Advanced BGP network design for stability and security

10 Jun 2008

Border Gateway Protocol (BGP) is a challenge to manage, but having a secure and stable network may be worth it. You may have worked your way from simple through advanced troubleshooting but there's more. This essential BGP e-Guide delves deep into the BGP IP network design and challenges that present themselves as you move alone. Find out how BGP in a large network design scales better with MPLS in the core and BGP on the edge and upping network security so customers can't accidentally harm your BGP routing data.

In this e-Guide:

5 essential reasons for BGP in your network

Designing large-scale BGP networks

Scale your backbone with core MPLS BGP on the edge

Improving BGP services and security

5 essential reasons for BGP in your network by Ivan Pepelnjak

Yes Border Gateway Protocol (BGP) has the reputation of being the hardest routing protocol to design configure and maintain. But while this notion has some validity there are situations where BGP is the only tool available to get the job done or where deploying BGP throughout your network can increase its security or stability.

BGP's complexity is primarily due to the large number of attributes it can attach to a route its complex route selection rules and the manual configuration of neighboring routers (which are discovered automatically in most other routing protocols) needed to ensure the security of the routing information exchange. Having a large number of configuration options and BGP-specific filtering mechanisms available on routers from different major vendors doesn't help either.

In this e-Guide I'll give you five scenarios where BGP is the best match for your network requirements.

Internet service advantages

If you're an Internet service provider (ISP) running BGP in your network is almost a must. I've seen consumer-focused ISPs that tried to get around this recommendation and used BGP solely to peer with their upstream ISPs but they eventually had to bite the bullet and deploy BGP to increase the stability of their network provide end-to-end quality-of-service or penetrate enterprise markets. Enterprise-focused ISPs have to run BGP from the start to support their multi-homed customers).

Layer 3 VPN services

We've seen a variety of technologies used to implement Layer 3 VPN services in recent years and MPLS-based VPNs have undoubtedly proven to be the most scalable solution partly due to using BGP as the underlying routing protocol. Fortunately you don't have to deploy BGP everywhere in your network if you want to deploy MPLS/VPN solutions. It's enough to deploy BGP on the Provider Edge (PE) routers that connect your VPN customers and on a few core devices that act as route servers (these devices should not be expected to forward heavy traffic loads).

Increasing network stability

Although I've met networking engineers trying to use BGP as the sole routing protocol in their networks that's not how you should use it. Any decent BGP design should rely on another faster routing protocol (for example OSPFEIGRP or IS-IS) to provide core routing in the network with BGP responsible for the edge/customer routing.

With the separation of core and edge routing into two routing protocols your network core becomes more stable as the edge problems cannot disrupt the core. This design has been used very successfully in large enterprise networks with haphazard addressing schemes that defied attempts at route summarization.

Related content

No Comments Yet! Be the first to share what you think!