BGP Routing - Implementing Basic BGP Part 2
Lets look at the following:
- Advertising networks into BGP
- BGP auto-summary
- Understanding BGP synchronisation
- How BGP handles next hop addresses
Lets setup the loopbacks as per the lab above;
Router-5(config)#inter loopback0
Router-5(config-if)#ip address 200.1.1.1 255.255.255.0
Router-5(config-if)#inter loopback1
Router-5(config-if)#ip address 200.1.2.1 255.255.255.0
Router-5(config-if)#inter loopback2
Router-5(config-if)#ip address 200.1.3.1 255.255.255.0
Router-5(config-if)#inter loopback3
Router-5(config-if)#ip address 200.1.4.1 255.255.255.0
Router-5(config-if)#inter loopback4
Router-5(config-if)#ip address 200.1.5.1 255.255.255.0
Router-5(config-if)#inter loopback6
Router-5(config-if)#ip address 200.1.6.1 255.255.255.0
Router-5(config-if)#inter loopback7
Router-5(config-if)#ip address 50.1.1.1 255.255.255.0
Router-5#show ip int brie
Interface IP-Address OK? Method Status Protocol
ATM0/0 unassigned YES NVRAM up up
FastEthernet0/0 10.14.0.1 YES NVRAM up up
FastEthernet0/0.1 10.14.10.1 YES NVRAM up up
FastEthernet0/0.2 10.14.20.1 YES NVRAM up up
FastEthernet0/0.3 10.14.30.1 YES NVRAM up up
FastEthernet0/0.4 10.14.40.1 YES NVRAM up up
FastEthernet0/0.5 10.14.50.1 YES NVRAM up up
BRI0/0 unassigned YES NVRAM administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
NVI0 10.14.0.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 109.170.1xx.x5 YES IPCP up up
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback5 5.5.5.5 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Loopback7 50.1.1.1 YES manual up up
Now we have our loopbacks configured we are going to advertise the 50.1.1.1 network in BGP;
This is normally done via the network command, and then network/subnet we want to advertise - although BGPs network command is unlike the network command as in other routing protocols, as this wont be selecting the interfaces on which to form neighbours - that is done STATICALLY!
BUT, for some reason they made BGP auto-summarise!!! *slaps head* so the command we have typed below will be advertising any networks encompassed within its class A network form
Router-5(config)#router bgp 6500
Router-5(config-router)#network 50.0.0.0
Instead of now either leaving the network command or following it up with no auto-summary like we normally do in other protocols, we have to use the mask option;
Router-5(config-router)#network 50.0.0.0 mask ?
A.B.C.D Network mask
NOW the mask we specify here HAS TO MATCH EXACTLY the interfaces IP/Subnet mask otherwise it will not work!!
but just to investigate i we will leave off the mask for the time being:
Router-5(config-router)#network 50.0.0.0
Router-5(config-router)#auto-summary <--by default auto-summary is disabled (thank god!)...well on IOS 12.2(8)T and above
Router-5#show ip bgp
BGP table version is 2, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 0.0.0.0 0 32768 i
SO we can see the network is advertising the CLASS A network of 50.0.0.0, the next hop address is itself.
* = valid
> = the best route
i = internal
Lets see what Router-4 has for us;
Router-4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 5.5.5.5 0 0 6500 i
Sure enough, he is recieving the route
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
B 50.0.0.0/8 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
Router-4#ping 50.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router-4#
Right, lets start tidying up that network config, as we are recieving a /8 advertisement for the 50.1.1.0 network, yet on the interface it is a /24
Router-5(config)#router bgp 6500
Router-5(config-router)#no network 50.0.0.0
REMEMBER the network statement has to match the subnet mask EXACTLY;
Router-5#show int Loopback7
Loopback7 is up, line protocol is up
Hardware is Loopback
Internet address is 50.1.1.1/24
SO, we use a CLASS C advertisement to match;
Router-5(config-router)#network 50.1.1.0 mask 255.255.255.0
Back over to Router-4:
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
SWEEEET! theres that BGP route baby, with the correct mask!
Router-4# show ip bgp sum
BGP router identifier 4.4.4.4, local AS number 5500
BGP table version is 4, main routing table version 4
1 network entries and 1 paths using 121 bytes of memory
1 BGP path attribute entries using 96 bytes of memory
BGP activity 2/1 prefixes, 2/1 paths
0 prefixes revised.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 5500 91 93 4 0 0 01:27:52 0
5.5.5.5 4 6500 95 91 4 0 0 01:28:36 1
Notice the State/PfxRcd column against our 5.5.5.5 neighbour now has a 1 for the BGP database version.
As the diagram at the beginning of this topic stated, we could also get the network into BGP via re-distribution tooo ...
Although generally not recommended, as these routes that your internal routing protocol are handling are PRIVATE and internal links, you dont want to beadvertising these out to your ISP.
Lets re-distribute the first 4 networks on 200.1.x.x on Router-5:
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Lets start off, with an access-list to deny the networks i dont want to re-distribute and permit the others:
Router-5(config)#ip access-list standard REDIST_BGP
Router-5(config-std-nacl)#deny 200.1.5.0
Router-5(config-std-nacl)#deny 200.1.6.0
Router-5(config-std-nacl)#permit any
Lets apply this ACL to a route-map;
Router-5(config)#route-map REDIST_FILTER
Router-5(config-route-map)#match ip address REDIST_BGP
So the above route-map will permit (permit by default) any ip addresses/networks in the ACL named REDIST_BGP
SO, we now have:
Router-5#show route-map REDIST_FILTER
route-map REDIST_FILTER, permit, sequence 10
Match clauses:
ip address (access-lists): REDIST_BGP
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Router-5#show access-list REDIST_BGP
Standard IP access list REDIST_BGP
10 deny 200.1.5.0
20 deny 200.1.6.0
30 permit any
Now, lets go under the BGP process and look at the redistribution:
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute ?
bgp Border Gateway Protocol (BGP)
connected Connected
dvmrp Redistribution of DVMRP into BGP IPv4 Multicast
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
How kool is that, we can also do static routes as well as connected interfaces!
Router-5(config-router)#redistribute connected ?
....AH, hang on, i dont want to advertise my WAN IP, Public IP nor the simulated WAN link between R5 and R4 (10.1.45.x) lets just add them into the ACL real quick;
Router-5(config)#ip access-l st REDIST_BGP
Router-5(config-std-nacl)#21 deny 10.0.0.0 0.255.255.255
Router-5(config-std-nacl)#22 deny 109.0.0.0 0.255.255.255
Router-5(config-std-nacl)#23 deny 62.0.0.0 0.255.255.255
right ...
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute connected route-map REDIST_FILTER
SO now, we will pass all connected interfaces thru the route-map to see if they are allowed to be redistributed.
lets check BGP:
Router-5#show ip bgp
BGP table version is 10, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 0.0.0.0 0 32768 i
*> 200.1.1.0 0.0.0.0 0 32768 ?
*> 200.1.2.0 0.0.0.0 0 32768 ?
*> 200.1.3.0 0.0.0.0 0 32768 ?
*> 200.1.4.0 0.0.0.0 0 32768 ?
KOOOL, however now i think about it, a better way of doing the ACL under the route-map would have been to only permit the x4 200.x.x.x networks and then deny everything else, because if i ever add a loopback or add an interface card, that bad boi is going to redistributed into BGP!
lets fix that:
Router-5(config)#no ip access-li st REDIST_BGP
Router-5(config)#ip access-li st REDIST_BGP
Router-5(config-std-nacl)#permit 200.1.1.0
Router-5(config-std-nacl)#permit 200.1.2.0
Router-5(config-std-nacl)#permit 200.1.3.0
Router-5(config-std-nacl)#permit 200.1.4.0
lets check again:
Router-4#show ip bgp
BGP table version is 10, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 5.5.5.5 0 0 6500 i
*> 200.1.1.0 5.5.5.5 0 0 6500 ?
*> 200.1.2.0 5.5.5.5 0 0 6500 ?
*> 200.1.3.0 5.5.5.5 0 0 6500 ?
*> 200.1.4.0 5.5.5.5 0 0 6500 ?
