Wednesday, 21 December 2011
Tuesday, 6 December 2011
Sunday, 4 December 2011
Nugget 21
BGP Routing - Implementing Basic BGP Part 2
Lets look at the following:
Lets setup the loopbacks as per the lab above;
Router-5(config)#inter loopback0
Router-5(config-if)#ip address 200.1.1.1 255.255.255.0
Router-5(config-if)#inter loopback1
Router-5(config-if)#ip address 200.1.2.1 255.255.255.0
Router-5(config-if)#inter loopback2
Router-5(config-if)#ip address 200.1.3.1 255.255.255.0
Router-5(config-if)#inter loopback3
Router-5(config-if)#ip address 200.1.4.1 255.255.255.0
Router-5(config-if)#inter loopback4
Router-5(config-if)#ip address 200.1.5.1 255.255.255.0
Router-5(config-if)#inter loopback6
Router-5(config-if)#ip address 200.1.6.1 255.255.255.0
Router-5(config-if)#inter loopback7
Router-5(config-if)#ip address 50.1.1.1 255.255.255.0
Router-5#show ip int brie
Interface IP-Address OK? Method Status Protocol
ATM0/0 unassigned YES NVRAM up up
FastEthernet0/0 10.14.0.1 YES NVRAM up up
FastEthernet0/0.1 10.14.10.1 YES NVRAM up up
FastEthernet0/0.2 10.14.20.1 YES NVRAM up up
FastEthernet0/0.3 10.14.30.1 YES NVRAM up up
FastEthernet0/0.4 10.14.40.1 YES NVRAM up up
FastEthernet0/0.5 10.14.50.1 YES NVRAM up up
BRI0/0 unassigned YES NVRAM administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
NVI0 10.14.0.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 109.170.1xx.x5 YES IPCP up up
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback5 5.5.5.5 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Loopback7 50.1.1.1 YES manual up up
Now we have our loopbacks configured we are going to advertise the 50.1.1.1 network in BGP;
This is normally done via the network command, and then network/subnet we want to advertise - although BGPs network command is unlike the network command as in other routing protocols, as this wont be selecting the interfaces on which to form neighbours - that is done STATICALLY!
BUT, for some reason they made BGP auto-summarise!!! *slaps head* so the command we have typed below will be advertising any networks encompassed within its class A network form
Router-5(config)#router bgp 6500
Router-5(config-router)#network 50.0.0.0
Instead of now either leaving the network command or following it up with no auto-summary like we normally do in other protocols, we have to use the mask option;
Router-5(config-router)#network 50.0.0.0 mask ?
A.B.C.D Network mask
NOW the mask we specify here HAS TO MATCH EXACTLY the interfaces IP/Subnet mask otherwise it will not work!!
but just to investigate i we will leave off the mask for the time being:
Router-5(config-router)#network 50.0.0.0
Router-5(config-router)#auto-summary <--by default auto-summary is disabled (thank god!)...well on IOS 12.2(8)T and above
Router-5#show ip bgp
BGP table version is 2, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 0.0.0.0 0 32768 i
SO we can see the network is advertising the CLASS A network of 50.0.0.0, the next hop address is itself.
* = valid
> = the best route
i = internal
Lets see what Router-4 has for us;
Router-4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 5.5.5.5 0 0 6500 i
Sure enough, he is recieving the route
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
B 50.0.0.0/8 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
Router-4#ping 50.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router-4#
Right, lets start tidying up that network config, as we are recieving a /8 advertisement for the 50.1.1.0 network, yet on the interface it is a /24
Router-5(config)#router bgp 6500
Router-5(config-router)#no network 50.0.0.0
REMEMBER the network statement has to match the subnet mask EXACTLY;
Router-5#show int Loopback7
Loopback7 is up, line protocol is up
Hardware is Loopback
Internet address is 50.1.1.1/24
SO, we use a CLASS C advertisement to match;
Router-5(config-router)#network 50.1.1.0 mask 255.255.255.0
Back over to Router-4:
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
SWEEEET! theres that BGP route baby, with the correct mask!
Router-4# show ip bgp sum
BGP router identifier 4.4.4.4, local AS number 5500
BGP table version is 4, main routing table version 4
1 network entries and 1 paths using 121 bytes of memory
1 BGP path attribute entries using 96 bytes of memory
BGP activity 2/1 prefixes, 2/1 paths
0 prefixes revised.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 5500 91 93 4 0 0 01:27:52 0
5.5.5.5 4 6500 95 91 4 0 0 01:28:36 1
Notice the State/PfxRcd column against our 5.5.5.5 neighbour now has a 1 for the BGP database version.
As the diagram at the beginning of this topic stated, we could also get the network into BGP via re-distribution tooo ...
Although generally not recommended, as these routes that your internal routing protocol are handling are PRIVATE and internal links, you dont want to beadvertising these out to your ISP.
Lets re-distribute the first 4 networks on 200.1.x.x on Router-5:
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Lets start off, with an access-list to deny the networks i dont want to re-distribute and permit the others:
Router-5(config)#ip access-list standard REDIST_BGP
Router-5(config-std-nacl)#deny 200.1.5.0
Router-5(config-std-nacl)#deny 200.1.6.0
Router-5(config-std-nacl)#permit any
Lets apply this ACL to a route-map;
Router-5(config)#route-map REDIST_FILTER
Router-5(config-route-map)#match ip address REDIST_BGP
So the above route-map will permit (permit by default) any ip addresses/networks in the ACL named REDIST_BGP
SO, we now have:
Router-5#show route-map REDIST_FILTER
route-map REDIST_FILTER, permit, sequence 10
Match clauses:
ip address (access-lists): REDIST_BGP
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Router-5#show access-list REDIST_BGP
Standard IP access list REDIST_BGP
10 deny 200.1.5.0
20 deny 200.1.6.0
30 permit any
Now, lets go under the BGP process and look at the redistribution:
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute ?
bgp Border Gateway Protocol (BGP)
connected Connected
dvmrp Redistribution of DVMRP into BGP IPv4 Multicast
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
How kool is that, we can also do static routes as well as connected interfaces!
Router-5(config-router)#redistribute connected ?
....AH, hang on, i dont want to advertise my WAN IP, Public IP nor the simulated WAN link between R5 and R4 (10.1.45.x) lets just add them into the ACL real quick;
Router-5(config)#ip access-l st REDIST_BGP
Router-5(config-std-nacl)#21 deny 10.0.0.0 0.255.255.255
Router-5(config-std-nacl)#22 deny 109.0.0.0 0.255.255.255
Router-5(config-std-nacl)#23 deny 62.0.0.0 0.255.255.255
right ...
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute connected route-map REDIST_FILTER
SO now, we will pass all connected interfaces thru the route-map to see if they are allowed to be redistributed.
lets check BGP:
Router-5#show ip bgp
BGP table version is 10, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 0.0.0.0 0 32768 i
*> 200.1.1.0 0.0.0.0 0 32768 ?
*> 200.1.2.0 0.0.0.0 0 32768 ?
*> 200.1.3.0 0.0.0.0 0 32768 ?
*> 200.1.4.0 0.0.0.0 0 32768 ?
KOOOL, however now i think about it, a better way of doing the ACL under the route-map would have been to only permit the x4 200.x.x.x networks and then deny everything else, because if i ever add a loopback or add an interface card, that bad boi is going to redistributed into BGP!
lets fix that:
Router-5(config)#no ip access-li st REDIST_BGP
Router-5(config)#ip access-li st REDIST_BGP
Router-5(config-std-nacl)#permit 200.1.1.0
Router-5(config-std-nacl)#permit 200.1.2.0
Router-5(config-std-nacl)#permit 200.1.3.0
Router-5(config-std-nacl)#permit 200.1.4.0
lets check again:
Router-4#show ip bgp
BGP table version is 10, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 5.5.5.5 0 0 6500 i
*> 200.1.1.0 5.5.5.5 0 0 6500 ?
*> 200.1.2.0 5.5.5.5 0 0 6500 ?
*> 200.1.3.0 5.5.5.5 0 0 6500 ?
*> 200.1.4.0 5.5.5.5 0 0 6500 ?
Sweet, 50.1.1.0/24 is showing as we have explictly said we want to advertise that under BGP:
Router-5#show run | s bgp
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 50.1.1.0 mask 255.255.255.0
redistribute connected route-map REDIST_FILTER
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback5
no auto-summary
Router-4's routing table:
Router-4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR, P - periodic downloaded static route
T - traffic engineered route
Gateway of last resort is not set
B 200.1.4.0/24 [20/0] via 5.5.5.5
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
B 200.1.1.0/24 [20/0] via 5.5.5.5
B 200.1.2.0/24 [20/0] via 5.5.5.5
B 200.1.3.0/24 [20/0] via 5.5.5.5
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
So thats how we can do it, via redistribution :0)
BGP SYNCHRONISATION RULE
Well, before we look at what it is, lets just check if Router-1 has picked up the routes via iBGP:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
yes we have, but notice we have question marks in some of the routes, these are the redistributed networks and BGP does not know where these originally came from.
We have no > best flag though, so they are not showing the routing table!
Router-1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 02:29:48, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 02:29:48, Serial0/0
WHY do we have this rule, well you may recall me answering this in the previous nugget, BUT.....
