Sunday, 14 April 2013
understanding ip networks: BGP PREFIX-LIST
understanding ip networks: BGP PREFIX-LIST: I have been using prefix-list right from where I started bgp. Now lets talk abt it Default prefix-list seq no is 5 and it also follow...
understanding ip networks: AS-PATH ACCESS-LIST
understanding ip networks: AS-PATH ACCESS-LIST: Default config include bgp nei relationship and prefix advertisement R1..................... int s0/1 ip add 20.20.20.1 255.255....
AS-PATH ACCESS-LIST
Default config include bgp nei relationship and prefix
advertisement
R1.....................
int s0/1
ip add 20.20.20.1 255.255.255.0
no shut
int s0/0
ip add 10.10.10.1 255.255.255.0
no shut
int lo 1
ip add 150.150.150.1 255.255.255.0
no shut
int lo 1
ip add 150.150.150.1 255.255.255.0
no shut
exit
router eigrp 1
network 20.20.20.0 0.0.0.255
network 10.10.10.0 0.0.0.255
no auto-summary
exit
router bgp 100
nei 10.10.10.2 remote-as 222
nei 20.20.20.2 remote-as 100
nei 20.20.20.2 next-hop-self
nei 30.30.30.1 remote-as 100
nei 30.30.30.1 next-hop-self
bgp router-id 150.150.150.1
no synchronization
network 150.150.151.0 mask 255.255.255.0
R2..................
int s0/0
ip add 30.30.30.2 255.255.255.0
no shut
int s0/1
ip add 20.20.20.2 255.255.255.0
no shut
int s0/2
ip add 50.50.50.2 255.255.255.0
no shut
int lo 1
ip add 77.77.77.1 255.255.255.0
no shut
exit
router eigrp 1
network 20.20.20.0 0.0.0.255
network 30.30.30.0 0.0.0.255
network 50.50.50.0 0.0.0.255
no auto-summary
exit
router bgp 100
nei 30.30.30.1 remote-as 100
nei 30.30.30.1 next-hop-self
nei 20.20.20.1 remote-as 100
nei 20.20.20.1 next-hop-self
nei 50.50.50.1 remote-as 111
bgp router-id 77.77.77.1
no synchronization
R3..........................
int s0/0
ip add 40.40.40.1 255.255.255.0
no shut
int s0/1
ip add 30.30.30.1 255.255.255.0
no shut
int lo 1
ip add 99.99.99.1 255.255.255.0
no shut
exit
router eigrp 1
network 30.30.30.0 0.0.0.255
network 40.40.40.0 0.0.0.255
no auto-summary
router bgp 100
nei 40.40.40.2 remote-as 222
nei 30.30.30.2 remote-as 100
nei 30.30.30.2 next-hop-self
nei 20.20.20.1 remote-as 100
nei 20.20.20.1 next-hop-self
bgp router-id 99.99.99.1
no synchronization
ISP1..................................
int s0/0
ip add 50.50.50.1 255.255.255.0
no shut
int lo 1
ip add 200.200.200.1 255.255.255.0
no shut
exit
router bgp 111
nei 50.50.50.2 remote-as 100
bgp router-id 200.200.200.1
no synchronization
ISP2..................
int s0/1
ip add 40.40.40.2 255.255.255.0
no shut
int
s0/0
ip add 10.10.10.2 255.255.255.0
no shut
int lo 1
ip add 100.100.100.1 255.255.255.0
no shut
int lo 2
ip add 100.100.101.1 255.255.255.0
no shut
int lo 3
ip add 100.100.102.1 255.255.255.0
no shut
int lo 4
ip add 100.100.103.1 255.255.255.0
no shut
exit
router bgp 222
nei 10.10.10.1 remote-as 100
nei 40.40.40.1 remote-as 100
bgp router-id 100.100.100.1
no synchronization
network 100.100.100.0 mask 255.255.255.0
network 100.100.101.0 mask 255.255.255.0
network 100.100.102.0 mask 255.255.255.0
network 100.100.103.0 mask 255.255.255.0
Task 1) ISP2 seems to be advertising prefixes that it does
not originate making AS 222 a transit autonomous system. Configure ISP2 so that
it only advertises its own prefixes.
Based on our topology,
this cfg would not tell much because ISP is not connected to any other router
asides from R1 and R3. But I would point out this config bcos it is important
in production network
ISP2(conf)# ip as-path
access-list 1 permit ^*
ip as-path access-list 1 deny .* [not necessary since we have an
implicit deny already]
router bgp 222
nei 10.10.10.1 filter-list 1 out
nei 40.40.40.1 filter-list 1 out
do
clear ip bgp * in
do clear ip bgp * out
Toview changes made ,
ISP2# sh ip bgp nei 10.10.10.1
advertised-route
(Recall I said earlier that this does not make a difference to what we
av before)
Network Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0
0
32768 i
*> 100.100.101.0/24 0.0.0.0 0 32768
i
*> 100.100.102.0/24 0.0.0.0 0
32768 i
*> 100.100.103.0/24 0.0.0.0 0 32768 i
Task 2) On ISP1 filter out all prefixes originated by AS 222
Currently, on ISP1 bgp table
ISP1# sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 50.50.50.2 0 100 222 i
*> 100.100.101.0/24 50.50.50.2 0 100 222 i
*> 100.100.102.0/24 50.50.50.2 0 100 222 i
*> 100.100.103.0/24 50.50.50.2 0 100 222 i
*> 150.150.151.0/24 50.50.50.2 0 100 i
ISP1(conf)# ip as-path
access-list 1 deny _200$
ip as-path access-list 1 permit .*
router bgp 111
nei 50.50.50.2 filter-list 1 in
do clear ip bgp 50.50.50.2 in
do clear ip bgp 50.50.50.2 out
Now lets see the changes made
ISP1# sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 150.150.151.0/24 50.50.50.2 0 100 i
ISP1# sh ip bgp filter-list 1 [to view bgp table with repect to
the as-path filter-list]
Network Next Hop Metric LocPrf Weight Path
*> 150.150.151.0/24 50.50.50.2 0 100 i
ISP1# sh ip bgp
nei 50.50.50.2 received-route
Network Next Hop Metric LocPrf Weight Path
* 100.100.100.0/24
50.50.50.2 0 100 222 i
* 100.100.101.0/24
50.50.50.2 0 100 222 i
* 100.100.102.0/24
50.50.50.2 0 100 222 i
* 100.100.103.0/24
50.50.50.2 0 100 222 i
*> 150.150.151.0/24 50.50.50.2 0 100 i
ISP1# sh ip bgp
nei 50.50.50.2 route
Network Next Hop Metric LocPrf Weight Path
*> 150.150.151.0/24 50.50.50.2 0 100 i
Task 3) cfg AS 100 such that return path from AS 222 prefer
R1
Currently
on ISP2, bgp table is
Network Next
Hop Metric LocPrf Weight Path
* 99.99.99.0/24 10.10.10.1 0 100 i
*> 40.40.40.1 0 0
100 i
*> 100.100.100.0/24 0.0.0.0 0 32768
i
*> 100.100.101.0/24 0.0.0.0 0 32768 i
*> 100.100.102.0/24 0.0.0.0 0 32768
i
*> 100.100.103.0/24 0.0.0.0 0 32768 i
* 150.150.151.0/24 40.40.40.1 0
100 i
*> 10.10.10.1 0 0
100 i
* 200.200.200.0 40.40.40.1 0
100 111 i
*> 10.10.10.1 0
100 111 i
R3(conf)# route-map n
permit 10
set as-path prepend 100 100
exit
router
bgp 100
neighbor
40.40.40.2 remote-as 222
neighbor 40.40.40.2 route-map n out
do
clear ip bgp in 40.40.40.2
do
clear ip bgp out 40.40.40.2
To view changes made,
ISP2#sh ip bgp
Network Next
Hop Metric LocPrf Weight Path
* 150.150.151.0/24 40.40.40.1 0
100 100 100 i
*> 10.10.10.1 0 0
100 i
* 200.200.200.0 40.40.40.1 0
100 100 100 111 i
*> 10.10.10.1 0
100 111 i
*> 99.99.99.0/24 10.10.10.1 0
100 i
* 40.40.40.1 0 0 100 100 100 i
We can observer that AS 222 now prefers 10.10.10.1(R1) to
reach AS 100
BGP PREFIX-LIST
I have been using prefix-list right from where I started
bgp. Now lets talk abt it
Default prefix-list seq no is 5 and it also follows the
implicit deny all
permit 0.0.0.0/1 le 8
permit 128.0.0.0/2 le 16
permit 192.0.0.0/3 le 24
Default config include bgp nei relationship and isp2 is advertising its
network to all routers in the domain
R1.....................
