| 1 | % Advanced Routing Workshop |
|---|
| 2 | % BGP Policy Lab |
|---|
| 3 | |
|---|
| 4 |  |
|---|
| 5 | |
|---|
| 6 | \pagebreak |
|---|
| 7 | |
|---|
| 8 | # Introduction |
|---|
| 9 | |
|---|
| 10 | The purpose of this exercise is to: |
|---|
| 11 | |
|---|
| 12 | * Apply the concepts of BGP policy learned in class |
|---|
| 13 | to achieve the desired traffic patterns, particularly |
|---|
| 14 | in an academic environment. |
|---|
| 15 | * Learn how to use Local Preference, BGP Communities, AS Path |
|---|
| 16 | Prepending and related BGP operational commands. |
|---|
| 17 | |
|---|
| 18 | # Pre-requisites |
|---|
| 19 | |
|---|
| 20 | This exercise builds upon the configurations implemented in |
|---|
| 21 | the basic BGP routing lab. You must: |
|---|
| 22 | |
|---|
| 23 | * Verify that all your BGP sessions are up |
|---|
| 24 | * Be able to see every lab prefix in your routing table |
|---|
| 25 | * Be able to ping and traceroute successfully to any other router |
|---|
| 26 | in the lab. |
|---|
| 27 | |
|---|
| 28 | **Remember, all the above applies to both IPv4 and IPv6.** |
|---|
| 29 | |
|---|
| 30 | # Routing Policy in academic networks |
|---|
| 31 | |
|---|
| 32 | Research and Education Networks (RENs) are designed for high throughput |
|---|
| 33 | and low latency. In many cases their links are also subsidized by |
|---|
| 34 | governments and other organizations. Therefore, it is common in academic |
|---|
| 35 | environments to want to apply routing policies that prefer these paths |
|---|
| 36 | over the "commodity" (commercial) ones. |
|---|
| 37 | |
|---|
| 38 | # Local Preference |
|---|
| 39 | |
|---|
| 40 | Our first goal is to configure our routers to prefer the paths |
|---|
| 41 | via the NREN for outgoing traffic to ALL destinations. |
|---|
| 42 | |
|---|
| 43 | 1. Use the Local Preference attribute to prefer all routes learned |
|---|
| 44 | via the NREN: |
|---|
| 45 | |
|---|
| 46 | R11: |
|---|
| 47 | |
|---|
| 48 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 49 | route-map set-lpref permit 10 |
|---|
| 50 | set local-preference 150 |
|---|
| 51 | route-map set-lpref permit 20 |
|---|
| 52 | ! |
|---|
| 53 | router bgp 10 |
|---|
| 54 | address-family ipv4 |
|---|
| 55 | neighbor 10.101.254.1 route-map set-lpref in |
|---|
| 56 | address-family ipv6 |
|---|
| 57 | neighbor fd00:101:fe:: route-map set-lpref in |
|---|
| 58 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 59 | |
|---|
| 60 | |
|---|
| 61 | R12: |
|---|
| 62 | |
|---|
| 63 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 64 | route-map set-lpref permit 10 |
|---|
| 65 | set local-preference 50 |
|---|
| 66 | route-map set-lpref permit 20 |
|---|
| 67 | ! |
|---|
| 68 | router bgp 10 |
|---|
| 69 | address-family ipv4 |
|---|
| 70 | neighbor 10.201.254.1 route-map set-lpref in |
|---|
| 71 | address-family ipv6 |
|---|
| 72 | neighbor fd00:201:fe:: route-map set-lpref in |
|---|
| 73 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 74 | |
|---|
| 75 | What is the default local preference in Cisco IOS? |
|---|
| 76 | Notice that we are setting a higher preference on the NREN |
|---|
| 77 | side, and a lower preference on the ISP side. Can you think |
|---|
| 78 | of a reason why this could be useful? |
|---|
| 79 | |
|---|
| 80 | Check your BGP routes. The next hop should be the P2P |
|---|
| 81 | address of your NREN's router (except for your own prefix). |
|---|
| 82 | |
|---|
| 83 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 84 | show ip bgp |
|---|
| 85 | show bgp ipv6 unicast |
|---|
| 86 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 87 | |
|---|
| 88 | All good now, right? |
|---|
| 89 | |
|---|
| 90 | Wait!... What about the prefixes of ASs with whom |
|---|
| 91 | you are peering directly? Remember the path selection algorithm? |
|---|
| 92 | What comes first, highest local preference or shortest AS path? |
|---|
| 93 | |
|---|
| 94 | 2. Modify the route map to apply a higher local preference |
|---|
| 95 | attribute to prefixes originated by your direct peers. |
|---|
| 96 | |
|---|
| 97 | *Notice the AS path access list. How does it work?* |
|---|
| 98 | |
|---|
| 99 | |
|---|
| 100 | R11: |
|---|
| 101 | |
|---|
| 102 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 103 | ip as-path access-list 1 permit ^[0-9]+$ |
|---|
| 104 | ! |
|---|
| 105 | no route-map set-lpref |
|---|
| 106 | ! |
|---|
| 107 | route-map set-lpref permit 10 |
|---|
| 108 | match as-path 1 |
|---|
| 109 | set local-preference 200 |
|---|
| 110 | route-map set-lpref permit 20 |
|---|
| 111 | set local-preference 150 |
|---|
| 112 | route-map set-lpref permit 30 |
|---|
| 113 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 114 | |
|---|
| 115 | Notice that we need to also apply the route-map to the bi-lateral |
|---|
| 116 | peering. |
|---|
| 117 | |
|---|
| 118 | R12: |
|---|
| 119 | |
|---|
| 120 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 121 | ip as-path access-list 1 permit ^[0-9]+$ |
|---|
| 122 | ! |
|---|
| 123 | no route-map set-lpref |
|---|
| 124 | ! |
|---|
| 125 | route-map set-lpref permit 10 |
|---|
| 126 | match as-path 1 |
|---|
| 127 | set local-preference 200 |
|---|
| 128 | route-map set-lpref permit 20 |
|---|
| 129 | set local-preference 50 |
|---|
| 130 | route-map set-lpref permit 30 |
|---|
| 131 | ! |
|---|
| 132 | router bgp 10 |
|---|
| 133 | address-family ipv4 |
|---|
| 134 | neighbor 10.10.254.6 route-map set-lpref in |
|---|
| 135 | address-family ipv6 |
|---|
| 136 | neighbor fd00:10:fe::3 route-map set-lpref in |
|---|
| 137 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 138 | |
|---|
| 139 | Use BGP refresh to make sure that the policies are applied: |
|---|
| 140 | |
|---|
| 141 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 142 | clear ip bgp * in |
|---|
| 143 | clear ip bgp * out |
|---|
| 144 | clear bgp ipv6 unicast * in |
|---|
| 145 | clear bgp ipv6 unicast * out |
|---|
| 146 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 147 | |
|---|
| 148 | Check your BGP routes again. What is the next hop towards your direct |
|---|
| 149 | peers' prefixes? (Hint: the path should be direct!) |
|---|
| 150 | |
|---|
| 151 | 3. STOP - Checkpoint |
|---|
| 152 | |
|---|
| 153 | All groups must finish this part before continuing. Do NOT continue |
|---|
| 154 | until the instructor says so. |
|---|
| 155 | |
|---|
| 156 | # Path Prepending |
|---|
| 157 | |
|---|
| 158 | At this point we have influenced outbound traffic only. Now we want to |
|---|
| 159 | influence the traffic *coming in* to our AS. We want traffic to come |
|---|
| 160 | to us via the R&E networks as much as possible. |
|---|
| 161 | |
|---|
| 162 | In the case of this lab, every other group is already preferring the |
|---|
| 163 | NREN link for their outgoing traffic. For groups connected to your |
|---|
| 164 | same NREN, the traffic towards you will NOT go via the commodity |
|---|
| 165 | (commercial) Internet. However, this is not the case for groups |
|---|
| 166 | connected to other NRENs. |
|---|
| 167 | |
|---|
| 168 | To see this, check your paths towards groups NOT connected to your |
|---|
| 169 | NREN. For example, from AS10: |
|---|
| 170 | |
|---|
| 171 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 172 | R11# show ip bgp 10.40.0.0 |
|---|
| 173 | R11# traceroute 10.40.255.1 |
|---|
| 174 | R11# show bgp ipv6 unicast fd00:40::/32 |
|---|
| 175 | R11# traceroute fd00:40:ff::1 |
|---|
| 176 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 177 | |
|---|
| 178 | Notice that the traffic leaves via the R&E networks, but then enters |
|---|
| 179 | AS40 through their commercial ISP. |
|---|
| 180 | |
|---|
| 181 | The same happens with traffic coming back to you from other NRENs. |
|---|
| 182 | How can you influence their path selection so that traffic towards |
|---|
| 183 | you enters via your NREN? |
|---|
| 184 | |
|---|
| 185 | We will now use a technique called AS path prepending, which consists |
|---|
| 186 | of adding extra "fake" hops to a path using our ASN multiple times. |
|---|
| 187 | |
|---|
| 188 | 1. Prepend your AS number twice in the path announced to your ISP: |
|---|
| 189 | |
|---|
| 190 | R12: |
|---|
| 191 | |
|---|
| 192 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 193 | ip prefix-list AS10-prefix permit 10.10.0.0/16 |
|---|
| 194 | ! |
|---|
| 195 | route-map set-prepend permit 100 |
|---|
| 196 | match ip address prefix-list AS10-prefix |
|---|
| 197 | set as-path prepend 10 10 |
|---|
| 198 | route-map set-prepend permit 200 |
|---|
| 199 | ! |
|---|
| 200 | ipv6 prefix-list ipv6-AS10-prefix permit fd00:10::/32 |
|---|
| 201 | ! |
|---|
| 202 | route-map ipv6-set-prepend permit 100 |
|---|
| 203 | match ipv6 address prefix-list ipv6-AS10-prefix |
|---|
| 204 | set as-path prepend 10 10 |
|---|
| 205 | route-map ipv6-set-prepend permit 200 |
|---|
| 206 | ! |
|---|
| 207 | router bgp 10 |
|---|
| 208 | address-family ipv4 |
|---|
| 209 | neighbor 10.201.254.1 route-map set-prepend out |
|---|
| 210 | address-family ipv6 |
|---|
| 211 | neighbor fd00:201:fe:: route-map ipv6-set-prepend out |
|---|
| 212 | ! |
|---|
| 213 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 214 | |
|---|
| 215 | Use BGP refresh to re-announce your prefix to the ISP: |
|---|
| 216 | |
|---|
