04-25-2013 09:23 AM - edited 03-04-2019 07:43 PM
I am looking for some assistance with the following setup for BGP with the following conditions:
Client has two 2900 routers, each connecting to a seperate ISP
Client has a Sonic Firewall with a link to each router
Client owns their own /24 block of public IPs and has their own AS Number.
Client has a public /24 and /25 from the corresponding ISPs
Client has supplied the following routing rules they would like to use:
-Anything from their own public subnet should advertize via the two ISP's with best path selection
-Anything from the respective ISP public subnets should use only their link (The ISP's are not auth'd to advertize the other's network)
The two routers are directly connected to eachother and each has a link going to the Sonicwall.
Here is the current setup of R1 and the relevant info (I've changed the subnets and AS numbers for security reason)
interface GigabitEthernet0/0
description R1 Interior
ip address 172.16.200.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
description Link to ISP1
ip address 66.66.66.2 255.255.255.252
duplex full
speed 100
service-policy input Police-15Mb
service-policy output Shape-15Mb
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
description Link to Sonic
ip address 66.77.77.1 255.255.255.0
!
router bgp 5000 (Clien't ASN)
bgp log-neighbor-changes
network 198.100.100.0 mask 255.255.255.0
network 66.77.77.0 mask 255.255.255.0
neighbor 66.66.66.1 remote-as 4000
neighbor 66.66.66.1 prefix-list asgs out
neighbor 66.66.66.1 route-map AS-4000-INCOMING in
neighbor 66.66.66.1 route-map AS-4000-OUTGOING out
neighbor 66.77.77.2 remote-as 5000
neighbor 172.16.200.2 remote-as 5000
neighbor 172.16.200.2 next-hop-self
!
ip forward-protocol nd
!
ip as-path access-list 1 permit ^6325$
ip as-path access-list 2 permit ^95250$
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 198.100.100.0 255.255.255.0 66.77.77.2 permanent
!
!
ip prefix-list asgs seq 10 permit 198.180.255.0/24
access-list 10 permit 198.100.100.0 0.0.0.255
!
route-map AS-4000-OUTGOING permit 10
match ip address 10
!
route-map AS-4000-INCOMING permit 10
match as-path 1
And here is the configuration for R2
interface GigabitEthernet0/0
description R2 Interior
ip address 172.16.200.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
description ISP2
ip address 55.55.55.2 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
ip address 55.77.77.1 255.255.255.128
!
router bgp 5000
bgp log-neighbor-changes
network 198.100.100.0 mask 255.255.255.0
network 55.77.77.0 mask 255.255.255.128
neighbor 55.55.55.1 remote-as 3000
neighbor 55.55.55.1 prefix-list asgs out
neighbor 55.55.55.1 route-map AS-3000-INCOMING in
neighbor 55.55.55.1 route-map AS-3000-OUTGOING out
neighbor 172.16.200.1 remote-as 5000
neighbor 172.16.200.1 next-hop-self
!
ip forward-protocol nd
!
ip as-path access-list 1 permit ^3000$
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 198.100.100.0 255.255.255.0 55.77.77.2
!
!
ip prefix-list asgs seq 10 permit 198.180.255.0/24
access-list 10 permit 198.100.100.0 0.0.0.255
access-list 20 permit 198.100.100.0 0.0.0.255
!
route-map AS-3000-INCOMING permit 10
match as-path 1
set local-preference 150
!
route-map AS-3000-OUTGOING permit 10
match ip address 10
set as-path prepend 5000
!
route-map AS-3000-OUTGOING permit 20
match ip address 20
04-25-2013 12:53 PM
Hello Erik,
You did not mentioned what is the problem. You modify some commands in your configuration. Also it would be better if you can some sketch with IP addresses and AS numbers (they can be made up) to be able help you with config. It is little bit hard to guess what each IP in your example means.
ROUTER 1
router bgp 5000
no neighbor 66.66.66.1 prefix-list asgs out
neiighbor 66.66.66.1 route-map AS-4000-INCOMING in
neighbor 66.66.66.1 route-map AS-4000-OUTGOING out
neighbor 66.66.66.1 filter-list 7 out
route-map AS-4000-OUTGOING permit 10
match ip address prefix OWN ISP1
route-map AS-4000-INCOMING permit 10
match as-path 1
set local-preference 150
ip prefix-list OWN seq 10 permit 150.0.0.0/24
ip prefix-list ISP1 seq 20 permit 200.0.0.0/24
ip as-path access-list 7 permit ^$
ROUTER 2
router bgp 5000
no neighbor 55.55.55.1 prefix-list asgs out
neighbor 55.55.55.1 route-map AS-3000-INCOMING in
neighbor 55.55.55.1 route-map AS-3000-OUTGOING out
neighbor 55.55.55.1 filter-list 7 out
route-map AS-3000-INCOMING permit 10
match as-path 1
set local-preference 150
route-map AS-3000-OUTGOING permit 10
match ip address prefix OWN
set as-path prepend 5000
route-map AS-3000-OUTGOING permit 20
match ip address prefix ISP2
ip prefix-list OWN seq 10 permit 150.0.0.0/24
ip prefix-list ISP2 seq 20 permit 205.0.0.0/24
ip as-path access-list 7 permit ^$
Best Regards
Please rate all helpful posts and close solved questions
04-25-2013 02:22 PM
This is the network drawing I put together, not my strong point, hope this helps clarify.
