•
Means to achieve higher session scale by distributing the overall peering sessions between multiple
instances.
•
Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying
different BGP tables.
•
Improved BGP convergence under certain scenarios.
•
All BGP functionalities including NSR are supported for all the instances.
•
The load and commit router-level operations can be performed on previously verified or applied
configurations.
Restrictions
•
The router supports maximum of 4 BGP instances.
•
Each BGP instance needs a unique router-id.
•
Only one Address Family can be configured under each BGP instance (VPNv4, VPNv6 and RT-Constrain
can be configured under multiple BGP instances).
•
IPv4/IPv6 Unicast should be within the same BGP instance in which IPv4/IPv6 Labeled-Unicast is
configured.
•
IPv4/IPv6 Multicast should be within the same BGP instance in which IPv4/IPv6 Unicast is configured.
•
All configuration changes for a single BGP instance can be committed together. However, configuration
changes for multiple instances cannot be committed together.
BGP Prefix Origin Validation Based on RPKI
A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain
path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH
attribute in BGP and starts with the AS that originated the prefix.
To help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle
attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS
number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route)
needs to be verified and authorized by the prefix holder.
The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP
addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other
things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running
BGP can connect to the RPKI to validate the origin-AS of BGP paths.
Configuring RPKI Cache-server
Perform this task to configure Resource Public Key Infrastructure (RPKI) cache-server parameters.
Configure the RPKI cache-server parameters in rpki-server configuration mode. Use the rpki server command
in router BGP configuration mode to enter into the rpki-server configuration mode
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
66
Implementing BGP
BGP Prefix Origin Validation Based on RPKI
To Next Page
Loading...
Need help?
General
