Sunday, 17 March 2013

BGP SUMMARY CONFIGURATION

We will be talking about bgp summary configuration (as-set, advertise-map,suppresss-map,unsuppress-map). All credit here goes to Jarek (http://hackingcisco.blogspot.com). He actually made me pass my bgp exam. I will be using his topology here (but modified a little)

Like I always start, here are my default configs. Pay attention to ISP2

R1.....................

int s0/1

ip add 20.20.20.1 255.255.255.0

no shut

int s0/0

ip add 10.10.10.1 255.255.255.0

no shut

int lo 1

ip add 150.150.150.1 255.255.255.0

no shut

exit

router bgp 100

nei 10.10.10.2 remote-as 222

nei 20.20.20.2 remote-as 200

bgp router-id 150.150.150.1

no synchronization

R2..................

int s0/0

ip add 30.30.30.2 255.255.255.0

no shut

int s0/1

ip add 20.20.20.2 255.255.255.0

no shut

int s0/2

ip add 50.50.50.2 255.255.255.0

no shut

int lo 1

ip add 77.77.77.1 255.255.255.0

no shut

exit

router bgp 200

nei 30.30.30.1 remote-as 300

nei 20.20.20.1 remote-as 100

nei 50.50.50.1 remote-as 111

bgp router-id 77.77.77.1

no synchronization

R3..........................

int s0/0

ip add 40.40.40.1 255.255.255.0

no shut

int s0/1

ip add 30.30.30.1 255.255.255.0

no shut

int lo 1

ip add 99.99.99.1 255.255.255.0

no shut

exit

router bgp 300

nei 40.40.40.2 remote-as 222

nei 30.30.30.2 remote-as 200

bgp router-id 99.99.99.1

no synchronization

ISP1..................................

int s0/0

ip add 50.50.50.1 255.255.255.0

no shut

int lo 1

ip add 200.200.200.1 255.255.255.0

no shut

exit

router bgp 111

nei 50.50.50.2 remote-as 200

bgp router-id 200.200.200.1

no synchronization

ISP2..................

int s0/1

ip add 40.40.40.2 255.255.255.0

no shut

int s0/0

ip add 10.10.10.2 255.255.255.0

no shut

int lo 1

ip add 100.100.100.1 255.255.255.0

no shut

int lo 3

ip add 40.0.0.1 255.255.0.0

no shut

int lo 4

ip add 40.1.0.1 255.255.0.0

no shut

int lo 5

ip add 40.2.0.1 255.255.0.0

no shut

int lo 6

ip add 40.3.0.1 255.255.0.0

no shut

int lo 7

ip add 44.4.0.1 255.255.224.0

no shut

int lo 8

ip add 44.4.32.1 255.255.224.0

no shut

int lo 9

ip add 44.4.64.1 255.255.224.0

no shut

int lo 10

ip add 44.4.96.1 255.255.224.0

no shut

exit

router bgp 222

nei 10.10.10.1 remote-as 100

nei 40.40.40.1 remote-as 300

bgp router-id 100.100.100.1

no synchronization

LETS ADD ADVERTISE THE LOOPACKS INTO BGP

exit

ip prefix-list A seq 5 permit 40.0.0.0/8 le 16

ip prefix-list B seq 5 permit 44.4.0.0/16 le 19

route-map C permit 10

match ip add prefix-list A

exit

route-map C permit 20

match ip add prefix-list B

exit

router bgp 222

redistribute connected route-map C

Now lets get down to the problems . Note that all routers in this topology would see all routes since each router is an AS only. I mean split horizon rule does not apply here

1) Summarize all prefixes 40.x.x.x to one prefix only. Summarize prefixes 44.x.x.x but make sure that more specific prefixes are also advertised.

ISP2(conf)#router bgp 100

aggregate-address 40.0.0.0 255.252.0.0 summary-only

aggregate-address 44.4.0.0 255.255.128.0

when we do a sh ip bgp on isp2 we wld see 40.1.0.0,40.2.0.0 as being suppressed

ISP2#sh ip bgp

s> 40.1.0.0/16 0.0.0.0 0 32768 ?

s> 40.2.0.0/16 0.0.0.0 0 32768 ?

s> 40.3.0.0/16 0.0.0.0 0 32768 ?

ISP1# sh ip bgp

*> 40.0.0.0/14 50.50.50.2 0 200 300 222 I [origin code is IGP]

*> 44.4.0.0/19 50.50.50.2 0 200 100 222 ?

