Saturday, April 30, 2011

Lab 113 - BGP Aggregation with ADVERTISE-MAP

Prerequisites: CCNP level skills.

Personal Note!
"Power corrupts; absolute power corrupts absolutely". 
Last week blows because I couldn't practice anything. All because of these in power! Today, I'm getting back on track which feels really gooood!

Note!
R4 advertises loopbacks as per Task 1 in lab 108. Changes in the lab "equipment". Pay attention to port numbers in the topology.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
Configure R4 so that it advertises prefix 40.1.0.0/16 with 'no-advertise' value.

Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes 40.0.0./14 and 44.4.0.0/17 (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path. Do NOT remove the community 'no-advertise' assigned in the task 1.

Solution

Task 1
Configure R4 so that it advertises prefix 40.1.0.0/16 with 'no-advertise' value.

R4 Configuration:
!
ip prefix-list NET_40.1.0.0 seq 5 permit 40.1.0.0/16
!
route-map SET_COMMUNITY permit 10
 match ip address prefix-list NET_40.1.0.0
 set community no-advertise
!
route-map SET_COMMUNITY permit 999
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.14.1 send-community
 neighbor 10.1.14.1 route-map SET_COMMUNITY out
 neighbor 10.1.24.2 remote-as 20
 neighbor 10.1.24.2 send-community
 neighbor 10.1.24.2 route-map SET_COMMUNITY out
 no auto-summary
!

Verification:
Pic. 2 - Prefixes Detail on R1.

Notice!
The community 'no-advertise' prevents R1 and R2 from advertising it out to R3. Other prefixes (here one example: 40.0.0.0) gets advertised.

Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes 40.0.0./14 and 44.4.0.0/17 (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path. Do NOT remove the community 'no-advertise' assigned in the Task 1.

R1 Configuration:
!
ip access-list standard TO_AGGREGATE
 deny   40.1.0.0 0.0.255.255
 permit 40.0.0.0 0.0.255.255
 permit 40.2.0.0 0.0.255.255
 permit 40.3.0.0 0.0.255.255
!
route-map AGGREGATE permit 10
 match ip address TO_AGGREGATE
!
router bgp 10
 no synchronization
 bgp router-id 172.16.101.1
 bgp log-neighbor-changes
 network 172.16.101.0 mask 255.255.255.0
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
 neighbor 10.1.13.3 remote-as 30
 neighbor 10.1.14.4 remote-as 40
 no auto-summary
!

R2 Configuration:
!
ip access-list standard TO_AGGREGATE
 deny   40.1.0.0 0.0.255.255
 permit 40.0.0.0 0.0.255.255
 permit 40.2.0.0 0.0.255.255
 permit 40.3.0.0 0.0.255.255
!
route-map AGGREGATE permit 10
 match ip address TO_AGGREGATE
!
router bgp 20
 no synchronization
 bgp router-id 172.16.102.2
 bgp log-neighbor-changes
 network 172.16.102.0 mask 255.255.255.0
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
 neighbor 10.1.23.3 remote-as 30
 neighbor 10.1.24.4 remote-as 40
 no auto-summary
!

Notice!
The prefix 40.1.0.0/16 has been marked with 'no-advertise' community. R1 and R2 CANNOT advertise it. Since the 'as-set' option allows a mixture of attributes to be advertised (R5 is supposed to receive AS 40 in the path of the summarized routes) this community prevents them from sending 40.0.0.0/14 out to R3 (look at the lab 112). Task 2 stipulates that this community should not be removed (could be done with the 'attribute-map' option of the aggregate-address command), but the aggregate should be advertised nevertheless.

The solution is to use the 'advertise-map' keyword while doing aggregation. This keyword references the route-map which decides which prefixes are going to be considered as the candidates for summarization. Here, I deny 40.1.0.0/16 from being summarized and allowing all the rest to be included in the summary route. As a result of that the community 'no-advertise' will NOT be factored in. This way, R5 receives both aggregates and they DO show AS 40 in the path.

Verification:
Pic. 3 - BGP Table on R5.

Thursday, April 21, 2011

Lab 112 - BGP Aggregation with ATTRIBUTE-MAP

Prerequisites: CCNP level skills.

