Agenda: lab-bgp-basic.txt

File lab-bgp-basic.txt, 33.6 KB (added by cvicente, 6 years ago)
Line 
1% Network Design Workshop
2% Basic BGP Lab
3
4![Multi-homed Topology](ex2-1.png)
5
6\pagebreak
7
8# Introduction
9
10The purpose of this exercise is to:
11
12* Understand the routing implications of
13  connecting to multiple external domains
14* Learn to configure basic eBGP to exchange routing
15  information with multiple external peers and iBGP
16  to carry that information inside your network.
17
18# Pre-requisites
19
20This exercise builds upon the configurations implemented in
21the OSPF + Static routing lab. You must be able to:
22
23* Ping your neighbor router in the same AS using its
24  loopback address (both IPv4 and IPv6!).
25* Ping your neighbor routers in other ASs using their
26  point-to-point link addresses.
27
28*Note: Actually, if everyone configured their OSPF and static
29routes properly in the previous exercise, you should be able
30to ping every other router using their loopback address.*
31
32# Address Space Allocation
33
34## Regional REN (RREN)
35
36We only need one:
37
38RREN    IPv4            IPv6            ASN
39-----   ------------    -------------   -------
401       10.100.0.0/16   fd00:100::/32   100
41
42## National RENs (NRENs)
43
44NREN    IPv4            IPv6            ASN
45-----   ------------    -------------   -------
461       10.101.0.0/16   fd00:101::/32   101
472       10.102.0.0/16   fd00:102::/32   102
48
49... and so on.
50
51# iBGP Configuration
52
53## Enable the BGP process
54
55Before we set up iBGP, we need to do some basic preparation
56on the router. The IOS defaults are not optimized, so before
57we bring up BGP sessions, we should set the parameters that we
58require.
59
60The default distance for eBGP is 20, the default distance for iBGP
61is 200, and the default distance for OSPF is 110. This means that
62there is a potential for a prefix learned by eBGP to override the
63identical prefix carried by OSPF. To protect against accidents, the
64eBGP distance is set to 200 also.
65
66The command to do this is the *distance bgp* subcommand:
67
68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
69distance bgp <external-routes> <internal-routes> <local-routes>
70~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71
72We also want to:
73
74* Enable logging of BGP neighbor state changes
75* Disable the requirement that a route must be present in the IGP
76  table before it can be advertised by BGP (synchronization).
77* Disable auto-summarization of routes to classful network boundaries
78* Disable the automatic exchange of IPv4 unicast routes on every
79  peering session.
80
81This must be done in all future BGP configurations of this workshop:
82
83On both R11 and R12:
84
85~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
86router bgp 10
87 distance bgp 200 200 200
88 bgp log-neighbor-changes
89 no synchronization
90 no auto-summary
91 no bgp default ipv4-unicast
92~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
93
94
95## Configure iBGP neighbors
96
97Again, make sure that you can ping the other router
98using its loopback address, otherwise the BGP session
99will not come up!
100
101On R11:
102
103~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
104router bgp 10
105 address-family ipv4
106  neighbor 10.10.255.2 remote-as 10
107  neighbor 10.10.255.2 update-source loopback 0
108  neighbor 10.10.255.2 description iBGP to R12
109  neighbor 10.10.255.2 password NSRC
110  neighbor 10.10.255.2 next-hop-self
111 address-family ipv6
112  neighbor fd00:10:ff::2 remote-as 10
113  neighbor fd00:10:ff::2 update-source loopback 0
114  neighbor fd00:10:ff::2 description iBGP to R12
115  neighbor fd00:10:ff::2 password NSRC
116  neighbor fd00:10:ff::2 next-hop-self
117~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
118
119On R12:
120
121~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
122router bgp 10
123 address-family ipv4
124  neighbor 10.10.255.1 remote-as 10
125  neighbor 10.10.255.1 update-source loopback 0
126  neighbor 10.10.255.1 description iBGP to R11
127  neighbor 10.10.255.1 password NSRC
128  neighbor 10.10.255.1 next-hop-self
129 address-family ipv6
130  neighbor fd00:10:ff::1 remote-as 10
131  neighbor fd00:10:ff::1 update-source loopback 0
132  neighbor fd00:10:ff::1 description iBGP to R11
133  neighbor fd00:10:ff::1 password NSRC
134  neighbor fd00:10:ff::1 next-hop-self
135~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
136
137
138Check that the BGP sessions are up on both sides.
139
140~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
141show ip bgp summary
142show bgp ipv6 unicast summary
143~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
144
145## Advertise end-user prefixes
146
1471. Divide your end-user address space in two
148   halves and announce each half separately.
149   Refer to the address space allocation table
150   in the previous exercise.
151
152On R11:
153
154~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
155router bgp 10
156 address-family ipv4
157  network 10.10.0.0 mask 255.255.192.0
158 address-family ipv6
159  network fd00:10::/41
160~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
161
162On R12:
163
164~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
165router bgp 10
166 address-family ipv4
167  network 10.10.64.0 mask 255.255.192.0
168 address-family ipv6
169network fd00:10:80::/41
170~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
171 
172Get the list of learned paths:
173
174~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
175show ip bgp
176show bgp ipv6 unicast
177~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
178
179Do you see any paths? Why not?
180
1812. Create a static route for the prefix being
182   announced on each router:
183
184On R11:
185
186~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
187ip route 10.10.0.0 255.255.192.0 null0
188ipv6 route fd00:10::/41 null0
189~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
190
191On R12:
192
193~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
194ip route 10.10.64.0 255.255.192.0 null0
195ipv6 route fd00:10:80::/41 null0
196~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
197
198Get the list of learned paths again. You should see
199both your prefix and the neighbor's.
200
201# Multihoming - eBGP Configuration
202
203## Connect to the NREN
204
2051. Configure your RX1 router to connect to the NREN
206   with a a point-to-point link.
207
208NRENs: Use configuration in Appendix.
209
210On R11:
211
212~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
213interface GigabitEthernet1/0
214 description P2P Link to NREN1
215 ip address 10.101.254.2 255.255.255.252
216 ipv6 address fd00:101:fe::1/127
217 no shutdown
218~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
219
220Make sure that it's up and that you can ping the other
221side:
222
223~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
224ping 10.101.254.1
225ping fd00:101:fe::0
226~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
227
228Do some traceroutes to other networks again:
229
230~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
231R11# traceroute 10.20.255.1
232R11# traceroute 10.30.255.1
233~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
234
235Has anything changed since the last exercise?
236
237Notice that before we had only one connection to
238the Internet - via the ISP. Now we have two.
239But we are still using a default route pointing
240to the ISP only!
241
242We could add another default route pointing to the
243NREN, but that would not give us much flexibility
244in terms of traffic policies. Keep going.
245
246## BGP-peer with the NREN and the ISP
247
2481. Configure eBGP sessions to the ISP and the NREN
249
250On R11:
251
252~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
253router bgp 10
254 address-family ipv4
255  neighbor 10.101.254.1 remote-as 101
256  neighbor 10.101.254.1 description eBGP to NREN1
257  neighbor 10.101.254.1 password NSRC
258 address-family ipv6
259  neighbor fd00:101:fe:: remote-as 101
260  neighbor fd00:101:fe:: description eBGP to NREN1
261  neighbor fd00:101:fe:: password NSRC
262~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
263
264**Did you notice that with eBGP we no longer use the
265loopback address as the endpoint of the BGP session,
266as we did with iBGP?**
267
268On R12:
269
270~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
271router bgp 10
272 address-family ipv4
273  neighbor 10.201.254.1 remote-as 201
274  neighbor 10.201.254.1 description eBGP to ISP1
275  neighbor 10.201.254.1 password NSRC
276 address-family ipv6
277  neighbor fd00:201:fe:: remote-as 201
278  neighbor fd00:201:fe:: description eBGP to ISP1
279  neighbor fd00:201:fe:: password NSRC
280~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
281
282Check that the BGP sessions are up on both routers:
283
284~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
285show ip bgp summary
286show bgp ipv6 unicast summary
287~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
288
289Verify what you are advertising to the NREN:
290
291~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
292R11# show ip bgp nei 10.101.254.1 advertised-routes
293R11# sh bgp ipv6 uni neigh fd00:101:fe:: advertised
294~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
295
296... and to the ISP:
297
298~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
299R12# show ip bgp neighbor 10.201.254.1 advertised-routes
300R12# sh bgp ipv6 uni neigh fd00:201:fe:: advertised
301~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
302
303Are you perhaps announcing other prefixes that don't
304originate in your AS? If so, can you remember what
305serious negative implications this could have?
306Ask the instructor if you need clarification.
307
308## Filter what you send and receive
309
3101. Create prefix lists for your inbound/outbound
311   filters.