We can see Router-1 has learnt about the network 200.1.1.0 via iBGP, so Router-1 sends the packet to Router-3 and router he looks in his routing table;
Router-3#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.13.1, 02:39:58, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.13.1/32 is directly connected, Serial0/0
O 10.1.12.0/24 [110/74] via 10.1.13.1, 02:39:58, Serial0/0
O 10.1.24.0/30 [110/74] via 10.1.34.2, 02:39:58, Ethernet0/0
O 10.1.45.0/30 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
C 10.1.34.0/30 is directly connected, Ethernet0/0
NOPE, he knows nothing about the 200.1.x.x networks! so the packets are dropped and we have a blackhole .... NOW THE RULE MAKES SENSE, YES!
Only once R1 has learnt the routes via an internal routing protocol, will he advertise and then use the iBGP routes for traffic.
QUICK NOTE:
BGP Sync is:
turned on by default in 12.2(8)T and less
turned off by default in 12.2(8)T and higher
So if BGP sync is turned off, IT DOES NOT LOOK AT SATISFYING THAT RULE! they turned it off in later realeses because if you planned your network right then you would not run BGP how we have in this example, you would be running iBGP on the other OSPF only routers too!
It looks like my two iBGP routers are running early IOS versions, so lets turn off BGP sync
Router-1#conf t
Router-1(config)#router bgp 5500
Router-1(config-router)#no synchronization
Router-4#conf t
Router-4(config)#router bgp 5500
Router-4(config-router)#no synchronization
Sweet, lets check to see if we have the routes now:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
NOPE .....
There is another reason why these routes are not being used! ... check out the next hop column.
5.5.5.5 ... thats Router-5, our ISP router!!! D-A-M!!! no wonder why thats not working! does Router-1 know how to get to 5.5.5.5
Router-1#show ip route 5.5.5.5
% Network not in table
NO, no he does not and that why in BGP why the route is not marked with the best route flag (>)
now for iBGP Peers, one way we could fix this would be to use this command:
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 next-hop-self
So for routes we advertise to Router-1 we use ourself (4.4.4.4) as the next hop address
AND HERE WE GO (took bloody ages for the changes to show!!!):
Router-1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i50.1.1.0/24 4.4.4.4 0 100 0 6500 i
*>i200.1.1.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.2.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.3.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.4.0 4.4.4.4 0 100 0 6500 ?
now we have the next hop, as 4.4.4.4 and now, if we check the routing table;
Router-1#show ip route
B 200.1.4.0/24 [200/0] via 4.4.4.4, 00:04:51
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [200/0] via 4.4.4.4, 00:04:51
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 00:04:41, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:41, Serial0/0
B 200.1.1.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.2.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.3.0/24 [200/0] via 4.4.4.4, 00:04:51
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 00:04:42, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 00:04:42, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:42, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 00:04:42, Serial0/0
WOW! thats alot to take in, and stuff you need to know!!! BGP sync and next-hop-self .... debugs are not going to show you that! you need to know that sh1t!.... sure is alot to BGP
BGP Routing - Implementing Basic BGP Part 2
Lets look at the following:
- Advertising networks into BGP
- BGP auto-summary
- Understanding BGP synchronisation
- How BGP handles next hop addresses
Lets setup the loopbacks as per the lab above;
Router-5(config)#inter loopback0
Router-5(config-if)#ip address 200.1.1.1 255.255.255.0
Router-5(config-if)#inter loopback1
Router-5(config-if)#ip address 200.1.2.1 255.255.255.0
Router-5(config-if)#inter loopback2
Router-5(config-if)#ip address 200.1.3.1 255.255.255.0
Router-5(config-if)#inter loopback3
Router-5(config-if)#ip address 200.1.4.1 255.255.255.0
Router-5(config-if)#inter loopback4
Router-5(config-if)#ip address 200.1.5.1 255.255.255.0
Router-5(config-if)#inter loopback6
Router-5(config-if)#ip address 200.1.6.1 255.255.255.0
Router-5(config-if)#inter loopback7
Router-5(config-if)#ip address 50.1.1.1 255.255.255.0
Router-5#show ip int brie
Interface IP-Address OK? Method Status Protocol
ATM0/0 unassigned YES NVRAM up up
FastEthernet0/0 10.14.0.1 YES NVRAM up up
FastEthernet0/0.1 10.14.10.1 YES NVRAM up up
FastEthernet0/0.2 10.14.20.1 YES NVRAM up up
FastEthernet0/0.3 10.14.30.1 YES NVRAM up up
FastEthernet0/0.4 10.14.40.1 YES NVRAM up up
FastEthernet0/0.5 10.14.50.1 YES NVRAM up up
BRI0/0 unassigned YES NVRAM administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
NVI0 10.14.0.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 109.170.1xx.x5 YES IPCP up up
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback5 5.5.5.5 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Loopback7 50.1.1.1 YES manual up up
Now we have our loopbacks configured we are going to advertise the 50.1.1.1 network in BGP;
This is normally done via the network command, and then network/subnet we want to advertise - although BGPs network command is unlike the network command as in other routing protocols, as this wont be selecting the interfaces on which to form neighbours - that is done STATICALLY!
BUT, for some reason they made BGP auto-summarise!!! *slaps head* so the command we have typed below will be advertising any networks encompassed within its class A network form
Router-5(config)#router bgp 6500
Router-5(config-router)#network 50.0.0.0
Instead of now either leaving the network command or following it up with no auto-summary like we normally do in other protocols, we have to use the mask option;
Router-5(config-router)#network 50.0.0.0 mask ?
A.B.C.D Network mask
NOW the mask we specify here HAS TO MATCH EXACTLY the interfaces IP/Subnet mask otherwise it will not work!!
but just to investigate i we will leave off the mask for the time being:
Router-5(config-router)#network 50.0.0.0
Router-5(config-router)#auto-summary <--by default auto-summary is disabled (thank god!)...well on IOS 12.2(8)T and above
Router-5#show ip bgp
BGP table version is 2, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 0.0.0.0 0 32768 i
SO we can see the network is advertising the CLASS A network of 50.0.0.0, the next hop address is itself.
* = valid
> = the best route
i = internal
Lets see what Router-4 has for us;
Router-4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.0.0.0 5.5.5.5 0 0 6500 i
Sure enough, he is recieving the route
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
B 50.0.0.0/8 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
Router-4#ping 50.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router-4#
Right, lets start tidying up that network config, as we are recieving a /8 advertisement for the 50.1.1.0 network, yet on the interface it is a /24
Router-5(config)#router bgp 6500
Router-5(config-router)#no network 50.0.0.0
REMEMBER the network statement has to match the subnet mask EXACTLY;
Router-5#show int Loopback7
Loopback7 is up, line protocol is up
Hardware is Loopback
Internet address is 50.1.1.1/24
SO, we use a CLASS C advertisement to match;
Router-5(config-router)#network 50.1.1.0 mask 255.255.255.0
Back over to Router-4:
Router-4#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
SWEEEET! theres that BGP route baby, with the correct mask!
Router-4# show ip bgp sum
BGP router identifier 4.4.4.4, local AS number 5500
BGP table version is 4, main routing table version 4
1 network entries and 1 paths using 121 bytes of memory
1 BGP path attribute entries using 96 bytes of memory
BGP activity 2/1 prefixes, 2/1 paths
0 prefixes revised.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 5500 91 93 4 0 0 01:27:52 0
5.5.5.5 4 6500 95 91 4 0 0 01:28:36 1
Notice the State/PfxRcd column against our 5.5.5.5 neighbour now has a 1 for the BGP database version.
As the diagram at the beginning of this topic stated, we could also get the network into BGP via re-distribution tooo ...
Although generally not recommended, as these routes that your internal routing protocol are handling are PRIVATE and internal links, you dont want to beadvertising these out to your ISP.
Lets re-distribute the first 4 networks on 200.1.x.x on Router-5:
Loopback0 200.1.1.1 YES manual up up
Loopback1 200.1.2.1 YES manual up up
Loopback2 200.1.3.1 YES manual up up
Loopback3 200.1.4.1 YES manual up up
Loopback4 200.1.5.1 YES manual up up
Loopback6 200.1.6.1 YES manual up up
Lets start off, with an access-list to deny the networks i dont want to re-distribute and permit the others:
Router-5(config)#ip access-list standard REDIST_BGP
Router-5(config-std-nacl)#deny 200.1.5.0
Router-5(config-std-nacl)#deny 200.1.6.0
Router-5(config-std-nacl)#permit any
Lets apply this ACL to a route-map;
Router-5(config)#route-map REDIST_FILTER
Router-5(config-route-map)#match ip address REDIST_BGP
So the above route-map will permit (permit by default) any ip addresses/networks in the ACL named REDIST_BGP
SO, we now have:
Router-5#show route-map REDIST_FILTER
route-map REDIST_FILTER, permit, sequence 10
Match clauses:
ip address (access-lists): REDIST_BGP
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Router-5#show access-list REDIST_BGP
Standard IP access list REDIST_BGP
10 deny 200.1.5.0
20 deny 200.1.6.0
30 permit any
Now, lets go under the BGP process and look at the redistribution:
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute ?
bgp Border Gateway Protocol (BGP)
connected Connected
dvmrp Redistribution of DVMRP into BGP IPv4 Multicast
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static routes
How kool is that, we can also do static routes as well as connected interfaces!
Router-5(config-router)#redistribute connected ?
....AH, hang on, i dont want to advertise my WAN IP, Public IP nor the simulated WAN link between R5 and R4 (10.1.45.x) lets just add them into the ACL real quick;
Router-5(config)#ip access-l st REDIST_BGP
Router-5(config-std-nacl)#21 deny 10.0.0.0 0.255.255.255
Router-5(config-std-nacl)#22 deny 109.0.0.0 0.255.255.255
Router-5(config-std-nacl)#23 deny 62.0.0.0 0.255.255.255
right ...
