This lesson will be interesting! BGP (Border Gateway Protocol) is the routing protocol that glues the Internet together. I’m going to explain in which situations we need BGP and how it works.
Before you continue reading I should tell you to “forget” everything you know about routing protocols like RIP, OSPF and EIGRP so far…Those three routing protocols have one thing in common: they are all IGPs (Interior Gateway Protocols). We only use them within our autonomous system but they are not scalable to use for a network as large as the Internet.
RIP, OSPF and EIGRP are all different but they have one thing in common…they want to find the shortest path to the destination. When we look at the Internet we don’t care as much as to find the shortest path, being able to manipulate traffic paths is far more important. There is only one routing protocol we currently use on the Internet which is BGP.
Why do we need BGP?
Let’s start by looking at some scenarios so you can understand why and when we need BGP:
Nowadays almost everything is connected to the Internet. In the picture above we have a customer network connected to an ISP (Internet Service Provider). Our ISP is making sure we have Internet access. Our ISP has given us a single public IP address we can use to access the Internet. To make sure everyone on our LAN at the customer side can access the Internet we are using NAT/PAT (Network / Port address translation) to translate our internal private IP addresses to this single public IP address. This scenario is excellent when you only have clients that need Internet access. On our customer LAN we only need a default route pointing to the ISP router and we are done. For this scenario we don’t need BGP…
Maybe the customer has a couple of servers that need to be reachable from the Internet…perhaps a mail- or webserver. We could use port forwarding and forward the correct ports to these servers so we still only need a single IP address. Another option would be to get more public IP addresses from our ISP and use these to configure the different servers. For this scenario we still don’t need BGP…
What if I want a bit more redundancy? Having a single point of failure isn’t a good idea. We could add another router at the customer side and connect it to the ISP. You can use the primary link for all traffic and have another link as the backup. We still don’t require BGP in this situation, it can be solved with default routing:
- Advertise a default route in your IGP on the primary customer router with a low metric.
- Advertise a default route in your IGP on the secondary customer router with a high metric.
This will make sure that your IGP sends all traffic using the primary link. Once the link fails your IGP will make sure all traffic is sent down the backup link. Let me ask you something to think about…can we do any load balancing across those two links? It’ll be difficult right?
Your IGP will send all traffic down the primary link and nothing down the backup link unless there is a failure. You could advertise a default route with the same metric but you’d still have something like a 50/50% load share. What if I wanted to send 80% of the outgoing traffic on the primary link and 20% down the backup link? That’s not going to happen here but with BGP it’s possible.
This scenario is a bit more interesting. Instead of being connected to a single ISP we now have two different ISPs. For redundancy reasons it’s important to have two different ISPs, in case one fails you will always have a backup ISP to use. What about our Customer network? We still have two servers that need to be reachable from the Internet.
In my previous examples we got public IP addresses from our ISP. Now I’m connected to two different ISPs so what public IP addresses should I use? From ISP1 or ISP2? If we use public IP addresses from ISP1 (or ISP2) then these servers will be unreachable once the ISP has connectivity issues.
Instead of using public IP addresses from the ISP we will get our own public IP addresses.The IP address space is maintained by IANA (Internet Assigned Numbers Authority – http://www.iana.org/ ). IANA is assigning IP address space to a number of large Regional Internet Registries like RIPE or ARIN. Each of these assign IP address space to ISPs or large organizations.
When we receive our public IP address space then we will advertise this to our ISPs. Advertising is done with a routing protocol and that will be BGP.
If you are interested here’s an overview of the IPv4 space that has been allocated by IANA:
Besides getting public IP address space we also have to think about an AS (Autonomous System):
An AS is a collection of networks under a single administrative domain. The Internet is nothing more but a bunch of autonomous systems that are connected to each other. Within an autonomous system we use an IGP like OSPF or EIGRP.
For routing between the different autonomous systems we use an EGP (external gateway protocol). The only EGP we use nowadays is BGP.
How do we get an autonomous system number? Just like public IP address space you’ll need to register one.
Autonomous system numbers are 16-bit which means we have 65535 numbers to choose from. Just like private and public IP addresses, we have a range of public and private AS numbers.
Range 1 – 64511 are globally unique AS numbers and range 64512 – 65535 are private autonomous system numbers.
If you are interested, see if you can find the AS number of your ISP:
UltraTools AS Information Lookup
BGP has two flavors:
- External BGP: used between autonomous systems
- Internal BGP: used within the autonomous system.
External BGP is to exchange routing information between the different autonomous systems. In this lesson I explain why we need internal BGP. I would recommend to read it after finishing this lesson and learning about external BGP first.
You now have an idea of why we require BGP and what autonomous systems are. The Internet is a big place, as I am writing this there are more than 500.000 prefixes in a complete Internet routing table. If you are curious, you can find the size of the Internet routing table here:
On the internet there are a number of looking glass servers. These are routers that have public view access and you can use them to look at the Internet routing table. If you want to see what it looks like check out:
Scroll down all the way to “Category 2 – IPv4 and IPv6 BGP Route Servers by region (TELNET access)”. You can telnet to these devices and use show ip route and show ip bgp to check the BGP or routing table.
When we run BGP, does this mean we have to learn more than 500.000 prefixes? It depends…let’s look at some examples:
Above in our picture our customer network has an autonomous system number (AS 1) and some IP address space (10.0.0.0 /8), let’s pretend that these are public IP addresses. We are connected to two different ISPs and you can see their AS number (AS2 and AS3) and IP address space (126.96.36.199/8 and 188.8.131.52/8). We can reach the rest of the internet through both ISPs.
We can use BGP to advertise our address space to the ISPs but what are the ISPS going to advertise to our customer through BGP? There are a number of options:
- They advertise only a default route.
- They advertise a default route and a partial routing table.
- They advertise the full Internet routing table.
Let’s walk through these three options!
In this statement here - “What if I wanted to send 80% of the outgoing traffic on the primary link and 20% down the backup link? That’s not going to happen here but with BGP it’s possible.”
How would you configure an 80/20 split for example using BGP (or any ratio…just as an example)?
Good question, there’s not a really short answer to it With routing protocols like RIP, OSPF or EIGRP we use default routes for outbound traffic so we really don’t know anything about the destination. When we use BGP, it’s possible that we learn about all possible destinations (entire Internet routing table) or a partial routing table.
BGP uses a lot of different attributes (weight, local preference, metric, etc) that we can use to decide which path we use for certain destinations. You can use these for traffic engineering to send an X amount of traffi... Continue reading in our forum
Thanks Rene, appreciate the replies as always.
My company have two ISP connections but we only use 1 for all our traffic and the other was is for backup situation. We were planning to buy a netgear router (http://www.netgear.com.au/business/products/security/FVS336G.aspx#tab-features). There are two WAN port and it has load sharing capability. Are you saying that in the configuration we will not be able to set 80% to ISP 1 and 20% to ISP2 and it will be 50/50 distribution only? and if we do want to send 80% trafic through 1 ISP and 20% through another we don’t have an other option but to buy beefy routers... Continue reading in our forum