BGP Configuration/BGP multihoming with single ISP- Dual Homed

03/26/2020 105 16481

DESCRIPTION:

RESOLUTION:

 What is BGP?

BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).

Autonomous Systems

Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider

SonicWall supports 2- Byte and 4- Byte ASN

Default is 2- Byte

How Does BGP Work?

BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP  Neighbor is in the same AS.

 eBGP  Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.

 AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.

 NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.

BGP Messages

BGP communication includes the following types of messages

 Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.

 Update These messages contain path information, such as route announcements or withdrawals.

 Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.

 Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:

Subcode Description 

Sample BGP Packet Capture.

Enable advanced routing and BGP(Configure Via CLI)






BGP configuration for Multihoming with single ISP

CLI  Commands

admin@C0EAE45BFE7A> configure

config(C0EAE45BFE7A)# routing 

(config-routing)# bgp

ZebOS version 7.7.0 IPIRouter7/2009

ARS BGP>configure terminal

ARS BGP(config-router)>router bgp 100

ARS BGP(config-router)>network 192.168.1.0/24  <>
ARS BGP(config-router)>network 192.168.2.0/24

ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200

ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in  <>

 ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200

ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>

ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>

ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 

ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10

ARS BGP(config-route-map)>set as-path prepend100 100 100  <>

ARS BGP(config-router)>Ctrl+Z

ARS BGP> Write

ARS BGP> Exit

config(C0EAE45BFE7A)#commit

 Commands to check:

config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]

config(C0EAE45BFE7A)# show routing bgp

 config-routing)# show routing nsm database <>

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

 O - OSPF, IA - OSPF inter area

 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

 E1 - OSPF external type 1, E2 - OSPF external type 2

 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

 > - selected route, * - FIB route, p - stale info

C  *> 127.0.0.0/8 is directly connected, lo0

S  *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0

C  *> 172.27.76.0/24 is directly connected, X0

C  *> 192.168.176.0/24 is directly connected, X1

B  2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23  <>
 [20/0] via 160.20.20.2, 00:04:01
 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Devices not Supported: TZ 300/ 300W

What is BGP?

BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).

Autonomous Systems

Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider

SonicWall supports 2- Byte and 4- Byte ASN

Default is 2- Byte

How Does BGP Work?

BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP  Neighbor is in the same AS.

 eBGP  Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.

 AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.

 NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.

BGP Messages

BGP communication includes the following types of messages

 Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.

 Update These messages contain path information, such as route announcements or withdrawals.

 Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.

 Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:

Enable advanced routing and BGP(Configure Via CLI)

Before enabling check for the sonicOS Expanded License

1. Click Manage in the top navigation menu
2. Navigate to Network | Routing
3. Click on Settings Tab
4. Under the Routing Mode Drop down Select Advanced Routing

Click on OK to proceed and configure BGP from CLI

BGP configuration for Multihoming with single ISP

CLI  Commands

admin@C0EAE45BFE7A> configure

config(C0EAE45BFE7A)# routing 

(config-routing)# bgp

ZebOS version 7.7.0 IPIRouter7/2009

ARS BGP>configure terminal

ARS BGP(config-router)>router bgp 100

ARS BGP(config-router)>network 192.168.1.0/24  <>
ARS BGP(config-router)>network 192.168.2.0/24

ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200

ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in  <>

ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200

ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>

ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>

ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 

ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10

ARS BGP(config-route-map)>set as-path prepend100 100 100  

ARS BGP(config-router)>Ctrl+Z

ARS BGP> Write

ARS BGP> Exit

config(C0EAE45BFE7A)#commit

Commands to check:

config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]

config(C0EAE45BFE7A)# show routing bgp

 config-routing)# show routing nsm database <>

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

 O - OSPF, IA - OSPF inter area

 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

 E1 - OSPF external type 1, E2 - OSPF external type 2

 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

 > - selected route, * - FIB route, p - stale info

C  *> 127.0.0.0/8 is directly connected, lo0

S  *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0

C  *> 172.27.76.0/24 is directly connected, X0

C  *> 192.168.176.0/24 is directly connected, X1

B  2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23 
 [20/0] via 160.20.20.2, 00:04:01