Tag Archives: 3.7g

3.7.g Implement and troubleshoot AS path manipulations

  • 3.7.g [i] Local AS, allow AS in, remove private AS

The local-AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-ASs. neighbor allowas-i n command is issued in order to allow BGP at the other side to inject updates.

To remove the private AS number, use the neighbor x.x.x.x remove-private-as router configuration command.

The debug ip bgp updates command displays the received prefixes with its attributes from the neighbor.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 4084-4091).  . Kindle Edition.

http://wiki.mikrotik.com/wiki/Manual:EBGP_as_PE-CE_routing_protocol

3.7.g Implement and troubleshoot AS path manipulations

3.7.g [ii] Prepend

AS-path prepending is configured in Cisco IOS with route-map based per-neighbor outbound filter. The actual prepending is specified within the route-map with the set as-path prepend command.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 4092-4095).  . Kindle Edition.

http://evilrouters.net/2009/03/07/using-as-path-prepending-to-influence-inbound-routing/

 

3.7.g Implement and troubleshoot AS path manipulations

3.7.g [iii] Regexp

at first these seem difficult, but the nice thing here is that you can test an as-path filter first by issuing a test regexp first… ie:

bgp_aspath_1

note in the above output of sh ip bgp, 8 out of the 14 routes pass through AS 2… to filter output that shows only those routes that pass through AS 2 use:

sh ip bgp regexp _2_

r4#sh ip bgp regexp _2_
BGP table version is 11, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path
*  1.1.1.0/24       192.168.34.3                           0 3 2 1 i
*  2.2.2.0/24       192.168.14.1                           0 1 2 i
*>                  192.168.34.3                           0 3 2 i
*  3.3.3.0/24       192.168.14.1                           0 1 2 3 i
*  11.11.11.0/24    192.168.34.3                           0 3 2 1 i
*  22.22.22.0/24    192.168.14.1                           0 1 2 i
*>                  192.168.34.3                           0 3 2 i
*  33.33.33.0/24    192.168.14.1                           0 1 2 3 i

now build the filter list that will deny the routes that pass through AS 2:

r4(config)#ip as-path access-list 1 deny _2_
r4(config)#ip as-path access-list 1 permit .*

this list denies all routes that pass through AS 2 and permits all others…

then add the filter list to the neighbors, and clear bgp…

r4(config-router)#neigh 192.168.14.1 filter-list 1 in
r4(config-router)#neigh 192.168.34.3 filter-list 1 in

bgp_aspath_2

here is a list from cisco that covers some of the operators…

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#asregexp

Here are some examples of regular expressions:

a*
  • This expression indicates any occurrence of the letter “a”, which includes none.
a+
  • This expression indicates that at least one occurrence of the letter “a” must be present.
ab?a
  • This expression matches “aa” or “aba”.
_100_
  • This expression means via AS100.
_100$
  • This expression indicates an origin of AS100.
^100 .*
  • This expression indicates transmission from AS100.
^$
  • This expression indicates origination from this AS.

 

3.7.g Implement and troubleshoot AS path manipulations

3.7.d [i] Attribute manipulation

why? why not use a route map… i’m more comfortable with route maps… the fact is on the r&s lab exam they might want you to filter an AS path with a filter list and not a route-map… what’s the difference? an as-path filter list filters on as-path… a route map is more flexible…

R5(config-route-map)#set ?
as-path           Prepend string for a BGP AS-path attribute
automatic-tag     Automatically compute TAG value
clns              OSI summary address
comm-list         set BGP community list (for deletion)
community         BGP community attribute
dampening         Set BGP route flap dampening parameters
default           Set default information
extcomm-list      Set BGP/VPN extended community list (for deletion)
extcommunity      BGP extended community attribute
global            Set to global routing table
interface         Output interface
ip                IP specific information
ipv6              IPv6 specific information
level             Where to import route
local-preference  BGP local preference path attribute
metric            Metric value for destination routing protocol
metric-type       Type of metric for destination routing protocol
mpls-label        Set MPLS label for prefix
origin            BGP origin code
tag               Tag value for destination routing protocol
traffic-index     BGP traffic classification number for accounting
vrf               Define VRF name
weight            BGP weight for routing table

a lot more choices on the route map… but we’re looking at as-path filter list…

regexp is not as big a pain in the ass as it first seems… use it a few times and it starts, shall i say, making sense… like insanity makes sense… here are a few combinations to get going…

