Agenda: lab-bgp-basic.txt

% Network Design Workshop
% Basic BGP Lab

![Multi-homed Topology](ex2-1.png)

\pagebreak

# Introduction

The purpose of this exercise is to:

* Understand the routing implications of
  connecting to multiple external domains
* Learn to configure basic eBGP to exchange routing 
  information with multiple external peers and iBGP 
  to carry that information inside your network.

# Pre-requisites

This exercise builds upon the configurations implemented in
the OSPF + Static routing lab. You must be able to:

* Ping your neighbor router in the same AS using its 
  loopback address (both IPv4 and IPv6!). 
* Ping your neighbor routers in other ASs using their
  point-to-point link addresses.

*Note: Actually, if everyone configured their OSPF and static 
routes properly in the previous exercise, you should be able 
to ping every other router using their loopback address.*

# Address Space Allocation

## Regional REN (RREN)

We only need one:

RREN    IPv4            IPv6            ASN
-----   ------------    -------------   -------
1       10.100.0.0/16   fd00:100::/32   100

## National RENs (NRENs)

NREN    IPv4            IPv6            ASN
-----   ------------    -------------   -------
1       10.101.0.0/16   fd00:101::/32   101
2       10.102.0.0/16   fd00:102::/32   102

... and so on.

# iBGP Configuration

## Enable the BGP process

Before we set up iBGP, we need to do some basic preparation 
on the router. The IOS defaults are not optimized, so before 
we bring up BGP sessions, we should set the parameters that we 
require.

The default distance for eBGP is 20, the default distance for iBGP 
is 200, and the default distance for OSPF is 110. This means that 
there is a potential for a prefix learned by eBGP to override the 
identical prefix carried by OSPF. To protect against accidents, the 
eBGP distance is set to 200 also. 

The command to do this is the *distance bgp* subcommand:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
distance bgp <external-routes> <internal-routes> <local-routes>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We also want to:

* Enable logging of BGP neighbor state changes
* Disable the requirement that a route must be present in the IGP
  table before it can be advertised by BGP (synchronization).
* Disable auto-summarization of routes to classful network boundaries
* Disable the automatic exchange of IPv4 unicast routes on every 
  peering session.

This must be done in all future BGP configurations of this workshop:

On both R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 distance bgp 200 200 200
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


## Configure iBGP neighbors

Again, make sure that you can ping the other router
using its loopback address, otherwise the BGP session
will not come up!

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.10.255.2 remote-as 10
  neighbor 10.10.255.2 update-source loopback 0
  neighbor 10.10.255.2 description iBGP to R12
  neighbor 10.10.255.2 password NSRC
  neighbor 10.10.255.2 next-hop-self
 address-family ipv6 
  neighbor fd00:10:ff::2 remote-as 10
  neighbor fd00:10:ff::2 update-source loopback 0
  neighbor fd00:10:ff::2 description iBGP to R12
  neighbor fd00:10:ff::2 password NSRC
  neighbor fd00:10:ff::2 next-hop-self
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.10.255.1 remote-as 10
  neighbor 10.10.255.1 update-source loopback 0
  neighbor 10.10.255.1 description iBGP to R11
  neighbor 10.10.255.1 password NSRC
  neighbor 10.10.255.1 next-hop-self
 address-family ipv6 
  neighbor fd00:10:ff::1 remote-as 10
  neighbor fd00:10:ff::1 update-source loopback 0
  neighbor fd00:10:ff::1 description iBGP to R11
  neighbor fd00:10:ff::1 password NSRC
  neighbor fd00:10:ff::1 next-hop-self
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Check that the BGP sessions are up on both sides.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show bgp ipv6 unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

## Advertise end-user prefixes

1. Divide your end-user address space in two 
   halves and announce each half separately. 
   Refer to the address space allocation table
   in the previous exercise.

