understanding ip networks: June 2013

Sunday, 2 June 2013

BGP LOCAL AS

This is used when we have just acquired /changed to a new AS. Options here include

local as- we are using a new AS but we don’t want our nei know that (with is, routes advertised to them would show the the new and old AS. Also our routers wld see the old AS in the routes advertised from the nei)

local as no-prepend- we want to prevent the old AS from being advertised back to us from nei routers. Note that nei routers still see both old and new AS. don’t prepend this AS when u re sendin any route to me.on our bgp table, we only see the new AS (100)

local-as no-prepend replace-as- when am sending to u, we only want to advertise the old AS i.e my nei wld not know that I am using AS 100. on the nei bgp table,it will only see the old AS (20,30,40)

local-as no-prepend replace-as dual-as nei AS can pair with either AS

Deafult cfg

R1.....................

int s0/1

ip add 20.20.20.1 255.255.255.0

no shut

int s0/0

ip add 10.10.10.1 255.255.255.0

no shut

int lo 1

ip add 150.150.150.1 255.255.255.0

no shut

exit

router ospf 1

network 20.20.20.1 0.0.0.0 area 0

exit

router bgp 100

nei 10.10.10.2 remote-as 222

nei 20.20.20.2 remote-as 100

nei 20.20.20.2 next-hop-self

bgp router-id 150.150.150.1

no synchronization

network 150.150.150.0 mask 255.255.255.0

R2..................

int s0/0

ip add 30.30.30.2 255.255.255.0

no shut

int s0/1

ip add 20.20.20.2 255.255.255.0

no shut

int s0/2

ip add 50.50.50.2 255.255.255.0

no shut

int lo 1

ip add 77.77.77.1 255.255.255.0

no shut

exit

router ospf 1

network 20.20.20.2 0.0.0.0 area 0

network 30.30.30.2 0.0.0.0 area 0

exit

router bgp 100

nei 30.30.30.1 remote-as 100

nei 30.30.30.1 next-hop-self

nei 20.20.20.1 remote-as 100

nei 20.20.20.1 next-hop-self

nei 50.50.50.1 remote-as 111

bgp router-id 77.77.77.1

no synchronization

network 77.77.77.0 mask 255.255.255.0

R3..........................

int s0/0

ip add 40.40.40.1 255.255.255.0

no shut

int s0/1

ip add 30.30.30.1 255.255.255.0

no shut

int lo 1

ip add 99.99.99.1 255.255.255.0

no shut

exit

router ospf 1

network 30.30.30.1 0.0.0.0 area 0

exit

router bgp 100

nei 40.40.40.2 remote-as 222

nei 30.30.30.2 remote-as 100

nei 30.30.30.2 next-hop-self

bgp router-id 99.99.99.1

no synchronization

network 99.99.99.0 mask 255.255.255.0

ISP1..................................

int s0/0

ip add 50.50.50.1 255.255.255.0

no shut

int lo 1

ip add 200.200.200.1 255.255.255.0

no shut

exit

router bgp 111

nei 50.50.50.2 remote-as 20

bgp router-id 200.200.200.1

no synchronization

network 200.200.200.0 mask 255.255.255.0

ISP2..................

int s0/1

ip add 40.40.40.2 255.255.255.0

no shut

int s0/0

ip add 10.10.10.2 255.255.255.0

no shut

int lo 1

ip add 100.100.100.1 255.255.255.0

no shut

int lo 2

ip add 100.100.101.1 255.255.255.0

no shut

router bgp 222

nei 10.10.10.1 remote-as 10

nei 40.40.40.1 remote-as 30

bgp router-id 100.100.100.1

no synchronization

network 100.100.100.0 mask 255.255.255.0

TASKS

Task 1

AS 10 (R1), AS 20 (R2), and AS 30 (R3) merg into one AS 100.All old cfgs av bin removed and new cfgs are already implemented
ISP2 is still configured to peer with AS 10 (R1) and AS 30 (R3).similarly ISP1 is also cfgedd to peer with AS 20 (R2).

Make sure the peering works btw them withouth changin cfg on ISP1 & ISP2. All routers in AS 100 should be able to reach prefixes advertised by AS 111 and AS 222.

