BGP Cheat Sheet (for Wednesday's exercises) ip classless ip subnet-zero ip bgp-community new-format ! router bgp 3582 ! Initial BGP config statement ! gives your with ASN no synchronization ! Do not synchronize with the IGP no auto-summary ! no classfull boundaries bgp dampening ! dampen route flaps network 128.223.0.0 mask 255.255.0.0 ! network to announce into BGP neighbor 207.98.66.11 send-community ! Send communities to peers neighbor 207.98.66.11 version 4 ! BGP version 4 neighbor 207.98.66.11 password ! password for eBGP session neighbor 207.98.66.11 prefix-list sanity-filter in ! filter all incoming announcements ! against this prefix-list neighbor 207.98.66.11 prefix-list my-routes ! filter all outgoing announcements ! against this prefix-list neighbor 207.98.66.11 remote-as 3701 ! peer's address and AS number neighbor 207.98.66.11 description BigISP Transit (noc@upstream.net) ! name and contact info is useful neighbor 198.108.0.1 remote-as 3582 ! iBGP (remote AS is same as local AS) neighbor 198.108.0.1 version 4 ! BGP version 4 neighbor 198.108.0.1 password ! password for iBGP session neighbor 198.108.0.1 description IBGP-peer ! useful info: neighbor description neighbor 198.108.0.1 update-source loopback ! always use loopback for iBGP ! ip prefix-list my-routes description Allow my routes and deny others ip prefix-list my-routes seq 5 permit 128.223.0.0/16 ip prefix-list my-routes seq 100 deny 0.0.0.0/0 le 32 ! ip prefix-list peer-routes-as-123 description All routes for peer AS 123 ip prefix-list peer-routes-as-123 seq 5 permit 205.240.25.0/24 ip prefix-list peer-routes-as-123 seq 10 permit 199.217.92.0/22 ip prefix-list peer-routes-as-123 seq 15 permit 206.40.128.0/22 ip prefix-list peer-routes-as-123 seq 100 deny 0.0.0.0/0 le 32 ! ! prefix-list to deny some bad prefixes, permit almost everything else, ! but deny prefixes longer than /24 - see RFC3330 and Project Cymru ! (www.cymru.com/Documents) for more info ! ip prefix-list sanity-filter description "Deny default, RFC1918, net 10" ip prefix-list sanity-filter seq 15 deny 10.0.0.0/8 le 32 ip prefix-list sanity-filter seq 10 deny 127.0.0.0/8 le 32 ip prefix-list sanity-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list sanity-filter seq 30 deny 192.0.2.0/24 le 32 ip prefix-list sanity-filter seq 25 deny 192.168.0.0/16 le 32 ip prefix-list sanity-filter seq 50 permit 0.0.0.0/0 le 24 !