| 217 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 218 | R12# clear ip bgp 10.201.254.1 out |
|---|
| 219 | R12# clear bgp ipv6 unicast fd00:201:fe:: out |
|---|
| 220 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 221 | |
|---|
| 222 | Ask remote groups (connected to the other NRENs), to verify that |
|---|
| 223 | their paths towards you do not traverse the commercial ISPs. |
|---|
| 224 | |
|---|
| 225 | 2. STOP - Checkpoint |
|---|
| 226 | |
|---|
| 227 | All groups must finish this part before continuing. Do NOT continue |
|---|
| 228 | until the instructor says so. |
|---|
| 229 | |
|---|
| 230 | # BGP Communities |
|---|
| 231 | |
|---|
| 232 | Now let's reflect on our initial outbound policy. Since our NREN |
|---|
| 233 | carries commodity Internet prefixes in addition to R&E prefixes, |
|---|
| 234 | we decided to use the Local Preference attribute to send |
|---|
| 235 | *everything* via the NREN. |
|---|
| 236 | |
|---|
| 237 | In reality this may not be optimal, because the NREN may not |
|---|
| 238 | always have the best paths towards the rest of the Internet and also |
|---|
| 239 | because we're not taking advantage of our dual connections |
|---|
| 240 | to load-balance our outbound traffic. |
|---|
| 241 | |
|---|
| 242 | What we really need is a way to tell *which prefixes are originated |
|---|
| 243 | from the R&E community*, so that we prefer the NREN link when sending |
|---|
| 244 | to *those* prefixes only, and let the rest be decided by the regular |
|---|
| 245 | BGP selection process. This is where BGP communities are useful. |
|---|
| 246 | |
|---|
| 247 | 1. Remove the configurations from the Local Preference section. |
|---|
| 248 | Notice the correct order in which this should be done (hint: |
|---|
| 249 | do not remove something if it's still referenced by something |
|---|
| 250 | else): |
|---|
| 251 | |
|---|
| 252 | R11: |
|---|
| 253 | |
|---|
| 254 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 255 | router bgp 10 |
|---|
| 256 | address-family ipv4 |
|---|
| 257 | no neighbor 10.101.254.1 route-map set-lpref in |
|---|
| 258 | address-family ipv6 |
|---|
| 259 | no neighbor fd00:101:fe:: route-map set-lpref in |
|---|
| 260 | ! |
|---|
| 261 | no route-map set-lpref |
|---|
| 262 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 263 | |
|---|
| 264 | *Remember to do the equivalent thing on the other router.* |
|---|
| 265 | |
|---|
| 266 | RENs use BGP communities (basically tags) to mark groups of routes |
|---|
| 267 | together as a unit, which makes it easier for their members to |
|---|
| 268 | apply policies to those groups of routes. |
|---|
| 269 | |
|---|
| 270 | In this particular case, the NRENs carry research and education |
|---|
| 271 | (R&E) routes, as well as commercial Internet routes. The R&E |
|---|
| 272 | routes are marked with a special community (99) as they are |
|---|
| 273 | received from each customer. Also, the NREN passes those communities |
|---|
| 274 | on to other customers and to the RREN. |
|---|
| 275 | |
|---|
| 276 | Notice that the NRENs and the RREN also use the communities to |
|---|
| 277 | set a higher local preference value, in order to prefer the R&E paths. |
|---|
| 278 | This is because they also can learn those prefixes via the ISPs with |
|---|
| 279 | whom they peer. |
|---|
| 280 | |
|---|
| 281 | NREN1: |
|---|
| 282 | |
|---|
| 283 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 284 | ip bgp-community new-format |
|---|
| 285 | ! |
|---|
| 286 | route-map set-RE-comm permit 10 |
|---|
| 287 | set community 101:99 |
|---|
| 288 | route-map set-RE-comm permit 20 |
|---|
| 289 | ! |
|---|
| 290 | ip community-list 1 permit 100:99 |
|---|
| 291 | ! |
|---|
| 292 | route-map set-RE-lpref permit 10 |
|---|
| 293 | match community 1 |
|---|
| 294 | set local-preference 150 |
|---|
| 295 | route-map set-RE-lpref permit 20 |
|---|
| 296 | ! |
|---|
| 297 | router bgp 101 |
|---|
| 298 | address-family ipv4 |
|---|
| 299 | neighbor 10.101.254.2 send-community |
|---|
| 300 | neighbor 10.101.254.2 route-map set-RE-comm in |
|---|
| 301 | neighbor 10.101.254.6 send-community |
|---|
| 302 | neighbor 10.101.254.6 route-map set-RE-comm in |
|---|
| 303 | neighbor 10.101.254.10 send-community |
|---|
| 304 | neighbor 10.101.254.10 route-map set-RE-comm in |
|---|
| 305 | neighbor 10.100.254.1 send-community |
|---|
| 306 | neighbor 10.100.254.1 route-map set-RE-lpref in |
|---|
| 307 | address-family ipv6 |
|---|
| 308 | neighbor fd00:101:fe::1 send-community |
|---|
| 309 | neighbor fd00:101:fe::1 route-map set-RE-comm in |
|---|
| 310 | neighbor fd00:101:fe::3 send-community |
|---|
| 311 | neighbor fd00:101:fe::3 route-map set-RE-comm in |
|---|
| 312 | neighbor fd00:101:fe::5 send-community |
|---|
| 313 | neighbor fd00:101:fe::5 route-map set-RE-comm in |
|---|
| 314 | neighbor fd00:100:fe:: send-community |
|---|
| 315 | neighbor fd00:100:fe:: route-map set-RE-lpref in |
|---|
| 316 | ! |
|---|
| 317 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 318 | |
|---|
| 319 | NREN2: |
|---|
| 320 | |
|---|
| 321 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 322 | ip bgp-community new-format |
|---|
| 323 | ! |
|---|
| 324 | route-map set-RE-comm permit 10 |
|---|
| 325 | set community 102:99 |
|---|
| 326 | route-map set-RE-comm permit 20 |
|---|
| 327 | ! |
|---|
| 328 | ip community-list 1 permit 100:99 |
|---|
| 329 | ! |
|---|
| 330 | route-map set-RE-lpref permit 10 |
|---|
| 331 | match community 1 |
|---|
| 332 | set local-preference 150 |
|---|
| 333 | route-map set-RE-lpref permit 20 |
|---|
| 334 | ! |
|---|
| 335 | router bgp 102 |
|---|
| 336 | address-family ipv4 |
|---|
| 337 | neighbor 10.102.254.2 send-community |
|---|
| 338 | neighbor 10.102.254.2 route-map set-RE-comm in |
|---|
| 339 | neighbor 10.102.254.6 send-community |
|---|
| 340 | neighbor 10.102.254.6 route-map set-RE-comm in |
|---|
| 341 | neighbor 10.102.254.10 send-community |
|---|
| 342 | neighbor 10.102.254.10 route-map set-RE-comm in |
|---|
| 343 | neighbor 10.100.254.5 send-community |
|---|
| 344 | neighbor 10.100.254.5 route-map set-RE-lpref in |
|---|
| 345 | address-family ipv6 |
|---|
| 346 | neighbor fd00:102:fe::1 send-community |
|---|
| 347 | neighbor fd00:102:fe::1 route-map set-RE-comm in |
|---|
| 348 | neighbor fd00:102:fe::3 send-community |
|---|
| 349 | neighbor fd00:102:fe::3 route-map set-RE-comm in |
|---|
| 350 | neighbor fd00:102:fe::5 send-community |
|---|
| 351 | neighbor fd00:102:fe::5 route-map set-RE-comm in |
|---|
| 352 | neighbor fd00:100:fe::2 send-community |
|---|
| 353 | neighbor fd00:100:fe::2 route-map set-RE-lpref in |
|---|
| 354 | ! |
|---|
| 355 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 356 | |
|---|
| 357 | The regional REN (RREN) connects multiple NRENs, so they |
|---|
| 358 | replace communities in the R&E routes learned from NRENs |
|---|
| 359 | with their own community: |
|---|
| 360 | |
|---|
| 361 | RREN: |
|---|
| 362 | |
|---|
| 363 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 364 | ip bgp-community new-format |
|---|
| 365 | ! |
|---|
| 366 | ip community-list 1 permit 101:99 |
|---|
| 367 | ip community-list 1 permit 102:99 |
|---|
| 368 | ! |
|---|
| 369 | route-map set-RE-comm-in permit 10 |
|---|
| 370 | match community 1 |
|---|
| 371 | set community 100:99 additive |
|---|
| 372 | set local-preference 150 |
|---|
| 373 | route-map set-RE-comm-in permit 20 |
|---|
| 374 | ! |
|---|
| 375 | router bgp 100 |
|---|
| 376 | address-family ipv4 |
|---|
| 377 | neighbor 10.100.254.2 send-community |
|---|
| 378 | neighbor 10.100.254.2 route-map set-RE-comm-in in |
|---|
| 379 | neighbor 10.100.254.6 send-community |
|---|
| 380 | neighbor 10.100.254.6 route-map set-RE-comm-in in |
|---|
| 381 | address-family ipv6 |
|---|
| 382 | neighbor fd00:100:fe::1 send-community |
|---|
| 383 | neighbor fd00:100:fe::1 route-map set-RE-comm-in in |
|---|
| 384 | neighbor fd00:100:fe::3 send-community |
|---|
| 385 | neighbor fd00:100:fe::3 route-map set-RE-comm-in in |
|---|
| 386 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 387 | |
|---|
| 388 | ISPs will announce additional prefixes to represent the |
|---|
| 389 | rest of the commodity Internet. Notice that we are prepending |
|---|
| 390 | "fake" ASNs so that they do not appear to be originated by the ISP. |
|---|
| 391 | |
|---|
| 392 | ISP1: |
|---|
| 393 | |
|---|
| 394 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 395 | ip prefix-list v4-commodity-1 permit 172.16.0.0/16 |
|---|
| 396 | ip prefix-list v4-commodity-2 permit 172.17.0.0/16 |
|---|
| 397 | ip prefix-list v4-commodity-3 permit 172.18.0.0/16 |
|---|
| 398 | ip prefix-list v4-commodity-4 permit 172.19.0.0/16 |
|---|
| 399 | |
|---|
| 400 | ipv6 prefix-list v6-commodity-1 permit 2001:db8::/32 |
|---|
| 401 | ipv6 prefix-list v6-commodity-2 permit 2001:db9::/32 |
|---|
| 402 | ipv6 prefix-list v6-commodity-3 permit 2001:dba::/32 |
|---|
| 403 | ipv6 prefix-list v6-commodity-4 permit 2001:dbb::/32 |
|---|
| 404 | |
|---|
| 405 | route-map set-prepend-commodity permit 10 |
|---|
| 406 | match prefix-list v4-commodity-1 |
|---|
| 407 | set prepend 65001 |
|---|
| 408 | route-map set-prepend-commodity permit 20 |
|---|
| 409 | match prefix-list v4-commodity-2 |
|---|
| 410 | set prepend 65002 |
|---|
| 411 | route-map set-prepend-commodity permit 30 |
|---|
| 412 | match prefix-list v4-commodity-3 |
|---|
| 413 | set prepend 65003 |
|---|
| 414 | route-map set-prepend-commodity permit 40 |
|---|
| 415 | match prefix-list v4-commodity-4 |
|---|
| 416 | set prepend 65004 |
|---|
| 417 | route-map set-prepend-commodity permit 50 |
|---|
| 418 | match prefix-list v6-commodity-1 |
|---|
| 419 | set prepend 65001 |
|---|
| 420 | route-map set-prepend-commodity permit 60 |
|---|
| 421 | match prefix-list v6-commodity-2 |
|---|
| 422 | set prepend 65002 |
|---|
| 423 | route-map set-prepend-commodity permit 70 |
|---|
| 424 | match prefix-list v6-commodity-3 |
|---|
| 425 | set prepend 65003 |
|---|
| 426 | route-map set-prepend-commodity permit 80 |
|---|
| 427 | match prefix-list v6-commodity-4 |
|---|
| 428 | set prepend 65004 |
|---|
| 429 | route-map set-prepend-commodity permit 90 |
|---|
| 430 | |
|---|
| 431 | router bgp 201 |
|---|
| 432 | address-family ipv4 |
|---|
| 433 | network 172.16.0.0 mask 255.255.0.0 |
|---|
| 434 | network 172.17.0.0 mask 255.255.0.0 |
|---|
| 435 | network 172.18.0.0 mask 255.255.0.0 |
|---|
| 436 | network 172.19.0.0 mask 255.255.0.0 |
|---|
| 437 | neighbor 10.201.254.2 route-map set-prepend-commodity out |
|---|
| 438 | neighbor 10.201.254.6 route-map set-prepend-commodity out |
|---|
| 439 | neighbor 10.201.254.10 route-map set-prepend-commodity out |
|---|
| 440 | neighbor 10.101.254.13 route-map set-prepend-commodity out |
|---|
| 441 | neighbor 10.251.1.2 route-map set-prepend-commodity out |
|---|
| 442 | neighbor 10.251.1.3 route-map set-prepend-commodity out |
|---|
| 443 | address-family ipv6 |
|---|
| 444 | network 2001:db8::/32 |
|---|
| 445 | network 2001:db9::/32 |
|---|
| 446 | network 2001:dba::/32 |
|---|
| 447 | network 2001:dbb::/32 |
|---|
| 448 | neighbor fd00:101:fe::6 route-map set-prepend-commodity out |
|---|
| 449 | neighbor fd00:201:fe::1 route-map set-prepend-commodity out |
|---|
| 450 | neighbor fd00:201:fe::3 route-map set-prepend-commodity out |
|---|
| 451 | neighbor fd00:201:fe::5 route-map set-prepend-commodity out |
|---|
| 452 | neighbor fd00:251:1::2 route-map set-prepend-commodity out |
|---|
| 453 | neighbor fd00:251:1::3 route-map set-prepend-commodity out |
|---|
| 454 | ! |
|---|
| 455 | ip route 172.16.0.0 255.255.0.0 null0 |
|---|
| 456 | ip route 172.17.0.0 255.255.0.0 null0 |
|---|
| 457 | ip route 172.18.0.0 255.255.0.0 null0 |
|---|
| 458 | ip route 172.19.0.0 255.255.0.0 null0 |
|---|
| 459 | ! |
|---|
| 460 | ipv6 route 2001:db8::/32 null0 |
|---|
| 461 | ipv6 route 2001:db9::/32 null0 |
|---|
| 462 | ipv6 route 2001:dba::/32 null0 |
|---|
| 463 | ipv6 route 2001:dbb::/32 null0 |
|---|
| 464 | |
|---|
| 465 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 466 | |
|---|
| 467 | ISP2: |
|---|
| 468 | |
|---|
| 469 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 470 | ip prefix-list v4-commodity-1 permit 172.20.0.0/16 |
|---|
| 471 | ip prefix-list v4-commodity-2 permit 172.21.0.0/16 |
|---|
| 472 | ip prefix-list v4-commodity-3 permit 172.22.0.0/16 |
|---|
| 473 | ip prefix-list v4-commodity-4 permit 172.23.0.0/16 |
|---|
| 474 | |
|---|
| 475 | ipv6 prefix-list v6-commodity-1 permit 2001:dbc::/32 |
|---|
| 476 | ipv6 prefix-list v6-commodity-2 permit 2001:dbd::/32 |
|---|
| 477 | ipv6 prefix-list v6-commodity-3 permit 2001:dbe::/32 |
|---|
| 478 | ipv6 prefix-list v6-commodity-4 permit 2001:dbf::/32 |
|---|
| 479 | |
|---|
| 480 | route-map set-prepend-commodity permit 10 |
|---|
| 481 | match prefix-list v4-commodity-1 |
|---|
| 482 | set prepend 65005 |
|---|
| 483 | route-map set-prepend-commodity permit 20 |
|---|
| 484 | match prefix-list v4-commodity-2 |
|---|
| 485 | set prepend 65006 |
|---|
| 486 | route-map set-prepend-commodity permit 30 |
|---|
| 487 | match prefix-list v4-commodity-3 |
|---|
| 488 | set prepend 65007 |
|---|
| 489 | route-map set-prepend-commodity permit 40 |
|---|
| 490 | match prefix-list v4-commodity-4 |
|---|
| 491 | set prepend 65008 |
|---|
| 492 | route-map set-prepend-commodity permit 50 |
|---|
| 493 | match prefix-list v6-commodity-1 |
|---|
| 494 | set prepend 65005 |
|---|
| 495 | route-map set-prepend-commodity permit 60 |
|---|
| 496 | match prefix-list v6-commodity-2 |
|---|
| 497 | set prepend 65006 |
|---|
| 498 | route-map set-prepend-commodity permit 70 |
|---|
| 499 | match prefix-list v6-commodity-3 |
|---|
| 500 | set prepend 65007 |
|---|
| 501 | route-map set-prepend-commodity permit 80 |
|---|
| 502 | match prefix-list v6-commodity-4 |
|---|
| 503 | set prepend 65008 |
|---|
| 504 | route-map set-prepend-commodity permit 90 |
|---|
| 505 | |
|---|
| 506 | router bgp 202 |
|---|
| 507 | address-family ipv4 |
|---|
| 508 | network 172.20.0.0 mask 255.255.0.0 |
|---|
| 509 | network 172.21.0.0 mask 255.255.0.0 |
|---|
| 510 | network 172.22.0.0 mask 255.255.0.0 |
|---|
| 511 | network 172.23.0.0 mask 255.255.0.0 |
|---|
| 512 | neighbor 10.202.254.2 route-map set-prepend-commodity out |
|---|
| 513 | neighbor 10.202.254.6 route-map set-prepend-commodity out |
|---|
| 514 | neighbor 10.202.254.10 route-map set-prepend-commodity out |
|---|
| 515 | neighbor 10.102.254.14 route-map set-prepend-commodity out |
|---|
| 516 | neighbor 10.251.1.1 route-map set-prepend-commodity out |
|---|
| 517 | neighbor 10.251.1.3 route-map set-prepend-commodity out |
|---|
| 518 | address-family ipv6 |
|---|
| 519 | network 2001:dbc::/32 |
|---|
| 520 | network 2001:dbd::/32 |
|---|
| 521 | network 2001:dbe::/32 |
|---|
| 522 | network 2001:dbf::/32 |
|---|
| 523 | neighbor fd00:102:fe::7 route-map set-prepend-commodity out |
|---|
| 524 | neighbor fd00:202:fe::1 route-map set-prepend-commodity out |
|---|
| 525 | neighbor fd00:202:fe::3 route-map set-prepend-commodity out |
|---|
| 526 | neighbor fd00:202:fe::5 route-map set-prepend-commodity out |
|---|
| 527 | neighbor fd00:251:1::1 route-map set-prepend-commodity out |
|---|
| 528 | neighbor fd00:251:1::3 route-map set-prepend-commodity out |
|---|
| 529 | ! |
|---|
| 530 | ip route 172.20.0.0 255.255.0.0 null0 |
|---|
| 531 | ip route 172.21.0.0 255.255.0.0 null0 |
|---|
| 532 | ip route 172.22.0.0 255.255.0.0 null0 |
|---|
| 533 | ip route 172.23.0.0 255.255.0.0 null0 |
|---|
| 534 | ! |
|---|
| 535 | ipv6 route 2001:dbc::/32 null0 |
|---|
| 536 | ipv6 route 2001:dbd::/32 null0 |
|---|
| 537 | ipv6 route 2001:dbe::/32 null0 |
|---|
| 538 | ipv6 route 2001:dbf::/32 null0 |
|---|
| 539 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 540 | |
|---|
| 541 | 2. Set local preference ONLY on the R&E routes (marked with |
|---|
| 542 | the R&E community) learned from the NREN. Notice that |
|---|
| 543 | your NREN is also passing you the communities set by |
|---|
| 544 | the regional REN, so you need to match either one. |
|---|
| 545 | |
|---|
| 546 | Also notice that we still need to set a higher local |
|---|
| 547 | preference on the prefixes originated by our direct peers. |
|---|
| 548 | |
|---|
| 549 | R11: |
|---|
| 550 | |
|---|
| 551 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 552 | ip bgp-community new-format |
|---|
| 553 | ! |
|---|
| 554 | ip as-path access-list 1 permit ^[0-9]+$ |
|---|
| 555 | ! |
|---|
| 556 | ip community-list 1 permit 100:99 |
|---|
| 557 | ip community-list 1 permit 101:99 |
|---|
| 558 | ! |
|---|
| 559 | no route-map set-lpref |
|---|
| 560 | ! |
|---|
| 561 | route-map set-lpref permit 10 |
|---|
| 562 | match as-path 1 |
|---|
| 563 | set local-preference 200 |
|---|
| 564 | route-map set-lpref permit 20 |
|---|
| 565 | match community 1 |
|---|
| 566 | set local-preference 150 |
|---|
| 567 | route-map set-lpref permit 30 |
|---|
| 568 | ! |
|---|
| 569 | router bgp 10 |
|---|
| 570 | address-family ipv4 |
|---|
| 571 | neighbor 10.101.254.1 route-map set-lpref in |
|---|
| 572 | address-family ipv6 |
|---|
| 573 | neighbor fd00:101:fe:: route-map set-lpref in |
|---|
| 574 | ! |
|---|
| 575 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 576 | |
|---|
| 577 | Refresh to/from your neighbors: |
|---|
| 578 | |
|---|
| 579 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 580 | clear ip bgp * in |
|---|
| 581 | clear ip bgp * out |
|---|
| 582 | clear bgp ipv6 unicast * in |
|---|
| 583 | clear bgp ipv6 unicast * out |
|---|
| 584 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 585 | |
|---|
| 586 | Verify that communities are being set and transmitted: |
|---|
| 587 | |
|---|
| 588 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 589 | R11#show ip bgp 10.20.0.0 |
|---|
| 590 | R11#show ip bgp 10.40.0.0 |
|---|
| 591 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 592 | |
|---|
| 593 | Check your BGP routes again. |
|---|
| 594 | |
|---|
| 595 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 596 | show ip bgp |
|---|
| 597 | show ip route |
|---|
| 598 | show bgp ipv6 unicast |
|---|
| 599 | show ipv6 route |
|---|
| 600 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 601 | |
|---|
| 602 | The result should be that you now prefer the NREN path for any |
|---|
| 603 | prefix originated by an R&E member. For all other prefixes, |
|---|
| 604 | including the ones from the commercial Internet, your routers |
|---|
| 605 | will choose based on BGP defaults. |
|---|
| 606 | |
|---|
| 607 | # Multihoming with Partial Routes and Defaults |
|---|
| 608 | |
|---|
| 609 | Another way to load-balance outbound traffic in our multihoming setup |
|---|
| 610 | is to play with partial routing tables and default routes. |
|---|
| 611 | The idea is that our routers will prefer the more specific R&E routes |
|---|
| 612 | coming from the NREN, and the rest of the outgoing traffic will use the |
|---|
| 613 | ISP. Only if the ISP fails, our non-R&E traffic will leave through the NREN. |
|---|
| 614 | Similarly, if the NREN link fails, the ISP will route all our |
|---|
| 615 | outbound traffic. |
|---|
| 616 | |
|---|
| 617 | This has the advantage of reducing our routing table size, and |
|---|
| 618 | therefore memory requirements and convergence time. The disadvantage |
|---|
| 619 | is that we may not always follow the best paths, but it might be a good |
|---|
| 620 | compromise. |
|---|
| 621 | |
|---|
| 622 | R11: Remove the route-map from the previous step. |
|---|
| 623 | |
|---|
| 624 | We are going to ask the NREN to only send us R&E routes, plus |
|---|
| 625 | the default route: |
|---|
| 626 | |
|---|
| 627 | NREN1: |
|---|
| 628 | |
|---|
| 629 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 630 | ip community-list 1 permit 100:99 |
|---|
| 631 | ip community-list 1 permit 101:99 |
|---|
| 632 | ! |
|---|
| 633 | route-map send-RE-only permit 10 |
|---|
| 634 | match community 1 |
|---|
| 635 | ! |
|---|
| 636 | router bgp 101 |
|---|
| 637 | address-family ipv4 |
|---|
| 638 | no neighbor 10.101.254.2 send-community |
|---|
| 639 | no neighbor 10.101.254.6 send-community |
|---|
| 640 | no neighbor 10.101.254.10 send-community |
|---|
| 641 | neighbor 10.101.254.2 route-map send-RE-only out |
|---|
| 642 | neighbor 10.101.254.2 default-originate |
|---|
| 643 | neighbor 10.101.254.6 route-map send-RE-only out |
|---|
| 644 | neighbor 10.101.254.6 default-originate |
|---|
| 645 | neighbor 10.101.254.10 route-map send-RE-only out |
|---|
| 646 | neighbor 10.101.254.10 default-originate |
|---|
| 647 | address-family ipv6 |
|---|
| 648 | no neighbor fd00:101:fe::1 send-community |
|---|
| 649 | no neighbor fd00:101:fe::3 send-community |
|---|
| 650 | no neighbor fd00:101:fe::5 send-community |
|---|
| 651 | neighbor fd00:101:fe::1 route-map send-RE-only out |
|---|
| 652 | neighbor fd00:101:fe::1 default-originate |
|---|
| 653 | neighbor fd00:101:fe::3 route-map send-RE-only out |
|---|
| 654 | neighbor fd00:101:fe::3 default-originate |
|---|
| 655 | neighbor fd00:101:fe::5 route-map send-RE-only out |
|---|
| 656 | neighbor fd00:101:fe::5 default-originate |
|---|
| 657 | ! |
|---|
| 658 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 659 | |
|---|
| 660 | NREN2: |
|---|
| 661 | |
|---|
| 662 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 663 | ip community-list 1 permit 100:99 |
|---|
| 664 | ip community-list 1 permit 102:99 |
|---|
| 665 | ! |
|---|
| 666 | route-map send-RE-only permit 10 |
|---|
| 667 | match community 1 |
|---|
| 668 | ! |
|---|
| 669 | router bgp 102 |
|---|
| 670 | address-family ipv4 |
|---|
| 671 | no neighbor 10.102.254.2 send-community |
|---|
| 672 | no neighbor 10.102.254.6 send-community |
|---|
| 673 | no neighbor 10.102.254.10 send-community |
|---|
| 674 | neighbor 10.102.254.2 route-map send-RE-only out |
|---|
| 675 | neighbor 10.102.254.2 default-originate |
|---|
| 676 | neighbor 10.102.254.6 route-map send-RE-only out |
|---|
| 677 | neighbor 10.102.254.6 default-originate |
|---|
| 678 | neighbor 10.102.254.10 route-map send-RE-only out |
|---|
| 679 | neighbor 10.102.254.10 default-originate |
|---|
| 680 | address-family ipv6 |
|---|
| 681 | no neighbor fd00:102:fe::1 send-community |
|---|
| 682 | no neighbor fd00:102:fe::3 send-community |
|---|
| 683 | no neighbor fd00:102:fe::5 send-community |
|---|
| 684 | neighbor fd00:102:fe::1 route-map send-RE-only out |
|---|
| 685 | neighbor fd00:102:fe::1 default-originate |
|---|
| 686 | neighbor fd00:102:fe::3 route-map send-RE-only out |
|---|
| 687 | neighbor fd00:102:fe::3 default-originate |
|---|
| 688 | neighbor fd00:102:fe::5 route-map send-RE-only out |
|---|
| 689 | neighbor fd00:102:fe::5 default-originate |
|---|
| 690 | ! |
|---|
| 691 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 692 | |
|---|
| 693 | |
|---|
| 694 | Similarly, we will ask the ISP to only send us a default |
|---|
| 695 | route: |
|---|
| 696 | |
|---|
| 697 | |
|---|
| 698 | ISP1: |
|---|
| 699 | |
|---|
| 700 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 701 | ip prefix-list default permit 0.0.0.0/0 |
|---|
| 702 | ipv6 prefix-list ipv6-default permit ::/0 |
|---|
| 703 | ! |
|---|
| 704 | router bgp 201 |
|---|
| 705 | address-family ipv4 |
|---|
| 706 | neighbor 10.201.254.2 default-originate |
|---|
| 707 | neighbor 10.201.254.2 prefix-list default out |
|---|
| 708 | neighbor 10.201.254.6 default-originate |
|---|
| 709 | neighbor 10.201.254.6 prefix-list default out |
|---|
| 710 | neighbor 10.201.254.10 default-originate |
|---|
| 711 | neighbor 10.201.254.10 prefix-list default out |
|---|
| 712 | address-family ipv6 |
|---|
| 713 | neighbor FD00:201:FE::1 default-originate |
|---|
| 714 | neighbor FD00:201:FE::1 prefix-list ipv6-default out |
|---|
| 715 | neighbor FD00:201:FE::3 default-originate |
|---|
| 716 | neighbor FD00:201:FE::3 prefix-list ipv6-default out |
|---|
| 717 | neighbor FD00:201:FE::5 default-originate |
|---|
| 718 | neighbor FD00:201:FE::5 prefix-list ipv6-default out |
|---|
| 719 | ! |
|---|
| 720 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 721 | |
|---|
| 722 | ISP2: |
|---|
| 723 | |
|---|
| 724 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 725 | ip prefix-list default permit 0.0.0.0/0 |
|---|
| 726 | ipv6 prefix-list ipv6-default permit ::/0 |
|---|
| 727 | ! |
|---|
| 728 | router bgp 202 |
|---|
| 729 | address-family ipv4 |
|---|
| 730 | neighbor 10.202.254.2 default-originate |
|---|
| 731 | neighbor 10.202.254.2 prefix-list default out |
|---|
| 732 | neighbor 10.202.254.6 default-originate |
|---|
| 733 | neighbor 10.202.254.6 prefix-list default out |
|---|
| 734 | neighbor 10.202.254.10 default-originate |
|---|
| 735 | neighbor 10.202.254.10 prefix-list default out |
|---|
| 736 | address-family ipv6 |
|---|
| 737 | neighbor FD00:202:FE::1 default-originate |
|---|
| 738 | neighbor FD00:202:FE::1 prefix-list ipv6-default out |
|---|
| 739 | neighbor FD00:202:FE::3 default-originate |
|---|
| 740 | neighbor FD00:202:FE::3 prefix-list ipv6-default out |
|---|
| 741 | neighbor FD00:202:FE::5 default-originate |
|---|
| 742 | neighbor FD00:202:FE::5 prefix-list ipv6-default out |
|---|
| 743 | ! |
|---|
| 744 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 745 | |
|---|
| 746 | Check what you are now receiving from your NREN and |
|---|
| 747 | your ISP: |
|---|
| 748 | |
|---|
| 749 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 750 | R11#show ip bgp neighbors 10.101.254.1 routes |
|---|
| 751 | R11#show bgp ipv6 uni neighbors fd00:101:fe:: routes |
|---|
| 752 | R11#show ip route 0.0.0.0 0.0.0.0 |
|---|
| 753 | R11#show ipv6 route ::/0 |
|---|
| 754 | |
|---|
| 755 | R12#show ip bgp neighbors 10.201.254.1 routes |
|---|
| 756 | R12#show bgp ipv6 uni neighbors fd00:201:fe:: routes |
|---|
| 757 | R12#show ip route 0.0.0.0 0.0.0.0 |
|---|
| 758 | R12#show ipv6 route ::/0 |
|---|
| 759 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 760 | |
|---|
| 761 | At this point you should see that each of your routers |
|---|
| 762 | has a default route pointing to its upstream peer. This |
|---|
| 763 | is an OK situation. But let's say that we want the ISP |
|---|
| 764 | to handle all the non-R&E outbound traffic. |
|---|
| 765 | |
|---|
| 766 | Configure your RX2 router to assign a higher local preference |
|---|
| 767 | to the default announced by the ISP: |
|---|
| 768 | |
|---|
| 769 | R12: |
|---|
| 770 | |
|---|
| 771 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 772 | ip prefix-list default permit 0.0.0.0/0 |
|---|
| 773 | ipv6 prefix-list ipv6-default permit ::/0 |
|---|
| 774 | ! |
|---|
| 775 | route-map set-lpref-default permit 10 |
|---|
| 776 | match ip address prefix-list default |
|---|
| 777 | set local-preference 150 |
|---|
| 778 | ! |
|---|
| 779 | route-map set-lpref-ipv6-default permit 10 |
|---|
| 780 | match ip address prefix-list ipv6-default |
|---|
| 781 | set local-preference 150 |
|---|
| 782 | ! |
|---|
| 783 | router bgp 10 |
|---|
| 784 | address-family ipv4 |
|---|
| 785 | neighbor 10.201.254.1 route-map set-lpref-default in |
|---|
| 786 | address-family ipv6 |
|---|
| 787 | neighbor fd00:201:fe:: route-map set-lpref-ipv6-default in |
|---|
| 788 | ! |
|---|
| 789 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 790 | |
|---|
| 791 | Check your default route on both routers: |
|---|
| 792 | |
|---|
| 793 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 794 | show ip bgp 0.0.0.0 0.0.0.0 |
|---|
| 795 | show ip route 0.0.0.0 0.0.0.0 |
|---|
| 796 | |
|---|
| 797 | show bgp ipv6 uni ::/0 |
|---|
| 798 | show ipv6 route ::/0 |
|---|
| 799 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 800 | |
|---|
| 801 | |
|---|
| 802 | Also, check your BGP routing table. Has it shrinked? |
|---|
| 803 | |
|---|
| 804 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 805 | show ip bgp |
|---|
| 806 | show bgp ipv6 unicast |
|---|
| 807 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|---|
| 808 | |
|---|