As it is now, ISP1 and ISP2 cant peer with routers R1,R2 and R3. So we wld configure,

R1(conf-router)#             nei 10.10.10.2 local-as 10
R2(conf-router)#             nei 50.50.50.1 local-as 20
R3(conf-router)#             nei 40.40.40.2 local-as 30

Lets confirm this on ISP1

ISP1# sh ip bgp summary

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

50.50.50.2 4 20 29 26 7 0 0 00:08:41 4

Lets check the bgp table on ISP1

ISP2# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 77.77.77.0/24 40.40.40.1 0 30 100 i

*> 10.10.10.1 0 10 100 i

*> 99.99.99.0/24 40.40.40.1 0 0 30 100 i

*> 100.100.100.0/24 0.0.0.0 0 32768 i

*> 150.150.150.0/24 10.10.10.1 0 0 10 100 i

* 200.200.200.0 40.40.40.1 0 30 100 20 111 i

*> 10.10.10.1 0 10 100 20 111 i

Here we see the local as and new AS are appended.

R1# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*>i77.77.77.0/24 20.20.20.2 0 100 0 i

*> 100.100.100.0/24 10.10.10.2 0 0 10 222 i

*> 150.150.150.0/24 0.0.0.0 0 32768 i

*>i200.200.200.0 20.20.20.2 0 100 0 20 111 i

Task2: Remove configs in task 1.
After merging the three ASes, prefixes advertised by AS 111 and AS 222 prepend local-as AS numbers. Configure routers in such a way that the local-AS numbers no longer get propagated within AS 100 and to other autonomous systems.

R1(conf-router)#             nei 10.10.10.2 local-as 10 no-prepend
R2(conf-router)#             nei 50.50.50.1 local-as 20 no-prepend
R3(conf-router)#             nei 40.40.40.2 local-as 30 no-prepend

To prove this,

R1#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*>i77.77.77.0/24 20.20.20.2 0 100 0 i

*> 100.100.100.0/24 10.10.10.2 0 0 222 i

*> 150.150.150.0/24 0.0.0.0 0 32768 i

*>i200.200.200.0 20.20.20.2 0 100 0 111 i

Lets confirm that ISP2 bgp table will not change

ISP2#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 77.77.77.0/24 40.40.40.1 0 30 100 i

*> 10.10.10.1 0 10 100 i

*> 99.99.99.0/24 40.40.40.1 0 0 30 100 i

*> 100.100.100.0/24 0.0.0.0 0 32768 i

*> 150.150.150.0/24 10.10.10.1 0 0 10 100 i

* 200.200.200.0 40.40.40.1 0 30 100 111 i

*> 10.10.10.1 0 10 100 111 i

Task 3) Remove the config above
After merging the three ASes ,d administrator of AS 111 noticed dat prefixes arriving on ISP1 carry the AS 100 in the AS_PATH attribute. Remove AS 100 from the AS_PATH attribute while also ensuring that routers in AS 100 donot receive their former AS

R1(conf-router)#             nei 10.10.10.2 local-as 10 no-prepend replace-as
R2(conf-router)#             nei 50.50.50.1 local-as 20 no-prepend replace-as
R3(conf-router)#             nei 40.40.40.2 local-as 30 no-prepend replace-as

On checking R1’s bgp table which shld remain the same

Network Next Hop Metric LocPrf Weight Path

*>i77.77.77.0/24 20.20.20.2 0 100 0 i

*> 100.100.100.0/24 10.10.10.2 0 0 222 i

*> 150.150.150.0/24 0.0.0.0 0 32768 i

*>i200.200.200.0 20.20.20.2 0 100 0 111 i

Now lets check ISP2’s bgp table

ISP2# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 77.77.77.0/24 40.40.40.1 0 30 i

*> 10.10.10.1 0 10 i

*> 99.99.99.0/24 40.40.40.1 0 0 30 i

*> 100.100.100.0/24 0.0.0.0 0 32768 i

*> 150.150.150.0/24 10.10.10.1 0 0 10 i

* 200.200.200.0 10.10.10.1 0 10 111 i

*> 40.40.40.1 0 30 111 i

Task 4) Remove the cfg above
After merging the three ASes, the administrators of AS 222 requested that AS 100 should not show in the path of the prefixes advertised by 100. They also requested that you configure R1 so that ISP2 can peer using either AS100 or the previous AS 10

