BGP peer-session and peer-policy templates


A Peer template is a pattern, a model that can be used to facilitate the management of  BGP peer configuration. Templates are much more flexible than Peer-group because of the concept of inheritance, in which a common template can be inherited by more specific templates according to a hierarchical scheme.

Two types of templates are available: peer-session templates for session establishment and peer-policy templates for prefix advertisement policies.

Without a prior good planning, peer-templates can turn into a mess,  the key is to organize commands by groups from the most common (at the root and nodes of the tree) to the most specific (towards leaves).

Each template in the tree can be applied directly as a configuration pattern for a BGP peer or inherited by an more specific template for more granularity(Figure1).

Figure1: Tree of inheritance

Figure 2 illustrates the topology used to deploy peer-templates: ISPA (AS 56000) connects five customers (AS 56501, 56502, 56503, 56504 and 56505), ISPA is connected in its turn to an upstream ISPB (AS 55000).

Figure2: Topology

The hypothetical policy requirements are as follows:

*  One inbound policy is common to all clients, so the root template in the hierarchy of inheritance will contain common policy commands to all categories:

– Receive only Customer prefixes.

– ISPA accept maximum 2 prefixes from each client.

 * Outbound policies on ISPA to clients are organized in three categories:

1- Policy1 – Advertise only the default route: “Default_Only” template.

2- Policy2 – Advertise the default route and only ISPA (direct upstream) routes: “Default_n_Local” template.

3- Policy3 – Advertise full BGP (ISPA, ISPB and other clients prefixes): “Full_BGP” template.

The following table resumes the policies and common configurations between ISPA and its downstream customers :

Table 1: configuration and policies

 

 

R1-ISPA

R2-ISPA

R3-ISPA

R4-ISPA

R5-ISPA

Session

BGP version & timers

x

Direct interface eBGP

 

 

x

 

x

eBGP between loopback interfaces :

– set eBGP TTL to 2

– specify loopback as source of updates

 

x

 

x

 

Policy

Outbound policy

Policy 1 (Only default route)

x

x

 

 

 

Policy 2 (default route + ISPA local networks)

 

 

x

x

 

Policy 3 (Full BGP)

 

 

 

 

x

Inbound policy

Policy 4 Accept only customer prefixes  (max 2).

x

 

description

own

own

own

own

own

 

Configuring Peer-Session Template

Let’s start by configuring BGP sessions with customers.

Under BGP configuration mode ,templates are designed according to table1:

ISPA:

template peer-session Common_Session_Config

  version 4

  timers 30 90

 exit-peer-session

This template is common to all sessions and considered as the root peer-session template.

template peer-session Indirect_eBGP

  ebgp-multihop 2

  update-source Loopback0

  inherit peer-session Common_Session_Config

 exit-peer-session

This one inherit commands from the “Common_Session_Config” template in addition to its own commands.

ISPA#sh ip bgp template peer-session

Template:Common_Session_Config, index:1

Local policies:0x22, Inherited polices:0x0

 *Inherited by Template Indirect_eBGP, index= 2

Locally configured session commands:

 version 4

 timers 30 90

Inherited session commands:

 

Template:Indirect_eBGP, index:2

Local policies:0x88, Inherited polices:0x22

This template inherits:

  Common_Session_Config index:1 flags:0x0

Locally configured session commands:

 ebgp-multihop 2

 update-source Loopback0

Inherited session commands:

 version 4

 timers 30 90

 

ISPA#

Now each neighbor will just inherit the template and apply included commands:

router bgp 56000

 neighbor 1.1.1.1 remote-as 56501

 neighbor 1.1.1.1 inherit peer-session Indirect_eBGP

 

 neighbor 2.2.2.2 remote-as 56502

 neighbor 2.2.2.2 inherit peer-session Indirect_eBGP

 

 neighbor 4.4.4.4 remote-as 56504

 neighbor 4.4.4.4 inherit peer-session Indirect_eBGP

 

 neighbor 10.1.12.2 remote-as 56503

 neighbor 10.1.12.2 inherit peer-session Common_Session_Config

 

 neighbor 10.1.20.2 remote-as 56505

 neighbor 10.1.20.2 inherit peer-session Common_Session_Config

BGP sessions are built according to applied templates:

ISPA#sh ip bgp summ

BGP router identifier 100.1.1.1, local AS number 56000

BGP table version is 7, main routing table version 7

6 network entries using 702 bytes of memory

6 path entries using 312 bytes of memory

7/6 BGP path/bestpath attribute entries using 868 bytes of memory

5 BGP AS-PATH entries using 120 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 2002 total bytes of memory

BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

1.1.1.1         4 56501      26      31        7    0    0 00:10:39        1

2.2.2.2         4 56502      12      18        7    0    0 00:04:11        0

4.4.4.4         4 56504       7      12        7    0    0 00:01:15        1

10.1.12.2       4 56503       7      12        7    0    0 00:02:48        1

10.1.20.2       4 56505       5      10        7    0    0 00:00:29        1

200.2.2.2       4 55000      34      39        7    0    0 00:30:36        1

ISPA#

 

ISPA(config-router)#do sh ip bgp

BGP table version is 11, local router ID is 100.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.0.0.0/24      1.1.1.1                  0             0 56501 i

*> 11.0.0.0/24      1.1.1.1                  0             0 56501 i

*> 12.0.0.0/24      1.1.1.1                  0             0 56501 i

*> 13.0.0.0/24      1.1.1.1                  0             0 56501 i

*> 20.0.0.0/24      2.2.2.2                  0             0 56502 i

*> 30.0.0.0/24      10.1.12.2                0             0 56503 i

*> 40.0.0.0/24      4.4.4.4                  0             0 56504 i

*> 50.0.0.0/24      10.1.20.2                0             0 56505 i

*> 55.55.0.0/16     200.2.2.2                0             0 55000 i

*> 56.56.0.0/16     0.0.0.0                  0         32768 i

ISPA(config-router)#

Without any policy applied client routers R1, R2, R3, R4 and R5 receive all prefixes (equivalent of full BGP) as shown in the following routing table of R1:

R1#sh ip bgp

BGP table version is 11, local router ID is 10.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.0.0.0/24      0.0.0.0                  0         32768 i

*> 11.0.0.0/24      0.0.0.0                  0         32768 i

*> 12.0.0.0/24      0.0.0.0                  0         32768 i

*> 13.0.0.0/24      0.0.0.0                  0         32768 i

*> 20.0.0.0/24      100.1.1.1                              0 56000 56502 i

*> 30.0.0.0/24      100.1.1.1                              0 56000 56503 i

*> 40.0.0.0/24      100.1.1.1                              0 56000 56504 i

*> 50.0.0.0/24      100.1.1.1                              0 56000 56505 i

*> 55.55.0.0/16     100.1.1.1                              0 56000 55000 i

*> 56.56.0.0/16     100.1.1.1                0             0 56000 i

R1#

 

Peer-policy Template configuration

ISPA:

ip as-path access-list 10 permit ^([0-9]+)$

 

router bgp 56000

 template peer-policy Common_Policy_Config

  filter-list 10 in

  maximum-prefix 2

 exit-peer-policy

 

ip prefix-list NOTHING_plist seq 5 deny 0.0.0.0/0 le 32

 

router bgp 56000

template peer-policy Default_Only

  prefix-list NOTHING_plist out

  default-originate

 exit-peer-policy

 

ip as-path access-list 20 permit ^$

 

router bgp 56000

template peer-policy Default_n_Local

  filter-list 20 out

  default-originate

  inherit peer-policy Common_Policy_Config 10

 exit-peer-policy

 

access-list 11 permit any

 

route-map Full_BGP_rmap permit 10

 match ip address 11

 

router bgp 56000

 template peer-policy Full_BGP

  route-map Full_BGP_rmap out

  inherit peer-policy Common_Policy_Config 10

 exit-peer-policy

 

ISPA#sh ip bgp template peer-policy

Template:Default_Only, index:2.

Local policies:0x480, Inherited polices:0x0

Locally configured policies:

  prefix-list NOTHING_plist out

  default-originate route-map none

Inherited policies:

 

Template:Common_Policy_Config, index:1.

Local policies:0x80004, Inherited polices:0x0

 *Inherited by Template Default_n_Local, index:3

 *Inherited by Template Full_BGP, index:4

Locally configured policies:

  filter-list 10 in

  maximum-prefix 2

Inherited policies:

 

Template:Default_n_Local, index:3.

Local policies:0x408, Inherited polices:0x80004

This template inherits:

  Common_Policy_Config, index:1, seq_no:10, flags:0x408

Locally configured policies:

  filter-list 20 out

  default-originate route-map none

Inherited policies:

  filter-list 10 in

  maximum-prefix 2

 

Template:Full_BGP, index:4.

Local policies:0x2, Inherited polices:0x80004

This template inherits:

  Common_Policy_Config, index:1, seq_no:10, flags:0x2

Locally configured policies:

  route-map Full_BGP_rmap out

Inherited policies:

  filter-list 10 in

  maximum-prefix 2

 

ISPA#

 

Apply peer-policy-template

ISPA:

router bgp 56000

 neighbor 1.1.1.1 inherit peer-policy Default_Only

 neighbor 2.2.2.2 inherit peer-policy Default_Only

 neighbor 4.4.4.4 inherit peer-policy Default_n_Local

 neighbor 10.1.12.2 inherit peer-policy Default_n_Local

 neighbor 10.1.20.2 inherit peer-policy Full_BGP

R1 (1.1.1.1) and R2 (2.2.2.2) will receive only default route from ISPA.

R3 (10.1.12.2) and R4 (4.4.4.4) will receive default route and ISPA prefixes.

R5 will receive all routes (full BGP).

ISPA#clear ip bgp *

 

R1: (After applying peer-policy template on ISPA)

R1#sh ip bgp

BGP table version is 48, local router ID is 10.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          100.1.1.1                0             0 56000 i

*> 10.0.0.0/24      0.0.0.0                  0         32768 i

*> 11.0.0.0/24      0.0.0.0                  0         32768 i

R1#

 

R2: (After applying peer-policy template on ISPA)

R2#sh ip bgp

BGP table version is 55, local router ID is 20.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          100.1.1.1                0             0 56000 i

*> 20.0.0.0/24      0.0.0.0                  0         32768 i

R2#

 

R3: (After applying peer-policy template on ISPA)

R3#sh ip bgp

BGP table version is 20, local router ID is 30.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          10.1.12.1                0             0 56000 i

*> 30.0.0.0/24      0.0.0.0                  0         32768 i

*> 56.56.0.0/16     10.1.12.1                0             0 56000 i

R3#

 

R4: (After applying peer-policy template on ISPA)

R4#sh ip bgp

BGP table version is 4, local router ID is 40.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          100.1.1.1                0             0 56000 i

*> 40.0.0.0/24      0.0.0.0                  0         32768 i

*> 56.56.0.0/16     100.1.1.1                0             0 56000 i

R4#

 

R5: (After applying peer-policy template on ISPA)

R5#sh ip bgp

BGP table version is 8, local router ID is 50.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

              r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.0.0.0/24      10.1.20.1                              0 56000 56501 i

*> 20.0.0.0/24      10.1.20.1                              0 56000 56502 i

*> 30.0.0.0/24      10.1.20.1                              0 56000 56503 i

*> 40.0.0.0/24      10.1.20.1                              0 56000 56504 i

*> 50.0.0.0/24      0.0.0.0                  0         32768 i

*> 55.55.0.0/16     10.1.20.1                              0 56000 55000 i

*> 56.56.0.0/16     10.1.20.1                0             0 56000 i

R5#

And R5 has received the full BGP routing table.

Tags: ,
Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

One Response to BGP peer-session and peer-policy templates

  1. Arpan says:

    Thanks for this post. I have been using BGP template for past 2 years and has been really fascinated by the ease of the concept. It does really simplify BGP peering procedure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: