Figure 6-10. Interconnecting three ASes using BGP
Border Gateway Protocol (BGP) is currently in its fourth version, which is defined in RFC1771. Although the Core protocol has not changed since 1995, there have been some additions to it.
BGP is an EGP. All of the other routing protocols that I have discussed so far in this chapter are IGP. In the usual configuration, IGP protocols function purely within an AS, while EGP protocols are used to interconnect ASes. The main exception to this rule is that sometimes an IGP can be used in a limited function to link together two ASes running a different protocol. For example, you can link two OSPF ASes using EIGRP or RIP. However, using a real EGP offers many important advantages.
BGP is by far the most popular EGP. There is an earlier EGP protocol called, confusingly enough, EGP. But BGP is much more robust and offers many more useful features for policing traffic flows. Most importantly, BGP Version 4 allows fully classless routing.
Classless routing is important because there are many cases where organizations want either to subnet or to supernet their address ranges. I have already discussed subnetting. Supernetting is a similar idea, except that it allows an organization to group together a number of contiguous smaller class networks.
For example, suppose an organization uses four unregistered Class C networks, 192.168.4.0/24, 192.168.5.0/24, 192.168.6.0/24, and 192.168.7.0/24. They could distribute routing information to these four addresses by means of the supernet route 192.168.4.0/22. Similarly, two different organizations might opt to share the Class B range 172.19.0.0/16. So one could use 172.19.0.0/17, and the other 172.19.128.0/17. They could then exchange all of their routing information with a single simple summary.
This feature, called Classless Interdomain Routing (CIDR), is becoming relatively common throughout the Internet. This is because the growth of Internet participation has led to a drastic shortage of IP addresses. So the IETF has been forced to get creative with its address allocation. Since BGP is the primary routing protocol for interconnecting organizations on the Internet, it has become completely classless.
The Internet presents some interesting challenges to a routing protocol. There are some regions of the Internet that share a common backbone. However, internationally the Internet is best viewed as a completely arbitrary collection of interconnected networks.
A large number of individuals and organizations connect to the Internet through one or more Service Provider networks. These Service Provider networks in turn connect with one another and with high-speed Internet backbone networks that are themselves essentially just fast Service Provider networks. In addition, there are a number of educational and governmental organizations that behave almost like Service Provider networks by acting as interconnection points for a number of other networks.
Internally, each Service Provider network may use any routing protocol to distribute routing information. Also internally, these networks form one or more ASes. When connecting to other networks—either client networks or other Service Providers—these networks use BGP to share routing information.
So BGP must share routing information between ASes. It must also summarize information about what routes lie behind each AS. Devices on my network need to get to some distant part of the world by first passing through my Service Provider. My Service Provider needs to know that it can reach this network through some other Service Provider, and so forth, until my packet finally reach its destination.
In short, BGP functions not router to router, but AS to AS. It resolves loops and finds the shortest path in AS-sized chunks.
BGP also has another more complex role to play in AS-to-AS routing. Some organizations might want to take part in the Internet (or, for that matter, any shared IP network). But they might not be willing to act as a conduit for traffic between other organizations. So BGP has a filtering function that allows considerable control over what routes are distributed to which AS neighbors.
BGP uses a different routing algorithm than either RIP or OSPF. Like RIP, it only keeps track of information about the nearest hops and the routes that can be reached through them. But unlike RIP, it doesn't use a simple metric to decide which path is the best. Instead, it maintains information about the entire path to the destination. The method for doing this is called a Path Vector Algorithm.
This means that every route that BGP knows about is accompanied not by a simple number representing cost or distance, but by the actual path. It is easy to avoid loops when you can look at the whole path and see that the same intermediate step appears more than once. The path is not a sequence of routers, but a sequence of ASes, which is why it is called AS_PATH.
If Autonomous Systems exchange routing information using BGP, then each one must have one or more routers that speak both BGP and the IGP. These routers are called Autonomous System Boundary Routers (ASBR). Figure 6-10 shows how three ASes might be connected.
Figure 6-10 shows two BGP ASBR routers in each AS for redundancy. These ASes could be running any combination of IGP protocols, such as OSPF, RIP and EIGRP. The two ASBR routers inside each AS communicate with one another using iBGP, the interior protocol. ASBR routers in different ASes use eBGP, the exterior protocol. This is an important distinction because two routers that provide access to each AS must present a unified picture of what is inside. This means they share a common view of the interior of the AS, and they also share the most up-to-date information about all of their AS neighbors.
You have to configure a full mesh of iBGP connections between all of the ASBR routers in each AS. Every ASBR connection, whether iBGP or eBGP, uses a TCP session to exchange routing information. This TCP session is not discovered, but must be manually configured on each router, and it then remains permanently active.
However, as mentioned earlier in this book, fully meshed networks do not scale very well. So there have been some additions to the BGP protocol that aim to relax this requirement. The most important of these protocol additions are Route Reflection (discussed in RFC 2796) and BGP AS Confederations (RFC 3065). These documents are both relatively recent, so not all router vendors have implemented their recommendations. Even those that have incorporated these options have only done so recently, so older equipment may not support them.
There are many different ways of connecting ASes. An AS may have only one ASBR and connect only to one other AS. In this case the routing information that it conveys to the rest of the world only concerns its own IP addresses. This is similar to an AS that has multiple Access points but does not allow traffic to pass through it. These are both called nontransit ASes.
A third option is an AS that has multiple Access points and allows traffic to pass through it. This is called a transit AS. In Figure 6-10, there is no connection between AS 200 and AS 300. To allow devices in these two networks to communicate with one another, AS 100 must pass along routing information received from each to the other. However, AS 200 and AS 300 only need to pass along their own summary routing information into AS 100.
A useful feature of BGP is the ability to restrict what routing information is conveyed. This in turn has the effect of restricting whether a particular AS is used for transit between other ASes. So, for example, an AS might be configured to provide transit services for some external networks, but not others. This can be done either per-network or per-AS. It might only pass transit information to some of its downstream neighbors.
Since BGP uses AS Numbers to identify routing elements, there must be rules for how these AS Numbers are allocated. If BGP is to work on the public Internet, then clearly two organizations can't both use—for example, AS Number 100. A conflict in AS Numbers is as serious as a conflict in IP addressing. AS Numbers detect routing loops, so they must be globally unique.
The standard rules for allocating AS Numbers are defined in RFC 1930. These rules apply to all IP networks and to all routing protocols. The range from 64,512 to 65,534 (and possibly also 65,535) is reserved for private networks. These AS Numbers cannot be advertised on the public Internet. This is similar to the private use of unregistered IP address ranges such as 10.0.0.0/8. So it makes a great deal of sense to use AS Numbers from this range particularly for any AS that uses unregistered IP addresses. This way neither the addresses nor the AS Numbers will ever be in danger of reaching the public Internet.
The AS Numbers from 1 through 22,527 have been divided up among three main international Internet standards organizations[3] to allocate to networks that connect to the public Internet. Of the remaining numbers, 0 and the range from 22,528 through 64,511 are currently held in reserve by the IANA for future purposes. There is some inconsistency between IANA documents and RFC 1930 in the availability of AS Number 65,535. The IANA indicates that this number is reserved, while RFC 1930 lists it as part of the unregistered range. So it is probably best to avoid using 65,535 to avoid possible future compatibility problems.
[3] In the Americas, Caribbean, and sub-Saharan Africa, ARIN (American Registry for Internet Numbers, http://www.arin.net) is responsible for allocating all AS numbers. In Asia and the Pacific region, this is done by AP-NIC (Asia Pacific Network Information Centre, http://www.apnic.net). RIPE NCC (Réseaux IP Européens Network Coordination Centre, http://www.ripe.net) allocates these numbers for Europe.
BGP is useful anywhere two or more ASes need to exchange routing information dynamically. If the information never changes, then it is considerably simpler to just use a static route.
Many factors lead to networks requiring continuously updated routing information. For example, there might be more than one way to get to a distant AS. Figure 6-11 shows four ASes. To get from AS 100 to AS 400, a packet can go through either AS 200 or AS 300. It might have an administrative reason for preferring one of these paths, but if the preferred path becomes unavailable, it will need to switch to the other.
However, there is a simpler reason for needing to use a dynamic EGP protocol in Figures 6-10 and 6-11. Both of these cases have multiple ASBR routers. For example, there are two ASBR routers in AS 100 and AS 200. There are then four paths between these two ASes. A static route would not allow the network to use these paths for redundancy.
BGP is unnecessary in the simple example of one AS connecting to the Internet via a single Service Provider. In this case the ISP can easily handle all inbound traffic with a single static route that summarizes the block of registered addresses for this client network. All outbound traffic is handled similarly by directing the route 0.0.0.0/0 to the Service Provider's network. This is the configuration that most organizations use to connect to the public Internet. So most of these organizations do not need to use BGP for their Internet connections. Consequently, they do not need to register an AS Number.
BGP becomes useful to the client, however, when the network uses two or more different ISPs. Then they can configure BGP to give redundancy in the Internet connection. In this case the network needs a registered AS Number, even if the client network is not configured to allow transit from one ISP to another. In this case the designer will want to configure BGP to distribute the routes for the internal AS only. This will prevent the client network from becoming transit capable.