You are required to configure the peering between the BGP autonomous systems as described. You should ensure that no synchronization is configured on IBGP routers R1, R2, R3, and R6, as per Lab 1; BGP is not synchronized with the underlying IGP. You should once again peer from your loopback interfaces where possible to maintain resiliency and because of the request to do so in the question; this is with the exception of R2 and R3. You will also need to configure peer groups on R4 and R8, which have multiple peers to the same remote autonomous system to minimize configuration. If you have configured this correctly as shown in Example 2-42 through Example 2-48, you have scored 3 points. NOTE The peer statements will change on R1 and R6 in the following questions, so do not deduct any marks if your peer statements do not echo those in Example 2-42 and 2-47 at this point in time. Example 2-42. R1 Initial BGP Configurationrouter bgp 61555 no synchronization neighbor 10.4.4.4 remote-as 60555 neighbor 10.4.4.4 ebgp-multihop 4 neighbor 10.4.4.4 update-source Loopback0 neighbor 10.6.6.6 remote-as 61555 neighbor 10.6.6.6 update-source Loopback0 neighbor 10.8.8.8 remote-as 63555 neighbor 10.8.8.8 ebgp-multihop 4 neighbor 10.8.8.8 update-source Loopback0 neighbor 10.90.90.1 remote-as 62555 neighbor 10.90.90.1 update-source Loopback0 Example 2-43. R2 Initial BGP Configurationrouter bgp 62555 no synchronization neighbor 10.1.1.1 remote-as 61555 neighbor 10.1.1.1 ebgp-multihop 2 neighbor 172.16.0.2 remote-as 62555 Example 2-44. R3 Initial BGP Configurationrouter bgp 62555 no synchronization neighbor 172.16.0.1 remote-as 62555 Example 2-45. R4 Initial BGP Configurationrouter bgp 60555 neighbor 61555 peer-group neighbor 61555 remote-as 61555 neighbor 61555 ebgp-multihop 4 neighbor 61555 update-source Loopback0 neighbor 10.1.1.1 peer-group 61555 neighbor 10.6.6.6 peer-group 61555 Example 2-46. R5 Initial BGP Configurationrouter bgp 64555 neighbor 10.6.6.6 remote-as 61555 neighbor 10.6.6.6 ebgp-multihop 4 neighbor 10.6.6.6 update-source Loopback0 Example 2-47. R6 Initial BGP Configurationrouter bgp 61555 no synchronization neighbor 10.1.1.1 remote-as 61555 neighbor 10.1.1.1 update-source Loopback0 neighbor 10.4.4.4 remote-as 60555 neighbor 10.4.4.4 ebgp-multihop 255 neighbor 10.4.4.4 update-source Loopback0 neighbor 10.5.5.5 remote-as 64555 neighbor 10.5.5.5 ebgp-multihop 4 neighbor 10.5.5.5 update-source Loopback0 neighbor 10.8.8.8 remote-as 63555 neighbor 10.8.8.8 ebgp-multihop 4 neighbor 10.8.8.8 update-source Loopback0 Example 2-48. R8 Initial BGP Configurationrouter bgp 63555 neighbor 61555 peer-group neighbor 61555 remote-as 61555 neighbor 61555 ebgp-multihop 4 neighbor 61555 update-source Loopback0 neighbor 10.1.1.1 peer-group 61555 neighbor 10.6.6.6 peer-group 61555
Configure the loopback interfaces as shown and advertise them via the network command under the BGP process; ensure you use the relevant mask per network. If you have config-ured this correctly as shown in Example 2-49 through Example 2-52 you have scored 1 point. Example 2-49. R2 Loopback and BGP Advertisement Configurationinterface Loopback0 ip address 2.2.2.2 255.255.255.248 ! router bgp 62555 network 2.2.2.0 mask 255.255.255.248 Example 2-50. R4 Loopback and BGP Advertisement Configurationinterface Loopback1 ip address 4.4.4.4 255.255.255.0 ! router bgp 60555 network 4.4.4.0 mask 255.255.255.0 Example 2-51. R5 Loopback and BGP Advertisement Configurationinterface Loopback2 ip address 5.5.5.5 255.255.255.224 ! router bgp 64555 network 5.5.5.0 mask 255.255.255.224 Example 2-52. R8 Loopback and BGP Advertisement Configurationinterface Loopback1 ip address 8.8.8.8 255.255.255.240 ! router bgp 63555 network 8.8.8.0 mask 255.255.255.240
Usually, you would configure AS Path prepending to alter the autonomous system path attribute, but you are not permitted to do so. You need to actually make the advertisement for network 5.5.5.0/27 appear as if it came from AS61555 and not from AS64555. As you cannot configure R5, you are left with only one method of achieving this; you should notice that AS64555 is actually the only autonomous system within your network that isa private autonomous system number (private autonomous system numbers range from 64512 to 65535). Private autonomous system numbers can be removed when advertised from one autonomous system to another about when the keyword remove-private-AS is configured on your peer statement. In this instance, R1 must be configured to remove the private autonomous system numbers; this ensures that when it advertises network 5.5.5.0/27 to AS62555, it appears to come directly from AS61555. Example 2-53 shows the BGP routing table on R2 pre-configuration and Example 2-54 shows the BGP routing table post-configuration. Example 2-53. R2 BGP Routing Table Pre-ConfigurationR2#sh ip bgp BGP table version is 63, local router ID is 172.16.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/29 0.0.0.0 0 32768 i *> 4.4.4.0/24 10.1.1.1 0 61555 60555 i *> 5.5.5.0/27 10.1.1.1 0 61555 64555 i *> 8.8.8.0/28 10.1.1.1 0 61555 63555 i Example 2-54. R2 BGP Routing Table Post-ConfigurationR2#sh ip bgp BGP table version is 69, local router ID is 172.16.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/29 0.0.0.0 0 32768 i *> 4.4.4.0/24 10.1.1.1 0 61555 60555 i *> 5.5.5.0/27 10.1.1.1 0 61555 i *> 8.8.8.0/28 10.1.1.1 0 61555 63555 i If you have configured this correctly as shown in Example 2-55, you have scored 5 points. Example 2-55. R1 BGP Private Autonomous System Configurationrouter bgp 61555 neighbor 10.90.90.1 remove-private-AS
You cannot use autonomous system path prepending, and AS63555 is unfortunately not a private autonomous system number; this could be achieved by changing the BGP process number on R8 and repointing R1 and R6 peer statements to AS60000 but this is not permitted. BGP has a feature called local autonomous system, which is very useful for when an ISP merges with another ISP; it enables the routers to maintain their original autonomous system number but peer to other routers using a pseudo autonomous system number. The question states that you must run BGP 63555 on R8, but it does not state that R1 and R6 cannot attempt to peer with AS60000; by using the local-as command on R8 you will be able to establish a BGP session from R1 and R6 pointing to AS60000 while in fact the process on R8 is 63555. The resulting BGP route tables for R1 and R6 as shown in Example 2-56 show that R8 advertised network 8.8.8.0/28 now looks like it originated from AS60000 and then passed through AS63555. If you read the paper through and understood this question before configuration, you could have saved time by creating your initial peer statements to reflect this question. Example 2-56. R1 and R6 BGP Routing Tables After local-as ConfigurationR1#sh ip bgp BGP table version is 5, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/29 10.90.90.1 0 0 62555 i * i4.4.4.0/24 10.4.4.4 0 100 0 60555 i *> 10.4.4.4 0 0 60555 i *>i5.5.5.0/27 10.5.5.5 0 100 0 64555 i * i8.8.8.0/28 10.8.8.8 0 100 0 60000 63555 i *> 10.8.8.8 0 0 60000 63555 i _________________________________________________________________ R6#sh ip bgp BGP table version is 7, local router ID is 10.200.200.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i2.2.2.0/29 10.90.90.1 0 100 0 62555 i * i4.4.4.0/24 10.4.4.4 0 100 0 60555 i *> 10.4.4.4 0 0 60555 i *> 5.5.5.0/27 10.5.5.5 0 0 64555 i * i8.8.8.0/28 10.8.8.8 0 100 0 60000 63555 i *> 10.8.8.8 0 0 60000 63555 i
Example 2-57. R1 local-as Configurationrouter bgp 61555 neighbor 10.8.8.8 remote-as 60000 Example 2-58. R6 local-as Configurationrouter bgp 61555 neighbor 10.8.8.8 remote-as 60000 Example 2-59. R8 local-as Configurationrouter bgp 63555 neighbor 61555 local-as 60000
As you can see in Example 2-60, R4 has two routes to network 5.5.5.0/27 via both R1 next-hop 10.1.1.1 and R6 next-hop 10.6.6.6, but R1 is preferred. The ping test to 5.5.5.5 from R4 as shown in the example fails as traffic will be bounced between R1 and R4; R4 will send the ICMP traffic toward R1; and R1 will return it to R4 because R1 has a next-hop of 10.5.5.5, which must pass through R4 for network 5.5.5.0/27. You are instructed to use a feature within BGP on R1 but are very restricted. You will find the only method of achieving this within the constraints is by using the command neighbor 10.4.4.4 next-hop-unchanged under the BGP process on R1. This command instructs R1 to send the next-hop to network 5.5.5.0/27 unchanged as it passes over the EBGP connection to R4 and as R1 itself sees the route from R6 over its IBGP connection with the next-hop of 10.5.5.5. If you have configured this correctly as shown in Example 2-61, you have scored 2 points. Example 2-60. R4 BGP Routes and Ping TestR4#sh ip bgp BGP table version is 5, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2.2.2.0/29 10.6.6.6 0 61555 62555 i *> 10.1.1.1 0 61555 62555 i *> 4.4.4.0/24 0.0.0.0 0 32768 i * 5.5.5.0/27 10.6.6.6 0 61555 64555 i *> 10.1.1.1 0 61555 64555 i * 8.8.8.0/28 10.6.6.6 0 61555 60000 63555 i *> 10.1.1.1 0 61555 60000 63555 i R4#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Example 2-61. R1 BGP Configuration and VerificationR1#conf t R1(config)#router bgp 61555 R1(config-router)#neighbor 10.4.4.4 next-hop-unchanged R4#sh ip bgp BGP table version is 5, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2.2.2.0/29 10.6.6.6 0 61555 62555 i *> 10.1.1.1 0 61555 62555 i *> 4.4.4.0/24 0.0.0.0 0 32768 i * 5.5.5.0/27 10.6.6.6 0 61555 64555 i *> 10.5.5.5 0 61555 64555 i * 8.8.8.0/28 10.6.6.6 0 61555 60000 63555 i *> 10.1.1.1 0 61555 60000 63555 i R4#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms R4#trace 5.5.5.5 Type escape sequence to abort. Tracing the route to 5.5.5.5 1 10.100.101.2 4 msec 0 msec 0 msec 2 10.99.99.2 8 msec 4 msec *
As you can see in Example 2-62, R4 has a next-hop of 10.1.1.1 to network 8.8.8.0/24. The example also shows that a ping test to this network fails for the same reasons described in the previous question with traffic bouncing between R1 and R4. This is, however, a very straightforward question where you are told exactly what to do in the text by setting up a MED metric attribute to the route 8.8.8.0/28 as it leaves R1 AS61555 to R4 AS60555. R4 will compare the routes for network 8.8.8.0/28 and find that the route received by R1 will now have the MED value set and that the route received by R6 will not, as a lower MED is preferred over a higher MED; R4 will select the route from R6 as this does not have a MED value explicitly set and as such is treated as 0. You should remember to clear your BGP connections each time you make a change like this. R4 will now have a next-hop to network 8.8.8.0/28 set as R6 10.6.6.6, and the ping test will now function correctly. If you have configured this correctly as shown in Example 2-63, you have scored 1 point. Example 2-62. R4 BGP Routes and Ping TestR4#sh ip bgp BGP table version is 5, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2.2.2.0/29 10.6.6.6 0 61555 62555 i *> 10.1.1.1 0 61555 62555 i *> 4.4.4.0/24 0.0.0.0 0 32768 i * 5.5.5.0/27 10.6.6.6 0 61555 64555 i *> 10.5.5.5 0 61555 64555 i * 8.8.8.0/28 10.6.6.6 0 61555 60000 63555 i *> 10.1.1.1 0 61555 60000 63555 i R4#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: ..... Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms Example 2-63. R1 BGP Configuration and Verificationrouter bgp 61555 neighbor 10.4.4.4 route-map metric out ! access-list 1 permit 8.8.8.0 0.0.0.15 ! route-map metric permit 10 match ip address 1 set metric 50 ! route-map metric permit 20 R4#sh ip bgp BGP table version is 5, local router ID is 10.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2.2.2.0/29 10.6.6.6 0 61555 62555 i *> 10.1.1.1 0 61555 62555 i *> 4.4.4.0/24 0.0.0.0 0 32768 i * 5.5.5.0/27 10.6.6.6 0 61555 64555 i *> 10.5.5.5 0 61555 64555 i *> 8.8.8.0/28 10.6.6.6 0 61555 60000 63555 i * 10.1.1.1 50 0 61555 60000 63555 i R4#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms |