BGP Lab Exercise 5 ------------------ 1. The final exercise in the BGP labs is to simulate a situation which is commonly found in many service provider networks around the world. The situation is where an ISP multihomes between two upstream ISPs, and uses two local routers for redundancy. This necessitates using eBGP towards the upstreams, and iBGP between the two local routers. 2. To prepare for this remove the eBGP configuration with your local peer. RouterA(config-router)#no neigh 192.200.220.xxx remote 2 Also remove the IPv6 eBGP configuration with your local peer. RouterA(config-router)#no neigh 200:4348:220:xx::x remote 2 3. Teams A,C,E,G,I,K and M will have to change the BGP AS Number the one they are using to the one used by their neighbours on the right hand side of the room. The best way to do this is to make a note of the BGP configuration, then do "no router bgp " before entering the configuration as "router bgp . RouterA(config)# no router bgp 1 RouterA(config)# router bgp 2 RouterA(config)# address-family ipv4 RouterA(config-router)# neigh 196.200.222.1 remote-as 100 RouterA(config-router)# neigh 196.200.222.1 prefix-list my-routes out RouterA(config-router)# neigh 196.200.222.1 prefix-list sanity-filter in RouterA(config-router)# no synchronization ...etc... Don't forget to do the IPv6 equivalent too. Refer to previous exercises for hints on what you need to type. Don't forget the "no bgp default ipv4-unicast". 4. The remaining teams, B,D,F,H,J,L and N will have to delete the BGP session with AS100 and replace it with a BGP session with AS200. RouterB(config)# router bgp 2 RouterB(config-router)# no neigh 196.200.222.5 remote-as 100 RouterB(config-router)# neigh 196.200.222.5 remote-as 200 RouterB(config-router)# neigh 196.200.222.5 prefix-list my-routes out RouterB(config-router)# neigh 196.200.222.5 prefix-list sanity-filter in Don't forget to do the IPv6 equivalent too. Refer to previous exercises for hints on what you need to type. Don't forget the "no bgp default ipv4-unicast". 5. Note that the prefix-list "my-routes" used in the eBGP filters in the previous two steps will need to include the address block from both routers. Because the two /28 networks are contiguous, we can aggregate these into a single /27 announcement. For example: RouterB(config)# ip prefix-list my-routes permit 196.200.220.32/27 RouterB(config)# ip prefix-list my-routes deny 0.0.0.0/0 le 32 is preferred over announcing 196.200.220.32/28 and 196.200.220.48/28 individually. Don't forget to do the IPv6 equivalent too for the IPv6 prefix-lists. Refer to previous exercises for hints on what you need to type. 6. Now each of AS 2, AS 4, AS 6, AS 8, AS 10, AS 12 and AS 14 needs to configure OSPF in their AS. Before starting the OSPF process, configure a loopback interface and give it an IPv4 address so that OSPF will use it as the OSPF Router ID. For the loopback interface, assign a /32 IP address from your block. RouterA(config)#interface loopback0 RouterA(config-if)#ip addr 196.200.220.yy 255.255.255.255 RouterA(config)#router ospf 2 RouterA(config)#passive-interface default RouterA(config)#network 196.200.220.yy 0.0.0.0 area 0 RouterA(config)#network 196.200.220.xx 0.0.0.3 area 0 RouterA(config)#no passive-interface Serial 0/0 Note that we only run OSPF on the Serial link between the two routers in the AS. Also set up OSPFv3 so that you set up adjacencies for IPv6. For example: RouterA(config)#interface loopback0 RouterA(config-if)#ipv6 addr 2001:4348:220:1f::1/128 RouterA(config)# ipv6 router ospf 2 RouterA(config)# passive-interface default RouterA(config)# no passive-interface Serial0/0 RouterA(config)# interface Serial 0/0 RouterA(config)# ipv6 ospf 2 area 0 RouterA(config)# interface FastEthernet 0/0 RouterA(config)# ipv6 ospf 2 area 0 RouterA(config)# interface Loopback 0 RouterA(config)# ipv6 ospf 2 area 0 7. Now each of AS 2, AS 4, AS 6, AS 8, AS 10, AS 12 and AS 14 needs to configure iBGP in their AS. Remember that iBGP runs between loopback interfaces on the router. The example below shows IPv4 - don't forget to do the same thing for IPv6. RouterA(config-router)# router bgp 2 RouterA(config-router)# neighbor 196.200.220.xx remote-as 2 RouterA(config-router)# neighbor 196.200.220.xx next-hop-self RouterA(config-router)# neighbor 196.200.220.xx update-source loopback 0 Note that the iBGP session does not need any prefix filters to be applied. In an ISP network, iBGP prefixes are distributed throughout the whole iBGP speaking network. Notice the purpose of the next-hop-self command in iBGP. It replaces the external next-hop (refer to the BGP presentation) with the IP address of the local router. This ensures that external point to point links do not need to be carried in OSPF. This is a current Best Practice technique in most ISP networks around the world today. 8. Check the BGP process using "sh ip bgp" for IPv4 and "sh bgp ipv6 unicast" for IPv6 to see if both the eBGP and iBGP neighbours are active. 9. Also check to see what prefixes you are receiving from all your BGP neighbours. What paths do you see? Can you explain what is happening? BGP Testing ----------- 1. Verify that you can see routes for all networks in your AS by using "show ip route". Test connectivity using ping and traceroute, as well as "show ip bgp" and "show ip route". 2. Add some additional routes to simulate connections to customers. Obtain IP address allocations from the registry (instructors), add routes to "null 0", and use bgp "network" statements to bring the routes into BGP. Adjust your filters as appropriate. Get your peers to adjust their filters too. 3. Review your filters. Make sure that you are seeing the right information from everyone. 4. What routes do you see in your routing table? What do the ASpaths look like? Which routes are preferred? 5. Look at the routing table of other ASes to understand how traffic flows in the network. 6. Verify that you can get to all the PCs in the entire classroom (not just in your own AS). 7. Experiment with breaking connections. See how the routing changes.