R1(conf-router)#             nei 10.10.10.2 local-as 10 no-prepend replace-as dual-as
R2(conf-router)#             nei 50.50.50.1 local-as 20 no-prepend replace-as dual-as
R3(conf-router)#             nei 40.40.40.2 local-as 30 no-prepend replace-as dual-as

BGP table do not change unless we tear down the bgp session on ISP 2

ISP2(conf-router)# no nei 10.10.10.1 remote-as 10

no nei 40.40.40.1 remote-as 30

neighbor 10.10.10.1 remote-as 100

neighbor 40.40.40.1 remote-as 100

Lets show ISP2 bgp table now

ISP2# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

* 77.77.77.0/24 40.40.40.1 0 100 i

*> 10.10.10.1 0 100 i

*> 99.99.99.0/24 40.40.40.1 0 0 100 i

*> 100.100.100.0/24 0.0.0.0 0 32768 i

*> 150.150.150.0/24 10.10.10.1 0 0 100 i

* 200.200.200.0 40.40.40.1 0 100 111 i

*> 10.10.10.1 0 100 111 i

Saturday, 1 June 2013

BGP CONFEDERATION

This is used to minimize ibgp peering. It is represented with parenthesis in the bgp table

RULES:

Ø Intra confederation means confederation within a single AS

Ø Intra confederation AS can be confed internal or confed external

Ø Select normal ebgp routes over confed ebgp routes. Select confed ebgp routes over ibgp routes

Ø A router that does not support confed cannot operate in a bgp ntwk

Default config

We av decided not to advertise 20.20.20.0 and 40.40.40.0 into ospf. Instead we wld use next-hop-self so that addresses can be inserted into bgp table (since rule says next hop address must be reachable before ntwks can be advertised into bgp)

R1......................

int s0/1

ip add 20.20.20.1 255.255.255.0

no shut

int s0/0

ip add 10.10.10.1 255.255.255.0

no shut

int lo 1

ip add 150.150.150.1 255.255.255.0

no shut

exit

router ospf 1

network 10.10.10.0 0.0.0.255 area 0

exit

R2..................

int s0/0

ip add 10.10.10.2 255.255.255.0

no shut

int s0/1

ip add 30.30.30.2 255.255.255.0

no shut

int lo 1

ip add 77.77.77.1 255.255.255.0

no shut

exit

router ospf 1

network 10.10.10.0 0.0.0.255 area 0

network 30.30.30.0 0.0.0.255 area 0

exit

R3..........................

int s0/1

ip add 40.40.40.1 255.255.255.0

no shut

int s0/0

ip add 30.30.30.1 255.255.255.0

no shut

int lo 1

ip add 99.99.99.1 255.255.255.0

no shut

exit

router ospf 1

network 30.30.30.0 0.0.0.255 area 0

exit

ISP1..................................

int s0/0

ip add 40.40.40.2 255.255.255.0

no shut

int lo 1

ip add 200.200.200.1 255.255.255.0

no shut

exit

router bgp 111

nei 40.40.40.1 remote-as 100

bgp router-id 200.200.200.1

no synchronization

ISP2..................

int s0/1

ip add 20.20.20.2 255.255.255.0

no shut

int lo 1

ip add 100.100.100.1 255.255.255.0

no shut

exit

router bgp 222

nei 20.20.20.1 remote-as 100

bgp router-id 100.100.100.1

no synchronization

Task 1) cfg confederation such that r2 and r3 are in 65002. and r1 is in 65001. Advertise ntwk 200.200.200.0 and ntwk 100.100.100.0 into bgp

