1. 程式人生 > >BGP Lab 2

BGP Lab 2

BGP I – Lab guide for LAB 2

Initial Configuration

wps469C.tmp

這些最基本的BGP, 學一學將來催牛逼肯定用的到。

Build BGP neighbors

- iBGP uses loopback and update source, need static route to each other’s loopback address

Lab Steps

Network command:

· On R1, try network command with /21.  Notice, it didn’t do anything, BGP requires exact match in table

o Remove statement:  no network 11.1.100.0 mask 255.255.248.0

· On R1: Try network 11.1.100.0 mask 255.255.255.0

o Shows up in R1 “show ip bgp”, but not in “show ip route bgp” (learned from DC)

o Shows up in R2 “show ip bgp”, and in “show ip route bgp”, R2 can ping

o Shows up in R3 “show ip bgp”, but not in “show ip route bgp”, R3 can not ping

§ Show ip bgp 11.1.100.0/24 – what does inaccessible mean? Why is it inaccessible?

BGP need to run over TCP level, there is no route like ospf or eigrp to this.

§ R2 needs to set ‘next hop self’ on iBGP peer

o Does not show up in R4 “show ip bgp”

· On R2, set next-hop self for R3

o Shows up in R3 “show ip bgp” and “show ip route bgp”

o Shows up in R4 “show ip bgp” and “show ip route”

§ What is next-hop that R4 got?  (r3, next hop self is automatic for eBGP)

o Can R3/R4 ping?   (no), why? (route back)

§ Turn on “debug icmp packet” on R1, and test pings from R2/R3/R4 to R1.  

§ Notice packets are getting there, but R1 doesn’t know how to get to remote networks

o Add routes to 9.0.0.0/16 on all routers:

§ R1:  ip route  9.0.0.0  255.255.0.0  9.0.12.2

§ R2:  ip route  9.0.0.0  255.255.0.0  9.0.23.3

§ R3:  ip route  9.0.0.0  255.255.0.0  9.0.23.2

§ R4:  ip route  9.0.0.0  255.255.0.0  9.0.34.3

o Can R3/R4 ping?  Yes

§ Remove debug on R1

· Add networks 11.1.101.0/24, .102., .103. to BGP routing domain

o R1:

network 11.1.101.0 mask 255.255.255.0

network 11.1.102.0 mask 255.255.255.0

network 11.1.103.0 mask 255.255.255.0

o Did R2/R3/R4 get the routes in BGP?  

§ (if they only got one of them, you may have to wait 60 seconds to do min-update timer)

o Did R2/R3/R4 get route in RIB?  (show ip route bgp)

o Can R2/R3/R4 ping 11.1.10x.1?

o What is the AS-PATH for the 11.1.10x.0 networks from R2, R3, R4?

o R2#sh ip bgp

o BGP table version is 5, local router ID is 9.0.23.2

o Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

o               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

o               x best-external, a additional-path, c RIB-compressed,

o Origin codes: i - IGP, e - EGP, ? - incomplete

o RPKI validation codes: V valid, I invalid, N Not found

o

o      Network          Next Hop            Metric LocPrf Weight Path

o  *>  11.1.100.0/24    9.0.12.1                 0             0 1111 i

o  *>  11.1.101.0/24    9.0.12.1                 0             0 1111 i

o  *>  11.1.102.0/24    9.0.12.1                 0             0 1111 i

o  *>  11.1.103.0/24    9.0.12.1                 0             0 1111 i

·

o What is the origin code for routes originated via network command? (i)

                      IGP

Redistribution

· Instead of adding networks one at a time, you can tell BGP to redistribute networks from another source (aka, eigrp, ospf, static routes, or directly connected routes)

o On R4, view available networks:   show ip int br | e una

o On R4:

router bgp 4444

  redistribute connected

o Did R3/R2/R1 get the routes in “show ip bgp”?  (R3 R2 yes, R1 no) Why or why not?

o Can R3/R2/R1 ping the .4 networks?   (R3 yes, R2 R1 no).  Why or Why not?

o R3 needs to “next hop self” on R2

o On R3:

router bgp 2323

  neighbor 23.2.0.2 next-hop-self

clear ip bgp *

· Redistribution updates automatically

o On R4, configure new loopback interfaces

int loop205

  ip address 44.4.205.4 255.255.255.0

int loop206

  ip address 44.4.206.4 255.255.255.0

o Did R1/R2/R3 get the routes? Yes (depending how slow you typed, you may have to wait 60s)

o Can R1/R2/R3 ping right away?  Yes

· Redistribution shouldn’t be left unchecked

o It could lead to undesired results

§ Ex: If someone configures a new directly connected network / static that shouldn’t have been redistributed

o Best to limit redistribution using a Route-Map

§ On R4:

ip prefix-list PL-CONNECTED->BGP permit 44.4.200.0/21 ge 24 le 24
route-map RM-CONNECTED->BGP permit 10

match ip address prefix-list PL-CONNECTED->BGP

exit

clear ip bgp *

o What routes were advertised to R3/R2/R1?

o Configure new directly connected routes on R4:

int loop207

  ip address 44.4.207.4 255.255.255.0

int loop208

  ip address 44.4.208.4 255.255.255.0

o Which of these new routes made it to R3/R2/R1?  Why?

o Did the routes that were within the confines of the prefix-list propagate automatically?

o Add 208 to the prefix list:

ip prefix-list PL-CONNECTED->BGP permit 44.4.208.0/24

o Was the .208. network propagated to R3/R2/R1?

o What is the AS-PATH for the 44.4.10x.0 networks from R3, R2, R1?

o What is the origin code for routes originated via redistribution? (?)

Aggregation

· BGP only advertises a route in the RIB… if we can add routes to RIB, we can advertise them

o What is a way an administrate can manually add a route to the route table (static route)

o On R1, add a network statement for 11.1.104.0/22:

router bgp 1111

  network 11.1.104.0 mask 255.255.252.0

o Was anything advertised into BGP (check show ip bgp on R1 and R2)? (no)

o On R1, add a static route for 11.1.104.0/22:

router1(config)#ip route 11.1.104.0 255.255.252.0 null0

o Was anything advertised? (yes, the /22)

o Can R2/R3/R4 see the new /22?

o Can R2/R3/R4 ping 11.1.10x.1?

o Remove the /24 networks from R1:

o Can R2/R3/R4 see the new /22?

o Can R2/R3/R4 ping 11.1.10x.1?

· BGP can also aggregate with aggregate-address command

o R4 is currently advertising 8 routes

o Use aggregate-address to summarize the first /22

router bgp 4444

aggregate-address 44.4.200.0 255.255.252.0

o What route was advertised to R3 / R2 / R1?  

o By default, aggregate-address does not stop the advertisement of the smaller prefixes

§ but that can be enabled with summary-only command

o On R4, prevent advertising of smaller networks:

router bgp 4444

aggregate-address 44.4.200.0 255.255.252.0 summary-only

o What does the “s” mean on show ip bgp on R4?

o Can R3/R2/R1 still ping 44.4.200[0123].4?

o What route was advertised to R3/R2/R1?

o What is the AS-PATH to the new aggregate?

o What is the origin code for routes originated via aggregate-address (?)

o

· Aggregation is also possible on behalf of other AS’s

o We will have AS 2323 aggregate the 44.4.204.0/22 network towards AS 1111

o On R3:

router bgp 2323

aggregate-address 44.4.204.0 255.255.252.0 summary-only

o How did R3’s “show ip bgp” change?

o What was advertised to R2?

o What was advertised to R1?

o What is the origin code on R1 for the new aggregate?

o On R1:  show ip bgp 44.4.204.0/22, who aggregated the route?

o What is the AS-PATH on R1 for the new aggregate?

§ Is that the real originating AS for those networks?

§ How does eBGP prevent loops?

§ Can you see how this could lead to problems?

§ On R4:   show ip bgp summary

§ Did R4 learn something when R3 did the aggregation?  Why did R4 learn from R3 about its own networks?

o Include the originating AS’s in the aggregate route by using the as-set argument:

o R3:

router bgp 2323

aggregate-address 44.4.204.0 255.255.252.0 summary-only as-set

o Was it advertised to R2/R1?

o What is R1’s AS-PATH on the aggregate?

 

o What is R1’s origin code on the aggregate?

· Seeing AS-SET when summarizing routes from multiple AS’s:

o Configure and advertise a network on R3:

interface Loopback234

ip address 10.234.3.3 255.255.255.128

router bgp 2323

network 10.234.3.0 mask 255.255.255.128

o Configure and advertise a network on R4:

interface Loopback234

ip address 10.234.4.4 255.255.255.128

router bgp 4444

network 10.234.4.0 mask 255.255.255.128

o Did both /25 routes make their way to R1?

Yes.

R1#sh ip bgp
BGP table version is 18, local router ID is 11.11.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*>  10.234.3.0/25    9.0.12.2                               0 2323 i
*>  10.234.4.0/25    9.0.12.2                               0 2323 4444 i

 

o Can R1 ping 10.234.4.4 and 10.234.3.3? no

o Use aggregate-address as-set summary only on R1:

router bgp 1111

aggregate-address 10.234.0.0 255.255.248.0 as-set summary-only

o How did “show ip bgp” change?

I can see this was suppressed

    Network          Next Hop            Metric LocPrf Weight Path
*>  10.234.0.0/21    0.0.0.0                       100  32768 {2323,4444} i
s>  10.234.3.0/25    9.0.12.2                               0 2323 i
s>  10.234.4.0/25    9.0.12.2                               0 2323 4444 i

 

o What would the AS-PATH be if R1 were connected to another AS and advertised 10.234.0.0/21 to them? (1111, {2323,4444} i)

 

R1.

R1#sh run | s r b
router bgp 1111
bgp log-neighbor-changes
network 11.1.100.0 mask 255.255.255.0
network 11.1.101.0 mask 255.255.255.0
network 11.1.102.0 mask 255.255.255.0
network 11.1.103.0 mask 255.255.255.0
network 11.1.104.0 mask 255.255.252.0
aggregate-address 10.234.0.0 255.255.248.0 as-set summary-only
neighbor 9.0.12.2 remote-as 2323
R1#sh ip bgp
BGP table version is 21, local router ID is 11.11.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*>  10.234.0.0/21    0.0.0.0                       100  32768 {2323,4444} i
s>  10.234.3.0/25    9.0.12.2                               0 2323 i
s>  10.234.4.0/25    9.0.12.2                               0 2323 4444 i
*>  11.1.100.0/24    0.0.0.0                  0         32768 i
*>  11.1.101.0/24    0.0.0.0                  0         32768 i
*>  11.1.102.0/24    0.0.0.0                  0         32768 i
*>  11.1.103.0/24    0.0.0.0                  0         32768 i
*>  11.1.104.0/22    0.0.0.0                  0         32768 i
*>  44.4.200.0/22    9.0.12.2                               0 2323 4444 i
*>  44.4.204.0/22    9.0.12.2                               0 2323 4444 ?
*>  44.4.208.0/24    9.0.12.2                               0 2323 4444 ?

R1#sh run | i route
router bgp 1111
ip route 9.0.0.0 255.255.0.0 9.0.12.2
ip route 11.1.104.0 255.255.252.0 Null0

 

R2.

R2#sh ip int bri | e una
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         9.0.12.2        YES manual up                    up
GigabitEthernet0/1         9.0.23.2        YES manual up                    up
Loopback0                  23.23.2.2       YES manual up                    up

R2#sh run | s r b
router bgp 2323
bgp log-neighbor-changes
neighbor 9.0.12.1 remote-as 1111
neighbor 9.0.23.3 remote-as 2323
neighbor 9.0.23.3 next-hop-self

 

R2#sh run | i route
router bgp 2323
ip route 9.0.0.0 255.255.0.0 9.0.23.3

 


R2#sh ip bgp
BGP table version is 22, local router ID is 9.0.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*>i 10.234.3.0/25    9.0.23.3                 0    100      0 i
*>i 10.234.4.0/25    9.0.23.3                 0    100      0 4444 i
*>  11.1.100.0/24    9.0.12.1                 0             0 1111 i
*>  11.1.101.0/24    9.0.12.1                 0             0 1111 i
*>  11.1.102.0/24    9.0.12.1                 0             0 1111 i
*>  11.1.103.0/24    9.0.12.1                 0             0 1111 i
*>  11.1.104.0/22    9.0.12.1                 0             0 1111 i
*>i 44.4.200.0/22    9.0.23.3                 0    100      0 4444 i
*>i 44.4.204.0/22    9.0.23.3                 0    100      0 4444 ?
*>i 44.4.208.0/24    9.0.23.3                 0    100      0 4444 ?

R3.

R3#sh run | s r b
router bgp 2323
bgp log-neighbor-changes
network 10.234.3.0 mask 255.255.255.128
aggregate-address 44.4.204.0 255.255.252.0 as-set summary-only
neighbor 9.0.23.2 remote-as 2323
neighbor 9.0.23.2 next-hop-self
neighbor 9.0.34.4 remote-as 4444
R3#sh run | i route
router bgp 2323
R3#sh ip bgp
BGP table version is 36, local router ID is 23.23.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*>  10.234.3.0/25    0.0.0.0                  0         32768 i
*>  10.234.4.0/25    9.0.34.4                 0             0 4444 i
*>i 11.1.100.0/24    9.0.23.2                 0    100      0 1111 i
*>i 11.1.101.0/24    9.0.23.2                 0    100      0 1111 i
*>i 11.1.102.0/24    9.0.23.2                 0    100      0 1111 i
*>i 11.1.103.0/24    9.0.23.2                 0    100      0 1111 i
*>i 11.1.104.0/22    9.0.23.2                 0    100      0 1111 i
*>  44.4.200.0/22    9.0.34.4                 0             0 4444 i
s>  44.4.204.0/24    9.0.34.4                 0             0 4444 ?
*>  44.4.204.0/22    0.0.0.0                       100  32768 4444 ?
s>  44.4.205.0/24    9.0.34.4                 0             0 4444 ?
s>  44.4.206.0/24    9.0.34.4                 0             0 4444 ?
s>  44.4.207.0/24    9.0.34.4                 0             0 4444 ?
*>  44.4.208.0/24    9.0.34.4                 0             0 4444 ?

 

R4.

R4#sh ip int bri | e una
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         9.0.34.4        YES manual up                    up
Loopback0                  44.44.4.4       YES manual up                    up
Loopback201                44.4.201.4      YES manual up                    up
Loopback202                44.4.202.4      YES manual up                    up
Loopback203                44.4.203.4      YES manual up                    up
Loopback204                44.4.204.4      YES manual up                    up
Loopback205                44.4.205.4      YES manual up                    up
Loopback206                44.4.206.4      YES manual up                    up
Loopback207                44.4.207.4      YES manual up                    up
Loopback208                44.4.208.4      YES manual up                    up
Loopback209                44.4.209.4      YES manual up                    up
Loopback234                10.234.4.4      YES manual up                    up
R4#  sh run | s r b
router bgp 4444
bgp log-neighbor-changes
network 10.234.4.0 mask 255.255.255.128
aggregate-address 44.4.200.0 255.255.252.0 summary-only
redistribute connected route-map RM-CONNECT-BGP
neighbor 9.0.34.3 remote-as 2323
R4#sh run | i route
router bgp 4444
redistribute connected route-map RM-CONNECT-BGP
ip route 9.0.0.0 255.255.0.0 9.0.34.3
route-map RM-CONNECT-BGP permit 10
R4#sh run | i prefix-list
ip prefix-list PL-CONNECTED->BGP seq 5 permit 44.4.200.0/21 ge 24 le 24
ip prefix-list PL-CONNECTED->BGP seq 10 permit 44.4.208.0/24
match ip address prefix-list PL-CONNECTED->BGP
R4#sh ip bgp
BGP table version is 42, local router ID is 44.44.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*>  10.234.3.0/25    9.0.34.3                 0             0 2323 i
*>  10.234.4.0/25    0.0.0.0                  0         32768 i
*>  11.1.100.0/24    9.0.34.3                               0 2323 1111 i
*>  11.1.101.0/24    9.0.34.3                               0 2323 1111 i
*>  11.1.102.0/24    9.0.34.3                               0 2323 1111 i
*>  11.1.103.0/24    9.0.34.3                               0 2323 1111 i
*>  11.1.104.0/22    9.0.34.3                               0 2323 1111 i
*>  44.4.200.0/22    0.0.0.0                            32768 i
s>  44.4.201.0/24    0.0.0.0                  0         32768 ?
s>  44.4.202.0/24    0.0.0.0                  0         32768 ?
s>  44.4.203.0/24    0.0.0.0                  0         32768 ?
*>  44.4.204.0/24    0.0.0.0                  0         32768 ?
*>  44.4.205.0/24    0.0.0.0                  0         32768 ?
*>  44.4.206.0/24    0.0.0.0                  0         32768 ?
     Network          Next Hop            Metric LocPrf Weight Path
*>  44.4.207.0/24    0.0.0.0                  0         32768 ?
*>  44.4.208.0/24    0.0.0.0                  0         32768 ?