312
313On R11:
314
315~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
316ip prefix-list out-peer permit 10.10.0.0/16 le 32
317ip prefix-list nren-in-peer deny 10.10.0.0/16 le 32
318ip prefix-list nren-in-peer permit 0.0.0.0/0 le 32
319ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
320ipv6 prefix-list ipv6-nren-in-peer deny fd00:10::/32 le 128
321ipv6 prefix-list ipv6-nren-in-peer permit ::/0 le 128
322~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
323
324On R12:
325
326~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
327ip prefix-list out-peer permit 10.10.0.0/16 le 32
328ip prefix-list isp-in-peer deny 10.10.0.0/16 le 32
329ip prefix-list isp-in-peer permit 0.0.0.0/0 le 32
330ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
331ipv6 prefix-list ipv6-isp-in-peer deny fd00:10::/32 le 128
332ipv6 prefix-list ipv6-isp-in-peer permit ::/0 le 128
333~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
334
3352. Now create inbound/outbound filters using those
336   prefix lists
337
338R11:
339
340~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
341router bgp 10
342 address-family ipv4
343  neighbor 10.101.254.1 prefix-list nren-in-peer in
344  neighbor 10.101.254.1 prefix-list out-peer out
345 address-family ipv6
346  neighbor fd00:101:fe:: prefix-list ipv6-nren-in-peer in
347  neighbor fd00:101:fe:: prefix-list ipv6-out-peer out
348~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
349
350R12:
351
352~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
353router bgp 10
354 address-family ipv4
355  neighbor 10.201.254.1 prefix-list isp-in-peer in
356  neighbor 10.201.254.1 prefix-list out-peer out
357 address-family ipv6
358  neighbor fd00:201:fe:: prefix-list ipv6-isp-in-peer in
359  neighbor fd00:201:fe:: prefix-list ipv6-out-peer out
360~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
361
362Use the *BGP refresh* capability to resend the
363information to the peer:
364
365~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
366R11#clear ip bgp 10.101.254.1 out
367R11#clear bgp ipv6 unicast fd00:101:fe:: out
368~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
369
370~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
371R12#clear ip bgp 10.201.254.1 out
372R12#clear bgp ipv6 unicast fd00:201:fe:: out
373~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
374
375You should now be advertising only both halves of your
376end-user address space. Check with the ISP and
377NREN administrators to make sure that they are
378receiving both routes from you.
379
380*Note: This is a form of load-balancing for
381traffic coming into your AS.*
382
383But wait... that's not your whole address space!
384
385## Announce your whole address space
386
387On R11 and R12:
388
389~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
390router bgp 10
391 address-family ipv4
392  aggregate-address 10.10.0.0 255.255.0.0
393 address-family ipv6
394  aggregate-address fd00:10::/32
395~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
396
397Verify again what you are advertising from R11
398and R12. You should now be announcing three blocks,
399the two halves of your end-user block, and your
400whole address space.
401
402Confirm with the ISP and NREN administrators that
403they are indeed receiving those routes from you.
404
405Announcing your smaller blocks in addition to your
406whole block is a valid configuration. However, it
407has an impact: it increases the size of the global BGP
408routing table, causing more load on Internet backbone
409routers.
410
411Let's assume, just for the sake of this exercise,
412that we don't really need to load-balance our incoming
413traffic like that.
414
4156. Announce only a summary aggregate
416
417On R11 and R12:
418
419~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
420router bgp 10
421 address-family ipv4
422  aggregate-address 10.10.0.0 255.255.0.0 summary-only
423 address-family ipv6
424  aggregate-address fd00:10::/32 summary-only
425~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
426
427Resend the information to the peer:
428
429~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
430R11#clear ip bgp 10.101.254.1 out
431R11#clear bgp ipv6 unicast FD00:101:FE:: out
432~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
433
434~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
435R12#clear ip bgp 10.201.254.1 out
436R12#clear bgp ipv6 unicast FD00:201:FE:: out
437~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
438
439Check again what you are advertising, and confirm
440with your peers.
441
442### Remove static routes
443
4441. The ISPs remove their static routes towards
445   their customers.
446
447Now your ISP has learned a route to reach your
448network, correct? The ISPs can now safely remove
449the static routes pointing to you and the other
450customers:
451
452ISP1:
453
454~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
455no ip route 10.10.0.0 255.255.0.0 10.201.254.2
456no ip route 10.20.0.0 255.255.0.0 10.201.254.6
457no ip route 10.30.0.0 255.255.0.0 10.201.254.10
458!
459no ipv6 route fd00:10::/32 fd00:201:fe::1
460no ipv6 route fd00:20::/32 fd00:201:fe::3
461no ipv6 route fd00:30::/32 fd00:201:fe::5
462~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
463
464ISP2:
465
466~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
467no ip route 10.40.0.0 255.255.0.0 10.202.254.2
468no ip route 10.50.0.0 255.255.0.0 10.202.254.6
469no ip route 10.60.0.0 255.255.0.0 10.202.254.10
470!
471no ipv6 route fd00:40::/32 fd00:202:fe::1
472no ipv6 route fd00:50::/32 fd00:202:fe::3
473no ipv6 route fd00:60::/32 fd00:202:fe::5
474~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
475
4762. Remove your static default routes
477
478In the previous exercise, we created default
479routes on both routers. But thanks to BGP, we
480should now be receiving routes from our NREN and
481our ISP.
482
483Let's check first (do this on both routers):
484
485~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
486show ip bgp
487show bgp ipv6 unicast
488show ip route
489show ipv6 route
490~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
491
492You should be learning routes advertised by other
493groups, and also from the NRENs and the ISPs.
494
495Remove your static default routes:
496
497R11:
498
499~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
500no ip route 0.0.0.0 0.0.0.0 10.10.254.2
501no ipv6 route ::/0 fd00:10:fe::1
502~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
503
504R12:
505
506~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
507no ip route 0.0.0.0 0.0.0.0 10.201.254.1
508no ipv6 route ::/0 fd00:201:fe::
509~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
510
511You should be able to ping any other router now.
512If you can't, wait for other groups to finish,
513or ask the instructors.
514
515Use traceroute to verify the paths that packets
516are following towards various destinations:
517
518~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
519R11# traceroute 10.100.255.1
520R11# traceroute 10.30.255.2
521...
522~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
523
524Repeat the same tests from the other router in
525your AS and compare. Use the diagram to help you
526visualize it.
527
528# Traffic Exchange (Peering)
529
530Direct traffic exchanges are usually established at no
531charge between two autonomous systems that want to save
532costs. The savings are achieved by not having to carry
533that traffic over expensive transit links via  commercial
534providers. Also, these direct exchanges have the added
535benefit of reducing latency because there are fewer hops.
536
537Usually traffic exchanges occur at public exchange points,
538also known as IXPs. The simplest kind of exchange point is
539a Layer-2 switch. In this exercise, we will simply configure
540direct links between routers, which is basically the same
541thing as connecting through a switch.
542
543![Peering Topology](ex2-2.png)
544
545## Connect to your neighbor AS
546
5471. Configure a point to point link to your neighbor AS
548as shown in the diagram. You will have to agree with
549your peer on which address space to use. Make sure to
550pick a point-to-point subnet that is not already used!
551
552The instructor will draw a map of the network at the front
553of the class and will ask you to document the subnet
554that was used for the peering session, so everybody can
555use that information when troubleshooting.
556
557For example, on R12:
558
559~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
560interface GigabitEthernet3/0
561 description Link to R21
562 ip address 10.10.254.5 255.255.255.252
563 ipv6 address fd00:10:fe::2/127
564 no shutdown
565~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
566
5672. Configure prefix lists for your inbound filters
568
569On R12:
570
571~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
572ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
573ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
574~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
575
576*The equivalent needs to be done in R21.*
577
5783. Configure prefix lists for your outbound filters
579
580You should have these from a previous step. You can verify
581like this:
582
583~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
584R12#show ip prefix-list out-peer
585R12#show ipv6 prefix-list ipv6-out-peer
586~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
587
5884. Now create the BGP sessions and apply those
589   inbound/outbound filters:
590
591On R12:
592
593~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
594router bgp 10
595 address-family ipv4
596  neighbor 10.10.254.6 remote-as 20
597  neighbor 10.10.254.6 description eBGP to AS20
598  neighbor 10.10.254.6 password NSRC
599  neighbor 10.10.254.6 prefix-list out-peer out
600  neighbor 10.10.254.6 prefix-list AS20-in-peer in
601 address-family ipv6
602  neighbor fd00:10:fe::3 remote-as 20
603  neighbor fd00:10:fe::3 description eBGP to AS20
604  neighbor fd00:10:fe::3 password NSRC
605  neighbor fd00:10:fe::3 prefix-list ipv6-out-peer out
606  neighbor fd00:10:fe::3 prefix-list ipv6-AS20-in-peer in
607~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
608
609The equivalent needs to be done in R21.
610
611Verify that the sessions are up:
612
613~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
614show ip bgp summary
615show ipv6 bgp unicast summary
616~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
617
618..and that you are learning the prefix directly
619from the neighbor:
620
621~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
622R12#show ip bgp neighbor 10.10.254.6 routes
623R12#show bgp ipv6 unicast neighbors fd00:10:fe::3 routes
624~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
625
6265. Do some traceroutes towards your peer and
627   make sure that the path is direct.
628
629
630Remember to save your configurations.
631
632You are done! You have configured BGP in a multihomed
633environment and BGP is selecting the paths based on
634default values.
635
636
637\pagebreak
638
639# Appendix A - RREN Configuration
640
641~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
642hostname RREN
643aaa new-model
644aaa authentication login default local
645aaa authentication enable default enable
646username nsrc secret nsrc
647enable secret nsrc
648service password-encryption
649line vty 0 4
650 transport preferred none
651line console 0
652 transport preferred none
653no logging console
654logging buffered 8192 debugging
655no ip domain-lookup
656ip subnet-zero
657ip classless
658no ip source-route
659ipv6 unicast-routing
660!
661interface Loopback0
662 ip address 10.100.255.1 255.255.255.255
663 ipv6 address fd00:100:ff::1/128
664!
665interface GigabitEthernet1/0
666 description P2P Link to RREN1
667 ip address 10.100.254.1 255.255.255.252
668 ipv6 address fd00:100:fe::/127
669 no shutdown
670!
671interface GigabitEthernet2/0
672 description P2P Link to RREN2
673 ip address 10.100.254.5 255.255.255.252
674 ipv6 address fd00:100:fe::2/127
675 no shutdown
676!
677interface GigabitEthernet3/0
678 description Link to IXP
679 ip address 10.251.1.3 255.255.255.0
680 ipv6 address fd00:251:1::3/64
681 no shutdown
682!
683router bgp 100
684 bgp log-neighbor-changes
685 no synchronization
686 no auto-summary
687 no bgp default ipv4-unicast
688 distance bgp 200 200 200
689 address-family ipv4
690  network 10.100.0.0 mask 255.255.0.0
691  neighbor 10.100.254.2 remote-as 101
692  neighbor 10.100.254.2 description eBGP to AS101
693  neighbor 10.100.254.2 password NSRC
694  neighbor 10.100.254.6 remote-as 102
695  neighbor 10.100.254.6 description eBGP to AS102
696  neighbor 10.100.254.6 password NSRC
697  neighbor 10.251.1.1 remote-as 201
698  neighbor 10.251.1.1 description eBGP to AS201
699  neighbor 10.251.1.1 password NSRC
700  neighbor 10.251.1.2 remote-as 202
701  neighbor 10.251.1.2 description eBGP to AS202
702  neighbor 10.251.1.2 password NSRC
703 address-family ipv6
704  network fd00:100::/32
705  neighbor fd00:100:fe::1 remote-as 101
706  neighbor fd00:100:fe::1 description eBGP to AS101
707  neighbor fd00:100:fe::1 password NSRC
708  neighbor fd00:100:fe::3 remote-as 102
709  neighbor fd00:100:fe::3 description eBGP to AS102
710  neighbor fd00:100:fe::3 password NSRC
711  neighbor fd00:251:1::1 remote-as 201
712  neighbor fd00:251:1::1 description eBGP to AS201
713  neighbor fd00:251:1::1 password NSRC
714  neighbor fd00:251:1::2 remote-as 202
715  neighbor fd00:251:1::2 description eBGP to AS202
716  neighbor fd00:251:1::2 password NSRC
717
718!
719ip route 10.100.0.0 255.255.0.0 null0
720ipv6 route fd00:100::/32 null0
721~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
722
723
724\pagebreak
725
726# Appendix B - NREN1 Configuration
727
728~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
729hostname NREN1
730aaa new-model
731aaa authentication login default local
732aaa authentication enable default enable
733username nsrc secret nsrc
734enable secret nsrc
735service password-encryption
736line vty 0 4
737 transport preferred none
738line console 0
739 transport preferred none
740no logging console
741logging buffered 8192 debugging
742no ip domain-lookup
743ip subnet-zero
744ip classless
745no ip source-route
746ipv6 unicast-routing
747!
748interface Loopback0
749 ip address 10.101.255.1 255.255.255.255
750 ipv6 address fd00:101:ff::1/128
751!
752interface GigabitEthernet1/0
753 description P2P Link to RREN
754 ip address 10.100.254.2 255.255.255.252
755 ipv6 address fd00:100:fe::1/127
756 no shutdown
757!
758interface GigabitEthernet2/0
759 description P2P Link to ISP1
760 ip address 10.101.254.13 255.255.255.252
761 ipv6 address fd00:101:fe::6/127
762 no shutdown
763!
764interface GigabitEthernet3/0
765 description P2P Link to R11
766 ip address 10.101.254.1 255.255.255.252
767 ipv6 address fd00:101:fe::0/127
768 no shutdown
769!
770interface GigabitEthernet4/0
771 description P2P Link to R21
772 ip address 10.101.254.5 255.255.255.252
773 ipv6 address fd00:101:fe::2/127
774 no shutdown
775!
776interface GigabitEthernet5/0
777 description P2P Link to R31
778 ip address 10.101.254.9 255.255.255.252
779 ipv6 address fd00:101:fe::4/127
780 no shutdown
781!
782ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
783ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
784!
785ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
786ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
787!
788ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32
789ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128
790!
791router bgp 101
792 bgp log-neighbor-changes
793 no synchronization
794 no auto-summary
795 no bgp default ipv4-unicast
796 distance bgp 200 200 200
797 address-family ipv4
798  network 10.101.0.0 mask 255.255.0.0
799  neighbor 10.101.254.2 remote-as 10
800  neighbor 10.101.254.2 description eBGP to AS10
801  neighbor 10.101.254.2 password NSRC
802  neighbor 10.101.254.2 prefix-list AS10-in-peer in
803  neighbor 10.101.254.6 remote-as 20
804  neighbor 10.101.254.6 description eBGP to AS20
805  neighbor 10.101.254.6 password NSRC
806  neighbor 10.101.254.6 prefix-list AS20-in-peer in
807  neighbor 10.101.254.10 remote-as 30
808  neighbor 10.101.254.10 description eBGP to AS30
809  neighbor 10.101.254.10 password NSRC
810  neighbor 10.101.254.10 prefix-list AS30-in-peer in
811  neighbor 10.101.254.14 remote-as 201
812  neighbor 10.101.254.14 description eBGP to AS201
813  neighbor 10.101.254.14 password NSRC
814  neighbor 10.100.254.1 remote-as 100
815  neighbor 10.100.254.1 description eBGP to AS100
816  neighbor 10.100.254.1 password NSRC
817 address-family ipv6
818  network fd00:101::/32
819  neighbor fd00:101:fe::1 remote-as 10
820  neighbor fd00:101:fe::1 description eBGP to AS10
821  neighbor fd00:101:fe::1 password NSRC
822  neighbor fd00:101:fe::1 prefix-list ipv6-AS10-in-peer in
823  neighbor fd00:101:fe::3 remote-as 20
824  neighbor fd00:101:fe::3 description eBGP to AS20
825  neighbor fd00:101:fe::3 password NSRC
826  neighbor fd00:101:fe::3 prefix-list ipv6-AS20-in-peer in
827  neighbor fd00:101:fe::5 remote-as 30
828  neighbor fd00:101:fe::5 description eBGP to AS30
829  neighbor fd00:101:fe::5 password NSRC
830  neighbor fd00:101:fe::5 prefix-list ipv6-AS30-in-peer in
831  neighbor fd00:201:fe::8 remote-as 201
832  neighbor fd00:201:fe::8 description eBGP to AS201
833  neighbor fd00:201:fe::8 password NSRC
834  neighbor fd00:100:fe:: remote-as 100
835  neighbor fd00:100:fe:: description eBGP to AS100
836  neighbor fd00:100:fe:: password NSRC
837!
838ip route 10.101.0.0 255.255.0.0 null0
839ipv6 route fd00:101::/32 null0
840~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
841
842\pagebreak
843
844# Appendix C - NREN2 Configuration
845
846~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
847hostname NREN2
848aaa new-model
849aaa authentication login default local
850aaa authentication enable default enable
851username nsrc secret nsrc
852enable secret nsrc
853service password-encryption
854line vty 0 4
855 transport preferred none
856line console 0
857 transport preferred none
858no logging console
859logging buffered 8192 debugging
860no ip domain-lookup
861ip subnet-zero
862ip classless
863no ip source-route
864ipv6 unicast-routing
865!
866interface Loopback0
867 ip address 10.102.255.1 255.255.255.255
868 ipv6 address fd00:102:ff::1/128
869!
870interface GigabitEthernet1/0
871 description P2P Link to RREN
872 ip address 10.100.254.6 255.255.255.252
873 ipv6 address fd00:100:fe::3/127
874 no shutdown
875!
876interface GigabitEthernet2/0
877 description P2P Link to ISP2
878 ip address 10.102.254.13 255.255.255.252
879 ipv6 address fd00:102:fe::6/127
880 no shutdown
881!
882interface GigabitEthernet3/0
883 description P2P Link to R41
884 ip address 10.102.254.1 255.255.255.252
885 ipv6 address fd00:102:fe::0/127
886 no shutdown
887!
888interface GigabitEthernet4/0
889 description P2P Link to R51
890 ip address 10.102.254.5 255.255.255.252
891 ipv6 address fd00:102:fe::2/127
892 no shutdown
893!
894interface GigabitEthernet5/0
895 description P2P Link to R61
896 ip address 10.102.254.9 255.255.255.252
897 ipv6 address fd00:102:fe::4/127
898 no shutdown
899!
900ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32
901ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128
902!
903ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32
904ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128
905!
906ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32
907ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128
908!
909router bgp 102
910 bgp log-neighbor-changes
911 no synchronization
912 no auto-summary
913 no bgp default ipv4-unicast
914 distance bgp 200 200 200
915 address-family ipv4
916  network 10.102.0.0 mask 255.255.0.0
917  neighbor 10.102.254.2 remote-as 40
918  neighbor 10.102.254.2 description eBGP to AS40
919  neighbor 10.102.254.2 password NSRC
920  neighbor 10.102.254.2 prefix-list AS40-in-peer in
921  neighbor 10.102.254.6 remote-as 50
922  neighbor 10.102.254.6 description eBGP to AS50
923  neighbor 10.102.254.6 password NSRC
924  neighbor 10.102.254.6 prefix-list AS50-in-peer in
925  neighbor 10.102.254.10 remote-as 60
926  neighbor 10.102.254.10 description eBGP to AS60
927  neighbor 10.102.254.10 password NSRC
928  neighbor 10.102.254.10 prefix-list AS60-in-peer in
929  neighbor 10.102.254.14 remote-as 202
930  neighbor 10.102.254.14 description eBGP to AS202
931  neighbor 10.102.254.14 password NSRC
932  neighbor 10.100.254.5 remote-as 100
933  neighbor 10.100.254.5 description eBGP to AS100
934  neighbor 10.100.254.5 password NSRC
935 address-family ipv6
936  network fd00:102::/32
937  neighbor fd00:102:fe::1 remote-as 40
938  neighbor fd00:102:fe::1 description eBGP to AS40
939  neighbor fd00:102:fe::1 password NSRC
940  neighbor fd00:102:fe::1 prefix-list ipv6-AS40-in-peer in
941  neighbor fd00:102:fe::3 remote-as 50
942  neighbor fd00:102:fe::3 description eBGP to AS50
943  neighbor fd00:102:fe::3 password NSRC
944  neighbor fd00:102:fe::3 prefix-list ipv6-AS50-in-peer in
945  neighbor fd00:102:fe::5 remote-as 60
946  neighbor fd00:102:fe::5 description eBGP to AS60
947  neighbor fd00:102:fe::5 password NSRC
948  neighbor fd00:102:fe::5 prefix-list ipv6-AS60-in-peer in
949  neighbor fd00:102:fe::7 remote-as 202
950  neighbor fd00:102:fe::7 description eBGP to AS202
951  neighbor fd00:102:fe::7 password NSRC
952  neighbor fd00:100:fe::2 remote-as 100
953  neighbor fd00:100:fe::2 description eBGP to AS100
954  neighbor fd00:100:fe::2 password NSRC
955!
956ip route 10.102.0.0 255.255.0.0 null0
957ipv6 route fd00:102::/32 null0
958~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
959
960
961
962\pagebreak
963
964# Appendix D - ISP1 Configuration
965
966Note: *This is in addition to what was configured
967in the previous exercise*.
968
969~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
970interface GigabitEthernet2/0
971 description P2P Link to NREN1
972 ip address 10.101.254.14 255.255.255.252
973 ipv6 address fd00:101:fe::7/127
974 no shutdown
975!
976ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
977ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
978ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
979ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
980ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32
981ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128
982!
983router bgp 201
984 bgp log-neighbor-changes
985 no synchronization
986 no auto-summary
987 no bgp default ipv4-unicast
988 bgp deterministic-med
989 distance bgp 200 200 200
990 address-family ipv4
991  network 10.201.0.0 mask 255.255.0.0
992  neighbor 10.201.254.2 remote-as 10
993  neighbor 10.201.254.2 description eBGP to AS10
994  neighbor 10.201.254.2 password NSRC
995  neighbor 10.201.254.2 prefix-list AS10-in-peer in
996  neighbor 10.201.254.6 remote-as 20
997  neighbor 10.201.254.6 description eBGP to AS20
998  neighbor 10.201.254.6 password NSRC
999  neighbor 10.201.254.6 prefix-list AS20-in-peer in
1000  neighbor 10.201.254.10 remote-as 30
1001  neighbor 10.201.254.10 description eBGP to AS30
1002  neighbor 10.201.254.10 password NSRC
1003  neighbor 10.201.254.10 prefix-list AS30-in-peer in
1004  neighbor 10.101.254.13 remote-as 101
1005  neighbor 10.101.254.13 description eBGP to AS101
1006  neighbor 10.101.254.13 password NSRC
1007  neighbor 10.251.1.2 remote-as 202
1008  neighbor 10.251.1.2 description eBGP to AS202
1009  neighbor 10.251.1.2 password NSRC
1010  neighbor 10.251.1.3 remote-as 100
1011  neighbor 10.251.1.3 description eBGP to AS100
1012  neighbor 10.251.1.3 password NSRC
1013 address-family ipv6
1014  network fd00:201::/32
1015  neighbor fd00:201:fe::1 remote-as 10
1016  neighbor fd00:201:fe::1 description eBGP to AS10
1017  neighbor fd00:201:fe::1 password NSRC
1018  neighbor fd00:201:fe::1 prefix-list AS10-in-peer in
1019  neighbor fd00:201:fe::3 remote-as 20
1020  neighbor fd00:201:fe::3 description eBGP to AS20
1021  neighbor fd00:201:fe::3 password NSRC
1022  neighbor fd00:201:fe::3 prefix-list AS20-in-peer in
1023  neighbor fd00:201:fe::5 remote-as 30
1024  neighbor fd00:201:fe::5 description eBGP to AS30
1025  neighbor fd00:201:fe::5 password NSRC
1026  neighbor fd00:201:fe::5 prefix-list AS30-in-peer in
1027  neighbor fd00:101:fe::6 remote-as 101
1028  neighbor fd00:101:fe::6 description eBGP to AS101
1029  neighbor fd00:101:fe::6 password NSRC
1030  neighbor fd00:251:1::2 remote-as 202
1031  neighbor fd00:251:1::2 description eBGP to AS202
1032  neighbor fd00:251:1::2 password NSRC
1033  neighbor fd00:251:1::3 remote-as 100
1034  neighbor fd00:251:1::3 description eBGP to AS100
1035  neighbor fd00:251:1::3 password NSRC
1036!
