1 | % Network Design Workshop |
---|
2 | % Basic BGP Lab |
---|
3 | |
---|
4 |  |
---|
5 | |
---|
6 | \pagebreak |
---|
7 | |
---|
8 | # Introduction |
---|
9 | |
---|
10 | The purpose of this exercise is to: |
---|
11 | |
---|
12 | * Understand the routing implications of |
---|
13 | connecting to multiple external domains |
---|
14 | * Learn to configure basic eBGP to exchange routing |
---|
15 | information with multiple external peers and iBGP |
---|
16 | to carry that information inside your network. |
---|
17 | |
---|
18 | # Pre-requisites |
---|
19 | |
---|
20 | This exercise builds upon the configurations implemented in |
---|
21 | the OSPF + Static routing lab. You must be able to: |
---|
22 | |
---|
23 | * Ping your neighbor router in the same AS using its |
---|
24 | loopback address (both IPv4 and IPv6!). |
---|
25 | * Ping your neighbor routers in other ASs using their |
---|
26 | point-to-point link addresses. |
---|
27 | |
---|
28 | *Note: Actually, if everyone configured their OSPF and static |
---|
29 | routes properly in the previous exercise, you should be able |
---|
30 | to ping every other router using their loopback address.* |
---|
31 | |
---|
32 | # Address Space Allocation |
---|
33 | |
---|
34 | ## Regional REN (RREN) |
---|
35 | |
---|
36 | We only need one: |
---|
37 | |
---|
38 | RREN IPv4 IPv6 ASN |
---|
39 | ----- ------------ ------------- ------- |
---|
40 | 1 10.100.0.0/16 fd00:100::/32 100 |
---|
41 | |
---|
42 | ## National RENs (NRENs) |
---|
43 | |
---|
44 | NREN IPv4 IPv6 ASN |
---|
45 | ----- ------------ ------------- ------- |
---|
46 | 1 10.101.0.0/16 fd00:101::/32 101 |
---|
47 | 2 10.102.0.0/16 fd00:102::/32 102 |
---|
48 | |
---|
49 | ... and so on. |
---|
50 | |
---|
51 | # iBGP Configuration |
---|
52 | |
---|
53 | ## Enable the BGP process |
---|
54 | |
---|
55 | Before we set up iBGP, we need to do some basic preparation |
---|
56 | on the router. The IOS defaults are not optimized, so before |
---|
57 | we bring up BGP sessions, we should set the parameters that we |
---|
58 | require. |
---|
59 | |
---|
60 | The default distance for eBGP is 20, the default distance for iBGP |
---|
61 | is 200, and the default distance for OSPF is 110. This means that |
---|
62 | there is a potential for a prefix learned by eBGP to override the |
---|
63 | identical prefix carried by OSPF. To protect against accidents, the |
---|
64 | eBGP distance is set to 200 also. |
---|
65 | |
---|
66 | The command to do this is the *distance bgp* subcommand: |
---|
67 | |
---|
68 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
69 | distance bgp <external-routes> <internal-routes> <local-routes> |
---|
70 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
71 | |
---|
72 | We also want to: |
---|
73 | |
---|
74 | * Enable logging of BGP neighbor state changes |
---|
75 | * Disable the requirement that a route must be present in the IGP |
---|
76 | table before it can be advertised by BGP (synchronization). |
---|
77 | * Disable auto-summarization of routes to classful network boundaries |
---|
78 | * Disable the automatic exchange of IPv4 unicast routes on every |
---|
79 | peering session. |
---|
80 | |
---|
81 | This must be done in all future BGP configurations of this workshop: |
---|
82 | |
---|
83 | On both R11 and R12: |
---|
84 | |
---|
85 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
86 | router bgp 10 |
---|
87 | distance bgp 200 200 200 |
---|
88 | bgp log-neighbor-changes |
---|
89 | no synchronization |
---|
90 | no auto-summary |
---|
91 | no bgp default ipv4-unicast |
---|
92 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
93 | |
---|
94 | |
---|
95 | ## Configure iBGP neighbors |
---|
96 | |
---|
97 | Again, make sure that you can ping the other router |
---|
98 | using its loopback address, otherwise the BGP session |
---|
99 | will not come up! |
---|
100 | |
---|
101 | On R11: |
---|
102 | |
---|
103 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
104 | router bgp 10 |
---|
105 | address-family ipv4 |
---|
106 | neighbor 10.10.255.2 remote-as 10 |
---|
107 | neighbor 10.10.255.2 update-source loopback 0 |
---|
108 | neighbor 10.10.255.2 description iBGP to R12 |
---|
109 | neighbor 10.10.255.2 password NSRC |
---|
110 | neighbor 10.10.255.2 next-hop-self |
---|
111 | address-family ipv6 |
---|
112 | neighbor fd00:10:ff::2 remote-as 10 |
---|
113 | neighbor fd00:10:ff::2 update-source loopback 0 |
---|
114 | neighbor fd00:10:ff::2 description iBGP to R12 |
---|
115 | neighbor fd00:10:ff::2 password NSRC |
---|
116 | neighbor fd00:10:ff::2 next-hop-self |
---|
117 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
118 | |
---|
119 | On R12: |
---|
120 | |
---|
121 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
122 | router bgp 10 |
---|
123 | address-family ipv4 |
---|
124 | neighbor 10.10.255.1 remote-as 10 |
---|
125 | neighbor 10.10.255.1 update-source loopback 0 |
---|
126 | neighbor 10.10.255.1 description iBGP to R11 |
---|
127 | neighbor 10.10.255.1 password NSRC |
---|
128 | neighbor 10.10.255.1 next-hop-self |
---|
129 | address-family ipv6 |
---|
130 | neighbor fd00:10:ff::1 remote-as 10 |
---|
131 | neighbor fd00:10:ff::1 update-source loopback 0 |
---|
132 | neighbor fd00:10:ff::1 description iBGP to R11 |
---|
133 | neighbor fd00:10:ff::1 password NSRC |
---|
134 | neighbor fd00:10:ff::1 next-hop-self |
---|
135 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
136 | |
---|
137 | |
---|
138 | Check that the BGP sessions are up on both sides. |
---|
139 | |
---|
140 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
141 | show ip bgp summary |
---|
142 | show bgp ipv6 unicast summary |
---|
143 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
144 | |
---|
145 | ## Advertise end-user prefixes |
---|
146 | |
---|
147 | 1. Divide your end-user address space in two |
---|
148 | halves and announce each half separately. |
