Over his last few blog posts, Jeff Doyle has been extolling the virtues of BGP and providing design tips. While I don't portend to have Jeff's knowledge about BGP, I have always been a huge fan of the protocol. My affection for BGP has grown in the last few years as we have used it as the core routing protocol for our internal, enterprise network.
On the global enterprise networks I worked on earlier in my career, BGP was used to interconnect regional IGP autonomous systems. eBGP was used on the few large, expensive, international circuits that connected the regions. Inside the region an IGP was used for in-country routing - either OSPF or EIGRP. Sometimes there was iBGP, but there were often synchronization problems that led to routing loops. Often eBGP was just redistributed into the IGP, but that was incredibly messy. This was the after affects of hastily done network conversions. It was easier to redistribute than build a proper iBGP network inside each region that was supported by the IGP.
Over the last three years, MPLS (RFC 2547bis) has exploded into enterprise networks. While many carriers will support OSPF, RIP (gasp!), or EIGRP on links to customers, none do it enthusiastically. Some require special engineering approval. Since their MPLS backbones are based on BGP, they want enterprise customer to use BGP.
Considering what I had seen earlier in my career and the carriers' requirement to use BGP, our team set out last year to build a highly scalable and proper BGP design to support our forthcoming MPLS conversion. During a week-long engineering conference we toyed with redistribution...then we delved into iBGP with an IGP inside each region. We were held back by the belief that since OSPF, at the time, was our core routing protocol, we had to continue using it in the same fashion. However, as we worked through the design, it became clear the best path was the embrace BGP as our core routing protocol and relegate OSPF to a site routing protocol. When we made that decision, our new routing design began to flourish.
The basic tenant of our design is each site in the network - no matter the size - is its own BGP AS using private BGP AS numbers. That provides 1,024 AS numbers which is more than enough for our network (that may not be enough for very large networks, but MPLS carriers are happy to AS override for you). With each site in its own AS, the WAN links at each site - be they MPLS, private-line, or GRE tunnel - would run eBGP. Now, BGP became our core WAN routing protocol. This met the MPLS carriers' requirements and made our WAN routing much simpler. We now had a protocol with the scalability to handle thousands of routes and with enough protocol features (filter-lists, route attributes, communities, etc.) to implement routing policy (something OSPF lacks).
Next we developed what I feel is the best part of our BGP design. At each site in our network all traffic flows through the core. So, we used this rule to design BGP. The core routers (high-end Cisco 7600s) are the center of BGP at each site. These 7600s are iBGP route-reflector clusters that peer iBGP to the WAN routers. By using a route-reflector cluster we avoid the iBGP full-mesh problem. The cores create all BGP routes (via the BGP "network" command) and advertise those routes to the WAN routers. The WAN routers then advertise those routes to eBGP peers over the WAN (MPLS, other sites, etc). Filtering policy is done at the edge on the WAN routers. The cores learn routes for external sites via iBGP from the WAN routers (who already learned the routes via eBGP). Thus, the core routers know all routes in the entire network. BGP easily scales to handle these global routes, unlike OSPF which does not handle thousands of routes well. This sets up a very elegant and fast BGP design. Failover is within 5 seconds when a WAN link goes down and the design can scale quickly.
OSPF is still used, but only for local LAN routing and to allow iBGP to establish between loopback interfaces. The cores, since all packets flow through them, advertise a default route into OSPF. A packet that enters the LAN that is destined for a remote site follows the default route to the core. Since, as I mentioned, the core routers know all the routes in the network, they make the proper next-hop decision to the appropriate WAN router based on iBGP. By using a default route to bring traffic to the core routers, no routing protocol redistribution is necessary. This makes OSPF and BGP very stable.
This is the base routing design of our network. However, this simply cracks the surface of what we've done with BGP in the last 2 years. Over the next few posts, I'll dive deeper into how we've utilized BGP. If you aren't using BGP, start thinking about it. It's a great protocol and, used correctly, can add significant power to your routing design.
Michael Morris is a communications engineering manager at a $3 billion high-tech company. His background is in enterprise WANs working with telcos, and developing large-scale routing designs. He has worked on networks at government and corporate organizations, including networks at two Fortune 10 companies. In his current role, he leads large-scale IT networking projects and develops and maintains architectural standards for data networks, storage area networks, IP Telephony, and security. Michael is a CCIE and has 11 years experience in networking and communications, including four years as a paratrooper in the U.S. Army. He has a bachelor's degree in MIS from the University at Buffalo. Recently, he was awarded the Network Professional Association® (NPA) Professional Excellence and Innovation Award for his work on network architecture, templates and enterprise MPLS design.
|
|
BGP implementation
Michael,
Great article. We are just implementing BGP on our network for increased uptime.
Would you have a network diagram with the topology described ?
Thanks
ndegwa
Alternative eBGP Approach
I am seeing more of our customers adopt the BGP-everywhere design. Only a single protocol spanning the whole enterprise network can assure a stable, loop-free topology.
An alternative approach that has some merits would be the use of eBGP on all paths instead of using iBGP for LAN segments.