1037ip route 10.201.0.0 255.255.0.0 null0
1038ipv6 route fd00:201::/32 null0
1039~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1040
1041# Appendix E - ISP2 Configuration
1042
1043Note: *This is in addition to what was configured
1044in the previous exercise*.
1045
1046~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1047interface GigabitEthernet2/0
1048 description P2P Link to NREN2
1049 ip address 10.102.254.14 255.255.255.252
1050 ipv6 address fd00:102:fe::7/127
1051 no shutdown
1052!
1053ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32
1054ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128
1055ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32
1056ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128
1057ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32
1058ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128
1059!
1060router bgp 202
1061 bgp log-neighbor-changes
1062 no synchronization
1063 no auto-summary
1064 no bgp default ipv4-unicast
1065 distance bgp 200 200 200
1066 address-family ipv4
1067  network 10.202.0.0 mask 255.255.0.0
1068  neighbor 10.202.254.2 remote-as 40
1069  neighbor 10.202.254.2 description eBGP to AS40
1070  neighbor 10.202.254.2 password NSRC
1071  neighbor 10.202.254.2 prefix-list AS40-in-peer in
1072  neighbor 10.202.254.6 remote-as 50
1073  neighbor 10.202.254.6 description eBGP to AS50
1074  neighbor 10.202.254.6 password NSRC
1075  neighbor 10.202.254.6 prefix-list AS50-in-peer in
1076  neighbor 10.202.254.10 remote-as 60
1077  neighbor 10.202.254.10 description eBGP to AS60
1078  neighbor 10.202.254.10 password NSRC
1079  neighbor 10.202.254.10 prefix-list AS60-in-peer in
1080  neighbor 10.102.254.13 remote-as 102
1081  neighbor 10.102.254.13 description eBGP to AS102
1082  neighbor 10.102.254.13 password NSRC
1083  neighbor 10.251.1.1 remote-as 201
1084  neighbor 10.251.1.1 description eBGP to AS201
1085  neighbor 10.251.1.1 password NSRC
1086  neighbor 10.251.1.3 remote-as 100
1087  neighbor 10.251.1.3 description eBGP to AS100
1088  neighbor 10.251.1.3 password NSRC
1089address-family ipv6
1090  network fd00:202::/32
1091  neighbor fd00:202:fe::1 remote-as 40
1092  neighbor fd00:202:fe::1 description eBGP to AS40
1093  neighbor fd00:202:fe::1 password NSRC
1094  neighbor fd00:202:fe::1 prefix-list ipv6-AS40-in-peer in
1095  neighbor fd00:202:fe::3 remote-as 50
1096  neighbor fd00:202:fe::3 description eBGP to AS50
1097  neighbor fd00:202:fe::3 password NSRC
1098  neighbor fd00:202:fe::3 prefix-list ipv6-AS50-in-peer in
1099  neighbor fd00:202:fe::5 remote-as 60
1100  neighbor fd00:202:fe::5 description eBGP to AS60
1101  neighbor fd00:202:fe::5 password NSRC
1102  neighbor fd00:202:fe::5 prefix-list ipv6-AS60-in-peer in
1103  neighbor fd00:102:fe::7 remote-as 102
1104  neighbor fd00:102:fe::7 description eBGP to AS102
1105  neighbor fd00:102:fe::7 password NSRC
1106  neighbor fd00:251:1::1 remote-as 201
1107  neighbor fd00:251:1::1 description eBGP to AS201
1108  neighbor fd00:251:1::1 password NSRC
1109  neighbor fd00:251:1::3 remote-as 100
1110  neighbor fd00:251:1::3 description eBGP to AS100
1111  neighbor fd00:251:1::3 password NSRC
1112!
1113ip route 10.202.0.0 255.255.0.0 null0
1114ipv6 route fd00:202::/32 null0
1115~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1116
1117