master:nren-bgp:2-lab-bgp-basic

Basic BGP Lab

Introduction

The purpose of this exercise is to:

  • Set up iBGP within the group so that all routers in the group can share externally learned routing information.
  • Understand the routing implications of connecting to multiple external domains
  • Learn to configure basic eBGP to exchange routing information with multiple external peers and iBGP to carry that information inside your network.

Pre-requisites

This exercise builds upon the configurations implemented in the IS-IS + Static routing lab. You must be able to:

  • Ping your neighbour router in the same AS using its loopback address (both IPv4 and IPv6!).
  • Ping your neighbour routers in other ASs using their point-to-point link addresses.

Note: Actually, if everyone configured their IS-IS and static routes properly in the previous exercise, you should be able to ping all other routers in the lab using their loopback address.

iBGP Configuration

Enable the BGP process

Before we set up iBGP, we need to do some basic preparation on the router. The Cisco IOS defaults are not optimised, so before we bring up BGP sessions, we should set the parameters that we require.

On Cisco routers, the default distance for eBGP is 20, the default distance for iBGP is 200, and the default distance for IS-IS is 115. This means that there is a potential for a prefix learned by eBGP to override the identical prefix carried by IS-IS. To protect against accidents, the eBGP distance is set to 200 also.

The command to do this is the distance bgp subcommand:

distance bgp <external-routes> <internal-routes> <local-routes>

We also want to:

  • Enable logging of BGP neighbour state changes
  • Configure deterministic calculations of MEDs
  • Disable the automatic exchange of IPv4 unicast routes on every peering session.

This must be done in all future BGP configurations of this workshop.

On BX1, BX2 and CX1:

router bgp X0
 bgp log-neighbor-changes
 bgp deterministic-med
 no bgp default ipv4-unicast
 !
 address-family ipv4
  distance bgp 200 200 200
 !
 address-family ipv6
  distance bgp 200 200 200
 !

Configure iBGP neighbours

As you will remember from the presentation, iBGP needs to be fully meshed. We have three routers in our Group, so we need to set up iBGP between all three - which means that each router will have two iBGP neighbours.

First, make sure that you can ping the other routers using their loopback addresses. If you cannot ping them, there is no possibility that the BGP session will come up!

Example: BX1 peering with BX2:

router bgp X0
 address-family ipv4
  neighbor 100.68.X0.2 remote-as X0
  neighbor 100.68.X0.2 update-source loopback 0
  neighbor 100.68.X0.2 description iBGP with BX2
  neighbor 100.68.X0.2 password NSRC-BGP
  neighbor 100.68.X0.2 next-hop-self
  neighbor 100.68.X0.2 send-community
  neighbor 100.68.X0.2 activate
!
 address-family ipv6
  neighbor 2001:db8:X0::2 remote-as X0
  neighbor 2001:db8:X0::2 update-source loopback 0
  neighbor 2001:db8:X0::2 description iBGP with BX2
  neighbor 2001:db8:X0::2 password NSRC-BGP
  neighbor 2001:db8:X0::2 next-hop-self
  neighbor 2001:db8:X0::2 send-community
  neighbor 2001:db8:X0::2 activate

You need a similar configuration for BX1 peering with CX1. What needs to change from the above configuration example?

You also need to set up BX2 to peer with BX1 and CX1. Use the above configuration example as a template. What needs to be changed?

Also, what do you think the configuration for CX1 would look like? Is it similar? What is different? The instructors will discuss this in class during the exercise.

There is a Cisco IOS configuration scaling feature called a peer-group. Many network operators using Cisco IOS routers use peer-group to scale their BGP configurations.

Once the configuration has been entered, check the configuration as displayed by the router:

show run | begin router bgp

Notice how the router has “rearranged” the BGP configuration, separating the generic from the address-family specific configuration.