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  network 10.10.0.0 mask 255.255.192.0
 address-family ipv6
  network fd00:10::/41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  network 10.10.64.0 mask 255.255.192.0
 address-family ipv6
network fd00:10:80::/41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Get the list of learned paths:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp 
show bgp ipv6 unicast
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Do you see any paths? Why not?

2. Create a static route for the prefix being
   announced on each router:

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip route 10.10.0.0 255.255.192.0 null0
ipv6 route fd00:10::/41 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip route 10.10.64.0 255.255.192.0 null0
ipv6 route fd00:10:80::/41 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Get the list of learned paths again. You should see
both your prefix and the neighbor's.

# Multihoming - eBGP Configuration

## Connect to the NREN

1. Configure your RX1 router to connect to the NREN
   with a a point-to-point link.

NRENs: Use configuration in Appendix.

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet1/0
 description P2P Link to NREN1
 ip address 10.101.254.2 255.255.255.252
 ipv6 address fd00:101:fe::1/127
 no shutdown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make sure that it's up and that you can ping the other
side:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ping 10.101.254.1
ping fd00:101:fe::0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Do some traceroutes to other networks again:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# traceroute 10.20.255.1
R11# traceroute 10.30.255.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Has anything changed since the last exercise?

Notice that before we had only one connection to
the Internet - via the ISP. Now we have two.
But we are still using a default route pointing
to the ISP only!

We could add another default route pointing to the
NREN, but that would not give us much flexibility 
in terms of traffic policies. Keep going.

## BGP-peer with the NREN and the ISP

1. Configure eBGP sessions to the ISP and the NREN

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.101.254.1 remote-as 101
  neighbor 10.101.254.1 description eBGP to NREN1
  neighbor 10.101.254.1 password NSRC
 address-family ipv6 
  neighbor fd00:101:fe:: remote-as 101
  neighbor fd00:101:fe:: description eBGP to NREN1
  neighbor fd00:101:fe:: password NSRC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**Did you notice that with eBGP we no longer use the 
loopback address as the endpoint of the BGP session, 
as we did with iBGP?**

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.201.254.1 remote-as 201
  neighbor 10.201.254.1 description eBGP to ISP1
  neighbor 10.201.254.1 password NSRC
 address-family ipv6 
  neighbor fd00:201:fe:: remote-as 201
  neighbor fd00:201:fe:: description eBGP to ISP1
  neighbor fd00:201:fe:: password NSRC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Check that the BGP sessions are up on both routers:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show bgp ipv6 unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Verify what you are advertising to the NREN:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# show ip bgp nei 10.101.254.1 advertised-routes
R11# sh bgp ipv6 uni neigh fd00:101:fe:: advertised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

... and to the ISP:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12# show ip bgp neighbor 10.201.254.1 advertised-routes
R12# sh bgp ipv6 uni neigh fd00:201:fe:: advertised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Are you perhaps announcing other prefixes that don't
originate in your AS? If so, can you remember what
serious negative implications this could have?
Ask the instructor if you need clarification.

## Filter what you send and receive

1. Create prefix lists for your inbound/outbound
   filters.

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list out-peer permit 10.10.0.0/16 le 32
ip prefix-list nren-in-peer deny 10.10.0.0/16 le 32
ip prefix-list nren-in-peer permit 0.0.0.0/0 le 32
ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
ipv6 prefix-list ipv6-nren-in-peer deny fd00:10::/32 le 128
ipv6 prefix-list ipv6-nren-in-peer permit ::/0 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list out-peer permit 10.10.0.0/16 le 32
ip prefix-list isp-in-peer deny 10.10.0.0/16 le 32
ip prefix-list isp-in-peer permit 0.0.0.0/0 le 32
ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
ipv6 prefix-list ipv6-isp-in-peer deny fd00:10::/32 le 128
ipv6 prefix-list ipv6-isp-in-peer permit ::/0 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Now create inbound/outbound filters using those
   prefix lists

