Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1954
Views
0
Helpful
9
Replies

Need to publish APNIC IP pool through BGP

Go to solution
suman.samanta
Level 1
Level 1

‎03-16-2022 03:39 AM

We have purchase APNIC IP pool and this IP pool configure in our DC servers, now we have to publish this IP pool through BGP, could someone please give idea to configure on cisco router end.  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to suman.samanta

‎03-17-2022 04:32 AM

Until you do anouncement to Public network using BGP with provider, how other provider like internet know where this IP address located ?

 

Did you get a chance to look the presentation what i have sent ?

 

if still not clear, you can contact local ISP who you peering can assits you better ( iam sure TATA/ JIO / Airtel people are very helpfull and take a look at your request) since you are customer for them.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2022 03:51 AM

Do you have your own AS Number ? then just anounce our network with network statement  under your BGP config :

 

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/configuring-a-basic-bgp-network.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
suman.samanta
Level 1
Level 1
In response to balaji.bandi

‎03-16-2022 03:55 AM

yes we have own AS number.

please see my configuration which I configure on router.

 

ISP-TERMINATION-ROUTER#sh run
Building configuration...


Current configuration : 5668 bytes
!
! Last configuration change at 07:58:51 UTC Fri Jan 28 2022
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ISP-TERMINATION-ROUTER
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3341986374
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3341986374
revocation-check none
rsakeypair TP-self-signed-3341986374
!
!
crypto pki certificate chain TP-self-signed-3341986374
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333431 39383633 3734301E 170D3231 31323133 31303432
32335A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33343139
38363337 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B401 261473EE 8B4EB82C 168D0EAA 5FCC1418 BFC4B3CD BA5931A1
AF4EB121 425B4AAA 3FFF2171 2A928E8E 7EE33E6D C6081053 42551FD7 9B987882
0BC113AC 4CDA4671 C106C8A7 9AD01AAE CA1573A0 A87CA02A 09520197 827C8CEB
C84388E2 DBA38F7E 5469B7F2 5DC5C053 2CFEF9B0 408883DF C0C0C43C 1405B5E2
739BF0CF FC6B1976 EA52C71E B25CDA80 7CDA4249 764BFBE4 FBC3540B E0ED8176
74901393 C9D9A092 49093F57 0AD7F17F C6818D2A DD0D91A1 505D87C1 47A60FCB
0697AF3B 2C21DCC0 E94756B9 0F053B6C 8C1ADF4D 46785CC7 AB5D7C87 CABBEFB1
F4933BCC 5B9EB925 CABBE541 38E32945 3A9AC690 716190FE B14AE1B5 F5C2B1CE
D352596C DB810203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1453D884 7CCE2659 A14AE8E2 582A90ED 085041D3
76301D06 03551D0E 04160414 53D8847C CE2659A1 4AE8E258 2A90ED08 5041D376
300D0609 2A864886 F70D0101 05050003 82010100 47244030 0F0883CE D5FD9CD4
C37E467C CFAA13FF 6FCCF74A 64CE1DC5 A59D5CA1 2F222DAD F438CF21 1B26F0ED
520B9D2E 27CA85CB DAE78652 DE732D86 775B4494 971D2C9F B0AA782C 7AEC2F3E
A3075932 7F247F5A 5CAD3A6F 2960F468 26437DCF 5C38E0EF 42E6771E 981EC929
3B8E84C8 20B61D42 9D523BD6 75478E1F 92EE73A1 CD8EBBF8 946726CE F56B28B2
B0099F76 BEBA9F5C 20F9D902 3BD4359B 860518BB A46E4B55 6C6AF25A FA3AC3CA
677CAC0B C49AE863 DF544B38 9276C3E6 5D962205 23F79B2D 699E6511 CD9F3815
21E3697E FB752334 88DA8B65 CBE14651 57796F43 3B48EB14 CE22DF14 1E577548
6B9A21D8 A01A9B14 06AD5BEE D1974E7C E8B389BB
quit
!
license udi pid ISR4331/K9 sn XXXXXXXXXXX
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
!
!
object-group network AZURE-NETWORK
x.x.x.x 255.255.255.0
!
object-group service AZURE-SERVICES
ip
icmp
!
!
!
username admin password 7 106F0D140C19325A5E577E7E727F6B15
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description JIO_ISP
ip address X.X.X.X 255.255.255.252
ip nat outside
ip access-group 105 in
negotiation auto
!
interface GigabitEthernet0/0/1
description SIFY-TERMINATION
ip address X.X.X.X 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
ip address 10.90.20.1 255.255.255.240
ip nat inside
negotiation auto
!
interface GigabitEthernet0/1/1
ip address 10.90.10.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
router bgp xxxxx
bgp log-neighbor-changes
network 10.90.10.0 mask 255.255.255.0
network 10.90.20.0 mask 255.255.255.240
network X.X.X.X mask 255.255.255.0
redistribute connected
neighbor 10.90.10.2 remote-as 64611
neighbor 10.90.10.2 remove-private-as
neighbor 10.90.20.2 remote-as 64611
neighbor 10.90.20.2 remove-private-as
neighbor X.X.X.X remote-as xxxx
neighbor X.X.X.X route-map AS-xxxx-ONLY in
neighbor X.X.X.X route-map LOCAL-NET out
neighbor X.X.X.X remote-as xxxxx
neighbor X.X.X.X soft-reconfiguration inbound
neighbor X.X.X.X route-map AS-xxxxx-ONLY in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip nat pool AZURE-IP-POOL X.X.X.X X.X.X.X prefix-length 24
ip nat inside source list 120 pool AZURE-IP-POOL
ip route 0.0.0.0 0.0.0.0 X.X.X.X
ip route X.X.X.X 255.255.255.0 Null0
!
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^55836$
ip as-path access-list 30 permit ^9583$
!
ip access-list extended 100
permit ip any any
ip access-list extended 101
permit ip any any
ip access-list extended 105
permit object-group AZURE-SERVICES any object-group AZURE-NETWORK
permit tcp any any eq bgp
ip access-list extended 120
permit ip X.X.X.X 0.0.0.63 any
permit ip host X.X.X.X any
permit ip host X.X.X.X any
!
!
route-map AS-xxxx-ONLY permit 10
match as-path 30
!
route-map AS-xxxxx-ONLY permit 10
match as-path 20
!
route-map LOCAL-NET permit 10
match as-path 10
!
!
!
control-plane
!
!
line con 0
password 7 1238011A1B052C557878707D65627A33
login
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 11281D081E1C2B5D56797F717E646D02
login local
transport input ssh
!
!
!
!
!
!
end

ISP-TERMINATION-ROUTER#

0 Helpful

Go to solution
suman.samanta
Level 1
Level 1
In response to balaji.bandi

‎03-16-2022 04:02 AM

Thanks for your reply.

We have own AS number. Please see my configuration and suggest is it ok or need to add anything.

 

ISP-TERMINATION-ROUTER#sh run
Building configuration...


Current configuration : 5668 bytes
!
! Last configuration change at 07:58:51 UTC Fri Jan 28 2022
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ISP-TERMINATION-ROUTER
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3341986374
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3341986374
revocation-check none
rsakeypair TP-self-signed-3341986374
!
!
crypto pki certificate chain TP-self-signed-3341986374
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333431 39383633 3734301E 170D3231 31323133 31303432
32335A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33343139
38363337 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B401 261473EE 8B4EB82C 168D0EAA 5FCC1418 BFC4B3CD BA5931A1
AF4EB121 425B4AAA 3FFF2171 2A928E8E 7EE33E6D C6081053 42551FD7 9B987882
0BC113AC 4CDA4671 C106C8A7 9AD01AAE CA1573A0 A87CA02A 09520197 827C8CEB
C84388E2 DBA38F7E 5469B7F2 5DC5C053 2CFEF9B0 408883DF C0C0C43C 1405B5E2
739BF0CF FC6B1976 EA52C71E B25CDA80 7CDA4249 764BFBE4 FBC3540B E0ED8176
74901393 C9D9A092 49093F57 0AD7F17F C6818D2A DD0D91A1 505D87C1 47A60FCB
0697AF3B 2C21DCC0 E94756B9 0F053B6C 8C1ADF4D 46785CC7 AB5D7C87 CABBEFB1
F4933BCC 5B9EB925 CABBE541 38E32945 3A9AC690 716190FE B14AE1B5 F5C2B1CE
D352596C DB810203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1453D884 7CCE2659 A14AE8E2 582A90ED 085041D3
76301D06 03551D0E 04160414 53D8847C CE2659A1 4AE8E258 2A90ED08 5041D376
300D0609 2A864886 F70D0101 05050003 82010100 47244030 0F0883CE D5FD9CD4
C37E467C CFAA13FF 6FCCF74A 64CE1DC5 A59D5CA1 2F222DAD F438CF21 1B26F0ED
520B9D2E 27CA85CB DAE78652 DE732D86 775B4494 971D2C9F B0AA782C 7AEC2F3E
A3075932 7F247F5A 5CAD3A6F 2960F468 26437DCF 5C38E0EF 42E6771E 981EC929
3B8E84C8 20B61D42 9D523BD6 75478E1F 92EE73A1 CD8EBBF8 946726CE F56B28B2
B0099F76 BEBA9F5C 20F9D902 3BD4359B 860518BB A46E4B55 6C6AF25A FA3AC3CA
677CAC0B C49AE863 DF544B38 9276C3E6 5D962205 23F79B2D 699E6511 CD9F3815
21E3697E FB752334 88DA8B65 CBE14651 57796F43 3B48EB14 CE22DF14 1E577548
6B9A21D8 A01A9B14 06AD5BEE D1974E7C E8B389BB
quit
!
license udi pid ISR4331/K9 sn XXXXXXXXXXX
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
!
!
object-group network AZURE-NETWORK
x.x.x.x 255.255.255.0
!
object-group service AZURE-SERVICES
ip
icmp
!
!
!
username admin password 7 106F0D140C19325A5E577E7E727F6B15
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description JIO_ISP
ip address X.X.X.X 255.255.255.252
ip nat outside
ip access-group 105 in
negotiation auto
!
interface GigabitEthernet0/0/1
description SIFY-TERMINATION
ip address X.X.X.X 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
ip address 10.90.20.1 255.255.255.240
ip nat inside
negotiation auto
!
interface GigabitEthernet0/1/1
ip address 10.90.10.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
router bgp xxxxxx
bgp log-neighbor-changes
network 10.90.10.0 mask 255.255.255.0
network 10.90.20.0 mask 255.255.255.240
network X.X.X.X mask 255.255.255.0
redistribute connected
neighbor 10.90.10.2 remote-as 64611
neighbor 10.90.10.2 remove-private-as
neighbor 10.90.20.2 remote-as 64611
neighbor 10.90.20.2 remove-private-as
neighbor X.X.X.X remote-as xxxx