Note!
R4 advertises loopbacks as per Task 1 in lab 108.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
Configure R4 in such a way that R1 and R2 do not advertise the prefix: 40.1.0.0/16 to any of the BGP routers. R1 and R2 should receive all the prefixes from R4.


Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes 40.0.0./14 and 44.4.0.0/17 (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path.

Solution

Task 1
Configure R4 in such a way that R1 and R2 do not advertise the prefix: 40.1.0.0/16 to any of the BGP routers. R1 and R2 should receive all the prefixes from R4.

R4 Configuration:
!
ip prefix-list NET_40.1.0.0 seq 5 permit 40.1.0.0/16
!
route-map SET_COMMUNITY permit 10
 match ip address prefix-list NET_40.1.0.0
 set community no-advertise
!        
route-map SET_COMMUNITY permit 999
!        
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.14.1 send-community
 neighbor 10.1.14.1 route-map SET_COMMUNITY out
 neighbor 10.1.24.2 remote-as 20
 neighbor 10.1.24.2 send-community
 neighbor 10.1.24.2 route-map SET_COMMUNITY out
 no auto-summary
!

Verification:
Pic. 2 - BGP Table on R1.
Pic. 3 - Prefix 40.1.0.0 Details on R1.
Notice!
The prefix 40.1.0.0/16 is marked with the community NO_ADVERTISE and as such, will not be advertised to any peer (R3 here).
Pic. 4 - BGP Table on R5.


Notice!
R5 does not receive 40.1.0.0/16 because neither R1 nor R2 send it towards R3.

Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path.

R1 Configuration:
!
router bgp 10
 no synchronization
 bgp router-id 172.16.101.1
 bgp log-neighbor-changes
 network 172.16.101.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.13.3 remote-as 30
 neighbor 10.1.14.4 remote-as 40
 no auto-summary
!

R2 Configuration:
!
router bgp 20
 no synchronization
 bgp router-id 172.16.102.2
 bgp log-neighbor-changes
 network 172.16.102.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.23.3 remote-as 30
 neighbor 10.1.24.4 remote-as 40
 no auto-summary
!

Notice!
'AS-SET' option is necessary so that R3 and R5 receive AS 40 in the path. Remember that the 'summary-only' keyword removes all ASes from the aggregate except for the one that is aggregating the prefix. But the result of using 'as-set' is that it advertises all attributes (here: AS numbers before aggregation and no-advertise community attribute). Since 40.1.0.0/16 uses the attribute NO_ADVERTISE, the aggregate 40.0.0.0/14 cannot be advertised to R3 and R5 does NOT receive this aggregate either. Check below:

Pic. 5 - BGP Table on R5.

The solution is to remove NO_ADVERTISE community on R1 and R2 but leaving the 'AS-SET' attribute so R3 and R5 receive all AS numbers before the routes were aggregated (keep in mind that AS numbers before aggregation are listed but not necessarily in the right order since this is only a loop prevention mechanism).

R1 Configuration:
!
route-map REMOVE_COMMUNITY permit 10
 set community none
!
router bgp 10
 no synchronization
 bgp router-id 172.16.101.1
 bgp log-neighbor-changes
 network 172.16.101.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only attribute-map REMOVE_COMMUNITY
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.13.3 remote-as 30
 neighbor 10.1.14.4 remote-as 40
 no auto-summary
!

R2 Configuration:
!
route-map REMOVE_COMMUNITY permit 10
 set community none
!
router bgp 20
 no synchronization
 bgp router-id 172.16.102.2
 bgp log-neighbor-changes
 network 172.16.102.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only attribute-map REMOVE_COMMUNITY
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.23.3 remote-as 30
 neighbor 10.1.24.4 remote-as 40
 no auto-summary
!

Verification:
Pic. 6 - BGP Table on R3.

Pic. 7 - BGP Table on R5.

Notice!
Thing to remember: the 'attribute-map' sets or removes attributes to the aggregated prefixes which use 'as-set' keyword.

Wednesday, April 20, 2011

Lab 111 - BGP Aggregation with AS-SET

Prerequisites: CCNP level skills.

Personal Note!
Three day trip to Galway (Sun-Tue). Nice distraction but I'm tired like hell today. Fell deeply in love with the town. It must be these 17 thousands young students on the streets. The fountain of Youth!


Note!
R4 loopbacks as per Lab 108.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
Configure R4 to advertise loopbacks to 40.x.x.x/16 and 44.4.x.x/19 into BGP. Do not use the network statement. Make sure the prefixes are advertised with the IGP origin code ('i').


Task 2
Configure R1 and R2 aggregation for the prefixes advertised on R4 (in Task 1). Make sure that R5 can see the all AS numbers to reach these two aggregates.


Solution

Task 1
Configure R4 to advertise loopbacks to 40.x.x.x/16 and 44.4.x.x/19 into BGP. Do not use the network statement. Make sure the prefixes are advertised with the IGP origin code ('i').


R4 Configuration:

!
ip prefix-list NET_40 seq 5 permit 40.0.0.0/8 le 16
ip prefix-list NET_44 seq 5 permit 44.4.0.0/16 le 19
!
route-map CONN_TO_BGP permit 10
 match ip address prefix-list NET_40
 set origin igp
!
route-map CONN_TO_BGP permit 20
 match ip address prefix-list NET_44
 set origin igp
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.24.2 remote-as 20
 no auto-summary
!


Verification:
Pic. 2 - BGP Prefixes Originated by R4.



Task 2
Configure R1 and R2 aggregation for the prefixes advertised on R4 (in Task 1). Make sure that R5 can see the all AS numbers to reach these two aggregates.

R1 Configuration:
!
router bgp 10
 no synchronization
 bgp router-id 172.16.101.1
 bgp log-neighbor-changes
 network 172.16.101.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.13.3 remote-as 30
 neighbor 10.1.14.4 remote-as 40
 no auto-summary
!

R2 Configuration:
!
router bgp 20
 no synchronization
 bgp router-id 172.16.102.2
 bgp log-neighbor-changes
 network 172.16.102.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only
 aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
 neighbor 10.1.23.3 remote-as 30
 neighbor 10.1.24.4 remote-as 40
 no auto-summary
!

Pic. 3 - BGP Table on R5.



Notice!
R1 and R2 being aggregating routers remove AS 40 before they advertise the the summary routes. They set two attributes: aggregator and atomic-aggregate. Below picture shows the aggregate route WITHOUT the 'as-set' option.

Pic. 4 - R5's Aggregate without 'AS-SET'.

The result is loosing the AS 40 in the path. R5 knows that some information has been lost.

Pic. 5 - R5's Aggregate with 'AS-SET'.

Notice!
The 'atomic-aggregate' no longer shows. AS 40 is prepended to aggregate.

Pic. 6 - BGP Table on R5.

Notice!
Remember that losing information about AS number can cause loops. BGP routers reject prefixes if their own AS shows in the path.

Saturday, April 16, 2011

Lab 110 - BGP Aggregation with Suppress-Map

Prerequisites: CCNP level skills.

Note!
BGP configuration based on Lab 108 (R4 loopbacks already advertised and aggregated).

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
As per lab 108 R4 aggregates 40.4.x.x/19 range of prefixes to 40.4.0.0/17 but allows more specific ones to be advertised too. Configure R4 to advertise only the aggregate route 44.4.0.0/17.

Task 2
On R4 advertise 44.4.64.0/19 in addition to the aggregate prefix 44.4.0.0/17.

Solution

Task 1
As per lab 108 R4 aggregates 40.4.x.x/19 range of prefixes to 40.4.0.0/17 but allows more specific ones to be advertised too. Configure R4 to advertise only the aggregate route 44.4.0.0/17.


R4 Configuration:
!
ip prefix-list NET_40 seq 5 permit 40.0.0.0/8 le 16
ip prefix-list NET_44 seq 5 permit 44.4.0.0/16 le 19
!
route-map CONN_TO_BGP permit 10
 match ip address prefix-list NET_40
!
route-map CONN_TO_BGP permit 20
 match ip address prefix-list NET_44
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 summary-only
 aggregate-address 44.4.0.0 255.255.128.0 summary-only
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.24.2 remote-as 20
 no auto-summary
!

Verification:
Pic. 2 - 44.4.x.x Prefixes on R4.

Notice!
All 44.4.x.x/19 are being suppressed and only 44.4.0.0/17 is going to be advertised now.

Pic. 3 - AS 40 Originated Prefixes in R5's BGP Table.

Task 2
On R4 advertise 44.4.64.0/19 in addition to the aggregate prefix 44.4.0.0/17.

R4 Configuration:
!
ip prefix-list PFX_SUPPRESSED seq 5 permit 44.4.0.0/19
ip prefix-list PFX_SUPPRESSED seq 10 permit 44.4.32.0/19
ip prefix-list PFX_SUPPRESSED seq 15 permit 44.4.96.0/19
!
route-map SUPPRESS permit 10
 match ip address prefix-list PFX_SUPPRESSED
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 summary-only
 aggregate-address 44.4.0.0 255.255.128.0 summary-only suppress-map SUPPRESS
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.24.2 remote-as 20
 no auto-summary
!

Verification:
Pic. 4 - AS 40 Originated Prefixesin R5's BGP Table.

Notice!
Permit statement in prefix-list PFX_SUPPRESSED used by the route-map SUPPRESS filters out more specific routes. What is NOT permitted in the prefix-list will NOT be suppressed by the 'summary-only' option.

Lab 109 - BGP Aggregation with Unsuppress-Map

Prerequisites: CCNP level skills.

Note!
BGP configuration based on Lab 108 (R4 loopbacks already advertised and aggregated).

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
R4 is advertising the aggregate 40.0.0.0/14. Configure R4 so that it also advertises more specific prefixes as follows:
  • 40.3.0.0/16 towards R1
  • 40.1.0.0/16 towards R2
Solution

Task 1
R4 is advertising the aggregate 40.0.0.0/14. Configure R4 so that it also advertises more specific prefixes as follows:
  • 40.3.0.0/16 towards R1
  • 40.1.0.0/16 towards R2

Pic. 2 - Suppressed Routes on R4.

Pic. 3 - BGP Table on R5.

R4 Configuration:
!
ip prefix-list NET_40 seq 5 permit 40.0.0.0/8 le 16
ip prefix-list NET_44 seq 5 permit 44.4.0.0/16 le 19
ip prefix-list PFX_UNSUPPRESS_TO_R1 seq 5 permit 40.3.0.0/16
ip prefix-list PFX_UNSUPPRESS_TO_R2 seq 5 permit 40.1.0.0/16
!
route-map CONN_TO_BGP permit 10
 match ip address prefix-list NET_40
!
route-map CONN_TO_BGP permit 20
 match ip address prefix-list NET_44
!
route-map UNSUPPRESS_TO_R2 permit 10
 match ip address prefix-list PFX_UNSUPPRESS_TO_R2
!
route-map UNSUPPRESS_TO_R1 permit 10
 match ip address prefix-list PFX_UNSUPPRESS_TO_R1
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 summary-only
 aggregate-address 44.4.0.0 255.255.128.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.14.1 unsuppress-map UNSUPPRESS_TO_R1
 neighbor 10.1.24.2 remote-as 20
 neighbor 10.1.24.2 unsuppress-map UNSUPPRESS_TO_R2
 no auto-summary
!

Notice!
Applying this change does not require 'clear ip bgp * out' but it takes a moment to unsuppress the prefixes.

Verification:
Pic. 4 - BGP Table on R1 Received
from the Neighbor AS 40.
Notice!
R1 receives the aggregate route 40.0.0./14 as well as unsuppressed route 40.3.0.0/16.

Pic. 5 - BGP Table on R2 Received
from the Neighbor AS 40.
Notice!
R2 receives the aggregate route 40.0.0./14 as well as unsuppressed route 40.1.0.0/16.

Friday, April 15, 2011

Lab 108 - BGP Aggregation using Aggregate-Address

Prerequisites: CCNP level skills.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
On R4 the following loopbacks should be advertised into BGP. Do not use network statement.
  • Loopback 3 = 40.0.0.1/16
  • Loopback 4 = 40.1.0.1/16
  • Loopback 5 = 40.2.0.1/16
  • Loopback 6 = 40.3.0.1/16
  • Loopback 7 = 44.4.0.1/19
  • Loopback 8 = 44.4.32.1/19
  • Loopback 9 = 44.4.64.1/19
  • Loopback 10 = 44.4.96.1/19
Task 2
Summarize all prefixes 40.x.x.x to one prefix only. Summarize prefixes 44.x.x.x but make sure that more specific prefixes are also advertised. Use BGP aggregation command to accomplish this.

Solution

Task 1
On R4 the following loopbacks should be advertised into BGP. Do not use network statement.
  • Loopback 3 = 40.0.0.1/16
  • Loopback 4 = 40.1.0.1/16
  • Loopback 5 = 40.2.0.1/16
  • Loopback 6 = 40.3.0.1/16
  • Loopback 7 = 44.4.0.1/19
  • Loopback 8 = 44.4.32.1/19
  • Loopback 9 = 44.4.64.1/19
  • Loopback 10 = 44.4.96.1/19
R4 Configuration:
!
ip prefix-list NET_40 seq 5 permit 40.0.0.0/8 le 16
ip prefix-list NET_44 seq 5 permit 44.4.0.0/16 le 19
!
route-map CONN_TO_BGP permit 10
 match ip address prefix-list NET_40
!
route-map CONN_TO_BGP permit 20
 match ip address prefix-list NET_44
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.24.2 remote-as 20
 no auto-summary
!

Verification:
Pic. 2 - BGP Prefixes Originated locally on R4.


Notice!
Prefixes originated by the router have next-hop attribute set to '0.0.0.0' and weight set to 32768. Prefixes redistributed use Origin incomplete '?'

Task 2

Summarize all prefixes 40.x.x.x to one prefix only. Summarize prefixes 44.x.x.x but make sure that more specific prefixes are also advertised. Use BGP aggregation command to accomplish this.
R4 Configuration:
!
router bgp 40
 no synchronization
 bgp router-id 172.16.104.4
 bgp log-neighbor-changes
 network 172.16.104.0 mask 255.255.255.0
 aggregate-address 40.0.0.0 255.252.0.0 summary-only
 aggregate-address 44.4.0.0 255.255.128.0
 redistribute connected route-map CONN_TO_BGP
 neighbor 10.1.14.1 remote-as 10
 neighbor 10.1.24.2 remote-as 20
 no auto-summary
!

Verification:
Pic. 3 - BGP Table on R4.

Notice!
R4 suppresses 's' more specific routes if 'summary-only' command is used. Only 40.0.0.0/14 is going to be advertised.
If 'summary-only' command is NOT used, the router creates the aggregate route and advertises it with addition to more specific routes.

Pic. 4 - Routing Table on R4.
Notice!
Similarly to other routing protocols the entry to 'null0' is created for the summary route as a loop prevention mechanism.

Pic. 5 - AS 40 Prefixes Learned on R5 .

Notice!
All prefixes 44.x.x.x AND the summary route are propageted. The prefix 40.x.x.x is the only summary route since 'summary-only' keyword has been used.

Wednesday, April 13, 2011

Lab 107 - BGP Aggregation using IP Route Null0

Prerequisites: CCNP level skills.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl


Task 1
Configure R5 so that it advertises one summary route representing the below prefixes (loopbacks on R5). Make sure the summary route does not overlap any other addresses. Do not use 'aggregate-address' command.
  • 55.5.0.0/24
  • 55.5.1.0/24
  • 55.5.2.0/24
  • 55.5.3.0/24
Solution


Task 1 
Configure R5 so that it advertises one summary route representing the below prefixes (loopbacks on R5). Make sure the summary route does not overlap any other addresses. Do not use 'aggregate-address' command.

R5 Configuration:
!
ip route 55.5.0.0 255.255.252.0 Null0
!
router bgp 50
 no synchronization
 bgp router-id 172.16.105.5
 bgp log-neighbor-changes
 network 5.5.0.0 mask 255.255.0.0
 network 55.5.0.0 mask 255.255.252.0
 network 172.16.105.0 mask 255.255.255.0
 network 200.5.5.0 mask 255.255.255.224
 network 200.5.5.32 mask 255.255.255.224
 network 200.55.55.0 mask 255.255.255.248
 neighbor 10.1.35.3 remote-as 30
 no auto-summary
!

Verification:
Pic. 2 - BGP Table on R4.

Notice!
BGP cannot advertise prefixes that do not have EXACT match in the routing table. The 'ip route null0' can be used to summarize the prefixes. Only local prefixes can be advertised this way.

Lab 106 - BGP Filtering using Prefix-List

Prerequisites: CCNP level skills.

Topology

Pic. 1 - Topology Diagram.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task 1
On R4 check what prefixes are originated by AS 50.

Task 2
On R4 filter out the following:
  • Class A prefixes shorter than /24
  • Class C prefixes longer than /27
Use prefix-list to accomplish this.

    Solution

    Task 1
    On R4 check what prefixes are originated by AS 50.

    The command to use: show ip bgp regexp _50$

    Pic. 2 - BGP Table on R4
    (prefixes originated by AS 50)

    Task 2
    On R4 filter out the following:
    • Class A prefixes shorter than /24
    • Class C prefixes longer than /27
    Use prefix-list to accomplish this.

    The following should be filtered out:
    Class A prefixes shorter than /24 = 5.5.0.0/16
    Class C prefixes longer than /27 = 200.55.55.0/29

    R4 Configuration:
    !
    ip prefix-list MATCH_TASK_2 seq 5 deny 0.0.0.0/1 le 23
    ip prefix-list MATCH_TASK_2 seq 10 deny 192.0.0.0/3 ge 28
    ip prefix-list MATCH_TASK_2 seq 15 permit 0.0.0.0/0 le 32
    !
    router bgp 124
     no synchronization
     bgp router-id 172.16.104.4
     bgp log-neighbor-changes
     network 172.16.104.0 mask 255.255.255.0
     network 172.16.144.0 mask 255.255.255.0
     neighbor 10.1.14.1 remote-as 124
     neighbor 10.1.14.1 route-reflector-client
     neighbor 10.1.14.1 prefix-list MATCH_TASK_2 in
     neighbor 10.1.24.2 remote-as 124
     neighbor 10.1.24.2 route-reflector-client
     neighbor 10.1.24.2 prefix-list MATCH_TASK_2 in
     no auto-summary
    !

    Verification:
    Pic. 3 - BGP Table on R4
    (prefixes originated by AS 50)

    The following prefixes have been filtered out:
    Class A prefixes shorter than /24 = 5.5.0.0/16
    Class C prefixes longer than /27 = 200.55.55.0/29

    Tuesday, April 12, 2011

    Lab 105 - BGP Filtering using Extended ACL

    Prerequisites: CCNP level skills.

    Topology

    Personal Note!
    I'm physically exhausted today. If you can't run, try to walk. One post must do today.

    Pic. 1 - Topology Diagram.
    Icons designed by: Andrzej Szoblik - http://www.newo.pl

    Task 1
    On R5 add the following loopbacks and advertise them into BGP.
    • Loopback 1 = 10.55.55.1 255.255.255.240
    • Loobpack 2 = 10.55.55.17 255.255.255.240
    • Loopback 3 = 10.55.20.1 255.255.255.240
    • Loobpack 4 = 10.55.20.17 255.255.255.240
    Task 2
    On R4 use an extended ACL to filter out all prefixes with an odd third octet using /28 or longer network mask.

    Solution

    Task 1
    On R5 add the following loopbacks and advertise them into BGP.
    • Loopback 1 = 10.55.55.1 255.255.255.240
    • Loobpack 2 = 10.55.55.17 255.255.255.240
    • Loopback 3 = 10.55.20.1 255.255.255.240
    • Loopback 4 = 10.55.20.17 255.255.255.240
    R5 Configuration:
    !
    interface Loopback1
     ip address 10.55.55.1 255.255.255.240
    !
    interface Loopback2
     ip address 10.55.55.17 255.255.255.240
    !
    interface Loopback3
     ip address 10.55.20.1 255.255.255.240
    !
    interface Loopback4
     ip address 10.55.20.17 255.255.255.240
    !    

    router bgp 50
     no synchronization
     bgp router-id 172.16.105.5
     bgp log-neighbor-changes
     network 10.55.20.0 mask 255.255.255.240
     network 10.55.20.16 mask 255.255.255.240
     network 10.55.55.0 mask 255.255.255.240
     network 10.55.55.16 mask 255.255.255.240
     network 172.16.105.0 mask 255.255.255.0
     neighbor 10.1.35.3 remote-as 30
     no auto-summary
    !

    Verification:
    Pic. 2 - R4 Receives New Subnets.

    Task 2
    On R4 use an extended ACL to filter out all prefixes with an odd third octet using /28 or longer network mask.

    R4 Configuration:
    !
    access-list 100 deny ip 0.0.1.0 255.255.254.255 255.255.255.240 0.0.0.15
    access-list 100 permit ip any any
    !
    router bgp 124
     no synchronization
     bgp router-id 172.16.104.4
     bgp log-neighbor-changes
     network 172.16.104.0 mask 255.255.255.0
     network 172.16.144.0 mask 255.255.255.0
     neighbor 10.1.14.1 remote-as 124
     neighbor 10.1.14.1 route-reflector-client
     neighbor 10.1.14.1 distribute-list 100 in
     neighbor 10.1.24.2 remote-as 124
     neighbor 10.1.24.2 route-reflector-client
     neighbor 10.1.24.2 distribute-list 100 in
     no auto-summary
    !

    Notice!
    Even though extended ACLs are not easy to accomplish complex matches it is possible to use them this way. The destination address/wildcard pair match on the prefix length (highlighted portion of the ACL).

    Verification:
    Pic. 3 - BGP Table on R4.

    Notice!
    10.55.55.0/24 and 10.55.55.16/24 have been filtered out because their third octet are odd numbers AND their network mask length is /28.

    Monday, April 11, 2011

    Lab 104 - BGP Filtering using Standard ACL

    Prerequisites: CCNP level skills.

    Topology

    Personal Note!
    Back home! Resuming my bgp command study and posts. My company seem to have planned a lot of travels for me (well, beggars can't be choosers). These kind of study distractions I equate to a tcp slow start: they're inevitable impediments and must be factored in during study.
    Solution: increase the dose of tenacity ;)

    Pic. 1 - Topology Diagram.
    Icons designed by: Andrzej Szoblik - http://www.newo.pl

    Task 1
    On R5 filter out all prefixes with even numbers on the third octet.
     
    Solution

    Task 1
    On R5 filter out all prefixes with even numbers on the third octet.

    Pic. 2 - Current BGP Table on R5.
    R5 Configuration:
    !
    access-list 1 permit 0.0.0.0 255.255.254.255
    !
    route-map FILTER_EVEN deny 10
     match ip address 1
    !
    route-map FILTER_EVEN permit 999
    !
    router bgp 50
     no synchronization
     bgp router-id 172.16.105.5
     bgp log-neighbor-changes
     network 172.16.105.0 mask 255.255.255.0
     neighbor 10.1.35.3 remote-as 30
     neighbor 10.1.35.3 route-map FILTER_EVEN in
     no auto-summary
    !

    Verification:
    Pic. 3 - BGP Table on R5.

    Notice!
    172.16.102.0/24, 172.16.104.0/24 and 172.16.144.0/24 are no longer in the BGP table on R5. The 'clear ip bgp * in' is required for this filter to take effect.

    Lab 103 - BGP Path Selection using MAXAS-LIMIT

    Prerequisites: CCNP level skills.

    Topology

    Personal Note!
    Back home! Resuming my bgp command study and posts. My company seem to have planned a lot of travels for me (well, beggars can't be choosers). These kind of study distractions I equate to a tcp slow start: they're inevitable impediments and must be factored in during study.
    Solution: increase the dose of tenacity ;)

    Pic. 1 - Topology Diagram.
    Icons designed by: Andrzej Szoblik - http://www.newo.pl

    Task 1
    Given the topology (pic. 1), configure AS 50 so it does not accept prefixes from AS 124. Do not use any access-list, prefix-list, as-path access-list to accomplish this.

    Solution

    Task 1
    Given the topology (pic. 1), configure AS 50 so it does not accept prefixes from AS 124. Do not use any access-list, prefix-list, as-path access-list to accomplish this.

    Pic. 3 - BGP Table on R5.

    R5 Configuration:
    !
    router bgp 50
     no synchronization
     bgp router-id 172.16.105.5
     bgp log-neighbor-changes
     bgp maxas-limit 1
     network 172.16.105.0 mask 255.255.255.0
     neighbor 10.1.35.3 remote-as 30
     no auto-summary
    !