---|
149 | Refer to the address space allocation table |
---|
150 | in the previous exercise. |
---|
151 | |
---|
152 | On R11: |
---|
153 | |
---|
154 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
155 | router bgp 10 |
---|
156 | address-family ipv4 |
---|
157 | network 10.10.0.0 mask 255.255.192.0 |
---|
158 | address-family ipv6 |
---|
159 | network fd00:10::/41 |
---|
160 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
161 | |
---|
162 | On R12: |
---|
163 | |
---|
164 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
165 | router bgp 10 |
---|
166 | address-family ipv4 |
---|
167 | network 10.10.64.0 mask 255.255.192.0 |
---|
168 | address-family ipv6 |
---|
169 | network fd00:10:80::/41 |
---|
170 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
171 | |
---|
172 | Get the list of learned paths: |
---|
173 | |
---|
174 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
175 | show ip bgp |
---|
176 | show bgp ipv6 unicast |
---|
177 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
178 | |
---|
179 | Do you see any paths? Why not? |
---|
180 | |
---|
181 | 2. Create a static route for the prefix being |
---|
182 | announced on each router: |
---|
183 | |
---|
184 | On R11: |
---|
185 | |
---|
186 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
187 | ip route 10.10.0.0 255.255.192.0 null0 |
---|
188 | ipv6 route fd00:10::/41 null0 |
---|
189 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
190 | |
---|
191 | On R12: |
---|
192 | |
---|
193 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
194 | ip route 10.10.64.0 255.255.192.0 null0 |
---|
195 | ipv6 route fd00:10:80::/41 null0 |
---|
196 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
197 | |
---|
198 | Get the list of learned paths again. You should see |
---|
199 | both your prefix and the neighbor's. |
---|
200 | |
---|
201 | # Multihoming - eBGP Configuration |
---|
202 | |
---|
203 | ## Connect to the NREN |
---|
204 | |
---|
205 | 1. Configure your RX1 router to connect to the NREN |
---|
206 | with a a point-to-point link. |
---|
207 | |
---|
208 | NRENs: Use configuration in Appendix. |
---|
209 | |
---|
210 | On R11: |
---|
211 | |
---|
212 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
213 | interface GigabitEthernet1/0 |
---|
214 | description P2P Link to NREN1 |
---|
215 | ip address 10.101.254.2 255.255.255.252 |
---|
216 | ipv6 address fd00:101:fe::1/127 |
---|
217 | no shutdown |
---|
218 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
219 | |
---|
220 | Make sure that it's up and that you can ping the other |
---|
221 | side: |
---|
222 | |
---|
223 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
224 | ping 10.101.254.1 |
---|
225 | ping fd00:101:fe::0 |
---|
226 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
227 | |
---|
228 | Do some traceroutes to other networks again: |
---|
229 | |
---|
230 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
231 | R11# traceroute 10.20.255.1 |
---|
232 | R11# traceroute 10.30.255.1 |
---|
233 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
234 | |
---|
235 | Has anything changed since the last exercise? |
---|
236 | |
---|
237 | Notice that before we had only one connection to |
---|
238 | the Internet - via the ISP. Now we have two. |
---|
239 | But we are still using a default route pointing |
---|
240 | to the ISP only! |
---|
241 | |
---|
242 | We could add another default route pointing to the |
---|
243 | NREN, but that would not give us much flexibility |
---|
244 | in terms of traffic policies. Keep going. |
---|
245 | |
---|
246 | ## BGP-peer with the NREN and the ISP |
---|
247 | |
---|
248 | 1. Configure eBGP sessions to the ISP and the NREN |
---|
249 | |
---|
250 | On R11: |
---|
251 | |
---|
252 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
253 | router bgp 10 |
---|
254 | address-family ipv4 |
---|
255 | neighbor 10.101.254.1 remote-as 101 |
---|
256 | neighbor 10.101.254.1 description eBGP to NREN1 |
---|
257 | neighbor 10.101.254.1 password NSRC |
---|
258 | address-family ipv6 |
---|
259 | neighbor fd00:101:fe:: remote-as 101 |
---|
260 | neighbor fd00:101:fe:: description eBGP to NREN1 |
---|
261 | neighbor fd00:101:fe:: password NSRC |
---|
262 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
263 | |
---|
264 | **Did you notice that with eBGP we no longer use the |
---|
265 | loopback address as the endpoint of the BGP session, |
---|
266 | as we did with iBGP?** |
---|
267 | |
---|
268 | On R12: |
---|
269 | |
---|
270 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
271 | router bgp 10 |
---|
272 | address-family ipv4 |
---|
273 | neighbor 10.201.254.1 remote-as 201 |
---|
274 | neighbor 10.201.254.1 description eBGP to ISP1 |
---|
275 | neighbor 10.201.254.1 password NSRC |
---|
276 | address-family ipv6 |
---|
277 | neighbor fd00:201:fe:: remote-as 201 |
---|
278 | neighbor fd00:201:fe:: description eBGP to ISP1 |
---|
279 | neighbor fd00:201:fe:: password NSRC |
---|
280 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
281 | |
---|
282 | Check that the BGP sessions are up on both routers: |
---|
283 | |
---|
284 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
285 | show ip bgp summary |
---|
286 | show bgp ipv6 unicast summary |
---|
287 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
288 | |
---|
289 | Verify what you are advertising to the NREN: |
---|
290 | |
---|
291 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
292 | R11# show ip bgp nei 10.101.254.1 advertised-routes |
---|
293 | R11# sh bgp ipv6 uni neigh fd00:101:fe:: advertised |
---|
294 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
295 | |
---|
296 | ... and to the ISP: |
---|
297 | |
---|
298 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
299 | R12# show ip bgp neighbor 10.201.254.1 advertised-routes |
---|
300 | R12# sh bgp ipv6 uni neigh fd00:201:fe:: advertised |
---|