R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  neighbor 10.101.254.1 prefix-list nren-in-peer in
  neighbor 10.101.254.1 prefix-list out-peer out
 address-family ipv6
  neighbor fd00:101:fe:: prefix-list ipv6-nren-in-peer in
  neighbor fd00:101:fe:: prefix-list ipv6-out-peer out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  neighbor 10.201.254.1 prefix-list isp-in-peer in
  neighbor 10.201.254.1 prefix-list out-peer out
 address-family ipv6
  neighbor fd00:201:fe:: prefix-list ipv6-isp-in-peer in
  neighbor fd00:201:fe:: prefix-list ipv6-out-peer out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use the *BGP refresh* capability to resend the 
information to the peer:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11#clear ip bgp 10.101.254.1 out
R11#clear bgp ipv6 unicast fd00:101:fe:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#clear ip bgp 10.201.254.1 out
R12#clear bgp ipv6 unicast fd00:201:fe:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should now be advertising only both halves of your 
end-user address space. Check with the ISP and 
NREN administrators to make sure that they are 
receiving both routes from you.

*Note: This is a form of load-balancing for
traffic coming into your AS.* 

But wait... that's not your whole address space!

## Announce your whole address space

On R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  aggregate-address 10.10.0.0 255.255.0.0
 address-family ipv6
  aggregate-address fd00:10::/32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Verify again what you are advertising from R11
and R12. You should now be announcing three blocks,
the two halves of your end-user block, and your
whole address space.

Confirm with the ISP and NREN administrators that
they are indeed receiving those routes from you.

Announcing your smaller blocks in addition to your
whole block is a valid configuration. However, it
has an impact: it increases the size of the global BGP
routing table, causing more load on Internet backbone 
routers. 

Let's assume, just for the sake of this exercise,
that we don't really need to load-balance our incoming 
traffic like that.

6. Announce only a summary aggregate

On R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  aggregate-address 10.10.0.0 255.255.0.0 summary-only
 address-family ipv6
  aggregate-address fd00:10::/32 summary-only
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Resend the information to the peer:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11#clear ip bgp 10.101.254.1 out
R11#clear bgp ipv6 unicast FD00:101:FE:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#clear ip bgp 10.201.254.1 out
R12#clear bgp ipv6 unicast FD00:201:FE:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Check again what you are advertising, and confirm
with your peers.

### Remove static routes

1. The ISPs remove their static routes towards
   their customers.

Now your ISP has learned a route to reach your
network, correct? The ISPs can now safely remove
the static routes pointing to you and the other
customers:

ISP1: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 10.10.0.0 255.255.0.0 10.201.254.2
no ip route 10.20.0.0 255.255.0.0 10.201.254.6
no ip route 10.30.0.0 255.255.0.0 10.201.254.10
!
no ipv6 route fd00:10::/32 fd00:201:fe::1
no ipv6 route fd00:20::/32 fd00:201:fe::3
no ipv6 route fd00:30::/32 fd00:201:fe::5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ISP2:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 10.40.0.0 255.255.0.0 10.202.254.2
no ip route 10.50.0.0 255.255.0.0 10.202.254.6
no ip route 10.60.0.0 255.255.0.0 10.202.254.10
!
no ipv6 route fd00:40::/32 fd00:202:fe::1
no ipv6 route fd00:50::/32 fd00:202:fe::3
no ipv6 route fd00:60::/32 fd00:202:fe::5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Remove your static default routes 

In the previous exercise, we created default
routes on both routers. But thanks to BGP, we 
should now be receiving routes from our NREN and 
our ISP.

Let's check first (do this on both routers):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp
show bgp ipv6 unicast
show ip route
show ipv6 route
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should be learning routes advertised by other
groups, and also from the NRENs and the ISPs.

Remove your static default routes:

R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 0.0.0.0 0.0.0.0 10.10.254.2
no ipv6 route ::/0 fd00:10:fe::1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 0.0.0.0 0.0.0.0 10.201.254.1
no ipv6 route ::/0 fd00:201:fe::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should be able to ping any other router now.
If you can't, wait for other groups to finish,
or ask the instructors.

Use traceroute to verify the paths that packets
are following towards various destinations:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# traceroute 10.100.255.1 
R11# traceroute 10.30.255.2
...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Repeat the same tests from the other router in
your AS and compare. Use the diagram to help you
visualize it.

# Traffic Exchange (Peering)

Direct traffic exchanges are usually established at no 
charge between two autonomous systems that want to save
costs. The savings are achieved by not having to carry 
that traffic over expensive transit links via  commercial 
providers. Also, these direct exchanges have the added 
benefit of reducing latency because there are fewer hops.

Usually traffic exchanges occur at public exchange points,
also known as IXPs. The simplest kind of exchange point is
a Layer-2 switch. In this exercise, we will simply configure 
direct links between routers, which is basically the same 
thing as connecting through a switch. 

![Peering Topology](ex2-2.png)

## Connect to your neighbor AS

1. Configure a point to point link to your neighbor AS 
as shown in the diagram. You will have to agree with 
your peer on which address space to use. Make sure to 
pick a point-to-point subnet that is not already used!

The instructor will draw a map of the network at the front
of the class and will ask you to document the subnet
that was used for the peering session, so everybody can 
use that information when troubleshooting.

For example, on R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet3/0
 description Link to R21
 ip address 10.10.254.5 255.255.255.252
 ipv6 address fd00:10:fe::2/127
 no shutdown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Configure prefix lists for your inbound filters

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*The equivalent needs to be done in R21.*

3. Configure prefix lists for your outbound filters

You should have these from a previous step. You can verify
like this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#show ip prefix-list out-peer
R12#show ipv6 prefix-list ipv6-out-peer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Now create the BGP sessions and apply those 
   inbound/outbound filters:

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  neighbor 10.10.254.6 remote-as 20
  neighbor 10.10.254.6 description eBGP to AS20
  neighbor 10.10.254.6 password NSRC
  neighbor 10.10.254.6 prefix-list out-peer out
  neighbor 10.10.254.6 prefix-list AS20-in-peer in
 address-family ipv6
  neighbor fd00:10:fe::3 remote-as 20
  neighbor fd00:10:fe::3 description eBGP to AS20
  neighbor fd00:10:fe::3 password NSRC
  neighbor fd00:10:fe::3 prefix-list ipv6-out-peer out
  neighbor fd00:10:fe::3 prefix-list ipv6-AS20-in-peer in
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The equivalent needs to be done in R21.

Verify that the sessions are up:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show ipv6 bgp unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

..and that you are learning the prefix directly 
from the neighbor:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#show ip bgp neighbor 10.10.254.6 routes 
R12#show bgp ipv6 unicast neighbors fd00:10:fe::3 routes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. Do some traceroutes towards your peer and 
   make sure that the path is direct. 


Remember to save your configurations.

You are done! You have configured BGP in a multihomed
environment and BGP is selecting the paths based on
default values.


\pagebreak

# Appendix A - RREN Configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostname RREN
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc
enable secret nsrc
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ip subnet-zero
ip classless
no ip source-route
ipv6 unicast-routing
!
interface Loopback0
 ip address 10.100.255.1 255.255.255.255
 ipv6 address fd00:100:ff::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN1
 ip address 10.100.254.1 255.255.255.252
 ipv6 address fd00:100:fe::/127
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to RREN2
 ip address 10.100.254.5 255.255.255.252
 ipv6 address fd00:100:fe::2/127
 no shutdown
!
interface GigabitEthernet3/0
 description Link to IXP
 ip address 10.251.1.3 255.255.255.0
 ipv6 address fd00:251:1::3/64
 no shutdown
!
router bgp 100
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.100.0.0 mask 255.255.0.0
  neighbor 10.100.254.2 remote-as 101
  neighbor 10.100.254.2 description eBGP to AS101
  neighbor 10.100.254.2 password NSRC
  neighbor 10.100.254.6 remote-as 102
  neighbor 10.100.254.6 description eBGP to AS102
  neighbor 10.100.254.6 password NSRC
  neighbor 10.251.1.1 remote-as 201
  neighbor 10.251.1.1 description eBGP to AS201
  neighbor 10.251.1.1 password NSRC
  neighbor 10.251.1.2 remote-as 202
  neighbor 10.251.1.2 description eBGP to AS202
  neighbor 10.251.1.2 password NSRC
 address-family ipv6
  network fd00:100::/32
  neighbor fd00:100:fe::1 remote-as 101
  neighbor fd00:100:fe::1 description eBGP to AS101
  neighbor fd00:100:fe::1 password NSRC
  neighbor fd00:100:fe::3 remote-as 102
  neighbor fd00:100:fe::3 description eBGP to AS102
  neighbor fd00:100:fe::3 password NSRC
  neighbor fd00:251:1::1 remote-as 201
  neighbor fd00:251:1::1 description eBGP to AS201
  neighbor fd00:251:1::1 password NSRC
  neighbor fd00:251:1::2 remote-as 202
  neighbor fd00:251:1::2 description eBGP to AS202
  neighbor fd00:251:1::2 password NSRC

!
ip route 10.100.0.0 255.255.0.0 null0
ipv6 route fd00:100::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


\pagebreak

# Appendix B - NREN1 Configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostname NREN1
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc
enable secret nsrc
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ip subnet-zero
ip classless
no ip source-route
ipv6 unicast-routing
!
interface Loopback0
 ip address 10.101.255.1 255.255.255.255
 ipv6 address fd00:101:ff::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN
 ip address 10.100.254.2 255.255.255.252
 ipv6 address fd00:100:fe::1/127
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to ISP1
 ip address 10.101.254.13 255.255.255.252
 ipv6 address fd00:101:fe::6/127
 no shutdown
!
interface GigabitEthernet3/0
 description P2P Link to R11
 ip address 10.101.254.1 255.255.255.252
 ipv6 address fd00:101:fe::0/127
 no shutdown
!
interface GigabitEthernet4/0
 description P2P Link to R21
 ip address 10.101.254.5 255.255.255.252
 ipv6 address fd00:101:fe::2/127
 no shutdown
!
interface GigabitEthernet5/0
 description P2P Link to R31
 ip address 10.101.254.9 255.255.255.252
 ipv6 address fd00:101:fe::4/127
 no shutdown
!
ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
!
ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
!
ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32
ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128
!
router bgp 101
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.101.0.0 mask 255.255.0.0
  neighbor 10.101.254.2 remote-as 10
  neighbor 10.101.254.2 description eBGP to AS10
  neighbor 10.101.254.2 password NSRC
  neighbor 10.101.254.2 prefix-list AS10-in-peer in
  neighbor 10.101.254.6 remote-as 20
  neighbor 10.101.254.6 description eBGP to AS20
  neighbor 10.101.254.6 password NSRC
  neighbor 10.101.254.6 prefix-list AS20-in-peer in
  neighbor 10.101.254.10 remote-as 30
  neighbor 10.101.254.10 description eBGP to AS30
  neighbor 10.101.254.10 password NSRC
  neighbor 10.101.254.10 prefix-list AS30-in-peer in
  neighbor 10.101.254.14 remote-as 201
  neighbor 10.101.254.14 description eBGP to AS201
  neighbor 10.101.254.14 password NSRC
  neighbor 10.100.254.1 remote-as 100
  neighbor 10.100.254.1 description eBGP to AS100
  neighbor 10.100.254.1 password NSRC
 address-family ipv6
  network fd00:101::/32
  neighbor fd00:101:fe::1 remote-as 10
  neighbor fd00:101:fe::1 description eBGP to AS10
  neighbor fd00:101:fe::1 password NSRC
  neighbor fd00:101:fe::1 prefix-list ipv6-AS10-in-peer in
  neighbor fd00:101:fe::3 remote-as 20
  neighbor fd00:101:fe::3 description eBGP to AS20
  neighbor fd00:101:fe::3 password NSRC
  neighbor fd00:101:fe::3 prefix-list ipv6-AS20-in-peer in
  neighbor fd00:101:fe::5 remote-as 30
  neighbor fd00:101:fe::5 description eBGP to AS30
  neighbor fd00:101:fe::5 password NSRC
  neighbor fd00:101:fe::5 prefix-list ipv6-AS30-in-peer in
  neighbor fd00:201:fe::8 remote-as 201
  neighbor fd00:201:fe::8 description eBGP to AS201
  neighbor fd00:201:fe::8 password NSRC
  neighbor fd00:100:fe:: remote-as 100
  neighbor fd00:100:fe:: description eBGP to AS100
  neighbor fd00:100:fe:: password NSRC
!
ip route 10.101.0.0 255.255.0.0 null0
ipv6 route fd00:101::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

\pagebreak

# Appendix C - NREN2 Configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostname NREN2
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc
enable secret nsrc
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ip subnet-zero
ip classless
no ip source-route
ipv6 unicast-routing
!
interface Loopback0
 ip address 10.102.255.1 255.255.255.255
 ipv6 address fd00:102:ff::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN
 ip address 10.100.254.6 255.255.255.252
 ipv6 address fd00:100:fe::3/127
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to ISP2
 ip address 10.102.254.13 255.255.255.252
 ipv6 address fd00:102:fe::6/127
 no shutdown
!
interface GigabitEthernet3/0
 description P2P Link to R41
 ip address 10.102.254.1 255.255.255.252
 ipv6 address fd00:102:fe::0/127
 no shutdown
!
interface GigabitEthernet4/0
 description P2P Link to R51
 ip address 10.102.254.5 255.255.255.252
 ipv6 address fd00:102:fe::2/127
 no shutdown
!
interface GigabitEthernet5/0
 description P2P Link to R61
 ip address 10.102.254.9 255.255.255.252
 ipv6 address fd00:102:fe::4/127
 no shutdown
!
ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32
ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128
!
ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32
ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128
!
ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32
ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128
!
router bgp 102
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.102.0.0 mask 255.255.0.0
  neighbor 10.102.254.2 remote-as 40
  neighbor 10.102.254.2 description eBGP to AS40
  neighbor 10.102.254.2 password NSRC
  neighbor 10.102.254.2 prefix-list AS40-in-peer in
  neighbor 10.102.254.6 remote-as 50
  neighbor 10.102.254.6 description eBGP to AS50
  neighbor 10.102.254.6 password NSRC
  neighbor 10.102.254.6 prefix-list AS50-in-peer in
  neighbor 10.102.254.10 remote-as 60
  neighbor 10.102.254.10 description eBGP to AS60
  neighbor 10.102.254.10 password NSRC
  neighbor 10.102.254.10 prefix-list AS60-in-peer in
  neighbor 10.102.254.14 remote-as 202
  neighbor 10.102.254.14 description eBGP to AS202
  neighbor 10.102.254.14 password NSRC
  neighbor 10.100.254.5 remote-as 100
  neighbor 10.100.254.5 description eBGP to AS100
  neighbor 10.100.254.5 password NSRC
 address-family ipv6
  network fd00:102::/32
  neighbor fd00:102:fe::1 remote-as 40
  neighbor fd00:102:fe::1 description eBGP to AS40
  neighbor fd00:102:fe::1 password NSRC
  neighbor fd00:102:fe::1 prefix-list ipv6-AS40-in-peer in
  neighbor fd00:102:fe::3 remote-as 50
  neighbor fd00:102:fe::3 description eBGP to AS50
  neighbor fd00:102:fe::3 password NSRC
  neighbor fd00:102:fe::3 prefix-list ipv6-AS50-in-peer in
  neighbor fd00:102:fe::5 remote-as 60
  neighbor fd00:102:fe::5 description eBGP to AS60
  neighbor fd00:102:fe::5 password NSRC
  neighbor fd00:102:fe::5 prefix-list ipv6-AS60-in-peer in
  neighbor fd00:102:fe::7 remote-as 202
  neighbor fd00:102:fe::7 description eBGP to AS202
  neighbor fd00:102:fe::7 password NSRC
  neighbor fd00:100:fe::2 remote-as 100
  neighbor fd00:100:fe::2 description eBGP to AS100
  neighbor fd00:100:fe::2 password NSRC
!
ip route 10.102.0.0 255.255.0.0 null0
ipv6 route fd00:102::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



