cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1524
Views
0
Helpful
8
Replies

Bgp configuration problem

jvicovac88
Level 1
Level 1

Hello,

I am new to bgp and have trouble configuring it in my project. My network has four different regions (1 through 4) and it connects to four different ISPs (AS 100, 200, 300 and 400). Regions 1, 2 and 4 have five routers each while Region 3 has six. Every router has a LAN connected to it. LANs in regions 1 and 3 hold servers that give basic service to the whole network whilst other LANs hold servers that give service to local working stations. AS number for my network is 10 and I can use /23 address block from PI addresses. The rest of users have private ip addresses (RFC 1918). I should recieve full bgp tables from AS 100, 200 and 300. As for AS 400, I should recieve only routes from that AS. My network should be a transit network only for AS 400. All ISPs should be equaly used to access the internet. From region 1, two different routers connect to AS 100 and 200, respectively. One router from region 2 is connected to AS 300 and one from region 4 to AS 400.

Now, Ive read manuals and saw the basic examples and still have some trouble... I've defined all interface and LAN addresses, configured OSPF - divided the network into 3 areas (area 0 - region1, area 1 - regions 3 and 4, area 2 - region 2) and got to bgp configuration.

What would be the best way to configure it? Should I use a default route and how? Or, redistribute partial routing tables into ospf (and how)?

Those basic examples mostly have 3, 4 routers and I have 21 here... Don't really know where to start.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Hello Jovan,

As you surely understand, I would be doing harm to you if I told you how to solve this assignment completely. I will therefore outline the basic thought process that I would personally go through but you will have to fill in the gaps yourself. You are however invited and welcome to ask and discuss about anything you feel necessary.

My first comment is related to your IGP design. This network is not really suited for multi-area OSPF, at least if you want to keep a correspondence between the regions and OSPF areas. First, the boundaries between the regions are on the links while OSPF requires the area boundaries to be placed on routers. Second, even with your split of Region1=Area0, Regions3+4=Area1, Region2=Area2, note that you have a link connecting Area1 and Area2. This interconnection would never be used by OSPF, as the inter-area communication is forced to go through Area0 and never via any other inter-area attachments. IS-IS or EIGRP with judicious summarization would be probably better suited for this topology. Alternatively, you could make Area0 consist of routers A, B, C, D, E, 6, 7, 8, F, H, 4, 1 and their direct interconnections, and create other areas hanging off these routers. Yet another option is to have each region run a separate instance of a routing protocol, and interconnect these regions via BGP in a confederation - but that is, I believe, too complex at this point.

In any case, you must have your backbone delineated very clearly because all routers in this backbone will then be required to run BGP (I assume you are not going to run MPLS at this point). There will be no redistribution of BGP into OSPF. Rather, all routers forming the backbone need to be BGP speakers and either must be fully meshed into iBGP peerings or use BGP route reflectors. Using the confederations is yet another way of solving the BGP deployment in this network.

All routers in the backbone will perform OSPF-to-BGP redistribution. The opposite redistribution, BGP-to-OSPF, will not take place. In real networks, doing this with full BGP tables would put any IGP to its knees. However, backbone routers should advertise default routes to their appropriate non-backbone areas. If multi-area OSPF is used, this will be performed automatically.

My network should be a transit network only for AS 400.

If I understand you correctly, you are saying that AS 400 should be allowed to communicate with other ASes through our AS. That can be accomplished by filtering the updates sent from your AS to other ASes - your AS should advertise only its own internal routes and routes whose AS_PATH attribute contains a single element - the ASN 400. Towards AS 400, you should advertise everything without filtering. This can be easily accomplished either by filtering based on AS_PATH contents or by using standard communities. The AS_PATH approach is probably more intuitive here.

All ISPs should be equaly used to access the internet.

I suggest making routers A, B, 1 and 8 (the ASBRs) inject a default route into the backbone.

I understand that this is a rough description with no detail as to how accomplish the individual steps but you are welcome to ask further about anything you find interesting or unclear! It's important, however, that you work out this assignment yourself - otherwise, you won't grow.

Good luck, and looking forward to your questions!

Best regards,

Peter

View solution in original post

8 Replies 8

Peter Paluch
Cisco Employee
Cisco Employee

Hi Jovan,

This sounds like a nice project - is this an exercise of some sort?

I believe you have a diagram of the topology depicting the regions, ISPs, addresses etc. Can you post it here? Your network is quite large and ther is a lot of requirements so seeing the topology is a must.

Thank you!

Best regards,

Peter

Hi Peter,

Thanks for the reply. Here's the topology. It is an exercise I have to do for school. PI address block given to me is 17.19.32.0/23. But, since regions 1 and 3 alone can hold over 4000 users, I also have to use address block defined in RFC 1918, I chose 192.168.0.0/16. My work without bgp is about 50 pages in word so if You need some more information to help me, I'll dig it out.

Thanks again,

Jovan

Hello Jovan,

As you surely understand, I would be doing harm to you if I told you how to solve this assignment completely. I will therefore outline the basic thought process that I would personally go through but you will have to fill in the gaps yourself. You are however invited and welcome to ask and discuss about anything you feel necessary.

My first comment is related to your IGP design. This network is not really suited for multi-area OSPF, at least if you want to keep a correspondence between the regions and OSPF areas. First, the boundaries between the regions are on the links while OSPF requires the area boundaries to be placed on routers. Second, even with your split of Region1=Area0, Regions3+4=Area1, Region2=Area2, note that you have a link connecting Area1 and Area2. This interconnection would never be used by OSPF, as the inter-area communication is forced to go through Area0 and never via any other inter-area attachments. IS-IS or EIGRP with judicious summarization would be probably better suited for this topology. Alternatively, you could make Area0 consist of routers A, B, C, D, E, 6, 7, 8, F, H, 4, 1 and their direct interconnections, and create other areas hanging off these routers. Yet another option is to have each region run a separate instance of a routing protocol, and interconnect these regions via BGP in a confederation - but that is, I believe, too complex at this point.

In any case, you must have your backbone delineated very clearly because all routers in this backbone will then be required to run BGP (I assume you are not going to run MPLS at this point). There will be no redistribution of BGP into OSPF. Rather, all routers forming the backbone need to be BGP speakers and either must be fully meshed into iBGP peerings or use BGP route reflectors. Using the confederations is yet another way of solving the BGP deployment in this network.

All routers in the backbone will perform OSPF-to-BGP redistribution. The opposite redistribution, BGP-to-OSPF, will not take place. In real networks, doing this with full BGP tables would put any IGP to its knees. However, backbone routers should advertise default routes to their appropriate non-backbone areas. If multi-area OSPF is used, this will be performed automatically.

My network should be a transit network only for AS 400.

If I understand you correctly, you are saying that AS 400 should be allowed to communicate with other ASes through our AS. That can be accomplished by filtering the updates sent from your AS to other ASes - your AS should advertise only its own internal routes and routes whose AS_PATH attribute contains a single element - the ASN 400. Towards AS 400, you should advertise everything without filtering. This can be easily accomplished either by filtering based on AS_PATH contents or by using standard communities. The AS_PATH approach is probably more intuitive here.

All ISPs should be equaly used to access the internet.

I suggest making routers A, B, 1 and 8 (the ASBRs) inject a default route into the backbone.

I understand that this is a rough description with no detail as to how accomplish the individual steps but you are welcome to ask further about anything you find interesting or unclear! It's important, however, that you work out this assignment yourself - otherwise, you won't grow.

Good luck, and looking forward to your questions!

Best regards,

Peter

Hello Peter,

THANK YOU!

This is all I was looking for. It's the first project I had related to routing and it was really bugging me.

Just a couple of things:

First, related to IGP. The course I'm taking is a basic course and we haven't done IS-IS. Additionaly, EIGRP requires all routers in this network to be cisco routers, which doesn't have to be the case, so still I cannot use it (professors words). I can see that your suggestion about the area0 is much better. And yes, I know what an ABR is, and for my solution those were R1, RF and RD.

The solution I was working on was done by setting Router ID to be the loopback address on each ASBR router and I was thinking of configuring a "next hop self" command on them? Would that be wrong (instead of injecting a default route into the backbone)? Or do I have to do both, maybe?

Thank You again, this really means alot!

I've been reading about routing on cisco.com for the last few days but what You wrote here helped me much more!

Sorry for taking your time.

Best regards,

Jovan.

Hello Jovan,

You are very much welcome! I am glad to have helped.

First, related to IGP. The course I'm taking is a basic course and we haven't done IS-IS.

Hmmm, regarding the non-trivial deployment of BGP and IGP here, the course is far beyond "basic". What topic does this project belong to? As I am an university teacher myself, I'd like to know more about the positioning of this project.

The solution I was working on was done by setting Router ID to be the  loopback address on each ASBR router and I was thinking of configuring a  "next hop self" command on them? Would that be wrong (instead of  injecting a default route into the backbone)? Or do I have to do both,  maybe?

