Tài liệu BGP III Lab Scenario pdf

Date of Issue: 09-01-2000 BGP III Lab Scenario by Chuck Larrieu Setup Working Configurations Router 1 Configuration Router 2 Configuration Router 3 Configuration Router 4 Configurati

Date of Issue: 09-01-2000

BGP III Lab Scenario

by Chuck Larrieu

Setup

Working Configurations

Router 1 Configuration

Router 2 Configuration

Router 3 Configuration

Router 4 Configuration

A Look at the Routing Tables

Reality Check

A Look at the Regular Expressions

Path Manipulation on Router 4

How Could You See the Regexp?

Changing Policy

Add the Access List to Router 4 Configuration

Huh? It Didn't Work

Something Is Missing

Setup

Build a configuration that consists of four routers:

R1 R2 -R3 -R4

| |

| |

-

Working Configurations

Router 1 Configuration

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname Router_1

!

Router_1 Router_2 Router_3 Router_4

Router ID 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4

Loopback 0 192.168.64.1/24 192.168.32.1/24 192.168.8.1/24 192.168.0.1/24

Loopback 1 192.168.65.1/24 192.168.33.1/24 192.168.9.1/24 192.168.1.1/24

Loopback 2 192.168.66.1/24 192.168.34.1/24 192.168.10.1/24 192.168.2.1/24 Loopback 3 192.168.67.1/24 192.168.35.1/24 192.168.11.1/24 192.168.3.1/24 Serial 0 10.0.0.14/30 10.0.0.9/30 10.0.0.5/30 10.0.0.1/30

Serial 1 10.0.0.10/30 10.0.0.6/30 10.0.0.2/30 10.0.0.13/30

ip subnet-zero

!

cns event-service server

!

interface Loopback0

ip address 192.168.64.1 255.255.255.0

!

interface Loopback1

ip address 192.168.65.1 255.255.255.0

!

interface Loopback2

ip address 192.168.66.1 255.255.255.0

!

interface Loopback3

ip address 192.168.67.1 255.255.255.0

!

interface Ethernet0

no ip address

shutdown

no cdp enable

!

interface Serial0

ip address 10.0.0.14 255.255.255.252

!

interface Serial1

ip address 10.0.0.10 255.255.255.252

!

router ospf 1000

network 192.168.64.1 0.0.0.0 area 0

network 192.168.65.1 0.0.0.0 area 0

network 192.168.66.1 0.0.0.0 area 0

network 192.168.67.1 0.0.0.0 area 0

!

router bgp 1

bgp router-id 1.1.1.1

bgp cluster-id 3232187137

redistribute ospf 1000

neighbor 10.0.0.9 remote-as 2

neighbor 10.0.0.13 remote-as 4

!

ip classless

no ip http server

!

!

line con 0

exec-timeout 0 0

privilege level 15

transport input none

line aux 0

line vty 0 4

privilege level 0

password yahoudi

login

!

end

Router 2 Configuration

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router_2

!

ip subnet-zero

!

cns event-service server

!

interface Loopback0

ip address 192.168.32.1 255.255.255.0

!

interface Loopback1

ip address 192.168.33.1 255.255.255.0

!

interface Loopback2

ip address 192.168.34.1 255.255.255.0

!

interface Loopback3

ip address 192.168.35.1 255.255.255.0

!

interface Ethernet0

no ip address

shutdown

!

interface Serial0

ip address 10.0.0.9 255.255.255.252

no fair-queue

!

interface Serial1

ip address 10.0.0.6 255.255.255.252

!

router bgp 2

bgp router-id 2.2.2.2

bgp cluster-id 3232178945

network 10.0.0.4 mask 255.255.255.252

network 192.168.32.0

network 192.168.33.0

network 192.168.34.0

network 192.168.35.0

aggregate-address 192.168.32.0 255.255.252.0 summary-only

neighbor 10.0.0.5 remote-as 3

neighbor 10.0.0.10 remote-as 1

!

ip classless

no ip http server

!

line con 0

privilege level 15

transport input none

line aux 0

line vty 0 4

privilege level 0

no login

!

end

Router 3 Configuration

no service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname Router_3

!

ip subnet-zero

!

interface Loopback0

ip address 192.168.8.1 255.255.255.0

!

interface Loopback1

ip address 192.168.9.1 255.255.255.0

!