Router-5(config)#router bgp 6500
Router-5(config-router)#redistribute connected route-map REDIST_FILTER
SO now, we will pass all connected interfaces thru the route-map to see if they are allowed to be redistributed.
lets check BGP:
Router-5#show ip bgp
BGP table version is 10, local router ID is 109.170.187.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 0.0.0.0 0 32768 i
*> 200.1.1.0 0.0.0.0 0 32768 ?
*> 200.1.2.0 0.0.0.0 0 32768 ?
*> 200.1.3.0 0.0.0.0 0 32768 ?
*> 200.1.4.0 0.0.0.0 0 32768 ?
KOOOL, however now i think about it, a better way of doing the ACL under the route-map would have been to only permit the x4 200.x.x.x networks and then deny everything else, because if i ever add a loopback or add an interface card, that bad boi is going to redistributed into BGP!
lets fix that:
Router-5(config)#no ip access-li st REDIST_BGP
Router-5(config)#ip access-li st REDIST_BGP
Router-5(config-std-nacl)#permit 200.1.1.0
Router-5(config-std-nacl)#permit 200.1.2.0
Router-5(config-std-nacl)#permit 200.1.3.0
Router-5(config-std-nacl)#permit 200.1.4.0
lets check again:
Router-4#show ip bgp
BGP table version is 10, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 50.1.1.0/24 5.5.5.5 0 0 6500 i
*> 200.1.1.0 5.5.5.5 0 0 6500 ?
*> 200.1.2.0 5.5.5.5 0 0 6500 ?
*> 200.1.3.0 5.5.5.5 0 0 6500 ?
*> 200.1.4.0 5.5.5.5 0 0 6500 ?
Sweet, 50.1.1.0/24 is showing as we have explictly said we want to advertise that under BGP:
Router-5#show run | s bgp
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 50.1.1.0 mask 255.255.255.0
redistribute connected route-map REDIST_FILTER
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback5
no auto-summary
Router-4's routing table:
Router-4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR, P - periodic downloaded static route
T - traffic engineered route
Gateway of last resort is not set
B 200.1.4.0/24 [20/0] via 5.5.5.5
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/66] via 10.1.34.1, FastEthernet0/1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [20/0] via 5.5.5.5
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
5.0.0.0/32 is subnetted, 1 subnets
S 5.5.5.5 [1/0] via 10.1.45.2
B 200.1.1.0/24 [20/0] via 5.5.5.5
B 200.1.2.0/24 [20/0] via 5.5.5.5
B 200.1.3.0/24 [20/0] via 5.5.5.5
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 10.14.0.0/25 is directly connected, FastEthernet0/0
O 10.1.13.0/30 [110/65] via 10.1.34.1, FastEthernet0/1
O 10.1.12.0/24 [110/74] via 10.1.24.1, Serial0/0
C 10.1.24.1/32 is directly connected, Serial0/0
C 10.1.24.0/30 is directly connected, Serial0/0
C 10.1.45.0/30 is directly connected, FastEthernet0/0
C 10.1.34.0/30 is directly connected, FastEthernet0/1
So thats how we can do it, via redistribution :0)
BGP SYNCHRONISATION RULE
Well, before we look at what it is, lets just check if Router-1 has picked up the routes via iBGP:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
yes we have, but notice we have question marks in some of the routes, these are the redistributed networks and BGP does not know where these originally came from.
We have no > best flag though, so they are not showing the routing table!
Router-1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 02:29:48, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 02:29:48, Ethernet0/0
[110/75] via 10.1.13.2, 02:29:48, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 02:29:48, Serial0/0
WHY do we have this rule, well you may recall me answering this in the previous nugget, BUT.....
We can see Router-1 has learnt about the network 200.1.1.0 via iBGP, so Router-1 sends the packet to Router-3 and router he looks in his routing table;
Router-3#show ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.13.1, 02:39:58, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.13.1/32 is directly connected, Serial0/0
O 10.1.12.0/24 [110/74] via 10.1.13.1, 02:39:58, Serial0/0
O 10.1.24.0/30 [110/74] via 10.1.34.2, 02:39:58, Ethernet0/0
O 10.1.45.0/30 [110/11] via 10.1.34.2, 02:39:58, Ethernet0/0
C 10.1.34.0/30 is directly connected, Ethernet0/0
NOPE, he knows nothing about the 200.1.x.x networks! so the packets are dropped and we have a blackhole .... NOW THE RULE MAKES SENSE, YES!
Only once R1 has learnt the routes via an internal routing protocol, will he advertise and then use the iBGP routes for traffic.
QUICK NOTE:
BGP Sync is:
turned on by default in 12.2(8)T and less
turned off by default in 12.2(8)T and higher
So if BGP sync is turned off, IT DOES NOT LOOK AT SATISFYING THAT RULE! they turned it off in later realeses because if you planned your network right then you would not run BGP how we have in this example, you would be running iBGP on the other OSPF only routers too!
It looks like my two iBGP routers are running early IOS versions, so lets turn off BGP sync
Router-1#conf t
Router-1(config)#router bgp 5500
Router-1(config-router)#no synchronization
Router-4#conf t
Router-4(config)#router bgp 5500
Router-4(config-router)#no synchronization
Sweet, lets check to see if we have the routes now:
Router-1# show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i50.1.1.0/24 5.5.5.5 0 100 0 6500 i
* i200.1.1.0 5.5.5.5 0 100 0 6500 ?
* i200.1.2.0 5.5.5.5 0 100 0 6500 ?
* i200.1.3.0 5.5.5.5 0 100 0 6500 ?
* i200.1.4.0 5.5.5.5 0 100 0 6500 ?
NOPE .....
There is another reason why these routes are not being used! ... check out the next hop column.
5.5.5.5 ... thats Router-5, our ISP router!!! D-A-M!!! no wonder why thats not working! does Router-1 know how to get to 5.5.5.5
Router-1#show ip route 5.5.5.5
% Network not in table
NO, no he does not and that why in BGP why the route is not marked with the best route flag (>)
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 next-hop-self
So for routes we advertise to Router-1 we use ourself (4.4.4.4) as the next hop address
AND HERE WE GO (took bloody ages for the changes to show!!!):
Router-1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i50.1.1.0/24 4.4.4.4 0 100 0 6500 i
*>i200.1.1.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.2.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.3.0 4.4.4.4 0 100 0 6500 ?
*>i200.1.4.0 4.4.4.4 0 100 0 6500 ?
now we have the next hop, as 4.4.4.4 and now, if we check the routing table;
Router-1#show ip route
B 200.1.4.0/24 [200/0] via 4.4.4.4, 00:04:51
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [200/0] via 4.4.4.4, 00:04:51
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 00:04:41, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:41, Serial0/0
B 200.1.1.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.2.0/24 [200/0] via 4.4.4.4, 00:04:51
B 200.1.3.0/24 [200/0] via 4.4.4.4, 00:04:51
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C 10.1.13.2/32 is directly connected, Serial0/0
C 10.1.13.0/30 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Ethernet0/0
O 10.1.24.0/30 [110/74] via 10.1.12.2, 00:04:42, Ethernet0/0
O 10.1.45.0/30 [110/75] via 10.1.12.2, 00:04:42, Ethernet0/0
[110/75] via 10.1.13.2, 00:04:42, Serial0/0
O 10.1.34.0/30 [110/74] via 10.1.13.2, 00:04:42, Serial0/0
WOW! thats alot to take in, and stuff you need to know!!! BGP sync and next-hop-self .... debugs are not going to show you that! you need to know that sh1t!.... sure is alot to BGP
Saturday, 3 December 2011
Nugget 20
BGP Routing - Implementing Basic BGP Part 1
The lab is now setup as above, with OSPF being the interior routing protocol and BGP the external ... and well we will configure an internal BGP peering between R4 and R1 later.
Lets check out the commands at our disposal in BGP:
Router-5(config)#router bgp 6500
Router-5(config-router)#neighbor 10.1.45.1 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check One-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate the iBGP paths's next hop unchanged for this neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
soft-reconfiguration Per neighbor soft reconfiguration
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
Check out all them options!!! wow boi!
First thing we need to do, in order to get started and get this relationship up and running is the remote-as command, this will get the conversation flowing with OPEN msgs to the neighbour statement we are configuring.
Router-5(config-router)#neighbor 10.1.45.1 remote-as 5500
Router-5#show ip bgp summ
BGP router identifier 109.170.1x7.xx, local AS number 6500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd <--seq of the DB it has recieved
10.1.45.1 4 5500 0 0 0 0 0 never Active
Here we can see we have our configured neighbor .... totally dead (Up/Down column) at the moment, no messages sent or recieved. Notice the state/PfxRcd is set to ACTIVE, this means the exact same thing as in the EIGRP world:
ACTIVE = BAD
It is actively trying to bring the relationship up (whereas EIGRP was actively trying to find a backup route)
Lets configure his buddy;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 10.1.45.2 remote-as 6500
Now, lets see how long it takes for the relationship to come up!.... remember this is a SLOW protocol:
Router-5#show clock
21:48:35.778 GB Sat Nov 19 2011
Router-5#
013151: Nov 19 21:48:50.025: %BGP-5-ADJCHANGE: neighbor 10.1.45.1 Up
Okay, 15 seconds, that came up pretty quick (bit dissapointed in away as jeremy - the instructor was saying it can take as long as 60 seconds!)