2) ISP2 is advertising the aggregate 40.0.0.0/14 .Configure ISP2 so that it also advertises more specific prefixes as follows: 40.3.0.0/16 towards R1 and 40.1.0.0/16 towards R3

On oda routers , what we have is

R1#sh ip bgp

* 40.0.0.0/14 20.20.20.2 0 200 300 222 i

*> 10.10.10.2 0 0 222 i

No specific routes are advertised since we applied a summary-only to our aggregate command

To solve this,

ISP2(conf)#ip prefix-list D seq 5 permit 40.3.0.0/16

ip prefix-list E seq 5 permit 40.1.0.0/16

route-map F permit 10
match ip add prefix-list D

exit

route-map G permit 10

match ip add pefix-list E

exit

router bgp 222

nei 10.10.10.1 unsuppress-map F

nei 40.40.40.1 unsuppress-map G

Dats all. Now lets go to confirm what we av just done.

R1# sh ip bgp

* 40.0.0.0/14 20.20.20.2 0 200 300 222 i

*> 10.10.10.2 0 0 222 i

*> 40.1.0.0/16 20.20.20.2 0 200 300 222 ?

*> 40.3.0.0/16 10.10.10.2 0 0 222 ?

Note that we see 40.1.0.0 only because R2 is advertising it to us and the unsuppressed routes appear as incomplete

R3#sh ip bgp

*> 40.0.0.0/14 40.40.40.2 0 0 222 i

*> 40.1.0.0/16 40.40.40.2 0 0 222 ?

*> 40.3.0.0/16 30.30.30.2 0 200 100 222 ?

Similarly we see only 40.3.0.0 bcos R2 is advertising it to us and the unsuppressed routes appear as incomplete

3) ISP2 aggregates 44.4.0.0/19 subnet to 44.4.0.0/17 but allows more specific ones to be advertised too. Configure ISP2 to advertise only the aggregate route 44.4.0.0/17 except 44.4.64.0/19.

We need to remove the aggregate –address formerly configured, but first lets configure our route-map

ISP2(conf)#ip prefix-list H seq 5 permit 44.4.0.0/19

ip prefix-list H seq 10 permit 44.4.30.0/19

ip prefix-list H seq 15 permit 44.4.64.0/19

route-map I permit 10

match ip add prefix-list H

exit

router bgp 222

no aggregate-address 44.4.0.0 255.255.128.0

aggregate-address 44.4.0.0 255.255.128.0 summary-only suppress-map I

To view the changes made
R1#sh ip bgp

*> 40.0.0.0/14 10.10.10.2 0 0 222 i

*> 44.4.0.0/17 10.10.10.2 0 0 222 i

*> 44.4.64.0/19 10.10.10.2 0 0 222 ?

4) Remove the aggregate-command on ISP2

Configure R1 and R3 aggregation for the prefixes advertised on isp2 . Make sure that isp1 can see the all AS numbers to reach these two aggregates.

ISP2(conf-router)#no aggregate-address 44.4.0.0 255.255.128.0 summary-only suppress-map I

no aggregate-address 40.0.0.0 255.252.0.0 summary-only

R1(conf)#router bgp 100

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

R3(conf)#router bgp 300

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

To check the effect of these commands,

R2#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 40.0.0.0/14 30.30.30.1 0 0 300 222 ? [origin code is incomplete]

*> 20.20.20.1 0 0 100 222 ?

* 44.4.0.0/17 30.30.30.1 0 0 300 222 ?

*> 20.20.20.1 0 0 100 222 ?

5) Remove aggregate cmd in R1 and R3

Cfg R2 such that it aggregates the 40.x.x.x and 44.4.x.x but they must appear as IGP to ISP1

R1(conf)#router bgp 100

no aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

no aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

R3(conf)#router bgp 300

no aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

no aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

Now lets get started

R2(conf)#route-map J permit 10

set origin igp

exit

router bgp 300

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set attribute-map J

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set attribute-map J

Now lets verify our results

ISP1#sh ip bgp

> 40.0.0.0/14 50.50.50.2 0 0 200 100 222 i

*> 44.4.0.0/17 50.50.50.2 0 0 200 100 222 i

The ideal is you should be able to copy and paste all these configs into ur console

Saturday, 16 March 2013

HITTING BGP TIMERS (HOLD-TIME, SCAN TIME, UPDATE-TIME)

Range of AS 1 -65535 [public uses 1-64511] [private uses 64512-65535]

Default keep-alive is 60s and Holdtime is 180s

Default update(advertisement) is 5s(ibgp) and 30s(EBGP)

Default bgp scan time is 60s

We need BGP if we need to connect to more than 1 service provider or we are a transit AS

