Está en la página 1de 185

Chapter 7: BGP

CCNP ROUTE: Implementing IP Routing

ROUTE v7 Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Introduccin
Border Gateway Protocol (BGP) es el protocolo de enrutamiento
utilizado en internet por los ISPs para interconectar distintos sistemas
autnomos y sus redes.
Su objetivo es proveer un enrutamiento entre sistemas autnomos libre
de bucles.
Soporta VLSM y CIDR, lo cual reduce el tamao de grandes tablas de
enrutamiento.
BGP no requiere una arquitectura jerrquica y puede soportar mltiples
conexiones (polticas de control de rutas).
BGP es un protocolo vector distancia mejorado o protocolo Vector Path,
siendo su mtrica Path Vectors (Atributos).
BGP busca el camino ms estable hacia el destino, basndose en
polticas de enrutamiento permitiendo controlar el flujo de trfico entre
sistemas autnomos.
BGPv4 (IPv4) y MBGP (IPv6).
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Conceptos
Para entender el funcionamiento de BGP primero se deben tener
conocimiento de los siguientes conceptos:
Sistema Autnomo: Hace referencia a una red o grupo de redes administradas de
manera independiente, donde se puede gestionar todo trfico que pasa por ella.

Los nmeros de Sistemas Autnomos(AS) poseen 16 bits, es decir desde 1 65535


definidos en la RFC 1930, donde desde el 64512-65534 son privados. Actualmente
existen sistemas autnomos de 32 bits.

IGP: Interior gateway protocol, son los protocolos de enrutamiento de interior, es


decir protocolos que corren dentro de un sistema autnomo, como por ejemplo RIP,
EIGRP, OSPF, IS-IS.
EGP: Exterior gateway protocol, son los protocolos que intercambian informacin
de enrutamiento entre diferentes sistemas autnomos, como por ejemplo BGP.

BGP es un protocolo normalmente utilizado por los ISPs, ya que logra


administrar un gran flujo de informacin de enrutamiento que existe en
todo internet. Por lo tanto para entender de mejor forma como funciona
BGP y cmo influye este protocolo en la red de una empresa o un ISP
debemos entender como son interconectados.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de conexiones a ISP,s.

Single-homed ISP Connectivity.


Este tipo de conexin solo posee un enlace al
ISP, por lo tanto no es tolerante a fallas.
Existen dos formas de conectarse a Internet:
1. Generando una ruta por defecto hacia el ISP,
y a su vez el ISP genera una ruta esttica
hacia la red de la empresa. Esta opcin no
es la mejor, ya que el ISP debe estar
configurando y realizando modificaciones en
sus redes manualmente cada vez que la
empresa decida realizar nuevos cambios.
2. Utilizando BGP entre el ISP y la empresa,
esto genera en el ISP una mejor forma de
conexin, ya que las nuevas rutas pueden
ser anunciadas directamente desde la
empresa hacia el ISP, y gracias a BGP estas
nuevas redes son aprendidas muy
rpidamente.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de conexiones a ISP,s.

Dual-Homed ISP Connectivity


Este tipo de conexin provee un enlace
redundante, por lo tanto ante la falla del
primer enlace, siempre estar disponible
un segundo. Tambin gracias al doble
enlace se puede realizar balanceo de
carga.
En la opcin 1 si el router borde falla se
pierde la conectividad hacia internet, a
pesar de que posea un doble enlace.
La opcin 2 posee una mayor resistencia
a fallas, ya que si ocurre un problema en
uno de los equipos siempre existe la
posibilidad de utilizar el router Backup.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de conexiones a ISP,s.

Multi-homed ISP Connectivity.


Hace referencia a la conexin de una
empresa hacia dos ISP distintos.
Si los enlaces hacia las empresas son
redundantes se le llama dual Multihomed.
Proveer Multi-homed genera una red
escalable, resistente a fallas, que
permite realizar balanceo de carga
entre los diferentes ISP, ya que posee
ms de una conexin a internet.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de conexiones a ISP,s.


Multi-homed. Sistema Autnomo de transito.
Al utilizar Multi-homed se debe tener la precaucin de definir como sern anunciadas las
rutas hacia los ISP, ya que nuestra red podra ser utilizada por uno de los ISP como
transito para alcanzar otros sistema autnomos.
Cuando se decide implementar Multi-homed existen 3 principales formas de realizar la
conexin con el ISP.
1.

Se crea en los routers de borde una ruta por defecto hacia el ISP, donde el uso de la CPU ser
menor y la tabla de enrutamiento ms pequea.

2.

Se construye una ruta por defecto hacia el ISP y ste nos enva algunas rutas especficas.
Donde el uso de CPU ser medio y la tabla de enrutamiento no ser sobrecargada.

3.

El ISP nos enva todas las rutas de las redes, donde el uso del CPU ser extremo y la tabla de
enrutamiento ser demasiado grande. Normalmente los ISP utilizan esta opcin.
Cuantas ms redes nos lance el ISP, mayor precisin a la hora de enrutar.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de conexiones a ISP,s.


Multi-homed mejor ruta.
Dentro de un sistema autnomo los IGP son los encargados de seleccionar el mejor
camino, cuando se decide redistribuir una ruta por defecto en un IGP puede suceder que
no siempre se seleccione el mejor camino para alcanzar el destino fuera de la red.
Por ejemplo, la red de la Empresa en el sistema autnomo 65500 desea conectarse con
la red del Cliente perteneciente al sistema autnomo 64520.
Si se decide redistribuir una ruta por defecto en router A y router B dentro de un IGP
como RIP, router C elegira la ruta ms corta dentro de su sistema autnomo, por lo tanto
decidira el camino por router A, debido que existen menos saltos.
Router A decidira utilizar la ruta por defecto hacia ISP A perteneciente al AS 65000.
Este camino no es el ms ptimo para llegar a la red destino del Cliente, ya que fue
influenciado por el IGP de la red de la Empresa. La solucin para este problema est en
aplicar BGP, utilizando sus polticas y atributos, para influenciar el trfico por el camino
ms optimo para alcanzar las redes deseadas.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. IBGP y EBGP.


.

IBGP hace referencia a la conexin entre dos routers que corren BGP dentro de un mismo
sistema autnomo, como por ejemplo, Router A, B, C y D son IBGP dentro del SA 65000.
EBGP son los Routers de borde que interconectan los distintos SA, como por ejemplo
Router A del AS 65000 y Router E del AS 65250.
Los mensajes BGP entre peers EBGP, se envian con un TTL de 1, por lo tanto solo se
puede generar adyacencia EBGP entre routers borde, ya que no permite mas de un salto.
El TTL entre routers IBGP siempre es mayor a 1, lo que permite generar adyacencia entre
vecinos que no se encuentran directamente conectados.

Problemas de Actualizacin (Update): segn la regla de BGP split horizon especifica que
las rutas aprendidas via IBGP nunca son propagadas a otros IBGP peers.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

BGP. Tipos de Sistemas Autnomos.

Sistema autnomo de transito

Un AS de transito es el encargado de transportar trafico entre sistemas autnomos.

