cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
203853
Views
20
Helpful
19
Replies

BGP Configuration

Hi all,

Please Can any one help me understand this concept...

Let me show you the scenario

one MPLS connection from ISP coming to my router and from my router to DMZ servers

i have to connect to the Remote server to my DMZ server

The ISP gave me the details of BGP to configure

now what i have to do to Route my private network to the remote servers...

i performed NAT on my router to go through the  ISP Connection.....now i can ping to ISP gateway and can see all the router in #sh bgp table

is it correct or i have to directly forward the traffic of Internal Network to ISP through BGP................or

Do i have to Create Tunnels ..if Tunnels are required then what i have to Know from the Remote Office

                                                Desig.jpg

Many many Thanks in advance

19 REPLIES 19

Thankyou John,

can you explain how the null0 route works in my scenario...

i googled it but not able to understand that how the connectivity will be

Null0 gives you a static route to advertise. BGP needs an existing route to be in the routing table before it can advertise it to other peers. The purpose for it in this scenario is that you're natting to an address that is nowhere on your router. The static route allows for the route to be put into the table and let bgp use it. When bgp advertises it, it will show that the 10.16.21.206 comes from your AS and will let everyone upstream know how to get to this address. Technically, I guess you could create a loopback with the ip on there and nat out as that addres but I'd have to lab that up.

I attached the diagram for you to review...

R3 192.168.1.1 is natted out as 10.10.10.10. R1 has natting configured, but doesn't hold that ip anywhere:

R1:

ip nat inside source static tcp 192.168.1.2 80 10.10.10.10 80 extendable

R1#sh ip route 10.10.10.10

% Network not in table

R1#

On R2, it doesn't exist either:

R2#sh ip route 10.10.10.10

% Network not in table

R2#

I'll add the null route:

R1(config)#do sh run | inc ip route

ip route 10.10.10.10 255.255.255.255 Null0

R1(config)#

Is it in the routing table now?

R1(config)#do sh ip route 10.10.10.10

Routing entry for 10.10.10.10/32

  Known via "static", distance 1, metric 0 (connected)

  Routing Descriptor Blocks:

  * directly connected, via Null0

      Route metric is 0, traffic share count is 1

So far so good...now let's advertise it in bgp:

R1#sh run | inc router bgp|10.10.10.10

router bgp 10

network 10.10.10.10 mask 255.255.255.255

It's showing in the bgp table:

R1#sh ip bgp regex ^$         

BGP table version is 8, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 1.1.1.0/24       0.0.0.0                  0         32768 i

*> 10.10.10.10/32   0.0.0.0                  0         32768 i

*> 172.20.20.0/30   0.0.0.0                  0         32768 i

*> 192.168.1.0/30   0.0.0.0                  0         32768 i

R1#

What about R2?

R2#sh ip route 10.10.10.10

Routing entry for 10.10.10.10/32

  Known via "bgp 200", distance 20, metric 0

  Tag 10, type external

  Last update from 172.20.20.1 00:01:53 ago

  Routing Descriptor Blocks:

  * 172.20.20.1, from 172.20.20.1, 00:01:53 ago

      Route metric is 0, traffic share count is 1

      AS Hops 1

      Route tag 10

Okay, so we have the 10.10.10.10/32 route over at R2. Can it get to 10.10.10.10:80?

R2#telnet 10.10.10.10 80

Trying 10.10.10.10, 80 ... Open

Get / http/1.0

HTTP/1.1 401 Unauthorized

Date: Fri, 01 Mar 2002 00:20:54 GMT

Server: cisco-IOS

Accept-Ranges: none

WWW-Authenticate: Basic realm="level_15_access"

401 Unauthorized

[Connection to 10.10.10.10 closed by foreign host]

Yes it can....so your null route allows for you to basically advertise a route into bgp. There are other uses for null0 like summaries, but this is just to be able to get a route to advertise.

I also labbed up the loopback question and you should be able to do that as well:

R1(config-if)#do sh run int lo1

Building configuration...

Current configuration : 106 bytes

!

interface Loopback1

ip address 10.10.10.10 255.255.255.255

ip nat outside

ip virtual-reassembly

end

Same configuration for everything else, but you wouldn't have a static route to null0. Notice how I have "ip nat outside" on the loopback interface. That's because I want traffic to use this ip as outgoing. I still  have the nat configuration on the router though:

R1#sh run | i ip nat inside source

ip nat inside source static tcp 192.168.1.2 80 interface Loopback1 80

R1#sh ip nat trans

Pro Inside global      Inside local       Outside local      Outside global

tcp 10.10.10.10:80     192.168.1.2:80     ---                ---

R1#

On R2:

R2#telnet 10.10.10.10 80

Trying 10.10.10.10, 80 ... Open

Sorry for such a long post In conclusion, you can use either one you wish; both seem to work fine.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi John,

i am speechless after seeing your post...

i don't know how to thank you, you took so much stress to explain this to adumb guy like me......hatsoff to your efforts

you made my life so much easy.....

the first one looks like secure but i want to go for the second one by creating loopback ..

now i am looking ahead for the testing phase with the remote server....i hope everything wil work fine

i configured loopback...

#int loopback 10

#ip add 10.16.21.206/32

advertised it through Bgp ...

#network 10.16.21.206 mask 255.255.255.255

#neighbor 172.18.4.129 remote as 65000

natted the incoming and outgoing traffic ..

#ip nat inside source static tcp 10.10.10.28 5775 10.16.21.206 5775 extendable

# int lo 10

ip nat outside

# int gig 0/1

ip nat inside

is it correct

once again thanks a lot...

thanks a lot....

It looks correct to me Thank you for the kind words and I hope I helped. I look forward to hearing how things went!

John

HTH, John *** Please rate all useful posts ***
shubhamkumarhcl
Beginner