Cis185 BSCI Lecture8 BGP Part2

CIS 185 Advanced Routing Protocols
BGP Part 2
Rick Graziani
Cabrillo College
graziani@cabrillo.edu

Last Updated: Fall 2009
2
All interfaces are configured.
AS 100 is running OSPF not including serial networks to ISPs.
BGP not yet configured.
Topology
Goal: Is for AS1, AS2, and AS100 to
have complete reachability to all
networks (180.0.0.0, 200.0.0.0 and
128.107.0.0).
3
Configs
hostname E1
!
interface FastEthernet0/0
ip address 128.107.1.1 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.252
!
interface Serial0/1
ip address 10.1.1.5 255.255.255.252
!
router ospf 1
network 128.107.0.0 0.0.255.255 area 0
hostname ISP1
!
interface Loopback180
ip address 180.0.0.1 255.255.0.0
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.252
clock rate 64000
!
interface Serial0/1
ip address 10.1.1.6 255.255.255.252
clock rate 64000
hostname ISP2
!
interface Loopback200
ip address 200.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
clock rate 64000

hostname E2
!
ip address 128.107.2.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.252
!
router ospf 1
network 128.107.0.0 0.0.255.255 area 0
hostname EX
!
ip address 128.107.1.2 255.255.255.0
!
ip address 128.107.2.2 255.255.255.0
!
router ospf 1
network 128.107.0.0 0.0.255.255 area 0
4
E1#show ip route

128.107.0.0/24 is subnetted, 2 subnets
O 128.107.2.0 [110/2] via 128.107.1.2, 00:07:13, FastEthernet0/0
C 128.107.1.0 is directly connected, FastEthernet0/0
C 10.1.1.0 is directly connected, Serial0/0

ISP1#show ip route

C 180.0.0.0/16 is directly connected, Loopback180
5
Configure eBGP between E1 and ISP1, E2 and ISP2
ISP1 will include 180.0.0.0/16 in eBGP updates.
ISP2 will include 200.0.0.0/24 in eBGP updates.
E1 and E2 will include 128.107.1.0/24 and 128.107.2.0/24 in eBGP updates.
eBGP
eBGP
6
Configs
E1(config)#router bgp 100
E1(config-router)#neighbor 10.1.1.2 remote-as 1
E1(config-router)#network 128.107.1.0 mask 255.255.255.0
ISP1(config)#router bgp 1
ISP1(config-router)#neighbor 10.1.1.1 remote-as 100
ISP1(config-router)#network 180.0.0.0

Note: BGP network
statements must include the
network address exactly as
it is in the routing table. If
subnetted, you must use
the mask parameter,
otherwise assumes the
classful mask.
7
Configs

Note: BGP network
statements must include the
network address exactly as
it is in the routing table. If
subnetted, you must use
the mask parameter,
otherwise assumes the
classful mask.
8
.
E2#show ip bgp
BGP table version is 4, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 128.107.1.0/24 128.107.2.2 2 32768 i
*> 128.107.2.0/24 0.0.0.0 0 32768 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:25:24
E2#
* valid, > best
E2 only knows about its own BGP networks and the BGP
route from ISP2. Notice the next-hop addresses. E1 and E2
have not shared BGP routes via iBGP or redistribution.
E2 does not know about the 180.0.0.0 network in AS1.
All routes learned in BGP updates are first put into the BGP
table. The routes with the best paths (if they meet certain
requirements) are then added to the routing table.
9
E2#show ip bgp

*> 128.107.1.0/24 128.107.2.2 2 32768 i
*> 128.107.2.0/24 0.0.0.0 0 32768 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:25:24
E2#
The path is the AS_PATH, showing the list of ASs to reach
this network.
10
ISP2#show ip bgp
internal,
r RIB-failure, S Stale

*> 128.107.1.0/24 192.168.1.1 2 0 100 i
*> 128.107.2.0/24 192.168.1.1 0 0 100 i
*> 200.0.0.0 0.0.0.0 0 32768 i

ISP2#show ip route

B 128.107.2.0 [20/0] via 192.168.1.1, 00:22:40
B 128.107.1.0 [20/2] via 192.168.1.1, 00:19:40
ISP2#
.
* valid, > best
ISP2 only knows about its own BGP networks and the BGP
routes from E2. Notice the next-hop addresses. E1 and E2
have not shared BGP routes via iBGP or redistribution.
ISP2 does not know about the 180.0.0.0 network in AS1.
11
E1#show ip bgp

*> 128.107.1.0/24 0.0.0.0 0 32768 i
*> 128.107.2.0/24 128.107.1.2 2 32768 i
* 180.0.0.0 10.1.1.6 0 0 1 i
*> 10.1.1.2 0 0 1 i
E1#
E1#show ip route

B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:01:37
E1#
.
* valid, > best
E1 only knows about its own BGP networks and the BGP
route from ISP1. E1 has two paths to 180.0.0.0, chooses best
path lowest next-hop IP address w/ everything else equal.
E1 does not know about the 200.0.0.0 network in AS2.
12
ISP1#show ip bgp