Router-4#show ip bgp sum
BGP router identifier 10.1.45.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.45.2 4 6500 8 7 1 0 0 00:04:36 0
So notice we have msgs being sent and recieved, BUT the state/PfxRcd column is still 0, thats because with BGP you can establish a neighbour and not send/exchange any routes/information ..... SO different to what we are used to!! (so is statically configuring the neighbours too! lol BUT i guess if it did auto discover neighbours, imagine the issues ISPs would have, peoples home routers bringing up BGP, peering with them and then injecting routes all over the place LOL)
Now for iBGP, there is no funky command or any funny business, it will just be when we enter the remote-as command we enter "our" internal AS and the router will know it will be an iBGP speaker.
As the plan goes, we plan to get a iBGP peering going with routers 1&4, even though, they are not directly connected :0)
First though, we need to setup some loopbacks for the peering of the relationships, as it would be silly peering with x1 of the physical interfaces, as if x1 of those interfaces where to go down, we would loose the BGP peering.
We also then need to advertise the loopbacks into the internal routing protocol (OSPF) so the rest of the network knows about them (otherwise the BGP messages would not make it from either iBGP speaker)
Router-4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router-4(config)#inter loopback4
Router-4(config-if)#ip address 4.4.4.4 255.255.255.255
Router-4(config-if)#exit
Router-4(config)#router ospf 1
Router-4(config-router)#network 4.4.4.4 0.0.0.0 area 0
lets do the same for Router-1, but first double check he is now seeing this new loopback;
Router-1#show ip route
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 00:01:02, Ethernet0/0
[110/75] via 10.1.13.2, 00:01:02, Serial0/0
Swweeet, lets do the loopback on this router too;
Router-1(config)#inter loopback1
Router-1(config-if)#ip address 1.1.1.1 255.255.255.255
Router-1(config-if)#exit
Router-1(config)#router ospf 1
Router-1(config-router)#network 1.1.1.1 0.0.0.0 area 0
lets configure the BGP part now on both routers;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 remote-as 5500
Router-1(config)#router bgp 5500
Router-1(config-router)#neighbor 4.4.4.4 remote-as 5500
BUT the neighbourship will NEVER form;
Router-1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 0 0 0 0 0 never Active
BECAUSE .... the BGP packets will be hitting the neighbour with a source interface IP address which wont be the loopback (whichever OSPF determines the quicker path to the neighbour), therefore the relationship will not form as the BGP router has no idea who that interface is/belongs too, it wont be the statically configured IP in the neighbour command!!
So to fix this, we can use the update-source command, here we can specify the loopback of Router-4
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 update-source loopback 4
lets go do the other router:
Router-1(config)#router bgp 5500
Router-1(config-router)#neighbor 4.4.4.4 update-source loopback 1
ah ha ...
Router-1#
000018: *Mar 1 01:52:30.823: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
Router-1#show ip bgp summ
BGP router identifier 1.1.1.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 3 4 1 0 0 00:00:37 0
Notice, we now have no ACTIVE state and a 0 for the revision of the BGP database.
Over on router-4 we have the iBGP and eBGP neighbourships up;
Router-4#show ip bgp summ
BGP router identifier 10.1.45.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 5500 10 9 1 0 0 00:06:10 0
10.1.45.2 4 6500 52 51 1 0 0 00:48:19 0
just for clarification and sanity checking:
Router-4#show ip bgp neighbors
BGP neighbor is 1.1.1.1, remote AS 5500, internal link <---iBGP
Index 2, Offset 0, Mask 0x4
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, table version = 1, up for 00:08:10
Last read 00:00:10, hold time is 180, keepalive interval is 60 seconds
Minimum time between advertisement runs is 5 seconds
Received 12 messages, 0 notifications, 0 in queue
Sent 11 messages, 0 notifications, 0 in queue
Prefix advertised 0, suppressed 0, withdrawn 0
Connections established 1; dropped 0
Last reset never
0 accepted prefixes consume 0 bytes
0 history paths consume 0 bytes
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 4.4.4.4, Local port: 11012
Foreign host: 1.1.1.1, Foreign port: 179
BGP neighbor is 10.1.45.2, remote AS 6500, external link <----eBGP
Index 1, Offset 0, Mask 0x2
BGP version 4, remote router ID 109.170.1x7.xx (my public IP range)
BGP state = Established, table version = 1, up for 00:50:50
Last read 00:00:50, hold time is 180, keepalive interval is 60 seconds
Minimum time between advertisement runs is 30 seconds
Received 54 messages, 0 notifications, 0 in queue
Sent 53 messages, 0 notifications, 0 in queue
Prefix advertised 0, suppressed 0, withdrawn 0
Connections established 1; dropped 0
Last reset never
0 accepted prefixes consume 0 bytes
0 history paths consume 0 bytes
BUT, we still have no BGP routes;
Router-4#show ip bgp
Becuase the neighbours and networks/routes are seperated in BGP unlike other routing protocols, whereby you have neighbours and you are told of the routes they know (via the network command under the routing protocol, which would tell the router what interfaces to advertise on and what networks to advertise into the process) ...
So with BGP, we have neighbour commands to bring up neighbour relationships BUT then to get the routing aspect we have to then apply the network commands, so they are totally seperate with BGP.
Right before we get BGP exchanging routes, lets just look at an example and at the same time tidy up our relationship with Router-5 (lets get it using a loopack interface tooo)
Router-5(config)#interface loopback5
Router-5(config-if)#ip address 5.5.5.5 255.255.255.255
Plus we need a static route to our neighbour, as if we were an ISP, we would not be running an interior routing protocol;
Router-5(config-if)#ip route 4.4.4.4 255.255.255.255 10.1.45.1
test;
Router-5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Now lets set a static on Router-4 to reach Router-5's (the ISP) loopback, as currently this router does not no anything about the 5.5.5.5 network;
Router-4(config)#ip route 5.5.5.5 255.255.255.255 10.1.45.2
Router-4#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Lets just say for a moment, that say we had to links (T1 lines) going to the same ISP, we could have another static route on the ISP end and have that point to a 2nd loopback interface and then the cisco router would perform load balancing (see diagram above)
HOWEVER there is a rule for eBGP, and that is the neighbours MUST BE DIRECTLY CONNECTED, although we may be thinking well, yeah they are, the router has to pass through the routers interface to get to the loopback, and so see's it as being more than 1 hop away ...
SO, this can be fixed by apply the update-source command and setting it to the loopback 4.4.4.4 and then with this command:
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop ?
<1-255> maximum hop count
<cr>
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop 2
But again, be careful as for routing loops!! recommended is no more than 5!
RIGHT, so lets watch the neighbourship come up after i apply this on both routers;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop 2
Router-4(config-router)#neighbor 5.5.5.5 update-source loopback 4
Router-5(config)#router bgp 6500
Router-5(config-router)#neighbor 4.4.4.4 ebgp-multihop 2
Router-5(config-router)#neighbor 4.4.4.4 update-source loopback 5
Router-5(config-router)#
013233: Nov 19 23:22:28.467: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
Router-5#show ip bgp summ
BGP router identifier 109.170.1x7.xx, local AS number 6500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 3 4 1 0 0 00:00:57 0
SWEEET, without that multihop command this neighbour would never of come up.
RIGHT, lets get on with part 2
BGP Routing - Implementing Basic BGP Part 1
The lab is now setup as above, with OSPF being the interior routing protocol and BGP the external ... and well we will configure an internal BGP peering between R4 and R1 later.
Lets check out the commands at our disposal in BGP:
Router-5(config)#router bgp 6500
Router-5(config-router)#neighbor 10.1.45.1 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check One-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate the iBGP paths's next hop unchanged for this neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
soft-reconfiguration Per neighbor soft reconfiguration
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
Check out all them options!!! wow boi!
First thing we need to do, in order to get started and get this relationship up and running is the remote-as command, this will get the conversation flowing with OPEN msgs to the neighbour statement we are configuring.
Router-5(config-router)#neighbor 10.1.45.1 remote-as 5500
Router-5#show ip bgp summ
BGP router identifier 109.170.1x7.xx, local AS number 6500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd <--seq of the DB it has recieved
10.1.45.1 4 5500 0 0 0 0 0 never Active
Here we can see we have our configured neighbor .... totally dead (Up/Down column) at the moment, no messages sent or recieved. Notice the state/PfxRcd is set to ACTIVE, this means the exact same thing as in the EIGRP world:
ACTIVE = BAD
It is actively trying to bring the relationship up (whereas EIGRP was actively trying to find a backup route)
Lets configure his buddy;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 10.1.45.2 remote-as 6500
Now, lets see how long it takes for the relationship to come up!.... remember this is a SLOW protocol:
Router-5#show clock
21:48:35.778 GB Sat Nov 19 2011
Router-5#
013151: Nov 19 21:48:50.025: %BGP-5-ADJCHANGE: neighbor 10.1.45.1 Up
Okay, 15 seconds, that came up pretty quick (bit dissapointed in away as jeremy - the instructor was saying it can take as long as 60 seconds!)
Router-4#show ip bgp sum
BGP router identifier 10.1.45.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.45.2 4 6500 8 7 1 0 0 00:04:36 0
So notice we have msgs being sent and recieved, BUT the state/PfxRcd column is still 0, thats because with BGP you can establish a neighbour and not send/exchange any routes/information ..... SO different to what we are used to!! (so is statically configuring the neighbours too! lol BUT i guess if it did auto discover neighbours, imagine the issues ISPs would have, peoples home routers bringing up BGP, peering with them and then injecting routes all over the place LOL)
Now for iBGP, there is no funky command or any funny business, it will just be when we enter the remote-as command we enter "our" internal AS and the router will know it will be an iBGP speaker.
As the plan goes, we plan to get a iBGP peering going with routers 1&4, even though, they are not directly connected :0)
We also then need to advertise the loopbacks into the internal routing protocol (OSPF) so the rest of the network knows about them (otherwise the BGP messages would not make it from either iBGP speaker)
Router-4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router-4(config)#inter loopback4
Router-4(config-if)#ip address 4.4.4.4 255.255.255.255
Router-4(config-if)#exit
Router-4(config)#router ospf 1
Router-4(config-router)#network 4.4.4.4 0.0.0.0 area 0
lets do the same for Router-1, but first double check he is now seeing this new loopback;
Router-1#show ip route
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/75] via 10.1.12.2, 00:01:02, Ethernet0/0
[110/75] via 10.1.13.2, 00:01:02, Serial0/0
Swweeet, lets do the loopback on this router too;
Router-1(config)#inter loopback1
Router-1(config-if)#ip address 1.1.1.1 255.255.255.255
Router-1(config-if)#exit
Router-1(config)#router ospf 1
Router-1(config-router)#network 1.1.1.1 0.0.0.0 area 0
lets configure the BGP part now on both routers;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 remote-as 5500
Router-1(config)#router bgp 5500
Router-1(config-router)#neighbor 4.4.4.4 remote-as 5500
BUT the neighbourship will NEVER form;
Router-1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 0 0 0 0 0 never Active
BECAUSE .... the BGP packets will be hitting the neighbour with a source interface IP address which wont be the loopback (whichever OSPF determines the quicker path to the neighbour), therefore the relationship will not form as the BGP router has no idea who that interface is/belongs too, it wont be the statically configured IP in the neighbour command!!
So to fix this, we can use the update-source command, here we can specify the loopback of Router-4
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 1.1.1.1 update-source loopback 4
lets go do the other router:
Router-1(config)#router bgp 5500
Router-1(config-router)#neighbor 4.4.4.4 update-source loopback 1
ah ha ...
Router-1#
000018: *Mar 1 01:52:30.823: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
Router-1#show ip bgp summ
BGP router identifier 1.1.1.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 3 4 1 0 0 00:00:37 0
Notice, we now have no ACTIVE state and a 0 for the revision of the BGP database.
Over on router-4 we have the iBGP and eBGP neighbourships up;
Router-4#show ip bgp summ
BGP router identifier 10.1.45.1, local AS number 5500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 5500 10 9 1 0 0 00:06:10 0
10.1.45.2 4 6500 52 51 1 0 0 00:48:19 0
just for clarification and sanity checking:
Router-4#show ip bgp neighbors
BGP neighbor is 1.1.1.1, remote AS 5500, internal link <---iBGP
Index 2, Offset 0, Mask 0x4
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, table version = 1, up for 00:08:10
Last read 00:00:10, hold time is 180, keepalive interval is 60 seconds
Minimum time between advertisement runs is 5 seconds
Received 12 messages, 0 notifications, 0 in queue
Sent 11 messages, 0 notifications, 0 in queue
Prefix advertised 0, suppressed 0, withdrawn 0
Connections established 1; dropped 0
Last reset never
0 accepted prefixes consume 0 bytes
0 history paths consume 0 bytes
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 4.4.4.4, Local port: 11012
Foreign host: 1.1.1.1, Foreign port: 179
BGP neighbor is 10.1.45.2, remote AS 6500, external link <----eBGP
Index 1, Offset 0, Mask 0x2
BGP version 4, remote router ID 109.170.1x7.xx (my public IP range)
BGP state = Established, table version = 1, up for 00:50:50
Last read 00:00:50, hold time is 180, keepalive interval is 60 seconds
Minimum time between advertisement runs is 30 seconds
Received 54 messages, 0 notifications, 0 in queue
Sent 53 messages, 0 notifications, 0 in queue
Prefix advertised 0, suppressed 0, withdrawn 0
Connections established 1; dropped 0
Last reset never
0 accepted prefixes consume 0 bytes
0 history paths consume 0 bytes
BUT, we still have no BGP routes;
Router-4#show ip bgp
Becuase the neighbours and networks/routes are seperated in BGP unlike other routing protocols, whereby you have neighbours and you are told of the routes they know (via the network command under the routing protocol, which would tell the router what interfaces to advertise on and what networks to advertise into the process) ...
So with BGP, we have neighbour commands to bring up neighbour relationships BUT then to get the routing aspect we have to then apply the network commands, so they are totally seperate with BGP.
Right before we get BGP exchanging routes, lets just look at an example and at the same time tidy up our relationship with Router-5 (lets get it using a loopack interface tooo)
Router-5(config)#interface loopback5
Router-5(config-if)#ip address 5.5.5.5 255.255.255.255
Plus we need a static route to our neighbour, as if we were an ISP, we would not be running an interior routing protocol;
Router-5(config-if)#ip route 4.4.4.4 255.255.255.255 10.1.45.1
test;
Router-5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Now lets set a static on Router-4 to reach Router-5's (the ISP) loopback, as currently this router does not no anything about the 5.5.5.5 network;
Router-4(config)#ip route 5.5.5.5 255.255.255.255 10.1.45.2
Router-4#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Lets just say for a moment, that say we had to links (T1 lines) going to the same ISP, we could have another static route on the ISP end and have that point to a 2nd loopback interface and then the cisco router would perform load balancing (see diagram above)
HOWEVER there is a rule for eBGP, and that is the neighbours MUST BE DIRECTLY CONNECTED, although we may be thinking well, yeah they are, the router has to pass through the routers interface to get to the loopback, and so see's it as being more than 1 hop away ...
SO, this can be fixed by apply the update-source command and setting it to the loopback 4.4.4.4 and then with this command:
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop ?
<1-255> maximum hop count
<cr>
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop 2
But again, be careful as for routing loops!! recommended is no more than 5!
RIGHT, so lets watch the neighbourship come up after i apply this on both routers;
Router-4(config)#router bgp 5500
Router-4(config-router)#neighbor 5.5.5.5 ebgp-multihop 2
Router-4(config-router)#neighbor 5.5.5.5 update-source loopback 4
Router-5(config)#router bgp 6500
Router-5(config-router)#neighbor 4.4.4.4 ebgp-multihop 2
Router-5(config-router)#neighbor 4.4.4.4 update-source loopback 5
Router-5(config-router)#
013233: Nov 19 23:22:28.467: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
Router-5#show ip bgp summ
BGP router identifier 109.170.1x7.xx, local AS number 6500
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 3 4 1 0 0 00:00:57 0
SWEEET, without that multihop command this neighbour would never of come up.
RIGHT, lets get on with part 2
Thursday, 1 December 2011
Been prepping the LAB ready for some BGP flavour, broke down my lab from the CCNA, so i have two labs now,
1 x for redistribution and filtering
1 x BGP awesomeness
The BGP lab is now build and IP'd up, just gotta smack OSPF on it then i can run with the BGP lab nuggets ..... wont be studying tonight, got a chinese tonight with the family:0)
1 x for redistribution and filtering
1 x BGP awesomeness
The BGP lab is now build and IP'd up, just gotta smack OSPF on it then i can run with the BGP lab nuggets ..... wont be studying tonight, got a chinese tonight with the family:0)
Tuesday, 29 November 2011
Nugget 20
BGP Routing - Implementing Basic BGP 1
An Autonomous System (AS) is the foundation of everything ,it represents the networks under
1 authority.
There are public AS's and private AS's
IBGP = a relationship between 2 BGP speakers in the same AS
EBGP = is used when the two routers are different AS's (like the BGP relationship you would have if you were to peer with your ISP)
NEED to make mind change, as neighbours are now redefined .... as opposed to how we think of them with other routing protocols
Neighbours DONT have to be directly connected! they can form through routers! becuase BGP rides ONTOP of your existing network infastructure...say OSPF/EIGRP etc
USUALLY BGP does NOT REPLACE an internal routing protocol, it really is used to establish relationships with the outside world.
Thru this relationship the ISPs can exchange routes via you, so this means they end up using you as a path to reach each the other ISP (so you are a transit AS)
You can solve this by redistribution, but interior routing protocols are not designed to handle hundreds of megabyte's of routing tables, OSPF wont handle it etc ... so although this is not WISE, you can do this if you redistribute a small subset of networks
You could also bring up a WAN link between these two routers (IBGP) to directly connect them to solve this problem .... or you could run BGP on the other router ... but this needs to be able to support the hardware requirements etc ...
BGP Routing - Implementing Basic BGP 1
An Autonomous System (AS) is the foundation of everything ,it represents the networks under
1 authority.
There are public AS's and private AS's
IBGP = a relationship between 2 BGP speakers in the same AS
EBGP = is used when the two routers are different AS's (like the BGP relationship you would have if you were to peer with your ISP)
NEED to make mind change, as neighbours are now redefined .... as opposed to how we think of them with other routing protocolsNeighbours DONT have to be directly connected! they can form through routers! becuase BGP rides ONTOP of your existing network infastructure...say OSPF/EIGRP etc
USUALLY BGP does NOT REPLACE an internal routing protocol, it really is used to establish relationships with the outside world.
Thru this relationship the ISPs can exchange routes via you, so this means they end up using you as a path to reach each the other ISP (so you are a transit AS)
You can solve this by redistribution, but interior routing protocols are not designed to handle hundreds of megabyte's of routing tables, OSPF wont handle it etc ... so although this is not WISE, you can do this if you redistribute a small subset of networks
You could also bring up a WAN link between these two routers (IBGP) to directly connect them to solve this problem .... or you could run BGP on the other router ... but this needs to be able to support the hardware requirements etc ...
Nugget 19
BGP Routing - Foundation Concepts and Planning
NOTES:
The BGP series - CCIP/CCIE focuses on the cloud in BGP
whereas this series CCNP focuses on us, the customer/corporate SME/SMB
usually when running routing protocols people focus on the routes and traffic
outbound! but with BGP the main concern/focus is inbound
email/web servers , not to worried about peeps surfing web/vpn etc
organisations want redundancy so that people accessing the incoming corporate
infrastructure
How it works
You get a public block
advertise route out to both isps, then that is flooded to rest of community
if isp is unavailble then other isp has peer with with another isp
2 uses
BGP = typical aim is to make ur company redutant
BGP = shortest paths to destinations (even though bandwidth the same, maybe less hops)
Equals multihoming
NOTES ABOUT THE FACTS
Most routing protocols we have looked at so far, OSPF, EIGRP they are their own layer 4 protocol and have own reliability mechanisms ....
BGP runs on top of TCP (port 179) ... TCP already has its own reliability (ACks) so BGP uses these when sending updates, if not recieved, BGP will resend the update ..typical TCP behaviour)
METRIC - compound metric very tuneable - BGP attributes (10 or so) it goes through these attributes looking for something to break the tie.
SLOWEST PROTOCOL to converge (u can but dont!!!... well, you can use iBGP)
why use it, think of how many networks/routers a second go down on the internet ... loads and all the time! this would swarm us in chaos with updates!!!
STYLES of BGP
DEFAULT ROUTE ONLY BGP implementation
PARTIAL routing table BGP implementation
FULL routing table BGP implementation
You need a router beefy enough to hold the full routing table of the internet TWICE! if multihoming with x2 isps (like 100 odd MB each or 300MB if x3 ISPS ... etc)
although only x1 route will go into the routing table, the router still maintains the other routes in the BGP table
This is the most flexible approach and you can really shape your network to how you want it, BUT it is the most resource consuming too!
BGP Routing - Foundation Concepts and Planning
The BGP series - CCIP/CCIE focuses on the cloud in BGP
whereas this series CCNP focuses on us, the customer/corporate SME/SMB
usually when running routing protocols people focus on the routes and traffic
outbound! but with BGP the main concern/focus is inbound
email/web servers , not to worried about peeps surfing web/vpn etc
organisations want redundancy so that people accessing the incoming corporate
infrastructure
How it works
You get a public block
advertise route out to both isps, then that is flooded to rest of community
if isp is unavailble then other isp has peer with with another isp
2 uses
BGP = typical aim is to make ur company redutant
BGP = shortest paths to destinations (even though bandwidth the same, maybe less hops)
Equals multihoming
NOTES ABOUT THE FACTS
Most routing protocols we have looked at so far, OSPF, EIGRP they are their own layer 4 protocol and have own reliability mechanisms ....
BGP runs on top of TCP (port 179) ... TCP already has its own reliability (ACks) so BGP uses these when sending updates, if not recieved, BGP will resend the update ..typical TCP behaviour)
METRIC - compound metric very tuneable - BGP attributes (10 or so) it goes through these attributes looking for something to break the tie.
SLOWEST PROTOCOL to converge (u can but dont!!!... well, you can use iBGP)
why use it, think of how many networks/routers a second go down on the internet ... loads and all the time! this would swarm us in chaos with updates!!!
STYLES of BGP
DEFAULT ROUTE ONLY BGP implementation
PARTIAL routing table BGP implementation
FULL routing table BGP implementation
You need a router beefy enough to hold the full routing table of the internet TWICE! if multihoming with x2 isps (like 100 odd MB each or 300MB if x3 ISPS ... etc)
although only x1 route will go into the routing table, the router still maintains the other routes in the BGP table
This is the most flexible approach and you can really shape your network to how you want it, BUT it is the most resource consuming too!
Sunday, 27 November 2011
STEP 4. Enable filtering using the assigned route tags to ensure redistributed routes do not cause any looping issues.
So, we want to make sure any tags that we sent out via EIGRP do not come back round in via R3 via OSPF
We already have a route-map (EIGRP-TO-OSPF) in place that is marking the routes and setting the metrics
We also want to block the routes with tags 10,20 and 30 coming back in via OSPF into EIGRP.
R2(config)#route-map EIGRP-TO-OSPF deny 5
R2(config-route-map)#match tag 40
R2(config)#route-map OSPF-TO-EIGRP deny 5
R2(config-route-map)#match tag 10 20 30 (when aligned this acts as OR, when on new line, its AND)
So just to clarify;
route-map OSPF-TO-EIGRP, deny, sequence 5
Match clauses:
tag 10 20 30
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF-TO-EIGRP, permit, sequence 10
Match clauses:
Set clauses:
metric 400 20 255 1 1500
tag 40
Lets to do the same on R3
route-map EIGRP-TO-OSPF deny 5
match tag 40
route-map OSPF-TO-EIGRP deny 5
match tag 10 20 30
STEP 5.
R3 has the preferred route to reach the 10.1.0.0/24 network. Ensure routers prefer this path over the path from R2.
Lets check which route R4 currently favours for the 10.1.0.0/24;
R4#traceroute 10.1.0.1
Type escape sequence to abort.
Tracing the route to 10.1.0.1
1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.12.1 8 msec 4 msec *
As expected we go to R2, then R1
R4 knows about the route via EIGRP from R2:
R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:11:24 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:11:24 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
RIGHT, so we have to make the route from R3 look "better" than the route from R2
Looking at the routing tables, R3 has the route 10.1.0.0/24 with an AD of 170
R2 has the route with an AD of 110 ... so even if we were to play with metrics, it still would NOT matter,
One approach is we could lower the Admin Distance of External routes of EIGRP to say 105 (anything below the AD of OSPF which is 110)
Lets try it;
currently R2's route for 10.1.0.0 is
R2#show ip route | i 10.1.0.0
O 10.1.0.0/24 [110/782] via 10.1.12.1, 00:52:01, Serial0/0
R2(config)#router eigrp 100
R2(config-router)#distance eigrp ?
<1-255> Distance for internal routes
R2(config-router)#distance eigrp 90 ? <-- dont need to change internal, keep at default
<1-255> Distance for external routes
R2(config-router)#distance eigrp 90 105
00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is down: route configuration changed
00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is down: route configuration changed
00:55:51: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is up: new adjacency
00:55:53: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency
SO boys n gals, whadda reckon ......
R2#show ip route | i 10.1.0.0
D EX 10.1.0.0/24 [105/6917120] via 10.1.23.3, 00:02:12, Serial0/1
YEAH BOI!!! check that out! R2 is now favouring the route via R3 with the new Admin Distance of 105, which beats the OSPF AD!
lets check the route on R4 again:
R4#tracerou 10.1.0.1
Type escape sequence to abort.
Tracing the route to 10.1.0.1
1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.23.3 8 msec 4 msec 4 msec <---- THEREs our bud, R3!!!
3 10.1.13.1 4 msec 4 msec *
NOW! that is kool, very kool, BUT we do have to be careful with and where we make these changes, becuase if say we also go and make this change on R3, we would create ourself an infinite loop! as R3 would prefer R2 over R1 to get to 10.1.0.0/24, the packet would go back over to R2, same thing, it is going to prefer R3 ... and round and round we go! ... although split horizon would prolly kick in, but the point is still valid!
Gotta be careful with advanced route redistribution
So, we want to make sure any tags that we sent out via EIGRP do not come back round in via R3 via OSPF
We already have a route-map (EIGRP-TO-OSPF) in place that is marking the routes and setting the metrics
R2(config)#route-map EIGRP-TO-OSPF deny 5
R2(config-route-map)#match tag 40
R2(config)#route-map OSPF-TO-EIGRP deny 5
R2(config-route-map)#match tag 10 20 30 (when aligned this acts as OR, when on new line, its AND)
So just to clarify;
route-map OSPF-TO-EIGRP, deny, sequence 5
Match clauses:
tag 10 20 30
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF-TO-EIGRP, permit, sequence 10
Match clauses:
Set clauses:
metric 400 20 255 1 1500
tag 40
Lets to do the same on R3
route-map EIGRP-TO-OSPF deny 5
match tag 40
route-map OSPF-TO-EIGRP deny 5
match tag 10 20 30
STEP 5.
R3 has the preferred route to reach the 10.1.0.0/24 network. Ensure routers prefer this path over the path from R2.
Lets check which route R4 currently favours for the 10.1.0.0/24;
R4#traceroute 10.1.0.1
Type escape sequence to abort.
Tracing the route to 10.1.0.1
1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.12.1 8 msec 4 msec *
As expected we go to R2, then R1
R4 knows about the route via EIGRP from R2:
R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:11:24 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:11:24 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
RIGHT, so we have to make the route from R3 look "better" than the route from R2
Looking at the routing tables, R3 has the route 10.1.0.0/24 with an AD of 170
R2 has the route with an AD of 110 ... so even if we were to play with metrics, it still would NOT matter,
One approach is we could lower the Admin Distance of External routes of EIGRP to say 105 (anything below the AD of OSPF which is 110)
Lets try it;
currently R2's route for 10.1.0.0 is
R2#show ip route | i 10.1.0.0
O 10.1.0.0/24 [110/782] via 10.1.12.1, 00:52:01, Serial0/0
R2(config)#router eigrp 100
R2(config-router)#distance eigrp ?
<1-255> Distance for internal routes
R2(config-router)#distance eigrp 90 ? <-- dont need to change internal, keep at default
<1-255> Distance for external routes
R2(config-router)#distance eigrp 90 105
00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is down: route configuration changed
00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is down: route configuration changed
00:55:51: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is up: new adjacency
00:55:53: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency
SO boys n gals, whadda reckon ......
R2#show ip route | i 10.1.0.0
D EX 10.1.0.0/24 [105/6917120] via 10.1.23.3, 00:02:12, Serial0/1
YEAH BOI!!! check that out! R2 is now favouring the route via R3 with the new Admin Distance of 105, which beats the OSPF AD!
lets check the route on R4 again:
R4#tracerou 10.1.0.1
Type escape sequence to abort.
Tracing the route to 10.1.0.1
1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.23.3 8 msec 4 msec 4 msec <---- THEREs our bud, R3!!!
3 10.1.13.1 4 msec 4 msec *
NOW! that is kool, very kool, BUT we do have to be careful with and where we make these changes, becuase if say we also go and make this change on R3, we would create ourself an infinite loop! as R3 would prefer R2 over R1 to get to 10.1.0.0/24, the packet would go back over to R2, same thing, it is going to prefer R3 ... and round and round we go! ... although split horizon would prolly kick in, but the point is still valid!
Gotta be careful with advanced route redistribution
Saturday, 26 November 2011
18 - IPv4 Redistribution - Implementing Advanced Redistribution
Lets get basic routing over OSPF and EIGRP, ready for our redistribution (R2 and R3)
STEP 1
R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R4(config)#router eigrp 100
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0
R2(config)#router ospf 1
R2(config-router)#network 10.1.12.0 0.0.0.255 area 0
03:51:46: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on Serial0/0 from LOADING to FULL, Loading Done
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.24.0 0.0.0.255
03:52:54: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency
R3(config)#router ospf 1
R3(config-router)#network 10.1.13.0 0.0.0.255 area 0
*Mar 1 03:54:04.403: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R3(config)#router eigrp 100
R3(config-router)#network 10.1.23.0 255.255.255.0
So Router 2 now sees all routes from both domains:
R2#show ip
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
O 10.1.13.0/24 [110/791] via 10.1.12.1, 00:05:04, Serial0/0
C 10.1.12.1/32 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Serial0/0
D 10.4.4.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
O 10.1.0.0/24 [110/782] via 10.1.12.1, 00:05:04, Serial0/0
D 10.4.2.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.3.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.0.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.1.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
C 10.1.24.0/24 is directly connected, Ethernet0/0
C 10.1.23.0/24 is directly connected, Serial0/1
STEP 1 COMPLETE
STEP 2
Enable full, mutual redistribution on R2 and R3 between OSPF and EIGRP. The 10.4.0.0/24 and 10.4.1.0/24 subnets should have a seed metric of 100 and an OSPF tag of 10 while the 10.4.2.0/24 and 10.4.3.0/24 subnets should have a seed metric of 200 and an OSPF tag of 20. All other subnets redistributed into OSPF should have a seed metric of 300 and an OSPF tag of 30. OSPF routes redistributed into EIGRP should have a seed metric of BW: 400 DLY: 20 REL: 255 LD: 1 MTU: 1500 and a tag of 40. Finally, external OSPF routes should not increment their metric as they pass through the OSPF domain.
last part of STEP 2:
external OSPF routes should not increment their metric as they pass through the OSPF domain. - is an E2 route (what we covered in last lab)
SO, best way forward, ACLs with route maps, lets group the networks by what metrics they need and go from there:
R2(config)#ip access-list standard METRIC100
R2(config-std-nacl)#permit 10.4.0.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.1.0 0.0.0.255
R2(config-std-nacl)#ip access-list standard METRIC200
R2(config-std-nacl)#permit 10.4.2.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.3.0 0.0.0.255
R2(config-std-nacl)#ip access-list standard DENY-10.4.4.0
R2(config-std-nacl)#permit 10.4.4.0 0.0.0.255
R2(config)#route-map EIGRP-TO-OSPF
R2(config-route-map)#match ip address METRIC100
R2(config-route-map)#set metric 100
R2(config-route-map)#set tag 10
AWESOME! so lets check that baby out:
R2#show route-map EIGRP-TO-OSPF
route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
ip address (access-lists): METRIC100
Set clauses:
metric 100
tag 10
Policy routing matches: 0 packets, 0 bytes
SWEEET!!!! SOOOO SOOO KOOL!
route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20
route-map EIGRP-TO-OSPF deny 25 <- - DENY THE ACL TRAFFIC.... which we are PERMITTING in the below ACL
match ip address DENY-10.4.4.0
NOTE, Had we of denied the subnet 10.4.4.0/24 in the ACL, we would have needed to use PERMIT in the above sequence 25
GET THIS, if you DENY at the sequence level of the route-map and deny at the ACL too, it permits it! so 2 negatives make a positive! lol, SO rule of thumb (the Jeremy way) keep route-maps at permit and do the denies at the ACL, keeps it simplier.
route-map EIGRP-TO-OSPF permit 30 <- - NO MATCH, so MATCHES EVERYTHING THAT HASN'T ALREADY BEEN MATCHED BY THE PREVIOUS SEQEUENCES!
set metric 300
set tag 30
So the above also takes care of step 3 in our objective;
3. Ensure the 10.4.4.0/24 network does not reach the OSPF routing domain.
SO, we now have our tastey route-map as follows:
route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
ip address (access-lists): METRIC100
Set clauses:
metric 100
tag 10
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 20
Match clauses:
ip address (access-lists): METRIC200
Set clauses:
metric 200
tag 20
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, deny, sequence 25
Match clauses:
ip address (access-lists): DENY-10.4.4.0
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 30
Match clauses:
Set clauses:
metric 300
tag 30
Policy routing matches: 0 packets, 0 bytes
YY-EEE-AAAAH BOI!!!! thats what im talking about!
Lets apply this bad muftha, we need to go under the OSPF process, as this is filtering EIGRP TO OSPF
R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 100 subnets route-map EIGRP-TO-OSPF
DONT need to set metric or tags as that is all down in the route-map, lets check it out on R1!!!
R1#show ip route
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.12.2/32 is directly connected, Serial0/0
C 10.1.13.0/24 is directly connected, Ethernet0/0
C 10.1.12.0/24 is directly connected, Serial0/0
C 10.1.0.0/24 is directly connected, Loopback0
O E2 10.4.2.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.3.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.0.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.1.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.1.24.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.1.23.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0
SWEEEEEEET! check it out! check out them metrics! and notice the WAN links 10.1.23 & .24.0/24 have the metric of 300!!!
lets check the TAGs (although not doing anything at the mooooo, but) :
R1#show ip route 10.4.2.0
Routing entry for 10.4.2.0/24
Known via "ospf 1", distance 110, metric 200
Tag 20, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:48 ago
R1#show ip route 10.4.0.0
Routing entry for 10.4.0.0/24
Known via "ospf 1", distance 110, metric 100
Tag 10, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:32 ago
R1#show ip route 10.1.24.0
Routing entry for 10.1.24.0/24
Known via "ospf 1", distance 110, metric 300
Tag 30, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:06:53 ago
Lets apply the same route-map to our other re-distribution router R3;
R3(config)#route-map EIGRP-TO-OSPF permit 10
match ip address METRIC100
set metric 100
set tag 10
!
route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20
!
route-map EIGRP-TO-OSPF deny 25
match ip address DENY-10.4.4.0
!
route-map EIGRP-TO-OSPF permit 30
set metric 300
set tag 30
and apply the ACL's
R3(config)#ip access-list standard DENY-10.4.4.0
permit 10.4.4.0 0.0.0.255
ip access-list standard METRIC100
permit 10.4.0.0 0.0.0.255
permit 10.4.1.0 0.0.0.255
ip access-list standard METRIC200
permit 10.4.2.0 0.0.0.255
permit 10.4.3.0 0.0.0.255
lets check R1 now;
R1#show ip route
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.12.2/32 is directly connected, Serial0/0
C 10.1.13.0/24 is directly connected, Ethernet0/0
C 10.1.12.0/24 is directly connected, Serial0/0
C 10.1.0.0/24 is directly connected, Loopback0
O E2 10.4.2.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.4.3.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.4.0.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2 10.4.1.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2 10.1.24.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.1.23.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0
SO now, we need to look at redistributing the other way, OSPF --> EIGRP
R2(config)#route-map OSPF-TO-EIGRP
R2(config-route-map)#set metric ? <--NO match needed, this will match ALL
+/-<metric> Add or subtract metric
<0-4294967295> Metric value or Bandwidth in Kbits per second
<cr>
R2(config-route-map)#set metric 400 20 255 1 1500 <--(set all K-Values)
R2(config-route-map)#set tag 40
Apply the route-map to the re-distribution process for OSPF;
R2(config)#router eigrp 100
R2(config-router)#redistribute ospf 1 route-map OSPF-TO-EIGRP
(Apply this route map to R3 as well)
Lets check the routing table of R4;
R4#show ip route
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D EX 10.1.13.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX 10.1.12.1/32 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX 10.1.12.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C 10.4.4.0/24 is directly connected, Loopback4
D EX 10.1.0.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C 10.4.2.0/24 is directly connected, Loopback2
C 10.4.3.0/24 is directly connected, Loopback3
C 10.4.0.0/24 is directly connected, Loopback0
C 10.4.1.0/24 is directly connected, Loopback1
C 10.1.24.0/24 is directly connected, FastEthernet0/0
D 10.1.23.0/24 [90/2195456] via 10.1.24.2, 01:44:40, FastEthernet0/0
R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:02:07 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:02:07 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
R4#show ip route 10.1.12.0
Routing entry for 10.1.12.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:04:19 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:04:19 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
And the Tags are there tooo
RIGHT, lets take on Step 4 tomorrow:
