53. BGP Communities no-export AS65012 cbgp ebgp 55.55.55.55/32 x No bgp AS65034 55.55.55.55/32 community 200:200 55.55.55.55/32 Send community no export 55.55.55.55/32 Send community no export
54. BGP Communities no-advertise AS65012 cbgp ebgp 55.55.55.55/32 x No bgp AS65034 55.55.55.55/32 community 200:200 55.55.55.55/32 Send community no advertise 55.55.55.55/32 Send community no export
55. BGP Communities local-as AS65012 cbgp ebgp 33.33.33.33/32 community 300:300 x No bgp AS65034 33.33.33.33/32 33.33.33.33/32 Send community Local-as
109. BGP Communities - Deleting Taggin with 254:100 200:254 200:123 Add tag 300:200 254:100 200:254 200:123
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127. Useful commands 3 Carat “^” means begins with ; $ means end with the system “ .” any character including space “ _” matches begining of string, end of string, blank space ^50_ means “50” “ [ ]” definines a range ; sample [1-9]567$
Editor's Notes
EBGP TTL is 1 by default. Synchronization causes rib failures, in order to get rid of rib failure, “bgp suppress-inactive” can be configured.
R4 (AS100), BB3 (AS54) ile ebgp komşuluk kursun; R2(AS200), BB2(AS254) ile ebgp komşuluk kursun. R4 ile R2 ebgp konuşsun. Diğer routerlar bgp unaware. Configuring a tunel between R2 ve R4 . IGP is configured between R2 - R4 ;
R2; before changing next hop Rack1R2(config-router)#do sh ip bgp BGP table version is 17, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 155.1.146.4 0 100 54 i *> 28.119.17.0/24 155.1.146.4 0 100 54 i *> 112.0.0.0 155.1.146.4 0 100 54 50 60 i *> 113.0.0.0 155.1.146.4 0 100 54 50 60 i *> 114.0.0.0 155.1.146.4 0 100 54 i *> 115.0.0.0 155.1.146.4 0 100 54 i *> 116.0.0.0 155.1.146.4 0 100 54 i *> 117.0.0.0 155.1.146.4 0 100 54 i *> 118.0.0.0 155.1.146.4 0 100 54 i *> 119.0.0.0 155.1.146.4 0 100 54 i *> 150.1.2.0/24 0.0.0.0 0 32768 i *> 150.1.4.0/24 155.1.146.4 0 0 100 i *> 205.90.31.0 192.10.1.254 0 0 254 ? *> 220.20.3.0 192.10.1.254 0 0 254 ? *> 222.22.2.0 192.10.1.254 0 0 254 ? After next-hop modified Rack1R2(config-router)#do sh ip bgp BGP table version is 28, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 10.0.0.4 0 100 54 i *> 28.119.17.0/24 10.0.0.4 0 100 54 i *> 112.0.0.0 10.0.0.4 0 100 54 50 60 i *> 113.0.0.0 10.0.0.4 0 100 54 50 60 i *> 114.0.0.0 10.0.0.4 0 100 54 i *> 115.0.0.0 10.0.0.4 0 100 54 i *> 116.0.0.0 10.0.0.4 0 100 54 i *> 117.0.0.0 10.0.0.4 0 100 54 i *> 118.0.0.0 10.0.0.4 0 100 54 i *> 119.0.0.0 10.0.0.4 0 100 54 i *> 150.1.2.0/24 0.0.0.0 0 32768 i *> 150.1.4.0/24 10.0.0.4 0 0 100 i *> 205.90.31.0 192.10.1.254 0 0 254 ? *> 220.20.3.0 192.10.1.254 0 0 254 ? *> 222.22.2.0 192.10.1.254 0 0 254 ?
In order to sent bgp information over tunnel; configured a route-map bind to neighbor as next hop is the tunnel IP. Rack1R2(config-router)#do ping 112.0.0.1 sour lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 112.0.0.1, timeout is 2 seconds: Packet sent with a source address of 150.1.2.2 !!!!! Rack1R2(config-router)#do trace 112.0.0.1 sour lo0 Type escape sequence to abort. Tracing the route to 112.0.0.1 1 10.0.0.4 56 msec 20 msec 20 msec 2 204.12.1.254 20 msec 20 msec 20 msec 3 172.16.4.1 36 msec * 52 msec
RR’de next-hop-self komutu çalışmaz; route map ile next hop’u set etmeliyiz.
R1 de distance’ı yazmasaydık SW4’ten BB route’larına ulaşmaya calısırken routing loop olusacaktı; R1 de IGP, IBGP’yi preempt yapacaktı ve R1; R3 e paketi gonderecekti; R3 ise Route-reflectoru R1 olduğundan paketi geri R1 e gonderecekti. At R4 similiar R6 router bgp 100 no synchronization bgp log-neighbor-changes network 155.1.146.0 mask 255.255.255.0 aggregate-address 155.1.0.0 255.255.0.0 neighbor 155.1.146.1 remote-as 100 neighbor 155.1.146.1 next-hop-self neighbor 204.12.1.254 remote-as 54 no auto-summary
BGP Mandotory Attributes ---------------- AS-Path Origin Next Hop If everything are same check the router-id, lowest one wins
SW1 de yapacağımız configurasyon ile AS300 den AS54’e giden trafik çıkış noktası olarak R3 u kullansın. AS300den AS254’e giden trafik R6’yı çıkış noktası kabul etsin. Bizim çıkışımızı etkilediğinden sadece upload trafiğiyle ilgili manupulasyon yapabiliriz. Local route’larımızın değeri max değer olan 32768 gorunur.
Rack1SW1(config-router)#do sh ip bgp BGP table version is 46, local router ID is 155.1.7.7 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 28.119.16.0/24 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i * 28.119.17.0/24 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i *> 112.0.0.0 155.1.67.6 0 100 54 50 60 i * 155.1.37.3 0 200 100 54 50 60 i *> 113.0.0.0 155.1.67.6 0 100 54 50 60 i * 155.1.37.3 0 200 100 54 50 60 i * 114.0.0.0 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i * 115.0.0.0 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i * 116.0.0.0 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i * 117.0.0.0 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i * 118.0.0.0 155.1.67.6 0 100 54 i Network Next Hop Metric LocPrf Weight Path *> 155.1.37.3 120 200 100 54 i * 119.0.0.0 155.1.67.6 0 100 54 i *> 155.1.37.3 120 200 100 54 i *> 155.1.0.0 155.1.67.6 0 0 100 i * 155.1.37.3 0 200 100 i *> 205.90.31.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ? *> 220.20.3.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ? *> 222.22.2.0 155.1.67.6 110 100 200 254 ? * 155.1.37.3 0 200 254 ?
R6’da yapacağımız configurasyon ile AS100 içersinden AS254’e geçiş AS300 uzerinden olsun. Local pref ile sadece upload yonundeki trafik ile oynayabiliriz. Rack1R6(config-router)#do sh ip bgp BGP table version is 32, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *> 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i * i112.0.0.0 204.12.1.254 0 100 0 54 50 60 i *> 54.1.1.254 0 0 54 50 60 i * i113.0.0.0 204.12.1.254 0 100 0 54 50 60 i *> 54.1.1.254 0 0 54 50 60 i * i114.0.0.0 204.12.1.254 0 100 0 54 i *> 54.1.1.254 0 0 54 i * i115.0.0.0 204.12.1.254 0 100 0 54 i *> 54.1.1.254 0 0 54 i * i116.0.0.0 204.12.1.254 0 100 0 54 i *> 54.1.1.254 0 0 54 i * i117.0.0.0 204.12.1.254 0 100 0 54 i *> 54.1.1.254 0 0 54 i * i118.0.0.0 204.12.1.254 0 100 0 54 i Network Next Hop Metric LocPrf Weight Path *> 54.1.1.254 0 0 54 i * i119.0.0.0 204.12.1.254 0 100 0 54 i *> 54.1.1.254 0 0 54 i *> 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s> 155.1.146.0/24 0.0.0.0 0 32768 i *> 205.90.31.0 155.1.67.7 200 0 300 200 254 ? *> 220.20.3.0 155.1.67.7 200 0 300 200 254 ? *> 222.22.2.0 155.1.67.7 200 0 300 200 254 ?
Rack1R4#sh ip bgp BGP table version is 40, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 204.12.1.254 0 0 54 i *> 28.119.17.0/24 204.12.1.254 0 0 54 i *> 112.0.0.0 204.12.1.254 0 54 50 60 i *> 113.0.0.0 204.12.1.254 0 54 50 60 i *> 114.0.0.0 204.12.1.254 0 54 i *> 115.0.0.0 204.12.1.254 0 54 i *> 116.0.0.0 204.12.1.254 0 54 i *> 117.0.0.0 204.12.1.254 0 54 i *> 118.0.0.0 204.12.1.254 0 54 i *> 119.0.0.0 204.12.1.254 0 54 i *> 155.1.0.0 0.0.0.0 32768 i s> 155.1.146.0/24 0.0.0.0 0 32768 i * 205.90.31.0 155.1.45.5 0 200 254 ? *>i 155.1.67.7 0 200 0 300 200 254 ? * 220.20.3.0 155.1.45.5 0 200 254 ? *>i 155.1.67.7 0 200 0 300 200 254 ? * 222.22.2.0 155.1.45.5 0 200 254 ? Network Next Hop Metric LocPrf Weight Path *>i 155.1.67.7 0 200 0 300 200 254 ?
Rack1R6(config-router)#do sh ip bgp BGP table version is 24, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *> 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *> 112.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *> 113.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *> 114.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 115.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 116.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 117.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 118.0.0.0 54.1.1.254 0 0 54 i Network Next Hop Metric LocPrf Weight Path * i 204.12.1.254 0 100 0 54 i *> 119.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s> 155.1.146.0/24 0.0.0.0 0 32768 i *> 205.90.31.0 155.1.67.7 0 300 200 254 ? *> 220.20.3.0 155.1.67.7 0 300 200 254 ? *> 222.22.2.0 155.1.67.7 0 300 200 254 ?
AS200’de yapacağımız config ile AS100’den AS254’e giden trafik AS300’ü secsin. download ile oynayabiliriz. Rack1R6(config-router)#do sh ip bgp BGP table version is 24, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *> 28.119.17.0/24 54.1.1.254 0 54 i * i 204.12.1.254 0 100 0 54 i *> 112.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *> 113.0.0.0 54.1.1.254 0 0 54 50 60 i * i 204.12.1.254 0 100 0 54 50 60 i *> 114.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 115.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 116.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 117.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 118.0.0.0 54.1.1.254 0 0 54 i Network Next Hop Metric LocPrf Weight Path * i 204.12.1.254 0 100 0 54 i *> 119.0.0.0 54.1.1.254 0 0 54 i * i 204.12.1.254 0 100 0 54 i *> 155.1.0.0 0.0.0.0 32768 i * i 155.1.146.4 0 100 0 i s> 155.1.146.0/24 0.0.0.0 0 32768 i *> 205.90.31.0 155.1.67.7 0 300 200 254 ? *> 220.20.3.0 155.1.67.7 0 300 200 254 ? *> 222.22.2.0 155.1.67.7 0 300 200 254 ?
Rack1R4# sh ip bgp regexp _254$ BGP table version is 61, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 205.90.31.0 155.1.45.5 0 200 254 i *> 220.20.3.0 155.1.45.5 0 200 254 i *> 222.22.2.0 155.1.45.5 0 200 254 i Rack1R6#sh ip bgp regexp _254$ BGP table version is 39, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 205.90.31.0 155.1.67.7 0 300 200 254 ? *>i 155.1.45.5 0 100 0 200 254 i * 220.20.3.0 155.1.67.7 0 300 200 254 ? *>i 155.1.45.5 0 100 0 200 254 i * 222.22.2.0 155.1.67.7 0 300 200 254 ? *>i 155.1.45.5 0 100 0 200 254 i
AS200’de yapacağımız config ile AS100’den AS254’e giden trafik R4-R5 arasındaki yolu tercih etsin.
AS100’de yapacağımız configurasyon ile AS200’den AS54’e giden trafik R4- R5 yolunu izlesin, MED ile oynayarak.
Default metric 0; kucuk olan tercih edilir. Rack1R3(config-router)#do show ip bgp regexp _54$ BGP table version is 23, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i28.119.16.0/24 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i28.119.17.0/24 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i114.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i115.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i116.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i117.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i Network Next Hop Metric LocPrf Weight Path * 155.1.13.1 50 0 100 54 i *>i118.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i *>i119.0.0.0 155.1.45.4 0 100 0 100 54 i * 155.1.37.7 0 300 100 54 i * 155.1.13.1 50 0 100 54 i
Niye varlar : prefix’leri gruplamaya yararlar; böylelikle içeride ki cihazlarda tek tek prefix list yazıp; filtreleme ya da modify etmek yerine belirli community’lere belirli ozellikler atayabiliriz.