Check that the BGP sessions are up on both sides.

show ip bgp summary
show bgp ipv6 unicast summary

Explaining some of the above commands we used for the BGP configuration:

update-source specifies the interface which should be used as the source of all BGP packets originated by the router. The default is the outgoing interface.

next-hop-self tells iBGP to use the source address of the BGP update message as the value of the next-hop attribute sent to the iBGP peer, rather than the default value which is the IP address of the router that we heard the BGP update from.

send-community tells BGP to include the BGP community attribute when sending BGP updates to neighbouring BGP speakers. Cisco IOS does not include the community attribute by default. It is important to send BGP communities to all iBGP neighbours, but be very careful about sending communities to external BGP neighbours, as we will see in the following BGP Policy Lab.

activate tells the router to activate this BGP peering inside this address family. At the time of writing, Cisco IOS activates IPv4 peers automatically inside IPv4 address families, but does not activate IPv6 peers inside IPv6 address families. Safest just to include the configuration in all templates.

Use the network command to tell BGP which prefixes you want to announce. We will do this on all routers in our group (although strictly it is sufficient to do this on CX1 given that if the Core Router goes down, the campus has no connectivity to the Internet at all).

On BX1, BX2 and CX1:

router bgp X0
 address-family ipv4
  network 100.68.X0.0 mask 255.255.255.0
 address-family ipv6
  network 2001:db8:X0::/48

Get the list of learned paths:

show ip bgp
show bgp ipv6 unicast

Do you see any paths? Why not?

Create a static route for the prefix being announced on each router:

On BX1, BX2 and CX1:

ip route 100.68.X0.0 255.255.255.0 null0
ipv6 route 2001:db8:X0::/48 null0

These are called a “pull up routes”

Get the list of learned paths again. You should see both your prefix and the neighbour’s.

Q. Why are these routes needed?

STOP - Checkpoint One

All groups must finish this part before continuing. Please do NOT continue until the instructor says so.


Address Space Allocation

Refer to the IP Address Plan document for information about the IP address plan for the network infrastructure for these labs.

Multihomed Topology

Multihoming - eBGP Configuration

Connect to the NREN

Configure your BX1 router to connect to the NREN with a point-to-point link.

NRENs: Use the configuration in the Appendix.

On B11:

interface GigabitEthernet1/0
 description P2P Link to NREN1
 ip address 100.101.1.2 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:11:0:10::1/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown

Make sure that it's up and that you can ping the other side:

B11# ping 100.101.1.1
B11# ping 2001:11:0:10::0

Do some traceroutes to other networks again:

B11# traceroute 100.68.20.1
B11# traceroute 100.68.30.1

Has anything changed since the last exercise?

Notice that before we had only one connection to the Internet - via the ISP. Now we have two. But we are still using a default route pointing to the ISP only!

We could add another default route pointing to the NREN, but that would not give us much flexibility in terms of traffic policies. Keep going.

BGP-peer with the NREN and the ISP

Configure eBGP sessions to the ISP and the NREN

On B11:

router bgp 10
 address-family ipv4
  neighbor 100.101.1.1 remote-as 101
  neighbor 100.101.1.1 description eBGP with NREN1
  neighbor 100.101.1.1 password NSRC-BGP
  neighbor 100.101.1.1 activate
!
 address-family ipv6
  neighbor 2001:11:0:10:: remote-as 101
  neighbor 2001:11:0:10:: description eBGP with NREN1
  neighbor 2001:11:0:10:: password NSRC-BGP
  neighbor 2001:11:0:10:: activate

Notice that with eBGP we no longer use the loopback address as the endpoint of the BGP session, as we did with iBGP. Why?