_400_ All routes through AS 400

^400$ Directly connected to AS 400

^400_. Networks behind AS 400

^ [0-9]+$ AS paths with only one AS

^$ Locally originated

.* Everything matches

 

placement with acl’s can be tricky… for some reason two things help me keep them straight: ingress/egress and the router’s perspective…

here is an example:

 

R3(config-router)#do sh ip bgp

Network          Next Hop            Metric LocPrf Weight Path
*>  7.7.7.0/24       4.4.4.4                                0 45 678 i
r>i 10.1.1.0/24      2.2.2.2                  0    100      0 i
r>i 10.1.2.0/24      2.2.2.2                  0    100      0 i
*>i 10.1.30.0/24     6.6.6.6                  8    100      0 678 ?
*>i 10.1.31.0/24     6.6.6.6                  9    100      0 678 ?
*   10.1.34.0/24     4.4.4.4                  0             0 45 i
*>                   0.0.0.0                  0         32768 i
*>  10.1.45.0/24     4.4.4.4                  0             0 45 i
*>  10.1.57.0/24     4.4.4.4                                0 45 i
r>i 10.1.68.0/24     6.6.6.6                  0    100      0 678 i
r>i 10.1.69.0/24     6.6.6.6                  0    100      0 678 ?
*   10.1.78.0/24     4.4.4.4                                0 45 678 i
*>i                  6.6.6.6                  0    100      0 678 i
*   10.1.134.0/24    4.4.4.4                  0             0 45 i
Network          Next Hop            Metric LocPrf Weight Path
*>                   0.0.0.0                  0         32768 i
r>i 172.16.16.0/24   1.1.1.1                  0    100      0 i
R3(config-router)#exit
R3(config)#ip as-path access-list 101 deny _45_
R3(config)#router bgp 123
R3(config-router)#neigh 4.4.4.4 filter-list 101 in
R3(config-router)#do clear ip bgp *
R3(config-router)#
*May  8 07:49:12.111: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down User reset
*May  8 07:49:12.111: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.1 IPv4 Unicast topology base removed from session  User reset
*May  8 07:49:12.123: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down User reset
*May  8 07:49:12.123: %BGP_SESSION-5-ADJCHANGE: neighbor 2.2.2.2 IPv4 Unicast topology base removed from session  User reset
*May  8 07:49:12.135: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Down User reset
*May  8 07:49:12.135: %BGP_SESSION-5-ADJCHANGE: neighbor 4.4.4.4 IPv4 Unicast topology base removed from session  User reset
*May  8 07:49:12.955: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
R3(config-router)#
*May  8 07:49:12.975: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up
*May  8 07:49:13.027: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R3(config-router)#do sh ip bgp

Network          Next Hop            Metric LocPrf Weight Path
* i 10.1.1.0/24      2.2.2.2                  0    100      0 i
* i 10.1.2.0/24      2.2.2.2                  0    100      0 i
* i 10.1.30.0/24     6.6.6.6                  8    100      0 678 ?
* i 10.1.31.0/24     6.6.6.6                  9    100      0 678 ?
*   10.1.34.0/24     0.0.0.0                  0         32768 i
* i 10.1.68.0/24     6.6.6.6                  0    100      0 678 i
* i 10.1.69.0/24     6.6.6.6                  0    100      0 678 ?
* i 10.1.78.0/24     6.6.6.6                  0    100      0 678 i
*   10.1.134.0/24    0.0.0.0                  0         32768 i
* i 172.16.16.0/24   1.1.1.1                  0    100      0 i

45 is gone…