R1(config)# router bgp 65001

bgp confederation identifier 100

bgp confederation peers 65002

nei 10.10.10.2 remote-as 65002

nei 20.20.20.2 remote-as 222

R2(config)# router bgp 65002

bgp confederation identifier 100

bgp confederation peers 65001

nei 10.10.10.1 remote-as 65001

nei 30.30.30.1 remote-as 65002

R3(config)# router bgp 65002

bgp confederation identifier 100

bgp confederation peers 65001

nei 40.40.40.2 remote-as 111

nei 30.30.30.2 remote-as 65002

Now lets advertise the 100.100.100.0 and 200.200.200.0 ntwk

ISP1(config-router)# network 200.200.200.0 mask 255.255.255.0

ISP2(config-router)# network 100.100.100.0 mask 255.255.255.0

Note that R2 will forward these routes to R1 and R3 but recall that these routes would not be in the bgp table of R1 and R3 if the next hop addres ntwk (i.e. 20.20.20.0) is not their routing table. they do not actualy need to be able reach it. eg assuming we cfged ntwk 20.20.20.0 0.0.0.255 area 0, then the ntwk wil shw up in d bgp table irrespective wheda we can reach 20.20.20.2. SO FAR 20.20.20.0 nwtk shws up in routin table, den bgp wld insert d ntwk into its bgp table

R1(config-router)# nei 10.10.10.2 next-hop-self

R3(config-router)# nei 30.30.30.2 next-hop-self

Lets do a sh of the routes

R1(config-router)# do sh ip bgp 200.200.200.0

BGP routing table entry for 200.200.200.0/24, version 3

Paths: (1 available, best #1, table Default-IP-Routing-Table)

(65002) 111

30.30.30.1 (metric 128) from 10.10.10.2 (77.77.77.1)

Origin IGP, metric 0, localpref 100, valid, confed-external, best

where 30.30.30.1 is d next hop, 10.10.10.2 is nei ip add and 77.77.77.1 is the router id of d router that advertised it

R2(config-router)# do sh ip bgp 200.200.200.0

BGP routing table entry for 200.200.200.0/24, version 5

30.30.30.1 from 30.30.30.1 (99.99.99.1)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

ISP1# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 100.100.100.0/24 40.40.40.1 0 100 222 i

*> 200.200.200.0 0.0.0.0 0 32768 i

We see that ISP1 is not aware that a confederation was cfged

R1(config-router)# do sh ip bgp nei 10.10.10.2

BGP neighbor is 10.10.10.2, remote AS 65002, external link

BGP version 4, remote router ID 77.77.77.1

Neighbor under common administration …….that is under same AS

R2(config-router)# do sh ip bgp nei 30.30.30.1

BGP neighbor is 30.30.30.1, remote AS 65002, internal link

BGP version 4, remote router ID 99.99.99.1

Neighbor under common administration

BGP ROUTE REFLECTOR

This is used to minimize the no of ibgp peering within our AS.

RULES:

Ø We have the route-reflector (which reflects the routes to the clients) and the Route-reflector Clients

Ø When a RF gets an update from a non-client, it forwards it to ebgp peers and clients. When it gets update from a client,it forwards it to all client peers except the sender. When it gets up date from an ebgp peer, it forwards to all peer.

Ø Client shld only av ibgp peering with their RF

Ø Cluster-id and originator id are used to detect loops in a redundant Rf design

Ø For ibgp routes, prefer a non-reflected route to a reflected route. For two reflected routes, prefer routes with shorter cluster-id

Ø Originator ID is the router-id of the ibgp router that forwarded the route to the route-reflector

Ø Cluster ID is the router-id of the route-reflector

Default config include

R1......................

int s0/1

ip add 20.20.20.1 255.255.255.0

no shut

int s0/0

ip add 10.10.10.1 255.255.255.0

no shut

int lo 1

ip add 150.150.150.1 255.255.255.0

no shut

exit

router ospf 1

network 10.10.10.0 0.0.0.255 area 0

network 20.20.20.0 0.0.0.255 area 0

exit

R2..................

int s0/0

ip add 10.10.10.2 255.255.255.0

no shut

int s0/1

ip add 30.30.30.2 255.255.255.0

no shut

int lo 1

ip add 77.77.77.1 255.255.255.0

no shut

exit

router ospf 1

network 10.10.10.0 0.0.0.255 area 0

network 30.30.30.0 0.0.0.255 area 0

exit

R3..........................

int s0/1

ip add 40.40.40.1 255.255.255.0

no shut

int s0/0

ip add 30.30.30.1 255.255.255.0

no shut

int lo 1

ip add 99.99.99.1 255.255.255.0

no shut

exit

router ospf 1

network 30.30.30.0 0.0.0.255 area 0

network 40.40.40.0 0.0.0.255 area 0

exit

ISP1..................................

int s0/0

ip add 40.40.40.2 255.255.255.0

no shut

int lo 1

ip add 200.200.200.1 255.255.255.0

no shut

exit

router bgp 111

nei 40.40.40.1 remote-as 100

bgp router-id 200.200.200.1

no synchronization

ISP2..................

int s0/1

ip add 20.20.20.2 255.255.255.0

no shut

int lo 1

ip add 100.100.100.1 255.255.255.0

no shut

exit

router bgp 222

nei 20.20.20.1 remote-as 100

bgp router-id 100.100.100.1

no synchronization

Task 1: Advertise ntwk 100.100.100.0 and 200.200.200.0 into bgp.
Ensure reachability between 100.100.100.0/24 and 200.200.200.0/24 such that r1 only forms ibgp relationship with r2 and r3 only forms with r2 only.

Here R2 will be the route-reflector, i.e. it will form nei relationship with R1 and R3.

R1(config)# router bgp 100

nei 20.20.20.2 remote-as 222

nei 10.10.10.2 remote-as 100

R2(config)# router bgp 100

nei 10.10.10.1 remote-as 100

nei 30.30.30.1 remote-as 100

R3(config)# router bgp 100

nei 20.20.20.2 remote-as 222

nei 30.30.30.2 remote-as 100

Lets advertise 100.100.100.0/24 and 200.200.200.0/24

ISP1(config-router)# network 200.200.200.0 mask 255.255.255.0

ISP2(config-router)# network 100.100.100.0 mask 255.255.255.0

NOTE:

If ISP2 advertises network 100.100.100.0, R1 will get it (learnt via ebgp).R2 will get it (R1 will advertise it to R2 as an ibgp route).R2 will not advertise it because route learnt via ibgp are not advertised to other ibgp peers

Note that R2 will forward these routes to R1 and R3 but recall that these routes would not be in the bgp table of R1 and R3 if the next hop addres ntwk (i.e. 20.20.20.0) is not their routing table. they do not actualy need to be able reach it. eg since we cfged ntwk 20.20.20.0 0.0.0.255 area 0 in ospf fur router R1, then the ntwk wil shw up in d bgp table irrespective wheda we can reach 20.20.20.2. SO FAR 20.20.20.0 nwtk shws up in routin table, den bgp wld insert d ntwk into its bgp table
With next-hop-self, we are sure the next-hop will exist in the routing table irrespective of wheda we cfged 20.20.20.0 & 40.40.40.0 in ospf

Here we can see that R2 is the only router getting both 100.100.100.0 and 200.200.200.0 routes.

R1# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 100.100.100.0/24 20.20.20.2 0 0 222 i

R3# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 200.200.200.0 40.40.40.2 0 0 111 i

R2# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*>i100.100.100.0/24 10.10.10.1 0 100 0 222 i

*>i200.200.200.0 30.30.30.1 0 100 0 111 i

Hence we need to configure route-reflector on R2 to reflect the routes

R2(config-router)# nei 10.10.10.1 route-reflector-client

nei 30.30.30.1 route-reflector-client

Lets only show the bgp table of R1

R1# sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 100.100.100.0/24 20.20.20.2 0 0 222 i

*>i200.200.200.0 30.30.30.1 0 100 0 111 i

R1(config-router)# do sh ip bgp 200.200.200.0

BGP routing table entry for 200.200.200.0/24, version 5

Paths: (1 available, best #1, table Default-IP-Routing-Table)

30.30.30.1 (metric 128) from 10.10.10.2 (77.77.77.1)

Origin IGP, metric 0, localpref 100, valid, internal, best

Originator: 99.99.99.1, Cluster list: 77.77.77.1

This shows that we are this router is a route-reflector-client

R2(config-router)# do sh ip bgp 200.200.200.0

BGP routing table entry for 200.200.200.0/24, version 7

Paths: (1 available, best #1, table Default-IP-Routing-Table)

111, (Received from a RR-client)

30.30.30.1 from 30.30.30.1 (99.99.99.1)

Origin IGP, metric 0, localpref 100, valid, internal, best

This shows that R2 is the route-reflector

Taskn 2) cfg the cluster-id on R2 as its loopback add(default cfg)

R2(config-router)# bgp cluster-id 77.77.77.1