Cleaning up BGP config

mitchel · ‎11-14-2002

I have just configured a DS3 on my 7206. This wil be replacing 3 T1's. I will have one T1 on copper as failover. I am trying to configure BGP so that all traffic will go over the DS3 but I would like to route 1 or 2 of our /24's over the T1. IF someone is willing to go over my config and give me a hand getting this set up I sure would appreciate it. Here is the config, Savvis DS3 and Internap T1 are the circuits that will remain.

Thanks,

Mitchel

router bgp 13853

no synchronization

bgp router-id 64.240.108.1

bgp cluster-id 3481985278

network 64.240.108.0 mask 255.255.255.0

network 64.240.109.0 mask 255.255.255.0

network 199.217.73.0

network 206.129.12.0

network 206.129.13.0

network 206.129.32.0

network 207.138.224.0

network 207.138.233.0

network 207.149.12.0

network 209.102.32.0

network 209.102.33.0

aggregate-address 64.240.108.0 255.255.255.0 summary-only

aggregate-address 64.240.109.0 255.255.255.0 summary-only

aggregate-address 199.217.73.0 255.255.255.0 summary-only

aggregate-address 206.129.12.0 255.255.255.0 summary-only

aggregate-address 206.129.13.0 255.255.255.0 summary-only

aggregate-address 206.129.32.0 255.255.255.0 summary-only

aggregate-address 207.138.224.0 255.255.255.0 summary-only

aggregate-address 207.138.233.0 255.255.255.0 summary-only

aggregate-address 207.149.12.0 255.255.255.0 summary-only

aggregate-address 209.102.32.0 255.255.255.0 summary-only

aggregate-address 209.102.33.0 255.255.255.0 summary-only

neighbor 63.251.175.177 remote-as 14744

neighbor 63.251.175.177 description Internap

neighbor 63.251.175.177 version 4

neighbor 63.251.175.177 route-map FROM-INTERNAP in

neighbor 63.251.175.177 route-map TO-INTERNAP out

neighbor 204.194.9.9 remote-as 6347

neighbor 204.194.9.9 description SAVVIS 2

neighbor 204.194.9.9 version 4

neighbor 204.194.9.9 route-map MAP2 out

neighbor 204.194.9.9 filter-list 4 in

neighbor 204.194.9.9 filter-list 1 out

neighbor 206.129.33.53 remote-as 6347

neighbor 206.129.33.53 description SAVVIS DS3

neighbor 206.129.33.53 version 4

neighbor 206.165.194.217 remote-as 3549

neighbor 206.165.194.217 description Globalex

neighbor 206.165.194.217 version 4

neighbor 206.165.194.217 route-map MAP1 out

neighbor 206.165.194.217 filter-list 3 in

neighbor 206.165.194.217 filter-list 1 out

neighbor 216.88.192.245 remote-as 6347

neighbor 216.88.192.245 description SAVVIS

neighbor 216.88.192.245 version 4

neighbor 216.88.192.245 route-map MAP2 out

neighbor 216.88.192.245 filter-list 4 in

neighbor 216.88.192.245 filter-list 1 out

!