    Verification:
    Pic. 3 - BGP Table on R5.

    Notice!
    Configuration allows the maximum as-path length of 1 AS.

    Sunday, April 10, 2011

    Lab 102 - BGP Path Selection using DMZLINK-BW

    Prerequisites: CCNP level skills.

    Topology

    Personal Note!
    Back home! Resuming my bgp command study and posts. My company seem to have planned a lot of travels for me (well, beggars can't be choosers). These kind of study distractions I equate to a tcp slow start: they're inevitable impediments and must be factored in during study.
    Solution: increase the dose of tenacity ;)

    Pic. 1 - Topology Diagram.
    Icons designed by: Andrzej Szoblik - http://www.newo.pl


    Task 1
    Assuming the Serial connections to R3 is 512 kbps, configure BGP on routers so that R4 does an equal load balance towards 172.16.105.0/24.

    Solution

    Task 1

    Assuming the Serial connections to R3 is 512 kbps, configure BGP on routers so that R4 does an equal load balance towards 172.16.105.0/24.

    Notice!
    BGP does not allow to perform a traffic sharing by default. Using dmzlink-bw bgp option we can allow both equal and unequal cost load balancing. For this feature to work the following are necessary:
    • prefixes must have the same attributes: Weight, Local Preference, Origin, MED.
    • prefixes must be learned either through IBGP or EBGP sessions.
    • Have the same IGP metric towards the next-hop routers
    If you want to achieve unequal cost load balancing, the bandwidth parameter must be properly configured (ratio).

    source: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11b_lb.html

    Pic. 2 - BGP Table on R4 Before Applying Configuration.
    Pic. 3 - Routing Table on R4 Before Applying Configuration.

    Notice!
    Only one path is installed in the routing table.


    R1 Configuration:
    !
    interface Serial1/1
     bandwidth 512
     ip address 10.1.13.1 255.255.255.0
     serial restart-delay 0
    !
    router bgp 124
     no synchronization
     bgp router-id 172.16.101.1
     bgp log-neighbor-changes
     bgp dmzlink-bw
     network 172.16.101.0 mask 255.255.255.0
     neighbor 10.1.13.3 remote-as 30
     neighbor 10.1.13.3 dmzlink-bw
     neighbor 10.1.14.4 remote-as 124
     neighbor 10.1.14.4 next-hop-self
     neighbor 10.1.14.4 send-community extended
     no auto-summary
    !

    R2 Configuration:
    !
    interface Serial1/2
     bandwidth 512
     ip address 10.1.23.2 255.255.255.0
     serial restart-delay 0
    !
    router bgp 124
     no synchronization
     bgp router-id 172.16.102.2
     bgp log-neighbor-changes
     bgp dmzlink-bw
     network 172.16.102.0 mask 255.255.255.0
     neighbor 10.1.23.3 remote-as 30
     neighbor 10.1.23.3 dmzlink-bw
     neighbor 10.1.24.4 remote-as 124
     neighbor 10.1.24.4 next-hop-self
     neighbor 10.1.24.4 send-community extended
     no auto-summary
    !

    Notice!
    On R1 and R2 (Edge routers) the following have been configured:
    • router configuration:  bgp dmzlink-bw
    • EBGP neighbor dmzlink-bw
    • Extended communities sent towards R4 which carry additional parameter allowing to install two paths in the routing table
    R4 Configuration:
    !
    router bgp 124
     no synchronization
     bgp router-id 172.16.104.4
     bgp log-neighbor-changes
     bgp dmzlink-bw
     network 172.16.104.0 mask 255.255.255.0
     neighbor 10.1.14.1 remote-as 124
     neighbor 10.1.14.1 route-reflector-client
     neighbor 10.1.24.2 remote-as 124
     neighbor 10.1.24.2 route-reflector-client
     maximum-paths ibgp 2
     no auto-summary
    !


    Notice!
    Maximu-paths increased to 2.

    Pic. 4 - BGP Prefix Details on R4.
    Pic. 5 - Routing Table on R4.

    Notice!
    Only one path shows as best in the BGP table. However, both are installed in the routing table.

    Pic. 6 - Prefix Details in the Routing Table.