En un AS de transito todos los routers deben conocer todas las rutas externas. Dos opciones:
1. Redistribuir las rutas en el IGP del AS, esto puede provocar problemas ya que las tablas de enrutamiento sern
gigantescas y protocolos como OSPF o EIGRP no podrn soportarlas.
2. Configurar IBGP solo en los routers borde, pero esto gener otro problema. Solo conocern las redes externas los
routers de borde.

La solucin ms factible es configurar IBGP en todos los routers del AS de transito (full mesh).

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

10

BGP. Tipos de Sistemas Autnomos.

Sistema Autnomo de no transito.


En un AS Multi-homed se recomienda configurar IBGP en los routers borde.
Los routers que tienen configurado IBGP solo pasaran las rutas a su vecino IBGP, y estos
vecinos no pasaran estas rutas a otros. De esta forma se asegura BGP de evitar bucles
de enrutamiento.
Por lo tanto para seleccionar el mejor camino se debe correr IBGP en todos los routers,
ya que l ser el encargado de decidir cul ser la mejor salida.
La empresa puede tomar la decisin de aprender solo las redes necesarias, a las que le
interesa escoger el mejor camino, y para todas las dems, tomar la ruta por defecto
redistribuida.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

11

BGP. Cundo usar BGP?.

Se debe utilizar BGP cuando se conoce su funcionamiento y adems


se cumple una de las siguientes condiciones:
1. El AS ser utilizado como transito para alcanzar otros AS. Por ejemplo un ISP.
2. Cuando un AS posee ms de una conexin a otros AS.
3. Cuando se desea aplicar polticas de enrutamiento sobre el trafico que entra y sale del
AS.

Normalmente no es necesario usar BGP cuando se posee una sola


salida en la red. En estos casos, con una ruta esttica o ruta por
defecto bastara.
No se debe usar BGP cuando existen las siguientes condiciones:
1. Existe solo una conexin a Internet o a un AS.
2. Pocos recursos de hardware. Cuando existe muy poca memoria en el router o el
procesador no soporta constantes actualizaciones de BGP.
3. Cuando se posee limitado conocimiento sobre el proceso de seleccin de rutas de
BGP.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

12

BGP. Segmento BGP.

Campos importantes en un segmento BGP


BGP usa TCP como protocolo de transporte (orientado a la conexin). Por lo tanto
BGP enva la informacin dentro de segmentos, usando el puerto 179 y el nmero
de protocolo 6.

Cuando dos routers se interconectan bajo una sesin TCP son conocidos como BGP peer
routers o BGP neighbors.
Como BGP implementa un protocolo confiable, no son necesarias actualizaciones
peridicas y solo son necesarias actualizaciones incrementales o generadas por eventos.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

13

Configuracin
BGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

14

BGP. Configuracin de vecinos.

BGP exige primero identificar quines sern sus vecinos.


Por ejemplo, dentro de un AS se pueden generar Neighbors, a pesar de que estos no se
encuentren directamente conectados (IBGP), pero solo el router borde puede generar
vecindad con el router perteneciente al otro AS (EBGP).

Un Router EBGP intentar conversar con su neighbor, por lo tanto ste debe poder ser
alcanzado, y ya que esta directamente conectado, no necesita de otro protocolo (como un
IGP).
Al declarar un vecino con el comando Neighbor ste debe ser alcanzable.
Ya que no es necesario que los vecinos estn directamente conectados, normalmente se
decide usar interfaces loopbacks para el establecimiento de la sesin TCP entre los routers,
esto permite que cuando existan caminos redundantes hacia un vecino, la cada de una
interfaz fsica no afecte la adyacencia.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

15

BGP. Configuracin Bsica


Para configurar BGP se deben de tener en cuenta los
siguientes aspectos:
Nmero de AS (el nuestro y el de todos los participantes)
Direccin IP de todos los vecinos (peers) involucrados.
Redes a publicar en BGP.
Como se configura?
Paso 1. Definir un proceso BGP.
Paso 2. Establecer las relaciones entre peers.
Paso 3. Publicar las redes en BGP.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

16

BGP. Ejemplo de configuracin

R1
R2
R3
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

17

BGP. Ejemplo de configuracin (II)

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

18

BGP. Configuracion y Verificacion eBGP.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

19

Configuracin y verificacin eBGP.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

20

Verificacin eBGP

BGP router identifier: IP del router por la que me


reconocen los vecinos.
Local AS number: AS propio.
BGP table version: empieza por el nmero 1 y se
incrementa cuando se van produciendo cambios en la tabla
BGP.
Main routing table version: ltima versin de la tabla de
enrutamiento cargada.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

21

Verificacin eBGP
Neighbor: IP del vecino
Version (V): version de BGP que esta corriendo en el router.
AS: numero de AS del vecino.
Messages received (MsgRcvd): mensajes recibidos.
Messages sent (MsgSent): mensajes enviados.
TblVer: ltima version de la tabla BGP enviada.
In queue (InQ): mensajes esperando a ser procesados.
Out queue (OutQ): mensajes esperando a ser enviados.
Up/down: tiempo que lleva established, active, o idle.
State: active, idle, open sent, open confirm, o idle (admin).
Prefix received (PfxRcd): numero de redes recibidas. Solo
cuando esta en established.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

22

Verificacin eBGP.
show ip bgp neighbors

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

23

show ip bgp neighbors. Opciones

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

24

Configuracin y verificacin iBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

25

Configuracin y verificacin iBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

26

Publicacin de redes en BGP


R1 (config-router)# network network-number [
mask network-mask ]

Nota: neighbour indica donde publicar y


network indica que red publicar

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

27

Ejemplo comando network

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

28

Tabla BGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

29

Next-Hop-Self

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

30

Next-Hop-Self

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

31

Next-Hop-Self

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

32

Configurando Next-Hop

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

33

BGP. Regla de sincronizacin de BGP.

La regla de sincronizacin de BGP indica que en un AS de transito,


BGP nunca debera anunciar las redes antes de que el IGP aprenda las
rutas. Ambos deberan ser sincronizados.
Esto ayuda a que no ocurran problemas dentro del AS cuando se utiliza
como transito, ya que siempre poseer un camino dentro del la red de
la empresa, y no generar un Black Hole.
No es una buena prctica redistribuir todas las rutas dentro del IGP, por
lo tanto es recomendable utilizar IBGP Full-mesh en todos los routers
en la red de transito y deshabilitar la sincronizacin.
En Cisco IOS Software Release 12.2(8)T se encuentra deshabilitada
por defecto.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

34

BGP. Ejemplo Black Hole.

Si se utiliza BGP solo en los routers borde, y la sincronizacin se encuentra deshabilitada, los routers
R1 y R3 no sabrn cmo alcanzar las redes fuera de su AS, ya que solo corren un protocolo de
enrutamiento IGP.
Por lo tanto a pesar de que entre R2 y R4 se compartan todas las rutas conocidas va IBGP y que
puedan alcanzar el siguiente salto va IGP o con Next-hop-self, cuando los paquetes viajen a travs
de R1 o R3, sern descartados.
La red entre RA y R2 fue aprendida va IGP al igual que la red entre R4 y RB.
R2 al recibir el paquete, revisa en su tabla BGP y encuentra un destino a la red 200.0.0.0/24 del AS
65600.
R2 decide reenviarlo a la direccin de RB, y para llegar a esta direccin utiliza el IGP, reenvindoselo
as a R3.
Al momento de recibir el paquete R3, revisa en su tabla de enrutamiento, y no posee un destino hacia
la red 200.0.0.0/24.
El paquete es descartado por R3, a pesar de que conozca como llegar a RB, ya que el paquete posee
como destino la red 200.0.0.0 y no la direccin de RB.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

35

BGP. Tablas de BGP.