\pagebreak

# Appendix D - ISP1 Configuration

Note: *This is in addition to what was configured 
in the previous exercise*.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet2/0
 description P2P Link to NREN1
 ip address 10.101.254.14 255.255.255.252
 ipv6 address fd00:101:fe::7/127
 no shutdown
!
ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
ip prefix-list AS30-in-peer permit 10.30.0.0/16 le 32
ipv6 prefix-list ipv6-AS30-in-peer permit fd00:30::/32 le 128
!
router bgp 201
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 bgp deterministic-med 
 distance bgp 200 200 200
 address-family ipv4
  network 10.201.0.0 mask 255.255.0.0
  neighbor 10.201.254.2 remote-as 10
  neighbor 10.201.254.2 description eBGP to AS10
  neighbor 10.201.254.2 password NSRC
  neighbor 10.201.254.2 prefix-list AS10-in-peer in
  neighbor 10.201.254.6 remote-as 20
  neighbor 10.201.254.6 description eBGP to AS20
  neighbor 10.201.254.6 password NSRC
  neighbor 10.201.254.6 prefix-list AS20-in-peer in
  neighbor 10.201.254.10 remote-as 30
  neighbor 10.201.254.10 description eBGP to AS30
  neighbor 10.201.254.10 password NSRC
  neighbor 10.201.254.10 prefix-list AS30-in-peer in
  neighbor 10.101.254.13 remote-as 101
  neighbor 10.101.254.13 description eBGP to AS101
  neighbor 10.101.254.13 password NSRC
  neighbor 10.251.1.2 remote-as 202
  neighbor 10.251.1.2 description eBGP to AS202
  neighbor 10.251.1.2 password NSRC
  neighbor 10.251.1.3 remote-as 100
  neighbor 10.251.1.3 description eBGP to AS100
  neighbor 10.251.1.3 password NSRC
 address-family ipv6
  network fd00:201::/32
  neighbor fd00:201:fe::1 remote-as 10
  neighbor fd00:201:fe::1 description eBGP to AS10
  neighbor fd00:201:fe::1 password NSRC
  neighbor fd00:201:fe::1 prefix-list AS10-in-peer in
  neighbor fd00:201:fe::3 remote-as 20
  neighbor fd00:201:fe::3 description eBGP to AS20
  neighbor fd00:201:fe::3 password NSRC
  neighbor fd00:201:fe::3 prefix-list AS20-in-peer in
  neighbor fd00:201:fe::5 remote-as 30
  neighbor fd00:201:fe::5 description eBGP to AS30
  neighbor fd00:201:fe::5 password NSRC
  neighbor fd00:201:fe::5 prefix-list AS30-in-peer in
  neighbor fd00:101:fe::6 remote-as 101
  neighbor fd00:101:fe::6 description eBGP to AS101
  neighbor fd00:101:fe::6 password NSRC
  neighbor fd00:251:1::2 remote-as 202
  neighbor fd00:251:1::2 description eBGP to AS202
  neighbor fd00:251:1::2 password NSRC
  neighbor fd00:251:1::3 remote-as 100
  neighbor fd00:251:1::3 description eBGP to AS100
  neighbor fd00:251:1::3 password NSRC
!
ip route 10.201.0.0 255.255.0.0 null0
ipv6 route fd00:201::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Appendix E - ISP2 Configuration

Note: *This is in addition to what was configured 
in the previous exercise*.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet2/0
 description P2P Link to NREN2
 ip address 10.102.254.14 255.255.255.252
 ipv6 address fd00:102:fe::7/127
 no shutdown
!
ip prefix-list AS40-in-peer permit 10.40.0.0/16 le 32
ipv6 prefix-list ipv6-AS40-in-peer permit fd00:40::/32 le 128
ip prefix-list AS50-in-peer permit 10.50.0.0/16 le 32
ipv6 prefix-list ipv6-AS50-in-peer permit fd00:50::/32 le 128
ip prefix-list AS60-in-peer permit 10.60.0.0/16 le 32
ipv6 prefix-list ipv6-AS60-in-peer permit fd00:60::/32 le 128
!
router bgp 202
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.202.0.0 mask 255.255.0.0
  neighbor 10.202.254.2 remote-as 40
  neighbor 10.202.254.2 description eBGP to AS40
  neighbor 10.202.254.2 password NSRC
  neighbor 10.202.254.2 prefix-list AS40-in-peer in
  neighbor 10.202.254.6 remote-as 50
  neighbor 10.202.254.6 description eBGP to AS50
  neighbor 10.202.254.6 password NSRC
  neighbor 10.202.254.6 prefix-list AS50-in-peer in
  neighbor 10.202.254.10 remote-as 60
  neighbor 10.202.254.10 description eBGP to AS60
  neighbor 10.202.254.10 password NSRC
  neighbor 10.202.254.10 prefix-list AS60-in-peer in
  neighbor 10.102.254.13 remote-as 102
  neighbor 10.102.254.13 description eBGP to AS102
  neighbor 10.102.254.13 password NSRC
  neighbor 10.251.1.1 remote-as 201
  neighbor 10.251.1.1 description eBGP to AS201
  neighbor 10.251.1.1 password NSRC
  neighbor 10.251.1.3 remote-as 100
  neighbor 10.251.1.3 description eBGP to AS100
  neighbor 10.251.1.3 password NSRC
address-family ipv6
  network fd00:202::/32
  neighbor fd00:202:fe::1 remote-as 40
  neighbor fd00:202:fe::1 description eBGP to AS40
  neighbor fd00:202:fe::1 password NSRC
  neighbor fd00:202:fe::1 prefix-list ipv6-AS40-in-peer in
  neighbor fd00:202:fe::3 remote-as 50
  neighbor fd00:202:fe::3 description eBGP to AS50
  neighbor fd00:202:fe::3 password NSRC
  neighbor fd00:202:fe::3 prefix-list ipv6-AS50-in-peer in
  neighbor fd00:202:fe::5 remote-as 60
  neighbor fd00:202:fe::5 description eBGP to AS60
  neighbor fd00:202:fe::5 password NSRC
  neighbor fd00:202:fe::5 prefix-list ipv6-AS60-in-peer in
  neighbor fd00:102:fe::7 remote-as 102
  neighbor fd00:102:fe::7 description eBGP to AS102
  neighbor fd00:102:fe::7 password NSRC
  neighbor fd00:251:1::1 remote-as 201
  neighbor fd00:251:1::1 description eBGP to AS201
  neighbor fd00:251:1::1 password NSRC
  neighbor fd00:251:1::3 remote-as 100
  neighbor fd00:251:1::3 description eBGP to AS100
  neighbor fd00:251:1::3 password NSRC
!
ip route 10.202.0.0 255.255.0.0 null0
ipv6 route fd00:202::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~