Re: BGP config help

rsamuel708 · ‎08-19-2008

I have two /24s that I am planning to announce: 216.54.xxx.0/24 and 165.17x.240.0/24. My plans are to advertise both subnets from both of my ebgp routers to both of my ISPs. The 216/24 is owned by provider 'A', and the 165/24 is a direct assignment IP block my company purchased long ago. We plan to readdress out of the ISP space at some point and want to already have the addressing in place to support.

My goals are to prevent transit traffic, deny Bogus networks (rfc1918 space etc), and to accept local + default from each of my providers.

Does the config below provide these basic requirements? Any suggestions from improving the config?

Any help or tips would be greatly appreciated.

Thanks in advance.

See config in txt file attachment.

/rls

rsamuel708 · ‎08-19-2008

internet router:

interface Loopback0

description internet : 165.17x.239.252/32

ip address 165.17x.239.253 255.255.255.255

no ip directed-broadcast

no keepalive

!

router bgp 462xx

no synchronization

bgp log-neighbor-changes

bgp dampening

network 216.54.x.0 mask 255.255.255.0

network 165.17x.240.0 mask 255.255.255.0

!

!define TWTelecom neighbor

!

neighbor 66.xxx.41.33 remote-as 4323

neighbor 66.xxx.41.33 description TWTelecom connection - AS4323

neighbor 66.xxx.41.33 password xxxxx

neighbor 66.xxx.41.33 version 4

neighbor 66.xxx.41.33 soft-reconfiguration inbound

neighbor 66.xxx.41.33 route-map DENY_BAD_ROUTES in

neighbor 66.xxx.41.33 route-map OH_ANNOUNCE out

neighbor 66.xxx.41.33 filter-list 1 out

neighbor 66.xxx.41.33 maximum-prefix 13000

!

!define iBGP session

!

neighbor 165.17x.240.x remote-as 462xx

neighbor 165.17x.240.x description iBGP to internet-1 router - AS462xx

neighbor 165.17x.240.x version 4

neighbor 165.17x.240.x soft-reconfiguration inbound

neighbor 165.17x.240.x update-source Loopback0

!

ip route 216.54.x.0 255.255.255.0 Null0

ip route 165.17x.240.0 255.255.255.0 Null0

!

ip prefix-list OH_ANNOUNCE description OH Netblocks to announce

ip prefix-list OH_ANNOUNCE seq 10 permit 216.54.x.0/24

ip prefix-list OH_ANNOUNCE seq 20 permit 165.17x.240.0/24

!

ip prefix-list DENY_BAD_ROUTES description Bad routes to block from providers

ip prefix-list DENY_BAD_ROUTES seq 10 deny 0.0.0.0/8 le 32

ip prefix-list DENY_BAD_ROUTES seq 20 deny 10.0.0.0/8 le 32

ip prefix-list DENY_BAD_ROUTES seq 30 deny 127.0.0.0/8 le 32

ip prefix-list DENY_BAD_ROUTES seq 40 deny 172.16.0.0/12 le 32

ip prefix-list DENY_BAD_ROUTES seq 50 deny 192.0.2.0/24 le 32

ip prefix-list DENY_BAD_ROUTES seq 60 deny 192.168.0.0/16 le 32

ip prefix-list DENY_BAD_ROUTES seq 70 deny 224.0.0.0/3 le 32

ip prefix-list DENY_BAD_ROUTES seq 1000 deny 216.54.146.0/24 le 32

ip prefix-list DENY_BAD_ROUTES seq 2000 deny 165.17x.240.0/24 le 32

ip prefix-list DENY_BAD_ROUTES seq 9999 permit 0.0.0.0 le 27

!

ip as-path access-list 1 permit ^$

!

route-map DENY_BAD_ROUTES permit 10

match ip address prefix-list DENY_BAD_ROUTES

!

route-map OH_ANNOUNCE out permit 10

match ip address prefix-list OH_ANNOUNCE

!

rsamuel708 · ‎08-19-2008

internet-1 router:

interface Loopback0

description internet-1 : 165.17x.239.252/32

ip address 165.17x.239.254 255.255.255.255

no ip directed-broadcast

no keepalive

!

router bgp 462xx

no synchronization

bgp log-neighbor-changes

bgp dampening

network 216.54.x.0 mask 255.255.255.0

network 165.17x.240.0 mask 255.255.255.0

!

!define AT&T neighbor

!

neighbor x.x.x.x remote-as 7018

neighbor x.x.x.x description AT&T connection - AS7018

neighbor x.x.x.x password xxxx

neighbor x.x.x.x version 4

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x update-source Loopback0

neighbor x.x.x.x route-map DENY_BAD_ROUTES in

neighbor x.x.x.x route-map OH_ANNOUNCE out

neighbor x.x.x.x filter-list 1 out

neighbor x.x.x.x maximum-prefix 25000

!

!define iBGP session

!

neighbor 165.17x.240.x remote-as 462xx

neighbor 165.17x.240.x description iBGP to internet router - AS462xx