In some cases the differing default administrative distance values applied to eBGP and iBGP routes in a CE router can lead to incorrect forwarding behavior (such as preferring a WAN eBGP path over a more direct LAN iBGP path). Additional complexity may be needed in the CE router configuration to overcome this.
Using eBGP everywhere eliminates the administrative distance issue and makes BGP more "IGP-like" in behavior and configuration. All routers behave the same way. No added complexity is needed at the eBGP/iBGP boundary.
The downside is the need to apply a unique AS number in every router. And such a renegade private network would obviously not support a contiguous BGP connection to the public Internet (but that is easy to work-around, such as using a short IGP hop). And the service provider should disable AS override.
Anyway, its another way to look at it. Remember that a private network is not the Internet, and assumed convetional wisdom for BGP may not apply. Although a bit odd, I believe using eBGP everywhere in a private network is viable.
Toby Jessup
SWAT Engineer
Qwest Communications
Very Nice Design
We just completed a large company aquasition, we are using BGP as the core routing protocol, with OPSF, EIGRP and RIP domains. Creating standards for one IGP.
We have so many duplicate addresses between organisations that we created Prefix-Lists and marked the prefixes with communities. In order to manage the distribution of the prefixes. Not to mention the issues with mutual redistribution. I really like your idea of a core router default route to into ospf.
Also, We acquired a domestic (US) Mansaged MPLS network running EIGRP in the VRF. We will convert this network an unmanaged MPLS network with BGP, different AS numbers per site as a standard. as well, we are deploying another regional MPLS network with BGP. The biggest issues here are again route management and QOS.
Our's is a complicated design, I enjoyed reading your article. Wish I could have spoken to you in advance.
Best Regards,
Steve
This design is out of this
This design is out of this world, I am also planning to have BGP in our network, but before that I would like to have advice from you about few things
1)Can we use Internet link as a failover to MPLS for voice trafic
2)What are the parameters I should consider for the same
RE: This design is out of this
Hi Girish,
Thank you for the kind words. :-)
To answer your questions:
#1 - Yes, but it depends. The backbones of US and (mostly) EMEA ISPs have large enough capacity to prevent packet drops and latency issues. So, running voice over these networks is generally ok. In Asia it's another issue. For example, the China and India Internet backbones, especially at the peering points to other ISPs, often have capacity issues and poor routing. Stay away from that.
At the edge where most capacity issues occur, it will depend on the bandwidth you have to the ISP. Since QoS is not possible (please no replies about how some ISPs offer QoS marking on ISP links), you will need to oversubscribe your Internet access circuits. But, more bandwidth does not always mean better performance, so proceed with caution. We have a few sites that use Internet tunnels to backup the MPLS circuits. We recently decided to block Voice Signaling on these tunnels to force VoIP phones to SRST mode should the MPLS circuit go down. So, the site still has data connectivity, but Voice is in fail-over mode.
#2 - Can you give me an idea of what parameters you are concerned about? (you can privately e-mail me at ) if you like.
Thanks.
Mike
You said, "At each site in
You said, "At each site in our network all traffic flows through the core. So, we used this rule to design BGP. The core routers (high-end Cisco 7600s) are the center of BGP at each site."
What exactly do you mean by that? I would believe that you have 7600 routers at you core site only, and that these guys are running BGP.
Please correct me, I do not fully understand your topology here.
Thanks
Chuck
RE: You said, "At each site in
Hi Chuck,
We clasify our sites into tiers - Tier 1-5. Tier-1 and Tier-2 sites are large offices with expansive LANs. These sites, which the hub sites are, include dual 7600 core routers in their template. The architecture for these sites
has all service modules (LAN access, WAN, Internet, VPN) connected to the core. So, to get to anywhere, traffic has to flow via the core routers. Think of it as a flower with the middle being the core and the petals being the service modules.
Our smaller sites work on the same architectural concept, but have 3750s as the core and do not run routing protocols (only the WAN routers run BGP). We use static routes and HSRP here to reduce the complexity and licensing cost.
Hope this helps.
Michael J. Morris
CCIE #11733, JNCIA
Nice article
Not bad Mr. Morris. I read on nanog a case study of Sprint doing this a while ago where they were to switch to BGP for internal network.
Just few questions that come to my mind...Will you need more high end boxes to do this as BGP is CPU intensive? also in different part of the world transmission networks aren't very stable will things like flapping of link and BGP damping making life more difficult for NOC engineers?
/Majid
RE: Nice article
Thanks Majid.
No need for higher end boxes. We have most of our network running BGP with 2821s and 3845s. BGP is CPU intensive when there are thousands of routes to maintain. If you keep your internal routing tables small (maybe 1,000 routes) then it will be no problem. Now, if you throw the Internet routing table into your internal routers....well.......
Link flapping is part of any network - BGP, OSPF, EIGRP, RIP...whatever. You can use tools like dampening if needed, but we have not had that need yet.
Mike
You are a superb networking
You are a superb networking engineer (CCIE).
Airborne, Keep it coming!
CRAZY??? ;)