Internet Exchange Point Lab Exercise ------------------------------------ Configuring BGP Peering with an Upstream and Configuring Local BGP Peering across IXP 1. Remove the entire old configuration from your router with the exception of the interface configurations and user access permissions. We will be using two Ethernet links for this exercise. 2. Confirm that you are no longer receiving OSPF or BGP routes by doing a "show ip route". Check that the same is the case for IPv6 prefixes too. Connect one of your router's ethernet ports to the upstream router according to the diagram. We will now set up eBGP between all of the routers in the classroom and the corresponding upstream router. Each table is its own AS. For example, Table A is AS 1, Table B is AS 2, etc. 3. Figure out your AS number. AS: Document and verify your addressing scheme. Check the addressing plan in the hand out along with this exercise sheet. Don't forget that we will be setting up both IPv4 and IPv6 peerings, so we need IPv4 and IPv6 addressing: 4. We will set up peering sessions according the map. Contact your upstream provider for the IP addresses you are going to use for your Point-to-Point link. 5. Configure BGP on your router to announce your network. 6. Set up a peering session with the upstream router. RouterA(config)# router bgp 1 ! use your AS number RouterA(config)# no bgp default ipv4-unicast RouterA(config)# address-family ipv4 RouterA(config-router)# neighbor 196.200.222.1 remote-as 100 ! use the IP address and AS number of your neighbor RouterA(config-router)# neighbor 196.200.222.1 descr My-Peer-with-AS100 RouterA(config-router)# neighbor 196.200.222.1 prefix-list my-routes out RouterA(config-router)# neighbor 196.200.222.1 prefix-list sanity-filter in RouterA(config)# address-family ipv6 RouterA(config-router)# neighbor 2001:4348:220:1::1 remote-as 100 ! use the IP address and AS number of your neighbor RouterA(config-router)# neighbor 2001:4348:220:1::1 descr My-Peer-with-AS100 RouterA(config-router)# neighbor 2001:4348:220:1::1 prefix-list myv6-routes out RouterA(config-router)# neighbor 2001:4348:220:1::1 prefix-list v6sanity-filter in 7. Define the IPv4 and IPv6 prefix-lists that you will need. This specifies which routes you will send out and which routes you will accept. RouterA(config)#ip prefix-list my-routes permit 196.200.220.32/28 RouterA(config)#ip prefix-list my-routes deny 0.0.0.0/0 le 32 RouterA(config)# RouterA(config)#ip prefix-list sanity-filter deny 10.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 127.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 172.16.0.0/12 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.0.2.0/24 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.168.0.0/16 le 32 RouterA(config)#ip prefix-list sanity-filter permit 0.0.0.0/0 le 32 RouterA(config)#ipv6 prefix-list my-v6routes permit 2001:4348:220:10::/60 RouterA(config)#ipv6 prefix-list my-v6routes deny ::/0 le 128 RouterA(config)# RouterA(config)# ipv6 prefix-list v6sanity-filter description Sanity Inbound RouterA(config)# ipv6 prefix-list v6sanity-filter deny ::/0 RouterA(config)# ipv6 prefix-list v6sanity-filter deny ::1/128 RouterA(config)# ipv6 prefix-list v6sanity-filter deny fe80::/10 le 128 RouterA(config)# ipv6 prefix-list v6sanity-filter deny fec0::/10 le 128 RouterA(config)# ipv6 prefix-list v6sanity-filter deny fc00::/7 le 128 RouterA(config)# ipv6 prefix-list v6sanity-filter deny ff00::/8 le 128 RouterA(config)# ipv6 prefix-list v6sanity-filter deny 2001:db8::/32 le 128 RouterA(config)# ipv6 prefix-list v6sanity-filter permit ::/0 le 128 Notice that you will have to confirm with your upstream as to what routes they are planning to send you. In the case above, the neighbor is sending everything. Double check that you set your "my-routes" and "myv6-routes" outbound filter to contain the network you wish to announce. 8. Check to see if the peering sessions are up: Router#show ip bgp sum BGP router identifier 196.200.220.39, local AS number 1 BGP table version is 3, main routing table version 3 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 196.200.222.1 4 100 0 0 3 0 0 never Idle Router#show bgp ipv6 unicast sum BGP router identifier 196.200.220.39, local AS number 1 BGP table version is 3, main routing table version 3 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:4348:220:1::1 4 100 0 0 3 0 0 never Idle 9. Check to see if you are receiving routes from your upstream. You should accept "full" routes or default from your upstream. Router#show ip bgp What IPv4 routes are you receiving? Router#show bgp ipv6 unicast What IPv6 routes are you receiving? Other commands to monitor BGP: Router#sh ip route Router#sh ip bgp Router#sh ip bgp neighbor Router#sh ip bgp neighbor x.x.x.x routes Router#sh ip bgp neighbor x.x.x.x received-routes [*] Router#sh ipv6 route Router#sh bgp ipv6 Router#sh bgp ipv6 unicast neighbor Router#sh bgp ipv6 unicast neighbor x.x.x.x routes [*] Only works if "soft-reconfiguration inbound" has been configured for this peer 10. Traceroute to all of the other networks in the classroom. Notice the path that they take. What do you see? 11. Set up an exchange point for all of the classroom peers. Find a switch to use to connect everyone to a shared medium. Use 196.200.220.224/27 as the IPv4 LAN address space for the exchange point. And use 2001:4348:220:FF::/64 as the IPv6 address space for the exchange point LAN. 12. Gather the necessary information from all of your peers: IPv4 Table: AS number of neighbor Prefixes they will be announcing IP address for peering --------------------- -------------------------------- ---------------------- IPv6 Table: AS number of neighbor Prefixes they will be announcing IP address for peering --------------------- -------------------------------- ---------------------- 13. Negotiate peering sessions with all your neighbors (local ISPs). Set these eBGP peering sessions up. Be sure to configure your filters correctly! Only accept customer routes from your peers. Only announce your routes (don't provide transit!) to your peers. To ensure that the direct paths across the Exchange Point to your peers are preferred over going via your upstream, use a route-map to apply a high local preference to all prefixes originated by your peers. Note: It is quite common for many neighbors to be configured with the same update policies (that is, the same outbound route maps, prefix-lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient. When you have many peers, this approach is highly recommended. We will use peer-groups to simplify our configuration for our peers. An example configuration might be: router bgp 1 no bgp default ipv4-unicast address-family ipv4 neighbor XP-peers peer-group neighbor XP-peers prefix-list my-routes out neighbor XP-peers description Exchange Point Peers neighbor XP-peers route-map IXP-in in ... neighbor 196.200.220.226 remote-as 2 neighbor 196.200.220.226 peer-group XP-peers neighbor 196.200.220.226 prefix-list AS2-peer in ... neighbor 196.200.220.234 remote-as 10 neighbor 196.200.220.234 peer-group XP-peers neighbor 196.200.220.234 prefix-list AS10-peer in ! ip prefix-list AS2-peer permit 196.200.220.48/28 ... ip prefix-list AS10-peer permit 196.200.220.176/28 ! route-map IXP-in permit 10 set local-preference 120 ! 14. We also need to set up our IPv6 peerings too. An example configuration might be: router bgp 1 no bgp default ipv4-unicast address-family ipv6 neighbor XPv6-peers peer-group neighbor XPv6-peers myv6-routes out neighbor XPv6-peers description Exchange Point Peers neighbor XPv6-peers route-map IXP-in in ... neighbor 2001:4348:FF::2 remote-as 2 neighbor 2001:4348:FF::2 peer-group XPv6-peers neighbor 2001:4348:FF::2 prefix-list AS2v6-peer in ... neighbor 2001:4348:FF::A remote-as 10 neighbor 2001:4348:FF::A peer-group XPv6-peers neighbor 2001:4348:FF::A prefix-list AS10v6-peer in ! The route-map we set up earlier can be used for our IPv6 peers too as it contains no address family specific configuration. 15. Use a hold-down route for your IPv4 and IPv6 aggregates for stability 16. Traceroute to all of the networks in the class now. What path do you take? Do you see the improvement? 17. Record the configuration from your router, either by saving it on your PC, or by writing it down, or by sending it to the tftp server as described earlier in the week. Configuring BGP Peering with a Route Collector at an IXP -------------------------------------------------------- 17. The instructors will have set up a router to be a Route Collector. A route collector simply collects all the prefixes available at the IXP. 18. Set up your IPv4 and IPv6 peering sessions with the Route Collector: router bgp 1 address-family ipv4 neighbor 196.200.220.254 remote-as 65523 neighbor 196.200.220.254 prefix-list my-routes out neighbor 196.200.220.254 prefix-list deny-all in address-family ipv6 neighbor 2001:4348:220:FF::FF remote-as 65523 neighbor 2001:4348:220:FF::FF prefix-list myv6-routes out neighbor 2001:4348:220:FF::FF prefix-list deny-allv6 in ! ip prefix-list deny-all deny 0.0.0.0/0 le 32 ! ipv6 prefix-list deny-allv6 deny ::0/ le 128 Note that you do not expect to hear any prefix announcements from the Route Collector. 19. Once everyone is peering with the Route Collector, the class will be shown what the Route Collector's BGP table looks like 20. Record the configuration from your router, either by saving it on your PC, or writing it down. Configuring BGP Peering with a Route Server at an IXP ----------------------------------------------------- 21. We will now convert the Route Collector above into a Route Server. Some IXPs use a Route Server to gather all the routes available at the IXP and distribute them to all the IXP members. 22. Remove the BGP configuration used for peers at the IXP from your router with the exception of the configurations for upstream provider and with the Route Collector. Or you can use the bgp neighbor shutdown command, for example: RouterB(config)#router bgp 2 RouterB(config-router)#neighbor 196.200.220.225 shutdown RouterB(config-router)#neighbor 196.200.220.227 shutdown ...etc... 23. Confirm that you are not longer receiving BGP prefixes from the IX by doing a show ip route. 24. Change the Route Collector BGP configuration to be that for a Route Server. Basically this means removing the "deny-all" prefix list. RouterA(config)#router BGP 1 RouterA(config)#address-family ipv4 RouterA(config-router)#no neighbor 196.200.220.254 prefix-list deny-all in RouterA(config)#address-family ipv6 RouterA(config-router)#no neighbor 2001:4348:220:FF::FF prefix-list deny-allv6 in Refresh the IPv4 and IPv6 BGP sessions using "clear ip bgp 65523 in" and "clear bgp ipv6 unicast 65523 in". 25. Check how many prefixes the Route Server is sending you using "sh ip bgp sum" and "sh bgp ipv6 unicast sum". Also look at the paths of the BGP prefixes you are being sent. Notice the Route Server's ASN now appears in the AS Path. 26. Traceroute to all of the networks in the class now. Did it take the same path as previously? Do you see the reduction in complexity of adding peers to the exchange? 27. Do you notice any interesting features in the routing table? If so what? 28. We now apply local preference to the prefixes we learn from the Route Server. Default local preference is 100, so we need to increase the local preference to ensure that all the paths learned from the Exchange are the prefered paths. For example: RouterC(config)#route-map set-local-pref permit 10 RouterC(config-route)#set local-preference 200 RouterC(config)# RouterC(config)#router bgp 3 RouterC(config)#address-family ipv4 RouterC(config-router)#neighbor 196.200.220.238 route-map set-local-pref in RouterC(config)#address-family ipv6 RouterC(config-router)#neighbor 2001:4348:220:FF::FF route-map set-local-pref in 29. Remember to "clear ip bgp 65523 in" and "clear bgp ipv6 unicast 65523 in" to apply the new route-map above. Now look at the BGP table. What differences do you see compared with Step 23 above? 30. Record the configuration from your router, either by saving it on your PC, or by writing it down, or by sending it to the tftp server as described earlier in the week.