AS 200 de yapacağımız config ile eBGP community 200:200 ile taglanmış prefix’leri local-pref 200 yapsın. R1’de yapacağımız config ile AS200’un AS60 dan gelen prefix’ler için R3 uzerinden R1’i tercih etsinler. Ne yaptık : R1’ de AS60’ları yakalayıp, community değerini 200:200 yaptık ve bunu R3 komşuluğuna yolladık. R3’te bu 200:200 community’sini yakalayıp; local-prefini 200 yaptık. Community değerini sh ip bgp 112.0.0.0 da doğru düzgün görebilmek için “ip bgp-community new-format “ configure ettik. Rack1R3#sh ip bgp 112.0.0.0 BGP routing table entry for 112.0.0.0/8, version 48 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x9C0 Advertised to update-groups: 3 4 5 100 54 50 60 155.1.13.1 from 155.1.13.1 (150.1.1.1) Origin IGP, localpref 200, valid, external, best Community: 200:200 300 100 54 50 60 155.1.37.7 from 155.1.37.7 (155.1.7.7) Origin IGP, localpref 100, valid, external
R2’de yapacağımız configurasyon ile AS254’ten öğrendiği prefix’leri hicbir peer’ına advertise etmesin. Prefix filtering kullanma. Rack1R3#sh ip bgp regexp _254$
R2 dekii configurasyonu modifiye edelim ki AS254 route’ları AS200 de dolaşabilsin ama AS200 dışına çıkmasın. Rack1SW3#sh ip bgp regexp _254$ Rack1SW3# Rack1R3#sh ip bgp regexp _254$ BGP table version is 51, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i205.90.31.0 192.10.1.254 0 100 0 254 ? *>i 192.10.1.254 0 100 0 254 ? * i220.20.3.0 192.10.1.254 0 100 0 254 ? *>i 192.10.1.254 0 100 0 254 ? * i222.22.2.0 192.10.1.254 0 100 0 254 ? *>i 192.10.1.254 0 100 0 254 ? Rack1R3#sh ip bgp 205.90.31.0 BGP routing table entry for 205.90.31.0/24, version 49 Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 3 5 254 192.10.1.254 (metric 2560512256) from 155.1.0.5 (150.1.5.5) Origin incomplete, metric 0, localpref 100, valid, internal Originator: 150.1.2.2, Cluster list: 150.1.5.5 254, (Received from a RR-client) 192.10.1.254 (metric 2560512256) from 155.1.23.2 (150.1.2.2) Origin incomplete, metric 0, localpref 100, valid, internal, best Community: no-export
before Rack1R2#sh ip bgp regexp _254$ BGP table version is 25, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 205.90.31.0 192.10.1.254 0 0 254 ? *> 220.20.3.0 192.10.1.254 0 0 254 ? *> 222.22.2.0 192.10.1.254 0 0 254 ? After Rack1R2#sh ip bgp regexp _254$ BGP table version is 26, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 205.90.31.0 192.10.1.254 0 0 254 ? *> 220.20.3.0 192.10.1.254 0 0 254 ?
R2 de yapacağımız prefix-list ile BB2’den 222.22.2.0/24 i almasın, bunu direk neighbor’a yazsın. R4 te yazacağımız prefix-list ile BB3’ten /22 den buyuk prefixleri almasın. Bunu route-map ile neighbor’a yazalım.
R2 den BB2’den 222.22.2.0’ı almasın, direk neighbor’a yaz. R4’te ilk octetinde cift sayı varsa almasın bunu route-map ile yapalım.
R4 te 3. octeti cift olan ve /22 den buyuk olan BB3’ten gelen prefixleri almasın, bunu direk neighbor’a uygulayalım.
R6, BB1’den 20 den fazla prefix öğrenirse, komşuluğu düşürsün. R6; BB1’den 16dan fazla prefix almaya başladığında warning mesaj atsın. Peering düştükten sonra 3 dakika içinde tekrar kurmaya çalışsın. SW1’de R3’ten 20’den fazla prefix aldığında warning mesajı üretsin.
R1’de lo1 yarat ip adresi 1.1.1.1/24 olsun. Bgp’ye redistribute et. AS200 router’larını, network’te osilasyon olduğunda advertisement’ları suppress edecek şekilde ayarla. Prefix sırada iki kez flap ettiğinde ; advertisement 5 dakika sonra gelsin.
Attention that ‘network 2.2.2.2 .... Backdoor’ command has configured at R1 router; while 2.2.2.2 prefix is at R2.
R4 BB3’ten gelen butun prefixleri; inbound filterlardan bağımsız olarak kabul etsin.
It makes AS 100 only get the routes from neighbor originated AS’s. AS100’ün sadece komşu AS’lerde üretilen AS’lerden prefix almasını sağlayalım.
Rack1R2(config-router)#do sh ip bgp BGP table version is 91, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 0.0.0.0 0 32768 i *> 10.0.0.0/22 0.0.0.0 32768 i *> 10.0.1.0/24 0.0.0.0 0 32768 i *> 10.0.2.0/24 0.0.0.0 0 32768 i *> 10.0.3.0/24 0.0.0.0 0 32768 i
Rack1R1#sh ip bgp BGP table version is 59, local router ID is 150.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i28.119.16.0/24 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i28.119.17.0/24 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i112.0.0.0 155.1.146.6 0 100 0 54 50 60 i *>i 155.1.146.4 0 100 0 54 50 60 i * i113.0.0.0 155.1.146.6 0 100 0 54 50 60 i *>i 155.1.146.4 0 100 0 54 50 60 i * i114.0.0.0 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i115.0.0.0 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i116.0.0.0 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i117.0.0.0 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i * i118.0.0.0 155.1.146.6 0 100 0 54 i Network Next Hop Metric LocPrf Weight Path *>i 155.1.146.4 0 100 0 54 i * i119.0.0.0 155.1.146.6 0 100 0 54 i *>i 155.1.146.4 0 100 0 54 i *> 150.1.1.0/24 0.0.0.0 0 32768 i * i150.1.2.0/24 155.1.23.2 0 100 0 200 i *>i 155.1.0.5 0 100 0 200 i *>i150.1.3.0/24 155.1.0.3 0 100 0 i *>i150.1.4.0/24 155.1.146.4 0 100 0 i *>i150.1.5.0/24 155.1.0.5 0 100 0 i *>i150.1.6.0/24 155.1.146.6 0 100 0 i *>i150.1.7.0/24 155.1.67.7 0 100 0 i *>i150.1.8.0/24 155.1.58.8 0 100 0 i *>i150.1.9.0/24 155.1.79.9 0 100 0 i *>i150.1.10.0/24 155.1.108.10 0 100 0 i * i205.90.31.0 155.1.23.2 0 100 0 200 254 ? *>i 155.1.0.5 0 100 0 200 254 ? * i220.20.3.0 155.1.23.2 0 100 0 200 254 ? *>i 155.1.0.5 0 100 0 200 254 ? * i222.22.2.0 155.1.23.2 0 100 0 200 254 ? *>i 155.1.0.5 0 100 0 200 254 ?
Rack1R2(config-router)#do sh ip bgp BGP table version is 95, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path s> 10.0.0.0/24 0.0.0.0 0 32768 i *> 10.0.0.0/22 0.0.0.0 32768 i s> 10.0.1.0/24 0.0.0.0 0 32768 i s> 10.0.2.0/24 0.0.0.0 0 32768 i s> 10.0.3.0/24 0.0.0.0 0 32768 i
R2’de yapacağımız modification ile summary-route ile birlikte 10.0.2.0/24 route’unu da advertise etsin.
R3 ve R5 te yapacağımız config ile AS100 ve AS54 route’ları 10.0.1.0/24 e AS300 uzerinden gitsin. Rack1R3(config-router)#do sh ip bgp BGP table version is 112, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path s>i10.0.0.0/24 155.1.23.2 0 100 0 i * i10.0.0.0/22 155.1.0.5 0 100 0 i *> 0.0.0.0 32768 i Rack1R6#sh ip bgp BGP table version is 109, local router ID is 150.1.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 10.0.0.0/22 155.1.67.7 0 300 200 i *>i 155.1.13.3 0 100 0 200 i *> 10.0.1.0/24 155.1.67.7 0 300 200 i
R1de 112.0.0.0/24 119.0.0.0/24’ü aggrege edelim. Bu yeni prefix AS54’e gitmesin, bunun için filtering uygulamayalım. Rack1R4#sh ip bgp BGP table version is 96, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i10.0.0.0/22 155.1.13.3 0 100 0 200 i *> 155.1.45.5 0 0 200 i *>i10.0.1.0/24 155.1.67.7 0 100 0 300 200 i *> 28.119.16.0/24 204.12.1.254 0 0 54 i *> 28.119.17.0/24 204.12.1.254 0 0 54 i *> 112.0.0.0 204.12.1.254 0 54 50 60 i *>i112.0.0.0/5 155.1.146.1 0 100 0 {54,50,60} i *> 113.0.0.0 204.12.1.254 0 54 50 60 i BB3#sh ip bgp BGP table version is 102, local router ID is 31.3.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i10.0.0.0/22 172.16.4.1 0 100 0 100 200 i *> 204.12.1.4 0 100 200 i *> 10.0.1.0/24 204.12.1.4 0 100 300 200 i * i 172.16.4.1 0 100 0 100 300 200 i *> 28.119.16.0/24 0.0.0.0 0 32768 i *> 28.119.17.0/24 0.0.0.0 0 32768 i *>i112.0.0.0 172.16.4.1 0 100 0 i *>i113.0.0.0 172.16.4.1 0 100 0 i *>i114.0.0.0 172.16.4.1 0 100 0 i *>i115.0.0.0 172.16.4.1 0 100 0 i *>i116.0.0.0 172.16.4.1 0 100 0 i *>i117.0.0.0 172.16.4.1 0 100 0 i *>i118.0.0.0 172.16.4.1 0 100 0 i *>i119.0.0.0 172.16.4.1 0 100 0 i * i150.1.77.0/24 172.16.4.1 0 100 0 100 300 i *> 204.12.1.4 0 100 300 i * i155.1.0.0 172.16.4.1 0 100 0 100 i Network Next Hop Metric LocPrf Weight Path *> 204.12.1.4 0 0 100 i * i205.90.31.0 172.16.4.1 0 100 0 100 200 254 ? *> 204.12.1.4 0 100 200 254 ? * i220.20.3.0 172.16.4.1 0 100 0 100 200 254 ? *> 204.12.1.4 0 100 200 254 ? * i222.22.2.0 172.16.4.1 0 100 0 100 200 254 ? *> 204.12.1.4 0 100 200 254 ?
BB3’ten gelen 112.0.0.0/24 u no-export community’si ile tag’la; bunu AS100 boyunca ilet. R1 de yapacağımız summary prefix ile AS300 ve AS200 e gitmesini sağla. Sadece prefix’lerden birinde dahi no-export olduğundan aggrege edilirken hepsini etkiliyor. Attribute-map ile metric No-export : komşu AS’lere iletmez. Rack1R4#sh ip bgp neighb 155.1.45.5 adv BGP table version is 22, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/22 155.1.45.5 0 0 200 i *>i10.0.1.0/24 155.1.67.7 0 100 0 300 200 i *> 28.119.16.0/24 204.12.1.254 0 0 54 i *> 28.119.17.0/24 204.12.1.254 0 0 54 i *>i112.0.0.0/5 155.1.146.1 0 100 0 {54,50,60} i *> 113.0.0.0 204.12.1.254 0 54 50 60 i *> 114.0.0.0 204.12.1.254 0 54 i 112.0.0.0/8 yok.
R4 ve R6 da bu 222.22.x li routeları aggrege edip, AS 300 de max AS path bilgisinin tutulmasının yanı sıra aggregate route’unun da install edilmesini istiyoruz. AS-SET’i konfigure ettiğimizde, specific route’ların olduğu AS’lere summary route’u göndermeyiz; Advertise-map yaptığıız prefix’in olduğu AS’ e summary prefix’i gönderebiliriz.
Rack1R1(config-router)#do sh ip bgp BGP table version is 32, local router ID is 150.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i28.119.16.0/24 54.1.1.254 0 100 0 54 i * i28.119.17.0/24 54.1.1.254 0 100 0 54 i * i112.0.0.0 54.1.1.254 0 100 0 54 50 60 i * i113.0.0.0 54.1.1.254 0 100 0 54 50 60 i * i114.0.0.0 54.1.1.254 0 100 0 54 i * i115.0.0.0 54.1.1.254 0 100 0 54 i * i116.0.0.0 54.1.1.254 0 100 0 54 i * i117.0.0.0 54.1.1.254 0 100 0 54 i * i118.0.0.0 54.1.1.254 0 100 0 54 i * i119.0.0.0 54.1.1.254 0 100 0 54 i *> 150.1.1.0/24 0.0.0.0 0 32768 i *> 150.1.2.0/24 155.1.0.2 0 100 0 (65508) 200 i * 155.1.23.2 0 100 0 (65379) 200 i * 150.1.3.0/24 155.1.0.3 0 100 0 (65508 65379) i *> 155.1.13.3 0 100 0 (65379) i *>i150.1.4.0/24 155.1.146.4 0 100 0 i *> 150.1.5.0/24 155.1.0.5 0 100 0 (65508) i Network Next Hop Metric LocPrf Weight Path *>i150.1.6.0/24 155.1.146.6 0 100 0 i *> 150.1.7.0/24 155.1.37.7 0 100 0 (65379) i *> 150.1.8.0/24 155.1.58.8 0 100 0 (65508) i *> 150.1.9.0/24 155.1.79.9 0 100 0 (65379) i *> 150.1.10.0/24 155.1.108.10 0 100 0 (65508) i *> 205.90.31.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ? *> 220.20.3.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ? *> 222.22.2.0 155.1.0.2 0 100 0 (65508) 200 254 ? * 155.1.23.2 0 100 0 (65379) 200 254 ?
Next-hop bilgisi değişmez bu yüzden gerekli modificasyonlar yapılmalı.