Assuming bgp has already been configured, I would only point out some key points. These are my default configs

int s0/0

ip add 10.1.13.1 255.255.255.0

no shut

int f0/0

ip add 192.168.1.1 255.255.255.0

no shut

int lo 0

ip add 1.1.1.1 255.255.255.255

no shut

exit

router ospf 1

network 10.1.13.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0

network 1.1.1.1 0.0.0.0 area 0

exit

router bgp 100

nei 2.2.2.2 remote-as 100

nei 2.2.2.2 update-source lo 0

nei 3.3.3.3 remote-as 100

nei 3.3.3.3 update-source lo 0

nei 4.4.4.4 remote-as 100

nei 4.4.4.4 update-source lo 0

int s0/0

ip add 10.1.12.1 255.255.255.0

no shut

int f0/0

ip add 192.168.2.1 255.255.255.0

no shut

int lo 0

ip add 2.2.2.2 255.255.255.255

no shut

exit

router ospf 1

network 10.1.12.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0

network 2.2.2.2 0.0.0.0 area 0

exit

router bgp 100

nei 1.1.1.1 remote-as 100

nei 1.1.1.1 update-source lo 0

nei 3.3.3.3 remote-as 100

nei 3.3.3.3 update-source lo 0

nei 4.4.4.4 remote-as 100

nei 4.4.4.4 update-source lo 0

int s0/1

ip add 10.1.12.2 255.255.255.0

no shut

int s0/0

ip add 10.1.13.2 255.255.255.0

no shut

int f0/0

ip add 10.1.10.2 255.255.255.0

no shut

int lo 0

ip add 3.3.3.3 255.255.255.255

no shut

exit

router ospf 1

network 10.1.13.0 0.0.0.255 area 0

network 10.1.12.0 0.0.0.255 area 0

network 3.3.3.3 0.0.0.0 area 0

exit

router bgp 100

nei 2.2.2.2 remote-as 100

nei 2.2.2.2 update-source lo 0

nei 1.1.1.1 remote-as 100

nei 1.1.1.1 update-source lo 0

nei 4.4.4.4 remote-as 100

nei 4.4.4.4 update-source lo 0

int f0/0

ip add 192.168.1.2 255.255.255.0

no shut

int f0/1

ip add 192.168.2.2 255.255.255.0

no shut

int lo 0

ip add 4.4.4.4 255.255.255.255

no shut

exit

router ospf 1

network 192.168.1.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0

network 4.4.4.4 0.0.0.0 area 0

exit

router bgp 100

nei 2.2.2.2 remote-as 100

nei 2.2.2.2 update-source lo 0

nei 3.3.3.3 remote-as 100

nei 3.3.3.3 update-source lo 0

nei 1.1.1.1 remote-as 100

nei 1.1.1.1 update-source lo 0

Now lets get to the problems.

1) Cfg timers on R3 to use hold timer of 21seconds

R3(config)#router bgp 100
#timers bgp 7 21 {that’s it}

Now how to we view our changes.

R3#clear ip bgp * [dont do this in a production network]

R3#sh ip bgp nei 1.1.1.1

Configured hold time is 21,keepalive interval is 7 seconds, Minimum holdtime from neighbor is 0 seconds

R1#sh ip bgp nei 3.3.3.3

hold time is 21, keepalive interval is 7 seconds

This takes into the assumption that R1 was configured with the default values

2) Lets configure R1 to use a hold time of 90s.Remember Routers will use the lower hold-time

R1(conf)#router bgp 100

#timers bgp 30 90
#do clear ip bgp *

R1#sh ip bgp nei 3.3.3.3

Last read 00:00:03, last write 00:00:03, hold time is 21, keepalive interval is 7 seconds

Configured hold time is 90, keepalive interval is 30 seconds, Minimum holdtime from neighbor is 0 seconds

