You are required to configure the peering between the BGP autonomous systems as described; pay particular attention to the update source of each router. You should ensure that no synchronization is configured on all IBGP routers R1, R2, R3, R5, R6, R7, and R8 because BGP will not be fully synchronized with the underlying IGP. The next question prompts you to redistribute your connected loopback interfaces so you will need to disable auto summarization on all routers with the command no auto-summary; otherwise, only the entire classfull network will be advertised. You will also need to configure a peer group on R6, which has multiple peers to the same remote AS to minimize configuration; as can be seen R4, R5, and R7 only peer to R6 so you will have to configure R6 as a route reflector. If you have configured this correctly as shown in Example 3-33 through Example 3-40, you have scored 3 points. Example 3-33. R1 Initial BGP Configurationrouter bgp 10 no synchronization neighbor 10.6.6.6 remote-as 11 neighbor 10.6.6.6 ebgp-multihop 3 neighbor 10.6.6.6 update-source FastEthernet0/0 neighbor 10.8.8.8 remote-as 10 neighbor 10.8.8.8 update-source FastEthernet0/0 neighbor 172.16.0.1 remote-as 1 neighbor 172.16.0.1 ebgp-multihop 2 neighbor 172.16.0.1 update-source FastEthernet0/0 no auto-summary Example 3-34. R2 Initial BGP Configurationrouter bgp 1 no synchronization neighbor 10.80.80.1 remote-as 10 neighbor 10.80.80.1 ebgp-multihop 2 neighbor 10.80.80.1 update-source FastEthernet0/0 neighbor 172.16.0.2 remote-as 1 no auto-summary Example 3-35. R3 Initial BGP Configurationrouter bgp 1 no synchronization neighbor 172.16.0.1 remote-as 1 no auto-summary Example 3-36. R4 Initial BGP Configurationrouter bgp 12 neighbor 10.6.6.6 remote-as 11 neighbor 10.6.6.6 ebgp-multihop 3 neighbor 10.6.6.6 update-source Loopback0 no auto-summary Example 3-37. R5 Initial BGP Configurationrouter bgp 11 no synchronization neighbor 10.6.6.6 remote-as 11 neighbor 10.6.6.6 update-source Loopback0 no auto-summary Example 3-38. R6 Initial BGP Configurationrouter bgp 11 no synchronization neighbor internal peer-group neighbor internal remote-as 11 neighbor internal update-source Loopback0 neighbor internal route-reflector-client neighbor 10.4.4.4 remote-as 12 neighbor 10.4.4.4 ebgp-multihop 3 neighbor 10.4.4.4 update-source Loopback0 neighbor 10.5.5.5 peer-group internal neighbor 10.7.7.7 peer-group internal neighbor 10.80.80.1 remote-as 10 neighbor 10.80.80.1 ebgp-multihop 3 neighbor 10.80.80.1 update-source Loopback0 no auto-summary Example 3-39. R7 Initial BGP Configurationrouter bgp 11 no synchronization neighbor 10.6.6.6 remote-as 11 neighbor 10.6.6.6 update-source Loopback0 no auto-summary Example 3-40. R8 Initial BGP Configurationrouter bgp 10 no synchronization neighbor 10.80.80.1 remote-as 10 neighbor 10.80.80.1 update-source Loopback0 no auto-summary
R1 10.1.1.1/28 R2 2.2.2.2/28 R3 3.3.3.3/28 R4 10.4.4.4/28 R5 10.5.5.5/28 R6 10.6.6.6/28 R7 10.7.7.7/28 R8 10.8.8.8/28 To begin with, you need to configure new loopback interfaces on R2 and R3. Because you cannot use the network command, you will have to redistribute your connected interfaces with a route-map that just includes the loopback with a metric of 100. This is not a difficult question but it will sap your time with repetitive configuration; consider cutting and pasting the common parts for each router as shown in Example 3-41. Example 3-41. Loopback Advertisement Cut and Pasteredistribute connected metric 100 route-map