The purpose of this exercise is to:
This exercise builds upon the configurations implemented in the IS-IS + Static routing lab. You must be able to:
Note: Actually, if everyone configured their IS-IS and static routes properly in the previous exercise, you should be able to ping all other routers in the lab using their loopback address.
Before we set up iBGP, we need to do some basic preparation on the router. The Cisco IOS defaults are not optimised, so before we bring up BGP sessions, we should set the parameters that we require.
On Cisco routers, the default distance for eBGP is 20, the default distance for iBGP is 200, and the default distance for IS-IS is 115. This means that there is a potential for a prefix learned by eBGP to override the identical prefix carried by IS-IS. To protect against accidents, the eBGP distance is set to 200 also.
The command to do this is the distance bgp subcommand:
distance bgp <external-routes> <internal-routes> <local-routes>
We also want to:
This must be done in all future BGP configurations of this workshop.
On BX1, BX2 and CX1:
router bgp X0 bgp log-neighbor-changes bgp deterministic-med no bgp default ipv4-unicast ! address-family ipv4 distance bgp 200 200 200 ! address-family ipv6 distance bgp 200 200 200 !
As you will remember from the presentation, iBGP needs to be fully meshed. We have three routers in our Group, so we need to set up iBGP between all three - which means that each router will have two iBGP neighbours.
First, make sure that you can ping the other routers using their loopback addresses. If you cannot ping them, there is no possibility that the BGP session will come up!
Example: BX1 peering with BX2:
router bgp X0 address-family ipv4 neighbor 100.68.X0.2 remote-as X0 neighbor 100.68.X0.2 update-source loopback 0 neighbor 100.68.X0.2 description iBGP with BX2 neighbor 100.68.X0.2 password NSRC-BGP neighbor 100.68.X0.2 next-hop-self neighbor 100.68.X0.2 send-community neighbor 100.68.X0.2 activate ! address-family ipv6 neighbor 2001:db8:X0::2 remote-as X0 neighbor 2001:db8:X0::2 update-source loopback 0 neighbor 2001:db8:X0::2 description iBGP with BX2 neighbor 2001:db8:X0::2 password NSRC-BGP neighbor 2001:db8:X0::2 next-hop-self neighbor 2001:db8:X0::2 send-community neighbor 2001:db8:X0::2 activate
You need a similar configuration for BX1 peering with CX1. What needs to change from the above configuration example?
You also need to set up BX2 to peer with BX1 and CX1. Use the above configuration example as a template. What needs to be changed?
Also, what do you think the configuration for CX1 would look like? Is it similar? What is different? The instructors will discuss this in class during the exercise.
There is a Cisco IOS configuration scaling feature called a peer-group. Many network operators using Cisco IOS routers use peer-group to scale their BGP configurations.
Once the configuration has been entered, check the configuration as displayed by the router:
show run | begin router bgp
Notice how the router has “rearranged” the BGP configuration, separating the generic from the address-family specific configuration.
Check that the BGP sessions are up on both sides.
show ip bgp summary show bgp ipv6 unicast summary
Explaining some of the above commands we used for the BGP configuration:
update-source specifies the interface which should be used as the source of all BGP packets originated by the router. The default is the outgoing interface.
next-hop-self tells iBGP to use the source address of the BGP update message as the value of the next-hop attribute sent to the iBGP peer, rather than the default value which is the IP address of the router that we heard the BGP update from.
send-community tells BGP to include the BGP community attribute when sending BGP updates to neighbouring BGP speakers. Cisco IOS does not include the community attribute by default. It is important to send BGP communities to all iBGP neighbours, but be very careful about sending communities to external BGP neighbours, as we will see in the following BGP Policy Lab.
activate tells the router to activate this BGP peering inside this address family. At the time of writing, Cisco IOS activates IPv4 peers automatically inside IPv4 address families, but does not activate IPv6 peers inside IPv6 address families. Safest just to include the configuration in all templates.
Use the network command to tell BGP which prefixes you want to announce. We will do this on all routers in our group (although strictly it is sufficient to do this on CX1 given that if the Core Router goes down, the campus has no connectivity to the Internet at all).
