Dynamic routing records all topology changes, updates automatically, and adjusts to changing networking conditions. Dynamic routing uses well-defined protocols such as OSPF internally or BGP between companies to exchange the routing information without ongoing administrative intervention. Internal routing methods used inside of a company’s network are referred to as Internal Gateway Protocols (IGPs) and routing protocols used between organizations are called External Gateway Protocols (EGPs).
These routing protocols will learn of other routers in the network and exchange routes with the other routers in the network. Each router will learn about the networks that the others are connected to. When new networks are added or removed, the routers will update each other with the changes, and, for each router’s route, the forwarding table will automatically be updated as required. Dynamic routing is the most used approach and is favored over static routing because of the ability to dynamically make changes without administrative intervention.
A deep understanding of the complexities of the BGP routing protocol is beyond the scope of the exam. However, AWS does use BGP for route exchanges for its hybrid networking implementations and many other services. An introduction to BGP is provided here to get you up to speed on the basics and how it is used in AWS. However, BGP can be a complex routing protocol to understand and master and it will require studies outside the scope of the AWS Advanced Networking exam.
The Border Gateway Protocol (BGP) is the standard dynamic network routing protocol that provides for loop-free interdomain routing between autonomous systems. BGP is used to propagate tens to hundreds of thousands of routes between networks (ASs) and to exchange network reachability information with other BGP systems. It is the only actively used EGP on the Internet. BGP is the primary protocol to exchange network reachability information between different organizations, such as AWS and your enterprise, known as autonomous systems. An autonomous system (AS) is described as a collection of connected Internet Protocol routing prefixes (networks) administratively controlled by a single administrative entity or domain, which presents a common and clearly defined routing policy to the Internet.
BGP is a classless distance-vector routing protocol, running over TCP port 179 for reliable connections, and uses the TCP error correction capabilities. BGP is a multivendor open protocol. The main design feature of BGP is to allow ISPs to richly express their routing policy to other connected autonomous systems, both in selecting outbound paths and in announcing internal routes to other entities. There are also BGP features that allow for administrative debugging, policy routing, and loop detection.
The purpose of BGP is to allow ASs to tell other ASs about routes (parts of the IP address space) that they are responsible for. BGP uses route advertisements or promises also called Network-Layer Reachability Information (NLRI). Networks are ASs identified in BGP by a number, called the Autonomous System Number (ASN). ASs are routers that are controlled by one entity such as a corporation, Internet service provider, or cloud company. ASNs are a collection of networks with the same policies and under the same administrative control. Each entity would own one or more publicly registered ASNs that would be managed by them and no other organizations. They are, as the name states, autonomous systems.
BGP exchanges routes between ASs. Figure 6.10 illustrates an AS deployed in a global network. The autonomous system is identified by its AS number that was assigned by the service provider. ASNs identify the organization managing a network space such as AWS or a private company. ASNs range between 0 and 65535 with 64512 through 65534 being reserved as private. There is no concept of pipe size, internal router hop-count, or congestion; its primary function is to provide information on how to reach networks between organizations.
AS networks can span the globe; routers in Los Angeles can be in the same AS as the systems in New York. The AS numbers are managed by the Internet Assigned Numbers Authority (IANA) at www.iana.org/numbers, which assigns ASNs to regional Internet registries (RIRs), which are organizations that manage Internet number resources in a particular region of the world. In the United States, the American Registry for Internet Numbers (ARIN) administers the ASNs at www.arin.net. Autonomous system numbers are how BGP distinguishes between different entities. When routes are exchanged, ASNs are stamped on the routes as they exit the AS, adding one “AS hop” per network traversed. BGP is often described as a path vector routing protocol as it advertises the path to remote network prefixes.
BGP route advertisement can be thought of as a “promise.” For example, if we advertise the prefix 210.9.128.0/17, we promise that if you deliver traffic to me for anywhere in the 210.9.128.0/17 address space, we know how to deliver it at least as well as anyone else.
By making sure these routes, or “promises,” are heard by all providers on the network, your provider ensures a return path for all your packets. Remember, sending packets out is easier than getting them back. Also, remember, sending routes out causes IP traffic to come in. When selecting a route to use, the most specific route wins, so if we advertise that we can reach the 210.9.240.0/24 network, all incoming traffic from other networks will start flowing in that pipe if there is not a more specific route advertised.
The advantages of using BGP include the ability for more control of your destiny when you speak BGP to the outside world. For example, you can break up your routes in an emergency or tune traffic flows. You can pad your announcements to de-prefer one or more upstream paths and fine-tune outbound traffic flow to the best upstream connected router.
BGP routes are exchanged over peering sessions, which run on top of TCP. Keepalives are used to avoid the need to re-send the whole routing table periodically. The routes are objects, or collections of “attributes.” It can be helpful to think of BGP as a routing database. All peering sessions must be configured, and they are not automatically established. Once a peering session is established, the two autonomous systems can communicate and exchange network reachability information with each other.