interface Loopback2

ip address 192.168.10.1 255.255.255.0

!

interface Loopback3

ip address 192.168.11.1 255.255.255.0

!

interface Ethernet0

no ip address

no keepalive

shutdown

!

interface Serial0

ip address 10.0.0.5 255.255.255.252

!

interface Serial1

ip address 10.0.0.2 255.255.255.252

router ospf 1000

network 192.168.8.1 0.0.0.0 area 0

network 192.168.9.1 0.0.0.0 area 0

network 192.168.10.1 0.0.0.0 area 0

network 192.168.11.1 0.0.0.0 area 0

!

router bgp 3

bgp router-id 3.3.3.3

network 10.0.0.0

redistribute ospf 1000

neighbor 10.0.0.1 remote-as 4

neighbor 10.0.0.6 remote-as 2

!

ip classless

!

line con 0

line aux 0

line vty 0 4

login

!

end

Router 4 Configuration

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname router_4

!

no logging console

!

ip subnet-zero

cns event-service server

!

interface Loopback0

ip address 192.168.0.1 255.255.255.0

!

interface Loopback1

ip address 192.168.1.1 255.255.255.0

!

interface Loopback2

ip address 192.168.2.1 255.255.255.0

!

interface Loopback3

ip address 192.168.3.1 255.255.255.0

!

interface Ethernet0

no ip address

shutdown

!

interface Serial0

ip address 10.0.0.1 255.255.255.252

!

interface Serial1

ip address 10.0.0.13 255.255.255.252

!

router bgp 4

bgp router-id 4.4.4.4

bgp cluster-id 3232286465

network 10.0.0.0 mask 255.255.255.252

network 192.168.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

neighbor 10.0.0.2 remote-as 3

neighbor 10.0.0.14 remote-as 1

!

no ip http server

ip as-path access-list 1 permit _3_

!

line con 0

exec-timeout 0 0

privilege level 15

transport preferred none

transport input none

line aux 0

transport preferred none

transport input all

line vty 0 4

privilege level 0

transport preferred none

!

end

A Look at the Routing Tables

Router_1#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP,

M - mobile, B - BGP D - EIGRP, EX - EIGRP external,

O - OSPF, IA - OSPF inter area N1 - OSPF NSSA

external type 1, N2 OSPF NSSA external type 2 E1

OSPF external type 1, E2 OSPF external type 2, E

EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS

level-2, ia - IS-IS inter area * - candidate

default, U peruser static route, o ODR P

periodic downloaded static route

Gateway of last resort is not set

B 192.168.8.0/24 [20/0] via 10.0.0.13, 00:05:56

B 192.168.9.0/24 [20/0] via 10.0.0.13, 00:05:56

B 192.168.10.0/24 [20/0] via 10.0.0.13, 00:05:56

B 192.168.11.0/24 [20/0] via 10.0.0.13, 00:05:56

B 10.0.0.0/8 [20/0] via 10.0.0.13, 00:05:57

B 10.0.0.0/30 [20/0] via 10.0.0.13, 00:05:57

B 10.0.0.4/30 [20/0] via 10.0.0.9, 00:05:57

B 192.168.0.0/24 [20/0] via 10.0.0.13, 00:05:58

B 192.168.1.0/24 [20/0] via 10.0.0.13, 00:05:58

B 192.168.2.0/24 [20/0] via 10.0.0.13, 00:05:58

B 192.168.3.0/24 [20/0] via 10.0.0.13, 00:05:58

B 192.168.32.0/22 [20/0] via 10.0.0.9, 00:05:58

Router_1#

Observe that on router_1, networks advertised by router_4 appear via the interface connected to router_4

There are no secondary paths

Reality Check

Routes advertised by router 3, which is two hops away (both through router 2 and router 4), appear as originating through router 4 Why?