On BX1, BX2 and CX1:
router bgp X0 address-family ipv4 network 100.68.X0.0 mask 255.255.255.0 address-family ipv6 network 2001:db8:X0::/48
Get the list of learned paths:
show ip bgp show bgp ipv6 unicast
Do you see any paths? Why not?
Create a static route for the prefix being announced on each router:
On BX1, BX2 and CX1:
ip route 100.68.X0.0 255.255.255.0 null0 ipv6 route 2001:db8:X0::/48 null0
These are called a “pull up routes”
Get the list of learned paths again. You should see both your prefix and the neighbour’s.
Q. Why are these routes needed?
All groups must finish this part before continuing. Please do NOT continue until the instructor says so.
Refer to the IP Address Plan document for information about the IP address plan for the network infrastructure for these labs.
Configure your BX1 router to connect to the NREN with a point-to-point link.
NRENs: Use the configuration in the Appendix.
On B11:
interface GigabitEthernet1/0 description P2P Link to NREN1 ip address 100.101.1.2 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:11:0:10::1/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown
Make sure that it's up and that you can ping the other side:
B11# ping 100.101.1.1 B11# ping 2001:11:0:10::0
Do some traceroutes to other networks again:
B11# traceroute 100.68.20.1 B11# traceroute 100.68.30.1
Has anything changed since the last exercise?
Notice that before we had only one connection to the Internet - via the ISP. Now we have two. But we are still using a default route pointing to the ISP only!
We could add another default route pointing to the NREN, but that would not give us much flexibility in terms of traffic policies. Keep going.
Configure eBGP sessions to the ISP and the NREN
On B11:
router bgp 10 address-family ipv4 neighbor 100.101.1.1 remote-as 101 neighbor 100.101.1.1 description eBGP with NREN1 neighbor 100.101.1.1 password NSRC-BGP neighbor 100.101.1.1 activate ! address-family ipv6 neighbor 2001:11:0:10:: remote-as 101 neighbor 2001:11:0:10:: description eBGP with NREN1 neighbor 2001:11:0:10:: password NSRC-BGP neighbor 2001:11:0:10:: activate
Notice that with eBGP we no longer use the loopback address as the endpoint of the BGP session, as we did with iBGP. Why?
On B12:
router bgp 10 address-family ipv4 neighbor 100.121.1.1 remote-as 121 neighbor 100.121.1.1 description eBGP with ISP1 neighbor 100.121.1.1 password NSRC-BGP neighbor 100.121.1.1 activate ! address-family ipv6 neighbor 2001:18:0:10:: remote-as 121 neighbor 2001:18:0:10:: description eBGP with ISP1 neighbor 2001:18:0:10:: password NSRC-BGP neighbor 2001:18:0:10:: activate
Check that the BGP sessions are up on both routers:
show ip bgp summary show bgp ipv6 unicast summary
Once those are up, check if you are learning any prefixes:
B11# show ip bgp neighbor 100.101.1.1 routes B11# show bgp ipv6 uni neighbor 2001:11:0:10:: routes
Verify what you are advertising to the NREN:
B11# show ip bgp neighbor 100.101.1.1 advertised-routes B11# show bgp ipv6 uni neighbor 2001:11:0:10:: advertised-routes
… and to the ISP:
B12# show ip bgp neighbor 100.121.1.1 advertised-routes B12# sh bgp ipv6 uni neigh 2001:18:0:10:: advertised
Are you perhaps announcing other prefixes that don't originate in your AS? If so, can you remember what serious negative implications this could have? Please stop and think about this. Ask the instructor if you need clarification.
Create prefix lists for your outbound filters. Outbound filters for BX1 and BX2 are the same:
ip prefix-list ASX0-out permit 100.68.X0.0/24 ipv6 prefix-list ASX0-v6-out permit 2001:db8:X0::/48
As you can see, we are only allowing our aggregate out to the Internet. Sending smaller prefixes (if we had any) serves no useful purpose at all.
Now create prefix lists for your inbound filters. Notice the descriptive names for the prefix lists.
