Fine-tuning BGP Client / Server Relationship
The route-server-client CLI configuration at the [edit protocols bgp group The route-server-client can be configured at the protocol, group, or neighbor levels of . Only the clients of an IXP have relationships with each other. There is no relationship that the route server can have with AS2 to make all the When an AS sends a route to a neighbor, it attaches a set of communities to. The route server, in turn, forwards this information to each route server client to discriminate among multiple exit or entry points to the same neighboring AS. AS3, and AS4 represent interconnection relationships, whether via bilateral or.
The RLPs from a just received route are also collected unless they are explicitly denied by policy.
Fine-tuning BGP Client / Server Relationship
Covering RLPs are also collected from covering routes. A subset of this collection of RLPs is used to validate the route. The subset to use is determined as follows: If the operator has created a local set of RPLs, then that set is used. The operator may add RLPs received from other sources as per local policy. If there are multiple such CRLP sets with different netmask lengths, then the set with the longest netmask length is used.
Else if CRPL sets exist, then the union of the sets with the longest netmask in the associated route is used.
BGP Route Leak Protection Community
Note that if the used RLP sets differ, then some of them cannot be trusted and should not have been accepted when the associated route was received. The response to a leak is a local decision.
The same considerations apply to CRLPs. In other words, if an AS declares incorrect transits for itself, then it is hurting only itself. This may be sensitive information for some. However, for another AS to detect a route leak, it needs to know this information.
This concern can be mitigated by sending RLPs to transit providers only, not to peers and customers. This document uses the term "route server" exclusively to describe multilateral peering brokerage systems. These differences are described as follows. Attribute Transparency As a route server primarily performs a brokering service, modification of attributes could cause route server clients to alter their BGP Decision Process for received prefix reachability information, thereby changing the intended routing policies of exchange participants.
This is a recommendation rather than a requirement solely to provide backwards compatibility with legacy route server client implementations that do not yet support the requirements specified in Section 2.
If a Communities attribute is intended for processing by the route server itself, as determined by local policy, it MAY be modified or removed. Per-Client Policy Control in Multilateral Interconnection While IXP participants often use route servers with the intention of interconnecting with as many other route server participants as possible, there are circumstances where control of path distribution on a per-client basis is important to ensure that desired interconnection policies are met.
The control of path distribution on a per-client basis can lead to a path being hidden from the route server client. We refer to this as "path hiding".
In the traditional bilateral interconnection model, per-client policy control to a third-party exchange participant is accomplished either by not engaging in a bilateral interconnection with that participant or by implementing outbound filtering on the BGP session towards that Jasinska, et al. However, in a multilateral interconnection environment, only the route server can perform outbound filtering in the direction of the route server client; route server clients depend on the route server to perform their outbound filtering for them.
Assuming the BGP Decision Process [ RFC ] is used, when the same prefix is advertised to a route server from multiple route server clients, the route server will select a single path for propagation to all connected clients. If, however, the route server has been configured to filter the calculated best path from reaching a particular route server client, then that client will not receive a path for that prefix, although alternate paths received by the route server might have been policy compliant for that client.
This phenomenon is referred to as "path hiding". For example, in Figure 1, if the same prefix were sent to the route server via AS2 and AS4, and the route via AS2 was preferred according to the BGP Decision Process on the route server, but AS2's policy prevented the route server from sending the path to AS1, then AS1 would never receive a path to this prefix, even though the route server had previously received a valid alternative path via AS4.
This happens because the BGP Decision Process is performed only once on the route server for all clients. Path hiding will only occur on route servers that employ per-client policy control; if an IXP operator deploys a route server without implementing a per-client routing policy control system, then path hiding does not occur, as all paths are considered equally valid from the point of view of the route server.
Mitigation of Path Hiding There are several approaches that can be taken to mitigate against path hiding. Multiple Route Server RIBs The most portable method to allow for per-client policy control without the occurrence of path hiding is to use a route server BGP implementation that performs the per-client best path calculation for each set of paths to a prefix, which results after the route server's client policies have been taken into consideration.
Implementations can optimize this by maintaining paths not subject to filtering policies in a global Loc-RIB, with per-client Loc-RIBs stored as deltas.
BGP Route Server Overview
Advertising Multiple Paths The path distribution model described above assumes standard BGP session encoding where the route server sends a single path to its client for any given prefix. If, however, it were possible for the route server to send more than a single path to a route server client, then route server clients would no longer depend on receiving a single path to a particular prefix; consequently, the path-hiding problem described in Section 2.
We present two methods that describe how such increased path diversity could be implemented. Diverse BGP Path Approach The diverse BGP path proposal as defined in [ RFC ] is a simple way to distribute multiple prefix paths from a route server to a route server client by using a separate BGP session from the route server to a client for each different path. The number of paths that may be distributed to a client is constrained by the number of BGP sessions that the server and the client are willing to establish with each other.
BGP Route Server Overview - TechLibrary - Juniper Networks
As there may be more potential paths to a given prefix than configured BGP sessions, this method is not guaranteed to eliminate the path-hiding problem in all situations. Furthermore, this method may significantly increase the number of BGP sessions handled by the route server, which may negatively impact its performance. Standards Track [Page 8] RFC IXP BGP Route Server September If the ADD-PATH capability is negotiated bidirectionally between the route server and a route server client, and the route server client propagates multiple paths for the same prefix to the route server, then this could potentially cause the propagation of inactive, invalid, or suboptimal paths to the route server, thereby causing loss of reachability to other route server clients.
For this reason, ADD-PATH implementations on a route server should enforce a send-only mode with the route server clients, which would result in negotiating a receive-only mode from the client to the route server.