301 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
302 | |
---|
303 | Are you perhaps announcing other prefixes that don't |
---|
304 | originate in your AS? If so, can you remember what |
---|
305 | serious negative implications this could have? |
---|
306 | Ask the instructor if you need clarification. |
---|
307 | |
---|
308 | ## Filter what you send and receive |
---|
309 | |
---|
310 | 1. Create prefix lists for your inbound/outbound |
---|
311 | filters. |
---|
312 | |
---|
313 | On R11: |
---|
314 | |
---|
315 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
316 | ip prefix-list out-peer permit 10.10.0.0/16 le 32 |
---|
317 | ip prefix-list nren-in-peer deny 10.10.0.0/16 le 32 |
---|
318 | ip prefix-list nren-in-peer permit 0.0.0.0/0 le 32 |
---|
319 | ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128 |
---|
320 | ipv6 prefix-list ipv6-nren-in-peer deny fd00:10::/32 le 128 |
---|
321 | ipv6 prefix-list ipv6-nren-in-peer permit ::/0 le 128 |
---|
322 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
323 | |
---|
324 | On R12: |
---|
325 | |
---|
326 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
327 | ip prefix-list out-peer permit 10.10.0.0/16 le 32 |
---|
328 | ip prefix-list isp-in-peer deny 10.10.0.0/16 le 32 |
---|
329 | ip prefix-list isp-in-peer permit 0.0.0.0/0 le 32 |
---|
330 | ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128 |
---|
331 | ipv6 prefix-list ipv6-isp-in-peer deny fd00:10::/32 le 128 |
---|
332 | ipv6 prefix-list ipv6-isp-in-peer permit ::/0 le 128 |
---|
333 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
334 | |
---|
335 | 2. Now create inbound/outbound filters using those |
---|
336 | prefix lists |
---|
337 | |
---|
338 | R11: |
---|
339 | |
---|
340 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
341 | router bgp 10 |
---|
342 | address-family ipv4 |
---|
343 | neighbor 10.101.254.1 prefix-list nren-in-peer in |
---|
344 | neighbor 10.101.254.1 prefix-list out-peer out |
---|
345 | address-family ipv6 |
---|
346 | neighbor fd00:101:fe:: prefix-list ipv6-nren-in-peer in |
---|
347 | neighbor fd00:101:fe:: prefix-list ipv6-out-peer out |
---|
348 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
349 | |
---|
350 | R12: |
---|
351 | |
---|
352 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
353 | router bgp 10 |
---|
354 | address-family ipv4 |
---|
355 | neighbor 10.201.254.1 prefix-list isp-in-peer in |
---|
356 | neighbor 10.201.254.1 prefix-list out-peer out |
---|
357 | address-family ipv6 |
---|
358 | neighbor fd00:201:fe:: prefix-list ipv6-isp-in-peer in |
---|
359 | neighbor fd00:201:fe:: prefix-list ipv6-out-peer out |
---|
360 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
361 | |
---|
362 | Use the *BGP refresh* capability to resend the |
---|
363 | information to the peer: |
---|
364 | |
---|
365 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
366 | R11#clear ip bgp 10.101.254.1 out |
---|
367 | R11#clear bgp ipv6 unicast fd00:101:fe:: out |
---|
368 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
369 | |
---|
370 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
371 | R12#clear ip bgp 10.201.254.1 out |
---|
372 | R12#clear bgp ipv6 unicast fd00:201:fe:: out |
---|
373 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
374 | |
---|
375 | You should now be advertising only both halves of your |
---|
376 | end-user address space. Check with the ISP and |
---|
377 | NREN administrators to make sure that they are |
---|
378 | receiving both routes from you. |
---|
379 | |
---|
380 | *Note: This is a form of load-balancing for |
---|
381 | traffic coming into your AS.* |
---|
382 | |
---|
383 | But wait... that's not your whole address space! |
---|
384 | |
---|
385 | ## Announce your whole address space |
---|
386 | |
---|
387 | On R11 and R12: |
---|
388 | |
---|
389 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
390 | router bgp 10 |
---|
391 | address-family ipv4 |
---|
392 | aggregate-address 10.10.0.0 255.255.0.0 |
---|
393 | address-family ipv6 |
---|
394 | aggregate-address fd00:10::/32 |
---|
395 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
396 | |
---|
397 | Verify again what you are advertising from R11 |
---|
398 | and R12. You should now be announcing three blocks, |
---|
399 | the two halves of your end-user block, and your |
---|
400 | whole address space. |
---|
401 | |
---|
402 | Confirm with the ISP and NREN administrators that |
---|
403 | they are indeed receiving those routes from you. |
---|
404 | |
---|
405 | Announcing your smaller blocks in addition to your |
---|
406 | whole block is a valid configuration. However, it |
---|
407 | has an impact: it increases the size of the global BGP |
---|
408 | routing table, causing more load on Internet backbone |
---|
409 | routers. |
---|
410 | |
---|
411 | Let's assume, just for the sake of this exercise, |
---|
412 | that we don't really need to load-balance our incoming |
---|
413 | traffic like that. |
---|
414 | |
---|
415 | 6. Announce only a summary aggregate |
---|
416 | |
---|
417 | On R11 and R12: |
---|
418 | |
---|
419 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
420 | router bgp 10 |
---|
421 | address-family ipv4 |
---|
422 | aggregate-address 10.10.0.0 255.255.0.0 summary-only |
---|
423 | address-family ipv6 |
---|
424 | aggregate-address fd00:10::/32 summary-only |
---|
425 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
426 | |
---|
427 | Resend the information to the peer: |
---|
428 | |
---|
429 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
430 | R11#clear ip bgp 10.101.254.1 out |
---|
431 | R11#clear bgp ipv6 unicast FD00:101:FE:: out |
---|
432 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
433 | |
---|
434 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
435 | R12#clear ip bgp 10.201.254.1 out |
---|
436 | R12#clear bgp ipv6 unicast FD00:201:FE:: out |
---|
437 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
438 | |
---|
439 | Check again what you are advertising, and confirm |
---|
440 | with your peers. |
---|
441 | |
---|
442 | ### Remove static routes |
---|
443 | |
---|
444 | 1. The ISPs remove their static routes towards |
---|
445 | their customers. |
---|
446 | |
---|
447 | Now your ISP has learned a route to reach your |
---|
448 | network, correct? The ISPs can now safely remove |
---|
449 | the static routes pointing to you and the other |
---|
450 | customers: |
---|
451 | |
---|
452 | ISP1: |
---|
453 | |
---|
454 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
455 | no ip route 10.10.0.0 255.255.0.0 10.201.254.2 |
---|
456 | no ip route 10.20.0.0 255.255.0.0 10.201.254.6 |
---|
457 | no ip route 10.30.0.0 255.255.0.0 10.201.254.10 |
---|
458 | ! |
---|
459 | no ipv6 route fd00:10::/32 fd00:201:fe::1 |
---|
460 | no ipv6 route fd00:20::/32 fd00:201:fe::3 |
---|
461 | no ipv6 route fd00:30::/32 fd00:201:fe::5 |
---|
462 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
463 | |
---|
464 | ISP2: |
---|
465 | |
---|
466 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
467 | no ip route 10.40.0.0 255.255.0.0 10.202.254.2 |
---|
468 | no ip route 10.50.0.0 255.255.0.0 10.202.254.6 |
---|
469 | no ip route 10.60.0.0 255.255.0.0 10.202.254.10 |
---|
470 | ! |
---|
471 | no ipv6 route fd00:40::/32 fd00:202:fe::1 |
---|
472 | no ipv6 route fd00:50::/32 fd00:202:fe::3 |
---|
473 | no ipv6 route fd00:60::/32 fd00:202:fe::5 |
---|
474 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
475 | |
---|
476 | 2. Remove your static default routes |
---|
477 | |
---|
478 | In the previous exercise, we created default |
---|
479 | routes on both routers. But thanks to BGP, we |
---|
480 | should now be receiving routes from our NREN and |
---|
481 | our ISP. |
---|
482 | |
---|
483 | Let's check first (do this on both routers): |
---|
484 | |
---|
485 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
486 | show ip bgp |
---|
487 | show bgp ipv6 unicast |
---|
488 | show ip route |
---|
489 | show ipv6 route |
---|
490 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
491 | |
---|
492 | You should be learning routes advertised by other |
---|
493 | groups, and also from the NRENs and the ISPs. |
---|
494 | |
---|
495 | Remove your static default routes: |
---|
496 | |
---|
497 | R11: |
---|
498 | |
---|
499 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
500 | no ip route 0.0.0.0 0.0.0.0 10.10.254.2 |
---|
501 | no ipv6 route ::/0 fd00:10:fe::1 |
---|
502 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
503 | |
---|
504 | R12: |
---|
505 | |
---|
506 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
507 | no ip route 0.0.0.0 0.0.0.0 10.201.254.1 |
---|
508 | no ipv6 route ::/0 fd00:201:fe:: |
---|
509 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
510 | |
---|
511 | You should be able to ping any other router now. |
---|
512 | If you can't, wait for other groups to finish, |
---|
513 | or ask the instructors. |
---|
514 | |
---|
515 | Use traceroute to verify the paths that packets |
---|
516 | are following towards various destinations: |
---|
517 | |
---|
518 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
519 | R11# traceroute 10.100.255.1 |
---|
520 | R11# traceroute 10.30.255.2 |
---|
521 | ... |
---|
522 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
523 | |
---|
524 | Repeat the same tests from the other router in |
---|
525 | your AS and compare. Use the diagram to help you |
---|
526 | visualize it. |
---|
527 | |
---|
528 | # Traffic Exchange (Peering) |
---|
529 | |
---|
530 | Direct traffic exchanges are usually established at no |
---|
531 | charge between two autonomous systems that want to save |
---|
532 | costs. The savings are achieved by not having to carry |
---|
533 | that traffic over expensive transit links via commercial |
---|
534 | providers. Also, these direct exchanges have the added |
---|
535 | benefit of reducing latency because there are fewer hops. |
---|
536 | |
---|
537 | Usually traffic exchanges occur at public exchange points, |
---|
538 | also known as IXPs. The simplest kind of exchange point is |
---|
539 | a Layer-2 switch. In this exercise, we will simply configure |
---|
540 | direct links between routers, which is basically the same |
---|
541 | thing as connecting through a switch. |
---|
542 | |
---|
543 |  |
---|
544 | |
---|
545 | ## Connect to your neighbor AS |
---|
546 | |
---|
547 | 1. Configure a point to point link to your neighbor AS |
---|
548 | as shown in the diagram. You will have to agree with |
---|
549 | your peer on which address space to use. Make sure to |
---|
550 | pick a point-to-point subnet that is not already used! |
---|
551 | |
---|
552 | The instructor will draw a map of the network at the front |
---|
553 | of the class and will ask you to document the subnet |
---|
554 | that was used for the peering session, so everybody can |
---|
555 | use that information when troubleshooting. |
---|
556 | |
---|
557 | For example, on R12: |
---|
558 | |
---|
559 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
560 | interface GigabitEthernet3/0 |
---|
561 | description Link to R21 |
---|
562 | ip address 10.10.254.5 255.255.255.252 |
---|
563 | ipv6 address fd00:10:fe::2/127 |
---|
564 | no shutdown |
---|
565 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
566 | |
---|
567 | 2. Configure prefix lists for your inbound filters |
---|
568 | |
---|
569 | On R12: |
---|
570 | |
---|
571 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
572 | ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32 |
---|
573 | ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128 |
---|
574 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
575 | |
---|
576 | *The equivalent needs to be done in R21.* |
---|
577 | |
---|
578 | 3. Configure prefix lists for your outbound filters |
---|
579 | |
---|
580 | You should have these from a previous step. You can verify |
---|
581 | like this: |
---|
582 | |
---|
583 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
584 | R12#show ip prefix-list out-peer |
---|
585 | R12#show ipv6 prefix-list ipv6-out-peer |
---|
586 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
587 | |
---|
588 | 4. Now create the BGP sessions and apply those |
---|
589 | inbound/outbound filters: |
---|
590 | |
---|
591 | On R12: |
---|
592 | |
---|
593 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
594 | router bgp 10 |
---|
595 | address-family ipv4 |
---|
596 | neighbor 10.10.254.6 remote-as 20 |
---|
597 | neighbor 10.10.254.6 description eBGP to AS20 |
---|
598 | neighbor 10.10.254.6 password NSRC |
---|
599 | neighbor 10.10.254.6 prefix-list out-peer out |
---|
600 | neighbor 10.10.254.6 prefix-list AS20-in-peer in |
---|
601 | address-family ipv6 |
---|
602 | neighbor fd00:10:fe::3 remote-as 20 |
---|
603 | neighbor fd00:10:fe::3 description eBGP to AS20 |
---|
604 | neighbor fd00:10:fe::3 password NSRC |
---|
605 | neighbor fd00:10:fe::3 prefix-list ipv6-out-peer out |
---|
606 | neighbor fd00:10:fe::3 prefix-list ipv6-AS20-in-peer in |
---|
607 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
608 | |
---|
609 | The equivalent needs to be done in R21. |
---|
610 | |
---|
611 | Verify that the sessions are up: |
---|
612 | |
---|
613 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
614 | show ip bgp summary |
---|
615 | show ipv6 bgp unicast summary |
---|
616 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
617 | |
---|
618 | ..and that you are learning the prefix directly |
---|
619 | from the neighbor: |
---|
620 | |
---|
621 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
622 | R12#show ip bgp neighbor 10.10.254.6 routes |
---|
623 | R12#show bgp ipv6 unicast neighbors fd00:10:fe::3 routes |
---|
624 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
625 | |
---|
626 | 5. Do some traceroutes towards your peer and |
---|
627 | make sure that the path is direct. |
---|
628 | |
---|
629 | |
---|
630 | Remember to save your configurations. |
---|
631 | |
---|
632 | You are done! You have configured BGP in a multihomed |
---|
633 | environment and BGP is selecting the paths based on |
---|
634 | default values. |
---|
635 | |
---|
636 | |
---|
637 | \pagebreak |
---|
638 | |
---|
639 | # Appendix A - RREN Configuration |
---|
640 | |
---|
641 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
642 | hostname RREN |
---|
643 | aaa new-model |
---|
644 | aaa authentication login default local |
---|
645 | aaa authentication enable default enable |
---|
646 | username nsrc secret nsrc |
---|
647 | enable secret nsrc |
---|
648 | service password-encryption |
---|
649 | line vty 0 4 |
---|
650 | transport preferred none |
---|
651 | line console 0 |
---|
652 | transport preferred none |
---|
653 | no logging console |
---|
654 | logging buffered 8192 debugging |
---|
655 | no ip domain-lookup |
---|
656 | ip subnet-zero |
---|
657 | ip classless |
---|
658 | no ip source-route |
---|
659 | ipv6 unicast-routing |
---|
660 | ! |
---|
661 | interface Loopback0 |
---|
662 | ip address 10.100.255.1 255.255.255.255 |
---|
663 | ipv6 address fd00:100:ff::1/128 |
---|
664 | ! |
---|
665 | interface GigabitEthernet1/0 |
---|
666 | description P2P Link to RREN1 |
---|
667 | ip address 10.100.254.1 255.255.255.252 |
---|
668 | ipv6 address fd00:100:fe::/127 |
---|
669 | no shutdown |
---|
670 | ! |
---|
671 | interface GigabitEthernet2/0 |
---|
672 | description P2P Link to RREN2 |
---|
673 | ip address 10.100.254.5 255.255.255.252 |
---|
674 | ipv6 address fd00:100:fe::2/127 |
---|
675 | no shutdown |
---|
676 | ! |
---|
677 | interface GigabitEthernet3/0 |
---|
678 | description Link to IXP |
---|
679 | ip address 10.251.1.3 255.255.255.0 |
---|
680 | ipv6 address fd00:251:1::3/64 |
---|
681 | no shutdown |
---|
682 | ! |
---|
683 | router bgp 100 |
---|
684 | bgp log-neighbor-changes |
---|
685 | no synchronization |
---|
686 | no auto-summary |
---|
687 | no bgp default ipv4-unicast |
---|
688 | distance bgp 200 200 200 |
---|
689 | address-family ipv4 |
---|
690 | network 10.100.0.0 mask 255.255.0.0 |
---|
691 | neighbor 10.100.254.2 remote-as 101 |
---|
692 | neighbor 10.100.254.2 description eBGP to AS101 |
---|
693 | neighbor 10.100.254.2 password NSRC |
---|
694 | neighbor 10.100.254.6 remote-as 102 |
---|
695 | neighbor 10.100.254.6 description eBGP to AS102 |
---|
696 | neighbor 10.100.254.6 password NSRC |
---|
697 | neighbor 10.251.1.1 remote-as 201 |
---|
698 | neighbor 10.251.1.1 description eBGP to AS201 |
---|
699 | neighbor 10.251.1.1 password NSRC |
---|
700 | neighbor 10.251.1.2 remote-as 202 |
---|
701 | neighbor 10.251.1.2 description eBGP to AS202 |
---|
702 | neighbor 10.251.1.2 password NSRC |
---|
703 | address-family ipv6 |
---|
704 | network fd00:100::/32 |
---|
705 | neighbor fd00:100:fe::1 remote-as 101 |
---|
706 | neighbor fd00:100:fe::1 description eBGP to AS101 |
---|
707 | neighbor fd00:100:fe::1 password NSRC |
---|
708 | neighbor fd00:100:fe::3 remote-as 102 |
---|
709 | neighbor fd00:100:fe::3 description eBGP to AS102 |
---|
710 | neighbor fd00:100:fe::3 password NSRC |
---|
711 | neighbor fd00:251:1::1 remote-as 201 |
---|
712 | neighbor fd00:251:1::1 description eBGP to AS201 |
---|
713 | neighbor fd00:251:1::1 password NSRC |
---|
714 | neighbor fd00:251:1::2 remote-as 202 |
---|
715 | neighbor fd00:251:1::2 description eBGP to AS202 |
---|
716 | neighbor fd00:251:1::2 password NSRC |
---|
717 | |
---|
718 | ! |
---|
719 | ip route 10.100.0.0 255.255.0.0 null0 |
---|
720 | ipv6 route fd00:100::/32 null0 |
---|
721 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
722 | |
---|
723 | |
---|
724 | \pagebreak |
---|
725 | |
---|
726 | # Appendix B - NREN1 Configuration |
---|
727 | |
---|
728 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
729 | hostname NREN1 |
---|
730 | aaa new-model |
---|
731 | aaa authentication login default local |
---|
732 | aaa authentication enable default enable |
---|
733 | username nsrc secret nsrc |
---|
734 | enable secret nsrc |
---|
735 | service password-encryption |
---|
736 | line vty 0 4 |
---|
737 | transport preferred none |
---|
738 | line console 0 |
---|
739 | transport preferred none |
---|
740 | no logging console |
---|
741 | logging buffered 8192 debugging |
---|
742 | no ip domain-lookup |
---|
743 | ip subnet-zero |
---|
744 | ip classless |
---|
745 | no ip source-route |
---|
746 | ipv6 unicast-routing |
---|
747 | ! |
---|
748 | interface Loopback0 |
---|
749 | ip address 10.101.255.1 255.255.255.255 |
---|
750 | ipv6 address fd00:101:ff::1/128 |
---|
751 | ! |
---|
752 | interface GigabitEthernet1/0 |
---|
753 | description P2P Link to RREN |
---|
754 | ip address 10.100.254.2 255.255.255.252 |
---|
755 | ipv6 address fd00:100:fe::1/127 |
---|
756 | no shutdown |
---|
757 | ! |
---|
758 | interface GigabitEthernet2/0 |
---|
759 | description P2P Link to ISP1 |
---|
760 | ip address 10.101.254.13 255.255.255.252 |
---|
761 | ipv6 address fd00:101:fe::6/127 |
---|
762 | no shutdown |
---|
763 | ! |
---|
764 | interface GigabitEthernet3/0 |
---|
765 | description P2P Link to R11 |
---|
766 | ip address 10.101.254.1 255.255.255.252 |
---|
767 | ipv6 address fd00:101:fe::0/127 |
---|
768 | no shutdown |
---|
769 | ! |
---|
770 | interface GigabitEthernet4/0 |
---|
771 | description P2P Link to R21 |
---|
772 | ip address 10.101.254.5 255.255.255.252 |
---|
773 | ipv6 address fd00:101:fe::2/127 |
---|
774 | no shutdown |
---|
775 | ! |
---|
776 | interface GigabitEthernet5/0 |
---|
777 | description P2P Link to R31 |
---|
778 | ip address 10.101.254.9 255.255.255.252 |
---|
779 | ipv6 address fd00:101:fe::4/127 |
---|
780 | no shutdown |
---|
781 | ! |
---|
782 | ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32 |
---|
783 | ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128 |
---|
784 | ! |
---|
785 | ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32 |
---|
786 | ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128 |
---|
787 | ! |
---|
788 | ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32 |
---|
789 | ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128 |
---|
790 | ! |
---|
791 | router bgp 101 |
---|
792 | bgp log-neighbor-changes |
---|
793 | no synchronization |
---|
794 | no auto-summary |
---|
795 | no bgp default ipv4-unicast |
---|
796 | distance bgp 200 200 200 |
---|
797 | address-family ipv4 |
---|
798 | network 10.101.0.0 mask 255.255.0.0 |
---|
799 | neighbor 10.101.254.2 remote-as 10 |
---|
800 | neighbor 10.101.254.2 description eBGP to AS10 |
---|
801 | neighbor 10.101.254.2 password NSRC |
---|
802 | neighbor 10.101.254.2 prefix-list AS10-in-peer in |
---|
803 | neighbor 10.101.254.6 remote-as 20 |
---|
804 | neighbor 10.101.254.6 description eBGP to AS20 |
---|
805 | neighbor 10.101.254.6 password NSRC |
---|
806 | neighbor 10.101.254.6 prefix-list AS20-in-peer in |
---|
807 | neighbor 10.101.254.10 remote-as 30 |
---|
808 | neighbor 10.101.254.10 description eBGP to AS30 |
---|
809 | neighbor 10.101.254.10 password NSRC |
---|
810 | neighbor 10.101.254.10 prefix-list AS30-in-peer in |
---|
811 | neighbor 10.101.254.14 remote-as 201 |
---|
812 | neighbor 10.101.254.14 description eBGP to AS201 |
---|
813 | neighbor 10.101.254.14 password NSRC |
---|
814 | neighbor 10.100.254.1 remote-as 100 |
---|
815 | neighbor 10.100.254.1 description eBGP to AS100 |
---|
816 | neighbor 10.100.254.1 password NSRC |
---|
817 | address-family ipv6 |
---|
818 | network fd00:101::/32 |
---|
819 | neighbor fd00:101:fe::1 remote-as 10 |
---|
820 | neighbor fd00:101:fe::1 description eBGP to AS10 |
---|
821 | neighbor fd00:101:fe::1 password NSRC |
---|
822 | neighbor fd00:101:fe::1 prefix-list ipv6-AS10-in-peer in |
---|
823 | neighbor fd00:101:fe::3 remote-as 20 |
---|
824 | neighbor fd00:101:fe::3 description eBGP to AS20 |
---|
825 | neighbor fd00:101:fe::3 password NSRC |
---|
826 | neighbor fd00:101:fe::3 prefix-list ipv6-AS20-in-peer in |
---|
827 | neighbor fd00:101:fe::5 remote-as 30 |
---|
828 | neighbor fd00:101:fe::5 description eBGP to AS30 |
---|
829 | neighbor fd00:101:fe::5 password NSRC |
---|
830 | neighbor fd00:101:fe::5 prefix-list ipv6-AS30-in-peer in |
---|
831 | neighbor fd00:201:fe::8 remote-as 201 |
---|
832 | neighbor fd00:201:fe::8 description eBGP to AS201 |
---|
833 | neighbor fd00:201:fe::8 password NSRC |
---|
834 | neighbor fd00:100:fe:: remote-as 100 |
---|
835 | neighbor fd00:100:fe:: description eBGP to AS100 |
---|
836 | neighbor fd00:100:fe:: password NSRC |
---|
837 | ! |
---|
838 | ip route 10.101.0.0 255.255.0.0 null0 |
---|
839 | ipv6 route fd00:101::/32 null0 |
---|
840 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
841 | |
---|
842 | \pagebreak |
---|
843 | |
---|
844 | # Appendix C - NREN2 Configuration |
---|
845 | |
---|
846 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
847 | hostname NREN2 |
---|
848 | aaa new-model |
---|
849 | aaa authentication login default local |
---|
850 | aaa authentication enable default enable |
---|
851 | username nsrc secret nsrc |
---|
852 | enable secret nsrc |
---|
853 | service password-encryption |
---|
854 | line vty 0 4 |
---|
855 | transport preferred none |
---|
856 | line console 0 |
---|
857 | transport preferred none |
---|
858 | no logging console |
---|
859 | logging buffered 8192 debugging |
---|
860 | no ip domain-lookup |
---|
861 | ip subnet-zero |
---|
862 | ip classless |
---|
863 | no ip source-route |
---|
864 | ipv6 unicast-routing |
---|
865 | ! |
---|
866 | interface Loopback0 |
---|
867 | ip address 10.102.255.1 255.255.255.255 |
---|
868 | ipv6 address fd00:102:ff::1/128 |
---|
869 | ! |
---|
870 | interface GigabitEthernet1/0 |
---|
871 | description P2P Link to RREN |
---|
872 | ip address 10.100.254.6 255.255.255.252 |
---|
873 | ipv6 address fd00:100:fe::3/127 |
---|
874 | no shutdown |
---|
875 | ! |
---|
876 | interface GigabitEthernet2/0 |
---|
877 | description P2P Link to ISP2 |
---|
878 | ip address 10.102.254.13 255.255.255.252 |
---|
879 | ipv6 address fd00:102:fe::6/127 |
---|
880 | no shutdown |
---|
881 | ! |
---|
882 | interface GigabitEthernet3/0 |
---|
883 | description P2P Link to R41 |
---|
884 | ip address 10.102.254.1 255.255.255.252 |
---|
885 | ipv6 address fd00:102:fe::0/127 |
---|
886 | no shutdown |
---|
887 | ! |
---|
888 | interface GigabitEthernet4/0 |
---|
889 | description P2P Link to R51 |
---|
890 | ip address 10.102.254.5 255.255.255.252 |
---|
891 | ipv6 address fd00:102:fe::2/127 |
---|
892 | no shutdown |
---|
893 | ! |
---|
894 | interface GigabitEthernet5/0 |
---|
895 | description P2P Link to R61 |
---|
896 | ip address 10.102.254.9 255.255.255.252 |
---|
897 | ipv6 address fd00:102:fe::4/127 |
---|
898 | no shutdown |
---|
899 | ! |
---|
900 | ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32 |
---|
901 | ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128 |
---|
902 | ! |
---|
903 | ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32 |
---|
904 | ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128 |
---|
905 | ! |
---|
906 | ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32 |
---|
907 | ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128 |
---|
908 | ! |
---|
909 | router bgp 102 |
---|
910 | bgp log-neighbor-changes |
---|
911 | no synchronization |
---|
912 | no auto-summary |
---|
913 | no bgp default ipv4-unicast |
---|
914 | distance bgp 200 200 200 |
---|
915 | address-family ipv4 |
---|
916 | network 10.102.0.0 mask 255.255.0.0 |
---|
917 | neighbor 10.102.254.2 remote-as 40 |
---|
918 | neighbor 10.102.254.2 description eBGP to AS40 |
---|
919 | neighbor 10.102.254.2 password NSRC |
---|
920 | neighbor 10.102.254.2 prefix-list AS40-in-peer in |
---|
921 | neighbor 10.102.254.6 remote-as 50 |
---|
922 | neighbor 10.102.254.6 description eBGP to AS50 |
---|
923 | neighbor 10.102.254.6 password NSRC |
---|
924 | neighbor 10.102.254.6 prefix-list AS50-in-peer in |
---|
925 | neighbor 10.102.254.10 remote-as 60 |
---|
926 | neighbor 10.102.254.10 description eBGP to AS60 |
---|
927 | neighbor 10.102.254.10 password NSRC |
---|
928 | neighbor 10.102.254.10 prefix-list AS60-in-peer in |
---|
929 | neighbor 10.102.254.14 remote-as 202 |
---|
930 | neighbor 10.102.254.14 description eBGP to AS202 |
---|
931 | neighbor 10.102.254.14 password NSRC |
---|
932 | neighbor 10.100.254.5 remote-as 100 |
---|
933 | neighbor 10.100.254.5 description eBGP to AS100 |
---|
934 | neighbor 10.100.254.5 password NSRC |
---|
935 | address-family ipv6 |
---|
936 | network fd00:102::/32 |
---|
937 | neighbor fd00:102:fe::1 remote-as 40 |
---|
938 | neighbor fd00:102:fe::1 description eBGP to AS40 |
---|
939 | neighbor fd00:102:fe::1 password NSRC |
---|
940 | neighbor fd00:102:fe::1 prefix-list ipv6-AS40-in-peer in |
---|
941 | neighbor fd00:102:fe::3 remote-as 50 |
---|
942 | neighbor fd00:102:fe::3 description eBGP to AS50 |
---|
943 | neighbor fd00:102:fe::3 password NSRC |
---|
944 | neighbor fd00:102:fe::3 prefix-list ipv6-AS50-in-peer in |
---|
945 | neighbor fd00:102:fe::5 remote-as 60 |
---|
946 | neighbor fd00:102:fe::5 description eBGP to AS60 |
---|
947 | neighbor fd00:102:fe::5 password NSRC |
---|
948 | neighbor fd00:102:fe::5 prefix-list ipv6-AS60-in-peer in |
---|
949 | neighbor fd00:102:fe::7 remote-as 202 |
---|
950 | neighbor fd00:102:fe::7 description eBGP to AS202 |
---|
951 | neighbor fd00:102:fe::7 password NSRC |
---|
952 | neighbor fd00:100:fe::2 remote-as 100 |
---|
953 | neighbor fd00:100:fe::2 description eBGP to AS100 |
---|
954 | neighbor fd00:100:fe::2 password NSRC |
---|
955 | ! |
---|
956 | ip route 10.102.0.0 255.255.0.0 null0 |
---|
957 | ipv6 route fd00:102::/32 null0 |
---|
958 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
959 | |
---|
960 | |
---|
961 | |
---|
962 | \pagebreak |
---|
963 | |
---|
964 | # Appendix D - ISP1 Configuration |
---|
965 | |
---|
966 | Note: *This is in addition to what was configured |
---|
967 | in the previous exercise*. |
---|
968 | |
---|
969 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
970 | interface GigabitEthernet2/0 |
---|
971 | description P2P Link to NREN1 |
---|
972 | ip address 10.101.254.14 255.255.255.252 |
---|
973 | ipv6 address fd00:101:fe::7/127 |
---|
974 | no shutdown |
---|
975 | ! |
---|
976 | ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32 |
---|
977 | ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128 |
---|
978 | ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32 |
---|
979 | ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128 |
---|
980 | ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32 |
---|
981 | ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128 |
---|
982 | ! |
---|
983 | router bgp 201 |
---|
984 | bgp log-neighbor-changes |
---|
985 | no synchronization |
---|
986 | no auto-summary |
---|
987 | no bgp default ipv4-unicast |
---|
988 | bgp deterministic-med |
---|
989 | distance bgp 200 200 200 |
---|
990 | address-family ipv4 |
---|
991 | network 10.201.0.0 mask 255.255.0.0 |
---|
992 | neighbor 10.201.254.2 remote-as 10 |
---|
993 | neighbor 10.201.254.2 description eBGP to AS10 |
---|
994 | neighbor 10.201.254.2 password NSRC |
---|
995 | neighbor 10.201.254.2 prefix-list AS10-in-peer in |
---|
996 | neighbor 10.201.254.6 remote-as 20 |
---|
997 | neighbor 10.201.254.6 description eBGP to AS20 |
---|
998 | neighbor 10.201.254.6 password NSRC |
---|
999 | neighbor 10.201.254.6 prefix-list AS20-in-peer in |
---|
1000 | neighbor 10.201.254.10 remote-as 30 |
---|
1001 | neighbor 10.201.254.10 description eBGP to AS30 |
---|
1002 | neighbor 10.201.254.10 password NSRC |
---|
1003 | neighbor 10.201.254.10 prefix-list AS30-in-peer in |
---|
1004 | neighbor 10.101.254.13 remote-as 101 |
---|
1005 | neighbor 10.101.254.13 description eBGP to AS101 |
---|
1006 | neighbor 10.101.254.13 password NSRC |
---|
1007 | neighbor 10.251.1.2 remote-as 202 |
---|
1008 | neighbor 10.251.1.2 description eBGP to AS202 |
---|
1009 | neighbor 10.251.1.2 password NSRC |
---|
1010 | neighbor 10.251.1.3 remote-as 100 |
---|
1011 | neighbor 10.251.1.3 description eBGP to AS100 |
---|
1012 | neighbor 10.251.1.3 password NSRC |
---|
1013 | address-family ipv6 |
---|
1014 | network fd00:201::/32 |
---|
1015 | neighbor fd00:201:fe::1 remote-as 10 |
---|
1016 | neighbor fd00:201:fe::1 description eBGP to AS10 |
---|
1017 | neighbor fd00:201:fe::1 password NSRC |
---|
1018 | neighbor fd00:201:fe::1 prefix-list AS10-in-peer in |
---|
1019 | neighbor fd00:201:fe::3 remote-as 20 |
---|
1020 | neighbor fd00:201:fe::3 description eBGP to AS20 |
---|
1021 | neighbor fd00:201:fe::3 password NSRC |
---|
1022 | neighbor fd00:201:fe::3 prefix-list AS20-in-peer in |
---|
1023 | neighbor fd00:201:fe::5 remote-as 30 |
---|
1024 | neighbor fd00:201:fe::5 description eBGP to AS30 |
---|
1025 | neighbor fd00:201:fe::5 password NSRC |
---|
1026 | neighbor fd00:201:fe::5 prefix-list AS30-in-peer in |
---|
1027 | neighbor fd00:101:fe::6 remote-as 101 |
---|
1028 | neighbor fd00:101:fe::6 description eBGP to AS101 |
---|
1029 | neighbor fd00:101:fe::6 password NSRC |
---|
1030 | neighbor fd00:251:1::2 remote-as 202 |
---|
1031 | neighbor fd00:251:1::2 description eBGP to AS202 |
---|
1032 | neighbor fd00:251:1::2 password NSRC |
---|
1033 | neighbor fd00:251:1::3 remote-as 100 |
---|
1034 | neighbor fd00:251:1::3 description eBGP to AS100 |
---|
1035 | neighbor fd00:251:1::3 password NSRC |
---|
1036 | ! |
---|
1037 | ip route 10.201.0.0 255.255.0.0 null0 |
---|
1038 | ipv6 route fd00:201::/32 null0 |
---|
1039 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
1040 | |
---|
1041 | # Appendix E - ISP2 Configuration |
---|
1042 | |
---|
1043 | Note: *This is in addition to what was configured |
---|
1044 | in the previous exercise*. |
---|
1045 | |
---|
1046 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
1047 | interface GigabitEthernet2/0 |
---|
1048 | description P2P Link to NREN2 |
---|
1049 | ip address 10.102.254.14 255.255.255.252 |
---|
1050 | ipv6 address fd00:102:fe::7/127 |
---|
1051 | no shutdown |
---|
1052 | ! |
---|
1053 | ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32 |
---|
1054 | ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128 |
---|
1055 | ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32 |
---|
1056 | ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128 |
---|
1057 | ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32 |
---|
1058 | ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128 |
---|
1059 | ! |
---|
1060 | router bgp 202 |
---|
1061 | bgp log-neighbor-changes |
---|
1062 | no synchronization |
---|
1063 | no auto-summary |
---|
1064 | no bgp default ipv4-unicast |
---|
1065 | distance bgp 200 200 200 |
---|
1066 | address-family ipv4 |
---|
1067 | network 10.202.0.0 mask 255.255.0.0 |
---|
1068 | neighbor 10.202.254.2 remote-as 40 |
---|
1069 | neighbor 10.202.254.2 description eBGP to AS40 |
---|
1070 | neighbor 10.202.254.2 password NSRC |
---|
1071 | neighbor 10.202.254.2 prefix-list AS40-in-peer in |
---|
1072 | neighbor 10.202.254.6 remote-as 50 |
---|
1073 | neighbor 10.202.254.6 description eBGP to AS50 |
---|
1074 | neighbor 10.202.254.6 password NSRC |
---|
1075 | neighbor 10.202.254.6 prefix-list AS50-in-peer in |
---|
1076 | neighbor 10.202.254.10 remote-as 60 |
---|
1077 | neighbor 10.202.254.10 description eBGP to AS60 |
---|
1078 | neighbor 10.202.254.10 password NSRC |
---|
1079 | neighbor 10.202.254.10 prefix-list AS60-in-peer in |
---|
1080 | neighbor 10.102.254.13 remote-as 102 |
---|
1081 | neighbor 10.102.254.13 description eBGP to AS102 |
---|
1082 | neighbor 10.102.254.13 password NSRC |
---|
1083 | neighbor 10.251.1.1 remote-as 201 |
---|
1084 | neighbor 10.251.1.1 description eBGP to AS201 |
---|
1085 | neighbor 10.251.1.1 password NSRC |
---|
1086 | neighbor 10.251.1.3 remote-as 100 |
---|
1087 | neighbor 10.251.1.3 description eBGP to AS100 |
---|
1088 | neighbor 10.251.1.3 password NSRC |
---|
1089 | address-family ipv6 |
---|
1090 | network fd00:202::/32 |
---|
1091 | neighbor fd00:202:fe::1 remote-as 40 |
---|
1092 | neighbor fd00:202:fe::1 description eBGP to AS40 |
---|
1093 | neighbor fd00:202:fe::1 password NSRC |
---|
1094 | neighbor fd00:202:fe::1 prefix-list ipv6-AS40-in-peer in |
---|
1095 | neighbor fd00:202:fe::3 remote-as 50 |
---|
1096 | neighbor fd00:202:fe::3 description eBGP to AS50 |
---|
1097 | neighbor fd00:202:fe::3 password NSRC |
---|
1098 | neighbor fd00:202:fe::3 prefix-list ipv6-AS50-in-peer in |
---|
1099 | neighbor fd00:202:fe::5 remote-as 60 |
---|
1100 | neighbor fd00:202:fe::5 description eBGP to AS60 |
---|
1101 | neighbor fd00:202:fe::5 password NSRC |
---|
1102 | neighbor fd00:202:fe::5 prefix-list ipv6-AS60-in-peer in |
---|
1103 | neighbor fd00:102:fe::7 remote-as 102 |
---|
1104 | neighbor fd00:102:fe::7 description eBGP to AS102 |
---|
1105 | neighbor fd00:102:fe::7 password NSRC |
---|
1106 | neighbor fd00:251:1::1 remote-as 201 |
---|
1107 | neighbor fd00:251:1::1 description eBGP to AS201 |
---|
1108 | neighbor fd00:251:1::1 password NSRC |
---|
1109 | neighbor fd00:251:1::3 remote-as 100 |
---|
1110 | neighbor fd00:251:1::3 description eBGP to AS100 |
---|
1111 | neighbor fd00:251:1::3 password NSRC |
---|
1112 | ! |
---|
1113 | ip route 10.202.0.0 255.255.0.0 null0 |
---|
1114 | ipv6 route fd00:202::/32 null0 |
---|
1115 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
1116 | |
---|
1117 | |
---|