Solved: Re: BGP Confederation and Path Selection

cisco_geek · ‎10-06-2010

Hi,

As far as I know, that BGP Path Selection for confederations is as follow:

1- Prefer external BGP routes over Internal BGP.

2- If they are both Internal (within the same AS), then prefer the confed-external over confed-internal.

This is what I know. But there are always something missing when you get to test the scenarios in the LAB.

Here is what I've made:

- R1 is in AS 100 which is connected to AS 200 via R8
- Each router has its loopback configured using its name, for example 1.1.1.1 for R2 and 8.8.8.8 for R8.
- R8, R3 and R4 are peering with R6 and R7 and next-hop-self and update-source loopback0 is configured.

- Now, network 100.100.100.0/24 is advertised via R1 and reaches R8. R8 in return, advertise it to R6 and R7

- So R7 has this route in its BGP table:

RR2#sh ip bg 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 2
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     2
  (280) 100
    8.8.8.8 (metric 1) from 8.8.8.8 (8.8.8.8)
      Origin IGP, metric 0, localpref 150, valid, confed-external
  (280) 100
    8.8.8.8 (metric 1) from 172.12.12.1 (6.6.6.6)
      Origin IGP, metric 0, localpref 150, valid, confed-internal, best

My question is, Why R7 has preferred the route via confed-internal (R6) than the directly connected confed-external (R8)?

Thanks in advance.

Peter Paluch · ‎10-06-2010

Hello,

I admit I do not have extensive experiences with confederations but I have had a look into the Cisco's description of the BGP best path selection algorithm at:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

Specifically, it says in the Step 7:

Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.

It thus seems that the step 7 (prefer "external" info to "internal") does not apply here, and thus the router R7 ultimately decided to use the route advertised by the router with the lowest BGP Router ID according to the Step 11 (because all paths are treated as internal paths).

Best regards,

Peter

View solution in original post

Giuseppe Larosa · ‎10-06-2010

Hello,

actually it looks like there is no distinction between confed-internal and confed-external paths

see point 7 of BGP best path selection:

Prefer eBGP over iBGP paths.

If bestpath is selected, go to Step 9 (multipath).

Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml#bestpath

second path is chosen for the lowest BGP router-id (6.6.6.6) instead of (8.8.8.8) of first path

However, I remember to have found in several good books the same hierarchy you have suggested!

Hope to help

Giuseppe

View solution in original post

Peter Paluch · ‎10-06-2010

Hello,

I admit I do not have extensive experiences with confederations but I have had a look into the Cisco's description of the BGP best path selection algorithm at:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

Specifically, it says in the Step 7:

Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.

It thus seems that the step 7 (prefer "external" info to "internal") does not apply here, and thus the router R7 ultimately decided to use the route advertised by the router with the lowest BGP Router ID according to the Step 11 (because all paths are treated as internal paths).

Best regards,

Peter

Giuseppe Larosa · ‎10-06-2010

Hello,

actually it looks like there is no distinction between confed-internal and confed-external paths

see point 7 of BGP best path selection:

Prefer eBGP over iBGP paths.

If bestpath is selected, go to Step 9 (multipath).

Note: Paths that contain AS_CONFED_SEQUENCE and AS_CONFED_SET are local to the confederation. Therefore, these paths are treated as internal paths. There is no distinction between Confederation External and Confederation Internal.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml#bestpath

second path is chosen for the lowest BGP router-id (6.6.6.6) instead of (8.8.8.8) of first path

However, I remember to have found in several good books the same hierarchy you have suggested!

Hope to help

Giuseppe

cisco_geek · ‎10-06-2010

But Jeff Doyle is saying something else! I'm confused about this already!

When choosing a route, the BGP decision process remains the 
same, with one addition: EBGP routes external to the confederation are preferred 
over EBGP routes to member autonomous systems, which are preferred over IBGP 
routes. Another difference between confederations and standard autonomous 
systems is the way in which some attributes are handled. Attributes such as 
NEXT_HOP and MED can be advertised unchanged to EBGP peers in another member AS 
within the confederation, and the LOCAL_PREF attribute also can be sent.

In Cisco and RFC#5065

   4) When comparing routes using the internal (IBGP learned) versus
      external (EBGP learned) rules, treat a route that is learned from
      a peer that is in the same confederation (not necessarily the same
      Member-AS) as "internal".

Anyway, Thank you giuslar and Peter Paluch, you've directed me to the right way.

Peter Paluch · ‎10-06-2010

Hello,

But Jeff Doyle is saying something else! I'm confused about this already!

To say that Mr. Doyle is wrong would be a grave blasphemy, wouldn't it?

I think that the confusion stems from the ambiguosity of the RFCs that describe the working with confederations. The original RFC 1965 published in the year 1996 has only a single vague statement regarding the path selection algorithm:

   Path
   selection criteria for information received from members inside a
   confederation may follow the same rules used for information received
   from members inside the same autonomous system.

In 2001, this RFC was obsoleted by the RFC 3065 that is somewhat more explicit:

   Path
   selection criteria for information received from members inside a
   confederation MUST follow the same rules used for information
   received from members inside the same autonomous system, as specified
   in [1].

I would personally say that this requirement can be understood in both ways: that either there is a difference between confed-internal and confed-external routes, or there is no difference.

The RFC 5065 from February 2007 gets this issue straighted out, just as you noted yourself:

5.3.  AS_PATH and Path Selection

   Path selection criteria for information received from members inside
   a confederation MUST follow the same rules used for information
   received from members inside the same autonomous system, as specified
   in [BGP-4].

   In addition, the following rules SHALL be applied:

   1) If the AS_PATH is internal to the local confederation (i.e., there
      are only AS_CONFED_* segments), consider the neighbor AS to be the
      local AS.

   2) Otherwise, if the first segment in the path that is not an
      AS_CONFED_SEQUENCE or AS_CONFED_SET is an AS_SEQUENCE, consider
      the neighbor AS to be the leftmost AS_SEQUENCE AS.

   3) When comparing routes using AS_PATH length, CONFED_SEQUENCE and
      CONFED_SETs SHOULD NOT be counted.

   4) When comparing routes using the internal (IBGP learned) versus
      external (EBGP learned) rules, treat a route that is learned from
      a peer that is in the same confederation (not necessarily the same
      Member-AS) as "internal".

Probably, this is the source of confusion. Note that even the RFC 5065 says that these additional path-selection step SHALL be applied, not MUST be. Therefore, there still may be differences out there in implementations.

Best regards,

Peter

cisco_geek · ‎10-07-2010

Thank you Peter!