這些最基本的BGP, 學一學未來催牛逼確定用的到。 redis
Build BGP neighbors dom
- iBGP uses loopback and update source, need static route to each other’s loopback address ide
Network command: oop
· On R1, try network command with /21. Notice, it didn’t do anything, BGP requires exact match in table ui
o Remove statement: no network 11.1.100.0 mask 255.255.248.0 this
· On R1: Try network 11.1.100.0 mask 255.255.255.0 debug
o Shows up in R1 「show ip bgp」, but not in 「show ip route bgp」 (learned from DC) code
o Shows up in R2 「show ip bgp」, and in 「show ip route bgp」, R2 can ping router
o Shows up in R3 「show ip bgp」, but not in 「show ip route bgp」, R3 can not ping blog
§ Show ip bgp 11.1.100.0/24 – what does inaccessible mean? Why is it inaccessible?
BGP need to run over TCP level, there is no route like ospf or eigrp to this.
§ R2 needs to set ‘next hop self’ on iBGP peer
o Does not show up in R4 「show ip bgp」
· On R2, set next-hop self for R3
o Shows up in R3 「show ip bgp」 and 「show ip route bgp」
o Shows up in R4 「show ip bgp」 and 「show ip route」
§ What is next-hop that R4 got? (r3, next hop self is automatic for eBGP)
o Can R3/R4 ping? (no), why? (route back)
§ Turn on 「debug icmp packet」 on R1, and test pings from R2/R3/R4 to R1.
§ Notice packets are getting there, but R1 doesn’t know how to get to remote networks
o Add routes to 9.0.0.0/16 on all routers:
§ R1: ip route 9.0.0.0 255.255.0.0 9.0.12.2
§ R2: ip route 9.0.0.0 255.255.0.0 9.0.23.3
§ R3: ip route 9.0.0.0 255.255.0.0 9.0.23.2
§ R4: ip route 9.0.0.0 255.255.0.0 9.0.34.3
o Can R3/R4 ping? Yes
§ Remove debug on R1
· Add networks 11.1.101.0/24, .102., .103. to BGP routing domain
o R1:
network 11.1.101.0 mask 255.255.255.0
network 11.1.102.0 mask 255.255.255.0
network 11.1.103.0 mask 255.255.255.0
o Did R2/R3/R4 get the routes in BGP?
§ (if they only got one of them, you may have to wait 60 seconds to do min-update timer)
o Did R2/R3/R4 get route in RIB? (show ip route bgp)
o Can R2/R3/R4 ping 11.1.10x.1?
o What is the AS-PATH for the 11.1.10x.0 networks from R2, R3, R4?
o R2#sh ip bgp
o BGP table version is 5, local router ID is 9.0.23.2
o Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
o r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
o x best-external, a additional-path, c RIB-compressed,
o Origin codes: i - IGP, e - EGP, ? - incomplete
o RPKI validation codes: V valid, I invalid, N Not found
o
o Network Next Hop Metric LocPrf Weight Path
o *> 11.1.100.0/24 9.0.12.1 0 0 1111 i
o *> 11.1.101.0/24 9.0.12.1 0 0 1111 i
o *> 11.1.102.0/24 9.0.12.1 0 0 1111 i
o *> 11.1.103.0/24 9.0.12.1 0 0 1111 i
·
o What is the origin code for routes originated via network command? (i)
IGP
Redistribution
· Instead of adding networks one at a time, you can tell BGP to redistribute networks from another source (aka, eigrp, ospf, static routes, or directly connected routes)
o On R4, view available networks: show ip int br | e una
o On R4:
router bgp 4444
redistribute connected
o Did R3/R2/R1 get the routes in 「show ip bgp」? (R3 R2 yes, R1 no) Why or why not?
o Can R3/R2/R1 ping the .4 networks? (R3 yes, R2 R1 no). Why or Why not?