BGP is designed to ensure loop free routing The BGP decision process is run on the Adj-RIB-in table upon the receipt of route notifications from neighbors

Router 1 would have received notification of routes originating from router 3 from two different sources (router 2 and router 4) One of those notifications would have arrived prior to the other Upon receipt of the duplicate route, BGP would discard that update

One thing to try might be to shut down one of the serial interfaces, clear the BGP process (clear ip bgp *) and

observe the installation of the route via the other interface

Router_1#sh ip bgp summary

BGP router identifier 1.1.1.1, local AS number 1

BGP table version is 146, main routing table version 146

16 network entries and 23 paths using 2380 bytes of memory

10 BGP path attribute entries using 520 bytes of memory

5 BGP AS-PATH entries using 120 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP activity 59/116 prefixes, 156/129 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.0.0.9 4 2 1639 1650 146 0 0 1d00h 7

10.0.0.13 4 4 1674 1659 146 0 0 1d01h 12

Shows the BGP neighbors, current BGP table version, networks and paths, and memory usage A Look at the Regular Expressions Information obtained through the use of show commands in conjunction with regular expressions can be useful in determining how BGP paths are installed into the BGP tables The following is the result of the show ip bgp regexp * command, which reveals all paths known to BGP on this router Router_1#sh ip bgp regexp.* BGP table version is 146, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>10.0.0.0/30 10.0.0.13 0 0 4 i * 10.0.0.0 10.0.0.9 0 2 3 i *> 10.0.0.13 0 4 3 i * 10.0.0.4/30 10.0.0.13 0 4 3 2 i *> 10.0.0.9 0 0 2 i *>192.168.0.0 10.0.0.13 0 0 4 i *>192.168.1.0 10.0.0.13 0 0 4 i *>192.168.2.0 10.0.0.13 0 0 4 i *>192.168.3.0 10.0.0.13 0 0 4 i * 192.168.8.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.9.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.10.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.11.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.32.0/22 10.0.0.13 0 4 3 2 i *> 10.0.0.9 0 2 i *>192.168.64.0 0.0.0.0 0 32768 ?

*>192.168.65.0 0.0.0.0 0 32768 ?

*>192.168.66.0 0.0.0.0 0 32768 ?

*>192.168.67.0 0.0.0.0 0 32768 ?

Observe this on all routers

In the case of router_1, the output of the show ip bgp * shows, for example, that directly connected networks have a

weight of 32768, and a path of "?" indicating that these networks are local to the router If router_1 were to receive notification from another source of a path to one of these routes, it would know by comparison that there is a loop, and that these route notifications are unreliable, and should be dropped

Note the summary route 192.168.32.0/22, denoted by the * as reliable, and advertised by AS4 (router 4) but that the best path, indicated by > comes from AS2 (router 2) Again, router 1 has received notification of two paths to a

particular network, but installs only one of them into its routing table (Refer to the router_1 routing table, above.)

Path Manipulation on Router 4

Observe the router_4 routing table

ROUTER_4#sh ip route bgp

B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:01:14

B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:01:14

B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:01:14

B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:01:14

B 192.168.64.0/24 [20/0] via 10.0.0.14, 00:01:18

B 192.168.65.0/24 [20/0] via 10.0.0.14, 00:01:18

B 192.168.66.0/24 [20/0] via 10.0.0.14, 00:01:18

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:01:14

B 10.0.0.4/30 [20/0] via 10.0.0.14, 00:01:18

B 192.168.67.0/24 [20/0] via 10.0.0.14, 00:01:18

B 192.168.32.0/22 [20/0] via 10.0.0.14, 00:01:18

ROUTER_4#

Router 4 is receiving information that certain networks are best reached from AS1 (router_1)

How Could You See the Regexp?

A look at the regular expression confirms this:

Network Next Hop Metric LocPrf Weight Path

*>198.92.0.0 198.92.72.30 8896 32768 ?

* 198.92.72.30 0 109 108 ?

*>198.92.1.0 198.92.72.30 8796 32768 ?

* 198.92.72.30 0 109 108 ?

ROUTER_4#sh ip bgp regexp *

BGP table version is 22, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history,

* valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>10.0.0.0/30 0.0.0.0 32768 i

*>10.0.0.0 10.0.0.2 0 3 i

* 10.0.0.14 0 1 2 3 i

* 10.0.0.4/30 10.0.0.2 0 3 2 i

*> 10.0.0.14 0 1 2 i

*>192.168.0.0 0.0.0.0 32768 i

*>192.168.1.0 0.0.0.0 32768 i

*>192.168.2.0 0.0.0.0 32768 i

*>192.168.3.0 0.0.0.0 32768 i

*>192.168.8.0 10.0.0.2 0 3 ?

