BGP Cheat Sheet (for Wednesday's exercises) ip classless ip subnet-zero ip bgp-community new-format ! router bgp 3582 ! Initial BGP config statement ! gives your with ASN no synchronization ! Do not synchronize with the IGP no auto-summary ! no classfull boundaries bgp dampening ! dampen route flaps network 128.223.0.0 ! network to announce into BGP neighbor 207.98.66.11 send-community ! Send communities to peers neighbor 207.98.66.11 version 4 ! BGP version 4 neighbor 207.98.66.11 soft-reconfiguration inbound ! allows changes to filtering without ! resetting the session (uses memory) neighbor 207.98.66.11 prefix-list sanity-filter in ! filter all incoming announcements ! against this prefix-list neighbor 207.98.66.11 prefix-list my-routes out ! filter all outgoing announcements ! against this prefix-list neighbor 207.98.66.11 remote-as 3701 ! peer's address and AS number neighbor 207.98.66.11 description BigISP Transit (noc@upstream.net) neighbor 207.98.66.11 update-source Ethernet 0/0s ! which interface to use for BGP neighbor 198.108.0.1 remote-as 3582 ! iBGP (remote AS is same as local AS) neighbor 198.108.0.1 version 4 ! BGP version 4 neighbor 198.108.0.1 description IBGP-peer ! neighbor description neighbor 198.108.0.1 update-source loopback ! always use loopback for iBGP ! ! prefix-list to allow all my routes and deny others ! ip prefix-list my-routes seq 5 permit 128.223.0.0/16 ip prefix-list my-routes seq 50 deny 0.0.0.0/0 le 32 ! ! prefix-list to allow all routes for one particular peer AS ! ip prefix-list peer-routes-as-123 seq 5 permit 205.240.25.0/24 ip prefix-list peer-routes-as-123 seq 10 permit 199.217.92.0/22 ip prefix-list peer-routes-as-123 seq 15 permit 206.40.128.0/22 ip prefix-list peer-routes-as-123 seq 50 deny 0.0.0.0/0 le 32 ! ! prefix-list to deny some bad prefixes, permit almost everything else, @ but deny prefixes longer than /24 ! ip prefix-list sanity-filter description "Deny default, RFC1918, net 10" ip prefix-list sanity-filter seq 10 deny 127.0.0.0/8 le 32 ip prefix-list sanity-filter seq 15 deny 10.0.0.0/8 le 32 ip prefix-list sanity-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list sanity-filter seq 25 deny 192.168.0.0/16 le 32 ip prefix-list sanity-filter seq 30 deny 192.0.2.0/24 le 32 ip prefix-list sanity-filter seq 50 permit 0.0.0.0/0 le 24 ! BGP Lab Exercise Hints 1. Remove OSPF from your router and do shutdown on your serial links. We will only be using the Ethernet links for this exercise. 2. Confirm that you are no longer receiving OSPF routes by doing a show ip route 3. Figure out your AS number. AS: 4. Verify the IP address block used for your PC link. Your gruop was assigned an address block. You need to sub-divide it, using part of it for the LAN with your PC, and part of it for point to point links between routers. Aggregate address block: Mask: More-specific block used for LAN: 5. We will set up peering sessions according the map. Decide which IP addresses you are going to use for your Point-to-Point links with your neighboring peer. More-specific block used for point to point link: 6. Configure BGP on your router to announce your network. RouterA#config term Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#ip bgp-community new-format RouterA(config)#router bgp 1 // use your AS number RouterA(config-router)#network 81.199.108.80 mask 255.255.255.240 // use your network and mask RouterA(config-router)#no synchronization RouterA(config-router)#no auto-summary RouterA(config-router)#bgp dampening BGP is now configured on your router, but not yet talking to any other routers. 7. Set up a peering session with your neighbor: RouterA(config)#router bgp 1 //use your AS number RouterA(config-router)#neighbor 81.199.108.65 remote-as 100 // use the IP address and AS number of your neighbor RouterA(config-router)#neighbor 81.199.108.65 description My-Peer-with-AS1 RouterA(config-router)#neighbor 81.199.108.65 prefix-list my-routes out RouterA(config-router)#neighbor 81.199.108.65 prefix-list sanity-filter in NOTE: different exercises use different filtering methods; sometimes no filters at all. 8. Define the prefix-lists that you will need. This specifies which routes you will send out and which routes you will accept. RouterA(config)#ip prefix-list my-routes description My routes outbound RouterA(config)#ip prefix-list my-routes permit 81.199.108.80/28 RouterA(config)#ip prefix-list my-routes deny 0.0.0.0/0 le 32 RouterA(config)# RouterA(config)#ip prefix-list sanity-filter description Sanity Inbound RouterA(config)#ip prefix-list sanity-filter deny 127.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 10.0.0.0/8 le 32 RouterA(config)#ip prefix-list sanity-filter deny 172.16.0.0/12 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.168.0.0/16 le 32 RouterA(config)#ip prefix-list sanity-filter deny 192.0.2.0/24 le 32 RouterA(config)#ip prefix-list sanity-filter permit 0.0.0.0/0 le 32 Double check that you set your "my-routes" outbound filter to contain the network you wish to announce. In most classroom exercises, you trust your provider enough that you can use a simple sanity filter that denies a few things and then permits everything else. 9. Check to see if the peering session is up: RouterA#show ip bgp summary BGP router identifier 81.199.108.66, local AS number 100 BGP table version is 3, main routing table version 3 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 81.199.108.65 4 1 0 0 0 0 0 never Idle 10. Check to see if you are sending routes to your neighbor? Why or why not? RouterA#sh ip bgp neighbor x.x.x.x advertised-routes 11. Check to see if you are receiving routes from your neighbor. RouterA#show ip bgp What routes are you receiving? Other commands to monitor BGP: RouterA#sh ip route RouterA#sh ip bgp RouterA#sh ip bgp neighbor RouterA#sh ip bgp neighbor x.x.x.x received-routes [*] [*] Only works if "soft-reconfiguration inbound" has been configured for this peer BGP Testing 1. Make sure that you have connectivity within your AS. You should set-up OSPF so that you have connectivity between the routers and PCs in your AS. 2. Verify that you can see routes for all networks in your AS by using show IP route. Test connectivity using ping and traceroute, as well as "show ip bgp" and "show ip route". 3. Add some additional routes to simulate connections to customers. Obtain IP address allocations from the registry (instructors), add routes to "null 0", and use bgp "network" statements to bring the routes into BGP. Adjust your filters as appropriate. Get your peers to adjust their filters too. 4. Review your filters. Make sure that you are seeing the right information from everyone. 5. What routes do you see in your routing table? What do the ASpaths look like? Which routes are preferred? 6. Look at the routing table of other ASes to understand how traffic flows in the network. 7. Verify that you can get to all the PCs in the entire classroom (not just in your own AS). 8. Experiment with breaking connections. See how the routing changes.