o R3 needs to 「next hop self」 on R2
o On R3:
router bgp 2323
neighbor 23.2.0.2 next-hop-self
clear ip bgp *
· Redistribution updates automatically
o On R4, configure new loopback interfaces
int loop205
ip address 44.4.205.4 255.255.255.0
int loop206
ip address 44.4.206.4 255.255.255.0
o Did R1/R2/R3 get the routes? Yes (depending how slow you typed, you may have to wait 60s)
o Can R1/R2/R3 ping right away? Yes
· Redistribution shouldn’t be left unchecked
o It could lead to undesired results
§ Ex: If someone configures a new directly connected network / static that shouldn’t have been redistributed
o Best to limit redistribution using a Route-Map
§ On R4:
ip prefix-list PL-CONNECTED->BGP permit 44.4.200.0/21 ge 24 le 24
route-map RM-CONNECTED->BGP permit 10
match ip address prefix-list PL-CONNECTED->BGP
exit
clear ip bgp *
o What routes were advertised to R3/R2/R1?
o Configure new directly connected routes on R4:
int loop207
ip address 44.4.207.4 255.255.255.0
int loop208
ip address 44.4.208.4 255.255.255.0
o Which of these new routes made it to R3/R2/R1? Why?
o Did the routes that were within the confines of the prefix-list propagate automatically?
o Add 208 to the prefix list:
ip prefix-list PL-CONNECTED->BGP permit 44.4.208.0/24
o Was the .208. network propagated to R3/R2/R1?
o What is the AS-PATH for the 44.4.10x.0 networks from R3, R2, R1?
o What is the origin code for routes originated via redistribution? (?)
Aggregation
· BGP only advertises a route in the RIB… if we can add routes to RIB, we can advertise them
o What is a way an administrate can manually add a route to the route table (static route)
o On R1, add a network statement for 11.1.104.0/22:
router bgp 1111
network 11.1.104.0 mask 255.255.252.0
o Was anything advertised into BGP (check show ip bgp on R1 and R2)? (no)
o On R1, add a static route for 11.1.104.0/22:
router1(config)#ip route 11.1.104.0 255.255.252.0 null0
o Was anything advertised? (yes, the /22)
o Can R2/R3/R4 see the new /22?
o Can R2/R3/R4 ping 11.1.10x.1?
o Remove the /24 networks from R1:
o Can R2/R3/R4 see the new /22?
o Can R2/R3/R4 ping 11.1.10x.1?
· BGP can also aggregate with aggregate-address command
o R4 is currently advertising 8 routes
o Use aggregate-address to summarize the first /22
router bgp 4444
aggregate-address 44.4.200.0 255.255.252.0
o What route was advertised to R3 / R2 / R1?
o By default, aggregate-address does not stop the advertisement of the smaller prefixes
§ but that can be enabled with summary-only command
o On R4, prevent advertising of smaller networks:
router bgp 4444
aggregate-address 44.4.200.0 255.255.252.0 summary-only
o What does the 「s」 mean on show ip bgp on R4?
o Can R3/R2/R1 still ping 44.4.200[0123].4?
o What route was advertised to R3/R2/R1?
o What is the AS-PATH to the new aggregate?
o What is the origin code for routes originated via aggregate-address (?)
o
· Aggregation is also possible on behalf of other AS’s
o We will have AS 2323 aggregate the 44.4.204.0/22 network towards AS 1111
o On R3:
router bgp 2323
aggregate-address 44.4.204.0 255.255.252.0 summary-only
o How did R3’s 「show ip bgp」 change?
o What was advertised to R2?
o What was advertised to R1?
o What is the origin code on R1 for the new aggregate?
o On R1: show ip bgp 44.4.204.0/22, who aggregated the route?
o What is the AS-PATH on R1 for the new aggregate?
§ Is that the real originating AS for those networks?
§ How does eBGP prevent loops?
§ Can you see how this could lead to problems?
§ On R4: show ip bgp summary
§ Did R4 learn something when R3 did the aggregation? Why did R4 learn from R3 about its own networks?
o Include the originating AS’s in the aggregate route by using the as-set argument:
o R3:
router bgp 2323
aggregate-address 44.4.204.0 255.255.252.0 summary-only as-set
o Was it advertised to R2/R1?
o What is R1’s AS-PATH on the aggregate?
o What is R1’s origin code on the aggregate?
· Seeing AS-SET when summarizing routes from multiple AS’s:
o Configure and advertise a network on R3:
interface Loopback234
ip address 10.234.3.3 255.255.255.128
router bgp 2323
network 10.234.3.0 mask 255.255.255.128
o Configure and advertise a network on R4:
interface Loopback234
ip address 10.234.4.4 255.255.255.128
router bgp 4444
network 10.234.4.0 mask 255.255.255.128
o Did both /25 routes make their way to R1?