int s0/1
ip add 20.20.20.1 255.255.255.0
no shut
int s0/0
ip add 10.10.10.1 255.255.255.0
no shut
int lo 1
ip add 150.150.150.1 255.255.255.0
no shut
exit
router eigrp 1
network 20.20.20.0 0.0.0.255
network 10.10.10.0 0.0.0.255
no auto-summary
exit
router bgp 100
nei 10.10.10.2 remote-as 222
nei 20.20.20.2 remote-as 100
nei 20.20.20.2 next-hop-self
nei 30.30.30.1 remote-as 100
nei 30.30.30.1 next-hop-self
bgp router-id 150.150.150.1
no synchronization
R2..................
int s0/0
ip add 30.30.30.2 255.255.255.0
no shut
int s0/1
ip add 20.20.20.2 255.255.255.0
no shut
int s0/2
ip add 50.50.50.2 255.255.255.0
no shut
int lo 1
ip add 77.77.77.1 255.255.255.0
no shut
exit
router eigrp 1
network 20.20.20.0 0.0.0.255
network 30.30.30.0 0.0.0.255
network 50.50.50.0 0.0.0.255
no auto-summary
exit
router bgp 100
nei 30.30.30.1 remote-as 100
nei 30.30.30.1 next-hop-self
nei 20.20.20.1 remote-as 100
nei 20.20.20.1 next-hop-self
nei 50.50.50.1 remote-as 111
bgp router-id 77.77.77.1
no synchronization
R3..........................
int s0/0
ip add 40.40.40.1 255.255.255.0
no shut
int s0/1
ip add 30.30.30.1 255.255.255.0
no shut
int lo 1
ip add 99.99.99.1 255.255.255.0
no shut
exit
router eigrp 1
network 30.30.30.0 0.0.0.255
network 40.40.40.0 0.0.0.255
no auto-summary
router bgp 100
nei 40.40.40.2 remote-as 222
nei 30.30.30.2 remote-as 100
nei 30.30.30.2 next-hop-self
nei 20.20.20.1 remote-as 100
nei 20.20.20.1 next-hop-self
bgp router-id 99.99.99.1
no synchronization
ISP1..................................
int s0/0
ip add 50.50.50.1 255.255.255.0
no shut
int lo 1
ip add 200.200.200.1 255.255.255.0
no shut
exit
router bgp 111
nei 50.50.50.2 remote-as 100
bgp router-id 200.200.200.1
no synchronization
ISP2..................
int s0/1
ip add 40.40.40.2 255.255.255.0
no shut
int
s0/0
ip add 10.10.10.2 255.255.255.0
no shut
int lo 1
ip add 100.100.100.1 255.255.255.0
no shut
int lo 2
ip add 100.100.101.1 255.255.255.0
no shut
int lo 3
ip add 100.100.102.1 255.255.255.0
no shut
int lo 4
ip add 100.100.103.1 255.255.255.0
no shut
exit
router bgp 222
nei 10.10.10.1 remote-as 100
nei 40.40.40.1 remote-as 100
bgp router-id 100.100.100.1
no synchronization
network 100.100.100.0 mask 255.255.255.0
network 100.100.101.0 mask 255.255.255.0
network 100.100.102.0 mask 255.255.255.0
network 100.100.103.0 mask 255.255.255.0
Task 1) ISP1 should filter out prefixes 100.x.x.x.Use a sequence
no of 10. Use prefix-list
Lets prove that ISP1 is getting the routes
ISP1# sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 50.50.50.2 0 100 222 i
*> 100.100.101.0/24 50.50.50.2 0 100 222 i
*> 100.100.102.0/24 50.50.50.2 0 100 222 i
*> 100.100.103.0/24 50.50.50.2 0 100 222 i
ISP(conf)# ip
prefix-list A seq 10 deny 100.100.0.0/16 ge 24 le 24
ip prefix-list seq 20 permit 0.0.0.0/0 le 32
router bgp 111
nei 50.50.50.2 prefix-list A in
do clear ip bgp 50.50.50.2 in
do clear ip bgp 50.50.50.2 out
To view the changes made,
ISP1#sh
ip bgp [we
see no routes]
ISP1#sh
ip bgp nei 50.50.50.2 routes [w see no routes]
ISP1#sh
ip bgp nei 50.50.50.2 received-route [to
display routes rcved from nei but not accepted]
Network Next Hop Metric LocPrf Weight Path
* 100.100.100.0/24
50.50.50.2 0 100 222 i
* 100.100.101.0/24
50.50.50.2 0 100 222 i
* 100.100.102.0/24
50.50.50.2 0 100 222 i
* 100.100.103.0/24
50.50.50.2 0
100 222 i
Wednesday, 3 April 2013
BGP SOFT RESET CONFIGURATION
Default config: All bgp pairing have already been
configured.
