User Tools

Site Tools


wunca38-bgp:ixp_peering_lab

IXP Lab

Peering & IXP Workshop

Introduction

The purpose of this part of the lab is introduce an Internet Exchange Point into our lab. IXPs are a very important if not critical component of today’s Internet architecture, and it is vitally important to ensure the correct configuration so that network operators gain maximum advantage from their participation at an IXP.

Lab Topology

The lab topology has been further enhanced according to the diagram below.

Configuring the IXP links

Each group should now configure their link to the IXP according to the above diagram.

Physical Link

Consult the IP Address Plan document for the address space used by the IXP. Following the document, configure the interface on the Peering router accordingly.

interface GigabitEthernet 3/0
 description ASX0 link to IXP
 ip address 100.127.1.X 255.255.255.0
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:DB8:FFFF:1::X/64
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress all
 no shutdown
!

Note the subnet masks - this time the ethernet is NOT a point-to-point link but a shared LAN media. Once the interfaces have been configured, see if you can ping any of the other groups on their IXP addresses (both IPv4 and IPv6). Are you able to ping the Route Server too?

Configuring IS-IS

Do not configure IS-IS towards any IXP peer! They are not part of your autonomous system.

However, so that traceroutes across the IXP do not break, we might wish to carry the IXP LAN address block within our IS-IS (not iBGP). To do this, we simply mark the IXP facing interface as passive in the IS-IS configuration. Here is an example:

router isis asX0
 passive-interface GigabitEthernet 3/0

If you recall from the IS-IS presentation, this will tell IS-IS to announce the subnet attached to this interface.

Now all routers in your AS will see the IXP LAN address - check from your Core, Access and Border routers, just to make sure.

Configuring eBGP on IXP Peering Router with the IXP Route Server

We now configure eBGP on our Peering Router with the Exchange Point’s Route Server (we will add in bi-lateral BGP peering in a later lab, but for now we will just peer with the Route Server).

The Route Server sits in AS 65534 - this is a private AS, and is not visible on the public Internet. In fact, we don’t want this AS to be visible inside our own AS either, and that’s one of the unique features of a Route Server1 - it does not add its AS into the AS path when distributing prefixes to its eBGP neighbours.

DO NOT forget to filter what you hear from the Route Server, and what you send to the Route Server. You should only accept the address blocks originated by the other IXP participants (they may send you more by mistake!), and you should only send prefixes you originate!

Let’s set up the prefix-lists. First we need to create the prefix-list for our aggregate - we created it on our Border router earlier, but we now need it on our Peering Router:

ip prefix-list ASX0-block permit 100.68.X.0/24
!
ipv6 prefix-list ASX0-v6block permit 2001:DB8:X::/48

Then we need to set up inbound filters for the prefixes we expect to hear from the Route Server. Add a line for each group that we expect to hear from the Route Server. For example, Group 1 will only expect to hear prefixes from Groups 2 through 6 - IPv4 example:

ip prefix-list IXP-RS description IPv4 Prefixes heard from Route-Server
ip prefix-list IXP-RS permit 100.68.<first-group>.0/24
..etc..

Same for IPv6 - only add a line for each group we expect to hear prefixes for:

ipv6 prefix-list IXP-v6RS description IPv6 Prefixes heard from Route-Server
ipv6 prefix-list IXP-v6RS permit 2001:DB8:<first-group>::/48
..etc..

Once complete, each prefix list should have 5 entries in them.

And now we apply them to the BGP session. Here is a configuration sample - note that we are reusing some configuration we have set up earlier:

router bgp X0
 address-family ipv4
  neighbor 100.127.1.254 remote-as 65534
  neighbor 100.127.1.254 description eBGP with IXP RS
  neighbor 100.127.1.254 password ixp-rs
  neighbor 100.127.1.254 prefix-list ASX0-block out
  neighbor 100.127.1.254 prefix-list IXP-RS in
  neighbor 100.127.1.254 activate
!
 address-family ipv6
  neighbor 2001:DB8:FFFF:1::FE remote-as 65534
  neighbor 2001:DB8:FFFF:1::FE description eBGP with IXP RS
  neighbor 2001:DB8:FFFF:1::FE password ixp-rs
  neighbor 2001:DB8:FFFF:1::FE prefix-list ASX0-v6block out
  neighbor 2001:DB8:FFFF:1::FE prefix-list IXP-v6RS in
  neighbor 2001:DB8:FFFF:1::FE activate
!

Once this has been configured, has the BGP session with the Route Server established? If not, why not? What do the router logs tell you?

You will notice from the logs that the router is complaining about a BGP peer AS not being in the announced AS path - this is Cisco IOS protecting against improper BGP announcements because, according to the BGP RFC, the AS number of the neighbouring AS must appear as the adjacent AS in the AS PATH. And if you recall from early on in the notes, that was a special feature of the Route Server: its AS does not appear in the path.

So we need to turn this safety check off in IOS:

router bgp X0
 no bgp enforce-first-as

and once this has been done you will now see that the eBGP sessions with the Route Server will have been established.

What do you now see in the BGP table?

What about the routes between you and your private peer that you set up earlier? Which is the best path now? Through the IXP, or over the private peering link?

Explain what you see to the workshop instructors. What can we do about this2?

Appendix - Route Server Configuration

This appendix shows the configuration of the route server used for this workshop. It is Cisco IOS based - most route servers today run either on BIRD or the LINX modified version of Quagga3.

interface FastEthernet0/0
 description IXP LAN
 ip address 100.127.1.254 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:DB8:FFFF:1::FE/64
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress all
!
router bgp 65534
 bgp log-neighbor-changes
 bgp deterministic-med
 no bgp default ipv4-unicast
 neighbor ixp-peers peer-group
 neighbor ixp-peers password ixp-rs
 neighbor v6ixp-peers peer-group
 neighbor v6ixp-peers password ixp-rs
 neighbor 100.127.1.1 remote-as 10
 neighbor 100.127.1.1 peer-group ixp-peers
 neighbor 100.127.1.1 description AS10 peer
 neighbor 100.127.1.2 remote-as 20
 neighbor 100.127.1.2 peer-group ixp-peers
 neighbor 100.127.1.2 description AS20 peer
 neighbor 100.127.1.3 remote-as 30
 neighbor 100.127.1.3 peer-group ixp-peers
 neighbor 100.127.1.3 description AS30 peer
 neighbor 100.127.1.4 remote-as 40
 neighbor 100.127.1.4 peer-group ixp-peers
 neighbor 100.127.1.4 description AS40 peer
 neighbor 100.127.1.5 remote-as 50
 neighbor 100.127.1.5 peer-group ixp-peers
 neighbor 100.127.1.5 description AS50 peer
 neighbor 100.127.1.6 remote-as 60
 neighbor 100.127.1.6 peer-group ixp-peers
 neighbor 100.127.1.6 description AS60 peer
 neighbor 2001:DB8:FFFF:1::1 remote-as 10
 neighbor 2001:DB8:FFFF:1::1 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::1 description AS10 peer
 neighbor 2001:DB8:FFFF:1::2 remote-as 20
 neighbor 2001:DB8:FFFF:1::2 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::2 description AS20 peer
 neighbor 2001:DB8:FFFF:1::3 remote-as 30
 neighbor 2001:DB8:FFFF:1::3 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::3 description AS30 peer
 neighbor 2001:DB8:FFFF:1::4 remote-as 40
 neighbor 2001:DB8:FFFF:1::4 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::4 description AS40 peer
 neighbor 2001:DB8:FFFF:1::5 remote-as 50
 neighbor 2001:DB8:FFFF:1::5 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::5 description AS50 peer
 neighbor 2001:DB8:FFFF:1::6 remote-as 60
 neighbor 2001:DB8:FFFF:1::6 peer-group v6ixp-peers
 neighbor 2001:DB8:FFFF:1::6 description AS60 peer
!
 address-family ipv4
  neighbor ixp-peers route-server-client
  neighbor 100.127.1.1 activate
  neighbor 100.127.1.2 activate
  neighbor 100.127.1.3 activate
  neighbor 100.127.1.4 activate
  neighbor 100.127.1.5 activate
  neighbor 100.127.1.6 activate
  distance bgp 200 200 200
 exit-address-family
!
 address-family ipv6
  neighbor v6ixp-peers route-server-client
  neighbor 2001:DB8:FFFF:1::1 activate
  neighbor 2001:DB8:FFFF:1::2 activate
  neighbor 2001:DB8:FFFF:1::3 activate
  neighbor 2001:DB8:FFFF:1::4 activate
  neighbor 2001:DB8:FFFF:1::5 activate
  neighbor 2001:DB8:FFFF:1::6 activate
  distance bgp 200 200 200
 exit-address-family
!
ip route 0.0.0.0 0.0.0.0 Null0
!
ipv6 route ::/0 Null0
!

See RFC7948 for a complete and detailed description of how a Route Server operates and can be used at an Internet Exchange Point.↩

Cisco IOS BGP Best Path Selection process includes a step which chooses the oldest path stored in the BGP table. So we are seeing the results of this. We brought up the Private Peering first, and the IXP Peering after that. So the router prefers the Private Peering. Shutting down and then bringing up the private peering again will result in the best path between the adjacent ASNs going over the IXP. It’s a not deterministic, which is a problem. You can disable this in IOS by adding in the bgp bestpath compare-routerid configuration under the BGP process - then the router will not compare the age of the router, but compare the router-id’s of the neighbours which sent the prefix.↩

The most popular Route Server software today is BIRD, used by most IXPs worldwide. The LINX modified version of Quagga is also used (Quagga itself is not scalable and can only handle a few neighbours). And GoBGP is also another Route Server candidate being used by some IXPs.↩

wunca38-bgp/ixp_peering_lab.txt · Last modified: 2020/01/03 12:03 (external edit)