Yes.
R1#sh ip bgp
BGP table version is 18, local router ID is 11.11.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.234.3.0/25 9.0.12.2 0 2323 i
*> 10.234.4.0/25 9.0.12.2 0 2323 4444 i
o Can R1 ping 10.234.4.4 and 10.234.3.3? no
o Use aggregate-address as-set summary only on R1:
router bgp 1111
aggregate-address 10.234.0.0 255.255.248.0 as-set summary-only
o How did 「show ip bgp」 change?
I can see this was suppressed
Network Next Hop Metric LocPrf Weight Path
*> 10.234.0.0/21 0.0.0.0 100 32768 {2323,4444} i
s> 10.234.3.0/25 9.0.12.2 0 2323 i
s> 10.234.4.0/25 9.0.12.2 0 2323 4444 i
o What would the AS-PATH be if R1 were connected to another AS and advertised 10.234.0.0/21 to them? (1111, {2323,4444} i)
R1.
R1#sh run | s r b
router bgp 1111
bgp log-neighbor-changes
network 11.1.100.0 mask 255.255.255.0
network 11.1.101.0 mask 255.255.255.0
network 11.1.102.0 mask 255.255.255.0
network 11.1.103.0 mask 255.255.255.0
network 11.1.104.0 mask 255.255.252.0
aggregate-address 10.234.0.0 255.255.248.0 as-set summary-only
neighbor 9.0.12.2 remote-as 2323
R1#sh ip bgp
BGP table version is 21, local router ID is 11.11.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.234.0.0/21 0.0.0.0 100 32768 {2323,4444} i
s> 10.234.3.0/25 9.0.12.2 0 2323 i
s> 10.234.4.0/25 9.0.12.2 0 2323 4444 i
*> 11.1.100.0/24 0.0.0.0 0 32768 i
*> 11.1.101.0/24 0.0.0.0 0 32768 i
*> 11.1.102.0/24 0.0.0.0 0 32768 i
*> 11.1.103.0/24 0.0.0.0 0 32768 i
*> 11.1.104.0/22 0.0.0.0 0 32768 i
*> 44.4.200.0/22 9.0.12.2 0 2323 4444 i
*> 44.4.204.0/22 9.0.12.2 0 2323 4444 ?
*> 44.4.208.0/24 9.0.12.2 0 2323 4444 ?
R1#sh run | i route
router bgp 1111
ip route 9.0.0.0 255.255.0.0 9.0.12.2
ip route 11.1.104.0 255.255.252.0 Null0
R2.
R2#sh ip int bri | e una
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 9.0.12.2 YES manual up up
GigabitEthernet0/1 9.0.23.2 YES manual up up
Loopback0 23.23.2.2 YES manual up up
R2#sh run | s r b
router bgp 2323
bgp log-neighbor-changes
neighbor 9.0.12.1 remote-as 1111
neighbor 9.0.23.3 remote-as 2323
neighbor 9.0.23.3 next-hop-self
R2#sh run | i route
R2#sh ip bgp
BGP table version is 22, local router ID is 9.0.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 10.234.3.0/25 9.0.23.3 0 100 0 i
*>i 10.234.4.0/25 9.0.23.3 0 100 0 4444 i
*> 11.1.100.0/24 9.0.12.1 0 0 1111 i
*> 11.1.101.0/24 9.0.12.1 0 0 1111 i
*> 11.1.102.0/24 9.0.12.1 0 0 1111 i
*> 11.1.103.0/24 9.0.12.1 0 0 1111 i
*> 11.1.104.0/22 9.0.12.1 0 0 1111 i
*>i 44.4.200.0/22 9.0.23.3 0 100 0 4444 i
*>i 44.4.204.0/22 9.0.23.3 0 100 0 4444 ?
*>i 44.4.208.0/24 9.0.23.3 0 100 0 4444 ?
R3.
