Basic configuration of all routers:
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
interface Serial1/1
ip address 10.0.12.1 255.255.255.252
no shutdown
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.2.2.2 255.255.255.0
no shutdown
!
interface Serial1/1
ip address 10.0.12.2 255.255.255.252
no shutdown
!
interface Serial1/0
ip address 10.0.23.1 255.255.255.252
no shutdown
R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 10.3.3.3 255.255.255.0
no shutdown
!
interface Serial1/1
ip address 10.0.23.2 255.255.255.252
no shutdown
!
interface Serial1/2
ip address 10.0.34.1 255.255.255.252
no shutdown
R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 10.4.4.4 255.255.255.0
no shutdown
!
interface Serial1/1
ip address 10.0.34.2 255.255.255.252
no shutdown
OSPF should only be enabled for the Loopback and WAN subnets. Do NOT enable OSPF for the LAN subnets.
R1:
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.12.1 0.0.0.0 area 0
R2:
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 10.0.12.2 0.0.0.0 area 0
network 10.0.23.1 0.0.0.0 area 0
R3:
router ospf 1
network 3.3.3.3 0.0.0.0 area 0
network 10.0.34.1 0.0.0.0 area 0
network 10.0.23.2 0.0.0.0 area 0
R4:
router ospf 1
network 4.4.4.4 0.0.0.0 area 0
network 10.0.34.2 0.0.0.0 area 0
Let's verify the routing tables of all routers:
R1#show ip route ospf | beg Gate
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.0.12.2, 00:01:04, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.0.12.2, 00:00:50, Serial1/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/193] via 10.0.12.2, 00:00:40, Serial1/1
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O 10.0.23.0/30 [110/128] via 10.0.12.2, 00:01:04, Serial1/1
O 10.0.34.0/30 [110/192] via 10.0.12.2, 00:00:50, Serial1/1
R1#
R2(config-router)#do show ip route ospf | beg Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.0.12.1, 00:01:40, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.0.23.2, 00:01:26, Serial1/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/129] via 10.0.23.2, 00:01:16, Serial1/0
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
O 10.0.34.0/30 [110/128] via 10.0.23.2, 00:01:26, Serial1/0
R2(config-router)#
R3(config-router)#do show ip route ospf | beg Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/129] via 10.0.23.1, 00:01:53, Serial1/1
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.0.23.1, 00:01:53, Serial1/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 10.0.34.2, 00:01:43, Serial1/2
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
O 10.0.12.0/30 [110/128] via 10.0.23.1, 00:01:53, Serial1/1
R3(config-router)#
R4(config-router)#do show ip route ospf | beg Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/193] via 10.0.34.1, 00:02:06, Serial1/1
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/129] via 10.0.34.1, 00:02:06, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.0.34.1, 00:02:06, Serial1/1
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O 10.0.12.0/30 [110/192] via 10.0.34.1, 00:02:06, Serial1/1
O 10.0.23.0/30 [110/128] via 10.0.34.1, 00:02:06, Serial1/1
R4(config-router)#
Configure BGP confederations as illustrated in the network topology. Use Loopback interface IP addresses for BGP peering. To the outside world, all routers should appear to be in BGP AS 500.
In Cisco IOS software, the following sequence of steps is required to configure and implement BGP confederations:
- Configure the local BGP speaker with the desired private AS number using the router bgp [private AS number] global configuration command
- Configure the local BGP speaker with the public AS using the bgp confederation identifier [public AS number] router configuration command.
- Specify one or more sub-AS peers that this local BGP speaker will peer to using the bgp confederation peers [sub-AS] router configuration command. If the local BGP speaker will not peer to any other sub-AS, this command must be omitted.
- Configure the BGP neighbor relationships following the standard steps. However, if a local BGP speaker will be peered to another BGP speaker in a different sub-AS, you must use the neighbor [address] ebgp-multihop command if you will be using Loopback interfaces for the BGP session.
