Exterior Gateway Routing – 10 Points
4.1 BGP Peering
Basic peering task. Keep in mind that sw3 and sw4 don’t have an IGP running.
I’m still having problems with know when to apply ‘next-hop-self’. I need to do some more work on BGP. 😦
4.2 AS-Path Manipulation
We need to make sure that the private AS’s do not get outside of AS 300:
Before:
r4#sh ip bgp quote _650.._
BGP table version is 10, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.9.0/24 162.1.0.3 0 300 65002 65034 i
*> 150.1.10.0/24 162.1.0.3 0 300 65002 65034 i
*> 162.1.7.0/24 162.1.0.2 0 300 65001 i
*> 162.1.18.0/24 162.1.0.3 0 300 65002 i
r3#sh ip bgp neigh 162.1.0.4 adv
BGP table version is 10, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 162.1.0.4 0 100 54 i
*> 28.119.17.0/24 162.1.0.4 0 100 54 i
*> 150.1.9.0/24 162.1.38.8 0 65002 65034 i
*> 150.1.10.0/24 162.1.38.8 0 65002 65034 i
*>i162.1.7.0/24 162.1.27.7 0 100 0 65001 i
*> 162.1.18.0/24 162.1.38.8 0 0 65002 i
*> 205.90.31.0 162.1.13.1 0 200 254 ?
*> 220.20.3.0 162.1.13.1 0 200 254 ?
*> 222.22.2.0 162.1.13.1 0 200 254 ?
Total number of prefixes 9
r3(config)#ip as-path access-list 42 perm _650.._
r3(config)#route-map TASK_42 deny 10
r3(config-route-map)# match as-path 42
r3(config-route-map)#route-map TASK_42 perm 1000
r3(config-route-map)#router bg 300
r3(config-router)#neigh 162.1.0.4 route-map TASK_42 out
r3(config-router)#neigh 162.1.13.1 route-map TASK_42 out
After:
r3#sh ip bgp neigh 162.1.0.4 adv
BGP table version is 10, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 205.90.31.0 162.1.13.1 0 200 254 ?
*> 220.20.3.0 162.1.13.1 0 200 254 ?
*> 222.22.2.0 162.1.13.1 0 200 254 ?
Total number of prefixes 3
r4#sh ip bgp
BGP table version is 14, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 204.12.1.254 0 0 54 i
*> 28.119.17.0/24 204.12.1.254 0 0 54 i
*> 205.90.31.0 162.1.0.3 0 300 200 254 ?
*> 220.20.3.0 162.1.0.3 0 300 200 254 ?
*> 222.22.2.0 162.1.0.3 0 300 200 254 ?
My solution works (umm…technically 🙂 ), but I’m actually filtering off the routes (which I did not think broke the task). There’s a much easier way:
Usage Guidelines
This command is available for external BGP (eBGP) neighbors only.
When an update is passed to the external neighbor, if the autonomous system path includes private autonomous system numbers, the software will drop the private autonomous system numbers.
If the autonomous system path includes both private and public autonomous system numbers, the software considers this to be a configuration error and does not remove the private autonomous system numbers.
If the autonomous system path contains the autonomous system number of the eBGP neighbor, the private autonomous system numbers will not be removed.
If this command is used with confederation, it will work as long as the private autonomous system numbers follow the confederation portion of the autonomous path.
The private autonomous system values are from 64512 to 65535.
There is a much better solution. The prefixes are still advertised to the eBGP neighbor but do not show up on the neighbor:
r3#sh ip bgp neigh 162.1.0.4 adv
BGP table version is 10, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 162.1.0.4 0 100 54 i
*> 28.119.17.0/24 162.1.0.4 0 100 54 i
*> 150.1.9.0/24 162.1.38.8 0 65002 65034 i
*> 150.1.10.0/24 162.1.38.8 0 65002 65034 i
*>i162.1.7.0/24 162.1.27.7 0 100 0 65001 i
*> 162.1.18.0/24 162.1.38.8 0 0 65002 i
*> 205.90.31.0 162.1.13.1 0 200 254 ?
