Tag Archives: BGP

3.7.d Implement optimize and troubleshoot routing policies

3.7.d [iii] Outbound route filtering

screenshot

down arrow smaller

bgp_orf

read the opening paragraph from rfc5291 in the diagram:

or read the whole thing here: https://tools.ietf.org/html/rfc5291

configure bgp between AS 100 and AS 200; advertise the lo’s from PE1. debug bgp updates.

bgp_orf_01

bgp_cap_orf.type

turn on the orf capability for both sides:

bgp_orf_02

set up a prefix-list and make PE1 send only the routes you want.

bgp_orf_03

 what i like about the debug is you don’t need to check the bgp table…

if you don’t want to be all godzilla when you clear bgp, (like if it’s a production network) the softer way is illustrated below:

bgp_orf_04

have fun orf’ing off…

3.7.f Implement and troubleshoot multiproctocol BGP

3.7.f [i] IPv4, IPv6, VPN address-family

more on address families in bgp…

as explained before to upgrade your bgp sessions so that they include the pretty address-family structure for you, do this:

R1(config)#router bgp 100
R1(config-router)#bgp upgrade-cli
You are about to upgrade to the AFI syntax of bgp commands

Are you sure ? [yes]: y
R1(config-router)#neigh 192.168.24.2 remote-as 200
R1(config-router)#do sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
neighbor 192.168.24.2 remote-as 200
!
address-family ipv4
neighbor 192.168.24.2 activate
no auto-summary
no synchronization
exit-address-family

however if you’ve forgotten to do that (and it’s only good for that session) you can do this:

bad bgp config session:

R1(config)#router bgp 100
R1(config-router)#neigh 192.168.24.2 remote-as 200
R1(config-router)#do sh run | sec bgp
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.24.2 remote-as 200
 no auto-summary

no address-family goodness…

good bgp config session:

R1(config)#router bgp 100
R1(config-router)#address-family ipv4
R1(config-router-af)#neigh 2.2.2.2 remote-as 200
R1(config-router-af)#neigh 2.2.2.2 up lo0
R1(config-router-af)#do sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
 neighbor 2.2.2.2 activate
no auto-summary
no synchronization
exit-address-family

that’s very pretty…

 

 

3.3 Fundamental routing concepts

3.3.h Implement, optimize and troubleshoot redistribution between any routing protocol

screenshot

down arrow smaller

bgp_speed_challenge

nothing fancy here. simply provide complete connectivity and verification as quickly as possible. set a stop watch. you may or may not be surprised. the timer will let you know. good luck.

3.7.d Implement, optimize and troubleshoot routing policies

3.7.d [i] Attribute manipulation

tasks are on the diagram:

screenshot

the topology is here:

down arrow smaller

bgp_more_med

bgp_more_med_01

BGP doesn’t care that the serial link is slower. in this case the ethernet link was older.

bgp_more-med02

challenge!!!

reduce the routing table of AS-2000 so that it is only permitted 192.168.12.0 and 1.1.1.0 from R2, and only 1.1.1.0 from R3.  it’s routing table will look like this:

bgp_more-med_final_as200_table

the final config is below if needed.

bgp_more-med_final_cfg

3.7.d Implement, optimize and troubleshoot routing policies

3.7.d [i] Attribute manipulation

the tasks are on the diagram:

screenshot

download this:

down arrow smaller

bgp_as_path

before AS-PATH manipulation:

bgp_as-path_shows01

note the ttl from ebgp multi-hop set for 2

AS-11#sh run | i multi
neighbor 22.22.22.22 ebgp-multihop 2
neighbor 55.55.55.55 ebgp-multihop 2
AS-11#

bgp_wireshark_ttl_ebgp-multi

go to this link to analyze the cap yourself:

down arrow smaller

https://www.cloudshark.org/captures/c8eb006afb36

and this is the disable-connected:

https://www.cloudshark.org/captures/15a5b0847502

the next task is to change the path to 33.33.33.0 to use AS-55 using the AS-PATH attribute from AS-22:

AS-22(config-router)#neigh 11.11.11.11 route-map AS-PATH out
AS-22(config-router)#route-map AS-PATH permit 10
AS-22(config-route-map)#set as-path prepend 22 22 22 22 22
AS-22(config-route-map)#match ip add 33.33.33.0 0.0.0.255
AS-22(config-route-map)#route-map AS-PATH permit 20
AS-22(config-route-map)#access-list 1 permit 33.33.33.0 0.0.0.255
AS-22(config)#router bgp 22
AS-22(config-router)#neigh 11.11.11.11 route-map AS-PATH out
AS-22(config-router)#

bgp_as-path-prepend-result

below is an excellent tutorial from cisco.com:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3se/3850/irg-xe-3se-3850-book/irg-prefix-filter.html#topichead2

AS-33 will be set up in similar fashion; AS-11 will be slightly different.

i think the concept of inbound and outbound concerning these manipulations gives people headaches. i know it did me. and i also think it’s not explained very well.  try to think of it from the perspective of the advertising router. for instance, AS-11 will receive the 33 route directly from two sources, AS-22 and AS-55 (and indirectly from AS-33, the originator). however, from AS-22’s perspective it is receiving the route in from AS-33, and then advertising the route out, or toward AS-11. conversely, if we want to manipulate the route at AS-11, then the route will be incoming to AS-11 but the policy will be toward neighbor AS-22.

as in:

bgp_as-path-in

as with access-lists if desired, DO NOT FORGET the route-map permit at the end. that’ll bite you in the ass…