04-26-2013 12:39 AM
Hello EriK,
This should work for you:
ROUTER 1
interface Loopback0
description BGP_peering
ip address 172.16.1.1 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
description ISP1
ip address 66.66.66.2 255.255.255.252
!
interface FastEthernet0/1
description R2
ip address 172.16.200.1 255.255.255.252
ip ospf 1 area 0
!
interface FastEthernet1/0
description Sonic
ip address 66.77.77.1 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
default-information originate
!
router bgp 5000
network 66.77.77.0 mask 255.255.255.0
neighbor 66.66.66.1 remote-as 4000
neighbor 66.66.66.1 prefix-list ISP1_OUT out
neighbor 66.66.66.1 route-map BGP_INCOMING in
neighbor 66.66.66.1 route-map BGP_OUTGOING out
neighbor 66.66.66.1 filter-list 1 in
neighbor 66.66.66.1 filter-list 2 out
neighbor 172.16.2.2 remote-as 5000
neighbor 172.16.2.2 update-source Loopback0
neighbor 172.16.2.2 next-hop-self
neighbor 172.16.3.3 remote-as 5000
neighbor 172.16.3.3 update-source Loopback0
neighbor 172.16.3.3 next-hop-self
!
ip as-path access-list 1 permit ^4000$
ip as-path access-list 2 permit ^$
!
ip prefix-list ISP1_OUT seq 5 permit 198.100.100.0/24
ip prefix-list ISP1_OUT seq 10 permit 66.77.77.0/24
!
route-map BGP_INCOMING permit 10
set local-preference 5000
!
route-map BGP_OUTGOING permit 10
match ip address prefix-list ISP1_OUT
ROUTER 2
interface Loopback0
description BGP_peering
ip address 172.16.2.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
description ISP2
ip address 55.55.55.2 255.255.255.252
!
interface FastEthernet0/1
description R1
ip address 172.16.200.2 255.255.255.252
ip ospf 1 area 0
!
interface FastEthernet1/0
description Sonic
ip address 55.77.77.1 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
default-information originate
!
router bgp 5000
network 55.77.77.0 mask 255.255.255.0
neighbor 55.55.55.1 remote-as 3000
neighbor 55.55.55.1 prefix-list ISP2_OUT out
neighbor 55.55.55.1 route-map BGP_INCOMING in
neighbor 55.55.55.1 route-map BGP_OUTGOING out
neighbor 55.55.55.1 filter-list 1 in
neighbor 55.55.55.1 filter-list 2 out
neighbor 172.16.1.1 remote-as 5000
neighbor 172.16.1.1 update-source Loopback0
neighbor 172.16.1.1 next-hop-self
neighbor 172.16.3.3 remote-as 5000
neighbor 172.16.3.3 update-source Loopback0
neighbor 172.16.3.3 next-hop-self
!
ip as-path access-list 1 permit ^3000$
ip as-path access-list 2 permit ^$
!
ip prefix-list DEF_ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list ISP2_OUT seq 5 permit 198.100.100.0/24
ip prefix-list ISP2_OUT seq 10 permit 55.77.77.0/24
!
ip prefix-list OUR_NET seq 5 permit 198.100.100.0/24
!
route-map BGP_OUTGOING permit 10
match ip address prefix-list OUR_NET
set as-path prepend 5000 5000 5000
!
route-map BGP_OUTGOING permit 20
match ip address prefix-list ISP2_OUT
!
route-map BGP_INCOMING permit 10
match ip address prefix-list DEF_ROUTE
!
route-map BGP_INCOMING permit 20
set local-preference 5000
SONIC
interface Loopback0
description BGP_peering
ip address 172.16.3.3 255.255.255.255
ip ospf 1 area 0
!
interface Loopback10
description OUR_NET
ip address 198.100.100.1 255.255.255.0
!
interface FastEthernet0/0
description R1
ip address 66.77.77.2 255.255.255.0
ip ospf 1 area 0
!
interface FastEthernet0/1
description R2
ip address 55.77.77.2 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
!
router bgp 5000
network 198.100.100.0
neighbor 172.16.1.1 remote-as 5000
neighbor 172.16.1.1 update-source Loopback0
neighbor 172.16.2.2 remote-as 5000
neighbor 172.16.2.2 update-source Loopback0
Best Regards
Please rate all helpful posts and close solved questions
04-26-2013 06:46 AM
Blau,
I appreicate the response! I am going to test the configs out, that looks very well put together! Thank you for including the Sonic configurations as well. I've never worked with them so that is a big help.
04-26-2013 10:09 AM
Hello Erik,
Included configuration of Sonic FW is just template as if it would be cisco device. Sorry for confusion.
Here is configuration guide for BGP on SonicOS, it looks very similar to cisco:
http://www.sonicwall.com/downloads/SonicOS_5.6.5.1_BGP_Advanced_Routing.pdf
Best Regards
Please rate all helpful posts and close solved questions
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide