OSPF/BGP exercise ("the big exercise") Objective: Set up an ISP network serving the whole of Africa. You will need to use OSPF, iBGP, and eBGP. Your budget allows you to have a presence in 16 cities. You will need to choose 16 cities that provide coverage of important population centres. Your budget allows you to have two links to upstream providers in Europe, the USA, or Asia. You will need to choose which African cities should be connected to which upstream providers. Your budget allows each city to have one LAN for customers, and three links to other cities. You will need to choose which cities will connect to which other cities. Note that the links to upstream providers count against the total number of links, so a city may have links to three other African cities, or two links to other African cities plus one link to an upstream provider. You will need to do everything, including planning the network layout, planning the IP address allocation, configuring the interfaces, configuring iBGP, configuring eBGP to the upstream providers, using BGP filters, and troubleshooting. The details are up to you, but here are a suggested list of steps: 1. Choose two network managers, who will oversee the planning process. 2. Choose 16 African cities for your network points of presence. Draw a rough map showing the locations. 3. Choose 2 African cities and 2 non-African cities for uplinks to international providers. 4. Choose how the cities will be linked to each other. The two cities that have links to upstream providers should also have 2 links to African cities (total of 3 links). The other cities (that do not have links to upstream providers) should have 1, 2, or 3 links to other African cities in your network. Draw the links on a map. 5. Choose interfaces for each link. Each city needs an ethernet for local LAN. Each city needs ethernets for links to other cities. 6. Make a spreadsheet to keep track of everything. List of cities. List of city-city links. Name of ethernet interface for each link. Addressing plan. Lots more details... Give your network disgram to the instructors so they can start preparing the virtual environment. 7. Obtain an AS number for your ISP network. (e.g. AS 65511) Obtain an IPv4 address block for your ISP. (e.g. 196.200.220.0/24) Obtain an IPv6 address block for your ISP. (e.g. 2001:43f8:220:f000::/52) 8. Find out the AS numbers for your upstream providers. (AS100 and AS200) Find out the IPv4 and IPv6 addresses for the connections from your upstream providers. (Talk to the providers.) 9. Work out an addressing plan for IPv4. Start with a /24 block for the entire ISP. Allocate a /28 for all your loopbacks. - from that, allocate a /32 for each loopback interface. Allocate a /29 for the LAN in each city. Allocate a /30 for each point to point link. 10. Work out an addressing plan for IPv6. Start with a /52 block for the entire ISP. Allocate a /64 for all your loopbacks. - from that, allocate a /128 for each loopback interface. Allocate a /64 for the LAN in each city. Allocate a /64 for each point to point link. 11. Connect all the cables. You don't have physical machines or cables, since the routers are virtualised. The instructors will set up virtual cables between your virtual routers, according to a diagram that you provide. 12. Configure the loopback interfaces on each router. Give it an IPv4 /32 and an IPv6 /128 address. 13. Configure the LAN interfaces on each router. You already allocated it an IPv4 /29 subnet, and an IPv6 /64 subnet. Now configure the individual addresses for both the router and PC connections to this LAN. Check that the PC and the router can ping each other. 14. Configure the point to point links between cities. Each one has an IPv4 /30 subnet, and an IPv6 /64 subnet. Now configure the IP addresses on the routers. 15. Ping between neighbouring cities over the point to point links. Use both IPv4 and IPv6. If you can't ping your neighbour, then debug the problem. Don't move on to the next step before this works. 16. Configure OSPF on every router. Use a password. Your loopback interfaces, and your point-to-point networks, must be in OSPF. When routing converges, every router should see an OSPF route to: - The loopback address in every other router (IPv4 /32, IPv6 /128); - The point to point link between every pair of routers (IPv4 /30, IPv6 /64). 17. Configure iBGP on every router. Use a password. Remember that it must be a full mesh. Use peer groups. Remember to use the loopback addresses, not the point-to-point addresses. Remember "update-source loopback0". You should have 15 iBGP neighbours. They should all be up. 18. Configure iBGP to announce the LAN network in every city. Each router will need a bgp "network" statement for its own LAN network (IPv4 /29, IPv6 /64). It does not need a static "pull up" or "tie down" route to Null0, because it's a connected network. Check that the BGP process in every city can see the LAN network from every other city. The LAN counts as a customer network, not an infrastructure network, so it should be carried in iBGP, not in OSPF. This reduces the CPU and memory requirements for the OSPF process. 19. Configure eBGP to your upstream. This applies only in the two gateway cities. You need to know the upstream AS number, and the IP addresses to use. You should advertise your large network blocks (IPv4 /24 and IPv6 /52) to your upstream provider. Do not advertise a lot of more-specific routes, such as IPv4 /29 or /32, or IPv6 /64 or /128. To advertise your large network blocks, you will need bgp "network" statements, and static "hold up" routes for the blocks. It's good practice to originate these routes on only a few routers, not on every router in your AS. For example, you could originate them on the two gateway routers that connect to upstream providers. - Add BGP "network" statements for your IPv4 /24 network block, and your IPv6 /52 network block. - Add static "hold up" or "tie down" routes, for your IPv4 /24 block and your IPv6 /52 block. Configure filters to allow your large network blocks, but deny the more-specific prefixes. Check that your eBGP connection is up. Check that you are announcing the correct information to your upstream. 20. Check that it still works when links fail.