Prerequisites: CCNP level skills.
Topology
Personal Note!
I'm physically exhausted today. If you can't run, try to walk. One post must do today.
Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl
Task 1
On R5 add the following loopbacks and advertise them into BGP.
- Loopback 1 = 10.55.55.1 255.255.255.240
- Loobpack 2 = 10.55.55.17 255.255.255.240
- Loopback 3 = 10.55.20.1 255.255.255.240
- Loobpack 4 = 10.55.20.17 255.255.255.240
On R4 use an extended ACL to filter out all prefixes with an odd third octet using /28 or longer network mask.
Solution
Task 1
On R5 add the following loopbacks and advertise them into BGP.
- Loopback 1 = 10.55.55.1 255.255.255.240
- Loobpack 2 = 10.55.55.17 255.255.255.240
- Loopback 3 = 10.55.20.1 255.255.255.240
- Loopback 4 = 10.55.20.17 255.255.255.240
!
interface Loopback1
ip address 10.55.55.1 255.255.255.240
!
interface Loopback2
ip address 10.55.55.17 255.255.255.240
!
interface Loopback3
ip address 10.55.20.1 255.255.255.240
!
interface Loopback4
ip address 10.55.20.17 255.255.255.240
!
router bgp 50
no synchronization
bgp router-id 172.16.105.5
bgp log-neighbor-changes
network 10.55.20.0 mask 255.255.255.240
network 10.55.20.16 mask 255.255.255.240
network 10.55.55.0 mask 255.255.255.240
network 10.55.55.16 mask 255.255.255.240
network 172.16.105.0 mask 255.255.255.0
neighbor 10.1.35.3 remote-as 30
no auto-summary
ip address 10.55.55.1 255.255.255.240
!
interface Loopback2
ip address 10.55.55.17 255.255.255.240
!
interface Loopback3
ip address 10.55.20.1 255.255.255.240
!
interface Loopback4
ip address 10.55.20.17 255.255.255.240
!
router bgp 50
no synchronization
bgp router-id 172.16.105.5
bgp log-neighbor-changes
network 10.55.20.0 mask 255.255.255.240
network 10.55.20.16 mask 255.255.255.240
network 10.55.55.0 mask 255.255.255.240
network 10.55.55.16 mask 255.255.255.240
network 172.16.105.0 mask 255.255.255.0
neighbor 10.1.35.3 remote-as 30
no auto-summary
!
Verification:
Task 2
On R4 use an extended ACL to filter out all prefixes with an odd third octet using /28 or longer network mask.
R4 Configuration:
!
access-list 100 deny ip 0.0.1.0 255.255.254.255 255.255.255.240 0.0.0.15
access-list 100 permit ip any any
!
router bgp 124
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
network 172.16.144.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 124
neighbor 10.1.14.1 route-reflector-client
neighbor 10.1.14.1 distribute-list 100 in
neighbor 10.1.24.2 remote-as 124
neighbor 10.1.24.2 route-reflector-client
neighbor 10.1.24.2 distribute-list 100 in
no auto-summary
access-list 100 permit ip any any
!
router bgp 124
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
network 172.16.144.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 124
neighbor 10.1.14.1 route-reflector-client
neighbor 10.1.14.1 distribute-list 100 in
neighbor 10.1.24.2 remote-as 124
neighbor 10.1.24.2 route-reflector-client
neighbor 10.1.24.2 distribute-list 100 in
no auto-summary
!
Notice!
Even though extended ACLs are not easy to accomplish complex matches it is possible to use them this way. The destination address/wildcard pair match on the prefix length (highlighted portion of the ACL).
Verification:
Pic. 3 - BGP Table on R4.
10.55.55.0/24 and 10.55.55.16/24 have been filtered out because their third octet are odd numbers AND their network mask length is /28.