neighbor X.X.X.X route-map AS-xxxx-ONLY in
neighbor X.X.X.X route-map LOCAL-NET out
neighbor X.X.X.X remote-as xxxxx
neighbor X.X.X.X soft-reconfiguration inbound
neighbor X.X.X.X route-map AS-xxxxx-ONLY in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip nat pool AZURE-IP-POOL X.X.X.X X.X.X.X prefix-length 24
ip nat inside source list 120 pool AZURE-IP-POOL
ip route 0.0.0.0 0.0.0.0 X.X.X.X
ip route X.X.X.X 255.255.255.0 Null0
!
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^55836$
ip as-path access-list 30 permit ^9583$
!
ip access-list extended 100
permit ip any any
ip access-list extended 101
permit ip any any
ip access-list extended 105
permit object-group AZURE-SERVICES any object-group AZURE-NETWORK
permit tcp any any eq bgp
ip access-list extended 120
permit ip X.X.X.X 0.0.0.63 any
permit ip host X.X.X.X any
permit ip host X.X.X.X any
!
!
route-map AS-xxxx-ONLY permit 10
match as-path 30
!
route-map AS-xxxxx-ONLY permit 10
match as-path 20
!
route-map LOCAL-NET permit 10
match as-path 10
!
!
!
control-plane
!
!
line con 0
password 7 1238011A1B052C557878707D65627A33
login
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 11281D081E1C2B5D56797F717E646D02
login local
transport input ssh
!
!
!
!
!
!
end

ISP-TERMINATION-ROUTER#

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-16-2022 04:08 AM

as per the config you have 2 providers - you looking to anounce to both the provider or only 1 provider ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
suman.samanta
Level 1
Level 1
In response to balaji.bandi

‎03-16-2022 04:12 AM - edited ‎03-16-2022 04:13 AM

Infuture it will be 2 ISP but now 1 isp is connected. If single home configuration working properly then we will connect 2 no ISP.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to suman.samanta

‎03-16-2022 04:36 AM - edited ‎03-16-2022 04:38 AM

you can use network statement to anounce new IP range right  ? what is the difficulties you see here.

 

there is a good presentation help you to learn and mitigate the issue :

 

https://archive.nanog.org/meetings/nanog23/presentations/smith.pdf

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
suman.samanta
Level 1
Level 1
In response to balaji.bandi

‎03-17-2022 01:36 AM

We have tried to ping the IP pool from internet but not ping. So how can we check the APNIC IP pool routing working or not through BGP?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to suman.samanta

‎03-17-2022 04:32 AM

Until you do anouncement to Public network using BGP with provider, how other provider like internet know where this IP address located ?

 

Did you get a chance to look the presentation what i have sent ?

 

if still not clear, you can contact local ISP who you peering can assits you better ( iam sure TATA/ JIO / Airtel people are very helpfull and take a look at your request) since you are customer for them.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to suman.samanta

‎03-17-2022 08:09 AM

The original poster asks how to be sure that their advertisement of the address pool is working. A number of organizations provide Internet Looking Glasses, which are sites that allow you to access them and to see what is being advertised to the Internet. So access one (or more) of the Looking Glasses and check for your pool addresses. This link identifies many available Looking Glass sites:

http://www.bgplookingglass.com

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card