On BX1:
ip prefix-list nren-in deny 100.68.X0.0/24 le 32 ip prefix-list nren-in permit 0.0.0.0/0 le 32 ! ipv6 prefix-list nren-v6-in deny 2001:db8:X0::/48 le 128 ipv6 prefix-list nren-v6-in permit ::/0 le 128
On BX2:
ip prefix-list isp-in deny 100.68.X0.0/24 le 32 ip prefix-list isp-in permit 0.0.0.0/0 le 32 ! ipv6 prefix-list isp-v6-in deny 2001:db8:X0::/48 le 128 ipv6 prefix-list isp-v6-in permit ::/0 le 128
Notice how we are matching the aggregate as well as all possible subnets of our address blocks. This protects against some other network announcing any of our prefixes (whatever subnet size) to us.
Now apply these prefix-lists to the BGP sessions with the ISP and the NREN.
On B11:
router bgp 10 address-family ipv4 neighbor 100.101.1.1 prefix-list nren-in in neighbor 100.101.1.1 prefix-list AS10-out out ! address-family ipv6 neighbor 2001:11:0:10:: prefix-list nren-v6-in in neighbor 2001:11:0:10:: prefix-list AS10-v6-out out
On B12:
router bgp 10 address-family ipv4 neighbor 100.121.1.1 prefix-list isp-in in neighbor 100.121.1.1 prefix-list AS10-out out ! address-family ipv6 neighbor 2001:18:0:10:: prefix-list isp-v6-in in neighbor 2001:18:0:10:: prefix-list AS10-v6-out out
Use the BGP route refresh capability to resend the information to the peer. Use the AS number of the peer rather than the IP address (much less typing for IPv6) in the route refresh command:
B11# clear ip bgp 101 out B11# clear bgp ipv6 unicast 101 out
B12# clear ip bgp 121 out B12# clear bgp ipv6 unicast 121 out
You should now be advertising only your own address space. Check with the ISP and NREN administrators to make sure that they are receiving your prefix.
The administrators of the NREN routers need to set up connectivity and BGP with the RREN router. The administrators will either be the workshop instructors, or members of the workshop itself.
The suggested configuration for the RREN router is in Appendix A. A suggested configuration for the NREN1 router is in Appendix B - the configuration for the NREN2 router will be very similar. These configurations uses all the best practice ideas we have been using in the labs so far.
Bring up BGP between the NREN routers and the RREN and check that the prefixes originated by NREN1, NREN2 and the RREN are all visible in each other's BGP tables.
The administrators of the ISP routers need to set up between each other and the RREN router as well. The administrators will either be the workshop instructors, or members of the workshop itself.
A suggested configuration for the ISP1 router is in Appendix C - the configuration for the ISP2 router will be very similar. These configurations uses all the best practice ideas we have been using in the labs so far.
Bring up BGP between the RREN and the ISP routers across the Internet Exchange Point. Check that the prefixes originated by ISP1, ISP2 and the RREN are all visible in each other's BGP tables.
Now your ISP has learned a route to reach your network, correct? The ISPs can now safely remove the static routes pointing to you and the other customers:
ISP1:
no ip route 100.68.10.0 255.255.255.0 100.121.1.2 no ip route 100.68.20.0 255.255.255.0 100.121.1.6 no ip route 100.68.30.0 255.255.255.0 100.121.1.10 ! no ipv6 route 2001:db8:10::/48 2001:18:0:10::1 no ipv6 route 2001:db8:20::/48 2001:18:0:11::1 no ipv6 route 2001:db8:30::/48 2001:18:0:12::1
ISP2:
no ip route 100.68.40.0 255.255.255.0 100.122.1.2 no ip route 100.68.50.0 255.255.255.0 100.122.1.6 no ip route 100.68.60.0 255.255.255.0 100.122.1.10 ! no ipv6 route 2001:db8:40::/48 2001:19:0:10::1 no ipv6 route 2001:db8:50::/48 2001:19:0:11::1 no ipv6 route 2001:db8:60::/48 2001:19:0:12::1
In the previous exercise, we created default routes on both routers. But thanks to BGP, we should now be receiving routes from our NREN and our ISP.
Let's check first (do this on both routers):
show ip bgp show bgp ipv6 unicast show ip route show ipv6 route
You should be learning routes advertised by other groups, and also from the NRENs and the ISPs.
Remove your static default routes from routers BX2:
On B12:
no ip route 0.0.0.0 0.0.0.0 100.121.1.1 no ipv6 route ::/0 2001:18:0:10::
You should be able to ping any other router now. If you can't, wait for other groups to finish. If other groups are finished, work them to work out what might be wrong. If you cannot see what is wrong, ask the instructors.
