BGP Lab Exercise 5 ------------------ 1. The final exercise in the BGP labs is to simulate a situation which is commonly found in many service provider networks around the world. The situation is where an ISP multihomes between two upstream ISPs, and uses two local routers for redundancy. This necessitates using eBGP towards the upstreams, and iBGP between the two local routers. 2. To prepare for this remove the eBGP configuration with your local peer. For example: RouterA(config)#router bgp 1 RouterA(config-router)#no neigh 196.200.220.xxx remote 2 Also remove the IPv6 eBGP configuration with your local peer. RouterA(config-router)#no neigh 200:4348:220:xx::x remote 2 Notice that the BGP neighbour configuration should be removed from the generic BGP section, and not within the address-family. If you delete the neighbour configuration from the address-family, only the configuration relating to that address family will be removed, not the generic configuration. 3. Teams A,C,E,G and I will have to change the BGP AS Number from the one they are using to the one used by their neighbours on the right hand side of the room. The best way to do this is to make a note of the BGP configuration, then do "no router bgp " before entering the configuration as "router bgp . RouterA(config)# no router bgp 1 RouterA(config)# router bgp 2 RouterA(config-router)# address-family ipv4 RouterA(config-router-af)# neigh 196.200.222.1 remote-as 100 RouterA(config-router-af)# neigh 196.200.222.1 prefix-list my-routes out RouterA(config-router-af)# neigh 196.200.222.1 prefix-list sanity-filter in RouterA(config-router-af)# neigh 196.200.222.1 activate RouterA(config-router-af)# no synchronization ...etc... Don't forget to do the IPv6 equivalent too. Refer to previous exercises for hints on what you need to type. Don't forget the "no bgp default ipv4-unicast". And don't forget to activate the neighbour for the appropriate address-family. 4. The remaining teams, B,D,F,H and J will have to delete the BGP session with AS100 and replace it with a BGP session with AS200. RouterB(config)# router bgp 2 RouterB(config-router)# no neigh 196.200.222.5 remote-as 100 RouterB(config-router)# address-family ipv4 RouterB(config-router-af)# neigh 196.200.222.5 remote-as 200 RouterB(config-router-af)# neigh 196.200.222.5 prefix-list my-routes out RouterB(config-router-af)# neigh 196.200.222.5 prefix-list sanity-filter in RouterB(config-router-af)# neigh 196.200.222.5 activate Don't forget to do the IPv6 equivalent too. Refer to previous exercises for hints on what you need to type. Don't forget the "no bgp default ipv4-unicast" and to activate the neighbour. 5. Note that the prefix-list "my-routes" used in the eBGP filters in the previous two steps will need to include the address block from both routers. Because the two /28 networks are contiguous, we can aggregate these into a single /27 announcement. For example: RouterB(config)# ip prefix-list my-routes permit 196.200.220.32/27 RouterB(config)# ip prefix-list my-routes deny 0.0.0.0/0 le 32 is preferred over announcing 196.200.220.32/28 and 196.200.220.48/28 individually. Don't forget to do the IPv6 equivalent too for the IPv6 prefix-lists. Refer to previous exercises for hints on what you need to type. 6. Now each of AS 2, AS 4, AS 6, AS 8 and AS 10 needs to configure ISIS in their AS. Before starting the ISIS process, configure a loopback interface and give it an IPv4 address so that you can assign an NSAP address for ISIS based on it. For the loopback interface, assign a /32 IP address from your block. RouterA(config)#interface loopback0 RouterA(config-if)#ip addr 196.200.220.yy 255.255.255.255 RouterA(config)#router isis si-as2 RouterA(config-router)#passive-interface Loopback0 RouterA(config-router)#passive-interface Fast0/0 RouterA(config-router)#passive-interface Fast0/1 RouterA(config)#interface serial 0/0 RouterA(config-if)#ip router isis si-as2 Note that we only run ISIS on the Serial link between the two routers in the AS. Also set up ISIS so that you set up adjacencies for IPv6. For example: RouterA(config)#interface loopback0 RouterA(config-if)#ipv6 addr 2001:4348:220:1f::1/128 RouterA(config)# interface Serial 0/0 RouterA(config)# ipv6 router isis si-as2 7. Now each of AS 2, AS 4, AS 6, AS 8 and AS 10 needs to configure iBGP in their AS. Remember that iBGP runs between loopback interfaces on the router. The example below shows IPv4 - don't forget to do the same thing for IPv6. RouterA(config)# router bgp 2 RouterA(config-router)# address-family ipv4 RouterA(config-router-af)# neighbor 196.200.220.xx remote-as 2 RouterA(config-router-af)# neighbor 196.200.220.xx next-hop-self RouterA(config-router-af)# neighbor 196.200.220.xx update-source loopback 0 RouterA(config-router-af)# activate Note that the iBGP session does not need any prefix filters to be applied. In an ISP network, iBGP prefixes are distributed throughout the whole iBGP speaking network. Notice the purpose of the next-hop-self command in iBGP. It replaces the external next-hop (refer to the BGP presentation) with the IP address of the local router. This ensures that external point to point links do not need to be carried in ISIS. This is a current Best Practice technique in most ISP networks around the world today. 8. Check the BGP process using "sh ip bgp" for IPv4 and "sh bgp ipv6 unicast" for IPv6 to see if both the eBGP and iBGP neighbours are active. 9. Also check to see what prefixes you are receiving from all your BGP neighbours. What paths do you see? Can you explain what is happening? BGP Testing ----------- 1. Verify that you can see routes for all networks in your AS by using "show ip route". Test connectivity using ping and traceroute, as well as "show ip bgp" and "show ip route". 2. Add some additional routes to simulate connections to customers. Obtain IP address allocations from the registry (instructors), add routes to "null 0", and use bgp "network" statements to bring the routes into BGP. Adjust your filters as appropriate. Get your peers to adjust their filters too. 3. Review your filters. Make sure that you are seeing the right information from everyone. 4. What routes do you see in your routing table? What do the ASpaths look like? Which routes are preferred? 5. Look at the routing table of other ASes to understand how traffic flows in the network. 6. Verify that you can get to all the PCs in the entire classroom (not just in your own AS). 7. Experiment with breaking connections. See how the routing changes.