R1.....................
int s0/1
ip add
20.20.20.1 255.255.255.0
no shut
int s0/0
ip add
10.10.10.1 255.255.255.0
no shut
int lo 1
ip add
150.150.150.1 255.255.255.0
no shut
exit
router bgp
100
nei
10.10.10.2 remote-as 100
nei
10.10.10.2 next-hop-self
nei
20.20.20.2 remote-as 111
bgp
router-id 150.150.150.1
no
synchronization
R2..................
int s0/1
ip add 30.30.30.2 255.255.255.0
no shut
int s0/0
ip add 10.10.10.2 255.255.255.0
no shut
int lo 1
ip add 77.77.77.1 255.255.255.0
no shut
exit
router bgp 100
nei 10.10.10.1 remote-as 100
nei 10.10.10.1 next-hop-self
nei 30.30.30.1 remote-as 111
bgp router-id 77.77.77.1
no synchronization
ISP1..................................
int s0/0
ip add
20.20.20.2 255.255.255.0
no shut
int s0/1
ip add
30.30.30.1 255.255.255.0
no shut
int lo 1
ip add
200.200.200.1 255.255.255.0
no shut
exit
router bgp
111
nei
20.20.20.1 remote-as 100
nei
30.30.30.2 remote-as 100
bgp
router-id 200.200.200.1
no
synchronization
Now lets
face the problems
1) Cfg soft –reconfiguration on R2 for all its neighbors. Hence clear the bgp on nei 10.10.10.2
R2(conf)#router bgp 100
nei 10.10.10.2
soft-reconfiguration inbound
nei 20.20.20.2
soft-reconfiguration inbound
[We don’t need to do in the outbound direction since it involves
sending of routes it has received.]
To clear the nei 10.10.10.2,
R2# clear ip bgp 10.10.10.2 soft
in
clear ip bgp nei 10.10.10.2 soft out
2) cfg R2 to do a route-refresh. clear nei
isp1
Route-refresh
do not actually require a config. We only need to check whether our
router support this functionality.
R2#sh
ip bgp nei 30.30.30.1
Route refresh: advertised and received (old & new)
Route refresh: advertised and received (old & new)
We do the same on ISP1 to check whether it supports
route-refresh..Then to clear the bgp nei,
R2#clear
ip bgp 30.30.30.1 in
clear ip bgp 30.30.30.1 out
OUTBOUND ROUTE FILTERING
This is a very cool feature cos it saves bandwidth. i.e. A
will tell B that it does not need a set of routes, so B does not need to send
it at all.
Default configs include ip address and bgp neighbor relationship
Default configs include ip address and bgp neighbor relationship
r1
int s0/1
ip add 20.20.20.1 255.255.255.0
no shut
int s0/0
ip add 10.10.10.1 255.255.255.0
no shut
int lo 1
ip add 1.1.1.1 255.255.255.0
no shut
exit
ip route 22.22.22.0 255.255.255.0 s0/0
router eigrp 1
network 20.20.20.0 0.0.0.255
network 1.1.1.1 0.0.0.0
no auto-summary
exit
router bgp 100
nei 22.22.22.22 remote-as 222
nei 22.22.22.22 update-source lo 1
nei 22.22.22.22 ebgp-multihop 2
nei 2.2.2.2 remote-as 100
nei 2.2.2.2 update-source lo 1
nei 2.2.2.2 next-hop-self
nei 3.3.3.3 remote-as 100
nei 3.3.3.3 update-source lo 1
nei 3.3.3.3 next-hop-self
bgp router-id 1.1.1.1
no synchronization
r2
int s0/1
ip add 20.20.20.2 255.255.255.0
no shut
int s0/0
ip add 30.30.30.2 255.255.255.0
no shut
int s0/2
ip add 50.50.50.2 255.255.255.0
no shut
int lo 1
ip add 2.2.2.2 255.255.255.0
no shut
exit
ip route 11.11.11.0 255.255.255.0 s0/2
router eigrp 1
network 20.20.20.0 0.0.0.255
network 30.30.30.0 0.0.0.255
network 2.2.2.2 0.0.0.0
no auto-summary
exit
router bgp 100
nei 11.11.11.11 remote-as 111
nei 11.11.11.11 update-source lo 1
nei 11.11.11.11 ebgp-multihop 2
nei 1.1.1.1 remote-as 100
nei 1.1.1.1 update-source lo 1
nei 1.1.1.1 next-hop-self
nei 3.3.3.3 remote-as 100