On B12:

router bgp 10
 address-family ipv4
  neighbor 100.121.1.1 remote-as 121
  neighbor 100.121.1.1 description eBGP with ISP1
  neighbor 100.121.1.1 password NSRC-BGP
  neighbor 100.121.1.1 activate
!
 address-family ipv6
  neighbor 2001:18:0:10:: remote-as 121
  neighbor 2001:18:0:10:: description eBGP with ISP1
  neighbor 2001:18:0:10:: password NSRC-BGP
  neighbor 2001:18:0:10:: activate

Check that the BGP sessions are up on both routers:

show ip bgp summary
show bgp ipv6 unicast summary

Once those are up, check if you are learning any prefixes:

B11# show ip bgp neighbor 100.101.1.1 routes
B11# show bgp ipv6 uni neighbor 2001:11:0:10:: routes

Verify what you are advertising to the NREN:

B11# show ip bgp neighbor 100.101.1.1 advertised-routes
B11# show bgp ipv6 uni neighbor 2001:11:0:10:: advertised-routes

… and to the ISP:

B12# show ip bgp neighbor 100.121.1.1 advertised-routes
B12# sh bgp ipv6 uni neigh 2001:18:0:10:: advertised

Are you perhaps announcing other prefixes that don't originate in your AS? If so, can you remember what serious negative implications this could have? Please stop and think about this. Ask the instructor if you need clarification.

Filter what you send and receive

Create prefix lists for your outbound filters. Outbound filters for BX1 and BX2 are the same:

ip prefix-list ASX0-out permit 100.68.X0.0/24
ipv6 prefix-list ASX0-v6-out permit 2001:db8:X0::/48

As you can see, we are only allowing our aggregate out to the Internet. Sending smaller prefixes (if we had any) serves no useful purpose at all.

Now create prefix lists for your inbound filters. Notice the descriptive names for the prefix lists.

On BX1:

ip prefix-list nren-in deny 100.68.X0.0/24 le 32
ip prefix-list nren-in permit 0.0.0.0/0 le 32
!
ipv6 prefix-list nren-v6-in deny 2001:db8:X0::/48 le 128
ipv6 prefix-list nren-v6-in permit ::/0 le 128

On BX2:

ip prefix-list isp-in deny 100.68.X0.0/24 le 32
ip prefix-list isp-in permit 0.0.0.0/0 le 32
!
ipv6 prefix-list isp-v6-in deny 2001:db8:X0::/48 le 128
ipv6 prefix-list isp-v6-in permit ::/0 le 128

Notice how we are matching the aggregate as well as all possible subnets of our address blocks. This protects against some other network announcing any of our prefixes (whatever subnet size) to us.

Now apply these prefix-lists to the BGP sessions with the ISP and the NREN.

On B11:

router bgp 10
 address-family ipv4
  neighbor 100.101.1.1 prefix-list nren-in in
  neighbor 100.101.1.1 prefix-list AS10-out out
!
 address-family ipv6
  neighbor 2001:11:0:10:: prefix-list nren-v6-in in
  neighbor 2001:11:0:10:: prefix-list AS10-v6-out out

On B12:

router bgp 10
 address-family ipv4
  neighbor 100.121.1.1 prefix-list isp-in in
  neighbor 100.121.1.1 prefix-list AS10-out out
!
 address-family ipv6
  neighbor 2001:18:0:10:: prefix-list isp-v6-in in
  neighbor 2001:18:0:10:: prefix-list AS10-v6-out out

Use the BGP route refresh capability to resend the information to the peer. Use the AS number of the peer rather than the IP address (much less typing for IPv6) in the route refresh command:

B11# clear ip bgp 101 out
B11# clear bgp ipv6 unicast 101 out
B12# clear ip bgp 121 out
B12# clear bgp ipv6 unicast 121 out

You should now be advertising only your own address space. Check with the ISP and NREN administrators to make sure that they are receiving your prefix.

BGP between NRENs and RREN

The administrators of the NREN routers need to set up connectivity and BGP with the RREN router. The administrators will either be the workshop instructors, or members of the workshop itself.

The suggested configuration for the RREN router is in Appendix A. A suggested configuration for the NREN1 router is in Appendix B - the configuration for the NREN2 router will be very similar. These configurations uses all the best practice ideas we have been using in the labs so far.

Bring up BGP between the NREN routers and the RREN and check that the prefixes originated by NREN1, NREN2 and the RREN are all visible in each other's BGP tables.

BGP between ISPs and RREN

The administrators of the ISP routers need to set up between each other and the RREN router as well. The administrators will either be the workshop instructors, or members of the workshop itself.

A suggested configuration for the ISP1 router is in Appendix C - the configuration for the ISP2 router will be very similar. These configurations uses all the best practice ideas we have been using in the labs so far.

Bring up BGP between the RREN and the ISP routers across the Internet Exchange Point. Check that the prefixes originated by ISP1, ISP2 and the RREN are all visible in each other's BGP tables.

Remove static routes

The ISPs remove their static routes towards their customers

Now your ISP has learned a route to reach your network, correct? The ISPs can now safely remove the static routes pointing to you and the other customers:

ISP1:

no ip route 100.68.10.0 255.255.255.0 100.121.1.2
no ip route 100.68.20.0 255.255.255.0 100.121.1.6
no ip route 100.68.30.0 255.255.255.0 100.121.1.10
!
no ipv6 route 2001:db8:10::/48 2001:18:0:10::1
no ipv6 route 2001:db8:20::/48 2001:18:0:11::1
no ipv6 route 2001:db8:30::/48 2001:18:0:12::1

ISP2:

no ip route 100.68.40.0 255.255.255.0 100.122.1.2
no ip route 100.68.50.0 255.255.255.0 100.122.1.6
no ip route 100.68.60.0 255.255.255.0 100.122.1.10
!
no ipv6 route 2001:db8:40::/48 2001:19:0:10::1
no ipv6 route 2001:db8:50::/48 2001:19:0:11::1
no ipv6 route 2001:db8:60::/48 2001:19:0:12::1

Remove your static default routes

In the previous exercise, we created default routes on both routers. But thanks to BGP, we should now be receiving routes from our NREN and our ISP.

Let's check first (do this on both routers):

show ip bgp
show bgp ipv6 unicast
show ip route
show ipv6 route

You should be learning routes advertised by other groups, and also from the NRENs and the ISPs.

Remove your static default routes from routers BX2:

On B12:

no ip route 0.0.0.0 0.0.0.0 100.121.1.1
no ipv6 route ::/0 2001:18:0:10::

You should be able to ping any other router now. If you can't, wait for other groups to finish. If other groups are finished, work them to work out what might be wrong. If you cannot see what is wrong, ask the instructors.

Use traceroute to verify the paths that packets are following towards various destinations:

B11# traceroute 100.100.0.1
B11# traceroute 100.68.30.2
...

Repeat the same tests from the other router in your AS and compare. Use the diagram to help you visualise it.

STOP - Checkpoint Two

All groups must finish this part before continuing. Please do NOT continue until the instructor says so.


Traffic Exchange (Peering)

Direct traffic exchanges are usually established at no charge between two autonomous systems that want to save costs. The savings are achieved by not having to carry that traffic over expensive transit links via commercial providers. Also, these direct exchanges have the added benefit of reducing latency because there are fewer hops.

Usually traffic exchanges occur at public exchange points, also known as IXPs. The simplest kind of exchange point is a Layer-2 switch. In this exercise, we will simply configure direct links between routers, which is basically the same thing as connecting through a switch.

Peering Topology

Peering with your neighbouring AS

This section sets up peering between adjacent groups in the classroom network.

Configure a point-to-point link to your neighbour AS as shown in the diagram. Consult th address plan used for the workshop to see which subnet addresses you should use.