SW3 ve R6’da lo1 1.2.3.4/32 oluşturup bgp’ye advertise ettik; MED değeri ile oynayarak SW3 teki prefixin tercih edilmesini sağlayalım. Rack1R5(config-router)#do sh ip bgp BGP table version is 60, local router ID is 150.1.5.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 1.2.3.4/32 155.1.45.4 120 0 100 300 i *>i 155.1.37.7 90 100 0 300 i Rack1R2(config-router)#do sh ip bgp BGP table version is 62, local router ID is 150.1.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i1.2.3.4/32 155.1.37.7 90 100 0 300 i *>i 155.1.37.7 90 100 0 300 i
**** Farklı AS’lerden gelen prefix’leri med karsılastıramaz, karsılastırması için bgp always-compare-med yazdık.
AS200’den AS54’e giden trafic AS300’ü secsin; AS-path prepend kullanma.
At R1 Router bgp 100 maximum-path ibgp 2 bgp dmzlink-bw At R4 similiar at R6 Router bgp 100 bgp dmzlink-bw neighbor 155.1.146.1 send-community extended neighbor 204.12.1.254 dmzlink-bw Load share’i dengelemek için R6’nın BB bağlantısına olan bw’si ile oynadık; Paylaşılan bw’yi gormek için “show ip route 112.0.0.0” a baktık.
SW1’de lo1 ip address 150.1.77.77 yaptık ve bgp’ye advertise ettik. AS100 AS300 arasındaki bgp peeringi kapattık; R1 ve R4’un bu yeni subnet’i eBGP yerine EIRRP’den öğrenmesini sağlayalım.
R1 ve R4 bgp 100 confederasyonunda, 65014 subconfederasyonunda bulunsun, R6 da 65006’da bulunsun. R4’te lo0’ı advertise et ama sadece R1 alsın, R6 alamasın. Rack1R4(config-router)#do sh ip bgp neighb 155.1.146.6 adv BGP table version is 16, local router ID is 150.1.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 204.12.1.254 0 0 54 i *> 28.119.17.0/24 204.12.1.254 0 0 54 i *> 112.0.0.0 204.12.1.254 0 54 50 60 i *> 113.0.0.0 204.12.1.254 0 54 50 60 i *> 114.0.0.0 204.12.1.254 0 54 i *> 115.0.0.0 204.12.1.254 0 54 i *> 116.0.0.0 204.12.1.254 0 54 i *> 117.0.0.0 204.12.1.254 0 54 i *> 118.0.0.0 204.12.1.254 0 54 i *> 119.0.0.0 204.12.1.254 0 54 i *> 155.1.0.0 0.0.0.0 32768 i
Rack1R4(config-router)#do sh ip bgp 150.1.4.4 BGP routing table entry for 150.1.4.0/24, version 16 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS) Advertised to update-groups: 2 Local 0.0.0.0 from 0.0.0.0 (150.1.4.4) Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best Community: local-AS Rack1R1(config-router)#do sh ip bgp 150.1.4.0 BGP routing table entry for 150.1.4.0/24, version 15 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS, RIB-failure(17)) Not advertised to any peer Local 155.1.146.4 from 155.1.146.4 (150.1.4.4) Origin IGP, metric 0, localpref 100, valid, confed-internal, best Community: local-AS
R2 de 254:100 200:254 ve 200:123 ekleyelim. AS 300’e gelelim; 300:200ü AS100’e giderken ekleyelim; AS300 de 200: x ile başlayanları kaldıralım. Rack1R2(config)#do sh ip bgp 222.22.2.0 BGP routing table entry for 222.22.2.0/24, version 15 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Advertised to update-groups: 3 254 192.10.1.254 from 192.10.1.254 (222.22.2.1) Origin incomplete, metric 0, localpref 100, valid, external, best Community: 200:123 200:254 254:200
Rack1R6# sh ip bgp 222.22.2.0 BGP routing table entry for 222.22.2.0/24, version 24 Paths: (3 available, best #2, table Default-IP-Routing-Table) Advertised to update-groups: 2 3 (65014) 200 254 155.1.45.5 (metric 27283200) from 155.1.146.4 (150.1.4.4) Origin incomplete, metric 0, localpref 100, valid, confed-external (65014) 200 254 155.1.13.3 (metric 27283200) from 155.1.146.1 (150.1.1.1) Origin incomplete, metric 0, localpref 100, valid, confed-external, best 300 200 254 155.1.67.7 from 155.1.67.7 (155.1.7.7) Origin incomplete, localpref 100, valid, external Community: 200:123 200:254 254:200
R3’te yapacağımız config ile butun AS254 route’larını AS300’den alsın; R1-R3 arasındaki link down olursa AS300’den AS254’e olan trafik AS200’den gecsin. Neighbor <IP> advertise-map MAP1 {non-exist | exist-map} MAP2 MAP1 local bgp table da olmalı; MAP2 ise track edeceğimiz bgp table daki prefix olmalı. Yaptığımız configurasyon ile R3’ten AS254’u eğer R3’ten R1’e ulaşamıyorsak, SW1’e advertise ederiz. Rack1R3#sh ip bgp nei 155.1.37.7 adv BGP table version is 13, local router ID is 150.1.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 28.119.16.0/24 155.1.13.1 0 100 54 i *> 28.119.17.0/24 155.1.13.1 0 100 54 i *> 112.0.0.0 155.1.13.1 0 100 54 50 60 i *> 113.0.0.0 155.1.13.1 0 100 54 50 60 i *> 114.0.0.0 155.1.13.1 0 100 54 i *> 115.0.0.0 155.1.13.1 0 100 54 i *> 116.0.0.0 155.1.13.1 0 100 54 i *> 117.0.0.0 155.1.13.1 0 100 54 i *> 118.0.0.0 155.1.13.1 0 100 54 i *> 119.0.0.0 155.1.13.1 0 100 54 i *> 155.1.0.0 155.1.13.1 0 100 i *> 155.1.13.0/24 0.0.0.0 0 32768 i
R2’de 4 yeni lo 10.0.0.1 /24 so on bgp ye advertise edelim. R4 ve R6 dan yapacağımız config ile AS54 ten 10.0.1.0/24 e gidrken R4’ten; 10.0.2.0/24 e giderken R6dan gecsin. R4 ve R6 dan specific route’lar R1’e gitmesin, SW1’de de loop’u engelle.