* 128.107.1.0/24 10.1.1.5 0 0 100 i
*> 10.1.1.1 0 0 100 i
* 128.107.2.0/24 10.1.1.5 2 0 100 i
*> 10.1.1.1 2 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i
ISP1#
ISP1#show ip route

B 128.107.2.0 [20/2] via 10.1.1.1, 00:19:21
B 128.107.1.0 [20/0] via 10.1.1.1, 00:19:21
.
* valid, > best
ISP1 only knows about its own BGP networks and the BGP route
from E1. ISP1 has two paths to 127.107.1.0 and 2.0, chooses best
path lowest next-hop IP address w/ everything else equal.
ISP1 does not know about the 200.0.0.0 network in AS2.
13
.
EX#show ip route

EX#

EX is not running BGP only OSPF, which are all
directly connected networks.
14
Configure iBGP between
E1 and E2 (partial mesh)
How does the Enterprise network learn about the BGP routes?
How does E1 learn about ISP1 routes, and E2 learn about ISP1 routes?
Redistribute BGP routes into OSPF
Good:
All BGP routes known within OSPF routing domain (AS 100)
Bad:
Full Internet routes more than 300,000 networks (memory,
CPU)
All OSPF routers will learn about other AS routes even if they
dont need to because they are not in the transit path (between
E1 and E2), just need a default route.
Configure iBGP
iBGP
15
Configure iBGP between E1 and E2 (partial mesh)
We will configure iBGP only between E1 and E2.
We will see if this is good enough for complete reachability.
eBGP
eBGP
iBGP
16
.


Configure iBGP
between E1 and E2
(partial mesh)
17
E1#show ip bgp

* i128.107.1.0/24 128.107.2.2 2 100 0 i
*> 0.0.0.0 0 32768 i
* i128.107.2.0/24 128.107.2.1 0 100 0 i
*> 128.107.1.2 2 32768 i
* 180.0.0.0 10.1.1.6 0 0 1 i
*> 10.1.1.2 0 0 1 i
* i200.0.0.0 192.168.1.2 0 100 0 2 i

E1#show ip route
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:13:03
E1 knows about 200.0.0.0 via iBGP (i) but it is not the best path
(>) so it is not included in the routing table.
Why is 200.0.0.0 not the best path? Look at the next hop address
192.168.1.2 not in the routing table! E1 cant get there.
18
E2#show ip bgp

* i128.107.1.0/24 128.107.1.1 0 100 0 i
*> 128.107.2.2 2 32768 i
* i128.107.2.0/24 128.107.1.2 2 100 0 i
*> 0.0.0.0 0 32768 i
* i180.0.0.0 10.1.1.2 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i
E2#

E2#show ip route
B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:39:47
E2 knows about 180.0.0.0 via iBGP (i) but it is not the best path (>)
so it is not included in the routing table.
Why is 180.0.0.0 not the best path? Look at the next hop address
10.1.1.2 not in the routing table! E2 cant get there.
19
Configure next-hop-self
between E1 and E2
iBGP carries next-hop into AS unchanged
eBGP sessions, the next hop is the IP address of the neighbor that
announced the route
iBGP sessions, for routes originated inside the AS, the next-hop is the
IP address of the neighbor that announced the route.
For routes injected into the AS via eBGP, the next hop learned from
eBGP is carried unaltered into iBGP.
The next hop is the IP address of the eBGP neighbor from which the
route was learned.
Fix the next-hop with next-hop-self
Other option?
Add the serial network to the OSPF configuration
Network statements or
Redistribute connected
E1#show ip bgp

Network Next Hop
* i200.0.0.0 192.168.1.2
20
.
E1(config-router)#neighbor 128.107.2.1 next-hop-self


Configure next-hop-self
between E1 and E2
21
E1#show ip bgp
* i128.107.1.0/24 128.107.2.1 2 100 0 i
*> 0.0.0.0 0 32768 i
* i128.107.2.0/24 128.107.2.1 0 100 0 i
*> 128.107.1.2 2 32768 i
* 180.0.0.0 10.1.1.6 0 0 1 i
*> 10.1.1.2 0 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route
B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:00:59
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:19:05

E1#ping 200.0.0.1
U.U.U
Success rate is 0 percent (0/5)
E1 has 200.0.0.0 in its BGP table
and in the routing table with a
reachable next-hop IP address.
But E1 still cant reach this network!!! Any ideas? Remember
the basics of routing
22
E2#show ip bgp

* i128.107.1.0/24 128.107.1.1 0 100 0 i
*> 128.107.2.2 2 32768 i
* i128.107.2.0/24 128.107.1.1 2 100 0 i
*> 0.0.0.0 0 32768 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:48:06
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:02:52

E2#ping 180.0.0.1
U.U.U
E2 has 180.0.0.0 in its BGP table and in the routing table with a
reachable next-hop IP address.
But E2 still cant reach this network!!! Any ideas? Remember
the basics of routing
23
No one tells me
anything!
EX#show ip route

EX#

E1#ping 200.0.0.1
U.U.U
???
24
Configure Full Mesh iBGP
Configure full mesh iBGP: Include all routers in the transit path
(between E1 and E2)
Include EX in iBGP

Note: If there were routers that were part of the OSPF domain but
not in the path between E1 and E2, we would not include them as
an iBGP peer.

Default is still: no synchronization we will discuss this shortly.
25


EX(config)#router bgp 100
EX(config-router)#neighbor 128.107.1.1 remote-as 100
EX(config-router)#neighbor 128.107.2.1 remote-as 100

Configure Full Mesh BGP
next-hop-self not needed
because no eBGP peers
26
.
EX#show ip bgp

r i128.107.1.0/24 128.107.2.1 2 100 0 i
r>i 128.107.1.1 0 100 0 i
r>i128.107.2.0/24 128.107.2.1 0 100 0 i
r i 128.107.1.1 2 100 0 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:00:29
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:00:29
Now you tell me.
27
All Enterprise Routers can ping ISP networks
E1#ping 200.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32ms
E1#

E2#ping 180.0.0.1
!!!!!
E2#

EX#ping 180.0.0.1
!!!!!
EX#

EX#ping 200.0.0.1
!!!!!
EX#
28
Were good right?
Well, yes
ISP1#ping 200.0.0.1
.....
ISP1#

ISP2#ping 180.0.0.1
.....
ISP2#

Any ideas?
29
ISP1#show ip bgp

* 128.107.1.0/24 10.1.1.5 0 0 100 i
*> 10.1.1.1 0 0 100 i
* 128.107.2.0/24 10.1.1.5 2 0 100 i
*> 10.1.1.1 2 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i
* 200.0.0.0 10.1.1.5 0 100 2 i
*> 10.1.1.1 0 100 2 I

ISP1#show ip route

B 200.0.0.0/24 [20/0] via 10.1.1.1, 00:14:13
B 128.107.2.0 [20/2] via 10.1.1.1, 00:50:48
B 128.107.1.0 [20/0] via 10.1.1.1, 00:50:48
Where are those serial networks (192.168.1.0 for
ISP1) between ASs?
???
Any ideas?
What would the destination
IP address be for the ICMP
Echo Reply? What was the
source IP address of the
Echo Request?
ISP2#ping 180.0.0.1
It is common for ISPs not to include the networks
between ISPs no real need.
30
Serial networks b/t ISPs not always included no need
ISP2#ping 180.0.0.1 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data
<cr>

ISP2#ping 180.0.0.1 source 200.0.0.1
Packet sent with a source address of 200.0.0.1
!!!!!
If we wanted to the ISPs could include the serial networks in their
BGP advertisements so these networks could be pinged.
31
Turning on
Synchronization
The BGP synchronization rule states that a BGP router E1 should not
advertise to external neighbors (ISP1) destinations (200.0.0.0) learned from
inside BGP neighbors (E2) unless those destinations are also known via an
IGP (OSPF).
If a router knows about these destinations via an IGP, it assumes that the
route has already been propagated inside the AS, and internal reachability
(EX) is guaranteed.
Current IOS default is no synchronization

Safe to turn off when:
Not a transit AS
Using full mesh iBGP This is what we had done
Lets look at the current outputs with full mesh iBGP and no
synchronization(complete reachability)
Note: Up until now we have had
synchronization turned off (no
synchronization)
32
E1#show ip bgp

* i128.107.1.0/24 128.107.2.1 2 100 0 i
*> 0.0.0.0 0 32768 i
* i128.107.2.0/24 128.107.2.1 0 100 0 i
*> 128.107.1.2 2 32768 i
*> 180.0.0.0 10.1.1.2 0 0 1 i
* 10.1.1.6 0 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:06:52
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:06:45
33
E2#show ip bgp

* i128.107.1.0/24 128.107.1.1 0 100 0 i
*> 128.107.2.2 2 32768 i
* i128.107.2.0/24 128.107.1.1 2 100 0 i
*> 0.0.0.0 0 32768 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:07:10
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:07:03
34
EX#show ip bgp

r>i128.107.1.0/24 128.107.1.1 0 100 0 i
r i 128.107.2.1 2 100 0 i
r i128.107.2.0/24 128.107.1.1 2 100 0 i
r>i 128.107.2.1 0 100 0 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:07:27
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:07:21
35
E1(config-router)#synchronization

E2(config-router)#synchronization

EX(config)#router bgp 100
EX(config-router)#synchronization

Turn on
synchronization
36
E1#show ip bgp

* i128.107.1.0/24 128.107.2.1 2 100 0 i
*> 0.0.0.0 0 32768 i
* i128.107.2.0/24 128.107.2.1 0 100 0 i
*> 128.107.1.2 2 32768 i
*> 180.0.0.0 10.1.1.2 0 0 1 i
* 10.1.1.6 0 0 1 i
* i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:23:44
Synchronization Rule: Not known in routing table by IGP
(OSPF), so assumes maybe not all routers between E1
and E2 know about this route so it is not included.
So 200.0.0.0 not included in the routing table.
37
E2#show ip bgp

