BGP Alp ISIK
Objectives <ul><li>Part 1 (bgp introduction) </li></ul><ul><li>IBGP Peering </li></ul><ul><li>Update source </li></ul><ul>...
Objectives <ul><li>Part 3 (Aggregation) </li></ul><ul><li>Aggregation </li></ul><ul><li>Summary-only </li></ul><ul><li>Sup...
General information about  BGP <ul><li>EBGP AD20, IBGP AD200 </li></ul><ul><li>BGP uses TCP port 179. </li></ul><ul><li>BG...
Basic  BGP   Topology OSPF 1 area 0 ebgp
IBGP Peering <ul><li>Internet network divided by BGP autonomous systems, each ISP/company represented by AS number. </li><...
Update source loopback <ul><li>Between R4 and R1; in order to make bgp neighborship we have 2 choices; either f0/0 or f0/1...
<ul><li>In order to test if the router is listenning the TCP port : </li></ul><ul><li>------------------------------------...
EBGP Peering <ul><li>For EBGP the default TTL value is 1. So in order to make the neighborhood over  loopback interfaces w...
Network command <ul><li>In IGP; via network command we make the neighborship but in BGP we use this command for the prefix...
<ul><li>Why can’t we ping 55.55.55.55 from R1- R2 - R3 ? </li></ul><ul><li>At AS1234 router’s we see as the next-hop for 5...
Route-Reflector <ul><li>Remember the rule that the route learnt from ibgp peer does not sent to other ibgp peer. </li></ul...
Route-reflector-client RR ibgp
Route-reflection with clusters <ul><li>as100 </li></ul>h R1 R4 R5 sw4 sw2 R3 SW3 SW1 R6 RR BB3 BB1 Clıuster id 150.1.1.1 C...
Route-Reflection with Clusters <ul><li>1-routes learnt from EBGP peers can be sent to other EBGP peers, clients and non-cl...
IBGP Confederations AS65012 AS65034 cbgp cbgp
IBGP Confederation <ul><li>Configure with the Sub-AS. </li></ul><ul><li>//  router bgp 65012 </li></ul><ul><li>configure A...
Authenticating BGP Peerings <ul><li>MD5 is Default. Implement directly to the router. </li></ul>
iBGP Synchronization <ul><li>If IBGP synchronizatin is enabled, for a route to be valid, it should be learnt from IGP firs...
İnternet cloud igp igp BB1 BB2 CE1 CE2 C1 ebgp ebgp ibgp
<ul><li>In this scenario, while CE1 sending the routes learnt from BB1, it will first send to C1 as physical way. </li></u...
BGP over GRE AS200 AS254 AS100 AS54 tunnel 10.0.0.2/24 10.0.0.4/24
<ul><li>Between R2 and R4, IGP is configured (bgp unaware) </li></ul>
<ul><li>At R2 </li></ul><ul><li>interface Tunnel0 </li></ul><ul><li>ip address 10.0.0.2 255.255.255.0 </li></ul><ul><li>tu...
<ul><li>At R4 </li></ul><ul><li>interface Tunnel0 </li></ul><ul><li>ip address 10.0.0.4 255.255.255.0 </li></ul><ul><li>tu...
BGP Redistribute Internal AS100 AS54 AS54 Bgp to IGP RR Advertise 112.0.0.1/24 to bgp Advertise 112.0.0.1/24 to bgp
<ul><li>At R1, configured EIGRP external AD higher then IBGP. </li></ul><ul><li>Since originally R1 is learning these 112....
BGP Redistribute Internal <ul><li>While type “redistribute bgp” under IGP, IBGP routes will not redistributed. In order to...
<ul><li>At R1 </li></ul><ul><li>router eigrp 100 </li></ul><ul><li>network 155.1.0.0 </li></ul><ul><li>distance eigrp 90 2...
BGP Peer Groups <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor  IBGP_PEERS  peer-group </li></u...
Bgp best path selection criteria <ul><li>Exclude routes with inaccessible next hop </li></ul><ul><li>Weight : with this co...
Best-path selection - Weight Weight 10
<ul><li>Default is 0 , bigger is better. Give you control of the routes on the same router.  </li></ul><ul><li>We can conf...
Best Path Selection Local Preference Local-pref 103
Best Path Selection Local Preference <ul><li>It effects all local AS routers. </li></ul><ul><li>This attributes only sent ...
AS Path Each time a route pass through an AS, each AS information is added to prevent loop. we can modify the passed AS as...
Best-path Selection As Path <ul><li>Both upload and download traffic can be modified. </li></ul><ul><li>In order to effect...
Best-path Selection As Path AS path 10 20 30
Best-Path Selection Origin <ul><li>Injected prefixes with network command  are superior to redistributed ones to bgp. </li...
Best-Path Selection Origin Origin  with ?
<ul><li>Higher one has lower priority. </li></ul><ul><li>In normal situation BGP only compares med for learnt from same AS...
Best-Path Selection MED Metric 10
MED Always compare cloud 5.5.5.5/32 metric 50 5.5.5.5/32
BGP Aggregation <ul><li>We can aggregate prefixes from different AS’es as well. </li></ul><ul><li>All prefixes (both summa...
BGP Aggregation 10.0.0.0 /24 10.0.1.0 /24 10.0.2.0 /24 10.0.3.0 /24 10.0.0.0 /22
BGP Aggregation Summary-only 10.0.0.0 /22
BGP Aggregation Summary-only Suppress-map 10.0.0.0 /22 10.0.2.0/24
BGP Aggregation Summary-only Unsuppress-map 10.0.0.0 /22 10.0.1.0/24 10.0.0.0 /22
BGP Aggregation AS-SET <ul><li>While aggregation is done at another router (in which prefixes are not originated) AS infor...
BGP Aggregation AS-SET 10.0.0.0 /22 {1,2,3,4} X No bgp
BGP Aggregation Advertise-Map Allowas-in 10.0.0.0 /22 {1,2,4} 10.0.0.0 /22 10.0.0.0 /22 x No bgp
Bgp communities <ul><li>There are 4 well known community : </li></ul><ul><li>Internet  : useless </li></ul><ul><li>Local-A...
BGP Communities no-export AS65012 cbgp ebgp 55.55.55.55/32  x No bgp AS65034 55.55.55.55/32  community 200:200 55.55.55.55...
BGP Communities no-advertise AS65012 cbgp ebgp 55.55.55.55/32  x No bgp AS65034 55.55.55.55/32  community 200:200 55.55.55...
BGP Communities local-as AS65012 cbgp ebgp 33.33.33.33/32 community 300:300 x No bgp AS65034 33.33.33.33/32  33.33.33.33/3...
 
<ul><li>EXTRAS </li></ul>
BGP Bestpath Selection Weight
<ul><li>At SW1 </li></ul><ul><li>ip as-path access-list 4 permit  _254$ </li></ul><ul><li>ip as-path access-list 54 permit...
BGP Bestpath Selection – Local Preference
<ul><li>At R6 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li>...
BGP Bestpath Selection AS Path Prepending
<ul><li>At R3 and R5 </li></ul><ul><li>ip as-path access-list 4 perm it  _254$ </li></ul><ul><li>router bgp 200 </li></ul>...
BGP Bestpath Selection - Origin
<ul><li>At R5 </li></ul><ul><li>ip as-path access-list  10  perm it   ^254$ </li></ul><ul><li>route-map MODIFY-AS254-ORIGI...
BGP Bestpath Selection - MED
<ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 200 </li></ul><ul><li>neigh...
Filtering with prefix-list AS65012 cbgp ebgp 30.30.30.30/32 x No bgp AS65034 30.30.30.30/32
BGP Communities Catching AS60 Setting community 200:200 Sending communities Catching communities 200:200 Setting local-pre...
BGP Communities <ul><li>At R1 </li></ul><ul><li>ip as-path access-list  1  permit  60$ </li></ul><ul><li>route-map  SET_CO...
Communities – No - Advertise X X
BGP Communities – No - Advertise <ul><li>At R2 </li></ul><ul><li>route-map  SET_COMMUNITY </li></ul><ul><li>set community ...
BGP Communities – NO-Export X X X
BGP Communities – NO-Export <ul><li>At R2 </li></ul><ul><li>route-map  SET_COMMUNITY  permit 10 </li></ul><ul><li>set comm...
BGP Filtering with Prefix-List 222.22.2.0/24 X 0.0.0.0/0le 22
BGP Filtering with Prefix-List <ul><li>At R2 </li></ul><ul><li>ip prefix-list  BLOCK_222  deny 222.22.2.0/24 </li></ul><ul...
BGP Filtering with Standart Access-List <ul><li>At R2 </li></ul><ul><li>access-list standard  BLOCK_222 </li></ul><ul><li>...
BGP Filtering with Extended Access-List <ul><li>At R4 </li></ul><ul><li>ip access-list extended  EVEN_3RD_OCTET_GT22 </li>...
BGP Filtering with Maximum Prefix <ul><li>Rack1SW1(config-router)#neighbor 155.1.37.3  maximum-prefix 20 warning-only </li...
BGP Dampening <ul><li>At R2, R3, R5, SW2, SW4 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>bgp dampening 4 750 2000 ...
BGP Backdoor eigrp ebgp ebgp
<ul><li>If a route learned both from IGP and EBGP; EBGP is prefered since the distance is 20. </li></ul><ul><li>----------...
BGP Backdoor <ul><li>R1 (config-router)#netw ork  2.2.2.2 mask 255.255.255.255 backdoor </li></ul><ul><li>R1(config-router...
BGP Soft Reconfiguration <ul><li>At R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254  soft-reco...
BGP Bestpath Selection – Maximum AS Limit <ul><li>R1, R4, R6’da  </li></ul><ul><li>router bgp 100 </li></ul><ul><li>bgp ma...
BGP Aggregation network 10.0.0.0 mask 255.255.255.0 network 10.0.1.0 mask 255.255.255.0 network 10.0.2.0 mask 255.255.255....
BGP Aggregation <ul><li>At R2 </li></ul><ul><li>int lo 100 </li></ul><ul><li>ip address 10.0.0.1 255.255.255.0 </li></ul><...
BGP next-hop processing – manual modification <ul><li>Next-hop-self komutu  kullanamadığımız durumda next-hop u  neighbor’...
BGP Aggregation – Summary Only <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 10.0.0.0 mask 255....
BGP Aggregation – Suppress Map <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 10.0.0.0 mask 255....
BGP Aggregation – Unsuppress Map <ul><li>At R3 </li></ul><ul><li>ip prefix-list  BIR0  permit 10.0.1.0/24 </li></ul><ul><l...
BGP Aggregation - AS-Set <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>aggregate-address 112.0.0.0 248....
BGP Aggregation – Attribute Map <ul><li>At R4 </li></ul><ul><li>ip prefix-list  NET - 112  permit 112.0.0.0/8 </li></ul><u...
BGP Aggregation - Advertise-map  <ul><li>At R2  </li></ul><ul><li>int lo 222220 </li></ul><ul><li>ip add 222.22.0.1 255.25...
BGP Regular Expressions <ul><li>Sadece 3491’lerden gelenleri öğrenmek için. </li></ul><ul><li>#show ip bgp regexp ^3491$. ...
BGP Confederation 65508 65379 65146 200
<ul><li>At R1 </li></ul><ul><li>router bgp 65146 </li></ul><ul><li>bgp confederation identifier 100 </li></ul><ul><li>bgp ...
<ul><li>At R3 </li></ul><ul><li>router bgp 65379 </li></ul><ul><li>bgp confederation identifier 100 </li></ul><ul><li>bgp ...
BGP Bestpath Selection – Always Compare MED Lo1 1.2.3.4/32 Lo1 1.2.3.4/32
<ul><li>At SW2, SW4, R5, R3 </li></ul><ul><li>router bgp 200   /////********* </li></ul><ul><li>bgp always-compare-med </l...
BGP Bestpath Selection – AS–Path Ignore <ul><li>As 200 router’larında (r3-r2-r5-sw2-sw4) </li></ul><ul><li>Router bgp 200 ...
BGP Bestpath Selection – DMZ <ul><li>Load balance yapabilmesi için: </li></ul><ul><li>1- weight, local pref, origin, med, ...
BGP Backdoor <ul><li>At SW1 </li></ul><ul><li>int lo 1 </li></ul><ul><li>ip address 150.1.77.77 255.255.255.0 </li></ul><u...
****TCL to ping**** <ul><li>#tclsh </li></ul><ul><li>For each address { </li></ul><ul><li>1.1.1.1 </li></ul><ul><li>2.2.2....
ip as-path access-list
ip as-path access-list  <ul><li>In a topology as above; wants to achieve from AS 100 traffic to AS 254 pass through the AS...
BGP Communities Local AS <ul><li>At R1 </li></ul><ul><li>router bgp 65014 </li></ul><ul><li>bgp confed ide 100 </li></ul><...
<ul><li>At R6 </li></ul><ul><li>router bgp 65006 </li></ul><ul><li>bgp confed ide 100 </li></ul><ul><li>bgp confed peer 65...
BGP Communities - Deleting Taggin with 254:100 200:254 200:123 Add tag 300:200 254:100 200:254 200:123
BGP Communities - Deleting <ul><li>At R2 </li></ul><ul><li>route-map SET_COMMUNITY  </li></ul><ul><li>no set community  </...
<ul><li>At SW1 </li></ul><ul><li>ip community-list  expanded AS200  permit  200:[0-9]+_ </li></ul><ul><li>Route-map RESET_...
BGP Conditional Advertisement <ul><li>At R3 </li></ul><ul><li>ip as-path access-list  1 permit 254$ </li></ul><ul><li>rout...