R1:
router bgp 100
bgp confederation identifier 500
bgp confederation peers 65000
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 ebgp-multihop 255
R2:
router bgp 65000
bgp confederation identifier 500
bgp confederation peers 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 3.3.3.3 remote-as 65000
neighbor 3.3.3.3 update-source loopback 0
neighbor 3.3.3.3 ebgp-multihop 255
R3:
router bgp 65000
bgp confederation identifier 500
bgp confederation peers 400
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 ebgp-multihop
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 update-source loopback 0
neighbor 4.4.4.4 ebgp-multihop 255
R4:
router bgp 400
bgp confederation identifier 500
bgp confederation peers 65000
neighbor 3.3.3.3 remote-as 65000
neighbor 3.3.3.3 update-source loopback 0
neighbor 3.3.3.3 ebgp-multihop 255
Verify your configuration using the show ip bgp summary command:
R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65000 2 2 1 0 0 00:00:35 0
R1#
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 2 3 1 0 0 00:00:55 0
3.3.3.3 4 65000 2 2 1 0 0 00:00:43 0
R2#
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65000 4 4 1 0 0 00:01:15 0
4.4.4.4 4 400 4 4 1 0 0 00:01:05 0
R3#
R4#show ip bgp summary
BGP router identifier 4.4.4.4, local AS number 400
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 65000 4 4 1 0 0 00:01:25 0
R4#
Advertise the 10.x.x.0/24 subnets on R1, R2, R3, and R4 via BGP. Ensure that all routers can ping each other’s' LAN subnet from their own LAN subnet. For example, from R1 ping the 10.4.4.4 address using an extended ping sourced from the routers FastEthernet0/0 interface.
R1:
router bgp 100
network 10.1.1.0 mask 255.255.255.0
R2:
router bgp 65000
network 10.2.2.0 mask 255.255.255.0
R3:
router bgp 65000
network 10.3.3.0 mask 255.255.255.0
R4:
router bgp 400
network 10.4.4.0 mask 255.255.255.0
Verify your configuration using the show ip bgp command on all routers:
R1#show ip bgp
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 2.2.2.2 0 100 0 (65000) i
*> 10.3.3.0/24 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 4.4.4.4 0 100 0 (65000 400) i
R1#
R2#show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
*> 10.2.2.0/24 0.0.0.0 0 32768 i
*>i 10.3.3.0/24 3.3.3.3 0 100 0 i
*>i 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R2#
R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
*>i 10.2.2.0/24 2.2.2.2 0 100 0 i
*> 10.3.3.0/24 0.0.0.0 0 32768 i
*> 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R3#
R4#show ip bgp
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 0 (65000 100) i
*> 10.2.2.0/24 2.2.2.2 0 100 0 (65000) i
*> 10.3.3.0/24 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 0.0.0.0 0 32768 i
R4#
Verify the LAN-to-LAN connectivity:
R1#ping 10.2.2.2 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/96/104 ms
R1#
R1#ping 10.3.3.3 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/103/116 ms
R1#
R1#ping 10.4.4.4 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/127/148 ms
R1#
R2#ping 10.1.1.1 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/115/148 ms
R2#
R2#ping 10.3.3.3 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/103/132 ms
R2#
R2#ping 10.4.4.4 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/123/132 ms
R2#
R3#ping 10.1.1.1 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/119/140 ms
R3#
R3#ping 10.2.2.2 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/120/200 ms
R3#
R3#ping 10.4.4.4 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/100/212 ms
R3#
R4#ping 10.1.1.1 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/146/160 ms
R4#
R4#ping 10.2.2.2 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/120/136 ms
R4#
R4#ping 10.4.4.4 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
R4#
In the future, a link will be provisioned between R1 and R4. However, you decided that R1 and R2 should ALWAYS prefer the path through sub-AS 65500 to reach each others' LAN subnets ONLY. Any other subnets that may be added to additional sub-ASes in the future should be affected by this configuration. For example, if another sub-AS is connected to R4, then R1 should prefer the path directly through R4 to reach this sub-AS since it will have a shorter AS_PATH list than going through sub-AS 65500. You are NOT allowed to use IP ACLs or prefix lists to complete this task.
To complete this task, you need to use either the WEIGHT or LOCAL_PREF attributes along with a regular expression (since using IP ACLs and prefix lists is forbidden). In Cisco IOS software, AS path filters are used to perform BGP filtering policy control based on the AS_PATH attribute. The AS path attribute pattern used in these filters is defined by a regular expression string that is configured using the ip as-path access-list [number] [permit | deny] <regexp> global configuration command. The configured filter list may then be applied directly on a per-neighbor basis using the neighbor [address] filter-list <as_path_acl_number> router configuration command or indirectly on a per-neighbor basis by referencing an route map which matches one or more AS path filters using the match as-path <as_path_acl_number> route map match clause.
From cisco: The following table shows some basic regular expression:
Regular Expression Matches
.* This regular expression is used to match all prefixes
^$ This regular expression matches only prefixes local to the AS
_500$ This regular expression matches only prefixes that originate in AS 500
^500_ [0-9]*$ This regular expression matches prefixes received from directly
connected AS 500 and any ASes directly attached to AS 500
_500_ This regular expression matches prefixes that have traversed AS 500
^500$ This regular expression matches prefixes only originated from directly
connected AS 500
We can verify which prefixes will match your AS_PATH ACL Filter using the show ip bgp regexp command as follows:
R1#show ip bgp regexp _\(65000 400\)$
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.4.4.0/24 4.4.4.4 0 100 0 (65000 400) i
R1#
R4#show ip bgp regexp _\(65000 100\)$
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 0 (65000 100) i
R4#
This task is completed as follows:
Configure as-path filters on R1 and R4 with regular expressions and the route-map to match the prefixes originated from sub-AS 100 and sub-AS 400 ,then set the WEIGHT attribute value in the route-map.
R1:
ip as-path access-list 1 permit _\(65000 400\)$
route-map WEIGHT permit 10
match as-path 1
set weight 1500
!
route-map WEIGHT permit 20
!
router bgp 100
neighbor 2.2.2.2 route-map WEIGHT in
R4:
ip as-path access-list 1 permit _\(65000 100\)$
route-map WEIGHT permit 10
match as-path 1
set weight 1500
!
route-map WEIGHT permit 20
!
router bgp 400
neighbor 3.3.3.3 route-map WEIGHT in
We can see that R1 sets the weight value to 1500 for the prefix 10.4.4.0/24:
R1#show ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 2.2.2.2 0 100 0 (65000) i
*> 10.3.3.0/24 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 4.4.4.4 0 100 1500 (65000 400) i
R1#
R4 sets the weight value to 1500 for the prefix 10.1.1.0/24:
R4#show ip bgp
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 1500 (65000 100) i
*> 10.2.2.0/24 2.2.2.2 0 100 0 (65000) i
*> 10.3.3.0/24 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 0.0.0.0 0 32768 i
R4#
Configure sub-AS 65500 to advertise a single prefix instead of the two 10.2.2.0/24 as well as the 10.3.3.0/24 prefixes connected to R2 and R3s LAN interfaces to R1 and R4.
Note: Use the neighbor <address> unsuppress-map <route-map-name> command on R2 and R3 to allow these prefixes to be advertised within sub AS 65500 so that R2 and R3 still have LAN-to-LAN connectivity.
This task is completed as follow:
Configure the sub-AS 65000 to summarize two prefixes 10.2.2.0/24 and 10.3.3./24 using the aggregate-address command. By default, this command will advertise both the aggregate (summary) and the more specific prefixes. To advertise only the summary, we need to add the summary-only keyword. This keyword instructs the router to advertise the aggregate or the summary route only and suppress the more specific routes that belong to the summary.