BGP is often described as two protocols, Internal Border Gateway Protocol (iBGP), which is designed for internal routing within an AS, and External Border Gateway Protocol (eBGP), designed for routing between BGP autonomous systems. When BGP speakers in the same autonomous system form a BGP peering connection for the purpose of exchanging routing information, they are said to be running iBGP, or internal BGP. When BGP speakers in different autonomous systems from a BGP peering connection for the purpose of exchanging routing information, they are said to be running eBGP, or external BGP. eBGP peers are usually directly connected to each other.
You must inject routes into BGP to advertise them to the world, and someone else had to inject external routes that you get into BGP somewhere else in the first place. There is only one best BGP route for any given IP block at one time. There are two main ways of injecting routes; the first is to use network statements such as static BGP routes, and the second method is redistributing routes from OSPF, other internal routing protocols, or statics.
BGP routes are exchanged inside of BGP peering sessions. As we learned earlier, BGP uses TCP to ensure the reliable delivery of routing updates. If a TCP session dies, all associated routes must be withdrawn and removed from the router’s forwarding table. BGP peers, or neighbors, must be specified explicitly in each router. Once a peering session is set up, both sides flood the other end with all their best BGP routes. Since there is only one best route per prefix, that is the route that is advertised. Periodic updates send new routes and/or withdraw old ones, and keepalives are sent every few seconds, generally 20 to 30 seconds. On a very stable network, very little or no traffic should flow besides keepalives.
BGP peering is designed for highly available network connections. Customers will typically peer with AWS at multiple places, either by peering with the same AS multiple times or between two or more ASs.
A multihomed interconnection can have several candidate paths to a given prefix. Figure 6.11 shows a sample of a routers peering table.
Advertising networks into BGP is done using the network command that controls what networks are originated by this router. While the syntax can vary widely between vendors and versions of code, I am using a basic vendor command syntax that may be different from your command-line syntax.
!In this Example network 192.245.0.0 originates from this
!router
router bgp
local-as 3
network 192.245.0.0 255.255.0.0
!
ip route 192.245.0.0 255.255.0.0 null0
!
interface GigabitEthernet0/0/1.4
ip address 192.245.209.0 255.255.255.0
!
interface GigabitEthernet0/0/1.5
ip address 192.245.210.0 255.255.255.0
In the previous example, a static route is used to provide a matching entry in the routing table. The network command in BGP will only advertise networks that are already installed in its local IP route table. The prefix in the IP routing table must match the network command exactly, including the IP network and the subnet mask.
Another way of advertising networks is to redistribute dynamic IGP routes (such as OSPF) into BGP. Here is an example of redistributing OSPF into BGP:
router bgp
local-as 3
redistribute ospf match external2
In the previous example, all OSPF external type-2 routes will be advertised to external peers. Just like the network command, the redistribute ospf command will only advertise networks that are already installed in the IP route table. Use the distribute list to control what is advertised to external BGP neighbors from OSPF, in other words, to filter out unwanted routes being advertised to external peers.
The final way of advertising networks is to redistribute static routes into BGP. Here is an example of redistributing statics into BGP:
router bgp
local-as 3
redistribute static
!
ip route 12.64.13.0 255.255.255.0 149.172.18.1
ip route 191.166.153.0 255.255.255.0 150.100.100.11
ip route 210.201.102.0 255.255.255.0 150.100.100.11
In the previous example, all static routes defined in the router will be advertised to external peers. Just like the network command, the redistribute static command will only advertise networks that are already installed in the IP route table. Here we use the distribute list to control what is advertised to external BGP neighbors from the static routes in the IP route table.
To show the IP routes and BGP learned routes on a router, use the show ip bgp command, as shown here:
!AS 400
show ip bgp
Total number of BGP Routes: 14
Status codes: s suppressed, d damped, h history, * valid,> best, i internal
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0 0 100 32768 i
*> 150.100.100.0/24 20.20.20.1 0 100 0 100 i
*> 160.200.200.0/24 20.20.20.1 100 0 100 i
*> 160.1.1.0/24 20.20.20.1 0 100 0 100 300 i
*> 160.10.10.0/24 20.20.20.1 0 100 0 100 300 i
*> 160.100.100.0/24 20.20.20.1 0 100 0 100 300 200 i
*> 200.200.200.0/24 20.20.20.1 100 0 100 300 200 i
By default, the IP route table chooses and installs the best, most specific BGP route. However, providers along the way can use BGP local preference or weight attributes to override your path length. Also, it is important to remember that inbound and outbound traffic can be treated separately. Inbound traffic is affected by how the AS advertises its networks to the outside AS, and outbound traffic is affected by routing updates coming from outside of your AS. Asymmetric paths are common, and it is often impossible to control the end-to-end routing and paths traversed. Packets may not always traverse the same downstream path as they did when forwarded upstream.