R1 – R6 arasında lo1 x.x.x.x/32 ip adresiyle ver. BGP’ye dağıt. SW1 de yapacağımız AS-Path access-list ile AS300’un transit AS olmasını engelleyelim. R5 te yapacağımız local preference ile AS200, AS54te genere edilmiş route’lar için R4’ e AS54’te genere edilmemiş (AS54u transit kullanan) R3’e yollasın.. R3’te yapacağımız config ile AS254’ten ogrendiğimiz route’lar R1’e advertise edilmesin.
R2; R3 ve R5 e default route origine etsin. Bu default route; eğer R2’nin BB2’ye bağlantısı düşerse yollanmasın.
AS100 deki routerlar, AS id lerini 146, yapmak istiyor, R4 ve R6 yeni AS numarasını kullanırken R1 eski AS numarasını kullansın; R1, R4, R6 da herhangi bir değişiklik yapılmayacak ve networkte kesintiye sebep olmayacak.
BGP Dampening sadece AS100 de origine edilmiş route’lara uygulansın. Herbir panaltı default1000 poan. Default olarak bu ceza poanı 2000’i aştığında route suppress edilir. Default suppression half-life time is 15 min. Max half-life 4 * half-life. 7.5 dakika sonra ceza poanı azalmaya başlar ve her 5 saniyede exponential olarak azalır. Ceza poanı 750 nin altına dustuğunde route tekrar gonderilmeye başlar.
R1’de AS146 de yer alsın R4 ve R6 ya route-reflector olsun. Butun external AS’ler bu AS146’dan unawere olsun. R5, R4 ile peer olsun AS146yı kullanarak. At R6 --------------------- router bgp 146 no synchronization bgp log-neighbor-changes network 155.1.146.0 mask 255.255.255.0 aggregate-address 155.1.0.0 255.255.0.0 summary-only neighbor 54.1.1.254 remote-as 54 neighbor 54.1.1.254 local-as 100 no-prepend replace-as neighbor 155.1.67.7 remote-as 300 neighbor 155.1.67.7 local-as 100 no-prepend replace-as neighbor 155.1.146.1 remote-as 146 no auto-summary Bakarken 146 yı gormeyiz.
SW1 ve SW3’u private AS 65089 da kur ve peeringlerini ayarla. SW1’de Lo1 7.7.7.7/24 yarat ve bgp’ye advertise et. AS100 ve AS200 bu prefix’i AS254 ve AS54 ‘e advertise ederken AS numarasını kessin.
Fiziksel bir interface gittiğinde eBGP peering session’ı deactive etme ozelliğini disable edelim . R3’un butun peering session’larını fast peering deactivation için configure edelim.
R3 ve R5 te yapacağımız filtering ile R1 ve R4’ün 112.0.0.0/8 ve 114.0.0.0/8 routelarını advertise etmesini engelleyelim.
R3; IGP prefix değiştikten 30 saniye sonra BGP prefix next-hop’u da değiştirsin.
R3, TCP paketlerini eBGP’den sadece 1 hop’tan uzaksa alsın .
R2 ve SW2 2.2.2.0/24 ve 8.8.8.0/24 networklerini BGP’ye advertise etsin. AS 200 router’larında yapacağımız config ile AS 200 partioned olursa; geri kalan parcalar AS100 u transit olarak kullanıp, connectivityi sağlasın.