ip classless

ip route 0.0.0.0 0.0.0.0 206.165.194.217

ip route 0.0.0.0 0.0.0.0 216.88.192.245

ip route 0.0.0.0 0.0.0.0 Serial2/0:0.1

ip route 0.0.0.0 0.0.0.0 Serial2/1:0

ip route 0.0.0.0 0.0.0.0 206.129.33.53 254

ip route 10.224.0.0 255.224.0.0 207.138.224.8

ip route 64.240.108.0 255.255.255.0 207.138.224.8

ip route 199.217.73.0 255.255.255.0 207.138.224.253

ip route 206.129.32.0 255.255.255.0 Null0 254

ip route 206.129.32.64 255.255.255.224 207.138.224.9

ip route 206.129.32.232 255.255.255.248 207.138.224.8

ip route 206.129.32.248 255.255.255.248 207.138.224.8

ip route 207.138.224.0 255.255.255.0 Null0 254

ip route 207.138.224.205 255.255.255.255 207.138.224.38

ip route 207.138.233.0 255.255.255.0 Null0 254

ip route 207.138.233.0 255.255.255.128 207.138.224.8

ip route 207.138.233.80 255.255.255.240 207.138.224.38

ip route 207.138.233.128 255.255.255.192 207.138.224.8

ip route 207.138.233.196 255.255.255.252 207.138.224.8

ip route 207.138.233.208 255.255.255.248 207.138.224.8

ip route 207.138.233.224 255.255.255.240 207.138.224.38

ip route 207.149.12.0 255.255.255.0 Null0 254

ip route 207.149.12.8 255.255.255.252 207.138.224.38

ip route 207.149.12.64 255.255.255.248 FastEthernet0/0

ip route 207.149.12.136 255.255.255.254 207.138.224.38

ip route 207.149.12.137 255.255.255.255 207.138.224.38

ip route 207.149.12.192 255.255.255.252 207.138.224.9

ip route 207.149.12.200 255.255.255.248 207.138.224.8

ip route 209.102.32.0 255.255.255.128 207.138.224.39

ip route 209.102.32.128 255.255.255.128 207.138.224.38

ip route 209.102.33.0 255.255.255.0 207.138.224.8

no ip http server

ip bgp-community new-format

ip community-list 10 permit 65010:400

ip community-list 19 permit 65010:70

ip as-path access-list 1 permit ^$

ip as-path access-list 1 deny .*

ip as-path access-list 2 deny ^6347 3549$

ip as-path access-list 2 deny ^6347_[0-9]*_3549_[0-9]*$

ip as-path access-list 2 permit ^6347_[0-9]*$

ip as-path access-list 2 permit ^6347_[0-9]*_[0-9]*$

ip as-path access-list 3 permit ^3549$

ip as-path access-list 4 permit ^6347$

ip as-path access-list 50 permit _209_

ip as-path access-list 51 permit ^14744_3561

ip as-path access-list 111 permit ^3549.*2554.*$ !PSI group A=2554 Globalex=3549

ip as-path access-list 111 permit ^3549.*6347.*$ !SAVVIS=6347

ip as-path access-list 112 permit ^6347.*$ !SAVVIS=6347

!

map-list ATM_MAP

ip 206.129.33.53 atm-vc 1 broadcast

logging 207.138.224.2

access-list 5 permit 207.138.224.12

access-list 5 permit 207.138.224.14

access-list 15 deny 165.29.2.0 0.0.0.255

access-list 15 permit any

access-list 20 deny 207.138.180.29

access-list 20 permit any

access-list 21 deny 195.38.17.81

access-list 21 permit any

access-list 100 permit ip host 64.240.108.0 host 255.255.255.0

access-list 100 permit ip host 64.240.109.0 host 255.255.255.0

access-list 100 permit ip host 199.217.73.0 host 255.255.255.0

access-list 100 permit ip host 206.129.32.0 host 255.255.255.0

access-list 100 permit ip host 207.138.224.0 host 255.255.255.0

access-list 100 permit ip host 207.138.233.0 host 255.255.255.0

access-list 100 permit ip host 207.149.12.0 host 255.255.255.0

access-list 100 permit ip host 209.102.33.0 host 255.255.255.0

access-list 110 permit ip host 209.102.32.0 host 255.255.255.0

access-list 150 permit ip 207.138.224.0 0.0.0.255 any

access-list 150 permit ip 64.240.108.0 0.0.0.255 any

access-list 150 permit ip 64.240.109.0 0.0.0.255 any

access-list 150 permit ip 199.217.73.0 0.0.0.255 any

access-list 150 permit ip 206.129.32.0 0.0.0.255 any

access-list 150 permit ip 207.138.233.0 0.0.0.255 any

access-list 150 permit ip 207.149.12.0 0.0.0.255 any

access-list 150 permit ip 209.102.32.0 0.0.0.255 any

access-list 150 permit ip 209.102.33.0 0.0.0.255 any

access-list 198 permit ip host 207.138.233.0 host 255.255.255.0

access-list 198 permit ip host 207.149.12.0 host 255.255.255.0

access-list 198 permit ip host 209.102.32.0 host 255.255.255.0

access-list 199 permit ip host 64.240.108.0 host 255.255.255.0

access-list 199 permit ip host 64.240.109.0 host 255.255.255.0

access-list 199 permit ip host 199.217.73.0 host 255.255.255.0

access-list 199 permit ip host 206.129.32.0 host 255.255.255.0

access-list 199 permit ip host 207.138.224.0 host 255.255.255.0

access-list 199 permit ip host 209.102.33.0 host 255.255.255.0

route-map SAVVIS permit 10

match as-path 112

set local-preference 100

!