*> 220.20.3.0 162.1.13.1 0 200 254 ?
*> 222.22.2.0 162.1.13.1 0 200 254 ?
Total number of prefixes 9
r4#sh ip bgp neigh 162.1.0.3 routes
BGP table version is 20, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.9.0/24 162.1.0.3 0 300 i
*> 150.1.10.0/24 162.1.0.3 0 300 i
*> 162.1.7.0/24 162.1.0.2 0 300 i
*> 162.1.18.0/24 162.1.0.3 0 300 i
*> 205.90.31.0 162.1.0.3 0 300 200 254 ?
*> 220.20.3.0 162.1.0.3 0 300 200 254 ?
*> 222.22.2.0 162.1.0.3 0 300 200 254 ?
Total number of prefixes 7
4.3 BGP Filtering
Configure a new loopback interface on r5 and advertise it into BGP. r4 should not pass this prefix on. Configure this on r5.
Use the ‘no-advertise’ BGP community.
(Optional) Well know communities can be specified by using the following keywords:
•internet
•local-as
•no-advertise
•no-export
ip prefix-list TASK_43 seq 5 permit 162.1.15.0/24
!
route-map TASK_43 permit 10
match ip address prefix-list TASK_43
set community no-advertise
!
route-map TASK_43 permit 1000
!
router bgp 500
neighbor 150.1.4.4 send-community <- don’t forget this line
neighbor 150.1.4.4 route-map TASK_43 out
r4#sh ip bgp 162.1.15.0
BGP routing table entry for 162.1.15.0/24, version 22
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to any peer)
Flag: 0x880
Not advertised to any peer
500
150.1.5.5 (metric 66) from 150.1.5.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-advertise
IE used an as-path access-list matching ^$ instead of a prefix-list matching the network. Both methods work, but the IE method would match any additional networks that you decide to advertise on r5 in the future.
4.4 BGP Table Stability
Pretty simple task using BGP dampening on routes learned from BB3 with the variables specified in the task.
half-life: 15 minutes
reuse: 750
suppress: 2000
max-suppress-time: 4 times half-life
We are asked to set the max-suppress-time to 30 minutes. This can be usually be done two ways. Set the max-suppress-time to number of minutes specified, or set the half-life to 1/4 of that amount. In this task we cannot use 1/4 of the max-suppress-time (30 minutes) for the half-life because it is not a whole number (7.5).
(Optional) Maximum time (in minutes) a route can be suppressed. The range is from 1 to 20000; the default is 4 times the half-life. If the half-life value is allowed to default, the maximum suppress time defaults to 60 minutes. When the max-suppress-time is configured, the maximum penalty will never be exceeded, regardless of the number of times that the prefix dampens. The maximum penalty is computed with the following formula:
Max penalty = reuse-limit *2^(maximum suppress time/half time)
I applied the dampening only to routes from AS 54:
r4(config)#ip as-path access-list 44 permit ^54$
r4(config)#route-map TASK_44 permit 10
r4(config-route-map)#match as-path 44
r4(config-route-map)#set dampening 15 1000 3000 30
r4(config-route-map)#router bgp 100
r4(config-router)#bgp dampening route-map TASK_44
The IE solution applied BGP dampening to all prefixes on r4???
r4#sh ip bgp dampening parameters
dampening 15 1000 3000 30 (route-map TASK_44 10)
Half-life time : 15 mins Decay Time : 370 secs
Max suppress penalty: 4000 Max suppress time: 30 mins
Suppress penalty : 3000 Reuse penalty : 1000
on 4.4 – At first I was really confused why they applied it globally… I had read the question even differently thinking that I was only supposed to dampen routes AS54 got from the Internet, not originated itself… However, after reading the question again it never said to care if they were from AS54… It just says to dampen. Easy one to overthink.
Comment by Thomas — January 16, 2009 @ 12:27 am |