the flow of traffic entering and leaving the AS has to be They can be mandatory or discretionary. manipulated. Multi-roam is another scenario in which BGP is used. Attributes that are not well-known are termed as optional attributes. Optional attributes are not required to be supported by BGP configured routers. They can be transitive or Non- transitive. 3. GRAPHIC NETWORK SIMULATOR 3 AND THE CISCO IOS Optional- transitive attributes are also called as partial attributes. Upon receiving an optional- transitive attribute, which it does not

support, a router still has to pass it to its peers. On the other hand, if it For implementing BGP,we use a software called as GNS3 which is a receives a non-transitive attribute, it can be dropped. graphical network simulator that allows simulation of complex networks. It is an open source, free program [6]. BGP has the following attributes: Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of CISCO routers and switches. CISCO a. AS path – Autonomous System-Path or AS-path is a list of IOS uses a command –line interface. According to the privilege level AS numbers the packet traverses to reach the destination of the user, CISCO IOS allows only a set of commands to be used in b. Next-hop –(if from a network belonging to a different AS)is each mode to ensure security and efficient operation. That is, the an IP address of the entry point of the AS along the path to mode you are in determines the command you can use. Upon first the destination connecting to the router, you are by default in unprivileged mode c. Origin – is used to inform all AS in the Internet how the (characterized by “>” sign). You could then log on to enter the prefixes (in BGP routing table, see Fig.2) originated. Legal privileged mode (characterized by “#” sign) if a password has been values are IGP (i) – by the use of network command, EGP set. The privileged mode is parent to many sub modes like Global (e) – redistributed from EGP and Incomplete (?) – configuration mode (characterized by “#(config)” sign) etc which is redistributed from IGP or declared as a static route. used to configure all features [4]. d. Local preference – is local to the AS. Default value is 100. It is assumed that the reader has a basic understanding of networking Higher the value, higher is the preference concepts like routers, Autonomous Systems, VLSM etc. e. MED – Multi-Exit Discriminator or MED is used to advertise to EBGP neighbors an exit path to the destination 4. NEIGHBOR-SHIP IN BGP network. Lowest MED is most desirable f. Weight (CISCO proprietary) – is not propagated to other There are thousands of routers all over the internet that run BGP routers. Local to the router only. representing over 21000 ASs. Any two routers that have formed a g. Others TCP connection to exchange BGP routing information are called BGP neighbors or BGP peers [2]. Items a, b, c are well-known mandatory attributes while d is an A BGP router has direct relationship with only a few number of example of well-known-discretionary attribute. MED is an optional BGP routers. As per rules, EBGP neighbors are to be directly non-transitive attribute. Weight has the greatest priority among all the connected. On the other hand, IBGP neighbors can be indirectly attributes listed above. connected. The route to a particular neighbor can be learnt dynamically through any routing protocol or can be statically 6. BGP PATH SELECTION PROCESS. assigned. Information exchanged between BGP neighbors is what enables them BGP supports Multi-homing and Multi-roaming. Hence, the BGP to learn routes to any advertised network. Every router which has forwarding table has multiple options to choose from to reach a BGP configured on it is called a BGP speaker. BGP peer on the other particular network. Unlike IGP, paths are chosen based on policy hand is a ” BGP speaker that is configured to form a neighbor rather than hop-count or Bandwidth (or any other metric for that relationship with another BGP speaker for the purpose of directly matter). The BGP path-selection process is based on the process of exchanging BGP routing information with each other” [2]. They can elimination until a single best path is found. If it has the lowest AD be internal or external. value among all the routes submitted, it is registered in the routing Two routers connected to each other and having BGP configured on table. them have to successfully pass the TCP three way handshakes before the neighbor-ship session can be established between them.

The Route Selection process is validated first by verifying whether it has a valid hop or not with no AS loops. Then paths are considered according to their priorities in the following order:

1. Highest Weight. 2. Highest Local Preference. 3. Originated by local router 4. Shortest AS-path 5. Lowest origin code (IGP < EGP < Incomplete) 6. Lowest MED 7. EBGP path > IBGP path 8. Higher preference to path through closest IGP neighbor (when in “no synch” mode. see VII) 9. Oldest route for EBGP path 10. Higher preference to lowest neighbor BGP router ID 11. Higher preference to lowest neighbor IP address

A BGP routing table showing some of the metrics is as shown in Figure 2.

Figure 3. Network as configured on GNS3.

As shown in the above figure, We have configured 4 routers namely R1, R2, R3 and R4. Each of the routers is a BGP speaker. R1 is configured in AS 65100, R2 and R3 in AS 65000 while R4 is configured in AS 65200. Three loopback addresses are configured on each router as shown. 11.0.1.1, 11.0.2.1, 11.0.3.1 are in R1, 22.0.1.2 22.0.2.2, 22.0.3.2 are in R2, 33.0.1.3, 33.0.2.3, 33.0.3.3 in R3 and finally 44.0.1.4, 44.0.2.4, 44.0.3.4 are configured in R4. Serial link exists between routers R1-R2 and R3-R4. A fast Ethernet link is used between R2-R3.

Figure 2. Interpreting BGP routing table.

A. BGP Synchronization Rule

The BGP synchronization rule is “Never use or forward a route learnt from an IBGP neighbor to an EBGP neighbor unless the same is learnt from any IGP protocol”. If an autonomous system will be acting as a transit AS to pass traffic from one AS to another, all the routers in the transit AS have to learn routes to reach both the communicating AS through an IGP routing Figure 4. BGP forwarding table. protocol. However, if the routes are advertised to the ASs before the routers in the transit AS have learnt the routes, then the packets Synchronization is enabled by default. In Figure. 3, since would be dropped as they come in to the transit AS. To prevent this synchronization is enabled at R2, it does not forward the paths learnt from happening BGP has to wait till IGP has propagated the routes to from its IBGP neighbor R3 and hence R1 does not know the routes to all the routers in the Transit AS. Thus BGP has to be synchronized loopback addresses in R3 and R4. with IGP. This mode is enabled by default. However, When an AS is not configured to act as a transit AS, However, when synchronization is disabled at R2 then the forwarding Synchronization can be disabled. You can also disable table looks like – synchronization when all the routers in the AS have been configured with BGP.

Figure 7. Route-Manipulation using Local-preference.

B. Using AS-path

Figure 5. BGP table with synchronization disabled. When a route passes through an AS system, the AS number is added to an ordered list of AS the route has traversed. With Synchronization disabled, R2 advertises the loopback network Route Manipulation using AS-path is similar to manipulation using configured on R3 and R4 to R1. local preference. Synchronization has been disabled by default in Cisco IOS Software Release 12.2(8) and later. Commands for route-manipulation using as-path are as follows

7. ROUTE-MANIPULATION

Consider the network as shown in Figure 3. All of the routers are configured with BGP. Route-manipulation techniques are described as follows. Figure 8. Commands for route-manipulation using as-path.

A. Using Local-preference Here all the traffic incoming from neighbor 22.0.1.2 would have two

AS numbers prepended in their path field as shown. Local-Preference attribute determines the preference of an exit point from the AS. Thus, this attribute is used to select a particular exit point from the AS. Suppose we have incoming as well as outgoing traffic from multiple neighbors and would want that the traffic to the destination be routed through a particular neighbor. Then, such route-manipulations can be done using the following commands in global configuration mode.

Figure 6. Commands for route-manipulation using local-preference

Now, all the routes incoming from neighbor 22.0.1.2/24 have local preference of 2000. Local-preference is local to AS, i.e. Routers within the same AS exchange this attribute.

Figure. 9 Route-manipulation using as-path.

C. Selective Route-manipulation using MED.

The Multi-Exit Discriminator (MED) attribute is a suggestion to the external receiving AS about the preferred path into an AS which has multiple entry points. Attributes pertaining to a particular route can also be edited. You can edit weight, local preference, as-path and also MED of the route as shown in the example below.

E. Aggregation and route-filtering using route-filtering using prefix list.

Border Gateway Protocol (BGP) allows the aggregation of specific routes into one route in such a way that advertisement of that single route is possible. It is used to reduce the number of routes registered in the routing table. [5].

On R3 router,after aggregation, the routing table now conatins 4 routes of 44 network – 3 routes having /24 mask and 1aggregated route with /22 mask as follows.

Figure 10. Example network for route-manipulation using MED

Figure 11. Commands for route-manipulation using MED

Here in this example we needed that the traffic from ip address 22.0.1.0 be routed through 22.0.1.2 and not from 13.0.0.3. As you can see by increasing the metric of the route from 13.0.0.3 we have sucessfully made the route through 22.0.1.2 as the best path.

Figure. 13 – Routing table

It is also possible to send only the summarized routes to the neighbor.

An alternate way to send summarized routes is through prefix list. Prefix list will filter routes on the basis of prefix mask on R4 router, the commands are as follows.

router bgp 65200 neighbor 33.0.1.3 prefix-list abc out ip prefix-list abc seq 5 deny 44.0.0.0/8 ge 23 ip prefix-list abc seq 10 permit 0.0.0.0/0 le 32

This will filter all the routes of class A network 44.0.0.0/8 having mask greater than or equal to 23 from being sent to R3 router.

Figure.12 – route-manipulation using MED F. Route-manipulation using Community list

D. Route-manipulation using weight Community list is a tagging mechanism in which the routes in the list are tagged before they are sent. The receiving router matches the tag Weight is a CISCO proprietary attribute which has greater preference and performs route manipulation. Here in our e.g. on R4 router we than any other attribute. It is assigned locally to a router and is not will set a community string 8888 for all routes being sent to R3 propagated to other routers. router. Route manipulation using weight as an atrribute is similar to that of The commands would be using MED. Simply substitute the command “set metric 25000” to “set weight (to any number between 0 and 32768)”. However unlike metric, Higher the weight higher is the preference.

8. CONCLUSION AND FUTURE WORK

BGP’s role in the Internet Routing Infrastructure is paramount. Policy-Based routing techniques enable Enterprises and ISPs to interact efficiently. The BGP protocol is being used by both Service Figure14. Commands for setting Community list. providers and Enterprise networks. The architectural design goals of these two groups are very different which results in deployment of This will set community string 8888 to all routes being sent to R3 BGP in different environments. The idea is to break out the goals, router but as community string is non transitive, tag will not be and provide corresponding solutions for each group so as to assist forwarded to other AS. However, In order to forcefully send it we can effective operation. In this paper, we discussed the policy based use the command operation of BGP and analyzed the various parameters involved in its operation to provide such optimized solutions. neighbor 33.0.1.3 send-community Once a neighbor relationship has been established, the routers exchange routing information with each other. These routers are vulnerable to the Man in the Middle (MIN) attack as they have no way of authenticating the BGP update they receive from their neighbors. As discussed in section 6. , a BGP update contains information about all the Autonomous Systems the packet has traversed to reach a particular AS. However, the attacker can inject fake AS numbers thereby compromising the authenticity of the update. Validation of the source and path of the BGP update message without much change in the existing architecture is critical.

9. REFERENCES

Figure 15. Community list table 1. CISCO IOS IP and IP routing configuration guide. The community String thus created can be used for Route 2. Building Scalable CISCO Internetworks, Volume 2, Student manipulation. For e.g. Guide. 3. http://www.gns3.net/ 4. Router IOS used include c7200 and c 3600 series. 5. http://www.cisco.com/en/US/docs/internetworking/technolog y/handbook/bgp.html 6. http://www.gns3.net/ 7. http://tools.ietf.org/html/rfc1771 - RFC for BGP-4. 8. “Communication Networks” by Alberto Leon Garcia, Indra Widjaja. 9. “Secure Border Gateway Protocol (S-BGP)”, Stephen Kent, Charles Lynn, and Karen Seo, IEEE JOURNAL ON Figure 16. Commands for Route-manipulation using Community list SELECTED AREAS IN COMMUNICATIONS, VOL. 18, NO. 4, APRIL 2000 This will set weight 33333 for all routes having string 8888. 10. “Optimal Configuration for BGP Route Selection” Thomas C. Bressoud, Rajeev Rastogi and Mark A. Smith. 11. “Study on the AS relationship based inter-domain routing”, Ruijun Wang; Hongjun Wang; Cuirong Wang; Yuan Gao, Parallel and Distributed Computing, Applications andTechnologies, 2003. PDCAT'2003. Proceedings of the Fourth International Conference, 2003, 42-46. 12. “A Case Study in Understanding OSPF and BGP Interactions Using Efficient Experiment Design”, D. Bauer M. Yuksel C. Carothers S. Kalyanaraman, Principles of Advanced and Distributed Simulation, 2006. PADS 2006. 20th Workshop, June 2006.

Figure 17. BGP table showing the edited weight.