* i128.107.1.0/24 128.107.1.1 0 100 0 i
*> 128.107.2.2 2 32768 i
* i128.107.2.0/24 128.107.1.1 2 100 0 i
*> 0.0.0.0 0 32768 i
* i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:24:08
So 180.0.0.0 not included in the routing table.
38
EX#show ip bgp

r i128.107.1.0/24 128.107.2.1 2 100 0 i
r>i 128.107.1.1 0 100 0 i
r>i128.107.2.0/24 128.107.2.1 0 100 0 i
r i 128.107.1.1 2 100 0 i
* i180.0.0.0 128.107.1.1 0 100 0 1 i
* i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

Solutions:
Turn synchronization back off (no synchronization) because we
are running full mesh iBGP. (Like we had it before.)
OR redistribute BGP routes into OSPF
200.0.0.0 and 180.0.0.0 not included in the routing table.
39
Redistributing BGP routes into OSPF
E1(config)#router ospf 1
E1(config-router)#redistribute bgp 100 route-map as-1 subnets

E1(config)#route-map as-1 permit 10
E1(config-route-map)# match ip address prefix-list AS1-180
neighbor 10.1.1.2 remote-as 1

E1(config)#route-map as-1 permit 20
E1(config-route-map)# match ip address prefix-list AS1-180

E1(config)#ip prefix-list AS1-180 seq 5 permit 180.0.0.0/8

Redistributes only the BGP 180.0.0.0/8 network into OSPF
Only configuring redistribution for E1 to show how it is done.
Would also need to do this for E2.
40
EX#show ip bgp

r i128.107.1.0/24 128.107.2.1 2 100 0 i
r>i 128.107.1.1 0 100 0 i
r>i128.107.2.0/24 128.107.2.1 0 100 0 i
r i 128.107.1.1 2 100 0 i
r>i180.0.0.0 128.107.1.1 0 100 0 1 i
* i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

O E2 180.0.0.0/16 [110/1] via 128.107.1.1, 00:02:58, FastEthernet0/0

EX#ping 180.0.0.1
!!!!!
Problem: All OSPF routers would see this network(s)
including non-transit routers.
r = RIB failure. This is because this network is known
from another routing source (OSPF) which as a lower
Administrative Distance.
Summarization, Redistributing
Public Route into BGP
42
Getting back and reviewing where we are
Turn synchronization back off: no synchronization
Full mesh iBGP
Remove redistribution and route-map - Full mesh iBGP
Everything is fine.
43
E1

router ospf 1
network 128.107.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 128.107.1.0 mask 255.255.255.0
network 128.107.2.0 mask 255.255.255.0
neighbor 128.107.1.2 next-hop-self
no auto-summary
ISP1

router bgp 1
no synchronization
network 180.0.0.0
no auto-summary
ISP2

router bgp 2
no synchronization
network 200.0.0.0
no auto-summary

hostname E2
router ospf 1
network 128.107.0.0 0.0.255.255 area 0

router bgp 100
no synchronization
network 128.107.1.0 mask 255.255.255.0
network 128.107.2.0 mask 255.255.255.0
no auto-summary
EX

router ospf 1
network 128.107.0.0 0.0.255.255 area 0

router bgp 100
no synchronization
no auto-summary
44
ISP1#show ip bgp

* 128.107.1.0/24 10.1.1.5 0 0 100 i
*> 10.1.1.1 0 0 100 i
* 128.107.2.0/24 10.1.1.5 2 0 100 i
*> 10.1.1.1 2 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i
* 200.0.0.0 10.1.1.5 0 100 2 i
*> 10.1.1.1 0 100 2 i

ISP1#show ip route

B 200.0.0.0/24 [20/0] via 10.1.1.1, 00:03:31
B 128.107.2.0 [20/2] via 10.1.1.1, 00:04:00
B 128.107.1.0 [20/0] via 10.1.1.1, 00:04:00
45
ISP2#show ip bgp

*> 128.107.1.0/24 192.168.1.1 2 0 100 i
*> 128.107.2.0/24 192.168.1.1 0 0 100 i
*> 180.0.0.0 192.168.1.1 0 100 1 i
*> 200.0.0.0 0.0.0.0 0 32768 i

ISP2#show ip route

B 128.107.2.0 [20/0] via 192.168.1.1, 00:04:58
B 128.107.1.0 [20/2] via 192.168.1.1, 00:04:58
B 180.0.0.0/16 [20/0] via 192.168.1.1, 00:04:58
46
E1#show ip bgp

* i128.107.1.0/24 128.107.2.1 2 100 0 i
*> 0.0.0.0 0 32768 i
* i128.107.2.0/24 128.107.2.1 0 100 0 i
*> 128.107.1.2 2 32768 i
*> 180.0.0.0 10.1.1.2 0 0 1 i
* 10.1.1.6 0 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#sh ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:02:28
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:02:28
47
E2#show ip bgp

* i128.107.1.0/24 128.107.1.1 0 100 0 i
*> 128.107.2.2 2 32768 i
* i128.107.2.0/24 128.107.1.1 2 100 0 i
*> 0.0.0.0 0 32768 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:05:54
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:05:54
48
EX#show ip bgp

r>i128.107.1.0/24 128.107.1.1 0 100 0 i
r i 128.107.2.1 2 100 0 i
r i128.107.2.0/24 128.107.1.1 2 100 0 i
r>i 128.107.2.1 0 100 0 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:06:43
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:06:43
49
Summarizing the
public network to
the ISPs
E1(config-router)#aggregate-address 128.107.0.0 255.255.224.0
summary-only

E2(config-router)#aggregate-address 128.107.0.0 255.255.224.0
summary-only

Common for ISPs not to include routes greater than /19
128.107.0.0/19
50
.
ISP1#show ip bgp

* 128.107.0.0/19 10.1.1.5 0 0 100 i
*> 10.1.1.1 0 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i
* 200.0.0.0 10.1.1.5 0 100 2 i
*> 10.1.1.1 0 100 2 i

ISP1#show ip route

B 200.0.0.0/24 [20/0] via 10.1.1.1, 00:09:19
B 128.107.0.0 [20/0] via 10.1.1.1, 00:01:03
C 180.0.0.0/16 is directly connected
51
.
ISP2#show ip bgp

*> 128.107.0.0/19 192.168.1.1 0 0 100 i
*> 180.0.0.0 192.168.1.1 0 100 1 i
*> 200.0.0.0 0.0.0.0 0 32768 i

ISP2#show ip route

B 128.107.0.0 [20/0] via 192.168.1.1, 00:01:31
B 180.0.0.0/16 [20/0] via 192.168.1.1, 00:10:16

ISP2#ping 128.107.2.1
!!!!!
52
Enterprise Redistributing Public Network into BGP
Instead of using network commands we could redistribute the public
network into BGP to be included in BGP updates.
hostname E2
router ospf 1
network 128.107.0.0 0.0.255.255 area 0

router bgp 100
no synchronization
network 128.107.1.0 mask 255.255.255.0
network 128.107.2.0 mask 255.255.255.0
no auto-summary
53
E2(config-router)#no network 128.107.1.0 mask 255.255.255.0
E2(config-router)#no network 128.107.2.0 mask 255.255.255.0
E2(config-router)#redistribute ospf 1 route-map only-128-107

E2(config)#route-map only-128-107 permit 10
E2(config-route-map)#match ip address prefix-list public

E2(config)#ip prefix-list public seq 5 permit 128.107.0.0/16 le 32

Network statements removed
Public address 128.107.0.0/16 (still summarized to /19) redistributed
into BGP.

Same commands could also be done on E1 but we left network
statements as-is.
Enterprise Redistributing own 128.107.0.0/16 Network into BGP
54
ISP2#show ip bgp

*> 128.107.0.0/19 192.168.1.1 0 0 100 i
*> 180.0.0.0 192.168.1.1 0 100 1 i
*> 200.0.0.0 0.0.0.0 0 32768 i

ISP2#show ip route

B 128.107.0.0 [20/0] via 192.168.1.1, 00:01:26
B 180.0.0.0/16 [20/0] via 192.168.1.1, 00:01:26

ISP2#ping 180.0.0.1 source 200.0.0.1
Packet sent with a source address of 200.0.0.1
!!!!!
ISP2 still learns about this route via BGP.
Enterprise Redistributing own 128.107.0.0/16 Network into BGP
Show commands
56
Where we left off
Full mesh iBGP
Full reachability
E1 using network statements
E2 redistributing public network into BGP (dont need both)
57
E1

router ospf 1
network 128.107.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
network 128.107.1.0 mask 255.255.255.0
network 128.107.2.0 mask 255.255.255.0
aggregate-address 128.107.0.0 255.255.224.0
summary-only
no auto-summary
ISP1

router bgp 1
no synchronization
network 180.0.0.0
no auto-summary
ISP2

router bgp 2
no synchronization
network 200.0.0.0
no auto-summary

hostname E2
router ospf 1
network 128.107.0.0 0.0.255.255 area 0

router bgp 100
no synchronization
aggregate-address 128.107.0.0 255.255.224.0
summary-only
redistribute ospf 1 route-map only-128-107
no auto-summary
ip prefix-list public seq 5 permit
128.107.0.0/16 le 32
!
route-map only-128-107 permit 10
match ip address prefix-list public

EX

router ospf 1
network 128.107.0.0 0.0.255.255 area 0

router bgp 100
no synchronization
no auto-summary
58
ISP2#show ip bgp
internal,

*> 128.107.0.0/19 192.168.1.1 0 0 100 i
*> 180.0.0.0 192.168.1.1 0 100 1 i
*> 200.0.0.0 0.0.0.0 0 32768 i
ISP2#

59
ISP2#show ip bgp summary
BGP router identifier 200.0.0.1, local AS number 2
BGP table version is 26, main routing table version 26
3 network entries using 303 bytes of memory
3 path entries using 144 bytes of memory
3 BGP path attribute entries using 180 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 675 total bytes of memory
BGP activity 12/9 prefixes, 12/9 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.1 4 100 131 116 26 0 0 00:31:25 2
ISP2#

60
ISP2#show ip bgp neighbors
BGP neighbor is 192.168.1.1, remote AS 100, external link
BGP version 4, remote router ID 192.168.1.1
BGP state = Established, up for 00:31:35
Last read 00:00:35, hold time is 180, keepalive interval is 60
seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 3 3
Notifications: 0 0
Updates: 3 18
Keepalives: 110 110
Route Refresh: 0 0
Total: 116 131
Default minimum time between advertisement runs is 30 seconds

61
For address family: IPv4 Unicast
BGP table version 26, neighbor version 26
Index 1, Offset 0, Mask 0x2
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 2 (Consumes 96 bytes)
Prefixes Total: 1 3
Implicit Withdraw: 0 1
Explicit Withdraw: 0 0
Used as bestpath: n/a 2
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Bestpath from this peer: 3 n/a
Total: 3 0
Number of NLRIs in the update sent: max 1, min 0
62
Connections established 3; dropped 2
Last reset 00:32:12, due to Peer closed the session
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 192.168.1.2, Local port: 179
Foreign host: 192.168.1.1, Foreign port: 15202

Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)

Event Timers (current time is 0x62F8F4):
Timer Starts Wakeups Next
Retrans 34 0 0x0
TimeWait 0 0 0x0
AckHold 35 33 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0

63
iss: 2271024745 snduna: 2271025489 sndnxt: 2271025489 sndwnd:
15641
irs: 1565551063 rcvnxt: 1565551922 rcvwnd: 15526 delrcvwnd:
858

SRTT: 297 ms, RTTO: 325 ms, RTV: 28 ms, KRTT: 0 ms
minRTT: 12 ms, maxRTT: 300 ms, ACK hold: 200 ms
Flags: passive open, nagle, gen tcbs

Datagrams (max data segment is 1460 bytes):
Rcvd: 37 (out of order: 0), with data: 35, total data bytes: 858
Sent: 67 (retransmit: 0, fastretransmit: 0), with data: 33, total data
bytes: 74
3
ISP2#
64
ISP2#show tcp brief
TCB Local Address Foreign Address (state)
83203290 192.168.1.2.179 192.168.1.1.15202 ESTAB
ISP2#

ISP2#show ip bgp 128.107.0.0/19
BGP routing table entry for 128.107.0.0/19, version 26
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
100, (aggregated by 100 192.168.1.1)
192.168.1.1 from 192.168.1.1 (192.168.1.1)
Origin IGP, metric 0, localpref 100, valid, external, atomic-
aggregate, best
Path Attributes
66
BGP Best Path Algorithm
We will examine these four main BGP Attributes and modify them.

67
AS_PATH and
Prepending an AS
We want to make it look as if the 99.0.0.0/8 in AS 14 network can be
reached via ISP1 and ISP2.
We will add this network to both routers and prepend some AS
numbers to make it look like it originated in AS 14 from several ASs
away.
Sometimes used by ISPs to prepend their own AS number several
times to make a path look less desirable.
99.0.0.0/8
AS14
10 11 12 13 10
WLam
Weight
Local Preference
as path
med
With all else equal shortest
AS_PATH is best
68
ISP1(config)#inter loop 99
ISP1(config-if)#ip add 99.0.0.1 255.0.0.0

ISP1(config-router)#neighbor 10.1.1.1 route-map set-99 out

ISP1(config)#route-map set-99 permit 10
ISP1(config-route-map)#match ip address prefix-list only-99
ISP1(config-route-map)#set as-path prepend 10 11 12 13 14

! All other routes sent as normal

ISP1(config)#ip prefix-list only-99 seq 5 permit 99.0.0.0/8
69
ISP2(config)#inter loop 99
ISP2(config-if)#ip add 99.0.0.1 255.0.0.0


ISP2(config-route-map)#match ip address prefix-list only-99
ISP2(config-route-map)#set as-path prepend 10 14

!All other routes sent as normal

ISP2(config)#ip prefix-list only-99 seq 5 permit 99.0.0.0/8
70
E1#show ip bgp

* 99.0.0.0 10.1.1.2 0 0 1 10 11 12 13 14 i
* 10.1.1.6 0 0 1 10 11 12 13 14 i
*>i 128.107.2.1 0 100 0 2 10 14 i
* i128.107.0.0/19 128.107.2.1 0 100 0 i
*> 0.0.0.0 32768 i
s> 128.107.1.0/24 0.0.0.0 0 32768 i
s> 128.107.2.0/24 128.107.1.2 2 32768 i
*> 180.0.0.0 10.1.1.2 0 0 1 i
* 10.1.1.6 0 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:39:01
B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:39:01
128.107.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 128.107.2.0/24 [110/2] via 128.107.1.2, 00:39:18, FastEthernet0/0
C 128.107.1.0/24 is directly connected, FastEthernet0/0
B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:39:12, Null0
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:38:54
E1 does not send this longer path to E2 and EX
because it heard better path from both.
Best Path via E2
71
E2#show ip bgp

*> 99.0.0.0 192.168.1.2 0 0 2 10 14 i
* i128.107.0.0/19 128.107.1.1 0 100 0 i
*> 0.0.0.0 32768 i
s> 128.107.1.0/24 128.107.2.2 2 32768 ?
s> 128.107.2.0/24 0.0.0.0 0 32768 ?
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:39:30
B 99.0.0.0/8 [20/0] via 192.168.1.2, 00:39:30
B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:39:40, Null0
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:39:26
72
EX#show ip bgp

*>i99.0.0.0 128.107.2.1 0 100 0 2 10 14 i
* i128.107.0.0/19 128.107.2.1 0 100 0 i
*>i 128.107.1.1 0 100 0 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:18:20
B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:18:20
B 128.107.0.0/19 [200/0] via 128.107.1.1, 00:18:21
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:18:21
EX#
73
WEIGHT Attribute
Modify WEIGHT E1 so it prefers the longer AS_PATH through ISP1.
E2 and EX will still prefer the shorter AS_PATH through ISP2 because of
equal WEIGHTs but shorter AS_PATH.
The weight attribute is a special Cisco attribute that is used in the path
selection process when there is more than one route to the same
destination.
The weight attribute is local to the router on which it is assigned, and it
is not propagated in routing updates.
By default, the weight attribute is 32768 for paths that the router originates
and zero for other paths.
Routes with a higher weight are preferred when there are multiple routes
to the same destination.
WLam
Weight
Local Preference
as path
med
74
E1#show ip bgp

* 99.0.0.0 10.1.1.2 0 0 1 10 11 12 13 14 i
* 10.1.1.6 0 0 1 10 11 12 13 14 i
*>i 128.107.2.1 0 100 0 2 10 14 i

E1#show ip route

B 99.0.0.0/8 [200/0] via 128.107.2.1, 00:39:01

Before modifying WEIGHT.
With WEIGHTs equal, E1 prefers ISP2
because of shorter AS_PATH
75
E1(config-router)# neighbor 10.1.1.2 weight 2000
E1
AS 1
(ISP1)
2000
AS 100
(E2)
1000
Higher
weight
preferred
Routes from ISP1 get a weight of 2000
Routes from E2 and EX get a weight of 1000
Larger weight preferred
76
E1#show ip bgp

* 99.0.0.0 10.1.1.6 0 2000 1 10 11 12 13 14 i
*> 10.1.1.2 0 2000 1 10 11 12 13 14 i
* i 128.107.2.1 0 100 1000 2 10 14 i
*> 128.107.0.0/19 0.0.0.0 32768 i
* i 128.107.2.1 0 100 1000 i
s> 128.107.1.0/24 0.0.0.0 0 32768 i
s> 128.107.2.0/24 128.107.1.2 2 32768 i
* 180.0.0.0 10.1.1.6 0 2000 1 i
*> 10.1.1.2 0 2000 1 i
*>i200.0.0.0 128.107.2.1 0 100 1000 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:00:12
B 99.0.0.0/8 [20/0] via 10.1.1.2, 00:00:12
B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:00:12, Null0
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:00:14
Only the BGP routes from E2 have the WEIGHT of 2000. The
BGP routes from ISP1 have a WEIGHT of 1000.
77
E2#show ip bgp
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

* i99.0.0.0 128.107.1.1 0 100 0 1 10 11 12 13 14 i
*> 192.168.1.2 0 0 2 10 14 i
* i128.107.0.0/19 128.107.1.1 0 100 0 i
*> 0.0.0.0 32768 i
s> 128.107.1.0/24 128.107.2.2 2 32768 ?
s> 128.107.2.0/24 0.0.0.0 0 32768 ?
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 99.0.0.0/8 [20/0] via 192.168.1.2, 00:49:40
WEIGHT is not included in BGP updates.
E1 prefers longer path (larger WEIGHT) via ISP1 but
E2 and EX are unchanged with WEIGHTs remaining equal
preferring shorter AS_PATH.
78
LOCAL
PREFERENCE
Attribute
Configuration of WEIGHT removed.
Multiple routes to the same destination (99.0.0.0), AS 100 Enterprise routers prefer
shorter AS_PATH to ISP2 via E2.
The weight attribute was local to the router on which it is assigned, and it is not
propagated in routing updates.
Multiple routes to the same destination (99.0.0.0/8), we want ALL AS 100 Enterprise
routers to prefer ISP1 - not just E1 (WEIGHT).
The path with the higher preference is preferred (the default value of the local
preference attribute is 100).
100 200
Local Preference
79
E1(config-router)#bgp default local-preference 200

E2(config-router)#bgp default local-preference 100

100 200
80
E1#show ip bgp

* 99.0.0.0 10.1.1.6 0 0 1 10 11 12 13 14 i
*> 10.1.1.2 0 0 1 10 11 12 13 14 i
* i128.107.0.0/19 128.107.2.1 0 100 0 i
*> 0.0.0.0 32768 i
s> 128.107.1.0/24 0.0.0.0 0 32768 i
s> 128.107.2.0/24 128.107.1.2 2 32768 i
* 180.0.0.0 10.1.1.6 0 0 1 i
*> 10.1.1.2 0 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

E1#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:01:01
B 99.0.0.0/8 [20/0] via 10.1.1.2, 00:01:46
B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:18:34, Null0
B 180.0.0.0/16 [20/0] via 10.1.1.2, 00:18:21

81
E2#show ip bgp

* 99.0.0.0 192.168.1.2 0 0 2 10 14 i
*>i 128.107.1.1 0 200 0 1 10 11 12 13 14 i
*> 128.107.0.0/19 0.0.0.0 32768 i
* i 128.107.1.1 0 200 0 i
s> 128.107.1.0/24 128.107.2.2 2 32768 ?
s> 128.107.2.0/24 0.0.0.0 0 32768 ?
*>i180.0.0.0 128.107.1.1 0 200 0 1 i
*> 200.0.0.0 192.168.1.2 0 0 2 i

E2#show ip route

B 200.0.0.0/24 [20/0] via 192.168.1.2, 00:01:46
B 99.0.0.0/8 [200/0] via 128.107.1.1, 00:01:46
B 128.107.0.0/19 [200/0] via 0.0.0.0, 00:01:31, Null0
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:01:47
82
EX#show ip bgp

*>i99.0.0.0 128.107.1.1 0 200 0 1 10 11 12 13 14 i
* i128.107.0.0/19 128.107.2.1 0 100 0 i
*>i 128.107.1.1 0 100 0 i
*>i180.0.0.0 128.107.1.1 0 100 0 1 i
*>i200.0.0.0 128.107.2.1 0 100 0 2 i

EX#show ip route

B 200.0.0.0/24 [200/0] via 128.107.2.1, 00:02:32
B 99.0.0.0/8 [200/0] via 128.107.1.1, 00:03:18
B 128.107.0.0/19 [200/0] via 128.107.1.1, 00:20:06
B 180.0.0.0/16 [200/0] via 128.107.1.1, 00:19:51
83
MED (Multi-Exit Discriminator) Attribute
New Topology
No ISP2
ISP1 prefers path to 128.0.0.0/7 via E1
AS 100 wants ISP1 to prefer path to 128.0.0.0/7 via E2
WLam
Weight
Local Preference
as path
med
84
MED (Multi-Exit Discriminator) Attribute
The multi-exit discriminator (MED) attribute is a hint to external neighbors about the
preferred path into an AS when there are multiple entry points into the AS.
A lower MED value is preferred over a higher MED value.
The default value of the MED attribute is 0.
Unlike local preference, the MED attribute is exchanged between ASs, but a MED
attribute that comes into an AS does not leave the AS.
WLam
Weight
Local Preference
as path
med
85
ISP1#show ip bgp

*> 99.0.0.0 0.0.0.0 0 32768 i
* 128.107.0.0/19 10.1.1.5 0 0 100 i
*> 10.1.1.1 0 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i

ISP1#show ip route

B 128.107.0.0 [20/0] via 10.1.1.1, 01:01:26
Currently
86
E1(config-router)#neighbor 10.1.1.2 route-map SETMEDOUT out

E1(config)#route-map SETMEDOUT permit 10
E1(config-route-map)#set metric 50

E2(config-router)#neighbor 10.1.1.6 route-map SETMEDOUT out

E2(config)#route-map SETMEDOUT permit 10
E2(config-route-map)#set metric 10

MED 50
MED 10
The multi-exit discriminator (MED)
attribute is a hint to external
neighbors about the preferred path
into an AS when there are
multiple entry points into the AS.
87
ISP1#show ip bgp

*> 99.0.0.0 0.0.0.0 0 32768 i
* 128.107.0.0/19 10.1.1.1 50 0 100 i
*> 10.1.1.5 10 0 100 i
*> 180.0.0.0 0.0.0.0 0 32768 i

ISP1#show ip route

B 128.107.0.0 [20/10] via 10.1.1.5, 00:00:12

Note: If you want MED attributes from
neighbors in other ASs to be compared,
you must configure the bgp subcommand
bgp always-compare-med.
MED is sometimes referred to as the metric
MED 50
MED 10
CIS 185 Advanced Routing Protocols
BGP Part 2
Rick Graziani
Cabrillo College
graziani@cabrillo.edu

Last Updated: Fall 2009

Cis185 BSCI Lecture8 BGP Part2

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Cis185 BSCI Lecture8 BGP Part2

Transféré par

Droits d'auteur :

Formats disponibles

CIS 185 Advanced Routing Protocols

Vous aimerez peut-être aussi