nei 3.3.3.3 update-source lo 1
nei 3.3.3.3 next-hop-self
bgp router-id 2.2.2.2
no synchronization
r3
int s0/1
ip add 30.30.30.1 255.255.255.0
no shut
int s0/0
ip add 40.40.40.1 255.255.255.0
no shut
int lo 1
ip add 3.3.3.3 255.255.255.0
no shut
exit
ip route 22.22.22.0 255.255.255.0 s0/0
router eigrp 1
network 30.30.30.0 0.0.0.255
network 3.3.3.3 0.0.0.0
no auto-summary
exit
router bgp 100
nei 22.22.22.22 remote-as 222
nei 22.22.22.22 update-source lo 1
nei 22.22.22.22 ebgp-multihop 2
nei 2.2.2.2 remote-as 100
nei 2.2.2.2 update-source lo 1
nei 2.2.2.2 next-hop-self
nei 1.1.1.1 remote-as 100
nei 1.1.1.1 update-source lo 1
nei 1.1.1.1 next-hop-self
bgp router-id 3.3.3.3
no synchronization
ISP2
int s0/1
ip add 10.10.10.2 255.255.255.0
no shut
int s0/0
ip add 40.40.40.2 255.255.255.0
no shut
int lo 1
ip add 22.22.22.22 255.255.255.0
no shut
int lo 2
ip add 23.23.23.23 255.255.255.0
no shut
exit
ip route 1.1.1.0 255.255.255.0 s0/0
ip route 3.3.3.0 255.255.255.0 s0/1
router bgp 222
nei 1.1.1.1 remote-as 100
nei 1.1.1.1 update-source lo 1
nei 1.1.1.1 ebgp-multihop 2
nei 3.3.3.3 remote-as 100
nei 3.3.3.3 update-source lo 1
nei 3.3.3.3 ebgp-multihop 2
bgp router-id 22.22.22.22
no synchronization
ISP1
int
s0/0
ip add 50.50.50.1 255.255.255.0
no shut
int lo 1
ip add 11.11.11.11 255.255.255.255
no shut
int lo 2
ip add 12.12.12.12 255.255.255.0
no shut
exit
ip route 2.2.2.0 255.255.255.0 s0/0
router bgp 111
nei 2.2.2.2 remote-as 100
nei 2.2.2.2
update-source lo 1
nei 2.2.2.2
ebgp-multihop 2
bgp router-id 11.11.11.11
no synchronization
1) isp2 shld
advertise network 23.23.23.0/24 out but isp1 shld not rcv it.Configure routers
in such a way that changing the inbound filtering policy on ISP1 should force
R2 to apply the right filtering preventing it from sending prefixes ISP1 does
not wish to receive.
Lets confirm that ISP2 is advertising the route and also
confirm ISP1 is receiving it
ISP2#sh ip bgp
*>
23.23.23.0/24 0.0.0.0 0 32768 i
ISP1#sh ip bgp
Network Next Hop Metric LocPrf
Weight Path
*> 23.23.23.0/24 2.2.2.2
0 100 222 i
Now lets configure routers ISP1 and R2
ISP1(conf)#ip
prefix-list A seq 5 deny 23.23.23.0/24
ip prefix-list A
seq 10 permit 0.0.0.0/0 le 32
router bgp 111
nei 2.2.2.2 capability orf
prefix-list send [ISP1 sends to R2 the routes it
doesnot need]
nei 2.2.2.2 prefix-list A in
do clear ip bgp
2.2.2.2 in
do clear ip bgp
2.2.2.2 out
Going to R2, we need to tell it to accept the orf
prefix-list
R2(conf)#router bgp 100
nei 11.11.11.11 capability
orf prefix-list receive
do clear ip bgp
11.11.11.11 in
do clear ip bgp
11.11.11.11 out
Now lets prove that our config rocks
ISP1# sh ip
bgp nei 2.2.2.2
Outbound Route Filter (ORF)
type (128) Prefix-list:
Send-mode: advertised [advertised
means ISP1 is cfged for send-mode]
Receive-mode: received
Outbound Route Filter (ORF):
sent;
Incoming update prefix filter
list is A
R2# sh ip bgp
nei 11.11.11.11
Outbound Route Filter (ORF)
type (128) Prefix-list:
Send-mode: received
Receive-mode: advertised
Outbound Route Filter (ORF):
received (2 entries)
R2#sh ip bgp
nei 11.11.11.11 advertised-route
This displays empty route since ntwk 23.23.23.0 would not be sent to
11.11.11.11 bcos of the prefix-list
ISP1# sh ip
bgp
Network Next Hop Metric LocPrf Weight Path
*> 12.12.12.0/24
0.0.0.0 0 32768 i
Subscribe to:
Posts (Atom)