For example, on B12:

interface GigabitEthernet3/0
 description Link to B21
 ip address 100.68.10.25 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:db8:10:12::/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown

Configure prefix lists for your inbound filters

On B12:

ip prefix-list AS20-in permit 100.68.20.0/24
ipv6 prefix-list AS20-v6-in permit 2001:db8:20::/48

The equivalent needs to be done on B21 (which connects directly to B12).

Prefix lists for outbound filters should still exist from a previous step. You can verify like this:

B12#show ip prefix-list AS10-out
B12#show ipv6 prefix-list AS10-v6-out

Now create the BGP sessions and apply those inbound/outbound filters:

On B12:

router bgp 10
 address-family ipv4
  neighbor 100.68.10.26 remote-as 20
  neighbor 100.68.10.26 description eBGP with AS20
  neighbor 100.68.10.26 password NSRC-BGP
  neighbor 100.68.10.26 prefix-list AS10-out out
  neighbor 100.68.10.26 prefix-list AS20-in in
  neighbor 100.68.10.26 activate
!
 address-family ipv6
  neighbor 2001:db8:10:12::1 remote-as 20
  neighbor 2001:db8:10:12::1 description eBGP with AS20
  neighbor 2001:db8:10:12::1 password NSRC-BGP
  neighbor 2001:db8:10:12::1 prefix-list AS10-v6-out out
  neighbor 2001:db8:10:12::1 prefix-list AS20-v6-in in
  neighbor 2001:db8:10:12::1 activate

The equivalent needs to be done for B21.

Verify that the sessions are up:

B12# show ip bgp summary
B12# show ipv6 bgp unicast summary

…and that you are learning the prefix directly from the neighbour:

B12# show ip bgp neighbor 100.68.10.22 routes
B12# show bgp ipv6 unicast neighbor 2001:db8:10:11::1 routes

Do some traceroutes towards your peer and make sure that the path is direct.

Remember to save your configurations.

You are done! You have configured BGP in a multihomed environment and BGP is selecting the paths based on default values.

Peering between NREN and ISP

The BGP session between the NREN and the ISP will need to be set up as shown in the diagram.

First create the interface on the NREN router and on the ISP router using exactly the same best practice configurations we used at the start of the workshop.

For NREN1:

interface GigabitEthernet2/0
 description P2P Link to ISP1
 ip address 100.101.2.1 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:11:0:20::/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!

Do the same for the ISP1, NREN2 and ISP2 routers. They will have a very similar configuration, just the addresses will be different - refer to the address plan.

And then set up the external BGP session between the NREN and ISP routers. Here is a sample configuration for the ISP1 router:

router bgp 121
 address-family ipv4
  neighbor 100.101.2.1 remote-as 101
  neighbor 100.101.2.1 description eBGP with NREN1 (AS101)
  neighbor 100.101.2.1 password NSRC-BGP
  neighbor 100.101.2.1 activate
 !
 address-family ipv6
  neighbor 2001:11:0:20:: remote-as 101
  neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101)
  neighbor 2001:11:0:20:: password NSRC-BGP
  neighbor 2001:11:0:20:: activate
!

The configuration for NREN1, NREN2 and ISP2 routers will be very similar - again refer to the address plan for the correct IP addresses to use.


Appendix A - RREN Configuration

The sample configuration for the RREN is below.