R3#sh run | s r b
router bgp 2323
bgp log-neighbor-changes
network 10.234.3.0 mask 255.255.255.128
aggregate-address 44.4.204.0 255.255.252.0 as-set summary-only
neighbor 9.0.23.2 remote-as 2323
neighbor 9.0.23.2 next-hop-self
neighbor 9.0.34.4 remote-as 4444
R3#sh run | i route
router bgp 2323
R3#sh ip bgp
BGP table version is 36, local router ID is 23.23.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.234.3.0/25 0.0.0.0 0 32768 i
*> 10.234.4.0/25 9.0.34.4 0 0 4444 i
*>i 11.1.100.0/24 9.0.23.2 0 100 0 1111 i
*>i 11.1.101.0/24 9.0.23.2 0 100 0 1111 i
*>i 11.1.102.0/24 9.0.23.2 0 100 0 1111 i
*>i 11.1.103.0/24 9.0.23.2 0 100 0 1111 i
*>i 11.1.104.0/22 9.0.23.2 0 100 0 1111 i
*> 44.4.200.0/22 9.0.34.4 0 0 4444 i
s> 44.4.204.0/24 9.0.34.4 0 0 4444 ?
*> 44.4.204.0/22 0.0.0.0 100 32768 4444 ?
s> 44.4.205.0/24 9.0.34.4 0 0 4444 ?
s> 44.4.206.0/24 9.0.34.4 0 0 4444 ?
s> 44.4.207.0/24 9.0.34.4 0 0 4444 ?
*> 44.4.208.0/24 9.0.34.4 0 0 4444 ?
R4.
R4#sh ip int bri | e una
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 9.0.34.4 YES manual up up
Loopback0 44.44.4.4 YES manual up up
Loopback201 44.4.201.4 YES manual up up
Loopback202 44.4.202.4 YES manual up up
Loopback203 44.4.203.4 YES manual up up
Loopback204 44.4.204.4 YES manual up up
Loopback205 44.4.205.4 YES manual up up
Loopback206 44.4.206.4 YES manual up up
Loopback207 44.4.207.4 YES manual up up
Loopback208 44.4.208.4 YES manual up up
Loopback209 44.4.209.4 YES manual up up
Loopback234 10.234.4.4 YES manual up up
R4# sh run | s r b
router bgp 4444
bgp log-neighbor-changes
network 10.234.4.0 mask 255.255.255.128
aggregate-address 44.4.200.0 255.255.252.0 summary-only
redistribute connected route-map RM-CONNECT-BGP
neighbor 9.0.34.3 remote-as 2323
R4#sh run | i route
router bgp 4444
redistribute connected route-map RM-CONNECT-BGP
ip route 9.0.0.0 255.255.0.0 9.0.34.3
route-map RM-CONNECT-BGP permit 10
R4#sh run | i prefix-list
ip prefix-list PL-CONNECTED->BGP seq 5 permit 44.4.200.0/21 ge 24 le 24
ip prefix-list PL-CONNECTED->BGP seq 10 permit 44.4.208.0/24
match ip address prefix-list PL-CONNECTED->BGP
R4#sh ip bgp
BGP table version is 42, local router ID is 44.44.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path *> 10.234.3.0/25 9.0.34.3 0 0 2323 i *> 10.234.4.0/25 0.0.0.0 0 32768 i *> 11.1.100.0/24 9.0.34.3 0 2323 1111 i *> 11.1.101.0/24 9.0.34.3 0 2323 1111 i *> 11.1.102.0/24 9.0.34.3 0 2323 1111 i *> 11.1.103.0/24 9.0.34.3 0 2323 1111 i *> 11.1.104.0/22 9.0.34.3 0 2323 1111 i *> 44.4.200.0/22 0.0.0.0 32768 i s> 44.4.201.0/24 0.0.0.0 0 32768 ? s> 44.4.202.0/24 0.0.0.0 0 32768 ? s> 44.4.203.0/24 0.0.0.0 0 32768 ? *> 44.4.204.0/24 0.0.0.0 0 32768 ? *> 44.4.205.0/24 0.0.0.0 0 32768 ? *> 44.4.206.0/24 0.0.0.0 0 32768 ? Network Next Hop Metric LocPrf Weight Path *> 44.4.207.0/24 0.0.0.0 0 32768 ? *> 44.4.208.0/24 0.0.0.0 0 32768 ?