route-map PREFERGLBL permit 10

match as-path 2

set local-preference 150

!

route-map PREFERGLBL permit 20

!

route-map FROM-INTERNAP permit 10

match community 10

set local-preference 400

set community none

!

route-map FROM-INTERNAP permit 20

match as-path 50

set local-preference 160

set community none

!

route-map FROM-INTERNAP permit 30

match as-path 51

set local-preference 160

set community none

!

route-map TO-INTERNAP permit 10

match ip address 100

set as-path prepend 13853 13853 13853 13853 13853 13853 13853 13853 13853 13853

!

route-map TO-INTERNAP permit 20

!

route-map Globalex permit 10

match as-path 111

set local-preference 80

!

route-map MAP1 permit 10

match ip address 199

set as-path prepend 13853 13853

!

route-map MAP1 permit 20

!

route-map MAP2 permit 10

match ip address 198

set as-path prepend 13853 13853

!

route-map MAP2 permit 20

!

route-map MAP3 permit 10

match ip address 110

set as-path prepend 13853 13853 13853

thisisshanky · ‎11-15-2002

You havent provided the interface ip addresses (or the interface configs) for the DS3 and T1 interface. Its hard to find out without that, where the BGP peering is going to. I assume both the links are going to different ISPs and different routers.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

mitchel · ‎11-15-2002

Here are the interface configs. The DS3 goes to Savvis, T1 to internap. the Gloabl T1 and Savvis T1's will be removed when DS3 is up and routing as required.

Thanks

interface Serial1/0:0

description FRONTIER GLOBAL

ip address 206.165.194.218 255.255.255.252

ip access-group 21 in

ip route-cache flow

ip mroute-cache

!

interface Serial1/1:0

description Savvis link

no ip address

encapsulation frame-relay

ip route-cache flow

ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial1/1:0.16 point-to-point

description Savvis link

ip address 216.88.192.246 255.255.255.252

ip access-group 21 in

ip mroute-cache

frame-relay interface-dlci 16 IETF

!

interface Serial2/0:0

no ip address

encapsulation frame-relay IETF

ip route-cache flow

no fair-queue

frame-relay lmi-type ansi

!

interface Serial2/0:0.1 point-to-point

description Savvis Link 2

ip address 204.194.9.10 255.255.255.252

ip mroute-cache

frame-relay interface-dlci 210

!

interface Serial2/1:0

description Internap

ip address 63.251.175.178 255.255.255.252

ip route-cache flow

no ip route-cache cef

ip mroute-cache

!

interface Serial3/0

no ip address

no ip route-cache cef

shutdown

framing c-bit

cablelength 10

dsu bandwidth 44210

!

interface ATM4/0

description ATM connection to SAVVIS

ip address 206.129.33.54 255.255.255.252

no ip route-cache cef

map-group ATM_MAP

atm scrambling cell-payload

atm framing cbitplcp

atm pvc 1 5 101 aal5snap 3000 3000 32

no atm ilmi-keepalive

teru-lei · ‎11-21-2002

Hi,

To doing that, I think you may try to just modify your to-internap route map, like your other route-maps, perpend as-paths to the neighbor that connecting your DS3 when match the route. So that the route you mention above will choose the T1 rather that the DS3 just for that route.

Hope this can help you.

Best Regards

Teru Lei

wkumari · ‎11-22-2002

What you are going to need is something like:

ip access-list standard UseINAP

permit 192.168.0.0 0.0.0.255 ! Fill the networks you want to use through INAP

route-map TO-INTERNAP permit 5

match ip address UseINAP ! So you don't prepend.

route-map MAP2 permit 5 ! You may want to rename this!

match ip address UseINAP

set as-path prepend etc. !This will prepend to Savvis.

It seems like you are on the right track (assuming ACL 198 is the networks you want to use through INAP), you just need to stop prepending them when you announce to INAP. You may want to consider using named ACL's and more descriptive route-map names. Will make your life easier.

-- Warren.