3) Change the scan time on R3 to 50s

R3(conf)#router bgp 100

#bgp scan-time 50

To verify,

R3#sh ip bgp summary

BGP activity 4/3 prefixes, 4/3 paths, scan interval 50 secs

4) Cfg R3 such that it send adverts(updates) to R1 very 3s

R3(conf)#router bgp 100

#nei 1.1.1.1 advertisement-interval 3

#do clear ip bgp *

To view changes made

#sh ip bgp nei 1.1.1.1

Scroll down to For address family: IPv4 Unicast

Minimum time between advertisement runs is 3 seconds

Wednesday, 13 March 2013

BASIC EIGRP ROUTING

int f0/0

ip add 192.168.1.1 255.255.255.0

no shut

speed 100

duplex full

int s0/0

ip add 68.110.171.97 255.255.255.224

no shut

int f0/0

ip add 192.168.1.2 255.255.255.0

no shut

speed 100

duplex full

int s0/0

ip add 192.168.2.2 255.255.255.0

no shut

int f0/0.10

encapsulation dot1q 10

ip add 192.168.10.1 255.255.255.0

no shut

int f0/0.20

encapsulation dot1q 20

ip add 192.168.20.1 255.255.255.0

no shut

int s0/0

ip add 192.168.2.1 255.255.255.0

no shut

int f0/0

ip add 192.168.3.1 255.255.255.0

no shut

speed 100

duplex full

int lo 0

ip add 172.16.0.1 255.255.255.0

no shut

int lo 1

ip add 172.16.1.1 255.255.255.0

no shut

int lo 2

ip add 172.16.2.1 255.255.255.0

no shut

int lo 3

ip add 172.16.3.1 255.255.255.0

no shut

int lo 4

ip add 172.16.4.1 255.255.255.0

no shut

int lo 5

ip add 172.16.5.1 255.255.255.0

no shut

int lo 6

ip add 172.16.6.1 255.255.255.0

no shut

int lo 7

ip add 172.16.7.1 255.255.255.0

no shut

ISP

int s0/0

ip add 68.110.171.98 255.255.255.224

no shut

int lo 0

ip add 1.1.1.1 255.255.255.255

no shut

int vlan 1

ip add 192.168.1.11 255.255.255.0

no shut

exit

int range f0/0 - 2

switchport trunk encapsulation dot1q

switchport mode trunk

int vlan 1

ip add 192.168.1.12 255.255.255.0

no shut

exit

int f1/0

switchport trunk encapsulation dot1q

switchport mode trunk

int range f1/1 - 2

switchport mode access

int vlan 1

ip add 192.168.1.13 255.255.255.0

no shut

exit

int range f2/0 - 1

switchport trunk encapsulation dot1q

switchport mode trunk

int f2/2

switchport mode access

We cfged vlans 10 and vlan 20 in vlan databse mode which I wouldn’t show

WE WOULD ASSUME THAT IP ADDRESSES, VLANS, VLAN-ROUTING(ROUTER ON A STICK) HAVE BEEN CONFIGURED.

TASKS

1 1) Configure eigrp so that R1,R2 and R3 can communicate

R1(conf)#router eigrp 1 R3(conf)# router eigrp 1

##network 192.168.1.0 0.0.0.255 network 172.16.0.0 0.0.7.255

network 192.168.2.0 0.0.0.255

network 192.168.3.0 0.0.0.255

R2(conf)# router eigrp 1

#network 192.168.10.0 0.0.0.255

#network 192.168.20.0 0.0.0.255

2 2) cfg s2 f1/1 as vlan 10 and let it ping all ip addresses in the network

S2(conf)# int f1/1

#switchport mode access

#switchport access vlan 10

PINGS FROM C5 TO 192.168.10.1 & 192.168.20.1 WOULD BE SUCCESSFUL.

FOR C5 TO BE ABLE TO REACH 192.168.1.0,192.168.2.0, WE WLD NEED TO CONFIGURE

R2(conf)# router eigrp 1

#network 192.168.1.0 0.0.0.255

#network 192.168.2.0 0.0.0.255

3 3) tune eigrp so sat it doesnt summarize thr routes

lets do a sh ip route on R2

R2#sh ip route

D 172.16.0.0/16 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0 [filtering out only 172.16.0.0 network]

We see that eigrp automatically summarizes this network because it notices it is a discontigous network [a class B ntwk unlike 192.168.X.0 ntwk]. To fix this issue

R3(conf t)#router eigrp 1

#no auto-summary

R2#sh ip route

172.16.0.0/24 is subnetted, 8 subnets

D 172.16.4.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.5.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.6.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.7.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.0.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.1.0 [90/2297856] via 192.168.2.1, 00:00:07, Serial0/0

D 172.16.2.0 [90/2297856] via 192.168.2.1, 00:00:09, Serial0/0

D 172.16.3.0 [90/2297856] via 192.168.2.1, 00:00:09, Serial0/0

4 4) summarize the lo back using the best possible summary

Note that auto-summarization wld summarize to 172.16.0.0/16. This is not the best summary.it shld be 172.16.0.0/21. Neva mind , we would talk about this later.Take note tha eigrp summary is done on the interface.

R3(conf)#int s0/0

# ip summary-address eigrp 1 172.16.0.0 255.255.248.0

R2#sh ip route

Gateway of last resort is not set

172.16.0.0/21 is subnetted, 1 subnets

D 172.16.0.0 [90/2297856] via 192.168.2.1, 00:00:10, Serial0/0

THANK YOU VERY MUCH!!! I HAVE BEEN AWAY FOR QUITE A WHILE. I ACTUALLY WORK IN A LAYER 2 COMPANY NAU. THEY BASICALLY SELL FIBER LINKS TO SERVICE PROVIDERS. HOPEFULLY I GET A CORE IP BASED COMPANY SOON.

I WILL UPDATE THIS MORE OFTEN NOW