R2:
router bgp 65000
aggregate-address 10.2.0.0 255.254.0.0 summary-only
R3:
router bgp 65000
aggregate-address 10.2.0.0 255.254.0.0 summary-only
Let's verify the BGP tables of R2 and R3:
We can see that both R2 and R3 are advertising a summary or an aggregate route to 10.2.2.0/24 and 10.3.3.0/24 prefixes:
Note after adding the summary-only keyword, R2 and R3 suppress the prefixes 10.2.2.0/24 10.3.3.0/24 respectively as denoted by the letter "S" in the first column:
R2#show ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
* i 10.2.0.0/15 3.3.3.3 0 100 0 i
*> 0.0.0.0 32768 i
s> 10.2.2.0/24 0.0.0.0 0 32768 i
*>i 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R2#
R3#show ip bgp
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
*> 10.2.0.0/15 0.0.0.0 32768 i
* i 2.2.2.2 0 100 0 i
s> 10.3.3.0/24 0.0.0.0 0 32768 i
*> 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R3#
As a result R1 and R4 receive only the aggregate route 10.2.0.0/15 as shown by the BGP tables displayed below:
R1#show ip bgp
BGP table version is 12, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.0.0/15 2.2.2.2 0 100 0 (65000) i
*> 10.4.4.0/24 4.4.4.4 0 100 1500 (65000 400) i
R1#
R4#show ip bgp
BGP table version is 15, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 1500 (65000 100) i
*> 10.2.0.0/15 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 0.0.0.0 0 32768 i
R4#
In the BGP tables displayed above on R2 and R3 notice that R2 does not have a specific route to 10.3.3.0/24 and R3 does not have a route to 10.2.2.0/24.
In order to allow these prefixes to be advertised within sub AS 65000, we will use the neighbor "IP address" unsuppress-map "route-map" command to unsuppress (leak) these routes between the routers R2 and R3. this feature is similar to EIGRP route leaking.
R2:
ip prefix-list LAN-R2 seq 5 permit 10.2.2.0/24
route-map UNSUPRESS-R2 permit 10
match ip addres prefix-list LAN-R2
!
router bgp 65000
neighbor 3.3.3.3 unsuppress-map UNSUPRESS-R2
R3:
ip prefix-list LAN-R3 seq 5 permit 10.3.3.0/24
route-map UNSUPRESS-R3 permit 10
match ip addres prefix-list LAN-R3
!
router bgp 65000
neighbor 2.2.2.2 unsuppress-map UNSUPRESS-R3
Notice that the specific subnet 10.3.3.0/24 is installed in the BGP table of R2:
R2#show ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
* i 10.2.0.0/15 3.3.3.3 0 100 0 i
*> 0.0.0.0 32768 i
s> 10.2.2.0/24 0.0.0.0 0 32768 i
*>i 10.3.3.0/24 3.3.3.3 0 100 0 i
*>i 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R2#
The specific subnet 10.2.2.0/24 is installed in the BGP table of R3:
R3#show ip bgp
BGP table version is 9, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 10.1.1.0/24 1.1.1.1 0 100 0 (100) i
*> 10.2.0.0/15 0.0.0.0 32768 i
* i 2.2.2.2 0 100 0 i
s>i 10.2.2.0/24 2.2.2.2 0 100 0 i
s> 10.3.3.0/24 0.0.0.0 0 32768 i
*> 10.4.4.0/24 4.4.4.4 0 100 0 (400) i
R3#
Even though the specific subnets are advertised within sub-AS 65000 between R2 and R3, we can see that only a single prefix is received by R1 and R4 from R2 and R3 respectively:
R1#show ip bgp
BGP table version is 19, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.0.0/15 2.2.2.2 0 100 0 (65000) i
*> 10.4.4.0/24 4.4.4.4 0 100 1500 (65000 400) i
R1#
R4#show ip bgp
BGP table version is 21, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 1.1.1.1 0 100 1500 (65000 100) i
*> 10.2.0.0/15 3.3.3.3 0 100 0 (65000) i
*> 10.4.4.0/24 0.0.0.0 0 32768 i
R4#
Finally let's verify that R1 and R4 can still reach the 10.2.2.0/24 and 10.3.3.0/24 prefixes:
R1#ping 10.2.2.2 source fa0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/53/72 ms
R1#
R1#ping 10.3.3.3 source fa0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/89/108 ms
R1#
R4#ping 10.2.2.2 source fa0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/53/72 ms
R4#
R4#ping 10.3.3.3 source fa0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/52 ms
R4#