4. Enable filtering using the assigned route tags to ensure redistributed routes do not cause any looping issues.
Lets get basic routing over OSPF and EIGRP, ready for our redistribution (R2 and R3)
STEP 1
R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R4(config)#router eigrp 100
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0
R2(config)#router ospf 1
R2(config-router)#network 10.1.12.0 0.0.0.255 area 0
03:51:46: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on Serial0/0 from LOADING to FULL, Loading Done
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.24.0 0.0.0.255
03:52:54: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency
R3(config)#router ospf 1
R3(config-router)#network 10.1.13.0 0.0.0.255 area 0
*Mar 1 03:54:04.403: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R3(config)#router eigrp 100
R3(config-router)#network 10.1.23.0 255.255.255.0
So Router 2 now sees all routes from both domains:
R2#show ip
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
O 10.1.13.0/24 [110/791] via 10.1.12.1, 00:05:04, Serial0/0
C 10.1.12.1/32 is directly connected, Serial0/0
C 10.1.12.0/24 is directly connected, Serial0/0
D 10.4.4.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
O 10.1.0.0/24 [110/782] via 10.1.12.1, 00:05:04, Serial0/0
D 10.4.2.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.3.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.0.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D 10.4.1.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
C 10.1.24.0/24 is directly connected, Ethernet0/0
C 10.1.23.0/24 is directly connected, Serial0/1
STEP 1 COMPLETE
STEP 2
Enable full, mutual redistribution on R2 and R3 between OSPF and EIGRP. The 10.4.0.0/24 and 10.4.1.0/24 subnets should have a seed metric of 100 and an OSPF tag of 10 while the 10.4.2.0/24 and 10.4.3.0/24 subnets should have a seed metric of 200 and an OSPF tag of 20. All other subnets redistributed into OSPF should have a seed metric of 300 and an OSPF tag of 30. OSPF routes redistributed into EIGRP should have a seed metric of BW: 400 DLY: 20 REL: 255 LD: 1 MTU: 1500 and a tag of 40. Finally, external OSPF routes should not increment their metric as they pass through the OSPF domain.
external OSPF routes should not increment their metric as they pass through the OSPF domain. - is an E2 route (what we covered in last lab)
SO, best way forward, ACLs with route maps, lets group the networks by what metrics they need and go from there:
R2(config)#ip access-list standard METRIC100
R2(config-std-nacl)#permit 10.4.0.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.1.0 0.0.0.255
R2(config-std-nacl)#ip access-list standard METRIC200
R2(config-std-nacl)#permit 10.4.2.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.3.0 0.0.0.255
R2(config-std-nacl)#ip access-list standard DENY-10.4.4.0
R2(config-std-nacl)#permit 10.4.4.0 0.0.0.255
R2(config)#route-map EIGRP-TO-OSPF
R2(config-route-map)#match ip address METRIC100
R2(config-route-map)#set metric 100
R2(config-route-map)#set tag 10
AWESOME! so lets check that baby out:
R2#show route-map EIGRP-TO-OSPF
route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
ip address (access-lists): METRIC100
Set clauses:
metric 100
tag 10
Policy routing matches: 0 packets, 0 bytes
SWEEET!!!! SOOOO SOOO KOOL!
route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20
route-map EIGRP-TO-OSPF deny 25 <- - DENY THE ACL TRAFFIC.... which we are PERMITTING in the below ACL
match ip address DENY-10.4.4.0
NOTE, Had we of denied the subnet 10.4.4.0/24 in the ACL, we would have needed to use PERMIT in the above sequence 25
GET THIS, if you DENY at the sequence level of the route-map and deny at the ACL too, it permits it! so 2 negatives make a positive! lol, SO rule of thumb (the Jeremy way) keep route-maps at permit and do the denies at the ACL, keeps it simplier.
route-map EIGRP-TO-OSPF permit 30 <- - NO MATCH, so MATCHES EVERYTHING THAT HASN'T ALREADY BEEN MATCHED BY THE PREVIOUS SEQEUENCES!
set metric 300
set tag 30
So the above also takes care of step 3 in our objective;
3. Ensure the 10.4.4.0/24 network does not reach the OSPF routing domain.
SO, we now have our tastey route-map as follows:
route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
ip address (access-lists): METRIC100
Set clauses:
metric 100
tag 10
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 20
Match clauses:
ip address (access-lists): METRIC200
Set clauses:
metric 200
tag 20
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, deny, sequence 25
Match clauses:
ip address (access-lists): DENY-10.4.4.0
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 30
Match clauses:
Set clauses:
metric 300
tag 30
Policy routing matches: 0 packets, 0 bytes
YY-EEE-AAAAH BOI!!!! thats what im talking about!
Lets apply this bad muftha, we need to go under the OSPF process, as this is filtering EIGRP TO OSPF
R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 100 subnets route-map EIGRP-TO-OSPF
DONT need to set metric or tags as that is all down in the route-map, lets check it out on R1!!!
R1#show ip route
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.12.2/32 is directly connected, Serial0/0
C 10.1.13.0/24 is directly connected, Ethernet0/0
C 10.1.12.0/24 is directly connected, Serial0/0
C 10.1.0.0/24 is directly connected, Loopback0
O E2 10.4.2.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.3.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.0.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.4.1.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.1.24.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0
O E2 10.1.23.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0
SWEEEEEEET! check it out! check out them metrics! and notice the WAN links 10.1.23 & .24.0/24 have the metric of 300!!!
lets check the TAGs (although not doing anything at the mooooo, but) :
R1#show ip route 10.4.2.0
Routing entry for 10.4.2.0/24
Known via "ospf 1", distance 110, metric 200
Tag 20, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:48 ago
R1#show ip route 10.4.0.0
Routing entry for 10.4.0.0/24
Known via "ospf 1", distance 110, metric 100
Tag 10, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:32 ago
R1#show ip route 10.1.24.0
Routing entry for 10.1.24.0/24
Known via "ospf 1", distance 110, metric 300
Tag 30, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:06:53 ago
Lets apply the same route-map to our other re-distribution router R3;
R3(config)#route-map EIGRP-TO-OSPF permit 10
match ip address METRIC100
set metric 100
set tag 10
!
route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20
!
route-map EIGRP-TO-OSPF deny 25
match ip address DENY-10.4.4.0
!
route-map EIGRP-TO-OSPF permit 30
set metric 300
set tag 30
and apply the ACL's
R3(config)#ip access-list standard DENY-10.4.4.0
permit 10.4.4.0 0.0.0.255
ip access-list standard METRIC100
permit 10.4.0.0 0.0.0.255
permit 10.4.1.0 0.0.0.255
ip access-list standard METRIC200
permit 10.4.2.0 0.0.0.255
permit 10.4.3.0 0.0.0.255
lets check R1 now;
R1#show ip route
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.1.12.2/32 is directly connected, Serial0/0
C 10.1.13.0/24 is directly connected, Ethernet0/0
C 10.1.12.0/24 is directly connected, Serial0/0
C 10.1.0.0/24 is directly connected, Loopback0
O E2 10.4.2.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.4.3.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.4.0.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2 10.4.1.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2 10.1.24.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2 10.1.23.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0
SO now, we need to look at redistributing the other way, OSPF --> EIGRP
R2(config)#route-map OSPF-TO-EIGRP
R2(config-route-map)#set metric ? <--NO match needed, this will match ALL
+/-<metric> Add or subtract metric
<0-4294967295> Metric value or Bandwidth in Kbits per second
<cr>
R2(config-route-map)#set metric 400 20 255 1 1500 <--(set all K-Values)
R2(config-route-map)#set tag 40
Apply the route-map to the re-distribution process for OSPF;
R2(config)#router eigrp 100
R2(config-router)#redistribute ospf 1 route-map OSPF-TO-EIGRP
(Apply this route map to R3 as well)
Lets check the routing table of R4;
R4#show ip route
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D EX 10.1.13.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX 10.1.12.1/32 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX 10.1.12.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C 10.4.4.0/24 is directly connected, Loopback4
D EX 10.1.0.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C 10.4.2.0/24 is directly connected, Loopback2
C 10.4.3.0/24 is directly connected, Loopback3
C 10.4.0.0/24 is directly connected, Loopback0
C 10.4.1.0/24 is directly connected, Loopback1
C 10.1.24.0/24 is directly connected, FastEthernet0/0
D 10.1.23.0/24 [90/2195456] via 10.1.24.2, 01:44:40, FastEthernet0/0
R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:02:07 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:02:07 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
R4#show ip route 10.1.12.0
Routing entry for 10.1.12.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:04:19 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:04:19 ago, via FastEthernet0/0
Route metric is 6430720, traffic share count is 1
Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
And the Tags are there tooo
RIGHT, lets take on Step 4 tomorrow:
4. Enable filtering using the assigned route tags to ensure redistributed routes do not cause any looping issues.
Subscribe to:
Posts (Atom)