* 10.0.0.14 0 1 2 3 ?

*>192.168.9.0 10.0.0.2 0 3 ?

* 10.0.0.14 0 1 2 3 ?

*>192.168.10.0 10.0.0.2 0 3 ?

* 10.0.0.14 0 1 2 3 ?

*>192.168.11.0 10.0.0.2 0 3 ?

* 10.0.0.14 0 1 2 3 ?

* 192.168.32.0/22 10.0.0.2 0 3 2 i

*> 10.0.0.14 0 1 2 i

* 192.168.64.0 10.0.0.2 0 3 2 1 ?

*> 10.0.0.14 0 1 ?

* 192.168.65.0 10.0.0.2 0 3 2 1 ?

*> 10.0.0.14 0 1 ?

* 192.168.66.0 10.0.0.2 0 3 2 1 ?

*> 10.0.0.14 0 1 ?

* 192.168.67.0 10.0.0.2 0 3 2 1 ?

*> 10.0.0.14 0 1 ?

ROUTER_4#

Observe that while a number of routes are advertised as originating through both AS1 (router_1) and AS3 (router_3) all routes are assigned a best path status based upon the decision process

Changing Policy

Suppose, though, that router_4 did not want to accept traffic from router_1 unless that traffic had passed through AS3 Suppose, for example, that the managers of AS4 determined that AS1 was abusing its peering privilege, and dumping far more traffic into AS4 than was permitted by agreement

Through the use of regular expressions in conjunction with an access-list, the management of AS4 can set a policy restricting traffic from AS1 entering AS4 directly

Note that in the configuration for AS4, there is an access list

ip as-path access-list 1 permit _3_

Note the "_3_ " portion The regular expression _3_ denotes an exact match of AS3, preceded and followed by any other AS

Add the Access List to Router 4 Configuration.

One more step is required As with all Cisco access-lists, it is one thing to create them They must still be applied

This is done with a filter list, applied under the routing process

So, in this case, on router_4, enter the following command:

router bgp 4

neighbor 10.0.0.14 filter-list 1 in

Huh? It Didn't Work

Now observe the change in the routing table, or in the regexp output There is no change! Why?

Something Is Missing

because the paths are already installed into the BGP tables

The BGP processes must be cleared so that, as updates are

received, the new policy can be applied This is done with the clear

ip bgp * command.

Now observe the routing table and the regexp output for router 4:

ROUTER_4#sh ip route bgp

B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.64.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.65.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.66.0/24 [20/0] via 10.0.0.2, 00:00:15

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:00:15

B 10.0.0.4/30 [20/0] via 10.0.0.2, 00:00:15

B 192.168.67.0/24 [20/0] via 10.0.0.2, 00:00:15

B 192.168.32.0/22 [20/0] via 10.0.0.2, 00:00:15

ROUTER_4#

All routes are originating through the connection to router 3 (AS3)

ROUTER_4#sh ip bgp regexp *

BGP table version is 17, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history

* valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0/30 0.0.0.0 32768 i

*> 10.0.0.0 10.0.0.2 0 3 i

*> 10.0.0.4/30 10.0.0.2 0 3 2 i

*> 192.168.0.0 0.0.0.0 32768 i

*> 192.168.1.0 0.0.0.0 32768 i

*> 192.168.2.0 0.0.0.0 32768 i

*> 192.168.3.0 0.0.0.0 32768 i

*> 192.168.8.0 10.0.0.2 0 3 ?

Do not reset interfaces in production networks

unless you know what the consequences will

be Wherever possible, use the newer soft refresh mechanisms See the BGP3 Tutorial for a discussion of soft refresh

*> 192.168.9.0 10.0.0.2 0 3 ?

*> 192.168.10.0 10.0.0.2 0 3 ?

*> 192.168.11.0 10.0.0.2 0 3 ?

*> 192.168.32.0/22 10.0.0.2 0 3 2 i

*> 192.168.64.0 10.0.0.2 0 3 2 1 ?

*> 192.168.65.0 10.0.0.2 0 3 2 1 ?

*> 192.168.66.0 10.0.0.2 0 3 2 1 ?

*> 192.168.67.0 10.0.0.2 0 3 2 1 ?

[IE-BGP3-LS1-F03]

[2000-08-30-01]

Copyright © 2000 Genium Publishing Corporation