hostname RREN
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc-PW
enable secret nsrc-EN
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ipv6 unicast-routing
ipv6 cef
no ip source-route
no ipv6 source-route
!
interface Loopback0
 ip address 100.100.0.1 255.255.255.255
 ipv6 address 2001:10::1/128
!
interface GigabitEthernet1/0
 description P2P Link to NREN1
 ip address 100.100.1.1 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:10:0:10::/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to NREN2
 ip address 100.100.1.5 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:10:0:11::/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet3/0
 description Link to IXP
 ip address 100.127.1.3 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:DB8:FFFF:1::3/64
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!
router bgp 100
 bgp log-neighbor-changes
 bgp deterministic-med
 no bgp default ipv4-unicast
 address-family ipv4
  distance bgp 200 200 200
  network 100.100.0.0 mask 255.255.0.0
  neighbor 100.100.1.2 remote-as 101
  neighbor 100.100.1.2 description eBGP with NREN1 (AS101)
  neighbor 100.100.1.2 password NSRC-BGP
  neighbor 100.100.1.2 activate
  neighbor 100.100.1.6 remote-as 102
  neighbor 100.100.1.6 description eBGP with NREN2 (AS102)
  neighbor 100.100.1.6 password NSRC-BGP
  neighbor 100.100.1.6 activate
  neighbor 100.127.1.1 remote-as 121
  neighbor 100.127.1.1 description eBGP with ISP1 (AS121)
  neighbor 100.127.1.1 password NSRC-BGP
  neighbor 100.127.1.1 activate
  neighbor 100.127.1.2 remote-as 122
  neighbor 100.127.1.2 description eBGP with ISP2 (AS122)
  neighbor 100.127.1.2 password NSRC-BGP
  neighbor 100.127.1.2 activate
 !
 address-family ipv6
  distance bgp 200 200 200
  network 2001:10::/32
  neighbor 2001:10:0:10::1 remote-as 101
  neighbor 2001:10:0:10::1 description eBGP with NREN1 (AS101)
  neighbor 2001:10:0:10::1 password NSRC-BGP
  neighbor 2001:10:0:10::1 activate
  neighbor 2001:10:0:11::1 remote-as 102
  neighbor 2001:10:0:11::1 description eBGP with NREN2 (AS102)
  neighbor 2001:10:0:11::1 password NSRC-BGP
  neighbor 2001:10:0:11::1 activate
  neighbor 2001:DB8:FFFF:1::1 remote-as 121
  neighbor 2001:DB8:FFFF:1::1 description eBGP with ISP1 (AS121)
  neighbor 2001:DB8:FFFF:1::1 password NSRC-BGP
  neighbor 2001:DB8:FFFF:1::1 activate
  neighbor 2001:DB8:FFFF:1::2 remote-as 122
  neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122)
  neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP
  neighbor 2001:DB8:FFFF:1::2 activate
!
ip route 100.100.0.0 255.255.0.0 null0
ipv6 route 2001:10::/32 null0

Appendix B - NREN1 Sample Configuration

The sample configuration for NREN1 is below. NREN2's configuration will be very similar, so modify accordingly.

hostname NREN1
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc-PW
enable secret nsrc-EN
service password-encryption
line vty 0 4
 transport preferred none
 line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ipv6 unicast-routing
ipv6 cef
no ip source-route
no ipv6 source-route
!
interface Loopback0
 ip address 100.101.0.1 255.255.255.255
 ipv6 address 2001:11::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN
 ip address 100.100.1.2 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:10:0:10::1/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!
! (repeat for Group 2 and Group 3 using Gig4/0 and 5/0)
interface GigabitEthernet3/0
 description P2P Link to R11
 ip address 100.101.1.1 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address 2001:11:0:10::/127
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no shutdown
!
! inbound filter for AS10 - repeat for AS20 and AS30
ip prefix-list AS10-in permit 100.68.10.0/24
ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48
!
router bgp 101
 bgp log-neighbor-changes
 bgp deterministic-med
 no bgp default ipv4-unicast
 address-family ipv4
  distance bgp 200 200 200
  network 100.101.0.0 mask 255.255.0.0
  neighbor 100.101.1.2 remote-as 10
  neighbor 100.101.1.2 description eBGP with AS10
  neighbor 100.101.1.2 password NSRC-BGP
  neighbor 100.101.1.2 prefix-list AS10-in in
  neighbor 100.101.1.2 activate
  (repeat for AS20 and AS30)
  neighbor 100.100.1.1 remote-as 100
  neighbor 100.100.1.1 description eBGP with RREN (AS100)
  neighbor 100.100.1.1 password NSRC-BGP
  neighbor 100.100.1.1 activate
 !
 address-family ipv6
  distance bgp 200 200 200
  network 2001:11::/32
  neighbor 2001:11:0:10::1 remote-as 10
  neighbor 2001:11:0:10::1 description eBGP with AS10
  neighbor 2001:11:0:10::1 password NSRC-BGP
  neighbor 2001:11:0:10::1 prefix-list AS10-v6-in in
  neighbor 2001:11:0:10::1 activate
  (repeat for AS20 and AS30)
  neighbor 2001:10:0:10:: remote-as 100
  neighbor 2001:10:0:10:: description eBGP with RREN (AS100)
  neighbor 2001:10:0:10:: password NSRC-BGP
  neighbor 2001:10:0:10:: activate
!
ip route 100.101.0.0 255.255.0.0 null0
ipv6 route 2001:11::/32 null0

