Monday, August 11, 2008

1) The Topology

The topology is composed of 8 routers and they are actually Cisco 3640 routers. It includes 3 simulated ISPs (AS 30, 50 and 100) and 2 simulated customer (AS 200 and 192) that are multi-homed into two different ISPs.

The 2 customer routers are multi-homed so that they can have 2 different paths to get to each other, one path is passing through the AS 30 and 50 and the other one is through AS 100. Leaving the BGP configurations by default the 2 customer routers will choose the path through AS 100, and that is because of the BGP AS-Path attribute. A BGP router will choose a path to a certain destination with a lower AS path/hop-count. Therefore, R0 will pass through AS 100 to get to R5 since it is only one hop away from itself and this is also true for R5 going to R0.

I chose this kind of setup so that we can have a chance to manipulate the BGP attributes and for us to be able to control the traffic. Like for example the Local Preference attribute, we can tell R0 to use the path going to AS 30 and 50 instead of AS 100 by setting the local preference of the routes that came from AS 30 to have a value greater than those that came from AS 100.

For the ISPs, the routers inside their respective AS are in full mesh IBGP configuration, which is actually the requirement and is what ISPs really practice in their backbone. In AS 30, R1 and R2 are peering to each other via their Loopback IP address but in order for these two routers to have a successful neighbor relationship they must have Layer 3 reachability to each other's Loopbacks. In order to accomplish this we need a routing protocol that will tell the routers how to reach other's Loopbacks, in this case we will used OSPF routing protocol to do the job and this is also how we will setup the other 2 simulated ISPs. Also, we will redistribute only the Loopback interfaces of the routers for us to be able to verify the connectivity and advertisements in between ISPs but we can still redistribute all the connected interfaces if you want to, anyway this is a Lab we can do whatever you want.

Peering in between different ISPs and in between customers and ISPs, of course, are implemented using EBGP, R2 and R3 are using EBGP to peer with each other. But how do we really know or determine if a router is using IBGP and/or EBGP?

Answer:

Configuration Example:

router bgp 30
neighbor [neighbor ip] remote-as 30
neighbor [neighbor ip] remote-as 50

The line "neighbor [neighbor ip] remote-as 30" indicates IBGP peering, meaning we peered with a router that is in the same AS number. Now, the line "neighbor [neighbor ip] remote-as 50" indicates EBGP peering, meaning we peered with a router that is outside or in different AS number.

So, basically that is all with the topology, in my next blog I will post all the router configurations so that you can really implement the network topology in our PCs at home.
Posted by Chris Mendoza at 7:52 PM 8 comments

2) Router Configurations

Please note that some explanations on the router configurations are found at the "Router Configs Explanation" post.

Configuration for R0
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0_AS_200
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description SIMULATED CUSTOMER LAN
ip address 200.20.20.1 255.255.255.0
!
interface Serial1/0
description CONNECTION TO ISP AS NUMBER 100 (R6_AS_100)
bandwidth 1536
ip address 60.50.10.2 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
interface Serial1/1
description CONNECTION TO ISP AS NUMBER 30 (R1_AS_30)
bandwidth 1536
ip address 12.123.50.2 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 200.20.20.0
redistribute static
neighbor 12.123.50.1 remote-as 30
neighbor 12.123.50.1 distribute-list AS-PATH-100 out
neighbor 60.50.10.1 remote-as 100
neighbor 60.50.10.1 distribute-list AS-PATH-30-50 out
no auto-summary
!
ip classless
ip route 200.20.30.0 255.255.255.0 Null0
ip route 200.20.40.0 255.255.255.0 Null0
ip route 200.20.50.0 255.255.255.0 Null0
ip route 200.20.60.0 255.255.255.0 Null0
no ip http server
!
ip access-list standard AS-PATH-100
deny 192.168.0.0 0.0.255.255
deny 100.100.0.0 0.0.255.255
permit any
ip access-list standard AS-PATH-30-50
deny 192.168.0.0 0.0.255.255
deny 30.30.0.0 0.0.255.255
deny 50.50.0.0 0.0.255.255
permit any
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end
!


