AAPT Home > Support Information > Routing > Frequently Asked Questions on Multi-homing and BGP
This document attempts to provide some answers to customer questions about multi-homing and running BGP. It is NOT intended to be a tutorial on BGP, there are most certainly better sources to learn about BGP than this FAQ! This document is a living document, i.e. the questions and answers will change over time. If you have any suggestions, additional questions, corrections to answers, etc., please forward them to coreng@connect.com.au.
Border Gateway Protocol (BGP) is the routing protocol used to exchange routing information across the Internet. BGP is an exterior routing protocol and as such is concerned with routing between networks rather than within them (this is the domain of the interior routing protocols such as RIP, OSPF, IS-IS). BGP/4 is defined in RFC 1771. Also see RFC's 1772, 1773, and 1774.
Multi-homing means having multiple connections to the Internet.
There are two basic types of multi-homed organisation.
- An organisation which has connections to AAPT at more than one point of presence, and has internal links between these sites; or
- An organisation which has a connection to AAPT and at least one other Internet access provider.
I don't fit either multi-homing category, can I still use BGP?
If you have only a single connection to the Internet there is not a lot to be gained from using BGP because you already know where to send all traffic not destined to one of your networks, that is to your provider. Everyone should be conscious of keeping the Internet's routing table as small as possible. This can be best addressed by aggregating addresses using CIDR blocks. If you are only single-homed AAPT may choose to aggregate your networks with the networks of other single-homed customers and thus announce a single CIDR block under our ASN in order to reduce the table size.
What if I'm planning to multi-home but not doing it yet?
As mentioned previously, if you are single-homed there is not a lot to be gained from running BGP but this doesn't mean we are going to stop you doing it. If you really think you need it ask for it but bear in mind that unless we see evidence of you being connected to another provider (providing Internet connectivity) we may aggregate your routes.
Why should a multi-homed organisation use BGP?
The single word answer is "control". When you decided to multi-home it was for a reason, maybe extra capacity, redundancy, or tariffing, so in order to actually perform any of these functions you need to control how your networks are announced to your providers. If you don't exchange routes with them but rely on them announcing your routes you could find your traffic flowing down an expensive low capacity link with the other cheaper, higher capacity links mostly idle!
Using BGP also means configuring it on your router and announcing routing information with it. We don't remove static routing for networks until we see them reliably announced via BGP.
Why do I have to use BGP? I already use RIP internally
BGP is designed to efficiently manage a large, multi-organisation routing table, such as the global Internet routing table. This provides the level of control to manage a heterogeneous environment where there is no single organisation managing all parts of the network (it's a network of autonomous systems). None of the interior routing protocols were designed to perform this task nor can they efficiently manage the large number of routes on the Internet. RIP (and other interior routing protocols) will send out updates listing all the networks it knows about every few minutes (depending on protocol). This consumes valuable bandwidth. BGP uses TCP as a reliable transport medium and so it needs only to send out updates when necessary rather than continuously. BGP also has many features to manage routing announcements which are not needed in an interior routing protocol.
Does using BGP make it easier to change provider?
Each national backbone provider has its own procedures to handle customers that wish to use BGP. These procedures may be easier than the procedures used for customers using static routing but generally each will require some sort of route registration and so there is probably no real saving in effort.
However if you are using BGP to more than one provider you can migrate routes between the providers without their intervention (assuming any route registration has already been performed). In order to migrate the routes you should start announcing the routes to the new provider and confirm that the new path is visible via a "looking glass". You may need to prepend your AS on the old path to make that path "longer". Having confirmed that the new provider is successfully announcing the routes you can then terminate the announcement to the old provider.
Do I have to use BGP with all the people I connect to?
For best results you would probably find it advantageous to use BGP but it isn't strictly necessary. In theory your routes should be originated by the same AS number and so you should announce your routes via BGP even if you don't listen to all announcements being sent to you. For example you could use a static route to default to a provider rather than accept the routes they are sending via BGP.
What hardware do I need for BGP?
You should consult your router vendor as requirements vary depending on a number of factors, such as router memory usage, number of routes accepted or other routing protocols in use on the router. In general, AAPT recommend at least a Cisco 3600 class router with 32MB of memory.
How do I configure BGP so that bad things don't happen?
The main thing to remember is to announce only the networks that you originate or are providing transit to. In general this means applying an AS path filter so that only the NULL path is announced. This avoids announcing all of AAPT's routes to your other provider(s) and then having them use you for transit, which could be expensive!
On a Cisco you can do this using the following commands:
router bgp ASN neighbor neighbor remote-as remote-AS neighbor neighbor filter-list 1 out ! ip as-path access-list 1 permit ^$AAPT's filtering should avoid AAPT believing we can reach the world via you but it's better to be safe than sorry as other providers may believe you.
If you are using private (RFC 1918) address space you should also ensure that you don't advertise this to your providers (although they should filter it too). The list of routes not to announce is commonly called martians and is documented in the Internet draft draft-manning-dsua-03.
How do I default to another provider but route AAPT traffic to AAPT?
If you want only traffic destined to a AAPT customer to be sent to AAPT and use another provider for all other traffic you should request an AAPT-only routing table and then use BGP communities to control the scope of your routing announcements. You can then use default to point non-AAPT traffic to your other provider.
You should be able to do the reverse, i.e. default to AAPT, but you will need to check with your other provider to find out how to identify their local routes.
How do I prefer routes via an IX but default to AAPT?
