understanding ip networks: BGP SUMMARY CONFIGURATION

We will be talking about bgp summary configuration (as-set, advertise-map,suppresss-map,unsuppress-map). All credit here goes to Jarek (http://hackingcisco.blogspot.com). He actually made me pass my bgp exam. I will be using his topology here (but modified a little)

Like I always start, here are my default configs. Pay attention to ISP2

R1.....................

int s0/1

ip add 20.20.20.1 255.255.255.0

no shut

int s0/0

ip add 10.10.10.1 255.255.255.0

no shut

int lo 1

ip add 150.150.150.1 255.255.255.0

no shut

exit

router bgp 100

nei 10.10.10.2 remote-as 222

nei 20.20.20.2 remote-as 200

bgp router-id 150.150.150.1

no synchronization

R2..................

int s0/0

ip add 30.30.30.2 255.255.255.0

no shut

int s0/1

ip add 20.20.20.2 255.255.255.0

no shut

int s0/2

ip add 50.50.50.2 255.255.255.0

no shut

int lo 1

ip add 77.77.77.1 255.255.255.0

no shut

exit

router bgp 200

nei 30.30.30.1 remote-as 300

nei 20.20.20.1 remote-as 100

nei 50.50.50.1 remote-as 111

bgp router-id 77.77.77.1

no synchronization

R3..........................

int s0/0

ip add 40.40.40.1 255.255.255.0

no shut

int s0/1

ip add 30.30.30.1 255.255.255.0

no shut

int lo 1

ip add 99.99.99.1 255.255.255.0

no shut

exit

router bgp 300

nei 40.40.40.2 remote-as 222

nei 30.30.30.2 remote-as 200

bgp router-id 99.99.99.1

no synchronization

ISP1..................................

int s0/0

ip add 50.50.50.1 255.255.255.0

no shut

int lo 1

ip add 200.200.200.1 255.255.255.0

no shut

exit

router bgp 111

nei 50.50.50.2 remote-as 200

bgp router-id 200.200.200.1

no synchronization

ISP2..................

int s0/1

ip add 40.40.40.2 255.255.255.0

no shut

int s0/0

ip add 10.10.10.2 255.255.255.0

no shut

int lo 1

ip add 100.100.100.1 255.255.255.0

no shut

int lo 3

ip add 40.0.0.1 255.255.0.0

no shut

int lo 4

ip add 40.1.0.1 255.255.0.0

no shut

int lo 5

ip add 40.2.0.1 255.255.0.0

no shut

int lo 6

ip add 40.3.0.1 255.255.0.0

no shut

int lo 7

ip add 44.4.0.1 255.255.224.0

no shut

int lo 8

ip add 44.4.32.1 255.255.224.0

no shut

int lo 9

ip add 44.4.64.1 255.255.224.0

no shut

int lo 10

ip add 44.4.96.1 255.255.224.0

no shut

exit

router bgp 222

nei 10.10.10.1 remote-as 100

nei 40.40.40.1 remote-as 300

bgp router-id 100.100.100.1

no synchronization

LETS ADD ADVERTISE THE LOOPACKS INTO BGP

exit

ip prefix-list A seq 5 permit 40.0.0.0/8 le 16

ip prefix-list B seq 5 permit 44.4.0.0/16 le 19

route-map C permit 10

match ip add prefix-list A

exit

route-map C permit 20

match ip add prefix-list B

exit

router bgp 222

redistribute connected route-map C

Now lets get down to the problems . Note that all routers in this topology would see all routes since each router is an AS only. I mean split horizon rule does not apply here

1) Summarize all prefixes 40.x.x.x to one prefix only. Summarize prefixes 44.x.x.x but make sure that more specific prefixes are also advertised.

ISP2(conf)#router bgp 100

aggregate-address 40.0.0.0 255.252.0.0 summary-only

aggregate-address 44.4.0.0 255.255.128.0

when we do a sh ip bgp on isp2 we wld see 40.1.0.0,40.2.0.0 as being suppressed

ISP2#sh ip bgp

s> 40.1.0.0/16 0.0.0.0 0 32768 ?

s> 40.2.0.0/16 0.0.0.0 0 32768 ?

s> 40.3.0.0/16 0.0.0.0 0 32768 ?

ISP1# sh ip bgp

*> 40.0.0.0/14 50.50.50.2 0 200 300 222 I [origin code is IGP]

*> 44.4.0.0/19 50.50.50.2 0 200 100 222 ?

2) ISP2 is advertising the aggregate 40.0.0.0/14 .Configure ISP2 so that it also advertises more specific prefixes as follows: 40.3.0.0/16 towards R1 and 40.1.0.0/16 towards R3

On oda routers , what we have is

R1#sh ip bgp

* 40.0.0.0/14 20.20.20.2 0 200 300 222 i

*> 10.10.10.2 0 0 222 i

No specific routes are advertised since we applied a summary-only to our aggregate command

To solve this,

ISP2(conf)#ip prefix-list D seq 5 permit 40.3.0.0/16

ip prefix-list E seq 5 permit 40.1.0.0/16

route-map F permit 10
match ip add prefix-list D

exit

route-map G permit 10

match ip add pefix-list E

exit

router bgp 222

nei 10.10.10.1 unsuppress-map F

nei 40.40.40.1 unsuppress-map G

Dats all. Now lets go to confirm what we av just done.

R1# sh ip bgp

* 40.0.0.0/14 20.20.20.2 0 200 300 222 i

*> 10.10.10.2 0 0 222 i

*> 40.1.0.0/16 20.20.20.2 0 200 300 222 ?

*> 40.3.0.0/16 10.10.10.2 0 0 222 ?

Note that we see 40.1.0.0 only because R2 is advertising it to us and the unsuppressed routes appear as incomplete

R3#sh ip bgp

*> 40.0.0.0/14 40.40.40.2 0 0 222 i

*> 40.1.0.0/16 40.40.40.2 0 0 222 ?

*> 40.3.0.0/16 30.30.30.2 0 200 100 222 ?

Similarly we see only 40.3.0.0 bcos R2 is advertising it to us and the unsuppressed routes appear as incomplete

3) ISP2 aggregates 44.4.0.0/19 subnet to 44.4.0.0/17 but allows more specific ones to be advertised too. Configure ISP2 to advertise only the aggregate route 44.4.0.0/17 except 44.4.64.0/19.

We need to remove the aggregate –address formerly configured, but first lets configure our route-map

ISP2(conf)#ip prefix-list H seq 5 permit 44.4.0.0/19

ip prefix-list H seq 10 permit 44.4.30.0/19

ip prefix-list H seq 15 permit 44.4.64.0/19

route-map I permit 10

match ip add prefix-list H

exit

router bgp 222

no aggregate-address 44.4.0.0 255.255.128.0

aggregate-address 44.4.0.0 255.255.128.0 summary-only suppress-map I

To view the changes made
R1#sh ip bgp

*> 40.0.0.0/14 10.10.10.2 0 0 222 i

*> 44.4.0.0/17 10.10.10.2 0 0 222 i

*> 44.4.64.0/19 10.10.10.2 0 0 222 ?

4) Remove the aggregate-command on ISP2

Configure R1 and R3 aggregation for the prefixes advertised on isp2 . Make sure that isp1 can see the all AS numbers to reach these two aggregates.

ISP2(conf-router)#no aggregate-address 44.4.0.0 255.255.128.0 summary-only suppress-map I

no aggregate-address 40.0.0.0 255.252.0.0 summary-only

R1(conf)#router bgp 100

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

R3(conf)#router bgp 300

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

To check the effect of these commands,

R2#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 40.0.0.0/14 30.30.30.1 0 0 300 222 ? [origin code is incomplete]

*> 20.20.20.1 0 0 100 222 ?

* 44.4.0.0/17 30.30.30.1 0 0 300 222 ?

*> 20.20.20.1 0 0 100 222 ?

5) Remove aggregate cmd in R1 and R3

Cfg R2 such that it aggregates the 40.x.x.x and 44.4.x.x but they must appear as IGP to ISP1

R1(conf)#router bgp 100

no aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

no aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

R3(conf)#router bgp 300

no aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set

no aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set

Now lets get started

R2(conf)#route-map J permit 10

set origin igp

exit

router bgp 300

aggregate-address 44.4.0.0 255.255.128.0 summary-only as-set attribute-map J

aggregate-address 40.0.0.0 255.252.0.0 summary-only as-set attribute-map J

Now lets verify our results

ISP1#sh ip bgp

> 40.0.0.0/14 50.50.50.2 0 0 200 100 222 i

*> 44.4.0.0/17 50.50.50.2 0 0 200 100 222 i

The ideal is you should be able to copy and paste all these configs into ur console

understanding ip networks

Sunday, 17 March 2013

BGP SUMMARY CONFIGURATION

No comments:

Post a Comment