BGP Conditional Route Injection <ul><li>At R2 </li></ul><ul><li>int lo 200 </li></ul><ul><li>ip add 10.0.0.1 255.255.255.0...
<ul><li>At R4 similiar R6 </li></ul><ul><li>ip prefix-list  INJECT_PREFIX  permit 10.0.1.0/24 </li></ul><ul><li>ip prefix-...
BGP Regular Expressions <ul><li>SW1 </li></ul><ul><li>ip as-path access-list  1  permit  ^$ </li></ul><ul><li>Route-map  T...
BGP Default Routing <ul><li>R2 </li></ul><ul><li>ip  prefix-list LINK_TO_BB2  permit 192.10.1.0/24 </li></ul><ul><li>route...
BGP Local AS <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>no neighbor 155.1.146.4  route-reflector-cli...
BGP Dampening with Route-map <ul><li>At R2, R3, R5, SW2, SW4 </li></ul><ul><li>ip as-path access-list  100  permit  _100$ ...
BGP Local AS Replace-AS/Dual-AS <ul><li>At R1 </li></ul><ul><li>no router bgp 100 </li></ul><ul><li>router bgp 146 </li></...
BGP Remove Private AS <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254  remove-priva...
BGP Timers Tuning <ul><li>R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>timers bgp 5 15 </li></ul><ul><li>neighbor...
BGP Fast Fallover <ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>no bgp fast-external-fallover </li></ul...
BGP Outbound Route Filtering <ul><li>At R1 similiar R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.1...
BGP Next-hop Trigger <ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>bgp  nexthop trigger delay 30 </li><...
BGP TTL Security <ul><li>R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3  ttl-security hops 1 </...
BGP AllowAS in <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 2.2.2.0 mask 255.255.255.0 </li></...
Useful commands 3 Carat “^” means begins with ; $ means end with the system “ .” any character including space “ _” matche...
Upcoming SlideShare
Loading in …5
×

Bgp For Presentation

1,192 views
1,106 views

Published on

bgp

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,192
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
104
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • EBGP TTL is 1 by default. Synchronization causes rib failures, in order to get rid of rib failure, “bgp suppress-inactive” can be configured.
  • R1 router bgp 100 neighbor 2.2.2.2 disable-connected-check R2 router bgp 200 neighbor 1.1.1.1 disable-connected-check
  • MD5 is Default.
  • R4 (AS100), BB3 (AS54) ile ebgp komşuluk kursun; R2(AS200), BB2(AS254) ile ebgp komşuluk kursun. R4 ile R2 ebgp konuşsun. Diğer routerlar bgp unaware. Configuring a tunel between R2 ve R4 . IGP is configured between R2 - R4 ;
  • R2; before changing next hop Rack1R2(config-router)#do sh ip bgp BGP table version is 17, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 155.1.146.4 0 100 54 i *&gt; 28.119.17.0/24 155.1.146.4 0 100 54 i *&gt; 112.0.0.0 155.1.146.4 0 100 54 50 60 i *&gt; 113.0.0.0 155.1.146.4 0 100 54 50 60 i *&gt; 114.0.0.0 155.1.146.4 0 100 54 i *&gt; 115.0.0.0 155.1.146.4 0 100 54 i *&gt; 116.0.0.0 155.1.146.4 0 100 54 i *&gt; 117.0.0.0 155.1.146.4 0 100 54 i *&gt; 118.0.0.0 155.1.146.4 0 100 54 i *&gt; 119.0.0.0 155.1.146.4 0 100 54 i *&gt; 150.1.2.0/24 0.0.0.0 0 32768 i *&gt; 150.1.4.0/24 155.1.146.4 0 0 100 i *&gt; 205.90.31.0 192.10.1.254 0 0 254 ? *&gt; 220.20.3.0 192.10.1.254 0 0 254 ? *&gt; 222.22.2.0 192.10.1.254 0 0 254 ? After next-hop modified Rack1R2(config-router)#do sh ip bgp BGP table version is 28, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 10.0.0.4 0 100 54 i *&gt; 28.119.17.0/24 10.0.0.4 0 100 54 i *&gt; 112.0.0.0 10.0.0.4 0 100 54 50 60 i *&gt; 113.0.0.0 10.0.0.4 0 100 54 50 60 i *&gt; 114.0.0.0 10.0.0.4 0 100 54 i *&gt; 115.0.0.0 10.0.0.4 0 100 54 i *&gt; 116.0.0.0 10.0.0.4 0 100 54 i *&gt; 117.0.0.0 10.0.0.4 0 100 54 i *&gt; 118.0.0.0 10.0.0.4 0 100 54 i *&gt; 119.0.0.0 10.0.0.4 0 100 54 i *&gt; 150.1.2.0/24 0.0.0.0 0 32768 i *&gt; 150.1.4.0/24 10.0.0.4 0 0 100 i *&gt; 205.90.31.0 192.10.1.254 0 0 254 ? *&gt; 220.20.3.0 192.10.1.254 0 0 254 ? *&gt; 222.22.2.0 192.10.1.254 0 0 254 ?
  • In order to sent bgp information over tunnel; configured a route-map bind to neighbor as next hop is the tunnel IP. Rack1R2(config-router)#do ping 112.0.0.1 sour lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 112.0.0.1, timeout is 2 seconds: Packet sent with a source address of 150.1.2.2 !!!!! Rack1R2(config-router)#do trace 112.0.0.1 sour lo0 Type escape sequence to abort. Tracing the route to 112.0.0.1 1 10.0.0.4 56 msec 20 msec 20 msec 2 204.12.1.254 20 msec 20 msec 20 msec 3 172.16.4.1 36 msec * 52 msec
  • RR’de next-hop-self komutu çalışmaz; route map ile next hop’u set etmeliyiz.
  • R1 de distance’ı yazmasaydık SW4’ten BB route’larına ulaşmaya calısırken routing loop olusacaktı; R1 de IGP, IBGP’yi preempt yapacaktı ve R1; R3 e paketi gonderecekti; R3 ise Route-reflectoru R1 olduğundan paketi geri R1 e gonderecekti. At R4 similiar R6 router bgp 100 no synchronization bgp log-neighbor-changes network 155.1.146.0 mask 255.255.255.0 aggregate-address 155.1.0.0 255.255.0.0 neighbor 155.1.146.1 remote-as 100 neighbor 155.1.146.1 next-hop-self neighbor 204.12.1.254 remote-as 54 no auto-summary
  • BGP Mandotory Attributes ---------------- AS-Path Origin Next Hop If everything are same check the router-id, lowest one wins
  • SW1 de yapacağımız configurasyon ile AS300 den AS54’e giden trafik çıkış noktası olarak R3 u kullansın. AS300den AS254’e giden trafik R6’yı çıkış noktası kabul etsin. Bizim çıkışımızı etkilediğinden sadece upload trafiğiyle ilgili manupulasyon yapabiliriz. Local route’larımızın değeri max değer olan 32768 gorunur.
  • Rack1SW1(config-router)#do sh ip bgp BGP table version is 46, local router ID is 155.1.7.7 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 28.119.16.0/24 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i * 28.119.17.0/24 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i *&gt; 112.0.0.0 155.1.67.6 0 100 54 50 60 i * 155.1.37.3 0 200 100 54 50 60 i *&gt; 113.0.0.0 155.1.67.6 0 100 54 50 60 i * 155.1.37.3 0 200 100 54 50 60 i * 114.0.0.0 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i * 115.0.0.0 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i * 116.0.0.0 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i * 117.0.0.0 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i * 118.0.0.0 155.1.67.6 0 100 54 i Network Next Hop Metric LocPrf Weight Path *&gt; 155.1.37.3 120 200 100 54 i * 119.0.0.0 155.1.67.6 0 100 54 i *&gt; 155.1.37.3 120 200 100 54 i *&gt; 155.1.0.0 155.1.67.6 0 0 100 i * 155.1.37.3 0 200 100 i *&gt; 205.90.31.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ? *&gt; 220.20.3.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ? *&gt; 222.22.2.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ?
  • R6’da yapacağımız configurasyon ile AS100 içersinden AS254’e geçiş AS300 uzerinden olsun. Local pref ile sadece upload yonundeki trafik ile oynayabiliriz. Rack1R6(config-router)#do sh ip bgp BGP table version is 32, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i * i112.0.0.0 204.12.1.254 0 100 0 54 50 60 i *&gt; 54.1.1.254 0 0 54 50 60 i * i113.0.0.0 204.12.1.254 0 100 0 54 50 60 i *&gt; 54.1.1.254 0 0 54 50 60 i * i114.0.0.0 204.12.1.254 0 100 0 54 i *&gt; 54.1.1.254 0 0 54 i * i115.0.0.0 204.12.1.254 0 100 0 54 i *&gt; 54.1.1.254 0 0 54 i * i116.0.0.0 204.12.1.254 0 100 0 54 i *&gt; 54.1.1.254 0 0 54 i * i117.0.0.0 204.12.1.254 0 100 0 54 i *&gt; 54.1.1.254 0 0 54 i * i118.0.0.0 204.12.1.254 0 100 0 54 i Network Next Hop Metric LocPrf Weight Path *&gt; 54.1.1.254 0 0 54 i * i119.0.0.0 204.12.1.254 0 100 0 54 i *&gt; 54.1.1.254 0 0 54 i *&gt; 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s&gt; 155.1.146.0/24 0.0.0.0 0 32768 i *&gt; 205.90.31.0 155.1.67.7 200 0 300 200 254 ? *&gt; 220.20.3.0 155.1.67.7 200 0 300 200 254 ? *&gt; 222.22.2.0 155.1.67.7 200 0 300 200 254 ?
  • Rack1R4#sh ip bgp BGP table version is 40, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 204.12.1.254 0 0 54 i *&gt; 28.119.17.0/24 204.12.1.254 0 0 54 i *&gt; 112.0.0.0 204.12.1.254 0 54 50 60 i *&gt; 113.0.0.0 204.12.1.254 0 54 50 60 i *&gt; 114.0.0.0 204.12.1.254 0 54 i *&gt; 115.0.0.0 204.12.1.254 0 54 i *&gt; 116.0.0.0 204.12.1.254 0 54 i *&gt; 117.0.0.0 204.12.1.254 0 54 i *&gt; 118.0.0.0 204.12.1.254 0 54 i *&gt; 119.0.0.0 204.12.1.254 0 54 i *&gt; 155.1.0.0 0.0.0.0 32768 i s&gt; 155.1.146.0/24 0.0.0.0 0 32768 i * 205.90.31.0 155.1.45.5 0 200 254 ? *&gt;i 155.1.67.7 0 200 0 300 200 254 ? * 220.20.3.0 155.1.45.5 0 200 254 ? *&gt;i 155.1.67.7 0 200 0 300 200 254 ? * 222.22.2.0 155.1.45.5 0 200 254 ? Network Next Hop Metric LocPrf Weight Path *&gt;i 155.1.67.7 0 200 0 300 200 254 ?
  • Rack1R6(config-router)#do sh ip bgp BGP table version is 24, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 112.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *&gt; 113.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *&gt; 114.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 115.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 116.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 117.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 118.0.0.0 54.1.1.254 0 0 54 i Network Next Hop Metric LocPrf Weight Path * i 204.12.1.254 0 100 0 54 i *&gt; 119.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s&gt; 155.1.146.0/24 0.0.0.0 0 32768 i *&gt; 205.90.31.0 155.1.67.7 0 300 200 254 ? *&gt; 220.20.3.0 155.1.67.7 0 300 200 254 ? *&gt; 222.22.2.0 155.1.67.7 0 300 200 254 ?
  • AS200’de yapacağımız config ile AS100’den AS254’e giden trafik AS300’ü secsin. download ile oynayabiliriz. Rack1R6(config-router)#do sh ip bgp BGP table version is 24, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 112.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *&gt; 113.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *&gt; 114.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 115.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 116.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 117.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 118.0.0.0 54.1.1.254 0 0 54 i Network Next Hop Metric LocPrf Weight Path * i 204.12.1.254 0 100 0 54 i *&gt; 119.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *&gt; 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s&gt; 155.1.146.0/24 0.0.0.0 0 32768 i *&gt; 205.90.31.0 155.1.67.7 0 300 200 254 ? *&gt; 220.20.3.0 155.1.67.7 0 300 200 254 ? *&gt; 222.22.2.0 155.1.67.7 0 300 200 254 ?
  • Rack1R4# sh ip bgp regexp _254$ BGP table version is 61, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 205.90.31.0 155.1.45.5 0 200 254 i *&gt; 220.20.3.0 155.1.45.5 0 200 254 i *&gt; 222.22.2.0 155.1.45.5 0 200 254 i Rack1R6#sh ip bgp regexp _254$ BGP table version is 39, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 205.90.31.0 155.1.67.7 0 300 200 254 ? *&gt;i 155.1.45.5 0 100 0 200 254 i * 220.20.3.0 155.1.67.7 0 300 200 254 ? *&gt;i 155.1.45.5 0 100 0 200 254 i * 222.22.2.0 155.1.67.7 0 300 200 254 ? *&gt;i 155.1.45.5 0 100 0 200 254 i
  • AS200’de yapacağımız config ile AS100’den AS254’e giden trafik R4-R5 arasındaki yolu tercih etsin.
  • AS100’de yapacağımız configurasyon ile AS200’den AS54’e giden trafik R4- R5 yolunu izlesin, MED ile oynayarak.
  • Default metric 0; kucuk olan tercih edilir. Rack1R3(config-router)#do show ip bgp regexp _54$ BGP table version is 23, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt;i28.119.16.0/24 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i28.119.17.0/24 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i114.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i115.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i116.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i117.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i Network Next Hop Metric LocPrf Weight Path * 155.1.13.1 50 0 100 54 i *&gt;i118.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *&gt;i119.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i
  • Niye varlar : prefix’leri gruplamaya yararlar; böylelikle içeride ki cihazlarda tek tek prefix list yazıp; filtreleme ya da modify etmek yerine belirli community’lere belirli ozellikler atayabiliriz.
  • AS 200 de yapacağımız config ile eBGP community 200:200 ile taglanmış prefix’leri local-pref 200 yapsın. R1’de yapacağımız config ile AS200’un AS60 dan gelen prefix’ler için R3 uzerinden R1’i tercih etsinler. Ne yaptık : R1’ de AS60’ları yakalayıp, community değerini 200:200 yaptık ve bunu R3 komşuluğuna yolladık. R3’te bu 200:200 community’sini yakalayıp; local-prefini 200 yaptık. Community değerini sh ip bgp 112.0.0.0 da doğru düzgün görebilmek için “ip bgp-community new-format “ configure ettik. Rack1R3#sh ip bgp 112.0.0.0 BGP routing table entry for 112.0.0.0/8, version 48 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x9C0 Advertised to update-groups: 3 4 5 100 54 50 60 155.1.13.1 from 155.1.13.1 (150.1.1.1) Origin IGP, localpref 200, valid, external, best Community: 200:200 300 100 54 50 60 155.1.37.7 from 155.1.37.7 (155.1.7.7) Origin IGP, localpref 100, valid, external
  • R2’de yapacağımız configurasyon ile AS254’ten öğrendiği prefix’leri hicbir peer’ına advertise etmesin. Prefix filtering kullanma. Rack1R3#sh ip bgp regexp _254$
  • R2 dekii configurasyonu modifiye edelim ki AS254 route’ları AS200 de dolaşabilsin ama AS200 dışına çıkmasın. Rack1SW3#sh ip bgp regexp _254$ Rack1SW3# Rack1R3#sh ip bgp regexp _254$ BGP table version is 51, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i205.90.31.0 192.10.1.254 0 100 0 254 ? *&gt;i 192.10.1.254 0 100 0 254 ? * i220.20.3.0 192.10.1.254 0 100 0 254 ? *&gt;i 192.10.1.254 0 100 0 254 ? * i222.22.2.0 192.10.1.254 0 100 0 254 ? *&gt;i 192.10.1.254 0 100 0 254 ? Rack1R3#sh ip bgp 205.90.31.0 BGP routing table entry for 205.90.31.0/24, version 49 Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 3 5 254 192.10.1.254 (metric 2560512256) from 155.1.0.5 (150.1.5.5) Origin incomplete, metric 0, localpref 100, valid, internal Originator: 150.1.2.2, Cluster list: 150.1.5.5 254, (Received from a RR-client) 192.10.1.254 (metric 2560512256) from 155.1.23.2 (150.1.2.2) Origin incomplete, metric 0, localpref 100, valid, internal, best Community: no-export
  • before Rack1R2#sh ip bgp regexp _254$ BGP table version is 25, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 205.90.31.0 192.10.1.254 0 0 254 ? *&gt; 220.20.3.0 192.10.1.254 0 0 254 ? *&gt; 222.22.2.0 192.10.1.254 0 0 254 ? After Rack1R2#sh ip bgp regexp _254$ BGP table version is 26, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 205.90.31.0 192.10.1.254 0 0 254 ? *&gt; 220.20.3.0 192.10.1.254 0 0 254 ?
  • R2 de yapacağımız prefix-list ile BB2’den 222.22.2.0/24 i almasın, bunu direk neighbor’a yazsın. R4 te yazacağımız prefix-list ile BB3’ten /22 den buyuk prefixleri almasın. Bunu route-map ile neighbor’a yazalım.
  • R2 den BB2’den 222.22.2.0’ı almasın, direk neighbor’a yaz. R4’te ilk octetinde cift sayı varsa almasın bunu route-map ile yapalım.
  • R4 te 3. octeti cift olan ve /22 den buyuk olan BB3’ten gelen prefixleri almasın, bunu direk neighbor’a uygulayalım.
  • R6, BB1’den 20 den fazla prefix öğrenirse, komşuluğu düşürsün. R6; BB1’den 16dan fazla prefix almaya başladığında warning mesaj atsın. Peering düştükten sonra 3 dakika içinde tekrar kurmaya çalışsın. SW1’de R3’ten 20’den fazla prefix aldığında warning mesajı üretsin.
  • R1’de lo1 yarat ip adresi 1.1.1.1/24 olsun. Bgp’ye redistribute et. AS200 router’larını, network’te osilasyon olduğunda advertisement’ları suppress edecek şekilde ayarla. Prefix sırada iki kez flap ettiğinde ; advertisement 5 dakika sonra gelsin.
  • Attention that ‘network 2.2.2.2 .... Backdoor’ command has configured at R1 router; while 2.2.2.2 prefix is at R2.
  • R4 BB3’ten gelen butun prefixleri; inbound filterlardan bağımsız olarak kabul etsin.
  • It makes AS 100 only get the routes from neighbor originated AS’s. AS100’ün sadece komşu AS’lerde üretilen AS’lerden prefix almasını sağlayalım.
  • Rack1R2(config-router)#do sh ip bgp BGP table version is 91, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 10.0.0.0/24 0.0.0.0 0 32768 i *&gt; 10.0.0.0/22 0.0.0.0 32768 i *&gt; 10.0.1.0/24 0.0.0.0 0 32768 i *&gt; 10.0.2.0/24 0.0.0.0 0 32768 i *&gt; 10.0.3.0/24 0.0.0.0 0 32768 i
  • Rack1R1#sh ip bgp BGP table version is 59, local router ID is 150.1.1.1 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i28.119.16.0/24 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i28.119.17.0/24 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i112.0.0.0 155.1.146.6 0 100 0 54 50 60 i *&gt;i 155.1.146.4 0 100 0 54 50 60 i * i113.0.0.0 155.1.146.6 0 100 0 54 50 60 i *&gt;i 155.1.146.4 0 100 0 54 50 60 i * i114.0.0.0 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i115.0.0.0 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i116.0.0.0 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i117.0.0.0 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i * i118.0.0.0 155.1.146.6 0 100 0 54 i Network Next Hop Metric LocPrf Weight Path *&gt;i 155.1.146.4 0 100 0 54 i * i119.0.0.0 155.1.146.6 0 100 0 54 i *&gt;i 155.1.146.4 0 100 0 54 i *&gt; 150.1.1.0/24 0.0.0.0 0 32768 i * i150.1.2.0/24 155.1.23.2 0 100 0 200 i *&gt;i 155.1.0.5 0 100 0 200 i *&gt;i150.1.3.0/24 155.1.0.3 0 100 0 i *&gt;i150.1.4.0/24 155.1.146.4 0 100 0 i *&gt;i150.1.5.0/24 155.1.0.5 0 100 0 i *&gt;i150.1.6.0/24 155.1.146.6 0 100 0 i *&gt;i150.1.7.0/24 155.1.67.7 0 100 0 i *&gt;i150.1.8.0/24 155.1.58.8 0 100 0 i *&gt;i150.1.9.0/24 155.1.79.9 0 100 0 i *&gt;i150.1.10.0/24 155.1.108.10 0 100 0 i * i205.90.31.0 155.1.23.2 0 100 0 200 254 ? *&gt;i 155.1.0.5 0 100 0 200 254 ? * i220.20.3.0 155.1.23.2 0 100 0 200 254 ? *&gt;i 155.1.0.5 0 100 0 200 254 ? * i222.22.2.0 155.1.23.2 0 100 0 200 254 ? *&gt;i 155.1.0.5 0 100 0 200 254 ?
  • Rack1R2(config-router)#do sh ip bgp BGP table version is 95, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path s&gt; 10.0.0.0/24 0.0.0.0 0 32768 i *&gt; 10.0.0.0/22 0.0.0.0 32768 i s&gt; 10.0.1.0/24 0.0.0.0 0 32768 i s&gt; 10.0.2.0/24 0.0.0.0 0 32768 i s&gt; 10.0.3.0/24 0.0.0.0 0 32768 i
  • R2’de yapacağımız modification ile summary-route ile birlikte 10.0.2.0/24 route’unu da advertise etsin.
  • R3 ve R5 te yapacağımız config ile AS100 ve AS54 route’ları 10.0.1.0/24 e AS300 uzerinden gitsin. Rack1R3(config-router)#do sh ip bgp BGP table version is 112, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path s&gt;i10.0.0.0/24 155.1.23.2 0 100 0 i * i10.0.0.0/22 155.1.0.5 0 100 0 i *&gt; 0.0.0.0 32768 i Rack1R6#sh ip bgp BGP table version is 109, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 10.0.0.0/22 155.1.67.7 0 300 200 i *&gt;i 155.1.13.3 0 100 0 200 i *&gt; 10.0.1.0/24 155.1.67.7 0 300 200 i
  • R1de 112.0.0.0/24 119.0.0.0/24’ü aggrege edelim. Bu yeni prefix AS54’e gitmesin, bunun için filtering uygulamayalım. Rack1R4#sh ip bgp BGP table version is 96, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i10.0.0.0/22 155.1.13.3 0 100 0 200 i *&gt; 155.1.45.5 0 0 200 i *&gt;i10.0.1.0/24 155.1.67.7 0 100 0 300 200 i *&gt; 28.119.16.0/24 204.12.1.254 0 0 54 i *&gt; 28.119.17.0/24 204.12.1.254 0 0 54 i *&gt; 112.0.0.0 204.12.1.254 0 54 50 60 i *&gt;i112.0.0.0/5 155.1.146.1 0 100 0 {54,50,60} i *&gt; 113.0.0.0 204.12.1.254 0 54 50 60 i BB3#sh ip bgp BGP table version is 102, local router ID is 31.3.0.1 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i10.0.0.0/22 172.16.4.1 0 100 0 100 200 i *&gt; 204.12.1.4 0 100 200 i *&gt; 10.0.1.0/24 204.12.1.4 0 100 300 200 i * i 172.16.4.1 0 100 0 100 300 200 i *&gt; 28.119.16.0/24 0.0.0.0 0 32768 i *&gt; 28.119.17.0/24 0.0.0.0 0 32768 i *&gt;i112.0.0.0 172.16.4.1 0 100 0 i *&gt;i113.0.0.0 172.16.4.1 0 100 0 i *&gt;i114.0.0.0 172.16.4.1 0 100 0 i *&gt;i115.0.0.0 172.16.4.1 0 100 0 i *&gt;i116.0.0.0 172.16.4.1 0 100 0 i *&gt;i117.0.0.0 172.16.4.1 0 100 0 i *&gt;i118.0.0.0 172.16.4.1 0 100 0 i *&gt;i119.0.0.0 172.16.4.1 0 100 0 i * i150.1.77.0/24 172.16.4.1 0 100 0 100 300 i *&gt; 204.12.1.4 0 100 300 i * i155.1.0.0 172.16.4.1 0 100 0 100 i Network Next Hop Metric LocPrf Weight Path *&gt; 204.12.1.4 0 0 100 i * i205.90.31.0 172.16.4.1 0 100 0 100 200 254 ? *&gt; 204.12.1.4 0 100 200 254 ? * i220.20.3.0 172.16.4.1 0 100 0 100 200 254 ? *&gt; 204.12.1.4 0 100 200 254 ? * i222.22.2.0 172.16.4.1 0 100 0 100 200 254 ? *&gt; 204.12.1.4 0 100 200 254 ?
  • BB3’ten gelen 112.0.0.0/24 u no-export community’si ile tag’la; bunu AS100 boyunca ilet. R1 de yapacağımız summary prefix ile AS300 ve AS200 e gitmesini sağla. Sadece prefix’lerden birinde dahi no-export olduğundan aggrege edilirken hepsini etkiliyor. Attribute-map ile metric No-export : komşu AS’lere iletmez. Rack1R4#sh ip bgp neighb 155.1.45.5 adv BGP table version is 22, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 10.0.0.0/22 155.1.45.5 0 0 200 i *&gt;i10.0.1.0/24 155.1.67.7 0 100 0 300 200 i *&gt; 28.119.16.0/24 204.12.1.254 0 0 54 i *&gt; 28.119.17.0/24 204.12.1.254 0 0 54 i *&gt;i112.0.0.0/5 155.1.146.1 0 100 0 {54,50,60} i *&gt; 113.0.0.0 204.12.1.254 0 54 50 60 i *&gt; 114.0.0.0 204.12.1.254 0 54 i 112.0.0.0/8 yok.
  • R4 ve R6 da bu 222.22.x li routeları aggrege edip, AS 300 de max AS path bilgisinin tutulmasının yanı sıra aggregate route’unun da install edilmesini istiyoruz. AS-SET’i konfigure ettiğimizde, specific route’ların olduğu AS’lere summary route’u göndermeyiz; Advertise-map yaptığıız prefix’in olduğu AS’ e summary prefix’i gönderebiliriz.
  • Rack1R1(config-router)#do sh ip bgp BGP table version is 32, local router ID is 150.1.1.1 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i28.119.16.0/24 54.1.1.254 0 100 0 54 i * i28.119.17.0/24 54.1.1.254 0 100 0 54 i * i112.0.0.0 54.1.1.254 0 100 0 54 50 60 i * i113.0.0.0 54.1.1.254 0 100 0 54 50 60 i * i114.0.0.0 54.1.1.254 0 100 0 54 i * i115.0.0.0 54.1.1.254 0 100 0 54 i * i116.0.0.0 54.1.1.254 0 100 0 54 i * i117.0.0.0 54.1.1.254 0 100 0 54 i * i118.0.0.0 54.1.1.254 0 100 0 54 i * i119.0.0.0 54.1.1.254 0 100 0 54 i *&gt; 150.1.1.0/24 0.0.0.0 0 32768 i *&gt; 150.1.2.0/24 155.1.0.2 0 100 0 (65508) 200 i * 155.1.23.2 0 100 0 (65379) 200 i * 150.1.3.0/24 155.1.0.3 0 100 0 (65508 65379) i *&gt; 155.1.13.3 0 100 0 (65379) i *&gt;i150.1.4.0/24 155.1.146.4 0 100 0 i *&gt; 150.1.5.0/24 155.1.0.5 0 100 0 (65508) i Network Next Hop Metric LocPrf Weight Path *&gt;i150.1.6.0/24 155.1.146.6 0 100 0 i *&gt; 150.1.7.0/24 155.1.37.7 0 100 0 (65379) i *&gt; 150.1.8.0/24 155.1.58.8 0 100 0 (65508) i *&gt; 150.1.9.0/24 155.1.79.9 0 100 0 (65379) i *&gt; 150.1.10.0/24 155.1.108.10 0 100 0 (65508) i *&gt; 205.90.31.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ? *&gt; 220.20.3.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ? *&gt; 222.22.2.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ?
  • Next-hop bilgisi değişmez bu yüzden gerekli modificasyonlar yapılmalı.
  • SW3 ve R6’da lo1 1.2.3.4/32 oluşturup bgp’ye advertise ettik; MED değeri ile oynayarak SW3 teki prefixin tercih edilmesini sağlayalım. Rack1R5(config-router)#do sh ip bgp BGP table version is 60, local router ID is 150.1.5.5 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 1.2.3.4/32 155.1.45.4 120 0 100 300 i *&gt;i 155.1.37.7 90 100 0 300 i Rack1R2(config-router)#do sh ip bgp BGP table version is 62, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i1.2.3.4/32 155.1.37.7 90 100 0 300 i *&gt;i 155.1.37.7 90 100 0 300 i
  • **** Farklı AS’lerden gelen prefix’leri med karsılastıramaz, karsılastırması için bgp always-compare-med yazdık.
  • AS200’den AS54’e giden trafic AS300’ü secsin; AS-path prepend kullanma.
  • At R1 Router bgp 100 maximum-path ibgp 2 bgp dmzlink-bw At R4 similiar at R6 Router bgp 100 bgp dmzlink-bw neighbor 155.1.146.1 send-community extended neighbor 204.12.1.254 dmzlink-bw Load share’i dengelemek için R6’nın BB bağlantısına olan bw’si ile oynadık; Paylaşılan bw’yi gormek için “show ip route 112.0.0.0” a baktık.
  • SW1’de lo1 ip address 150.1.77.77 yaptık ve bgp’ye advertise ettik. AS100 AS300 arasındaki bgp peeringi kapattık; R1 ve R4’un bu yeni subnet’i eBGP yerine EIRRP’den öğrenmesini sağlayalım.
  • R1 ve R4 bgp 100 confederasyonunda, 65014 subconfederasyonunda bulunsun, R6 da 65006’da bulunsun. R4’te lo0’ı advertise et ama sadece R1 alsın, R6 alamasın. Rack1R4(config-router)#do sh ip bgp neighb 155.1.146.6 adv BGP table version is 16, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 204.12.1.254 0 0 54 i *&gt; 28.119.17.0/24 204.12.1.254 0 0 54 i *&gt; 112.0.0.0 204.12.1.254 0 54 50 60 i *&gt; 113.0.0.0 204.12.1.254 0 54 50 60 i *&gt; 114.0.0.0 204.12.1.254 0 54 i *&gt; 115.0.0.0 204.12.1.254 0 54 i *&gt; 116.0.0.0 204.12.1.254 0 54 i *&gt; 117.0.0.0 204.12.1.254 0 54 i *&gt; 118.0.0.0 204.12.1.254 0 54 i *&gt; 119.0.0.0 204.12.1.254 0 54 i *&gt; 155.1.0.0 0.0.0.0 32768 i
  • Rack1R4(config-router)#do sh ip bgp 150.1.4.4 BGP routing table entry for 150.1.4.0/24, version 16 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS) Advertised to update-groups: 2 Local 0.0.0.0 from 0.0.0.0 (150.1.4.4) Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best Community: local-AS Rack1R1(config-router)#do sh ip bgp 150.1.4.0 BGP routing table entry for 150.1.4.0/24, version 15 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS, RIB-failure(17)) Not advertised to any peer Local 155.1.146.4 from 155.1.146.4 (150.1.4.4) Origin IGP, metric 0, localpref 100, valid, confed-internal, best Community: local-AS
  • R2 de 254:100 200:254 ve 200:123 ekleyelim. AS 300’e gelelim; 300:200ü AS100’e giderken ekleyelim; AS300 de 200: x ile başlayanları kaldıralım. Rack1R2(config)#do sh ip bgp 222.22.2.0 BGP routing table entry for 222.22.2.0/24, version 15 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Advertised to update-groups: 3 254 192.10.1.254 from 192.10.1.254 (222.22.2.1) Origin incomplete, metric 0, localpref 100, valid, external, best Community: 200:123 200:254 254:200
  • Rack1R6# sh ip bgp 222.22.2.0 BGP routing table entry for 222.22.2.0/24, version 24 Paths: (3 available, best #2, table Default-IP-Routing-Table) Advertised to update-groups: 2 3 (65014) 200 254 155.1.45.5 (metric 27283200) from 155.1.146.4 (150.1.4.4) Origin incomplete, metric 0, localpref 100, valid, confed-external (65014) 200 254 155.1.13.3 (metric 27283200) from 155.1.146.1 (150.1.1.1) Origin incomplete, metric 0, localpref 100, valid, confed-external, best 300 200 254 155.1.67.7 from 155.1.67.7 (155.1.7.7) Origin incomplete, localpref 100, valid, external Community: 200:123 200:254 254:200
  • R3’te yapacağımız config ile butun AS254 route’larını AS300’den alsın; R1-R3 arasındaki link down olursa AS300’den AS254’e olan trafik AS200’den gecsin. Neighbor &lt;IP&gt; advertise-map MAP1 {non-exist | exist-map} MAP2 MAP1 local bgp table da olmalı; MAP2 ise track edeceğimiz bgp table daki prefix olmalı. Yaptığımız configurasyon ile R3’ten AS254’u eğer R3’ten R1’e ulaşamıyorsak, SW1’e advertise ederiz. Rack1R3#sh ip bgp nei 155.1.37.7 adv BGP table version is 13, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *&gt; 28.119.16.0/24 155.1.13.1 0 100 54 i *&gt; 28.119.17.0/24 155.1.13.1 0 100 54 i *&gt; 112.0.0.0 155.1.13.1 0 100 54 50 60 i *&gt; 113.0.0.0 155.1.13.1 0 100 54 50 60 i *&gt; 114.0.0.0 155.1.13.1 0 100 54 i *&gt; 115.0.0.0 155.1.13.1 0 100 54 i *&gt; 116.0.0.0 155.1.13.1 0 100 54 i *&gt; 117.0.0.0 155.1.13.1 0 100 54 i *&gt; 118.0.0.0 155.1.13.1 0 100 54 i *&gt; 119.0.0.0 155.1.13.1 0 100 54 i *&gt; 155.1.0.0 155.1.13.1 0 100 i *&gt; 155.1.13.0/24 0.0.0.0 0 32768 i
  • R2’de 4 yeni lo 10.0.0.1 /24 so on bgp ye advertise edelim. R4 ve R6 dan yapacağımız config ile AS54 ten 10.0.1.0/24 e gidrken R4’ten; 10.0.2.0/24 e giderken R6dan gecsin. R4 ve R6 dan specific route’lar R1’e gitmesin, SW1’de de loop’u engelle.
  • R1 – R6 arasında lo1 x.x.x.x/32 ip adresiyle ver. BGP’ye dağıt. SW1 de yapacağımız AS-Path access-list ile AS300’un transit AS olmasını engelleyelim. R5 te yapacağımız local preference ile AS200, AS54te genere edilmiş route’lar için R4’ e AS54’te genere edilmemiş (AS54u transit kullanan) R3’e yollasın.. R3’te yapacağımız config ile AS254’ten ogrendiğimiz route’lar R1’e advertise edilmesin.
  • R2; R3 ve R5 e default route origine etsin. Bu default route; eğer R2’nin BB2’ye bağlantısı düşerse yollanmasın.
  • AS100 deki routerlar, AS id lerini 146, yapmak istiyor, R4 ve R6 yeni AS numarasını kullanırken R1 eski AS numarasını kullansın; R1, R4, R6 da herhangi bir değişiklik yapılmayacak ve networkte kesintiye sebep olmayacak.
  • BGP Dampening sadece AS100 de origine edilmiş route’lara uygulansın. Herbir panaltı default1000 poan. Default olarak bu ceza poanı 2000’i aştığında route suppress edilir. Default suppression half-life time is 15 min. Max half-life 4 * half-life. 7.5 dakika sonra ceza poanı azalmaya başlar ve her 5 saniyede exponential olarak azalır. Ceza poanı 750 nin altına dustuğunde route tekrar gonderilmeye başlar.
  • R1’de AS146 de yer alsın R4 ve R6 ya route-reflector olsun. Butun external AS’ler bu AS146’dan unawere olsun. R5, R4 ile peer olsun AS146yı kullanarak. At R6 --------------------- router bgp 146 no synchronization bgp log-neighbor-changes network 155.1.146.0 mask 255.255.255.0 aggregate-address 155.1.0.0 255.255.0.0 summary-only neighbor 54.1.1.254 remote-as 54 neighbor 54.1.1.254 local-as 100 no-prepend replace-as neighbor 155.1.67.7 remote-as 300 neighbor 155.1.67.7 local-as 100 no-prepend replace-as neighbor 155.1.146.1 remote-as 146 no auto-summary Bakarken 146 yı gormeyiz.
  • SW1 ve SW3’u private AS 65089 da kur ve peeringlerini ayarla. SW1’de Lo1 7.7.7.7/24 yarat ve bgp’ye advertise et. AS100 ve AS200 bu prefix’i AS254 ve AS54 ‘e advertise ederken AS numarasını kessin.
  • R2’de bgp process’ini configure edlim, conditional route-advertisement’ı 20 sec yapsın. R2, BB2’ye routing update’lerini hemen gondersin. R2; session deactivation’ı no session activite varken 15 saniyede gerçgerçekleştirsin.
  • Fiziksel bir interface gittiğinde eBGP peering session’ı deactive etme ozelliğini disable edelim . R3’un butun peering session’larını fast peering deactivation için configure edelim.
  • R3 ve R5 te yapacağımız filtering ile R1 ve R4’ün 112.0.0.0/8 ve 114.0.0.0/8 routelarını advertise etmesini engelleyelim.
  • R3; IGP prefix değiştikten 30 saniye sonra BGP prefix next-hop’u da değiştirsin.
  • R3, TCP paketlerini eBGP’den sadece 1 hop’tan uzaksa alsın .
  • R2 ve SW2 2.2.2.0/24 ve 8.8.8.0/24 networklerini BGP’ye advertise etsin. AS 200 router’larında yapacağımız config ile AS 200 partioned olursa; geri kalan parcalar AS100 u transit olarak kullanıp, connectivityi sağlasın.
  • Bgp For Presentation

    1. 1. BGP Alp ISIK
    2. 2. Objectives <ul><li>Part 1 (bgp introduction) </li></ul><ul><li>IBGP Peering </li></ul><ul><li>Update source </li></ul><ul><li>EBGP Peering </li></ul><ul><li>Network command </li></ul><ul><li>Next-hop-self </li></ul><ul><li>Route-Reflector </li></ul><ul><li>Synchronization </li></ul><ul><li>Authentication </li></ul><ul><li>IBGP Confederation </li></ul><ul><li>Redistribute internal </li></ul><ul><li>Peer group </li></ul><ul><li>Part 2 (bgp best-path selection ) </li></ul><ul><li>Weight </li></ul><ul><li>Local-Preference </li></ul><ul><li>AS-Path </li></ul><ul><li>Origin </li></ul><ul><li>MED </li></ul>
    3. 3. Objectives <ul><li>Part 3 (Aggregation) </li></ul><ul><li>Aggregation </li></ul><ul><li>Summary-only </li></ul><ul><li>Suppress-map </li></ul><ul><li>Unsuppress-map </li></ul><ul><li>AS-SET </li></ul><ul><li>Advertise-map </li></ul><ul><li>Allowas-in </li></ul><ul><li>Part 4 (Communities) </li></ul><ul><li>No-export </li></ul><ul><li>No-advertise </li></ul><ul><li>Local-as </li></ul>
    4. 4. General information about BGP <ul><li>EBGP AD20, IBGP AD200 </li></ul><ul><li>BGP uses TCP port 179. </li></ul><ul><li>BGP updates are triggered and incremental. </li></ul><ul><li>Convergence is very slow. </li></ul><ul><li>Routing table is very big. </li></ul><ul><li>Tables </li></ul><ul><li>----------------------------- </li></ul><ul><li>- Neighbor table </li></ul><ul><li>- BGP Table </li></ul><ul><li>- Routing Table </li></ul>
    5. 5. Basic BGP Topology OSPF 1 area 0 ebgp
    6. 6. IBGP Peering <ul><li>Internet network divided by BGP autonomous systems, each ISP/company represented by AS number. </li></ul><ul><li>There are two kind of BGP peering IBGP and EBGP; for IBGP peering, peers need to be in the same AS; EBGP Peering is between different AS’s. </li></ul><ul><li>For IBGP Peering we need full mesh topology or similating full-mesh. Because updates coming from IBGP peer does not sent to other IBGP peers, it’s also called ibgp split-horizon </li></ul>
    7. 7. Update source loopback <ul><li>Between R4 and R1; in order to make bgp neighborship we have 2 choices; either f0/0 or f0/1 and if we choose any of them we will not have any redundancy. Since we are using TCP we are configuring neighborship over lo0 interfaces, it provides redundancy. </li></ul><ul><li>For IBGP peering physical directly connection is not required. </li></ul>R2 R1 lo0 lo0 Bgp session
    8. 8. <ul><li>In order to test if the router is listenning the TCP port : </li></ul><ul><li>------------------------------------------------------------------------------- </li></ul><ul><li>show tcp brief all </li></ul><ul><li>TCB Local Address Foreign Address (state) </li></ul><ul><li>67701674 *.179 1.1.1.1.* LISTEN </li></ul><ul><li>R2# clear ip bgp * </li></ul><ul><li>R2#debug ip bgp events </li></ul><ul><li>R2#debug ip bgp updates </li></ul>
    9. 9. EBGP Peering <ul><li>For EBGP the default TTL value is 1. So in order to make the neighborhood over loopback interfaces we need to increase the value to the required hop value. </li></ul><ul><li>disable-connected-check is an alternate configuration. It’s used for EBGP peers configured over loopback addresses. Provides not to look at TTL value, and send the information. If thare are plenty of neighboorhood over loopback addresses, it provides efficiantly use of sources. </li></ul>
    10. 10. Network command <ul><li>In IGP; via network command we make the neighborship but in BGP we use this command for the prefixes that we want to advertise. </li></ul><ul><li>Need to be careful while writing the mask it should exact match to the routing table. </li></ul><ul><li>What is “r”, “>”, “?”, “i”, “*” ??? </li></ul><ul><li>“ r” is the rib failure; it’s saying that same root is learnt from IGB with higher AD. </li></ul><ul><li>show ip bgp rib-failure. </li></ul>
    11. 11. <ul><li>Why can’t we ping 55.55.55.55 from R1- R2 - R3 ? </li></ul><ul><li>At AS1234 router’s we see as the next-hop for 55.55.55.55, 5.5.5.5 but except R4, the other routers don’t know how to reach 5.5.5.5. </li></ul><ul><li>So “next-hop-self” command needed at R4 for the IBGP neighbor , to be a next-hop of AS5 originated prefixes. </li></ul>Next-hop Self
    12. 12. Route-Reflector <ul><li>Remember the rule that the route learnt from ibgp peer does not sent to other ibgp peer. </li></ul><ul><li>With route reflector configuration we can send the route learnt from ibgp peer to an other one. </li></ul>55.55.55.55 R5 R4 R3 R1 ebgp ibgp ibgp 55.55.55.55 55.55.55.55 X 55.55.55.55 R5 R4 R3 R1 ebgp ibgp ibgp 55.55.55.55 55.55.55.55 RR
    13. 13. Route-reflector-client RR ibgp
    14. 14. Route-reflection with clusters <ul><li>as100 </li></ul>h R1 R4 R5 sw4 sw2 R3 SW3 SW1 R6 RR BB3 BB1 Clıuster id 150.1.1.1 Clıuster id 150.1.3.3 RR RR Clıuster id 150.1.5.5 R2 as200 as54 As 54
    15. 15. Route-Reflection with Clusters <ul><li>1-routes learnt from EBGP peers can be sent to other EBGP peers, clients and non-clients. </li></ul><ul><li>2- routes learnt from client peers can be sent to EBGP peers, other client peers and non-clients. </li></ul><ul><li>3- routes learnt from non-client peers can be sent to EBGP peers and client peers, but not other non-client peers. </li></ul><ul><li>R1; does not sent R3 learnt routes to R5, but send them to R4 and R6. </li></ul><ul><li>R3; does not sent R1 learnt routes to R5, but send them to SW1 and SW3. </li></ul><ul><li>In order to make Full-mesh redundancy between R1,R3, R5 route-reflector-client can be configured. </li></ul>
    16. 16. IBGP Confederations AS65012 AS65034 cbgp cbgp
    17. 17. IBGP Confederation <ul><li>Configure with the Sub-AS. </li></ul><ul><li>// router bgp 65012 </li></ul><ul><li>configure AS as identifier. </li></ul><ul><li>// bgp confed ide 1234 </li></ul><ul><li>Configure peer AS’es. </li></ul><ul><li>// bgp confed peer 65034 </li></ul><ul><li>PS: between different sub AS peers, TTL is counting, need to configure TTL higher. </li></ul>
    18. 18. Authenticating BGP Peerings <ul><li>MD5 is Default. Implement directly to the router. </li></ul>
    19. 19. iBGP Synchronization <ul><li>If IBGP synchronizatin is enabled, for a route to be valid, it should be learnt from IGP first. </li></ul><ul><li>Sometimes for Full redundancy need to redistribute Ebgp learnt routes into IGP. </li></ul><ul><li>But it causes RIB failure. </li></ul><ul><li>In order to get rid of RIB failure we can configure “bgp suppress-inactive” . </li></ul>
    20. 20. İnternet cloud igp igp BB1 BB2 CE1 CE2 C1 ebgp ebgp ibgp
    21. 21. <ul><li>In this scenario, while CE1 sending the routes learnt from BB1, it will first send to C1 as physical way. </li></ul><ul><li>Because of C1 does no spoke IBGP it can not make next-hop resolution and the routes couldn’t be sent to CE2; there are coubple ways to fix that </li></ul><ul><li>1- at C1, we can open IBBGP </li></ul><ul><li>2- we can redistribute the interface IP of CE1, CE2 connection of BB to IGP. </li></ul><ul><li>3- we can make a tunnel between CE1 - CE2 and IBGP from that tunnel. </li></ul>
    22. 22. BGP over GRE AS200 AS254 AS100 AS54 tunnel 10.0.0.2/24 10.0.0.4/24
    23. 23. <ul><li>Between R2 and R4, IGP is configured (bgp unaware) </li></ul>
    24. 24. <ul><li>At R2 </li></ul><ul><li>interface Tunnel0 </li></ul><ul><li>ip address 10.0.0.2 255.255.255.0 </li></ul><ul><li>tunnel source 155.1.23.2 </li></ul><ul><li>tunnel destination 155.1.146.4 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 150.1.2.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.146.4 remote-as 100 </li></ul><ul><li>neighbor 155.1.146.4 ebgp-multihop 5 </li></ul><ul><li>neighbor 192.10.1.254 remote-as 254 </li></ul><ul><li>neighbor 192.10.1.254 password CISCO </li></ul>
    25. 25. <ul><li>At R4 </li></ul><ul><li>interface Tunnel0 </li></ul><ul><li>ip address 10.0.0.4 255.255.255.0 </li></ul><ul><li>tunnel source 1 55.1.146.4 </li></ul><ul><li>tunnel destination 155.1.23.2 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>network 150.1.4.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.23.2 remote-as 200 </li></ul><ul><li>neighbor 155.1.23.2 ebgp-multihop 5 </li></ul><ul><li>neighbor 155.1.23.2 route-map FROM _ R2 in </li></ul><ul><li>neighbor 155.1.23.2 route-map TO _ R2 out </li></ul><ul><li>neighbor 204.12.1.254 remote-as 54 </li></ul><ul><li>r oute-map TO _ R2 permit 10 </li></ul><ul><li>set ip next-hop 10.0.0.4 </li></ul><ul><li>route-map FROM _ R2 permit 10 </li></ul><ul><li>set ip next-hop 10.0.0.2 </li></ul>
    26. 26. BGP Redistribute Internal AS100 AS54 AS54 Bgp to IGP RR Advertise 112.0.0.1/24 to bgp Advertise 112.0.0.1/24 to bgp
    27. 27. <ul><li>At R1, configured EIGRP external AD higher then IBGP. </li></ul><ul><li>Since originally R1 is learning these 112.0.0.1 routes from R4 and R6 via IBGP AD200; while redistributing them into IGP at R3 with 170AD(EIGRP EX) it begun to learn them from R3; and R3’s Route reflector is R1, (R1 will sent to R3 and R3 will sent to R1) it will become a routing loop. </li></ul>
    28. 28. BGP Redistribute Internal <ul><li>While type “redistribute bgp” under IGP, IBGP routes will not redistributed. In order to make them active </li></ul><ul><li>At R3 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>bgp redistribute-internal </li></ul><ul><li>neighbor 155.1.13.1 remote-as 100 </li></ul><ul><li>neighbor 155.1.13.1 route-map FROM_R1 in </li></ul><ul><li>route-map FROM_R1 permit 10 </li></ul><ul><li>set ip next-hop 155.1.13.1 </li></ul><ul><li>router eigrp 100 </li></ul><ul><li>redistribute bgp 100 metric 10000 1000 255 1 1500 </li></ul><ul><li> network 155.1.0.0 </li></ul>
    29. 29. <ul><li>At R1 </li></ul><ul><li>router eigrp 100 </li></ul><ul><li>network 155.1.0.0 </li></ul><ul><li>distance eigrp 90 201 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 100 </li></ul><ul><li>neighbor 155.1.13.3 route-reflector-client </li></ul><ul><li>neighbor 155.1.146.4 remote-as 100 </li></ul><ul><li>neighbor 155.1.146.4 route-reflector-client </li></ul><ul><li>neighbor 155.1.146.6 remote-as 100 </li></ul><ul><li>neighbor 155.1.146.6 route-reflector-client </li></ul>
    30. 30. BGP Peer Groups <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor IBGP_PEERS peer-group </li></ul><ul><li>neighbor IBGP_PEERS remote-as 100 </li></ul><ul><li>neighbor IBGP_PEERS update-source Loopback0 </li></ul><ul><li>neighbor IBGP_PEERS route-reflector-client </li></ul><ul><li>neighbor 150.1.2.2 peer-group IBGP_PEERS </li></ul><ul><li>neighbor 150.1.3.3 peer-group IBGP_PEERS </li></ul><ul><li>neighbor 150.1.4.4 peer-group IBGP_PEERS </li></ul><ul><li>neighbor 150.1.5.5 peer-group IBGP_PEERS </li></ul><ul><li>neighbor 150.1.6.6 peer-group IBGP_PEERS </li></ul>
    31. 31. Bgp best path selection criteria <ul><li>Exclude routes with inaccessible next hop </li></ul><ul><li>Weight : with this command, we can determine which routes we will prefer, higher is better. </li></ul><ul><li>Local Preference : it’s the preference that we get the routes, default is 100. Higher is better. </li></ul><ul><li>AS Path : for loop prevention via AS-path; router does not accept prefix with it’s own AS in the path. Shorter is better. </li></ul><ul><li>Origin : where the routes came from; incomplete (IGP have a preferences to redistributed routes) </li></ul><ul><li>MED : Prefer lowest MED. </li></ul>
    32. 32. Best-path selection - Weight Weight 10
    33. 33. <ul><li>Default is 0 , bigger is better. Give you control of the routes on the same router. </li></ul><ul><li>We can configure directly to a neighbor; or we can implement via route-map for specific routes. </li></ul><ul><li>It only effects upload traffic. </li></ul><ul><li>It’s putting the max value 32768 for locally originated prefixes </li></ul>Best-path selection - Weight
    34. 34. Best Path Selection Local Preference Local-pref 103
    35. 35. Best Path Selection Local Preference <ul><li>It effects all local AS routers. </li></ul><ul><li>This attributes only sent to only IBGP neighbors. </li></ul><ul><li>If for same prefix router learns the prefix from different paths wih same weight then local pref is in the game and higher one wins. </li></ul><ul><li>It only effects upload traffic. </li></ul>
    36. 36. AS Path Each time a route pass through an AS, each AS information is added to prevent loop. we can modify the passed AS as well.
    37. 37. Best-path Selection As Path <ul><li>Both upload and download traffic can be modified. </li></ul><ul><li>In order to effect the traffic both weight and local preference need to be same for the prefix learnt from different paths. </li></ul>
    38. 38. Best-path Selection As Path AS path 10 20 30
    39. 39. Best-Path Selection Origin <ul><li>Injected prefixes with network command are superior to redistributed ones to bgp. </li></ul>
    40. 40. Best-Path Selection Origin Origin with ?
    41. 41. <ul><li>Higher one has lower priority. </li></ul><ul><li>In normal situation BGP only compares med for learnt from same AS. </li></ul><ul><li>But if we configure (config-router)#bgp always-compare-med; it will check all the time. </li></ul>Best-Path Selection MED
    42. 42. Best-Path Selection MED Metric 10
    43. 43. MED Always compare cloud 5.5.5.5/32 metric 50 5.5.5.5/32
    44. 44. BGP Aggregation <ul><li>We can aggregate prefixes from different AS’es as well. </li></ul><ul><li>All prefixes (both summary and specific ones) are send. </li></ul><ul><li>With “summary-only” command we can suppress the specific ones. </li></ul><ul><li>With “suppress-map” we can send some individual prefixes. </li></ul><ul><li>With “unsuppress-map” we can implement this to a neighbor. </li></ul>
    45. 45. BGP Aggregation 10.0.0.0 /24 10.0.1.0 /24 10.0.2.0 /24 10.0.3.0 /24 10.0.0.0 /22
    46. 46. BGP Aggregation Summary-only 10.0.0.0 /22
    47. 47. BGP Aggregation Summary-only Suppress-map 10.0.0.0 /22 10.0.2.0/24
    48. 48. BGP Aggregation Summary-only Unsuppress-map 10.0.0.0 /22 10.0.1.0/24 10.0.0.0 /22
    49. 49. BGP Aggregation AS-SET <ul><li>While aggregation is done at another router (in which prefixes are not originated) AS information does not hold; with “as-set” command, routers holds that info. </li></ul>
    50. 50. BGP Aggregation AS-SET 10.0.0.0 /22 {1,2,3,4} X No bgp
    51. 51. BGP Aggregation Advertise-Map Allowas-in 10.0.0.0 /22 {1,2,4} 10.0.0.0 /22 10.0.0.0 /22 x No bgp
    52. 52. Bgp communities <ul><li>There are 4 well known community : </li></ul><ul><li>Internet : useless </li></ul><ul><li>Local-AS : dont send outside the local AS; (not send to confederation as well) </li></ul><ul><li>no-advertise : dont advertise to any peer </li></ul><ul><li>no-export : dont export to the next AS </li></ul><ul><li>What is the function: it provides grouping the prefixes so that inside the AS there is no need to catch the prefixes one by one to modify or filtering, bind the community according to AS number and modify whole prefixes. </li></ul>
    53. 53. BGP Communities no-export AS65012 cbgp ebgp 55.55.55.55/32 x No bgp AS65034 55.55.55.55/32 community 200:200 55.55.55.55/32 Send community no export 55.55.55.55/32 Send community no export
    54. 54. BGP Communities no-advertise AS65012 cbgp ebgp 55.55.55.55/32 x No bgp AS65034 55.55.55.55/32 community 200:200 55.55.55.55/32 Send community no advertise 55.55.55.55/32 Send community no export
    55. 55. BGP Communities local-as AS65012 cbgp ebgp 33.33.33.33/32 community 300:300 x No bgp AS65034 33.33.33.33/32 33.33.33.33/32 Send community Local-as
    56. 57. <ul><li>EXTRAS </li></ul>
    57. 58. BGP Bestpath Selection Weight
    58. 59. <ul><li>At SW1 </li></ul><ul><li>ip as-path access-list 4 permit _254$ </li></ul><ul><li>ip as-path access-list 54 permit _54$ </li></ul><ul><li>route-map GET - AS54 permit 10 </li></ul><ul><li>match as-path 54 </li></ul><ul><li>set weight 120 </li></ul><ul><li>route-map GET - AS54 permit 20 </li></ul><ul><li>route-map GET - AS254 permit 10 </li></ul><ul><li>match as-path 4 </li></ul><ul><li>set weight 110 </li></ul><ul><li>route-map GET - AS254 permit 20 </li></ul><ul><li>router bgp 300 </li></ul><ul><li>neighbor 155.1.37.3 remote-as 200 </li></ul><ul><li>neighbor 155.1.37.3 route-map GET - AS54 in </li></ul><ul><li>neighbor 155.1.67.6 remote-as 100 </li></ul><ul><li>neighbor 155.1.67.6 route-map GET - AS254 in </li></ul><ul><li>neighbor 155.1.79.9 remote-as 300 </li></ul>
    59. 60. BGP Bestpath Selection – Local Preference
    60. 61. <ul><li>At R6 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 155.1.0.0 255.255.0.0 summary-only </li></ul><ul><li>neighbor 54.1.1.254 remote-as 54 </li></ul><ul><li>neighbor 155.1.67.7 remote-as 300 </li></ul><ul><li>neighbor 155.1.67.7 route-map TO - AS -254 in </li></ul><ul><li>neighbor 155.1.146.1 remote-as 100 </li></ul><ul><li>ip as-path access-list 4 permit _254$ </li></ul><ul><li>route-map TO - AS -254 permit 10 </li></ul><ul><li>match as-path 4 </li></ul><ul><li>set local-preference 200 </li></ul><ul><li>route-map TO - AS -254 permit 20 </li></ul>
    61. 62. BGP Bestpath Selection AS Path Prepending
    62. 63. <ul><li>At R3 and R5 </li></ul><ul><li>ip as-path access-list 4 perm it _254$ </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.0.5 remote-as 200 </li></ul><ul><li>neighbor 155.1.13.1 remote-as 100 </li></ul><ul><li>neighbor 155.1.13.1 route-map TO - AS254 out /// modify at R5 </li></ul><ul><li>neighbor 155.1.23.2 remote-as 200 </li></ul><ul><li>neighbor 155.1.23.2 route-reflector-client </li></ul><ul><li>neighbor 155.1.37.7 remote-as 300 </li></ul><ul><li>neighbor 155.1.58.8 remote-as 200 </li></ul><ul><li>neighbor 155.1.58.8 route-reflector-client </li></ul><ul><li>neighbor 155.1.108.10 remote-as 200 </li></ul><ul><li>neighbor 155.1.108.10 route-reflector-client </li></ul><ul><li>r oute-map TO - AS254 permit 10 </li></ul><ul><li>match as-path 4 </li></ul><ul><li>set as-path prepend 200 200 200 </li></ul><ul><li>route-map TO - AS254 permit 20 </li></ul>
    63. 64. BGP Bestpath Selection - Origin
    64. 65. <ul><li>At R5 </li></ul><ul><li>ip as-path access-list 10 perm it ^254$ </li></ul><ul><li>route-map MODIFY-AS254-ORIGIN permit 10 </li></ul><ul><li>match as-path 10 </li></ul><ul><li>set origin igp </li></ul><ul><li>route-map MODIFY-AS254-ORIGIN permit 20 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighb or 155.1.45.4 route-map MODIFY - AS254 - ORIGIN out </li></ul>
    65. 66. BGP Bestpath Selection - MED
    66. 67. <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 200 </li></ul><ul><li>neighbor 155.1.13.3 route-map MODIFY - AS254 - MED out </li></ul><ul><li>neighbor 155.1.146.4 remote-as 100 </li></ul><ul><li>neighbor 155.1.146.4 route-reflector-client </li></ul><ul><li>neighbor 155.1.146.6 remote-as 100 </li></ul><ul><li>neighbor 155.1.146.6 route-reflector-client </li></ul><ul><li>ip as-path access-list 15 permit _54$ </li></ul><ul><li>route-map MODIFY - AS254 - MED permit 10 </li></ul><ul><li>match as-path 15 </li></ul><ul><li>set metric 50 </li></ul><ul><li>route-map MODIFY - AS254 - MED permit 20 </li></ul>
    67. 68. Filtering with prefix-list AS65012 cbgp ebgp 30.30.30.30/32 x No bgp AS65034 30.30.30.30/32
    68. 69. BGP Communities Catching AS60 Setting community 200:200 Sending communities Catching communities 200:200 Setting local-pref 200
    69. 70. BGP Communities <ul><li>At R1 </li></ul><ul><li>ip as-path access-list 1 permit 60$ </li></ul><ul><li>route-map SET_COMMUNITY perm 10 </li></ul><ul><li>match as-path 1 </li></ul><ul><li>set community 200:200 </li></ul><ul><li>route-map SET_COMMUNITY perm 20 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 send-community </li></ul><ul><li>neighbor 155.1.13.3 route-map SET_COMMUNITY out </li></ul><ul><li>At R3 </li></ul><ul><li>ip community-list standard IKIYUZLER permit 200:200 </li></ul><ul><li>route-map SET_LOCAL_PREFERENCE permit 10 </li></ul><ul><li>match community IKIYUZLER </li></ul><ul><li>set local-pref 200 </li></ul><ul><li>route-map SET_LOCAL_PREFERENCE permit 20 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.13.1 route-map SET_LOCAL_PREFERENCE in </li></ul>
    70. 71. Communities – No - Advertise X X
    71. 72. BGP Communities – No - Advertise <ul><li>At R2 </li></ul><ul><li>route-map SET_COMMUNITY </li></ul><ul><li>set community no-advertise </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254 route-map SET_COMMUNITY in </li></ul>
    72. 73. BGP Communities – NO-Export X X X
    73. 74. BGP Communities – NO-Export <ul><li>At R2 </li></ul><ul><li>route-map SET_COMMUNITY permit 10 </li></ul><ul><li>set community no-export </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254 route-map SET_COMMUNITY in </li></ul><ul><li>neighbor 155.1.23.3 send-community // </li></ul><ul><li>neighbor 155.1.0.5 send-community // no export bilgisini aktarması için </li></ul><ul><li>-------- </li></ul><ul><li>R3’te </li></ul><ul><li>Router bgp 200 </li></ul><ul><li>neighbor 155.1.0.5 send-community </li></ul><ul><li>R5’te </li></ul><ul><li>Router bgp 200 </li></ul><ul><li>neighbor 155.1.0.3 send-community </li></ul>
    74. 75. BGP Filtering with Prefix-List 222.22.2.0/24 X 0.0.0.0/0le 22
    75. 76. BGP Filtering with Prefix-List <ul><li>At R2 </li></ul><ul><li>ip prefix-list BLOCK_222 deny 222.22.2.0/24 </li></ul><ul><li>ip prefix-list BLOCK_222 permit 0.0.0.0/0 le 32 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254 prefix-list BLOCK_22 2 in //implemented to neighbor </li></ul><ul><li>At R4 </li></ul><ul><li>ip prefix-list SHORTER_THAN_22 permit 0.0.0.0/0 le 22 </li></ul><ul><li>route-map FROM_BB3 perm 20 </li></ul><ul><li>match ip address prefix-list SHORTER_THAN_22 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254 route-map FROM_BB3 in </li></ul>
    76. 77. BGP Filtering with Standart Access-List <ul><li>At R2 </li></ul><ul><li>access-list standard BLOCK_222 </li></ul><ul><li>deny 222.22.2.0 </li></ul><ul><li>permit any </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254 distribute-list BLOCK_222 // neighbora direk distribute list uyguladık. </li></ul><ul><li>At R4 </li></ul><ul><li>ip access-list standard ODD_FIRST_OCTET </li></ul><ul><li>permit 1.0.0.0 254.255.255.255 </li></ul><ul><li>route-map FROM_BB3 </li></ul><ul><li>match ip address ODD_FIRST_OCTET </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254 route-map FROM_BB3 in </li></ul>
    77. 78. BGP Filtering with Extended Access-List <ul><li>At R4 </li></ul><ul><li>ip access-list extended EVEN_3RD_OCTET_GT22 </li></ul><ul><li>deny ip 0.0.0.0 255.255.254.255 255.255.252.0 0.0.3.255 </li></ul><ul><li>permit ip any any </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254 distribute-list EVEN_3RD_OCTET_GT22 in </li></ul>
    78. 79. BGP Filtering with Maximum Prefix <ul><li>Rack1SW1(config-router)#neighbor 155.1.37.3 maximum-prefix 20 warning-only </li></ul><ul><li>Rack1R6(config-router)# neighbor 54.1.1.254 maximum-prefix 20 80 restart 3 </li></ul>
    79. 80. BGP Dampening <ul><li>At R2, R3, R5, SW2, SW4 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>bgp dampening 4 750 2000 16 </li></ul>
    80. 81. BGP Backdoor eigrp ebgp ebgp
    81. 82. <ul><li>If a route learned both from IGP and EBGP; EBGP is prefered since the distance is 20. </li></ul><ul><li>-------------------------------------------------------------------- </li></ul><ul><li>R1#show ip route 2.2.2.2 </li></ul><ul><li>Routing entry for 2.2.2.2/32 </li></ul><ul><li>Known via &quot;bgp 100&quot;, distance 20, metric 0 </li></ul><ul><li>Tag 300, type external </li></ul><ul><li>Last update from 10.0.13.3 00:00:03 ago </li></ul><ul><li>Routing Descriptor Blocks: </li></ul><ul><li>* 10.0.13.3, from 10.0.13.3, 00:00:03 ago </li></ul><ul><li>Route metric is 0, traffic share count is 1 </li></ul><ul><li>AS Hops 2 </li></ul><ul><li>Route tag 300 </li></ul>BGP Backdoor
    82. 83. BGP Backdoor <ul><li>R1 (config-router)#netw ork 2.2.2.2 mask 255.255.255.255 backdoor </li></ul><ul><li>R1(config-router)#do show ip route 2.2.2.2 </li></ul><ul><li>Routing entry for 2.2.2.2/32 </li></ul><ul><li>Known via &quot;eigrp 90&quot;, distance 90, metric 409600, type internal </li></ul><ul><li>Redistributing via eigrp 90 </li></ul><ul><li>Last update from 10.0.12.2 on FastEthernet0/0, 00:00:04 ago </li></ul><ul><li>Routing Descriptor Blocks: </li></ul><ul><li>* 10.0.12.2, from 10.0.12.2, 00:00:04 ago, via FastEthernet0/0 </li></ul><ul><li>Route metric is 409600, traffic share count is 1 </li></ul><ul><li>Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit </li></ul><ul><li>Reliability 255/255, minimum MTU 1500 bytes </li></ul><ul><li>Loading 1/255, Hops 1 </li></ul>
    83. 84. BGP Soft Reconfiguration <ul><li>At R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254 soft-reconfiguration inbound </li></ul>
    84. 85. BGP Bestpath Selection – Maximum AS Limit <ul><li>R1, R4, R6’da </li></ul><ul><li>router bgp 100 </li></ul><ul><li>bgp maxas-limit 1 </li></ul><ul><li>Alternatifi </li></ul><ul><li>ip as-path access-list 1 permit ^$ </li></ul><ul><li>route-map DIRECTLY_CONNECTED </li></ul><ul><li>match as-path 1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 route-map DIRECTLY_CONNECTED in //R4 ve R6 da modifiye edeceğiz. </li></ul>
    85. 86. BGP Aggregation network 10.0.0.0 mask 255.255.255.0 network 10.0.1.0 mask 255.255.255.0 network 10.0.2.0 mask 255.255.255.0 network 10.0.3.0 mask 255.255.255.0 aggregate them
    86. 87. BGP Aggregation <ul><li>At R2 </li></ul><ul><li>int lo 100 </li></ul><ul><li>ip address 10.0.0.1 255.255.255.0 </li></ul><ul><li>int lo 101 </li></ul><ul><li>ip address 10.0.1.1 255.255.255.0 </li></ul><ul><li>int lo 102 </li></ul><ul><li>ip address 10.0.2.1 255.255.255.0 </li></ul><ul><li>int lo 103 </li></ul><ul><li>ip address 10.0.3.1 255.255.255.0 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 10.0.0.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.1.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.2.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.3.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 </li></ul>
    87. 88. BGP next-hop processing – manual modification <ul><li>Next-hop-self komutu kullanamadığımız durumda next-hop u neighbor’a uygulayacağımız route-map ile verebiliriz. RR’de next-hop-self çalışmıyor. </li></ul><ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.146.6 route-map SET_NEXT_HOP_FROM_R6 in </li></ul><ul><li>route-map SET_NEXT_HOP_FROM_R6 permit 10 </li></ul><ul><li>set ip next-hop 155.1.146.6 </li></ul><ul><li>At R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighb or 155.1.146.1 route-map NEXT_HOP_TO_R1 out </li></ul><ul><li>route-map NEXT_HOP_TO_R1 permit 10 </li></ul><ul><li>set ip next-hop 155.1.146.4 </li></ul>
    88. 89. BGP Aggregation – Summary Only <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 10.0.0.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.1.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.2.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.3.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 summary-only </li></ul>
    89. 90. BGP Aggregation – Suppress Map <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 10.0.0.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.1.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.2.0 mask 255.255.255.0 </li></ul><ul><li>network 10.0.3.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 suppress-map iki0 </li></ul><ul><li>route-map i ki0 deny 10 </li></ul><ul><li>match ip address prefix-list IKI0 </li></ul><ul><li>route-map iki0 permit 20 </li></ul><ul><li>ip prefix-list IKI0 seq 5 permit 10.0.2.0/24 </li></ul>
    90. 91. BGP Aggregation – Unsuppress Map <ul><li>At R3 </li></ul><ul><li>ip prefix-list BIR0 permit 10.0.1.0/24 </li></ul><ul><li>route-map UNSUPPRESS_MAP permit 10 </li></ul><ul><li>match ip address pefix-list BIR0 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 summary-only </li></ul><ul><li>neighbor 155.1.37.7 unsuppress-map UNSUPPRESS_MAP /// neighbor’a unsuppress-map uygulayabiliriz </li></ul><ul><li>At R5 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 summary-only </li></ul>
    91. 92. BGP Aggregation - AS-Set <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>aggregate-address 112.0.0.0 248.0.0.0 as-set summ ary-only </li></ul>
    92. 93. BGP Aggregation – Attribute Map <ul><li>At R4 </li></ul><ul><li>ip prefix-list NET - 112 permit 112.0.0.0/8 </li></ul><ul><li>route-map SET - COMMUNITY permit 10 </li></ul><ul><li>match ip add prefix NE T- 112 </li></ul><ul><li>set community no-export </li></ul><ul><li>route-map SET - COMMUNITY permit 20 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 204.12.1.254 route-map SET - COMMUNITY in </li></ul><ul><li>neighbor 155.1.146.1 send-community //sadece RR’ye yolluyoruz. </li></ul><ul><li>At R1 </li></ul><ul><li>route-map ATTR - MAP </li></ul><ul><li>s e t community none </li></ul><ul><li>router bgp 100 </li></ul><ul><li>aggregate-address 112.0.0.0 248.0.0.0 summary-only as-set attribute-map ATTR - MAP </li></ul><ul><li>neighbor 155.1.146.6 send-community </li></ul><ul><li>neighbor 155.1.146.4 send-community </li></ul>
    93. 94. BGP Aggregation - Advertise-map <ul><li>At R2 </li></ul><ul><li>int lo 222220 </li></ul><ul><li>ip add 222.22.0.1 255.255.255.0 </li></ul><ul><li>int lo 222221 </li></ul><ul><li>ip add 222.22.1.1 255.255.255.0 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>netw 222.22.0.0 mask 255.255.255.0 </li></ul><ul><li>netw 222.22.1.0 mask 255.255.255.0 </li></ul><ul><li>At SW3 </li></ul><ul><li>int lo 222223 </li></ul><ul><li>ip add 222.22.3.1 255.255.255.0 </li></ul><ul><li>router bgp 300 </li></ul><ul><li>netw 222.22.3.0 mask 255.255.255.0 </li></ul><ul><li>At R4 and R6 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>aggregate-address 222.22.0.0 255.255.252.0 as-set advertise-map ADVERTISE-MAP summary-only </li></ul><ul><li>route-map ADVERTISE-MAP perm 10 </li></ul><ul><li>match ip add prefix AS-300-PREFIX </li></ul><ul><li>ip prefix-list AS-300-PREFIX permit 222.22.3.0/24 </li></ul>
    94. 95. BGP Regular Expressions <ul><li>Sadece 3491’lerden gelenleri öğrenmek için. </li></ul><ul><li>#show ip bgp regexp ^3491$. //path te sadece 3491leri goruruz. </li></ul><ul><li>3491’le başlayıp devam edenleri görmek için </li></ul><ul><li>#show ip bgp regexp ^3491_ </li></ul><ul><li>3491’de origine edilenleri gormek için : </li></ul><ul><li>#show ip bgp regexp _3491$ </li></ul><ul><li>Localy originated’ları görmek için (kendi AS’imizde origine olmuş) </li></ul><ul><li>#show ip bgp regexp ^$ </li></ul><ul><li>3491’in içinde olduğu path’den geçtiklerini görmek için </li></ul><ul><li>#show ip bgp regexp _3491_ </li></ul><ul><li>Directly connected AS neighbor’larımız tarafından origine edilenleri gormek için : </li></ul><ul><li>#show ip bgp regexp ^[0-9]+$g </li></ul>
    95. 96. BGP Confederation 65508 65379 65146 200
    96. 97. <ul><li>At R1 </li></ul><ul><li>router bgp 65146 </li></ul><ul><li>bgp confederation identifier 100 </li></ul><ul><li>bgp confederation peers 65379 65508 </li></ul><ul><li>n etwork 150.1.1.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.0.5 remote-as 65508 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 65379 </li></ul><ul><li>neighbor 155.1.146.4 remote-as 65146 </li></ul><ul><li> neighbor 155.1.146.6 remote-as 65146 </li></ul><ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>n etwork 150.1.2.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.0.5 remote-as 100 </li></ul><ul><li>neighbor 155.1.23.3 remote-as 100 // no changes from the perspective of R2 </li></ul><ul><li>neighbor 192.10.1.254 remote-as 254 </li></ul><ul><li>neighbor 192.10.1.254 password CISCO </li></ul>
    97. 98. <ul><li>At R3 </li></ul><ul><li>router bgp 65379 </li></ul><ul><li>bgp confederation identifier 100 </li></ul><ul><li>bgp confederation peers 65146 65508 </li></ul><ul><li>network 150.1.3.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.0.5 remote-as 65508 //cbgp komşuluklarını confederasyon AS no’su ile kurduk. </li></ul><ul><li>neighbor 155.1.13.1 remote-as 65146 </li></ul><ul><li>neighbor 155.1.23.2 remote-as 200 </li></ul><ul><li>neighbor 155.1.37.7 remote-as 65379 </li></ul><ul><li>neighbor 155.1.79.9 remote-as 65379 </li></ul><ul><li>At R5 </li></ul><ul><li>router bgp 65508 </li></ul><ul><li>bgp confederation identifier 100 </li></ul><ul><li> bgp confederation peers 65146 65379 </li></ul><ul><li>network 150.1.5.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.0.1 remote-as 65146 </li></ul><ul><li>neighbor 155.1.0.2 remote-as 200 </li></ul><ul><li> neighbor 155.1.0.3 remote-as 65379 </li></ul><ul><li>neighbor 155.1.58.8 remote-as 65508 </li></ul><ul><li> neighbor 155.1.58.8 r oute-reflector-client </li></ul><ul><li>neighbor 155.1.108.10 remote-as 65508 </li></ul><ul><li>neighbor 155.1.108.10 r oute-reflector-client //içeride RR yapabiliyoruz. </li></ul>
    98. 99. BGP Bestpath Selection – Always Compare MED Lo1 1.2.3.4/32 Lo1 1.2.3.4/32
    99. 100. <ul><li>At SW2, SW4, R5, R3 </li></ul><ul><li>router bgp 200 /////********* </li></ul><ul><li>bgp always-compare-med </li></ul><ul><li>At SW3, R6 </li></ul><ul><li>Lo1 1.2.3.4/32 yi bgp’ye redistribute ettirdik. </li></ul><ul><li>SW1 - R1 – R4 te similiar sadece neighbor ve metric değişecek. </li></ul><ul><li>ip prefix-list LOOPBACK1 permit 1.2.3.4/32 </li></ul><ul><li>route-map MED-FOR-LO1 perm 10 </li></ul><ul><li>match ip address prefix-list LOOPBACK1 </li></ul><ul><li>set metric 120 </li></ul><ul><li>route-map MED-FOR-LO1 perm 20 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighb 155.1.45.5 route-map MED-FOR-LO 1 out </li></ul>
    100. 101. BGP Bestpath Selection – AS–Path Ignore <ul><li>As 200 router’larında (r3-r2-r5-sw2-sw4) </li></ul><ul><li>Router bgp 200 </li></ul><ul><li>bgp bestpath as-path ignore </li></ul><ul><li>At R1 – similiar R4 </li></ul><ul><li>ip as-path access-list 1 permit _54$ </li></ul><ul><li>Route-map TO-R3 permit 10 </li></ul><ul><li>match as-path 1 </li></ul><ul><li>set origin incomplete </li></ul><ul><li>Route-map TO-R3 permit 20 </li></ul><ul><li>Router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 route-map TO-R3 out </li></ul>
    101. 102. BGP Bestpath Selection – DMZ <ul><li>Load balance yapabilmesi için: </li></ul><ul><li>1- weight, local pref, origin, med, as-path //eşit olmalı </li></ul><ul><li>2- her iki route’ta aynı şekilde öğrenilmeli (ibgp - ebgp) </li></ul><ul><li>3- Next-hop IP adresine ulaşma IGP costu eşit olmalı. </li></ul><ul><li>4- “Max-paths” konfigüre edilmiş olmalı. </li></ul><ul><li>5- “neighbor <ip> dmzlink-bw” konfigure edilmeli. </li></ul><ul><li>6- bu özellik extended community ile taşınır. </li></ul>
    102. 103. BGP Backdoor <ul><li>At SW1 </li></ul><ul><li>int lo 1 </li></ul><ul><li>ip address 150.1.77.77 255.255.255.0 </li></ul><ul><li>router bgp 300 </li></ul><ul><li>network 150.1.77.0 mask 255.255.255.0 </li></ul><ul><li>R1, R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>network 150.1.77.0 mask 255.255.255.0 backdoor </li></ul><ul><li>**R1 ve R4 bu networku SW1’den öğreniyor, kendi üzerinde yok ama network <ip> <mask> backdoor ile bgp nin bunu yuksek AD ile öğrenmesini sağladık. </li></ul>
    103. 104. ****TCL to ping**** <ul><li>#tclsh </li></ul><ul><li>For each address { </li></ul><ul><li>1.1.1.1 </li></ul><ul><li>2.2.2.2 </li></ul><ul><li>3.3.3.3} </li></ul><ul><li>{ ping $address} </li></ul>
    104. 105. ip as-path access-list
    105. 106. ip as-path access-list <ul><li>In a topology as above; wants to achieve from AS 100 traffic to AS 254 pass through the AS 300 and want to do that by configuring at AS 200 as prepending feature. </li></ul><ul><li>------------------------------------------------------------ </li></ul>Traffic doesn’t yet passed from AS 254 But it effects.
    106. 107. BGP Communities Local AS <ul><li>At R1 </li></ul><ul><li>router bgp 65014 </li></ul><ul><li>bgp confed ide 100 </li></ul><ul><li>bgp confed peer 65006 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 200 </li></ul><ul><li>neighbor 155.1.13.3 send-community </li></ul><ul><li>neighbor 155.1.13.3 route-map SET_COMMUNITY out </li></ul><ul><li>neighbor 155.1.146.4 remote-as 65014 </li></ul><ul><li>neighbor 155.1.146.6 remote-as 65006 </li></ul><ul><li>At R4 </li></ul><ul><li>router bgp 65014 </li></ul><ul><li>bgp confed ide 100 </li></ul><ul><li>bgp confed peer 65006 </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li>network 150.1.4.0 mask 255.255.255.0 route-map LOCAL_AS_ONLY </li></ul><ul><li>aggregate-address 155.1.0.0 255.255.0.0 summary-only </li></ul><ul><li>neighbor 155.1.45.5 remote-as 200 </li></ul><ul><li>neighbor 155.1.146.1 remote-as 65014 </li></ul><ul><li>neighbor 155.1.146.1 send-community </li></ul><ul><li>neighbor 155.1.146.6 remote-as 65006 </li></ul><ul><li>neighbor 204.12.1.254 remote-as 54 </li></ul><ul><li>route-map LOCAL_AS_ONLY permit 10 </li></ul><ul><li> set community local-AS </li></ul>
    107. 108. <ul><li>At R6 </li></ul><ul><li>router bgp 65006 </li></ul><ul><li>bgp confed ide 100 </li></ul><ul><li>bgp confed peer 65014 </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 155.1.0.0 255.255.0.0 summary-only </li></ul><ul><li>neighbor 54.1.1.254 remote-as 54 </li></ul><ul><li>neighbor 155.1.67.7 remote-as 300 </li></ul><ul><li>neighbor 155.1.146.1 remote-as 65014 </li></ul><ul><li>neighbor 155.1.146.4 remote-as 65014 </li></ul>
    108. 109. BGP Communities - Deleting Taggin with 254:100 200:254 200:123 Add tag 300:200 254:100 200:254 200:123
    109. 110. BGP Communities - Deleting <ul><li>At R2 </li></ul><ul><li>route-map SET_COMMUNITY </li></ul><ul><li>no set community </li></ul><ul><li>set community 200:254 254: 1 00 200:123 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.23.3 send-community </li></ul><ul><li>neighbor 155.1.0.5 send-community </li></ul><ul><li>neighbor 192.10.1.254 route-map SET_COMMUNITY in </li></ul><ul><li>ip bgp-community new-format </li></ul><ul><li>At R3 </li></ul><ul><li>Router bgp 200 </li></ul><ul><li>neighbor 155.1.37.7 send-community </li></ul><ul><li>ip bgp-community new-format </li></ul><ul><li>At R6 </li></ul><ul><li>ip bgp-community new-format </li></ul>
    110. 111. <ul><li>At SW1 </li></ul><ul><li>ip community-list expanded AS200 permit 200:[0-9]+_ </li></ul><ul><li>Route-map RESET_COMMUNITY </li></ul><ul><li>set community 300:200 additive </li></ul><ul><li>set comm-list AS200 delete </li></ul><ul><li>router bgp 300 </li></ul><ul><li>neighbor 155.1.67.6 send-community </li></ul><ul><li>neighbor 155.1.37.3 route-map RESET_COMMUNITY in </li></ul><ul><li>ip bgp-community new-format </li></ul>
    111. 112. BGP Conditional Advertisement <ul><li>At R3 </li></ul><ul><li>ip as-path access-list 1 permit 254$ </li></ul><ul><li>route-map ADVERTISE_MAP permit 10 </li></ul><ul><li>match as-path 1 </li></ul><ul><li>ip prefix-list LINK_R1_R3 permit 155.1.13.0/24 </li></ul><ul><li>route-map NON_EXIST_MAP permit 10 </li></ul><ul><li>match ip address prefix-list LINK_R1_R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 155.1.13.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.37.7 advertise-map ADVERTISE_MAP non-exist-map NON_EXIST_MAP </li></ul>
    112. 113. BGP Conditional Route Injection <ul><li>At R2 </li></ul><ul><li>int lo 200 </li></ul><ul><li>ip add 10.0.0.1 255.255.255.0 </li></ul><ul><li>int lo 201 </li></ul><ul><li>ip add 10.0.1.1 255.255.255.0 </li></ul><ul><li>int lo 202 </li></ul><ul><li>ip add 10.0.2.1 255.255.255.0 </li></ul><ul><li>int lo 203 </li></ul><ul><li>ip add 10.0.3.1 255.255.255.0 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>netw 10.0.0.0 mask 255.255.255.0 </li></ul><ul><li>netw 10.0.1.0 mask 255.255.255.0 </li></ul><ul><li>netw 10.0.2.0 mask 255.255.255.0 </li></ul><ul><li>netw 10.0.3.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 10.0.0.0 255.255.252.0 summary-only </li></ul>
    113. 114. <ul><li>At R4 similiar R6 </li></ul><ul><li>ip prefix-list INJECT_PREFIX permit 10.0.1.0/24 </li></ul><ul><li>ip prefix-list AGGREGATE permit 10.0.0.0/22 </li></ul><ul><li>ip prefix-list ROUTE_SOURCE permit 155.1.146.1/32 </li></ul><ul><li>route-map INJECT_MAP permit 10 </li></ul><ul><li>set ip address prefix-list INJECT_PREFIX </li></ul><ul><li>set origin igp </li></ul><ul><li>route-map EXIST_MAP permit 10 </li></ul><ul><li>match ip address prefix-list AGGREGATE </li></ul><ul><li>match ip route-source ROUTE_SOURCE </li></ul><ul><li>route-map DENY_INJECT_PREFIX deny 10 </li></ul><ul><li>match ip address prefix-list INJECT_PREFIX </li></ul><ul><li> route-map DENY_INJECT_PREFIX permit 20 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>bgp inject-map INJECT_MAP exist-map EXIST_MAP </li></ul><ul><li>neighbor 155.1.146.1 route-map DENY_INJECT_PREFI X out </li></ul><ul><li>neighbor 155.1.67.7 route-map DENY_INJECT_PREFI X out // for R6// </li></ul>
    114. 115. BGP Regular Expressions <ul><li>SW1 </li></ul><ul><li>ip as-path access-list 1 permit ^$ </li></ul><ul><li>Route-map TRANSITE_HAYIR </li></ul><ul><li>match as-path 1 </li></ul><ul><li>Router bgp 300 </li></ul><ul><li>neighbor 155.1.67.6 route-map TRANSITE_HAYIR out </li></ul><ul><li> neighbor 155.1.37.3 route-map TRANSITE_HAYIR out </li></ul><ul><li>At R3 </li></ul><ul><li>int lo 1 </li></ul><ul><li>ip address 3.3.3.3 255.255.255.0 </li></ul><ul><li>ip as-path access-list 1 deny_54$ </li></ul><ul><li>ip as-path access-list 1 permit _54_ </li></ul><ul><li>ip as-path access-list 2 permit _254$ </li></ul><ul><li>route-map FROM_R1 </li></ul><ul><li>match as-path 1 </li></ul><ul><li>set local-pref 200 </li></ul><ul><li>route-map FROM_R1 permit 100 </li></ul><ul><li>route-map TO_R1 deny 10 </li></ul><ul><li>match as-path 2 </li></ul><ul><li> route-map TO_R1 deny 100 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 3.3.3.0 mask 255.255.255.0 </li></ul><ul><li>neighbor 155.1.13.1 route-map FROM_R1 in </li></ul><ul><li>neighbor 155.1.13.1 route-map TO_R1 out </li></ul>
    115. 116. BGP Default Routing <ul><li>R2 </li></ul><ul><li>ip prefix-list LINK_TO_BB2 permit 192.10.1.0/24 </li></ul><ul><li>route-map DEFAULT permit 10 </li></ul><ul><li>match ip address prefix-list LINK_TO_BB2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.23.3 default-originate route-map DEFAULT </li></ul><ul><li>neighbor 155.1.0.5 default-originate route-map DEFAULT </li></ul>
    116. 117. BGP Local AS <ul><li>At R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>no neighbor 155.1.146.4 route-reflector-client </li></ul><ul><li>no neighbor 155.1.146.6 route-reflector-client </li></ul><ul><li>neighbor 155.1.146.4 remote-as 146 </li></ul><ul><li>neighbor 155.1.146.6 remote-as 146 </li></ul><ul><li>neighbor 155.1.13.3 remote-as 200 </li></ul><ul><li>At R4 similiar at R6 </li></ul><ul><li>no router bgp 100 </li></ul><ul><li>router bgp 146 </li></ul><ul><li>neighbor 155.1.146.1 remote-as 100 </li></ul><ul><li>neighbor 204.12.1.254 remote 54 </li></ul><ul><li>neighbor 204.12.1.254 local-as 100 no-prepend </li></ul><ul><li>neighbor 155.1.45.5 remote-as 200 </li></ul><ul><li>neighbor 155.1.45.5 local-as 100 no-prepend </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li>aggregate-address 155.1.0.0 255.255.0.0 summary-only </li></ul>
    117. 118. BGP Dampening with Route-map <ul><li>At R2, R3, R5, SW2, SW4 </li></ul><ul><li>ip as-path access-list 100 permit _100$ </li></ul><ul><li>route-map DAMPENING </li></ul><ul><li>match as-path 100 </li></ul><ul><li>set dampening 4 750 2000 16 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>no bgp dampening </li></ul><ul><li>bgp dampening route-map DAMPENING </li></ul>
    118. 119. BGP Local AS Replace-AS/Dual-AS <ul><li>At R1 </li></ul><ul><li>no router bgp 100 </li></ul><ul><li>router bgp 146 </li></ul><ul><li>neighbor 155.1.146.4 remote-as 146 </li></ul><ul><li>neighbor 155.1.146.6 remote-as 146 </li></ul><ul><li>neighbor 155.1.146.4 route-reflector-client </li></ul><ul><li>neighbor 155.1.146.6 route-reflector-client </li></ul><ul><li>neighbor 155.1.13.3 remote-as 200 </li></ul><ul><li>neighbor 155.1.13.3 local-as 100 </li></ul><ul><li>At R4 </li></ul><ul><li>router bgp 146 </li></ul><ul><li>network 155.1.146.0 mask 255.255.255.0 </li></ul><ul><li> aggregate-address 155.1.0.0 255.255.0.0 summary-only </li></ul><ul><li> neighbor 155.1.45.5 remote-as 200 </li></ul><ul><li>neighbor 155.1.45.5 local-as 100 no-prepend replace-as </li></ul><ul><li> neighbor 155.1.146.1 remote-as 146 </li></ul><ul><li>neighbor 204.12.1.254 remote-as 54 </li></ul><ul><li>neighbor 204.12.1.254 local-as 100 no-prepend </li></ul>
    119. 120. BGP Remove Private AS <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 192.10.1.254 remove-private-as </li></ul><ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.37.7 remote-as 65089 </li></ul><ul><li>At R4 </li></ul><ul><li>router bgp 146 </li></ul><ul><li>neighbor 204.12.1.254 remove-private-as </li></ul><ul><li>At R6 </li></ul><ul><li>router bgp 146 </li></ul><ul><li>neighbor 155.1.67.7 remote-as 65089 </li></ul><ul><li>neighbor 54.1.1.254 remove-private-as </li></ul><ul><li>SW1 ve SW3 te de gerekli configler yapılmalı. </li></ul>
    120. 121. BGP Timers Tuning <ul><li>R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>timers bgp 5 15 </li></ul><ul><li>neighbor 192.10.1.254 advertisement-interval 0 </li></ul><ul><li>bgp scan-time 20 </li></ul>
    121. 122. BGP Fast Fallover <ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>no bgp fast-external-fallover </li></ul><ul><li>neighbor 155.1.0.5 fall-over </li></ul><ul><li>neighbor 155.1.13.1 fall-over </li></ul><ul><li>neighbor 155.1.23.2 fall-over </li></ul><ul><li>neighbor 155.1.37.7 fall-over </li></ul><ul><li>neighbor 155.1.58.8 fall-over </li></ul><ul><li>neihgbor 155.1.108.10 fall-over </li></ul>
    122. 123. BGP Outbound Route Filtering <ul><li>At R1 similiar R4 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 capability orf prefix-list both </li></ul><ul><li>At R3 similiar R5 </li></ul><ul><li>ip prefix-list ORF deny 112.0.0.0/8 </li></ul><ul><li>ip prefix-list ORF deny 114.0.0.0/8 </li></ul><ul><li>ip prefix-list ORF permit 0.0.0.0/0 le 32 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.13.1 capability orf prefix-list both </li></ul><ul><li>neighbor 155.1.13.1 prefix-list ORF in </li></ul>
    123. 124. BGP Next-hop Trigger <ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>bgp nexthop trigger delay 30 </li></ul>
    124. 125. BGP TTL Security <ul><li>R1 </li></ul><ul><li>router bgp 100 </li></ul><ul><li>neighbor 155.1.13.3 ttl-security hops 1 </li></ul><ul><li>R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.13.1 ttl-security hop 1 </li></ul><ul><li>neighbor 155.1.37.3 ttl-security hop 1 </li></ul><ul><li>SW1 </li></ul><ul><li>router bgp 300 </li></ul><ul><li>neighbor 155.1.37.3 ttl-security hop 1 </li></ul>
    125. 126. BGP AllowAS in <ul><li>At R2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 2.2.2.0 mask 255.255.255.0 </li></ul><ul><li>int lo1 </li></ul><ul><li>ip address 2.2.2.2 255.255.255.0 </li></ul><ul><li>At R3 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.13.1 allowas-in </li></ul><ul><li>At R5 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>neighbor 155.1.45.4 allowas-in </li></ul><ul><li>At SW2 </li></ul><ul><li>router bgp 200 </li></ul><ul><li>network 8.8.8.0 mask 255.255.255.0 </li></ul><ul><li>int lo1 </li></ul><ul><li>ip address 8.8.8.8 255.255.255.0 </li></ul>
    126. 127. Useful commands 3 Carat “^” means begins with ; $ means end with the system “ .” any character including space “ _” matches begining of string, end of string, blank space ^50_ means “50” “ [ ]” definines a range ; sample [1-9]567$

    ×