BGP4 AFI/SAFI Numbers and Captures of BGP Updates

Below are the BGP4 AFI/SAFI numbers. Also there are lots of SAFI numbers but these are the commonly used ones.

• IPv4 (AFI/SAFI 1/1)
• VPNv4 (AFI/SAFI 1/128)
• VPNv6 with v4-mapped nhops (AFI/SAFI 2/128)
• 6PE with v4-mapped nhops (AFI/SAFI 2/4)

So, how this information is useful? 

When you configure MP-BGP (means that you configure BGP to carry network layer reachability information for address families other than unicast IPv4) BGP installs the MP-BGP routes into different routing tables. Each routing table is identified by the AFI and a SAFI).

SAFI field value	Description	Reference
1	NLRI used for unicast forwarding.	RFC 2858
2	NLRI used for multicast forwarding.	RFC 2858
3	NLRI used for both unicast and multicast forwarding.	RFC 2858
4	NLRI with MPLS labels.	RFC 3107
64	Tunnel SAFI.	draft-nalawade-kapoor-tunnel- safi -01.txt
65	Virtual Private LAN Service (VPLS).	—
66	BGP MDT SAFI	draft-nalawade-idr-mdt-safi-00.txt
128	MPLS-labeled VPN address	RFC-ietf-l3vpn-rfc2547bis-03.txt

Below are the wireshark captures of the bgp updates messages of different AFI/SAFI.

IPv4 EXAMPLE (AFI/SAFI 1/1) 

6PE EXAMPLE (AFI/SAFI 2/4)

You can see the AFI/SAFI numbers, NLRI prefix-label information, and next-hop information inside of the MP_REACH_NLRI attribute.

VPNv4 EXAMPLE (AFI/SAFI 1/128)

Most Basic IBGP Rule

Most Basic IBGP Rule

IBGP routes learned from an ibgp peer, is not advertised to any other ibgp peer. Consider the picture below, good picture. JIf router C receives prefix from router A, it never advertises it to router B.

Of cource this is valid when all peers are configured as non-client environment, which is the default. But don’t forget if you are talking about a route reflector topology, rr advertises ibgp routes to it’s other clinets. “Clinet” keyword is so important here. I also would like to clarify the client and non-client confusion in route reflector topologies.

If prefix is received from a non-client, it’s advertised to only clients.

If prefix is received from a client, it’s advertised to both clients and non-clients.

To be more basic, the only “not advertised prefix” case is;

If prefix is received from non-client , it’s not advertised to non-client. All other is advertised J

                  +-------+        +-------+
                  |       |        |       |
                  | RTR-A |        | RTR-B |
                  |       |        |       |
                  +-------+        +-------+
                        \            /
                    IBGP \   ASX    / IBGP
                          \        /
                           +-------+
                           |       |
                           | RTR-C |
                           |       |
                           +-------+

Digital Attack Map of Arbor and Google Ideas

Arbor networks which is the provider of DDoS and threat protection solutions, and google ideas have a useful project called “Digital Attack Map”.

http://www.digitalattackmap.com/

Actually the information is already available on Arbor’s webpage through its Atlas system.. But of course virtualization of this raw data into a map is perfect!

Enjoy it!

IPv6 Subnet Calculation

IPv6 address formatting is sometimes very difficult. But website www.dnskey.net is making it easier. There are lots of web pages but this one is the simplest and very fast. If you want to divide your /32 subnet to /35s just write your prefix and submit!

Below is the output of /32 prefix divided into /35 subnets.

------------------------------------------------------
Prefix entered  => 2001:0DB8::/32 
Correct /32 prefix =>      2001:0DB8:0000:0000:/32
Subnet mask            =>      FFFF:FFFF:0000:0000:
You want /35 from =>      2001:0DB8:0000:0000:/32
Number of /35 subnets =>   8 
------------------------------------------------------
/35 prefixes 
------------------------------------------------------
2001:0DB8:0000:0000::/35  
2001:0DB8:2000:0000::/35  
2001:0DB8:4000:0000::/35  
2001:0DB8:6000:0000::/35  
2001:0DB8:8000:0000::/35  
2001:0DB8:A000:0000::/35  
2001:0DB8:C000:0000::/35  
2001:0DB8:E000:0000::/35  

ASR9000 / IOS-XR Netflow Configuration

ASR9k / XR netflow configuration consists of three different section, sampler_map, monitor_map and exporter_map. You take a sample of traffic according to your sampler_map then process it with some different parameters like caching/table sizes in you motior map and last you export it with your exported map. Of course you need to add something under interface.

You can basicly configure these like below.

sampler-map sampler_map_netflow

 random 1 out-of 1000 

Sampling frequency which indicates how often the device takes a sample of the frames regardless they are forwarded or not. When you check flow data with some cache commands you can see if it’s forwarded or DroppedAcl etc. That’s pretty good to learn what happened to the packets. 1 out of 1000 or 500 is enough, of course depends on you traffic characteristic or collector mem.

flow monitor-map monitor_map_netflow

 record ipv4

 exporter exporter_map_netflow

 exporter exporter_map_netflow_2 //you can configure more than one exporter map so that you can send data to multiple flow server destinations.

 cache timeout active 30 // that means, if a flow is active for a long time, router will export it after 30 seconds otherwise it’ll wait for 1800 seconds which is the default.So you don’t have to wait 30 min to see the active traffic flow in your collector.

flow exporter-map exporter_map_netflow

 version v9

 !

 transport udp 9996

 source Loopback0

 destination <flow_collector_ip>

And the last one is interface configuration. You can both configure ingress or egress but the recommended is to configure ingress on all interfaces of the router.

interface tex/x

flow ipv4 monitor monitor_map_netflow sampler sampler_map_netflow ingress