The next-hop-self and default route are two unrelated things. The next-hop-self is related only to the next hop of routes that have been received via eBGP by an ASBR and further advertised to internal BGP neighbors via iBGP. Without next-hop-self, the next hop would be set to the IP address of the boundary router in the next AS towards the destination. This often creates issues with the reachability of this next hop if the inter-AS links are not advertised in the internal IGP in both ASes. The next-hop-self causes the ASBR to substitute the next hop with its own address when advertising such eBGP-learned routes to other iBGP neighbors. As these iBGP neighbors are already peering with the ASBR using its address, they have no reachability issues at all here.

As a matter of fact, the next-hop-self is the intuitive setting and I personally recommend using it unless you precisely know why it would not be appropriate for you.

The default route should not be carried by BGP (remember that BGP usually carries the information about routes on the internet backbone if there is anything like it - and if there is no route in full BGP then this route does not exist at all) but rather by OSPF. With OSPF, there is no concept of next-hop-self anyway.

You will need to use both. BGP speakers within the same AS should use next-hop-self, and routers A, B, 1, and 8 should inject a default route into OSPF, Area0.

Sorry for taking your time.

Not at all. I am here because I want to. You are welcome.

Best regards,

Peter

Hello Peter,

Hmmm, regarding the non-trivial deployment of BGP and IGP here, the course is far beyond "basic". What topic does this project belong to? As I am an university teacher myself, I'd like to know more about the positioning of this project.

I'm a student of Belgrade University, Serbia and am studying radio communications on the Faculty of Electrical Engineeing. This course is called Internet Architecture and you can attend it during masters studies or, in my case, during the fourth (final) year of bachelor studies. Here is a basic overview of the course: web search, OSI+TCP, LAN+VLAN, IPv4, IPv6, DNS and DHCP, analysis of realtime traffic, surfing, routing (basics, protocols), RIP, IGRP, RIPv2, OSPF, EIGRP, BGP4. There is also some work to do in a lab where a few of us configure basic RIP, OSPF and EIGRP and its 10% of your grade. There is a test that carries 20 % of the grade and covers the complete theory of this course and this project which carries 70% of your grade. The course is lead by dr Aleksandar Neskovic and mr Nenad Krajnovic. That pretty much covers it.

You will need to use both. BGP speakers within the same AS should use next-hop-self, and routers A, B, 1, and 8 should inject a default route into OSPF, Area0.

OK, got it.

If it's ok, when I finish I'd like to write here the configuration of one of the routers (for example) so You can tell me if I did something wrong. I should be able to have consultations about this project but mr Krajnovic is on a vacation, so ironically, internet is my only friend.

Best regards,

Jovan.

Hello Peter,

Well, I've followed Your instructions and got some work done. Here is the configuration for router RA (R8 and RB are similar):

Router> enable

Router# configure terminal

Router(config)# hostname RA

RA(config)# interface Ethernet0

RA(config-if)# no ip address

RA(config-if)# speed 100

RA(config-if)# full-duplex

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# interface Ethernet0.001

RA(config-if)# description UsersA

RA(config-if)# encapsulation dot1Q 001

RA(config-if)# ip address 192.168.10.1 255.255.254.0

RA(config-if)# no snmp trap link-status

RA(config-if)# exit

RA(config)# interface Ethernet0.002

RA(config-if)# description ServersA

RA(config-if)# encapsulation dot1Q 002

RA(config-if)# ip address 17.19.32.1 255.255.255.192

RA(config-if)# no snmp trap link-status

RA(config-if)# exit

RA(config)# interface Serial0

RA(config-if)# bandwidth 1000000

RA(config-if)# ip address 3.3.3.2 255.255.255.252

RA(config-if)# ip ospf hello-interval 1

RA(config-if)# ip ospf dead-interval 4

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# interface Serial1

RA(config-if)# bandwidth 1000000

RA(config-if)# ip address 192.168.32.65 255.255.255.252

RA(config-if)# ip ospf hello-interval 1

RA(config-if)# ip ospf dead-interval 4

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# interface Serial2

RA(config-if)# bandwidth 1000000

RA(config-if)# ip address 192.168.32.69 255.255.255.252

RA(config-if)# ip ospf hello-interval 1

RA(config-if)# ip ospf dead-interval 4

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# interface Serial3

RA(config-if)# bandwidth 1000000

RA(config-if)# ip address 192.168.32.73 255.255.255.252

RA(config-if)# ip ospf hello-interval 1

RA(config-if)# ip ospf dead-interval 4

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# interface Loopback0

RA(config-if)# ip address 192.168.31.11 255.255.255.255

RA(config-if)# no shutdown

RA(config-if)# exit

RA(config)# router ospf 1

RA(config-router)# network 17.19.32.0 0.0.0.64 area 0

RA(config-router)# network 192.168.10.0 0.0.1.255 area 0

RA(config-router)# network 3.3.3.0 0.0.0.3 area 0

RA(config-router)# network 192.168.32.64 0.0.0.3 area 0

RA(config-router)# network 192.168.32.68 0.0.0.3 area 0

RA(config-router)# network 192.168.32.72 0.0.0.3 area 0

RA(config-router)# network 192.168.31.11 0.0.0.0 area 0

RA(config-router)# default-information originate always

RA(config-router)# auto-cost reference-bandwidth 10^9

RA(config-router)# timers spf 1 2

RA(config-router)# exit

RA(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.1

RA(config)# router bgp 20

RA(config-router)# redistribute ospf 1 match internal external

RA(config-router)# confederation identifier 10

RA(config-router)# no synchronization

RA(config-router)# no auto-summary

RA(config-router)# neighbor 192.168.31.12 remote-as 20

RA(config-router)# neighbor 192.168.31.12 update-source Loopback0

RA(config-router)# neighbor 192.168.31.12 next-hop-self

RA(config-router)# neighbor 192.168.31.13 remote-as 20

RA(config-router)# neighbor 192.168.31.13 update-source Loopback0

RA(config-router)# neighbor 192.168.31.13 next-hop-self

RA(config-router)# neighbor 192.168.31.14 remote-as 20

RA(config-router)# neighbor 192.168.31.14 update-source Loopback0

RA(config-router)# neighbor 192.168.31.14 next-hop-self

RA(config-router)# neighbor 192.168.31.15 remote-as 20

RA(config-router)# neighbor 192.168.31.15 update-source Loopback0

RA(config-router)# neighbor 192.168.31.15 next-hop-self

RA(config-router)# neighbor 3.3.3.2 remote-as 100

RA(config-router)# neighbor 3.3.3.2 distribute-list 2 out

RA(config-router)# neighbor 3.3.3.2 filter-list 1 out

RA(config-router)# neighbor 3.3.3.2 route-map SET_OUTBOUND_TRAFFIC in

RA(config-router)# neighbor 4.4.4.4 route-map SET_INBOUND_TRAFFIC out

RA(config-router)# exit

RA(config)# ip as-path access-list 1 permit ^400$

RA(config)# ip as-path access-list 1 permit ^$

RA(config)# access-list 2 permit 17.19.32.0 0.0.1.255

RA(config)# route-map SET_OUTBOUND_TRAFFIC permit 10

RA(config-route-map)# set local-preference 200

RA(config-route-map)# exit

RA(config)# route-map SET_INBOUND_TRAFFIC permit 10

RA(config-route-map)# set as-path prepend 10 10

RA(config-route-map)# exit

RA(config)# end

RA# copy running-config startup-config

I'm not sure about the filtering and the path prepend, though. The problem is that only AS 400 can use my network as a transit network, the rest of them cannot. Other backbone routers configuration (RC, RD, RE, RF, RH, R4, R6, R7) is similar except for the bgp part where there is no next-hop-self defined for neighbors. SET_OUTBOUND_TRAFFIC route map is configured on all of the ASBRs with local preference set to 200.

R1 is giving me some trouble. I'm not sure how to make that router accept the routes that are only defined in AS 400 and not a full BGP routing table from that AS and how to distribute anything. A little more help?

Best regards,

Jovan.

Sorry, tha code was not complete...

RA(config-router)# neighbor 4.4.4.4 route-map SET_INBOUND_TRAFFIC out

This should be:

RA(config-router)# neighbor 3.3.3.2 route-map SET_INBOUND_TRAFFIC out

And, I have this missing:

RA(config)# access-list 2 permit 17.19.32.0 0.0.1.255

RA(config)# route-map SET_INBOUND_TRAFFIC permit 10

RA(config-route-map)# set as-path prepend 10 10

RA(config-route-map)# exit

So, this should be:

RA(config)# route-map SET_INBOUND_TRAFFIC permit 10

RA(config-route-map)# match ip address 2

RA(config-route-map)# set as-path prepend 10 10 10

RA(config-route-map)# exit

RA(config)# route-map SET_INBOUND_TRAFFIC permit 20

RA(config-route-map)# exit

This should be better.