Loopback exit route-map Loopback permit 10 match ip address 10 exit access-list 10 permit NOTE Create the preceding configuration within notepad and paste it into each router under the appropriate BGP process; simply type in your loopback IP address after the access-list 10 permit statement. This is a good time-saving technique but be careful with the small changes that will be required for each router. If you have configured this correctly, regardless of if you used the shortcut method or not, you have scored 2 points. After you have successfully injected the networks into BGP, you should notice that you now have introduced a problem (if you are debugging the IP routing table or if you have spotted that the majority of your routers are peering to loopback networks advertised within the IGP, which are then also advertised within BGP). If you had not spotted an issue at this point, it would become apparent later as you view your BGP tables throughout the lab; they will be constantly changing. Example 3-42 shows the console output from R6. Example 3-42. R6 Console Output R6#debug ip routing 00:37:38: RT: recursion error routing 10.4.4.4 - probable routing loop 00:37:39: RT: recursion error routing 10.4.4.4 - probable routing loop 00:37:48: RT: recursion error routing 10.4.4.4 - probable routing loop 00:37:49: RT: recursion error routing 10.4.4.4 - probable routing loop 00:37:56: RT: del 10.4.4.0/28 via 10.4.4.4, bgp metric [20/100] 00:37:56: RT: delete subnet route to 10.4.4.0/28 00:37:56: RT: add 10.4.4.0/28 via 10.100.100.3, ospf metric [110/782] TIP Consider using the debug ip routing command on all your routers during your lab, it is a very useful command that will tell you immediately of changes to the IP routing table on a router and could save you valuable points. R6 is reporting a recursive routing loop to 10.4.4.0/28. This is because of the fact that it is actually peering to 10.4.4.4, which it previously learnt through OSPF; as soon as network 10.4.4.0/28 is learnt through BGP; it replaces the OSPF route in the routing table because of the more preferable AD that external BGP offers. This is then replaced by the original OSPF route, which leads to the reported loop. This problem is common to each router that peers to a loopback network also advertised within BGP so a fix is required for R1, R4, R5, R6, R7, and R8. By configuring a backdoor route to the loopback networks, the OSPF routes will be chosen over the external BGP routes and recursive issue is resolved. It is, however, good practice to ensure that the IGP routes are always chosen over the BGP routes regardless of whether the networks are used for peering or not, so every BGP router should be configured with the relevant backdoor routes. If you have configured this correctly as shown in Example 3-43 through Example 3-50 over and above the original peering, you have scored an additional 3 points. If you have only applied the backdoor peering fix to R1, R4, R5, R6, R7, and R8, you have only scored 2 points. Example 3-43. R1 Backdoor Routesrouter bgp 10 network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-44. R2 Backdoor Routesrouter bgp 1 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-45. R3 Backdoor Routesrouter bgp 1 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-46. R4 Backdoor Routesrouter bgp 12 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-47. R5 Backdoor Routesrouter bgp 11 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-48. R6 Backdoor Routesrouter bgp 11 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-49. R7 Backdoor Routesrouter bgp 11 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.8.8.0 mask 255.255.255.240 backdoor Example 3-50. R8 Backdoor Routesrouter bgp 10 network 10.1.1.0 mask 255.255.255.240 backdoor network 10.4.4.0 mask 255.255.255.240 backdoor network 10.5.5.0 mask 255.255.255.240 backdoor network 10.6.6.0 mask 255.255.255.240 backdoor network 10.7.7.0 mask 255.255.255.240 backdoor