BGP mantiene su tabla de enrutamiento separada de la tabla de IGP, y ofrece las mejores rutas a la tabla
de enrutamiento IGP. Tambin pueden ser redistribuidas las rutas de la tabla de BGP a la tabla de
enrutamiento IP del IGP.

La tabla de BGP se conoce con varios nombres:


BGP table
BGP topology table
BGP topology database
BGP routing table
BGP forwarding database

Las redes aprendidas por EBGP poseen una distancia administrativa de 20, y las IBGP poseen una
distancia administrativa de 200.
Por lo tanto, solo pasan a la tabla de enrutamiento las rutas con menor distancia administrativa, en
comparacin con las rutas de los protocolos IGP.
BGP tambin mantiene una Neighbors Table, la cual contiene una lista de sus vecinos con los cuales
posee conexin.
Para que BGP genere adyacencia debe ser asignado explcitamente el vecino con el comando Neighbor.
Luego de establecer adyacencia, BGP mantiene esta relacin con mensajes BGP/TCP keepalive, los
cuales son enviados siempre cada 60 segundos.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

36

BGP. Tipos de mensajes de BGP


Cuando la sesin TCP se establece el primer mensaje en enviarse es el OPEN, si se logra establecer
la conexin, se responde con un mensaje Keepalive.
Cuando la conexin ya ha sido establecida se intercambian los mensajes Update, keepalive y
Notification.

Los mensajes Update se utilizan para intercambiar sus tablas de enrutamiento, los keepalive se
encargan de mantener la conexin arriba y los notification avisan algn error o condicin especial.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

37

BGP. Mensajes Update.

Estos mensajes envan informacin sobre los Path, cada Path requiere
de un mensaje update.
Cada update posee los atributos respecto al path, y las redes que
pueden ser alcanzadas por este path.
Por lo tanto cada update posee las Rutas con sus respectivos atributos
(as-path, origin, local-preference, etc.).
Parmetros de los paquetes BGP
Version: Identifica la versin que corre BGP, posee 8 bit y actualmente es
versin 4.
Sistema Autnomo: Identifica el sistema autnomo, posee 16 bit.
Hold-time: Tiempo de espera mximo entre los mensajes keepalive, posee 6
bit y por defecto son 180 segundos.
Optional Parameters.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

38

BGP. Estados de un Neighbor BGP.

Los routers para generar adyacencia pasan por los


siguientes estados:
Idle
Connect
Active
Open sent
Open Confirm
Established

Cuando se encuentra en el estado Established, los


mensajes OPEN, NOTIFICATION Y KEEPALIVE son
intercambiados.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

39

BGP. Verificacin rpida de estado de vecinos.

show ip bgp summary: con este comando se puede verificar el estado


de un vecino, y determinar si existe algn problema en la adyacencia.
Tambin de puede verificar el sistema autnomo perteneciente a ese
vecino, y el tiempo transcurrido desde que se gener la adyacencia.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

40

BGP. Uso de loopback.


Ejemplo Adyacencia con loopbacks.
R2-R3 (config-router)#Neighbor 10.0.0.1 remote-as 100
R4 (config-router) #Neighbor 10.0.0.13 remote-as 100
Por lo tanto NO ES NECESARIO que se configuren R4-R3 como neighbors ni R3 con R2.
La IP del neighbor puede ser cualquier IP configurada en el router a la que se pueda
llegar va protocolo de enrutamiento IGP o ruta esttica. Por lo tanto, R4 puede configurar
como vecino a R1 con el comando
R4(config-router)#Neighbor 5.5.5.5 remote-as 100

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

41

BGP. Uso de loopback (II)


BGP identifica como IP de origen la interfaz de salida, por lo tanto en R4 se debe configurar como origen la
direccin IP 4.4.4.4 con el siguiente comando:
R4(config-router)#Neighbor 5.5.5.5 update-source loopback 0
Se aconseja utilizar las loopbacks para los neighbors cuando se tiene ms de un camino hacia el otro
Neighbor, para as no generar vecindad con la direccin de la interfaz de salida, ya que podra fallar y al
momento de seleccionar el otro camino hacia el neighbor cambiara las direcciones IP y por lo tanto no se
generara vecindad.
Si por alguna razn la topologa no tiene configurado en todos los routers como vecino el router borde (R1),
se puede utilizar route reflector.
En la topologa anterior si se configuran como Neighbors R1-R2, R2-R3 y R3-R4, el Router borde (R1)
recibira las rutas desde fuera del AS y se las anunciara solo a R2 y a pesar de que R2 tenga vecindad con
R3, no se las anunciar. Por lo tanto si se desea que se anuncien desde R2 hacia R3 se debe usar el
comando
Router (config-router)#Neighbor direccin IP route-reflector-client
En R2 apuntando como vecino a R3, y lo mismo en R3 apuntando como vecino a R4. As las rutas se
pasaran a los dems routers.
Lo ideal es tener siempre todos los routers con neighbor al router de borde. Hay que tener en cuenta que
este problema no se dara si todos los routers en la topologa pertenecieran a distintos sistemas
autnomos. Por lo tanto si R1 R2 R3 R4 fueran cada uno un sistema autnomo diferente se pasaran las
rutas sin ningn problema.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

42

BGP. Uso de loopback (III)

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

43

BGP. Loopback en iBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

44

BGP. Loopback en iBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

45

BGP. Loopback en eBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

46

eBGP Multihop
Para solucionar el problema anterior, debemos habilitar
multihop eBGP con el comando neighbor ip-address
ebgp-multihop [ ttl ]

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

47

eBGP Multihop. Ejemplo


Si tenemos dual-homed entre AS, podramos preferir que el trfico fuera
balanceado entre los enlaces.
Esto permitira aprovechar el ancho de banda de los enlaces para enviar el
trfico fuera de nuestra red, y que exista un enlace de Backup.
Para lograr esto, tenemos que generar adyacencia con loopbacks entre vecinos
EBGP.
Sin embargo los paquetes enviados entre vecinos EBGP poseen un TTL en 1, y
para utilizar loopback necesitamos como mnimo dos saltos, por lo tanto
debemos aplicar el comando ebgp-multihop como veremos a continuacin.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

48

eBGP Multihop. Ejemplo (II)


Se debe aplicar el comando neighbor direccin_IP ebgp-multihop 2 para permitir que los mensajes
de EBGP tengan un TTL de 2, esto permitir la adyacencia entre vecinos EBGP usando loopbacks.

Tambin se deben crear dos rutas estticas hacia la direccin de loopback que generar la
adyacencia, para que realicen un balanceo de carga entre los enlaces.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

49

BGP. Sumarizar redes.


Se pueden sumarizar redes dentro de un AS para reducir el tamao de la tabla de enrutamiento.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

50

BGP. Autenticacin.
BGP soporta Message disgest 5 para la autenticacin de sus vecinos.
Ejemplo de configuracin:
R0 (config)# router bgp 500
R0 (config-router)# neighbor 80.80.80.80 password Cisco123
R1 (config)# router bgp 500
R1 (config-router)# neighbor 70.70.70.70 password Cisco123

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

51

Actualizar polticas aplicadas a rutas.


Cuando se aplican nuevas polticas a las rutas, estas deben ser actualizadas,
existen 3 caminos para actualizar las rutas:
Hard reset:
Se puede realizar con el comando clear ip bgp * o clear ip bgp | neighboraddress . Esto permitir que se reinicie completamente la sesin TCP entre todos
los vecinos (*) o un vecino especifico. El restablecimiento de la sesin tarda entre
30 a 60 segundos y genera que se reenven todas las tablas de BGP, actualizando
as las nuevas polticas aplicadas.
Soft reset:
Utiliza gran parte de la memoria, ya que almacena todos los updates sin
modificacin en una tabla. Luego cuando se aplica el filtro, los cambios son
calculados a partir de esta tabla. El comando es clear ip bgp soft
Route refresh:
Solicita al peer el reenvo de toda la informacin, esto utiliza menos memoria, y
permite al router aplicar las polticas de entrada. El comando es clear ip bgp {* |
address | peer-group -name} in . Para poder utilizar route refresh, los routers deben
soportar esta capacidad, esto se puede verificar con el comando show ip bgp
neighbors.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

52

Comandos de consulta tras reseteo de sesin BGP.

show ip bgp neighbors { address } received-routes


show ip bgp neighbors { address } routes
show ip bgp
show ip bgp neighbors { address } advertised-routes

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

53

Monitorear y reconfigurar BGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

54

BGP Atributos y
procesos de
seleccin de
rutas

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

55

BGP. Atributos de BGP.

Los routers BGP envan mensajes update sobre redes, con


sus respectivos prefijos y atributos.
Estos prefijos y atributos se utilizan para seleccionar el
mejor camino hacia una red.
Los atributos de ruta se dividen en cuatro categoras:
Well-known mandatory
Well-known discretionary
Optional transitive
Optional nontransitive

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

56

BGP. Atributos.

Los atributos Well-known: son los que deben ser obligatoriamente


reconocidos por todos sus vecinos.
Dos tipos:
Well-known Mandatory: los cuales deben ir obligatoriamente en todos los mensajes update de
BGP
Well-known Discretionary: los cuales no necesariamente debe estar presente en todos los
mensajes actualizaciones, pero si deben ser reconocidos por los routers BGP.

Los atributos Optionals: no necesitan ser necesariamente reconocidos


por los routers BGP.
Dos tipos:
Optional transitive: el atributo no se implementa pero lo debe pasar a otros routers.
Optional nontransitive: el atributo se elimina y no se pasa a otros routers.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

57

BGP. Atributos.
Los atributos definidos por BGP son los siguientes:

Adems Cisco define un atributo llamado weight, el cual es configurado localmente y no es


propagado a los vecinos.
Cisco define los siguientes cdigos a los atributos:
OriginType code 1
AS-pathType code 2

Well-known Mandatory

Next-hopType code 3
MED (Multiexit-discriminator)Type Code 4
Local-preferencetype code 5

Well-known Discretionary

Atomic-aggregatetype code 6
AggregatorType code 7
CommunityType code 8 (Cisco-defined)
Originator-IDType code 9 (Cisco-defined)
Cluster listType code 10 (Cisco-defined)

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

58

BGP. Atributos Well-known Mandatory.

AS-PATH
Lista los AS por los que pasa la ruta para llegar a la red.
Se utiliza para asegurar un camino libre de bucles, ya que el router no
aceptar una ruta que posea un AS por el cual ya atraves.
Por ejemplo, si el paquete viaja desde el AS 52100 al AS 52500 y toma el
camino 52100 52200 52300 52400, al momento de decidir la ruta,
nunca lo enviar de nuevo al 52200, ya que por este ya pas.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

59

BGP. Atributos Well-known Mandatory.

Next-hop
Este atributo indica la direccin IP del siguiente salto para alcanzar la
red destino.
El siguiente salto no necesariamente debe estar directamente
conectado, sino que ms bien es la direccin IP del router quien
anunci la red.
Por ejemplo, R3 tiene como Next-hop de la red 10.20.0.0 la direccin IP
192.168.10.1 del R1.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

60

BGP. Atributos Well-known Mandatory.

Origin
Indica como fue aprendida la ruta.
Si fue aprendida a partir de un IGP utilizando el comando network, se marca una i
en la tabla de BGP.
Si la ruta fue aprendida por un EGP se marca con una e.
Incomplete, es cuando el origen es desconocido, normalmente ocurre cuando una ruta
es distribuida en BGP y es marcada con un signo ?.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

61

BGP. Atributos Well-known Discretionary.

Local Preference
Se utiliza para determinar cul es la salida preferida en el
AS.
Cuando el Local Preference es ms alto, posee mayor
prioridad, por lo tanto es mejor.
Este atributo es enviado solo entre peers IBGP dentro del
mismo AS local y no es enviado entre peers EBGPs.
Para routers Cisco el local preference por defecto es 100.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

62

BGP. Atributos Optional transitive.

Community
Este atributo es utilizado para realizar un filtrado de rutas.
A las rutas de la comunidad se les asigna un TAG, para a
partir de l, poder tomar decisiones de filtrado de rutas
pertenecientes a la etiqueta.
Esto nos ayuda a tener un mejor control, ya que las
comunidades comparten polticas similares.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

63

BGP. Atributos Optional non-transitive.

MED (Multiexit-discriminator)
Este atributo informa a los vecinos externos por cul de las salidas del AS local se
prefiere que sean alcanzadas las redes locales, en otras palabras cual es la entrada
preferida a la red.
El menor valor MED es el preferido, por lo tanto posee mayor prioridad.
Este atributo es enviado entre los vecinos EBGP y por defecto es 0.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

64

BGP. Atributo Weight (Cisco)

WEIGHT
Este atributo es utilizado en el proceso de seleccin de ruta, tiene significancia
local, por lo tanto no es propagado hacia los vecinos.
Su valor se establece entre 0 y 65535.
Cuando existen mltiples rutas hacia un destino, la ruta con weight ms alto
ser la preferida.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

65

BGP. Proceso de seleccin de rutas


Paso 1. La ruta preferida es la que tiene el mayor weight. (Este
atributo es propietario de Cisco y acta a nivel local).
Paso 2. Si hay mltiples rutas con el mismo weight, prefiere la ruta
con la mayor local preference.
Paso 3. Si hay mltiples rutas con la misma local preference,
prefiere la ruta originada por el router localmente. Una ruta
originada localmente por el router tiene como next hop 0.0.0.0 en
la tabla BGP
Paso 4. Si no hay ninguna ruta originada localmente, prefiere la
ruta con el menor AS-path.
Paso 5. A igualdad de AS-path, la eleccin ser en el siguiente
orden (origin): IGP < EGP < incomplete.
Paso 6. Si todos los origin son el mismo, prefiere la ruta con el
menor MED. (El MED cambia entre AS)
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

66

BGP Proceso de seleccin de rutas


Paso 7. Rutas con el mismo MED, prefiere las eBGP sobre
las iBGP.
Paso 8. Si solo disponemos de rutas iBGP, prefiere el
camino ms corto dentro del AS.
Paso 9. Si solo disponemos de rutas eBGP, selecciona la
ms antigua, es decir, la que lleva ms tiempo en la tabla
BGP.
Paso 10. Superado todo lo anterior, prefiere la ruta con el
menor router-id.
Paso 11. Si dispone del mismo router-id, preferir la
direccin IP ms baja.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

67

BGP. Proceso de seleccin de rutas con Multihomed.


Paso 1 Mira el weight (por defecto 0 en rutas no originadas
por el router).
Paso 2 compara la local preference (por defecto es 100
para todas las redes). Nota: los pasos 1 y 2 tienen efecto si
se modifican los valores weight y local preference.
Paso 3 prefiere las rutas locales del propio AS que las que
le llegan a la tabla BGP externamente.
Paso 4 Selecciona la ruta que atraviesa menor cantidad de
AS para llegar al destino.
Paso 5 Mira como han sido introducidas las redes en BGP.
Normalmente, a traves del comando network (i) o bien, a
traves de una redistribucin (?). iBGP>Redistribute.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

68

BGP. Proceso de seleccin de rutas con Multihomed.


Paso 6 Mira el MED (este atributo no participa en el
proceso de seleccin, a menos que, el administrador del AS
lo manipule). Por defecto, 0.
Paso 7 Prefiere rutas aprendidas por eBGP que por iBGP.
Paso 8 Si solo tiene rutas iBGP elige la mas corta. El
protocolo IGP determinar cual es.
Paso 9. De las rutas anteriores, selecciona la ms antigua,
es decir, la que lleva ms tiempo en la tabla BGP.
Paso 10. Superado todo lo anterior, prefiere la ruta con el
menor router-id.
Paso 11. Si dispone del mismo router-id, preferir la
direccin IP ms baja.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

69

Resumen de seleccin de la mejor ruta


Un router BGP siempre tiene la mejor ruta en tabla de enrutamiento, pero cuando existe
ms de una ruta para una red especifica, sigue los siguientes criterios:
1. Mayor weigth (Cisco).
2. Mayor local preference.
3. Igual Local preference, selecciona la generada localmente va comando Network o
agregate-address.
4. Si las rutas no fueron originadas localmente por el router, se prefiere la ruta con menor
as-path.
5. Mismo tamao as-path, IGP<EGP<Incomplete.
6. Mismo cdigo origin, se prefieren las de menor MED.
7. Si poseen el mismo MED, EBGP<IBGP.
8. Si solo vecinos IBGP, adems de que la sincronizacin se encuentra deshabilitada,
menor mtrica del IGP.
9. Rutas aprendidas va EBGP, se prefiere la ms antigua. Si est configurado router-id,
ste paso no se tiene en cuenta.
10. Menor router-id del vecino.
11. Si las IP son iguales, direccin del router del vecino ms baja.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

70

BGP. Ejemplo de Weight

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

71

BGP. Topologa.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

72

BGP. Show ip bgp

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

73

BGP. Show ip route bgp

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

74

BGP. traceroute

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

75

BGP. ISP3

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

76

BGP. Modificando el weight

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

77

BGP. Modificando local preference

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

78

BGP. Modificando el AS-Path

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

79

Filtros de rutas
BGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

80

Filtros de rutas BGP

Distribute List
Prefix Lists
AS-Path Access Lists (filter-list)
Route Maps

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

81

Distribute List - Ejemplo


Los filtros de rutas se utilizan para evitar enviar redes a lugares que no se desean.
1. Creamos una ACL.
Router(config)#Access-list 1 deny network wildcard
Router(config)#Access-list 1 permit any
Ejemplo: Si R2 desea filtrar la red 4.4.4.0/24 para que no sea aprendida por R1 se debe configurar lo
siguiente:
R4 (config)#Access-list 1 deny 4.4.4.0 0.0.0.255
R4(config)#Access-list 1 permit any
2. Aplicamos la distribute list asociada a la ACL
Router(config-router)#neighbor IP del vecino distribute-list 1 out
Ejemplo: R4(config-router)#neighbor 10.0.0.1 distribute-list 1 out
Direccin del vecino que no se desea que aprenda las redes. Se aplica la lista de distribucin de
salida (out).

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

82

Distribute List - Ejemplo


Cuando existe Multi-homed en un AS de no transito debe aplicarse un filtro con Distribute List para
todas las redes que no fueron originadas dentro del AS.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

83

Sintaxis Prefix Lists


neighbor ip-address prefix-list prefix-listname { in | out }

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

84

Prefix List - Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

85

Prefix Lists - Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

86

Sntaxis AS-Path Access Lists

Router(config)#ip as-path access-list


accesslist-number { permit | deny } regexp

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

87

Sntaxis AS-Path Access Lists


Router(config)# neighbor ip-address filter-list
access-list-number { in | out }

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

88

AS-Path Access Lists - Ejemplo


Pueden ser filtrados todos los prefijos de un sistema autnomo utilizando el
atributo AS-PATH. Con este atributo podremos filtras todos los prefijos que
hayan atravesado un determinado sistema autnomo. Ejemplo:
Router(config)#ip as-path access-list 1 deny ^100
Deniega todos los prefijos que empiecen o terminen con el AS 100
Router(config)#ip as-path access-list 1 permit .*
Permite todos los dems prefijos de todos los AS.
En la configuracin de BGP se debe aplicar el filtro con el comando:
Router(config-router)#neighbor 10.0.0.1 filter-list 1 out
IP del vecino que no enviamos los prefijos que atraviesen por el AS 100

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

89

AS-Path Access Lists - Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

90

Route Maps
Se pueden aplicar varios atributos de BGP:
Origin
Next hop
Community
Local preference
MED

Otros:
Network number and subnet mask (with an IP prefix list)
Route originator
Tag an IGP route
AS-path
Route type (internal or external)

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

91

Route Maps- Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

92

Route Maps- Balanceo de carga en eBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

93

Route Maps- Balanceo de carga en eBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

94

Route Maps- Balanceo de carga en eBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

95

Route Maps- Balanceo de carga en eBGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

96

BGP Peer Groups


En BGP, muchos vecinos estn a menudo configurados con
las mismas polticas.
Para simplificar la configuracin, existen los peer groups.
En un peer group pueden coincidir muchos aspectos BGP:
update-source
next-hop-self
ebgp-multihop
Authentication BGP
Modificacin del weight
Controlar la entrada y la salida de rutas

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

97

Peer Group
Router(config-router)#neighbor peer-groupname peer-group
Router(config-router)#neighbor ip-address
peer-group peer-group-name

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

98

Peer Group - Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

99

Peer Group - Ejemplo

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

100

Implementing
BGP for IPv6
Internet
Connectivity

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

101

Implementing BGP for IPv6 Internet Connectivity


This section covers the following topics:
MP-BGP support for IPv6
Exchanging IPv6 routes over an IPv4 session
Exchanging IPv6 routes over an IPv6 session
BGP for IPv6 configuration and verification
Comparing IPv4 to Dual (IPv4/IPv6) BGP transport
BGP filtering mechanisms for IPv6

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

102

MP-BGP Support for IPv6


Multiprotocol extensions are defined as new attributes. IPv6specific extensions incorporated into MBGP include the
following:
A new identifier for the IPv6 address family.
Scoped addresses. The next-hop attribute contains a global
IPv6 address or a link-local address.
The next-hop attribute and NLRI are expressed as IPv6
addresses and prefixes

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

103

MP-BGP
MP-BGP can, of course, operate with multiple protocols. It
operates by identifying two separate protocols: the carrier
protocol and the passenger protocol.
In an all-IPv4 environment, BGP establishes sessions using
IPv4 (using TCP port 179); IPv4 is the carrier protocol.
The routes that BGP advertises, which is the passenger
protocol, are also IPv4.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

104

MP-BGP
Protocols other than IPv4, including IPv6, also need to
advertise reachability information.
MP-BGP extensions allow these other protocols to be
carried using BGP.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

105

MP-BGP
In an all-IPv6 environment, BGP can be used as both the
carrier and passenger protocol.
In this case, IPv6 is used to establish BGP sessions, and
BGP advertises IPv6 prefixes.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

106

Exchanging IPv6 Routes over an IPv4 Session


Existing IPv4 TCP sessions can carry IPv6 routing
information when adding IPv6 support to a network.
An existing neighbor can be activated for the IPv6 address
family and IPv6 routing information will be sent over the
same neighbor session.
MP-BGP allows the use of many address families to define
the type of addresses being carried.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

107

Exchanging IPv6 Routes over an IPv4 Session


The address-family {ipv4 | ipv6} [ unicast |
multicast ] router configuration command enters address
family configuration mode for configuring BGP routing
sessions.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

108

Exchanging IPv6 Routes over an IPv4 Session


In an IPv6 address family, a neighbor needs to be activated using the
neighbor { IPv4 address | IPv6 address } activate addressfamily configuration command.
The exchange of addresses with BGP neighbors is enabled for the IPv4
address family by default.
The network ipv6-address/prefix-length command, this time in
address family configuration mode, is used to specify the networks to
be advertised.
This command injects a prefix into the BGP database only for the
specified address family

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

109

Exchanging IPv6 Routes over an IPv4 Session

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

110

Exchanging IPv6 Routes over an IPv6 Session

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

111

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

112

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

113

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

114

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

115

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

116

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

117

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

118

BGP for IPv6 Configuration and Verification

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

119

Enable eBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

120

Enable eBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

121

Enable eBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

122

Enable eBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

123

Enable eBGP IPv6 Route Exchange


The eBGP IPv6 update received on R1 is not marked as
best (using the > sign) in the BGP table, because the nexthop address is not reachable.
Also the next-hop address, ::FFFF:172.16.12.2, is an IPv6
address derived from the IPv4 next-hop address.
This neighbor relationship is an IPv4 neighbor relationship,
carrying IPv6 routes.
Because an IPv6 route must have an IPv6 next hop, BGP
dynamically created this IPv6 next-hop address from the
actual IPv4 next-hop address.
However, this is not a reachable IPv6 address; therefore,
the route is not marked as best in the BGP table, and it does
not appear in the IPv6 routing table.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

124

Enable eBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

125

Enable iBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

126

Enable iBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

127

Enable iBGP IPv6 Route Exchange

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

128

Comparing IPv4 to Dual (IPv4/IPv6) BGP Transport


As you have seen, both IPv4 and IPv6 address families can use a single
IPv4 neighbor or two separate sessions can be established, one for each
address family.
There are advantages to both approaches.
Using a single IPv4 neighbor reduces the number of neighbor sessions. In
an environment where a lot of neighbors are configured, this can
significantly reduce the size and complexity of configuration.
However, running IPv6 over an IPv4 session requires modification of the
next-hop attribute.
In contrast, when using two separate sessions for IPv4 and IPv6, there is no
need to implement route maps to overwrite the next-hop parameter.
Exchange of IPv4 and IPv6 routes is completely independent; neighbor
configuration and handling is duplicated.
Note that IPv6 neighbors are not seen in the show ip bgp summary
command output; use the show bgp ipv6 unicast summary command
instead.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

129

BGP Filtering Mechanisms for IPv6


IPv6 Prefix List Filtering
IPv6 Path Selection with BGP Local Preference

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

130

IPv6 Prefix List Filtering

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

131

IPv6 Path Selection with BGP Local Preference

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

132

Appendix C

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

133

BGP Supplement

BGP Route Summarization


Communities
Route Reflectors
Advertising a Default Route
Not Advertising Private Autonomous System Numbers

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

134

BGP Route Summarization


Two BGP attributes are related to aggregate addressing:
Atomic aggregate
A well-known discretionary attribute that informs the neighbor
autonomous system that the originating router has aggregated the
routes

Aggregator
An optional transitive attribute that specifies the BGP router ID and
autonomous system number of the router that performed the route
aggregation

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

135

BGP Route Summarization


By default, the aggregate route is advertised as coming
from the autonomous system that did the aggregation and
has the atomic aggregate attribute set to show that
information might be missing.
The autonomous system numbers from the nonaggregated
routes are not listed.
You can configure the router to include the unordered list of
all autonomous systems contained in all paths that are
being summarized.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

136

Network Boundary Summarization


BGP works differently than the other protocols, the network
network-number [ mask network-mask ] router
configuration command for BGP permits BGP to advertise a
network if it is present in the IP routing table.
This command allows classless prefixes. The router can
advertise individual subnets, networks, or supernets. The
default mask is the classful mask and results in only the
classful network number being announced.
Note that at least one subnet of the specified major network
must be present in the IP routing table for BGP to start
announcing the classful network. However, if you specify the
mask network-mask , an exact match to the network (both
address and mask) must exist in the routing table for the
network to be advertised.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

137

Network Boundary Summarization


The BGP auto-summary command determines how BGP
handles redistributed routes.
The no auto-summary router configuration command turns
off BGP autosummarization.
When summarization is enabled (with auto-summary ), all
redistributed subnets are summarized to their classful
boundaries in the BGP table.
When summarization is disabled (with no auto-summary ),
all redistributed subnets are present in their original form in
the BGP table.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

138

BGP Route Summarization Using the network Command

To advertise a simple classful network number, use the


network network-number router configuration
command without the mask option.
To advertise an aggregate of prefixes that originate in this
autonomous system, use the network network-number
[ mask network-mask ] router configuration command
with the mask option.
Remember that the prefix must exactly match [both address
and mask] an entry in the IP routing table for the network to
be advertised

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

139

Cautions When Using the network Command for Summarization

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

140

Cautions When Using the network Command for Summarization

Each of the four Class C networks is announced because


each already exists in the routing table. These networks are
summarized with the network 192.168.24.0 mask
255.255.252.0 command on Router C.
However, with this command the 192.168.24.0/22 route is
not announced by default because that route is not in the
routing table
Correct way for summarization with the network command:

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

141

Creating a Summary Address in the BGP Table Using the


aggregate-address Command

The aggregate-address ip-address mask [ summary-only


] [ as-set ] router configuration command is used to
create an aggregate, or summary, entry in the BGP table.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

142

Compare
Notice the difference between the aggregate-address and
the network command:
The aggregate-address command aggregates only
networks that are already in the BGP table .
With the BGP network command, the network must exist in
the IP routing table for the summary network to be
advertised.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

143

Using the aggregate-address Command


When you use the aggregate-address command without the
as-set keyword, the aggregate route is advertised as coming
from your autonomous system, and the atomic aggregate
attribute is set to show that information might be missing. The
atomic aggregate attribute is set unless you specify the as-set
keyword.
Without the summary-only keyword, the router still advertises
the individual networks.
When the aggregate-address command is used, a BGP route
to null 0 is automatically installed in the IP routing table for the
summarized route.
For BGP to announce a summary route using the aggregateaddress command, at least one of the more specific routes
must be in the BGP table.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

144

aggregate-address Example

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

145

aggregate-address Example

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

146

Communities
The BGP communities function allows routers to tag routes
with an indicator (the community) and allows other routers
to make decisions (filter) based on that tag.
BGP communities are used for destinations (routes) that
share some common properties and that, therefore, share
common policies.
Routers, therefore, act on the community, rather than on
individual routes.
Communities are not restricted to one network or
autonomous system, and they have no physical boundaries.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

147

Community Attribute
The community attribute is an optional transitive attribute. If
a router does not understand the concept of communities, it
passes it on to the next router. However, if the router does
understand the concept, it must be configured to propagate
the community. Otherwise, communities are dropped by
default.
Each network can be a member of more than one
community.
The community attribute is a 32-bit number.
The upper 16 bits indicate the autonomous system number
of the autonomous system that defined the community.
The lower 16 bits are the community number and have local
significance.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

148

Setting the Communities Configuration


Route maps can be used to set the community attributes.
The set community {[ community-number ] [ well-knowncommunity ] [ additive ]} | none route map configuration
command is used within a route map to set the BGP
community attribute.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

149

Sending the Communities Configuration


The set community command is used along with the neighbor
route-map command to apply the route map to updates.
The neighbor { ip-address | peer-group-name } sendcommunity router configuration command is used to specify that
the BGP communities attribute should be sent to a BGP neighbor.

By default, the communities attribute is not sent to any neighbor.


(Communities are stripped in outgoing BGP updates.)

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

150

BGP Communities Example

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

151

Using the Communities Configuration


The ip community-list community-list-number { permit
| deny } community-number global configuration command

is used to create a community list for BGP and to control


access to it.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

152

Using the Communities Configuration


The match community community-list-number [ exact ]
route map configuration command enables you to match a
BGP community attribute to a value in a community list.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

153

BGP Communities Example Using Weight

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

154

BGP Communities Example Using Weight

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

155

BGP Communities Example Using Weight

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

156

Route Reflectors
BGP specifies that routes learned via iBGP are never
propagated to other iBGP peers.
The result is that a full mesh of iBGP peers is required
within an autonomous system.
With only 13 routers, 78 iBGP sessions would need to be
maintained.
As the number of routers increases, so does the number of
sessions required, governed by the following formula, in
which n is the number of routers:
Number of iBGP sessions = n ( n 1) / 2

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

157

Route Reflectors (PANIC MODE )

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

158

Route Reflectors
In addition to the number of BGP TCP sessions that must be
created and maintained, the amount of routing traffic might also be a
problem.
Depending on the autonomous system topology, traffic might be
replicated many times on some links as it travels to each iBGP peer.
For example, if the physical topology of a large autonomous system
includes some WAN links, the iBGP sessions running over those
links might consume a significant amount of bandwidth.
A solution to this problem is the use of route reflectors (RRs).
This section describes what an RR is, how it works, and how to
configure it.
RRs modify the BGP rule by allowing the router configured as the
RR to propagate routes learned by iBGP to other iBGP peers

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

159

Route Reflectors
This saves on the number of BGP TCP sessions that must
be maintained and also reduces the BGP routing traffic.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

160

Route Reflector Benefits


With a BGP RR configured, a full mesh of iBGP peers is no longer
required.
The RR is allowed to propagate iBGP routes to other iBGP peers.
Route reflectors reduce the number of BGP neighbor relationships
in an autonomous system by having key routers replicate updates
to their RR clients.
Route reflectors do not affect the paths that IP packets follow.
Only the path that routing information is distributed on is affected.
An autonomous system can have multiple RRs, both for
redundancy and for grouping to further reduce the number of iBGP
sessions required.
Migrating to RRs involves a minimal configuration and does not
have to be done all at one time, because routers that are not RRs
can coexist with RRs within an autonomous system.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

161

Route Reflector Terminology


Route Reflector:
Router that is configured to be the router allowed to advertise (or reflect) routes it
learned via iBGP to other iBGP peers.

Clients:
Routers peering with the RR has a partial iBGP
Peering between the clients is not needed, because the route reflector passes
advertisements between the clients.

Cluster:
The combination of the RR and its clients

Nonclients:
Other iBGP peers of the RR that are not clients

Originator ID:
Is an optional, nontransitive BGP attribute that is created by the RR.
This attribute carries the router ID of the routes originator in the local autonomous
system.
If the update comes back to the originator because of poor configuration, the
originator ignores it.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

162

Route Reflector Terminology


Cluster ID :
Usually a cluster has a single RR, in which case the cluster is identified by the RRs
router ID.
To increase redundancy and avoid single points of failure, a cluster might have more
than one RR. When this occurs, all the RRs in the cluster need to be configured with a
Cluster ID.
The cluster ID allows route reflectors to recognize updates from other RRs in the same
cluster.

Cluster list
Is a sequence of cluster IDs that the route has passed. When an RR reflects a route
from its clients to nonclients outside the cluster, it appends the local cluster ID to the
cluster list. If the update has an empty cluster list, the RR creates one.
Using this attribute, an RR can tell whether the routing information is looped back to the
same cluster because of poor configuration.
If the local cluster ID is found in an advertisements cluster list, the advertisement is
ignored.
The originator ID, cluster ID, and cluster list help prevent routing loops in RR
configurations.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

163

Route Reflector Design


When using RRs in an autonomous system, you can divide
the autonomous system into multiple clusters, each having
at least one RR and a few clients. Multiple RRs can exist in
one cluster for redundancy.
The RRs must be fully meshed with iBGP to ensure that all
routes learned are propagated throughout the autonomous
system.
An IGP is still used, just as it was before RRs were
introduced, to carry local routes and next-hop addresses.
Normal split-horizon rules still apply between an RR and its
clients. Thus an RR that receives a route from a client does
not advertise that route back to that client.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

164

Route Reflector Design Example

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

165

Route Reflector Operation


When an RR receives an update, it takes the following
actions, depending on the type of peer that sent the update:
If the update is from a client peer, it sends the update to all
nonclient peers and to all client peers (except the routes
originator).
If the update is from a nonclient peer, it sends the update to
all clients in the cluster.
If the update is from an eBGP peer, it sends the update to
all nonclient peers and to all client peers.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

166

Route Reflector Migration Tips


When migrating to using RRs, the first consideration is
which routers should be the reflectors and which should be
the clients.
Following the physical topology in this design decision
ensures that the packet-forwarding paths are not affected.
Not following the physical topology (for example, configuring
RR clients that are not physically connected to the route
reflector) might result in routing loops.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

167

Bad Route Reflector Design

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

168

Bad Route Reflector Design


In this bad design , which does not follow the physical
topology, the following happens:
Router B knows that the next hop to get to 10.0.0.0 is x
(because it learns this from its RR, Router C).
Router A knows that the next hop to get to 10.0.0.0 is y
(because it learns this from its RR, Router D).
For Router B to get to x , the best route might be through
Router A, so Router B sends a packet destined for 10.0.0.0
to Router A.
For Router A to get to y , the best route might be through
Router B, so Router A sends a packet destined for 10.0.0.0
to Router B.
This is a routing loop.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

169

Good Route Reflector Design

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

170

Good Route Reflector Design


In this good design , which follows the physical topology, the
following are true:
Router B knows that the next hop to get to 10.0.0.0 is y
(because it learns this from its RR, Router D).
Router A knows that the next hop to get to 10.0.0.0 is x
(because it learns this from its RR, Router C).
For Router A to get to x , the best route is through Router C,
so Router A sends a packet destined for 10.0.0.0 to Router
C, and Router C sends it to Router E.
For Router B to get to y , the best route is through Router D,
so Router B sends a packet destined for 10.0.0.0 to Router
D, and Router D sends it to Router E.
There is no routing loop.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

171

Route Reflector Configuration

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

172

Advertising a Default Route


The neighbor { ip-address | peer-group-name }
default-originate [ route-map map-name ] router
configuration command can be used for a BGP router to
send the default route 0.0.0.0 to a neighbor, for its use as a
default route.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

173

Not Advertising Private Autonomous System Numbers

IANA defines private autonomous system numbers 64512


through 65534 to be used for private purposes.
Only public autonomous system numbers should be sent to
eBGP neighbors on the Internet.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

174

Not Advertising Private Autonomous System Numbers

Use the neighbor { ip-address | peer-group-name }


remove-private-as [ all [ replace-as ]] router
configuration command to remove private autonomous
system numbers from the AS-Path attribute; this command
is available only for eBGP neighbors

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

175

Chapter 7 Summary
BGP terminology and concepts, including the following:
BGPs use between autonomous systems and how it is different than other
routing protocols described in this book
BGPs classification as a path vector protocol and its use of TCP protocol 179
BGPs loop-free guarantee, because it does not accept a routing update that
already includes its autonomous system number in the AS-path list
The three tables used by BGP: the BGP table, IP routing table, and BGP
neighbor table
The four BGP message types: open, keepalive, update, and notification
When to use BGP: if the autonomous system allows packets to transit through
it to reach other autonomous systems, if the autonomous system has multiple
connections to other autonomous systems, or if the routing policy and route
selection for traffic entering and leaving the autonomous system must be
manipulated
The use of full-mesh iBGP on all routers in the transit path within the
autonomous system
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

176

Chapter 7 Summary
When not to use BGP: if there is only a single connection to
the Internet or another autonomous system, if edge routers
have a lack of memory or processing power, if you have a
limited understanding of route filtering and the BGP pathselection process, or if the routing policy that will be
implemented in an autonomous system is consistent with the
policy implemented in the ISP autonomous system
BGP neighbor (peer) relationships:
iBGP, when BGP runs between routers in the same
autonomous system
eBGP, when BGP runs between routers that are in different
autonomous systems.
eBGP neighbors are typically directly connected .
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

177

Chapter 7 Summary
Basic BGP configuration, including the relationship between the
BGP table, the IP routing table and the network command: The
network command allows a BGP router to inject a network that is in
its IP routing table into its BGP table and advertise that network to
its BGP neighbors. BGP neighbors exchange their best BGP routes.
The neighbor router that receives that network information puts the
information in its BGP table and selects its best BGP route for that
network. The best route is offered to its IP routing table.
Using BGP features, including next-hop-self, update source, and
eBGP multihop.
Understanding and troubleshooting the BGP states: idle, connect,
active, open sent, open confirm, and established.
Performing hard and soft resets of BGP sessions, required after a
neighbor policy is changed.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

178

Chapter 7 Summary
The BGP attributes that can be either well-known or optional,
mandatory or discretionary, and transitive or nontransitive. An
attribute might also be partial. The BGP attributes are the following:
AS-path: Well-known mandatory. The list of autonomous system numbers that a
route has traversed to reach a destination, with the number of the autonomous
system that originated the route at the end of the list.
Next hop: Well-known mandatory. Indicates the next-hop IP address that is to be
used to reach a destination. For eBGP, the next hop is the IP address of the
neighbor that sent the update; for iBGP, the next hop advertised by eBGP is
carried into iBGP by default.
Origin: Well-known mandatory. Defines the origin of the path information; can be
IGP, EGP, or incomplete.
Local preference: Well-known discretionary. Indicates to routers in the
autonomous system which path is preferred to exit the autonomous system. The
path with a higher local preference is preferred. Sent only to iBGP neighbors.
Atomic aggregate: Well-known discretionary. Informs the neighbor autonomous
system that the originating router has aggregated the routes.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

179

Chapter 7 Summary
Aggregator: Optional transitive. Specifies the BGP router ID and
autonomous system number of the router that performed the route
aggregation.
Community: Optional transitive. Allows routers to tag routes with an
indicator (the community) and allows other routers to make decisions
based on that tag.
MED: Optional nontransitive. Also called metric. Indicates to external
neighbors the preferred path into an autonomous system. A lower
value is preferred; exchanged between autonomous systems.
Weight: Cisco defined; provides local routing policy only and is not
propagated to any BGP neighbors. Routes with a higher weight are
preferred.

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

180

Chapter 7 Summary
The 11-step BGP route-selection decision process is as
follows:
1. Prefer the highest weight.
2. Prefer the highest local preference.
3. Prefer the route originated by the local router.
4. Prefer the shortest AS-path.
5. Prefer the lowest origin code.
6. Prefer the lowest MED.
7. Prefer the eBGP path over the iBGP path.
8. Prefer the path through the closest IGP neighbor.
9. Prefer the oldest route for eBGP paths.
10. Prefer the path with the lowest neighbor BGP router ID.
11. Prefer the route with the lowest neighbor IP address.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

181

Chapter 7 Summary
Verifying BGP configuration.
BGP path manipulation and filtering, including changing the
weight, local preference, AS-path, and MED attributes.
Prefix lists, distribute lists, filter lists, and route maps may
be used.
Configuring BGP peer groups, a group of BGP neighbors of
the router being configured that all have the same update
policies.
Implementing MP-BGP for IPv6, including the following:
Exchanging IPv6 routes over an IPv4 session
Exchanging IPv6 routes over an IPv6 session
BGP filtering mechanisms used for IPv6.
Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

182

Chapter 7 Labs

CCNPv7 ROUTE Lab7.1 BGP Config


CCNPv7 ROUTE Lab7.2 BGP AS PATH
CCNPv7 ROUTE Lab7.3 IBGP EBGP LocalPref MED
CCNPv7 ROUTE Lab7.4 IBGP EBGP Synchronization
CCNPv7 ROUTE Lab7.5 MP-BGP

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

183

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

184

Acknowledgment
Some of images and texts are from Implementing Cisco IP Routing (ROUTE)
Foundation Learning Guide by Diane Teare, Bob Vachon and Rick Graziani
(1587204568)
Copyright 2015 2016 Cisco Systems, Inc.
Special Thanks to Bruno Silva

Chapter 7
2007 2016, Cisco Systems, Inc. All rights reserved.

Cisco Public

185