Appendix C - ISP1 Sample Configuration

Note: This is in addition to what was configured in the previous exercise.

interface Loopback0
 ip address 100.121.0.1 255.255.255.255
 ipv6 address 2001:18::1/128
!
! (filters for Group 1 - repeat for Group 2 and 3)
ip prefix-list AS10-in permit 100.68.10.0/24
ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48
!
router bgp 121
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp deterministic-med
 address-family ipv4
  distance bgp 200 200 200
  network 100.121.0.0 mask 255.255.0.0
  neighbor 100.101.2.1 remote-as 101
  neighbor 100.101.2.1 description eBGP with NREN1 (AS101)
  neighbor 100.101.2.1 password NSRC-BGP
  neighbor 100.101.2.1 activate
  neighbor 100.121.1.2 remote-as 10
  neighbor 100.121.1.2 description eBGP with AS10
  neighbor 100.121.1.2 password NSRC-BGP
  neighbor 100.121.1.2 prefix-list AS10-in in
  neighbor 100.121.1.2 activate
  (repeat for AS20 and AS30)
  neighbor 100.127.1.2 remote-as 122
  neighbor 100.127.1.2 description eBGP with ISP2 (AS122)
  neighbor 100.127.1.2 password NSRC-BGP
  neighbor 100.127.1.3 activate
  neighbor 100.127.1.3 remote-as 100
  neighbor 100.127.1.3 description eBGP with RREN (AS100)
  neighbor 100.127.1.3 password NSRC-BGP
  neighbor 100.127.1.3 activate
 !
 address-family ipv6
  distance bgp 200 200 200
  network 2001:18::/32
  neighbor 2001:11:0:20:: remote-as 101
  neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101)
  neighbor 2001:11:0:20:: password NSRC-BGP
  neighbor 2001:11:0:20:: activate
  neighbor 2001:18:0:10::1 remote-as 10
  neighbor 2001:18:0:10::1 description eBGP with AS10
  neighbor 2001:18:0:10::1 password NSRC-BGP
  neighbor 2001:18:0:10::1 prefix-list AS10-v6-in in
  neighbor 2001:18:0:10::1 activate
  (repeat for AS20 and AS30)
  neighbor 2001:DB8:FFFF:1::2 remote-as 122
  neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122)
  neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP
  neighbor 2001:DB8:FFFF:1::2 activate
  neighbor 2001:DB8:FFFF:1::3 remote-as 100
  neighbor 2001:DB8:FFFF:1::3 description eBGP with RREN (AS100)
  neighbor 2001:DB8:FFFF:1::3 password NSRC-BGP
  neighbor 2001:DB8:FFFF:1::3 activate
!
ip route 100.121.0.0 255.255.0.0 null0
ipv6 route 2001:18::/32 null0

Appendix D - Complete Lab Diagram & Address Plan

Multihomed Topology

master/nren-bgp/2-lab-bgp-basic.txt · Last modified: 2016/02/03 05:04 (external edit)