Sweet, 50.1.1.0/24 is showing as we have explictly said we want to advertise that under BGP:
Router-5#show run | s bgp
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 50.1.1.0 mask 255.255.255.0
redistribute connected route-map REDIST_FILTER
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback5
no auto-summary
Router-4's routing table:
Router-4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR, P - periodic downloaded static route
T - traffic engineered route
Gateway of last resort is not set
B 200.1.4.0/24 [20/0] via 5.5.5.5
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
B 200.1.1.0/24 [20/0] via 5.5.5.5
B 200.1.2.0/24 [20/0] via 5.5.5.5
B 200.1.3.0/24 [20/0] via 5.5.5.5
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
So thats how we can do it, via redistribution :0)
BGP SYNCHRONISATION RULE
Well, before we look at what it is, lets just check if Router-1 has picked up the routes via iBGP:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
yes we have, but notice we have question marks in some of the routes, these are the redistributed networks and BGP does not know where these originally came from.
We have no > best flag though, so they are not showing the routing table!
Router-1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 02:29:48, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 02:29:48, Serial0/0
WHY do we have this rule, well you may recall me answering this in the previous nugget, BUT.....
We can see Router-1 has learnt about the network 200.1.1.0 via iBGP, so Router-1 sends the packet to Router-3 and router he looks in his routing table;
Router-3#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.13.1, 02:39:58, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.13.1/32 is directly connected, Serial0/0
O 10.1.12.0/24 [110/74] via 10.1.13.1, 02:39:58, Serial0/0
O 10.1.24.0/30 [110/74] via 10.1.34.2, 02:39:58, Ethernet0/0
O 10.1.45.0/30 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
C 10.1.34.0/30 is directly connected, Ethernet0/0
NOPE, he knows nothing about the 200.1.x.x networks! so the packets are dropped and we have a blackhole .... NOW THE RULE MAKES SENSE, YES!
Only once R1 has learnt the routes via an internal routing protocol, will he advertise and then use the iBGP routes for traffic.
QUICK NOTE:
BGP Sync is:
turned on by default in 12.2(8)T and less
turned off by default in 12.2(8)T and higher
So if BGP sync is turned off, IT DOES NOT LOOK AT SATISFYING THAT RULE! they turned it off in later realeses because if you planned your network right then you would not run BGP how we have in this example, you would be running iBGP on the other OSPF only routers too!
It looks like my two iBGP routers are running early IOS versions, so lets turn off BGP sync
Router-1#conf t
Router-1(config)#router bgp 5500
Router-1(config-router)#no synchronization
Router-4#conf t
Router-4(config)#router bgp 5500
Router-4(config-router)#no synchronization
Sweet, lets check to see if we have the routes now:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
NOPE .....
There is another reason why these routes are not being used! ... check out the next hop column.
5.5.5.5 ... thats Router-5, our ISP router!!! D-A-M!!! no wonder why thats not working! does Router-1 know how to get to 5.5.5.5
Router-1#show ip route 5.5.5.5
% Network not in table
NO, no he does not and that why in BGP why the route is not marked with the best route flag (>)
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 next-hop-self
So for routes we advertise to Router-1 we use ourself (4.4.4.4) as the next hop address
AND HERE WE GO (took bloody ages for the changes to show!!!):
Router-1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i50.1.1.0/24 4.4.4.4 0 100 0 6500 i
*>i200.1.1.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.2.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.3.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.4.0 4.4.4.4 0 100 0 6500 ?
now we have the next hop, as 4.4.4.4 and now, if we check the routing table;
Router-1#show ip route
B 200.1.4.0/24 [200/0] via 4.4.4.4, 00:04:51
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [200/0] via 4.4.4.4, 00:04:51
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 00:04:41, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:41, Serial0/0
B 200.1.1.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.2.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.3.0/24 [200/0] via 4.4.4.4, 00:04:51
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 00:04:42, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 00:04:42, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:42, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 00:04:42, Serial0/0
WOW! thats alot to take in, and stuff you need to know!!! BGP sync and next-hop-self .... debugs are not going to show you that! you need to know that sh1t!.... sure is alot to BGP
