Re: Please check my BGP configuration

DellBananaALK · ‎05-15-2024

This is a odd setup ISP supposed connect to same router ISP
No OSPF and static router

R1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.252
duplex auto
bfd interval 50 min_rx 50 multiplier 5
!
interface Ethernet0/1
ip address 172.16.1.1 255.255.255.252
duplex auto
!
interface Ethernet0/2
no ip address
shutdown
duplex auto
!
interface Ethernet0/3
ip address 172.16.10.1 255.255.255.248
standby 1 ip 172.16.10.3
standby 1 priority 105
standby 1 preempt
standby 1 track 1 decrement 20
duplex auto
!
router bgp 200
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source Loopback0
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 fall-over bfd
!
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
network 100.100.0.0 mask 255.255.0.0
network 172.16.10.0 mask 255.255.255.0
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 next-hop-self
neighbor 2.2.2.2 soft-reconfiguration inbound
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 soft-reconfiguration inbound
neighbor 192.168.1.1 route-map to-in-route-map in
neighbor 192.168.1.1 route-map to-out-route-map out
exit-address-family
!
no ip http server
no ip http secure-server
ip route 2.2.2.2 255.255.255.255 172.16.1.2
ip route 100.100.0.0 255.255.0.0 Null0
ip route 172.16.10.0 255.255.255.0 Null0
!
!
ip prefix-list to-out-prefix seq 10 permit 245.45.24.0/24
ip prefix-list to-out-prefix seq 20 permit 37.23.65.87/32
ip prefix-list to-out-prefix seq 30 permit 100.100.0.0/16
ipv6 ioam timestamp
!
route-map to-in-route-map permit 10
set local-preference 200
!
route-map to-out-route-map permit 10
match ip address prefix-list to-out-prefix
!
route-map to-out-route-map permit 20

***************************************************************************************************************
*************************************************************************************************************
R2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.1.66 255.255.255.252
duplex auto
!
interface Ethernet0/1
ip address 172.16.1.2 255.255.255.252
duplex auto
!
interface Ethernet0/2
no ip address
shutdown
duplex auto
!
interface Ethernet0/3
ip address 172.16.10.2 255.255.255.248
standby 1 ip 172.16.10.3
standby 1 preempt
duplex auto
!
router bgp 200
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 200
neighbor 192.168.1.65 remote-as 100
!
address-family ipv4
network 2.2.2.2 mask 255.255.255.255
network 100.100.0.0 mask 255.255.0.0
network 172.16.10.0 mask 255.255.255.0
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 192.168.1.65 activate
neighbor 192.168.1.65 soft-reconfiguration inbound
neighbor 192.168.1.65 route-map to-out-route-map out
exit-address-family
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 172.16.1.1
ip route 100.100.0.0 255.255.0.0 Null0
ip route 172.16.10.0 255.255.255.0 Null0
!
!
ip prefix-list to-out-prefix seq 10 permit 245.45.24.0/24
ip prefix-list to-out-prefix seq 20 permit 37.23.65.87/32
ip prefix-list to-out-prefix seq 30 permit 100.100.0.0/16
!
ip prefix-list to-out-prepend seq 5 permit 100.100.0.0/16
ip prefix-list to-out-prepend seq 10 permit 1.1.1.1/32
ip prefix-list to-out-prepend seq 15 permit 2.2.2.2/32
ip prefix-list to-out-prepend seq 20 permit 172.16.10.0/24
ipv6 ioam timestamp
!
route-map to-out-route-map permit 10
match ip address prefix-list to-out-prepend
set as-path prepend 200 200 200
!
route-map to-out-route-map permit 20
match ip address prefix-list to-out-prefix
!
route-map to-out-route-map permit 30

************************************************************************************************************
************************************************************************************************************
ISP
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 200
neighbor 192.168.1.2 fall-over bfd
neighbor 192.168.1.66 remote-as 200
neighbor 192.168.10.2 remote-as 100
!
address-family ipv4
network 3.3.3.3 mask 255.255.255.255
network 30.30.0.0 mask 255.255.0.0
neighbor 192.168.1.2 activate
neighbor 192.168.1.2 default-originate
neighbor 192.168.1.2 soft-reconfiguration inbound
neighbor 192.168.1.66 activate
neighbor 192.168.1.66 default-originate
neighbor 192.168.1.66 soft-reconfiguration inbound
neighbor 192.168.10.2 activate
neighbor 192.168.10.2 next-hop-self
neighbor 192.168.10.2 soft-reconfiguration inbound
exit-address-family
!

M02@rt37 · ‎05-15-2024

Hello @DellBananaALK

Configurations seem to be good.

Using the Null0 interface for route summarization is good... However, be cautious with using it for the whole subnet '172.16.10.0/24'. It might be better to use a more specific route to avoid accidentally blackholing legitimate traffic.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

DellBananaALK · ‎05-15-2024

I'm looking for best practices and any recommendation to or changes ?

MHM Cisco World · ‎05-15-2024

I see your topolgy but I dont know where is LO connect abd prefix.

Also how you use bgp multihop and fall over bfd? Yoh need bfd multihop

MHM

DellBananaALK · ‎05-15-2024

ISP is not far, it's very close by and I think less few miles or walking distance
It's safe to use
I added the second route-map and add permit and made it blank so it allow everything doesn't make any changes so much it's allowing everything

Question was route-map with access-list you don't need a second route-map to allow?
it's different from prefix-list