Use traceroute to verify the paths that packets are following towards various destinations:
B11# traceroute 100.100.0.1 B11# traceroute 100.68.30.2 ...
Repeat the same tests from the other router in your AS and compare. Use the diagram to help you visualise it.
All groups must finish this part before continuing. Please do NOT continue until the instructor says so.
Direct traffic exchanges are usually established at no charge between two autonomous systems that want to save costs. The savings are achieved by not having to carry that traffic over expensive transit links via commercial providers. Also, these direct exchanges have the added benefit of reducing latency because there are fewer hops.
Usually traffic exchanges occur at public exchange points, also known as IXPs. The simplest kind of exchange point is a Layer-2 switch. In this exercise, we will simply configure direct links between routers, which is basically the same thing as connecting through a switch.
This section sets up peering between adjacent groups in the classroom network.
Configure a point-to-point link to your neighbour AS as shown in the diagram. Consult th address plan used for the workshop to see which subnet addresses you should use.
For example, on B12:
interface GigabitEthernet3/0 description Link to B21 ip address 100.68.10.25 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:db8:10:12::/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown
Configure prefix lists for your inbound filters
On B12:
ip prefix-list AS20-in permit 100.68.20.0/24 ipv6 prefix-list AS20-v6-in permit 2001:db8:20::/48
The equivalent needs to be done on B21 (which connects directly to B12).
Prefix lists for outbound filters should still exist from a previous step. You can verify like this:
B12#show ip prefix-list AS10-out B12#show ipv6 prefix-list AS10-v6-out
Now create the BGP sessions and apply those inbound/outbound filters:
On B12:
router bgp 10 address-family ipv4 neighbor 100.68.10.26 remote-as 20 neighbor 100.68.10.26 description eBGP with AS20 neighbor 100.68.10.26 password NSRC-BGP neighbor 100.68.10.26 prefix-list AS10-out out neighbor 100.68.10.26 prefix-list AS20-in in neighbor 100.68.10.26 activate ! address-family ipv6 neighbor 2001:db8:10:12::1 remote-as 20 neighbor 2001:db8:10:12::1 description eBGP with AS20 neighbor 2001:db8:10:12::1 password NSRC-BGP neighbor 2001:db8:10:12::1 prefix-list AS10-v6-out out neighbor 2001:db8:10:12::1 prefix-list AS20-v6-in in neighbor 2001:db8:10:12::1 activate
The equivalent needs to be done for B21.
Verify that the sessions are up:
B12# show ip bgp summary B12# show ipv6 bgp unicast summary
…and that you are learning the prefix directly from the neighbour:
B12# show ip bgp neighbor 100.68.10.22 routes B12# show bgp ipv6 unicast neighbor 2001:db8:10:11::1 routes
Do some traceroutes towards your peer and make sure that the path is direct.
Remember to save your configurations.
You are done! You have configured BGP in a multihomed environment and BGP is selecting the paths based on default values.
The BGP session between the NREN and the ISP will need to be set up as shown in the diagram.
First create the interface on the NREN router and on the ISP router using exactly the same best practice configurations we used at the start of the workshop.
For NREN1:
interface GigabitEthernet2/0 description P2P Link to ISP1 ip address 100.101.2.1 255.255.255.252 no ip redirects no ip proxy-arp ipv6 address 2001:11:0:20::/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown !
Do the same for the ISP1, NREN2 and ISP2 routers. They will have a very similar configuration, just the addresses will be different - refer to the address plan.
And then set up the external BGP session between the NREN and ISP routers. Here is a sample configuration for the ISP1 router:
router bgp 121 address-family ipv4 neighbor 100.101.2.1 remote-as 101 neighbor 100.101.2.1 description eBGP with NREN1 (AS101) neighbor 100.101.2.1 password NSRC-BGP neighbor 100.101.2.1 activate ! address-family ipv6 neighbor 2001:11:0:20:: remote-as 101 neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101) neighbor 2001:11:0:20:: password NSRC-BGP neighbor 2001:11:0:20:: activate !
The configuration for NREN1, NREN2 and ISP2 routers will be very similar - again refer to the address plan for the correct IP addresses to use.
The sample configuration for the RREN is below.
hostname RREN aaa new-model aaa authentication login default local aaa authentication enable default enable username nsrc secret nsrc-PW enable secret nsrc-EN service password-encryption line vty 0 4 transport preferred none line console 0 transport preferred none no logging console logging buffered 8192 debugging no ip domain-lookup ipv6 unicast-routing ipv6 cef no ip source-route no ipv6 source-route ! interface Loopback0 ip address 100.100.0.1 255.255.255.255 ipv6 address 2001:10::1/128 ! interface GigabitEthernet1/0 description P2P Link to NREN1 ip address 100.100.1.1 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:10:0:10::/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown ! interface GigabitEthernet2/0 description P2P Link to NREN2 ip address 100.100.1.5 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:10:0:11::/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown ! interface GigabitEthernet3/0 description Link to IXP ip address 100.127.1.3 255.255.255.0 no ip redirects no ip proxy-arp ipv6 address 2001:DB8:FFFF:1::3/64 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown ! router bgp 100 bgp log-neighbor-changes bgp deterministic-med no bgp default ipv4-unicast address-family ipv4 distance bgp 200 200 200 network 100.100.0.0 mask 255.255.0.0 neighbor 100.100.1.2 remote-as 101 neighbor 100.100.1.2 description eBGP with NREN1 (AS101) neighbor 100.100.1.2 password NSRC-BGP neighbor 100.100.1.2 activate neighbor 100.100.1.6 remote-as 102 neighbor 100.100.1.6 description eBGP with NREN2 (AS102) neighbor 100.100.1.6 password NSRC-BGP neighbor 100.100.1.6 activate neighbor 100.127.1.1 remote-as 121 neighbor 100.127.1.1 description eBGP with ISP1 (AS121) neighbor 100.127.1.1 password NSRC-BGP neighbor 100.127.1.1 activate neighbor 100.127.1.2 remote-as 122 neighbor 100.127.1.2 description eBGP with ISP2 (AS122) neighbor 100.127.1.2 password NSRC-BGP neighbor 100.127.1.2 activate ! address-family ipv6 distance bgp 200 200 200 network 2001:10::/32 neighbor 2001:10:0:10::1 remote-as 101 neighbor 2001:10:0:10::1 description eBGP with NREN1 (AS101) neighbor 2001:10:0:10::1 password NSRC-BGP neighbor 2001:10:0:10::1 activate neighbor 2001:10:0:11::1 remote-as 102 neighbor 2001:10:0:11::1 description eBGP with NREN2 (AS102) neighbor 2001:10:0:11::1 password NSRC-BGP neighbor 2001:10:0:11::1 activate neighbor 2001:DB8:FFFF:1::1 remote-as 121 neighbor 2001:DB8:FFFF:1::1 description eBGP with ISP1 (AS121) neighbor 2001:DB8:FFFF:1::1 password NSRC-BGP neighbor 2001:DB8:FFFF:1::1 activate neighbor 2001:DB8:FFFF:1::2 remote-as 122 neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122) neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP neighbor 2001:DB8:FFFF:1::2 activate ! ip route 100.100.0.0 255.255.0.0 null0 ipv6 route 2001:10::/32 null0
The sample configuration for NREN1 is below. NREN2's configuration will be very similar, so modify accordingly.
