Configure soft reconfiguration inbound
When a BGP speaking router advertises routes another BGP router updates his BGP table with the same. But there are some situations where an network engineer want's to apply an inbound policy for the routes that the organization is receiving. Because of the BGP protocol design , the BGP Update messages sent to peers are incremental, and if one want's to filter the complete tables and prefixes it must use a hard reset or a route refresh (sometimes a router does not support this feature). A hard reseting of the bgp peering in a production enviroment is not a good thing.
After this said, I will introduce a mechanism that allows us to store all the untouched NLRI (Network Layer Reachability Information) in a different table that can be filtered later on. I have attached a small lab diagram to further elaborate the feature.
Let us take a look at the BGP table organization
Adj-RIBs-In --—-> Loc-RIB —---> Adj-RIBs-Out
The Adj-RIBs-In stores UPDATE messages from other BGP speakers. These are un-edited routes received from our neighbor. Next, our inbound policy is applied, and routes that pass through the policy & have a valid/resolvable next hop, are put into the Loc-RIB. The rest of the routes in the Adj-RIBs-In are discarded.
The Adj-RIBs-Out stores routing information that the BGP speaker will advertise to its peers (i.e. routes that have passed through outbound policies & will be sent in the BGP UPDATE messages to other peers). This is actually just a pointer back to the record in the Loc-RIB.
Soft reconfiguration allows you to store a copy of the Adj-RIB-in.
We can configure the soft reconfiguration on the ISP router so one can filter the routes from the Customer.
First to clarify that the soft inbound is not reconfigured and we cannot see the unfiltered routes.
ISP1#sh ip bgp neighbors 192.168.1.2 received-routes
% Inbound soft reconfiguration not enabled on 192.168.1.2
We use a simple command to configure it.
ISP1(config-router)#neighbor 192.168.1.2 soft-reconfiguration inbound
Now if we try the show output for the received routes on the ISP we can see all the routes with their original NLRI data sent over the BGP peering.
ISP1#sh ip bgp neighbors 192.168.1.2 received-routes
BGP table version is 28, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.10/32 192.168.1.2 0 0 1 ?
*> 15.15.15.0/24 192.168.1.2 0 0 1 ?
*> 15.15.16.0/24 192.168.1.2 0 0 1 ?
*> 15.15.17.0/24 192.168.1.2 0 0 1 ?
*> 50.50.50.0/24 192.168.1.2 0 0 1 i
*> 100.100.100.0/24 192.168.1.2 0 0 1 i
r> 192.168.1.0/30 192.168.1.2 0 0 1 ?
Total number of prefixes 7
We can see the last NLRI that has a r> sign in front of the data. That tells us that there is a RIB failure for that particular route. If we do a show command for that route we can see that there is route in the routing table with a smaller AD. This is the attached interface on the ISP1 router.
ISP1#sh ip route 192.168.1.0
Routing entry for 192.168.1.0/30, 1 known subnets
Attached (1 connections)
C 192.168.1.0 is directly connected, FastEthernet2/0
Soft reconfiguration inbound utilizies a lot of memory resources on the router. So it is better not to use this feature on every router, in every scenario.
Feel free to comment.
No comments:
Post a Comment