BGP: One Upstream, One Local Peer | NSRC Training Resources

View Transcript

We're going to look at the first example which is how we connect to one upstream provider and one local peer. It's a very common situation in many regions of the internet we connect to the upstream provider to see the whole internet and we connect to the local competition so that the local traffic will stay local a mis means we save valuable finances on upstream transit costs for local traffic let's look at the diagram we've got AS100 connecting to AS120 which is a local pier and connecting to AS130 which is the upstream provider so what do we do here we're going to announce the 19 aggregate on each link I think you probably have got that message by now we're always announcing the aggregate everywhere we accept the default route only from the upstream provider that's absolutely no need for the full BGP table doesn't give us any extra information that's useful for the traffic engineering and we accept all routes that the local peer originates this pier is literally an equivalent network so we're swapping the routes that we introduce into the internet with them and this will ensure that local traffic will use the local link between them and ourselves rather than going through the upstream transit provider and attracting transit costs. Let's look at the router A configuration. Router A connects to the local peer and as with all bgp sessions to other autonomous systems we have inbound and outbound filters the outbound filter my block lets my prefixes out to the local pier and the prefix list AS120 peer in only accepts their prefixes that they originate in to your network that's quite a simple configuration an alternative way of doing this is to use an ear spot filter for the inbound announcements this pass filter only allows prefixes originated by AS120 but there's a risk there yes 120 could originate anything and you have no control over what that might be so while some operators do use this configuration it's extremely trusting that the peer is not going to announce or miss announce prefixes towards you if we look at router C which connects to the upstream provider all we have here is a prefix list allowing the default route in and a prefix list allowing the local aggregate ID pad so in this case we've got a default route from the upstream provider and we're allowed in a couple of prefixes from our local peer hardly a complicated BGP configuration and this is all that's required the two configurations possible for router a prefix list is the best way of doing it it's industry standard although you may be a bit worried about the extra maintenance what if the peer introduces another prefix you have to update your filter well again industry best practices are such that if the PM's uses another prefix the peer would let you know please update your filters to allow this new prefix in the filter list filtering by AS path assumes that peer knows what they're doing and is very very trusting in fact some network operators use both they have a prefix list as well as an S path filter they're trying to make very sure that no miss origination can happen on the local peering link and the result of all this is local traffic goes to and from the local peer everything else goes to the upstream should the link between you and the local peer go away then the traffic will get back up through the upstream provider temporary situation until the local peering link is restored just some configuration recommendations before we move on a private peer is a network operator that you only want to exchange prefixes that you originate with sometimes they exchange prefixes from neighboring ASNs. as well they may have BGP customers that they wish to share with you but be aware that the private peer eBGP router should carry only the prefixes you want the private peer to receive otherwise they could point a default route to you and unintentionally or deliberately transit your backbone so make sure that peering routers do not carry full BGP table or do not have a default route on them and that's again industry best practice peering routers only carry the prefixes you want your peers to be able to reach.

Exercises

Acceptable Use

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.