hostname NREN1 aaa new-model aaa authentication login default local aaa authentication enable default enable username nsrc secret nsrc-PW enable secret nsrc-EN service password-encryption line vty 0 4 transport preferred none line console 0 transport preferred none no logging console logging buffered 8192 debugging no ip domain-lookup ipv6 unicast-routing ipv6 cef no ip source-route no ipv6 source-route ! interface Loopback0 ip address 100.101.0.1 255.255.255.255 ipv6 address 2001:11::1/128 ! interface GigabitEthernet1/0 description P2P Link to RREN ip address 100.100.1.2 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:10:0:10::1/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown ! ! (repeat for Group 2 and Group 3 using Gig4/0 and 5/0) interface GigabitEthernet3/0 description P2P Link to R11 ip address 100.101.1.1 255.255.255.252 no ip directed-broadcast no ip redirects no ip proxy-arp ipv6 address 2001:11:0:10::/127 ipv6 nd prefix default no-advertise ipv6 nd ra suppress no shutdown ! ! inbound filter for AS10 - repeat for AS20 and AS30 ip prefix-list AS10-in permit 100.68.10.0/24 ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48 ! router bgp 101 bgp log-neighbor-changes bgp deterministic-med no bgp default ipv4-unicast address-family ipv4 distance bgp 200 200 200 network 100.101.0.0 mask 255.255.0.0 neighbor 100.101.1.2 remote-as 10 neighbor 100.101.1.2 description eBGP with AS10 neighbor 100.101.1.2 password NSRC-BGP neighbor 100.101.1.2 prefix-list AS10-in in neighbor 100.101.1.2 activate (repeat for AS20 and AS30) neighbor 100.100.1.1 remote-as 100 neighbor 100.100.1.1 description eBGP with RREN (AS100) neighbor 100.100.1.1 password NSRC-BGP neighbor 100.100.1.1 activate ! address-family ipv6 distance bgp 200 200 200 network 2001:11::/32 neighbor 2001:11:0:10::1 remote-as 10 neighbor 2001:11:0:10::1 description eBGP with AS10 neighbor 2001:11:0:10::1 password NSRC-BGP neighbor 2001:11:0:10::1 prefix-list AS10-v6-in in neighbor 2001:11:0:10::1 activate (repeat for AS20 and AS30) neighbor 2001:10:0:10:: remote-as 100 neighbor 2001:10:0:10:: description eBGP with RREN (AS100) neighbor 2001:10:0:10:: password NSRC-BGP neighbor 2001:10:0:10:: activate ! ip route 100.101.0.0 255.255.0.0 null0 ipv6 route 2001:11::/32 null0
Note: This is in addition to what was configured in the previous exercise.
interface Loopback0 ip address 100.121.0.1 255.255.255.255 ipv6 address 2001:18::1/128 ! ! (filters for Group 1 - repeat for Group 2 and 3) ip prefix-list AS10-in permit 100.68.10.0/24 ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48 ! router bgp 121 bgp log-neighbor-changes no bgp default ipv4-unicast bgp deterministic-med address-family ipv4 distance bgp 200 200 200 network 100.121.0.0 mask 255.255.0.0 neighbor 100.101.2.1 remote-as 101 neighbor 100.101.2.1 description eBGP with NREN1 (AS101) neighbor 100.101.2.1 password NSRC-BGP neighbor 100.101.2.1 activate neighbor 100.121.1.2 remote-as 10 neighbor 100.121.1.2 description eBGP with AS10 neighbor 100.121.1.2 password NSRC-BGP neighbor 100.121.1.2 prefix-list AS10-in in neighbor 100.121.1.2 activate (repeat for AS20 and AS30) neighbor 100.127.1.2 remote-as 122 neighbor 100.127.1.2 description eBGP with ISP2 (AS122) neighbor 100.127.1.2 password NSRC-BGP neighbor 100.127.1.3 activate neighbor 100.127.1.3 remote-as 100 neighbor 100.127.1.3 description eBGP with RREN (AS100) neighbor 100.127.1.3 password NSRC-BGP neighbor 100.127.1.3 activate ! address-family ipv6 distance bgp 200 200 200 network 2001:18::/32 neighbor 2001:11:0:20:: remote-as 101 neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101) neighbor 2001:11:0:20:: password NSRC-BGP neighbor 2001:11:0:20:: activate neighbor 2001:18:0:10::1 remote-as 10 neighbor 2001:18:0:10::1 description eBGP with AS10 neighbor 2001:18:0:10::1 password NSRC-BGP neighbor 2001:18:0:10::1 prefix-list AS10-v6-in in neighbor 2001:18:0:10::1 activate (repeat for AS20 and AS30) neighbor 2001:DB8:FFFF:1::2 remote-as 122 neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122) neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP neighbor 2001:DB8:FFFF:1::2 activate neighbor 2001:DB8:FFFF:1::3 remote-as 100 neighbor 2001:DB8:FFFF:1::3 description eBGP with RREN (AS100) neighbor 2001:DB8:FFFF:1::3 password NSRC-BGP neighbor 2001:DB8:FFFF:1::3 activate ! ip route 100.121.0.0 255.255.0.0 null0 ipv6 route 2001:18::/32 null0