This is a simple aggregation configuration on R6. Example 3-51 shows the BGP routing table on R4 AS12 pre-configuration on R6 detailing the original attributes in the form of AS path; network 2.2.2.0/28 is shown to originate from AS1 and passes through AS10 and AS11 before reaching AS12. Example 3-51. R4 Network 2.2.2.0/28 Original AttributesR4#sh ip bgp BGP table version is 211, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - intern Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/28 10.6.6.6 0 11 10 1 ? *> 3.3.3.0/28 10.6.6.6 0 11 10 1 ? *> 10.1.1.0/28 10.6.6.6 0 11 10 ? *> 10.4.4.0/28 0.0.0.0 100 32768 ? *> 10.5.5.0/28 10.6.6.6 0 11 ? *> 10.6.6.0/28 10.6.6.6 100 0 11 ? *> 10.7.7.0/28 10.6.6.6 0 11 ? *> 10.8.8.0/28 10.6.6.6 0 11 10 ? If R6 is configured with aggregate-address 2.2.2.0 255.255.255.0 summary-only to extend the range of this network to a /24, the original attributes are lost in the form of AS path as shown in Example 3-52; the network now appears to originate from AS11. Example 3-52. R4 Network 2.2.2.0/24 Post SummarizationR4#sh ip bgp BGP table version is 213, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/24 10.6.6.6 0 11 i *> 3.3.3.0/28 10.6.6.6 0 11 10 1 ? *> 10.1.1.0/28 10.6.6.6 0 11 10 ? *> 10.4.4.0/28 0.0.0.0 100 32768 ? *> 10.5.5.0/28 10.6.6.6 0 11 ? *> 10.6.6.0/28 10.6.6.6 100 0 11 ? *> 10.7.7.0/28 10.6.6.6 0 11 ? *> 10.8.8.0/28 10.6.6.6 0 11 10 ? R6 requires the as-set option enabled within the summarization command to maintain the original AS path attributes. If you have configured R6 with aggregate-address 2.2.2.0 255.255.255.0 summary-only as-set, you have scored 2 points. Example 3-53 shows network 2.2.2.0 with the original attributes as seen by R4; the network is now seen to originate from AS1. Example 3-53. R4 Network 2.2.2.0/24 Post SummarizationR4#sh ip bgp BGP table version is 213, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/24 10.6.6.6 0 11 10 1 ? *> 3.3.3.0/28 10.6.6.6 0 11 10 1 ? *> 10.1.1.0/28 10.6.6.6 0 11 10 ? *> 10.4.4.0/28 0.0.0.0 100 32768 ? *> 10.5.5.0/28 10.6.6.6 0 11 ? *> 10.6.6.0/28 10.6.6.6 100 0 11 ? *> 10.7.7.0/28 10.6.6.6 0 11 ? *> 10.8.8.0/28 10.6.6.6 0 11 10 ?
A route-dampening question that is very straightforward, you are given all the information that you require and it is just a case of typing it in correctly. The question does lead you into configuring the values presented in order but beware as the order on the router is Half-life first then Reuse-value. If you typed the values in the wrong order, don't worry but do learn from it as it is an easy mistake to make when you are low on time. If you have configured this correctly as shown in Example 3-54, you have scored 2 points. Example 3-54. Route Dampening Configurationrouter bgp 11 bgp dampening route-map 3.3.3.0 ! access-list 11 permit 3.3.3.0 0.0.0.15 ! route-map 3.3.3.0 permit 10 match ip address 11 set dampening 20 30 1000 130 ! route-map 3.3.3.0 permit 20