Configuration for R1
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_AS_30
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 30.30.11.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 30.30.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION TO CUSTOMER AS NUMBER 200 (R0_AS_200)
bandwidth 1536
ip address 12.123.50.1 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 30
log-adjacency-changes
passive-interface Serial1/0
network 12.123.50.1 0.0.0.0 area 0
network 30.30.10.1 0.0.0.0 area 0
network 30.30.11.1 0.0.0.0 area 0
!
router bgp 30
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 12.123.50.2 remote-as 200
neighbor 30.30.12.1 remote-as 30
neighbor 30.30.12.1 update-source Loopback0
neighbor 30.30.12.1 next-hop-self
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 30.30.11.0 0.0.0.255
route-map CONNECTED permit 100
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R2
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2_AS_30
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 30.30.12.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 30.30.10.2 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION TO ANOTHER ISP AS NUMBER 50 (R3_AS_50)
bandwidth 1536
ip address 12.123.50.5 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 30
log-adjacency-changes
passive-interface Serial1/0
network 12.123.50.5 0.0.0.0 area 0
network 30.30.10.2 0.0.0.0 area 0
network 30.30.12.1 0.0.0.0 area 0
!
router bgp 30
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 12.123.50.6 remote-as 50
neighbor 30.30.11.1 remote-as 30
neighbor 30.30.11.1 update-source Loopback0
neighbor 30.30.11.1 next-hop-self
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 30.30.12.0 0.0.0.255
route-map CONNECTED permit 100
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R3
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3_AS_50
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 50.50.12.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 50.50.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION TO ANOTHER ISP AS NUMBER 30 (R2_AS_30)
bandwidth 1536
ip address 12.123.50.6 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 50
log-adjacency-changes
passive-interface Serial1/0
network 12.123.50.6 0.0.0.0 area 0
network 50.50.10.1 0.0.0.0 area 0
network 50.50.12.1 0.0.0.0 area 0
!
router bgp 50
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 12.123.50.5 remote-as 30
neighbor 50.50.11.1 remote-as 50
neighbor 50.50.11.1 update-source Loopback0
neighbor 50.50.11.1 next-hop-self
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 50.50.12.0 0.0.0.255
route-map CONNECTED permit 100
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R4
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4_AS_50
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 50.50.11.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 50.50.10.2 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION CUSTOMER AS NUMBER 192 (R5_AS_192)
bandwidth 1536
ip address 50.50.13.1 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 50
log-adjacency-changes
passive-interface Serial1/0
network 50.50.10.2 0.0.0.0 area 0
network 50.50.11.1 0.0.0.0 area 0
network 50.50.13.1 0.0.0.0 area 0
!
router bgp 50
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 50.50.12.1 remote-as 50
neighbor 50.50.12.1 update-source Loopback0
neighbor 50.50.12.1 next-hop-self
neighbor 50.50.13.2 remote-as 192
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 50.50.11.0 0.0.0.255
route-map CONNECTED permit 100
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R5
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5_AS_192
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description SIMULATED CUSTOMER LAN
ip address 192.168.10.1 255.255.255.0
!
interface Serial1/0
description CONNECTION TO ISP AS NUMBER 50 (R4_AS_50)
ip address 50.50.13.2 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
interface Serial1/1
description CONNECTION TO ISP AS NUMBER 100 (R6_AS_100)
ip address 60.50.10.6 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router bgp 192
no synchronization
bgp log-neighbor-changes
network 192.168.10.0
redistribute static
neighbor 50.50.13.1 remote-as 50
neighbor 50.50.13.1 distribute-list AS-PATH-100 out
neighbor 60.50.10.5 remote-as 100
neighbor 60.50.10.5 distribute-list AS-PATH-30-50 out
no auto-summary
!
ip classless
ip route 192.168.20.0 255.255.255.0 Null0
ip route 192.168.30.0 255.255.255.0 Null0
ip route 192.168.40.0 255.255.255.0 Null0
ip route 192.168.50.0 255.255.255.0 Null0
no ip http server
!
ip access-list standard AS-PATH-100
deny 200.20.0.0 0.0.255.255
deny 100.100.0.0 0.0.255.255
permit any
ip access-list standard AS-PATH-30-50
deny 200.20.0.0 0.0.255.255
deny 30.30.0.0 0.0.255.255
deny 50.50.0.0 0.0.255.255
permit any
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R6
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6_AS_100
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 100.100.11.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 100.100.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION CUSTOMER AS NUMBER 200 (R0_AS_200)
bandwidth 1536
ip address 60.50.10.1 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
passive-interface Serial1/0
network 60.50.10.1 0.0.0.0 area 0
network 100.100.10.1 0.0.0.0 area 0
network 100.100.11.1 0.0.0.0 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 60.50.10.2 remote-as 200
neighbor 100.100.12.1 remote-as 100
neighbor 100.100.12.1 update-source Loopback0
neighbor 100.100.12.1 next-hop-self
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 100.100.11.0 0.0.0.255
route-map CONNECTED permit 100
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end


Configuration for R7
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7_AS_100
!
logging buffered 4096 debugging
enable secret christopher
!
ip subnet-zero
!
no ip domain-lookup
!
interface Loopback0
description FOR IBGP PEERING
ip address 100.100.12.1 255.255.255.0
!
interface FastEthernet0/0
description CONNECTION TO CORE SWITCH
ip address 100.100.10.2 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
description CONNECTION TO CUSTOMER AS NUMBER 192 (R5_AS_192)
bandwidth 1536
ip address 60.50.10.5 255.255.255.252
encapsulation ppp
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
passive-interface Serial1/0
network 60.50.10.5 0.0.0.0 area 0
network 100.100.10.2 0.0.0.0 area 0
network 100.100.12.1 0.0.0.0 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute connected route-map CONNECTED
neighbor 60.50.10.6 remote-as 192
neighbor 100.100.11.1 remote-as 100
neighbor 100.100.11.1 update-source Loopback0
neighbor 100.100.11.1 next-hop-self
no auto-summary
!
ip classless
no ip http server
!
ip access-list standard LOOPBACK-IP
permit 100.100.12.0 0.0.0.255
route-map CONNECTED permit 20
match ip address LOOPBACK-IP
!
line con 0
exec-timeout 30 0
password christopher
logging synchronous
login
line aux 0
exec-timeout 30 0
password christopher
logging synchronous
login
line vty 0 4
exec-timeout 30 0
password christopher
logging synchronous
login
!
end

*** Router configurations are explained in my next post
Posted by Chris Mendoza at 7:47 PM 3 comments

3) Router Configs Explanation

On R0:
You might have noticed the distribute-list commands under the BGP neighbor configuration, I did that to prevent the networks from the AS 30 and 50 from getting to AS 100 and vice-versa. And this is actually the danger in multi-homing in a single router into 2 different ISPs; you have to prevent each others network from crossing you. I actually tried different methods but I ended up doing the easy but not flexible way and in real world you don't want to do it in this way.

As I create this blog I actually thought of a better way and you might want to try it in this LAB. Maybe we can create a deny route-map with two match clauses then apply the route-map out into the neighbor bgp configuration. The two match clauses should be a standard permit any ACL and as-path access-list with a regular expression of "^[AS Number]_". The Reg expression "^[AS Number]_" means received from a router with the AS Number specified, so the combination of ACL and as-path list interprets to any ip/network that we received from the router that has the AS Number we specified. If you decided to try it out please send me a feedback regarding the results, I may not be able to try it myself but once I have the time I'll definitely try it out.

Alright, I actually tried this one, please see the "Tips and Tricks" post.

And on the 2 ACLs named "AS-PATH-100" and "AS-PATH-30-50" I denied the 192.168.0.0 network in that way we can really be sure to prevent R0 from re-advertising that network to the other ISPs. (But we wont need to do this anymore if we implement my suggestion above.)

On R5:
This router should have the same case as with R0, you already know the issue and you have read my suggestion about what we can do, and now its all up to you to try it out.

On R1-R4 and R6-R7:
These routers are all configured in the same fashion/manner. All routers in their respective AS'es are in full mesh IBGP configuration and they are peering to each other through their Loopback IPs and only the Loopback IP address are the ones getting redistributed into BGP. The OSPF job is to create a Layer 3 connectivity in between the Loopbacks to help IBGP routers to form neighbor relationship with their peer router.
Posted by Chris Mendoza at 7:45 PM 0 comments

4) Verification and Testing of the Configurations

R0_AS_200#sho ip bgp summary
BGP router identifier 200.20.20.1, local AS number 200
BGP table version is 44, main routing table version 44
16 network entries using 1552 bytes of memory
21 path entries using 756 bytes of memory
11 BGP path attribute entries using 660 bytes of memory
5 BGP AS-PATH entries using 120 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3088 total bytes of memory
BGP activity 24/8 prefixes, 41/20 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
12.123.50.1 4 30 109 96 44 0 0 00:54:37 9
60.50.10.1 4 100 101 95 44 0 0 00:54:33 7

R0_AS_200#sho ip bgp neighbors 12.123.50.1 routes
BGP table version is 44, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 12.123.50.1 0 0 30 ?
*> 30.30.12.0/24 12.123.50.1 0 30 ?
*> 50.50.11.0/24 12.123.50.1 0 30 50 ?
*> 50.50.12.0/24 12.123.50.1 0 30 50 ?
* 192.168.10.0 12.123.50.1 0 30 50 192 i
* 192.168.20.0 12.123.50.1 0 30 50 192 ?
* 192.168.30.0 12.123.50.1 0 30 50 192 ?
* 192.168.40.0 12.123.50.1 0 30 50 192 ?
* 192.168.50.0 12.123.50.1 0 30 50 192 ?

Total number of prefixes 9

R0_AS_200#sho ip bgp neighbors 60.50.10.1 routes
BGP table version is 44, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.1 0 0 100 ?
*> 100.100.12.0/24 60.50.10.1 0 100 ?
*> 192.168.10.0 60.50.10.1 0 100 192 i
*> 192.168.20.0 60.50.10.1 0 100 192 ?
*> 192.168.30.0 60.50.10.1 0 100 192 ?
*> 192.168.40.0 60.50.10.1 0 100 192 ?
*> 192.168.50.0 60.50.10.1 0 100 192 ?

Total number of prefixes 7

*** By leaving the BGP attributes to its default behavior, R0 will choose to go through AS 100 to get to R5 because the AS path is lesser compare to the other path.

R0_AS_200#sho ip route bgp
50.0.0.0/24 is subnetted, 2 subnets
B 50.50.11.0 [20/0] via 12.123.50.1, 00:55:23
B 50.50.12.0 [20/0] via 12.123.50.1, 00:55:23
100.0.0.0/24 is subnetted, 2 subnets
B 100.100.11.0 [20/0] via 60.50.10.1, 00:55:20
B 100.100.12.0 [20/0] via 60.50.10.1, 00:55:20
B 192.168.30.0/24 [20/0] via 60.50.10.1, 00:55:20
B 192.168.10.0/24 [20/0] via 60.50.10.1, 00:55:20
B 192.168.40.0/24 [20/0] via 60.50.10.1, 00:55:20
B 192.168.20.0/24 [20/0] via 60.50.10.1, 00:55:20
B 192.168.50.0/24 [20/0] via 60.50.10.1, 00:55:20
30.0.0.0/24 is subnetted, 2 subnets
B 30.30.11.0 [20/0] via 12.123.50.1, 00:55:23
B 30.30.12.0 [20/0] via 12.123.50.1, 00:55:23

*** Notice R0 routing table, R0 is receiving advertisement for the network 192.168.0.0 from R1 and R6, but R6 advertisements ended up in R0 routing table this is because R0 sees a shorter path going to R5 via R6.

R0_AS_200#sho ip bgp neighbors 60.50.10.1 advertised-routes
BGP table version is 44, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

R0_AS_200#sho ip bgp neighbors 12.123.50.1 advertised-routes
BGP table version is 44, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

*** R0 is advertising the same exact networks to both R1 and R6

R0_AS_200#ping ip 192.168.10.1 so 200.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 200.20.20.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 264/360/456 ms

R0_AS_200#traceroute ip

Target IP address: 192.168.10.1
Source address: 200.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.10.1

1 60.50.10.1 116 msec 48 msec 144 msec --> ISP AS 100
2 100.100.10.2 216 msec 360 msec 216 msec
3 60.50.10.6 336 msec * 360 msec
R0_AS_200#

*** Connectivity tests: ping and traceroutes to R5

************************************************************************************

R5_AS_192#sho ip bgp summary
BGP router identifier 192.168.10.1, local AS number 192
BGP table version is 33, main routing table version 33
16 network entries using 1552 bytes of memory
21 path entries using 756 bytes of memory
11 BGP path attribute entries using 660 bytes of memory
5 BGP AS-PATH entries using 120 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3088 total bytes of memory
BGP activity 24/8 prefixes, 33/12 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
50.50.13.1 4 50 89 88 33 0 0 01:06:35 9
60.50.10.5 4 100 78 81 33 0 0 01:00:00 7



R5_AS_192#sho ip bgp neighbors 50.50.13.1 routes
BGP table version is 33, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 50.50.13.1 0 50 30 ?
*> 30.30.12.0/24 50.50.13.1 0 50 30 ?
*> 50.50.11.0/24 50.50.13.1 0 0 50 ?
*> 50.50.12.0/24 50.50.13.1 0 50 ?
* 200.20.20.0 50.50.13.1 0 50 30 200 i
* 200.20.30.0 50.50.13.1 0 50 30 200 ?
* 200.20.40.0 50.50.13.1 0 50 30 200 ?
* 200.20.50.0 50.50.13.1 0 50 30 200 ?
* 200.20.60.0 50.50.13.1 0 50 30 200 ?

Total number of prefixes 9

R5_AS_192#sho ip bgp neighbors 60.50.10.5 routes
BGP table version is 33, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.5 0 100 ?
*> 100.100.12.0/24 60.50.10.5 0 0 100 ?
*> 200.20.20.0 60.50.10.5 0 100 200 i
*> 200.20.30.0 60.50.10.5 0 100 200 ?
*> 200.20.40.0 60.50.10.5 0 100 200 ?
*> 200.20.50.0 60.50.10.5 0 100 200 ?
*> 200.20.60.0 60.50.10.5 0 100 200 ?

Total number of prefixes 7

R5_AS_192#sho ip ro bgp
50.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
B 50.50.11.0/24 [20/0] via 50.50.13.1, 01:13:34
B 50.50.12.0/24 [20/0] via 50.50.13.1, 01:13:34
B 200.20.20.0/24 [20/0] via 60.50.10.5, 01:06:03
100.0.0.0/24 is subnetted, 2 subnets
B 100.100.11.0 [20/0] via 60.50.10.5, 01:06:59
B 100.100.12.0 [20/0] via 60.50.10.5, 01:06:59
B 200.20.50.0/24 [20/0] via 60.50.10.5, 01:06:03
B 200.20.60.0/24 [20/0] via 60.50.10.5, 01:06:03
B 200.20.30.0/24 [20/0] via 60.50.10.5, 01:06:03
B 200.20.40.0/24 [20/0] via 60.50.10.5, 01:06:03
30.0.0.0/24 is subnetted, 2 subnets
B 30.30.11.0 [20/0] via 50.50.13.1, 01:13:34
B 30.30.12.0 [20/0] via 50.50.13.1, 01:13:34

*** R5 is also getting two advertisement for the network 200.20.0.0 from R4 and R7 and again R7 advertisements gets to R5 routing table simply because there is a shorter path via R7.

R5_AS_192#sho ip bgp neighbors 60.50.10.5 advertised-routes
BGP table version is 33, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?


R5_AS_192#sho ip bgp neighbors 50.50.13.1 advertised-routes
BGP table version is 33, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?

*** R5 is advertising its networks to both of its peers

R5_AS_192#ping ip 200.20.20.1 so 192.168.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 288/356/528 ms

R5_AS_192#traceroute ip

Target IP address: 200.20.20.1
Source address: 192.168.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 200.20.20.1

1 60.50.10.5 116 msec 72 msec 120 msec --> ISP AS 100
2 100.100.10.1 240 msec 408 msec 216 msec
3 60.50.10.2 288 msec * 288 msec

*** Connectivity tests: ping and traceroutes to R0

*** Next post are some tips and tricks that may be useful.
Posted by Chris Mendoza at 7:42 PM 0 comments

5) Tips and Tricks

The "ip as-path" Command: Part 1

For my first trick, I actually tried my suggestion I mentioned on the "Router Configs Explanation" post, at the R0 router section. But I tried it in a different topology which is very simple yet enough to demonstrate the power of the AS Path attribute together with Route-map.

Here is the topology:


Please click here to download the configurations of R0, R1 and R3.

***Sample Output when route-map Christopher is NOT applied to both neighbors:

R0#sho ip bgp neigh 192.168.10.2 adv
BGP table version is 4, local router ID is 90.90.90.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 20.20.20.0/24 192.168.10.6 0 0 20 i
*> 90.90.90.0/24 0.0.0.0 0 32768 i

R0#sho ip bgp neighbors 192.168.10.6 advertised-routes
BGP table version is 4, local router ID is 90.90.90.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.0/24 192.168.10.2 0 0 10 i
*> 90.90.90.0/24 0.0.0.0 0 32768 i

***Sample output when route-map Christopher is NOW applied to both neighbors:

R0#sho ip bgp neigh 192.168.10.2 adv
BGP table version is 4, local router ID is 90.90.90.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 90.90.90.0/24 0.0.0.0 0 32768 i

R0#sho ip bgp neighbors 192.168.10.6 advertised-routes
BGP table version is 4, local router ID is 90.90.90.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 90.90.90.0/24 0.0.0.0 0 32768 i

*** And that is the power of route-map and the AS PATH attribute.

*** Click here to download the final configs of this part

-==End of this Part==-

===================================================================
===================================================================

The "ip as-path" Command: Part 2

I actually had a chance to try the technique above in our actual topology, if you loaded the R0 and R5 configs without the distribute list (please click here to download the initial configurations for R0 and R5) commands (meaning just the neighbor remote-as command and nothing else) this is what you should see:

R6_AS_100#sho ip route bgp --> AS 100 is learning the networks of AS 30 and AS 50
50.0.0.0/24 is subnetted, 2 subnets
B 50.50.11.0 [200/0] via 100.100.12.1, 00:02:30
B 50.50.12.0 [200/0] via 100.100.12.1, 00:02:30
B 200.20.20.0/24 [20/0] via 60.50.10.2, 00:02:48
100.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 100.100.12.0/24 [200/0] via 100.100.12.1, 00:02:48
B 192.168.30.0/24 [200/0] via 100.100.12.1, 00:02:29
B 200.20.50.0/24 [20/0] via 60.50.10.2, 00:02:48
B 192.168.10.0/24 [200/0] via 100.100.12.1, 00:02:29
B 192.168.40.0/24 [200/0] via 100.100.12.1, 00:02:29
B 192.168.20.0/24 [200/0] via 100.100.12.1, 00:02:29
B 200.20.60.0/24 [20/0] via 60.50.10.2, 00:02:48
B 200.20.30.0/24 [20/0] via 60.50.10.2, 00:02:48
B 192.168.50.0/24 [200/0] via 100.100.12.1, 00:02:29
B 200.20.40.0/24 [20/0] via 60.50.10.2, 00:02:48
30.0.0.0/24 is subnetted, 2 subnets
B 30.30.11.0 [20/0] via 60.50.10.2, 00:02:21
B 30.30.12.0 [20/0] via 60.50.10.2, 00:02:21

R2_AS_30#sho ip route bgp --> AS 30 is learning the networks of AS 100
50.0.0.0/24 is subnetted, 2 subnets
B 50.50.11.0 [20/0] via 12.123.50.6, 00:04:44
B 50.50.12.0 [20/0] via 12.123.50.6, 00:05:41
B 200.20.20.0/24 [200/0] via 30.30.11.1, 00:03:04
100.0.0.0/24 is subnetted, 2 subnets
B 100.100.11.0 [200/0] via 30.30.11.1, 00:02:59
B 100.100.12.0 [200/0] via 30.30.11.1, 00:02:59
B 192.168.30.0/24 [20/0] via 12.123.50.6, 00:02:36
B 200.20.50.0/24 [200/0] via 30.30.11.1, 00:02:59
B 192.168.10.0/24 [20/0] via 12.123.50.6, 00:02:36
B 192.168.40.0/24 [20/0] via 12.123.50.6, 00:02:36
B 192.168.20.0/24 [20/0] via 12.123.50.6, 00:02:36
B 200.20.60.0/24 [200/0] via 30.30.11.1, 00:02:59
B 200.20.30.0/24 [200/0] via 30.30.11.1, 00:02:59
B 192.168.50.0/24 [20/0] via 12.123.50.6, 00:02:36
B 200.20.40.0/24 [200/0] via 30.30.11.1, 00:02:59
30.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 30.30.11.0/24 [200/0] via 30.30.11.1, 00:06:00

R4_AS_50#sho ip route bgp --> AS 50 is learning the networks of AS 100
50.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B 50.50.12.0/24 [200/0] via 50.50.12.1, 00:05:23
B 200.20.20.0/24 [200/0] via 50.50.12.1, 00:03:16
100.0.0.0/24 is subnetted, 2 subnets
B 100.100.11.0 [20/0] via 50.50.13.2, 00:02:36
B 100.100.12.0 [20/0] via 50.50.13.2, 00:02:36
B 192.168.30.0/24 [20/0] via 50.50.13.2, 00:03:06
B 200.20.50.0/24 [200/0] via 50.50.12.1, 00:02:46
B 192.168.10.0/24 [20/0] via 50.50.13.2, 00:03:06
B 192.168.40.0/24 [20/0] via 50.50.13.2, 00:03:06
B 192.168.20.0/24 [20/0] via 50.50.13.2, 00:03:06
B 200.20.60.0/24 [200/0] via 50.50.12.1, 00:02:46
B 200.20.30.0/24 [200/0] via 50.50.12.1, 00:02:46
B 192.168.50.0/24 [20/0] via 50.50.13.2, 00:03:06
B 200.20.40.0/24 [200/0] via 50.50.12.1, 00:02:46
30.0.0.0/24 is subnetted, 2 subnets
B 30.30.11.0 [200/0] via 50.50.12.1, 00:05:23
B 30.30.12.0 [200/0] via 50.50.12.1, 00:05:23

R0_AS_200#sho ip bgp neighbors 12.123.50.1 advertised-routes
BGP table version is 17, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.1 0 0 100 ?
*> 100.100.12.0/24 60.50.10.1 0 100 ?
*> 192.168.10.0 60.50.10.1 0 100 192 i
*> 192.168.20.0 60.50.10.1 0 100 192 ?
*> 192.168.30.0 60.50.10.1 0 100 192 ?
*> 192.168.40.0 60.50.10.1 0 100 192 ?
*> 192.168.50.0 60.50.10.1 0 100 192 ?
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

- Prefixes in blue font are learned by R0 from the AS 100

R0_AS_200#sho ip bgp neighbors 60.50.10.1 advertised-routes
BGP table version is 17, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 12.123.50.1 0 0 30 ?
*> 30.30.12.0/24 12.123.50.1 0 30 ?
*> 50.50.11.0/24 12.123.50.1 0 30 50 ?
*> 50.50.12.0/24 12.123.50.1 0 30 50 ?
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

- Prefixes in blue font are learned by R0 from AS 30

*** Noticed that R0 is advertising the routes it learned from AS 100 to AS 30 and the routes it learned from AS 30 are getting advertised out to AS 100, this is a clear indication that R0 is acting as a transit path between AS 30 and AS 100 and we do not want this to happen in real world.

For the case of R5 you should be getting these:

R5_AS_192#sho ip bgp neighbors 50.50.13.1 advertised-routes
BGP table version is 18, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.5 0 100 ?
*> 100.100.12.0/24 60.50.10.5 0 0 100 ?
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?
*> 200.20.20.0 60.50.10.5 0 100 200 i
*> 200.20.30.0 60.50.10.5 0 100 200 ?
*> 200.20.40.0 60.50.10.5 0 100 200 ?
*> 200.20.50.0 60.50.10.5 0 100 200 ?
*> 200.20.60.0 60.50.10.5 0 100 200 ?

- Prefixes in blue font are learned by R5 from AS 100

R5_AS_192#sho ip bgp neighbors 60.50.10.5 advertised-routes
BGP table version is 18, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 50.50.13.1 0 50 30 ?
*> 30.30.12.0/24 50.50.13.1 0 50 30 ?
*> 50.50.11.0/24 50.50.13.1 0 0 50 ?
*> 50.50.12.0/24 50.50.13.1 0 50 ?
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?

- Prefixes on blue font are learned by R5 from AS 50

*** R5 has the same problem with R0.

This problem can be resolved by adding these commands below into the configs of R0 and R5 respectively:

Config add-ons for R0
!
ip as-path access-list 1 permit ^100_
ip as-path access-list 2 permit ^30_
!
access-list 10 permit any
!
route-map FILTER-AS deny 10
match ip address 10
match as-path 1
!
route-map FILTER-AS deny 20
match ip address 10
match as-path 2
!
route-map FILTER-AS permit 30
!
router bgp 200
neighbor 12.123.50.1 route-map FILTER-AS out
neighbor 60.50.10.1 route-map FILTER-AS out
end
!
Config add-ons for R5
!
ip as-path access-list 1 permit ^100_
ip as-path access-list 2 permit ^50_
!
access-list 10 permit any
!
route-map FILTER-AS deny 10
match ip address 10
match as-path 1
!
route-map FILTER-AS deny 20
match ip address 10
match as-path 2
!
route-map FILTER-AS permit 30
!
router bgp 192
neighbor 50.50.13.1 route-map FILTER-AS out
neighbor 60.50.10.5 route-map FILTER-AS out
end
!

*** Once you have loaded these configs your network should now behave in these manner:

R0_AS_200#sho ip bgp neighbors 60.50.10.1 advertised-routes
BGP table version is 17, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

R0_AS_200#sho ip bgp neighbors 12.123.50.1 advertised-routes
BGP table version is 17, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 200.20.20.0 0.0.0.0 0 32768 i
*> 200.20.30.0 0.0.0.0 0 32768 ?
*> 200.20.40.0 0.0.0.0 0 32768 ?
*> 200.20.50.0 0.0.0.0 0 32768 ?
*> 200.20.60.0 0.0.0.0 0 32768 ?

R5_AS_192#sho ip bgp neighbors 60.50.10.5 advertised-routes
BGP table version is 18, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?

R5_AS_192#sho ip bgp neighbors 50.50.13.1 advertised-routes
BGP table version is 18, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 0.0.0.0 0 32768 ?
*> 192.168.30.0 0.0.0.0 0 32768 ?
*> 192.168.40.0 0.0.0.0 0 32768 ?
*> 192.168.50.0 0.0.0.0 0 32768 ?

*** R0 and R5 advertisements to their respective neighbors are now a lot cleaner and a lot desirable.

R6_AS_100#sho ip route bgp
B 200.20.20.0/24 [20/0] via 60.50.10.2, 00:09:44
100.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 100.100.12.0/24 [200/0] via 100.100.12.1, 00:09:44
B 192.168.30.0/24 [200/0] via 100.100.12.1, 00:09:25
B 200.20.50.0/24 [20/0] via 60.50.10.2, 00:09:44
B 192.168.10.0/24 [200/0] via 100.100.12.1, 00:09:25
B 192.168.40.0/24 [200/0] via 100.100.12.1, 00:09:25
B 192.168.20.0/24 [200/0] via 100.100.12.1, 00:09:25
B 200.20.60.0/24 [20/0] via 60.50.10.2, 00:09:44
B 200.20.30.0/24 [20/0] via 60.50.10.2, 00:09:44
B 192.168.50.0/24 [200/0] via 100.100.12.1, 00:09:25
B 200.20.40.0/24 [20/0] via 60.50.10.2, 00:09:44

R2_AS_30#sho ip route bgp
50.0.0.0/24 is subnetted, 2 subnets
B 50.50.11.0 [20/0] via 12.123.50.6, 00:11:47
B 50.50.12.0 [20/0] via 12.123.50.6, 00:12:43
B 200.20.20.0/24 [200/0] via 30.30.11.1, 00:10:06
B 192.168.30.0/24 [20/0] via 12.123.50.6, 00:09:39
B 200.20.50.0/24 [200/0] via 30.30.11.1, 00:10:01
B 192.168.10.0/24 [20/0] via 12.123.50.6, 00:09:39
B 192.168.40.0/24 [20/0] via 12.123.50.6, 00:09:39
B 192.168.20.0/24 [20/0] via 12.123.50.6, 00:09:39
B 200.20.60.0/24 [200/0] via 30.30.11.1, 00:10:01
B 200.20.30.0/24 [200/0] via 30.30.11.1, 00:10:01
B 192.168.50.0/24 [20/0] via 12.123.50.6, 00:09:39
B 200.20.40.0/24 [200/0] via 30.30.11.1, 00:10:01
30.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 30.30.11.0/24 [200/0] via 30.30.11.1, 00:13:02

R4_AS_50#sho ip route bgp
50.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B 50.50.12.0/24 [200/0] via 50.50.12.1, 00:12:34
B 200.20.20.0/24 [200/0] via 50.50.12.1, 00:10:27
B 192.168.30.0/24 [20/0] via 50.50.13.2, 00:10:17
B 200.20.50.0/24 [200/0] via 50.50.12.1, 00:09:57
B 192.168.10.0/24 [20/0] via 50.50.13.2, 00:10:17
B 192.168.40.0/24 [20/0] via 50.50.13.2, 00:10:17
B 192.168.20.0/24 [20/0] via 50.50.13.2, 00:10:17
B 200.20.60.0/24 [200/0] via 50.50.12.1, 00:09:57
B 200.20.30.0/24 [200/0] via 50.50.12.1, 00:09:57
B 192.168.50.0/24 [20/0] via 50.50.13.2, 00:10:17
B 200.20.40.0/24 [200/0] via 50.50.12.1, 00:09:57
30.0.0.0/24 is subnetted, 2 subnets
B 30.30.11.0 [200/0] via 50.50.12.1, 00:12:34
B 30.30.12.0 [200/0] via 50.50.12.1, 00:12:34

*** We can now see the neither R0 and R5 are acting as a transit path between the ASes 100, 30 and 50.

*** Click here to download the final configs of this part

-==End of this Part==-

===================================================================
===================================================================

The "as-path prepend" Command

Today I'll be demonstrating the real power of the AS Path attribute, we will try to influence R5 path going to R0 (to network 200.20.x.x). Originally R5 is using the path via the AS 100 (please see the post “Verification and Testing of Configurations”). You can get the initial configuration on R0 for this part of the post.

R5_AS_192#traceroute ip

Target IP address: 200.20.20.1
Source address: 192.168.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 200.20.20.1

1 60.50.10.5 116 msec 72 msec 120 msec --> ISP AS 100
2 100.100.10.1 240 msec 408 msec 216 msec
3 60.50.10.2 288 msec * 288 msec

With the proper modification on R0 configuration, R5 will choose the other path (via AS 50) going to R0 by making the path via AS 100 appear longer compared to AS 50. To make this possible I made these following changes in R0 configuration:
!
router bgp 200
no neighbor 12.123.50.1 route-map FILTER-AS out
no neighbor 60.50.10.1 route-map FILTER-AS out
!
no route-map FILTER-AS deny 10
no route-map FILTER-AS deny 20
no route-map FILTER-AS permit 30
!
route-map FILTER-AS-100 deny 10
match ip address 10
match as-path 1
!
route-map FILTER-AS-100 permit 20
!
route-map FILTER-AS-30 deny 10
match ip address 10
match as-path 2
!
route-map FILTER-AS-30 permit 20
set as-path prepend 199 198 197
!
router bgp 200
neighbor 12.123.50.1 route-map FILTER-AS-100 out
neighbor 60.50.10.1 route-map FILTER-AS-30 out
!

With the “route-map FILTER-AS-30 permit 20”, R0 will tell its neighbor only to R6, that the path to get to the 200.20.x.x network is through AS 200, then to AS 199, then to AS 198 and lastly to AS 197. And this information will propagate until it gets to R5, and R5 will see the AS path to be 100, 200, 199, 198 and then to 197.

Now R5 is also getting advertisement of the same network 200.20.x.x from R4 (AS 50) and that the AS path is 50, 30, 200 which is obviously shorter compared to the advertisement from R7 (AS 100), and now R5 will make a decision and choose the path through R4 (AS 50).

Please see the router output below to prove this theory is correct and please remember that at this point I have made the modifications on R0, and only to R0:

R6_AS_100#sho ip bgp neighbors 60.50.10.2 routes
BGP table version is 36, local router ID is 100.100.11.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 200.20.20.0 60.50.10.2 0 0 200 199 198 197 i
*> 200.20.30.0 60.50.10.2 0 0 200 199 198 197 ?
*> 200.20.40.0 60.50.10.2 0 0 200 199 198 197 ?
*> 200.20.50.0 60.50.10.2 0 0 200 199 198 197 ?
*> 200.20.60.0 60.50.10.2 0 0 200 199 198 197 ?

Total number of prefixes 5

*** Notice the AS path, R0 was successful in letting R6 know that in order to get to 200.20.x.x he needs to pass through as 200, 199, 198, and lastly to 197.

R5_AS_192#sho ip bgp neighbors 60.50.10.5 routes
BGP table version is 37, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.5 0 100 ?
*> 100.100.12.0/24 60.50.10.5 0 0 100 ?
* 200.20.20.0 60.50.10.5 0 100 200 199 198 197 i
* 200.20.30.0 60.50.10.5 0 100 200 199 198 197 ?
* 200.20.40.0 60.50.10.5 0 100 200 199 198 197 ?
* 200.20.50.0 60.50.10.5 0 100 200 199 198 197 ?
* 200.20.60.0 60.50.10.5 0 100 200 199 198 197 ?

Total number of prefixes 7

*** R5 has appended the AS 100 with the original advertisement of R0 and so R5 will see the path to be AS 100, 200, 199, 198, and to 197 to get to the network 200.20.x.x, but also notice that R5 did not put these information to its routing table (notice the absence of the “greater than” sign) because the path appears longer compared to the advertisement of R4 (AS 50) to R5.

R5_AS_192#sho ip bgp neighbors 50.50.13.1 routes
BGP table version is 37, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 50.50.13.1 0 50 30 ?
*> 30.30.12.0/24 50.50.13.1 0 50 30 ?
*> 50.50.11.0/24 50.50.13.1 0 0 50 ?
*> 50.50.12.0/24 50.50.13.1 0 50 ?
*> 200.20.20.0 50.50.13.1 0 50 30 200 i
*> 200.20.30.0 50.50.13.1 0 50 30 200 ?
*> 200.20.40.0 50.50.13.1 0 50 30 200 ?
*> 200.20.50.0 50.50.13.1 0 50 30 200 ?
*> 200.20.60.0 50.50.13.1 0 50 30 200 ?

Total number of prefixes 9

*** Now R5 is seeing another path to the network 200.20.x.x via R4 (AS 50) and because this appears shorter, R5 made a decision to choose this path instead of the other even though in reality AS 100 has the shorter path.


*** And for the ultimate test, the traceroute:

R5_AS_192#traceroute ip

Target IP address: 200.20.20.1
Source address: 192.168.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 200.20.20.1

1 50.50.13.1 116 msec 24 msec 132 msec --> ISP AS 50
2 50.50.10.1 228 msec 240 msec 264 msec
3 12.123.50.5 312 msec 272 msec 352 msec
4 30.30.10.1 456 msec 528 msec 576 msec
5 12.123.50.2 480 msec * 648 msec
R5_AS_192#

*** Get R0 final configuration

-==End of this Part==-

===================================================================
===================================================================

The "local-preference" Command

There is another way of influencing the traffic and that is called the Local Preference. With this attribute we can tell the "Local" router to choose one path over the other, the higher the value the more it will be chosen as the primary path.

Note: In this part we will use our topology and please click here to see the initial configs of R0 and R5

With the initial configs, R0 will choose to pass through AS 100 to get to the 192.168.x.x network.

R0_AS_200#traceroute ip

Target IP address: 192.168.10.1
Source address: 200.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.10.1

1 60.50.10.1 116 msec 72 msec 120 msec --> AS 100
2 100.100.10.2 432 msec 408 msec 264 msec
3 60.50.10.6 504 msec * 384 msec
R0_AS_200#

The same goes for R5, it will choose the path via the AS 100.

R5_AS_192#traceroute ip

Target IP address: 200.20.20.1
Source address: 192.168.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 200.20.20.1

1 60.50.10.5 44 msec 120 msec 72 msec --> AS 100
2 100.100.10.1 240 msec 264 msec 264 msec
3 60.50.10.2 480 msec 432 msec *
R5_AS_192#


Now, we can make R0 and R5 to choose the path via AS 30 and AS 50 respectively by properly configuring the neighbor statements on both of these routers.

Here are the changes needed to make this working.

Config update for R0 router
!
router bgp 200
neighbor 12.123.50.1 route-map PRIMARY in
neighbor 60.50.10.1 route-map SECONDARY in
!
route-map PRIMARY permit 10
set local-preference 200
!
route-map SECONDARY permit 10
set local-preference 50
!


We set the local preference of the routes that came from AS 30 to a value of 200 and the routes that came from AS 100 to a value of 50, and because of this R0 will choose the routes from AS 30.

R0_AS_200#sho ip bgp neighbors 12.123.50.1 routes
BGP table version is 38, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 12.123.50.1 0 200 0 30 ?
*> 30.30.12.0/24 12.123.50.1 200 0 30 ?
*> 50.50.11.0/24 12.123.50.1 200 0 30 50 ?
*> 50.50.12.0/24 12.123.50.1 200 0 30 50 ?
*> 192.168.10.0 12.123.50.1 200 0 30 50 192i
*> 192.168.20.0 12.123.50.1 200 0 30 50 192?
*> 192.168.30.0 12.123.50.1 200 0 30 50 192?
*> 192.168.40.0 12.123.50.1 200 0 30 50 192?
*> 192.168.50.0 12.123.50.1 200 0 30 50 192?

Total number of prefixes 9

R0_AS_200#sho ip bgp neighbors 60.50.10.1 routes
BGP table version is 38, local router ID is 200.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.1 0 50 0 100 ?
*> 100.100.12.0/24 60.50.10.1 50 0 100 ?
* 192.168.10.0 60.50.10.1 50 0 100 192 i
* 192.168.20.0 60.50.10.1 50 0 100 192 ?
* 192.168.30.0 60.50.10.1 50 0 100 192 ?
* 192.168.40.0 60.50.10.1 50 0 100 192 ?
* 192.168.50.0 60.50.10.1 50 0 100 192 ?

Total number of prefixes 7

R0_AS_200#traceroute ip

Target IP address: 192.168.10.1
Source address: 200.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.10.1

1 12.123.50.1 44 msec 116 msec 96 msec --> AS 30
2 30.30.10.2 312 msec 288 msec 216 msec
3 12.123.50.6 456 msec 408 msec 312 msec
4 50.50.10.2 648 msec 480 msec 624 msec
5 50.50.13.2 624 msec 456 msec *
R0_AS_200#

Now, the config update for R5
!
router bgp 192
neighbor 50.50.13.1 route-map PRIMARY in
neighbor 60.50.10.5 route-map SECONDARY in
!
route-map PRIMARY permit 10
set local-preference 200
!
route-map SECONDARY permit 10
set local-preference 50
!
And the results are:

R5_AS_192#sho ip bgp neighbors 50.50.13.1 routes
BGP table version is 29, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 30.30.11.0/24 50.50.13.1 200 0 50 30 ?
*> 30.30.12.0/24 50.50.13.1 200 0 50 30 ?
*> 50.50.11.0/24 50.50.13.1 0 200 0 50 ?
*> 50.50.12.0/24 50.50.13.1 200 0 50 ?
*> 200.20.20.0 50.50.13.1 200 0 50 30 200i
*> 200.20.30.0 50.50.13.1 200 0 50 30 200?
*> 200.20.40.0 50.50.13.1 200 0 50 30 200?
*> 200.20.50.0 50.50.13.1 200 0 50 30 200?
*> 200.20.60.0 50.50.13.1 200 0 50 30 200?

Total number of prefixes 9

R5_AS_192#sho ip bgp neighbors 60.50.10.5 routes
BGP table version is 29, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.100.11.0/24 60.50.10.5 50 0 100 ?
*> 100.100.12.0/24 60.50.10.5 0 50 0 100 ?
* 200.20.20.0 60.50.10.5 50 0 100 200 i
* 200.20.30.0 60.50.10.5 50 0 100 200 ?
* 200.20.40.0 60.50.10.5 50 0 100 200 ?
* 200.20.50.0 60.50.10.5 50 0 100 200 ?
* 200.20.60.0 60.50.10.5 50 0 100 200 ?

Total number of prefixes 7


R5_AS_192#traceroute ip

Target IP address: 200.20.20.1
Source address: 192.168.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 200.20.20.1

1 50.50.13.1 80 msec 120 msec 48 msec --> AS 50
2 50.50.10.1 288 msec 432 msec 192 msec
3 12.123.50.5 360 msec 264 msec 432 msec
4 30.30.10.1 528 msec 552 msec 480 msec
5 12.123.50.2 660 msec 672 msec 636 msec
R5_AS_192#

Click here to get the final configs
Posted by Chris Mendoza at 7:13 PM 1 comments
Subscribe to: Posts (Atom)
Custom Search