As you may receive a route from both the IX and from AAPT you will want to ensure you prefer the route visible via the IX irrespective of the AS path. In order to do this you should use local preference to prefer the routes learned from the IX. On a cisco router you can do this via a route-map.
Why do I have to inform AAPT manually which networks I will be announcing?
AAPT needs to be told which networks you expect to announce to AAPT for a number of reasons:
- It's a defensive mechanism just in case you start announcing reachability to the world (accidents happen);
- Our billing system needs to be able to resolve networks to customers and so we need to be told which networks you will be announcing to us; and
- some of our providers require manual notification of route changes so they can modify their AS path or route filters.
How does AAPT use BGP communities?
AAPT uses BGP communities to control routing announcements, i.e. the routes we send to customers as well as the routes we send to our peers and providers.
- These communities are divided into two groups:
- public communities
- these can be set by customers to influence how AAPT treats a route, either internally or externally.
- private communities
- are used to classify routes. Customers should not try setting these communities as we will clear all customer set communities if a private community is present in a routing announcement.
Public communities
These communities allow customers to modify AAPT's routing system behaviour in some way. The current communities are:
- 2764:4
- Modify the local preference of a route so that it is lower than a route received from a peer but not lower than a transit provider.
- 2764:5
- Modify the local preference of a route so that it is lower than a route received from a normal customer announcement but not lower than one received from a peer. This is normally used to indicate a backup path. Note that traffic filtering may drop traffic sourced through an interface where the route is being announced with a local preference altering community set if there is another announcement of the route without the community set.
- 2764:6
- Announce the route to customers and all peers. This means that we will announce it to all customers and to Telstra, Optus, MCI, etc, as well as to Telecom NZ, but not our major upstream transit providers.
- 2764:7
- Only announce the route to other AAPT customers.
- 2764:15
- Announce the route to customers and Australian peers only. This is similar to 2764:6, but excludes international peer networks. This means that we will announce it to all customers and to Australian peers such as Telstra, Optus, MCI, etc, but not to Telecom NZ, or our major upstream transit providers.
Private Communities
Private communities are used internally to the AAPT network to control routing announcements. There are two main classes of private community and although customers cannot set these communities their meaning may be useful when using the AAPT "Looking Glass" to diagnose problems.
- Class of route
- Communities 2764:65408 to 2764:65412 indicate the "basic" location of the origin of the route and are used to determine which routes are sent to a customer (based on their routing table type request).
2764:65408 Route originated by AAPT or a AAPT customer 2764:65409 or 2764:65410 Route originated within Australia i.e. Telstra, Optus, MCI etc.. 2764:65412 Route reachable via the USA - These communities are referenced by AAPT's routing policy, accessible via whois at either whois.connect.com.au or at whois.ra.net. The policy is described in the Routing Policy Specification Language (RFC 2622).
- Location of route
- Communities starting at 2764:65280 indicate the origin POP of a AAPT originated route. Some routes within AAPT's provider blocks will not be tagged with 2764:65408 but will have a POP community and there are a small number of special case routes that while originated by AAPT don't have a POP community.
How do I restrict announcements so they don't go to AAPT's providers?
If you want only some of your networks to be globally routed by AAPT you must use communities. Note that some router vendors do not support communities even though they claim to have a conformant BGP implementation.
If there are some networks you don't want us to globally route you must tag them with the community 2764:7.
On a Cisco router this is best achieved by using a route map on your link to AAPT. For example:
ip bgp-community new-format ! router bgp ASN neighbor neighbor remote-as remote-AS neighbor neighbor send-community neighbor neighbor route-map AS2764-EXPORT out ! route-map AS2764-EXPORT permit 1 match ip address 100 set community 2764:7 route-map AS2764-EXPORT permit 2
What is an Autonomous System Number and where can I get one?
In order to use BGP you must have a globally unique Autonomous System Number (ASN). The number uniquely identifies the networks originated by you. An ASN can be obtained from the Asia Pacific Network Information Center using their form. Note you must be a member of the APNIC to use this service. If you are not a member of the APNIC (and do not wish to join just to get an ASN) AAPT can arrange to obtain one on your behalf (for a fee). Contact your account manager for details.
BGP is a dynamic routing protocol and relies on exchanging routing updates. AAPT doesn't directly charge for BGP but these routing updates will be included in your traffic counts and so you will be charged for them. For this reason it is better to ask AAPT to filter the routes that you wish to accept by selecting a suitable announcement rather than requesting all routes and then filtering on your router.
AAPT has a "Looking Glass" web site at <URL:http://looking-glass.connect.com.au> that allows you to access the routing table on a router connected to our core network. This router is a route reflector client of "mel-bdr1" and provides a limited view of our routing table (the router doesn't have the CPU power or memory to take a full routing table). The web page allows you to query the router to obtain (BGP) route entries, dampened paths, flap statistics as well as allowing you to ping and traceroute to sites.
As an example, if you request a BGP route lookup for "203.63.65.0" you may be returned the following routing table entry:
BGP routing table entry for 203.63.65.0/24, version 43552573 Paths: (1 available, best #1) Not advertised to any peer Local 203.63.80.19 (metric 1) from 203.63.80.17 (203.63.80.19) Origin incomplete, metric 0, localpref 100, valid, internal, best Community: 2764:11 2764:65290 2764:65408 2764:65472 Originator: 203.63.80.19, Cluster list: 0.0.0.3You should not be worried by the statement "Not advertised to any peer". As this router is a route reflector client and it has no other BGP peers there is nowhere for it to announce the network.
Other sources of info on BGP and Multihoming
| Copyright © AAPT Limited |
|