The question is asking you to configure BGP conditional advertisements; you have the ability to advertise selective networks to neighbors depending on which networks are present within your own AS. The configuration for R1 and R2 is shown in Example 3-55 and Example 3-56. Example 3-55. R1 Conditional Advertisement Configurationinterface Loopback1 ip address 11.11.11.11 255.255.255.0 ! router bgp 10 network 11.11.11.0 mask 255.255.255.0 neighbor 10.8.8.8 advertise-map SEND non-exist-map MISSING ! access-list 12 permit 11.11.11.0 0.0.0.255 access-list 13 permit 22.22.22.0 0.0.0.255 ! route-map SEND permit 10 match ip address 12 ! route-map MISSING permit 10 match ip address 13 Example 3-56. R2 BGP Network 22.22.22.0/24 Setupinterface Loopback2 ip address 22.22.22.22 255.255.255.0 router bgp 1 network 22.22.22.0 mask 255.255.255.0 Example 3-57 shows the BGP table on R1; because network 22.22.22.0/24 is present on R1 it will not advertise network 11.11.11.0/24 to R8 as shown in Example 3-58. Example 3-57. R1 BGP TableR1#sh ip bgp BGP table version is 15, local router ID is 11.11.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/28 172.16.0.1 100 0 1 ? *> 3.3.3.0/28 172.16.0.1 0 1 ? *> 10.1.1.0/28 0.0.0.0 100 32768 ? *> 10.4.4.0/28 10.6.6.6 0 11 12 ? *> 10.5.5.0/28 10.6.6.6 0 11 ? *> 10.6.6.0/28 10.6.6.6 100 0 11 ? *> 10.7.7.0/28 10.6.6.6 0 11 ? *>i10.8.8.0/28 10.8.8.8 100 100 0 ? *> 11.11.11.0/24 0.0.0.0 100 32768 i *> 22.22.22.0/24 172.16.0.1 100 0 1 i Example 3-58. R8 BGP TableR8#sh ip bgp BGP table version is 10, local router ID is 10.8.8.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i2.2.2.0/28 172.16.0.1 100 100 0 1 ? * i3.3.3.0/28 172.16.0.1 100 0 1 ? *>i10.1.1.0/28 10.80.80.1 100 100 0 ? *>i10.4.4.0/28 10.80.80.1 100 0 11 12 ? *>i10.5.5.0/28 10.80.80.1 100 0 11 ? *>i10.6.6.0/28 10.80.80.1 100 100 0 11 ? *>i10.7.7.0/28 10.80.80.1 100 0 11 ? *> 10.8.8.0/28 0.0.0.0 100 32768 ? *>i22.22.22.0/24 10.80.80.1 100 100 0 1 i When the loopback 1 on R2 is removed, R1 loses visibility of network 22.22.22.0/24 and then begins to advertise network 11.11.11.0/24 to R8 as shown in Example 3-59. Example 3-59. Removal of Network 22.22.22.0/24 and Advertisement of Network 11.11.11.0/24R2#debug ip routing R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#no int lo2 R2(config)# 00:31:09: RT: delete route to 22.22.22.0 via 0.0.0.0, Loopback2 00:31:09: RT: no routes to 22.22.22.0, flushing 00:31:09: RT: delete network route to 22.0.0.0^Z ________________________________________________________________ R1#debug ip routing 00:31:09: RT: del 22.22.22.0/24 via 172.16.0.1, bgp metric [20/100] 00:31:09: RT: delete subnet route to 22.22.22.0/24 00:31:09: RT: delete network route to 22.0.0.0 ________________________________________________________________ R8#debug ip routing 00:31:09: RT: del 22.22.22.0/24 via 10.80.80.1, bgp metric [200/100] 00:31:09: RT: delete subnet route to 22.22.22.0/24 00:31:09: RT: delete network route to 22.0.0.0 00:32:03: RT: add 11.11.11.0/24 via 10.80.80.1, bgp metric [200/100] R8#sh ip bgp BGP table version is 12, local router ID is 10.8.8.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - interna Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i10.1.1.0/28 10.80.80.1 100 100 0 ? *>i10.4.4.0/28 10.80.80.1 100 0 11 12 ? *>i10.5.5.0/28 10.80.80.1 100 0 11 ? *>i10.6.6.0/28 10.80.80.1 100 100 0 11 ? *>i10.7.7.0/28 10.80.80.1 100 0 11 ? *> 10.8.8.0/28 0.0.0.0 100 32768 ? *>i11.11.11.0/24 10.80.80.1 100 100 0 i If you have configured this correctly as shown in Example 3-54 and 3-55 you have scored 4 points.
Because you can only configure R5, you only have two options to stop R6 advertising network 5.5.5.0/28; this is by tagging the network with a community of no-export or local-AS. By doing this, the route will stay locally within AS11 but will not be permitted to be advertised to external BGP peers. If you have configured this correctly as shown in Example 3-60, you have scored 2 points. Example 3-60. R5 Network 5.5.5.0/28 no-export Configurationinterface Loopback1 ip address 5.5.5.5 255.255.255.240 router bgp 11 network 5.5.5.0 mask 255.255.255.240 neighbor 10.6.6.6 send-community neighbor 10.6.6.6 route-map community out access-list 11 permit 5.5.5.0 0.0.0.15 ! route-map community permit 10 match ip address 11 set community no-export route-map community permit 20 Example 3-61 shows the BGP entry for network 5.5.5.0/28 after configuration on R5; it will now only propagate this network internally. Example 3-61. R6 Network 5.5.5.0/28 EntryR6#sh ip bgp 5.5.5.5 BGP routing table entry for 5.5.5.0/28, version 61 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBG P peer) Flag: 0x208 Advertised to peer-groups: internal Local, (Received from a RR-client) 10.5.5.5 (metric 2) from 10.5.5.5 (10.5.5.5) Origin IGP, metric 100, localpref 100, valid, internal, best Community: no-export
BGP has a feature called Fast External Fallover, which immediately resets the BGP sessions of directly adjacent external peers when the link between them fails; this is enabled by default. By configuring R2 with the command no bgp fast-external-fallover under the BGP process, you can maintain the sessions to future peers configured in the same manner if the VLAN fails but is quickly restored. If you have configured this correctly, you have scored 2 points.
To achieve this, you are required to configure password authentication between peers R2 and R3 within AS1. This MD5 encrypted password will stop hackers from sending spoofed routing updates or hostile TCP resets. The BGP neighbor statement must be configured with a password as shown in Example 3-62 for R2 and Example 3-63 for R3. If you have configured this correctly on each router, you have scored 2 points. Example 3-62. R2 MD5 Authenticationrouter bgp 1 neighbor 172.16.0.2 password valencia Example 3-63. R3 MD5 Authenticationrouter bgp 1 neighbor 172.16.0.1 password valencia
The only router that should have a connectivity issue is R8. Example 3-64 shows that networks 2.2.2.0/28 and 3.3.3.0/28 show a next hop of 172.16.0.1. You should remember that within the redistribution section you were not requested to perform mutual redistribution and, hence, network 172.16.0.0/16 is not visible to your OSPF network with the exception of R1; this is why the ping testing fails. Example 3-64. R8 BGP Reach Ability TestingR8#sh ip bgp BGP table version is 113, local router ID is 10.8.8.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i2.2.2.0/28 172.16.0.1 100 100 0 1 ? * i3.3.3.0/28 172.16.0.1 100 0 1 ? *>i10.1.1.0/28 10.80.80.1 100 100 0 ? *>i10.4.4.0/28 10.6.6.6 100 0 11 12 ? *>i10.5.5.0/28 10.6.6.6 100 0 11 ? *>i10.6.6.0/28 10.6.6.6 100 100 0 11 ? *>i10.7.7.0/28 10.6.6.6 100 0 11 ? *> 10.8.8.0/28 0.0.0.0 100 32768 ? * i22.22.22.0/24 172.16.0.1 100 100 0 1 i R8#ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R8#ping 3.3.3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) The next hop field for networks 2.2.2.0/28 and 3.3.3.0/28 needs to be set to that of R1, which is reachable via R8. By configuring R1 with the command neighbor 10.8.8.8 next-hop-self as shown in Example 3-65 and with the resulting change on R8's BGP table, the networks are now reachable. If you configured this correctly, you have scored 1 point. Example 3-65. R8 BGP Reach Ability TestingR1(config)#router bgp 10 R1(config-router)#neighbor 10.8.8.8 next-hop-self ________________________________________________________________ R8#sh ip bgp BGP table version is 50, local router ID is 10.8.8.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i2.2.2.0/28 10.80.80.1 100 100 0 1 ? *>i3.3.3.0/28 10.80.80.1 100 0 1 ? *>i10.1.1.0/28 10.80.80.1 100 100 0 ? *>i10.4.4.0/28 10.80.80.1 100 0 11 12 ? *>i10.5.5.0/28 10.80.80.1 100 0 11 ? *>i10.6.6.0/28 10.80.80.1 100 100 0 11 ? *>i10.7.7.0/28 10.80.80.1 100 0 11 ? *> 10.8.8.0/28 0.0.0.0 100 32768 ? *>i22.22.22.0/24 10.80.80.1 100 100 0 1 i R8#ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R8#ping 3.3.3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms |