CCIE ( R&S, SP ) # 35012 sikandarccie@gmail.com Networkonlineacademy.com All contents are copyright @2013 ~ 2014 All rights reserved. oP tab Horkbook by NETWGR ALL contents are copyright 62014 — 2015 All rights reserved. Shane sateINDEX PAGE NO BGP Introduction 4 Types of ISP Connections BGP Message types, BGP Neighbors .. LAB: Basic IBGP Peering - . . “4 BGP Split Horizon Rule LAB: IBGP Peering using loopbacks .. Configuring BGP Authentication on Cisco 10! Peer groups wo - o oe oe 29 Lab - Peer Groups 30 Route reflector 34 Lab : route reflector 35 Lab: route reflector usinglooback 38 Lab: route reflector with two servers for redundancy. - 40 Route Reflector Clusters 4% LAB : Route Reflector Clusters 46 BGP next hop behavior LAB: Basic EBGP Configuration & Verify Next-hop Behavior . 56 LAB: EBGP peering using Loopback Interfaces (using FBGP multihop): ... Synchronization rule: LAB: Verify BGP Synchronization Rule BGP Attributes . BGP Path Selection Process ..... 73 Lab: Using Weight Attribute ca Clearing the BGP Session 82 Lab : Weight Attribute using Route-maps 85 Understanding Invout - . 87 Lab: Using Local Preference ... 90 Lab : Local preference using Route-maps Labs AS-path Prepending Lab : Multi-Exit Discriminator (Metric) BGP always compare MED BGP Summarization ( Aggregation) BGP Summarization AS-SET option : Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 2 Shane sateSuppress-Map: 134 Unsuppress-Maps . ceo 136 BGP Communities . ces . 139 Lab: Commuities Well Known 140 Community no-advertise No- Export well known Community Attribute: using Local-AS User Defined BGP Community: LAB: BGP Filtering .. BGP Filtering Using ACL BGP Filtering Using Prefi: ist BGP Filtering Using Route-maps Regular Expressions. AS-PATH filters using Regular expression BGP Route-Dampening BGP Route-Dampening using Route-maps BGP Confederation LAB: BGP Confederations TASK: Verify BGP local-AS community Attribute Removing Private AS Numbers sss. BGP Hide Local-Autonomous System BGP Hide Local-Autonomous System (Noprepend).. BGP Hide Local-Autonomous System (no-prepend replace-as).. BGP Support for Dual AS Configuration for Network AS Migrations BGP allowas-in IPv6 BGP Basic Ipv6 IBGP And EBGP Configurations LAB : IPV6 IBGP & EBGP Advance Configurations BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 3 Shane sateBGP BGP Autonomous Systems RIP, IGRP, EIGRP, OSPF EGPs: BGP Autonomous System 100 Autonomous System 200 An AS isa collection of networks under a under a common administration. © The Internet Assigned Numbers Authority (IANA) assigns AS members: 1 fo 64511 are public AS numbers and 64512 to 65535 are private AS muntbers, #IGPs operate within an AS. + BGP is used between autonomous systems. + Exchange of loop-free routing information is guaranteed. Introduction to BGP + BGP is the only routing protocol in widespread use which facilitates inter-domain routing (between autonomous systems) © BGP is an external gateway protocol, meant to be used between different networks. It is the protocol used betaveen Internet seroice providers (ISPs) and also can be used between an Enterprise and an ISP. © BGP was built for reliability, scalability, ane control, not speed. Because of tis, it behuces differently from the protocols BGP is path-vector; routes are tracked in terms of which autonomous systems they pass through. 65100 © BGP attributes allow granularity in path selection. * BGP stands for Border Gateway Protocol. Routers runing BGP are termed BGP speakers # Routing between autonomous systems is called interdomain routing. BGP tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 4 Shane sateBGP"s loop prevention mechanism Ne rn ey eect) AS200 \~ AS 100 sroaoaone |. s80.100.076 wns CEEEIES) —J s4o-10.0.0%6 180.10.0.0/16 is not accepted JAS 500» by AS100 as the prefix has ‘AS100 in its AS-PATH — this is oop detection in action BGP*s loop prevention mechanism is an autonomous system umber. When an update about a netzoork leaves an autonomous system, that autonomous system’s number is prepended fo the list of autonomous systems that havehanadled that update When an autonomous system receives ant update, it examines the autonomous systent list Ifit finds its own autonomous system number in that list, the upulate is discarded. BGP Features © Open Standard Advance distance vector protacol © Path vector protocol © Classless © Support FLSM, VLSM, CIDR, auto and manual summary (BGP-4) © Tis Exterior Gatewny protocol © Designed to scale huge inter-netivork like internet. © Upittes are incremental anat trigger © It send updates to manually defined neighbor as unicast © BGP is application layer protocol uses ICP for reliability, TCP port 179 © Metric = Attributes © Administrative distance + 20 External upulates + 200 Internal upsiates © BGP is not designed for load balancing. Uses only one patht per network © IGPs announce networks and cost to reach those networks. BGP announces pativeays and the networks that are reachable af the end of the pathway. © BGP uses Attribute as Metric. AS Path is one of the attribute of BGP. Path with less AS hop is best path( which is hy default) © BGP allows administrators to define policies or rules for how data will flow through the autonomous systems, Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 (ener ALL contents are copyright 62014 — 2015 All rights reserved. Page 5When to use BGP BGP is more appropriate if one of the following conditions exist + AS. working as transit A.S. (Px. ISP) * AS. connected fo multiple A.S (when the = Data traffic path entering or leaving A When not to use BGP BGP is not recommended if one or more following condition exist © Ifitis Single-home AS © Lack of recourses like memory and less processing power in routers © Limited understanding about BGP route filtering and path selection processes is multihorned) to manipulated BGP Databases (BGP tables) Neighbor table (© A list ofall configured BGP neighbors. oH show ip bgp summary BGP forwarding table/database © A list of networks known by BGP, along with their paths ard attributes co # show ip bgp IP routing table 0 List of best paths fo destination neta © # Ship route ‘Types of ISP Connections Single Homed ks. ASN4,1SP4 # A site with a single ISP connection is single-homed. we for a site that does not depend heavily on Internet or WAN connectivity. ¢ static routes, or advertise the site routes to the ISP and receive a default route from: © This is © Fither us Dual-homed site # A dual-homedsite has two connections to the same ISP, either from one router or two routers, © One link might be primary and the other backup, or the site might load balance over both inks: © Fither static or dynamic routing would work in this case DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 6 Shane satee—6 © A dual-homedsite has two connections to the same ISP, either from one router or two routers © One link might be primary and the other backup, or the site might load balance over both links. + Hither static or dynamic routing would work in this case. Multihoming © Multihomring means connecting to more than one ISP at the same time. + itis done for redundancy and backup if one ISP fails and for better performance if ome ISP provides a better path to frequently used networks + This also gives you an ISP-independent solution. BGP is typically used with multihomed connections 8 BGP tab Workbook by Sikandar Gouse Moinuddin CCTR (R68, 5P) # 35012 (Wetwer ALL contents are copyright @2014 — 2015 all rights reserved. Page 7 Gare esseDual Multihomed © You can take multihoming a step further and be dual-multihomed, with tavo connections to multiple ISPs, © This gives the most redundancy. © BGP is used with the ISPs and can be used internally also, sna ASN 119 4 sn 2,160 2 Connecting to the Internet with BGP Route reception options: © Default route from provider(s) Fasy on resources, internal traffic routed to nearest BGP router © Some routes + default route - Allows for selection of some paths with others falling back toa defiult route + All routes (full table) - Hard on resources, but guarantees the most direct path is taken BGP Message types BGP has four types of messages: © Open © Keepative © Upilate + Notification Open: © Aftera neighbor is configured, BGP sends an open message to try to establish peering zwith that neighbor. # Inctuaes information such as autorsomous system number, router ID, amd hold time. Update = Message used to fransfer routing information hetween peers © Includes new routes, withdraeon routes, and path attributes Keepative * BGP peers exchange keepalive messages every 60 seconds by default, These keep the peering session active Notification © When a problem occurs that causes « router to end the BGP peering session, « notification message is sent to the BGP neighbor and the connection is closed. BGP Lab Workbock by Sikandar Gouse Meiaoddin OCIE (RES, Se) # 35012 (NETWORI ALL contents are copyright @2014 — 2015 all rights reserved. Page 8 ¢ Gare esseBGP Neighbors © BGP neighbors are routers forming TCP connection for exchanging BGP updates. Also called as BGP Peers or BGP Speakers #0 type of BGP neighbor relationship. = BGP = FBGP Router forming neighbor relationship within A.S. IBGP neighbors doesn't need to he directly connected IBGP Neighbors ‘AS 65500 AS 65100 “SAS 65000 AS 65102 No BGP ‘AS 65101 AS65103 Redistributing BGP into OSPF Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 (NETWSRI Bit contents ave copyrighe 2014 = 2015 All rights resecved Page 9 FL+ Radistributing BGP into an IGP (OSPF in this example) is not recommended. + Insteal, ran TBGP on all routers. IBGP in a Nontransit AS AS 65101 AS 65103 Partial-Mesh IBGP ‘AS 65101 AS 65103 Full-Mesh IBGP. By defaul, rowtes learned via IBGP are never propagated to other IBGP peers, so they teed full- mesh IBGP. Routing Issues If BGP Not on in All Routers in Transit Path Packet to Network. Network 10.0.0.0 10.0.0.0 + Router C will drop the packet to network 10.0.0.0. Router C is not running IBGP; therefore, it has not learned about the route to nefzwork 10.0.0.0 from router B. + In this example, router B and router F are not redistributing B into OSPE, Before beginning to configure BGP, gather the network requirements you need, which should include the following: © Whether you need fo ran IBGP for internal connectivity © External connectivity to the ISP * Configuration parameters such as neighbor IP addresses and their AS number, and which netevorks you will advertise via BGP Router(config# router bgp Router(config-router)# network {mask ] Router(config-router)# neighbor remote-as BGP Lab Workbook by Sikandar Gouse Moineddin CCIE (R&S, SP) # 35012 (ener ALL contents are copyright 62014 — 2015 All rights reserved. Page 10 Shane sateExample: BGP neighbor Command Retgbor N9°168.1.2 remote-as 65101 Neighbor Sop taa.2. neighbor Ho-1-1:2 remote-as 65191 BGP Peering States We can use # Show ip bgp neighbors to verify the BGp peering states When establishing a BGP session, BGP goes through the following states: L 3, 4 Idle: Router is searching routing table to see whether a route exists to reach the neighbor. Connect: Router found a route to the neighbor and has completed the three-cuy ICP handshake Open sent: Open message sent, with the parameters for the BGP session. Open confirm: Router received agreement on the parameters for establishing session. 1. Alternatively, router goes into active state if no respomse to cpen message Established: Peering is established; routing begins, BGP neighthorships can be confirmed using commands # show ip bgp neighbors # show ip bgp summary BGP Established and Idle States GP Lab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 38) # 35012 NIETWOR 211 contents ave copyright @2014 ~ 2015 All vights reserved, Page 11 Gand aes+ Idle: The rowter in this state cannot find the auldress of the neighbor in the routing table, Check for an IGP problem. I the neighbor announcing the route? + Established: The established state is the proper stale for BGP operations. in the oufput of the shoce ip bgp summary command, ifthe state column has a number, then the route isin the established state, The munber is how many routes ave been learned from this neighbor. Example: show ip bgp neighbors Command Routezaah ip bgp neighbors BGP version 4, remote router ID 172.31.2.3 BGP state = Eeteblished, up for 00:19:10 Neighbor capabilities Route refresh: advertised and received(oid & new) Mosaage statiatice Ing depth is 0 outa depth is 0 sent. Revd opens 7 7

BGP Configuration © Only one instance of BGP per Router © Inmost IGPs, the network command starts the routing process on an interface. In BGP, the command tells the router to originate an advertisement for that network + Same network prefix must exist in routing table +The network does not hae to be connected to the router; it just has to be in the routing table. In theory, it can even be a network in a different autonomous system (not usually recommended) © Network command without submet mask will take classfill mask ( default mask ) Router should have a route to reach neighbor Neighbors has fo be manually configured, Same command for IBGP and EBGP neighbor. BGP tab Workbook by Sikandar Gouse Moinuddin CCTR (R68, 5P) # 35012 (Wetwer ALL contents are copyright @2014 — 2015 all rights reserved. Page 12 Gare esseLAB: IBGP Peering TASK: + Configure IBGP peering AS 500 as per the diagram using directly connected Interfaces. + Make sure that all the routers should be able to see the routes from other routers in the routing table through BGP Ri (config) #router bgp 500 Ri(config-router)# neighbor 1.1.1.2 remote-as 500 Ri(config-routery# neighbor 44.4.1 remote-as 500 Ri(config-router}#netevork 10.0.0.0 Ri(config-router}# network 1.0.0.0 Ri (config-router)# network 4.0.0.0 Ri (config-router) network 11.0.0.0 mask 255.255.255.0 Ri(config-router)# no auto-summary Ri(config-router)# no synchronization Ri(config-router}# exit NOTE © Tonudoertse with default mask value ex: 1.0.0.0/8 no need to use nask © toadvertise with exact mask other than default like 11.0.0.0724 make sure thatthe mask on the intrface( shown in routing table as connected) and in the network command should be same in order to advertise Routes in BGP. Example: BGP network Command Router(config-router)# network 192.168.1.1 mask 255.255 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 13 Shane sate© The router looks for exactly 192.168.1.1/24 in the routing table, but cannot find it, so it will not announce anything. Router(config-router)# network 192.168.0.0 mask 255.255.0.0 + The router looks for exactly 192.168.0.0/16 in the routing table. + If the exact route is not in the table, you can add a static route to mullO so that the route can be announced, R2(config)#router bgp 500 R2(config-router)# neighbor 1.1. R2(config-router)# neighbor 2 1 remote-as 500 2 remote-as 500 R2(config-router)# network 20.0.0.0 K2(config-router)# network 2.0.0.0 R2(config-router)# network 1.0.0.0 R2(config-router}# no auto-summary R2(config-router)# no synchronization R2(config-router}# end R3(config-router}#t neighbor 2.2.2.1 remote-as 500 R3(config-router)# neighbor 3.3.3.2 remote-as 500 R3(config-router}# network 30.0.0.0 R3(config-router}# network 3.0.0.0 R3(config-router)# network 2.0.0.0 R3(config-router)# no auto-summary R3(config-router}# no synchronization R3(config-router)# end RA(config)#Router bgp 500 Ra(config-router neighbor 3.3.3.1 remote-as 500 RA(config-router)# neighbor 4.4.4.2 remote-as 500 RA (config-router)# network 40.0.0.0 RA(config-router)# network 4.0.0.0 Ra(config-router)# network 3.0.0.0 Ra(config-router# no auto-summary Ra(config-router}# no synchronization Ra(config-router}# exit Risk ip bgp summary Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Dowon State/PfrRed 1112 4500 5 5 9 0 O0D0TO 3 4441 4500 5 5 9 0 0000117 3 R3itsh ip bgp summary Neighbor V_ AS MsgRcod MsgSent ThlVer InQ QutQ Up/Down State/PfeRed 2221 4 500 6 6 80 0 00:02:41 3 333.2 4 500 6 6 8 0 0 00-0212 3 R-1sh ip route bgp B 2.0.0.0/8 |200/0} via 1.1.1.2, 00:03:00 B_ 3.0.0.0/8 |200/0) via 4.4.4.1, 00:02:46 DOP Lab Norkbook by Sikandar Goose Motoeddin CCIE (R53, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 14 Shane sateNo network 30.0.0.0 in the routing table R-2#sh ip route bgp B 3.0.0.0/8 [200/0} via 2.2.2.2, 00:08:46 B_ 4.0.0.0/8 [200/0} viu 1.1.1.1, 00:03:51 Here there is No network 40.0.0.0 in the routing table because of BGP SPLIT HORIZON RULE R3tsh ip route bgp B 1.0.0.0/8 |200/0} via 2.2.2.1, 00:02:10 B 4.0.0.0/8 |200/0} via 3.3.3.2, 00:02:10 B 20.0.0.088 [200/0] via 2.2.2.1, 00:02:10 B 40,0.0.0/8 {200/0} via 3.3.3.2, 00:02:10 Rastsh ip route bgp B 1.0.0.0/8 |200/0} via 4.4.4.2, 00:02:15 B 2.0.0.0/8 [200/0} vin 3.3.3.1, 00:02:14 B 10.0.0.0/8 [2000] via 4.4.4.2, 00:02:15 11,0.0.0/24 is subnelted, 1 subnets 11.0.0.0 [200/0] via 4.4.4.2, 00:02:15 30.0.0.0/8 {200/0] via 3.3.3.1, 00:02:14 ce BGP SPLIT HORIZON RULE © An update send by one IBGP neighbor should not be send back to another IBGP neighbor + BGP split-horizon is necessary to ensure that routing Loops are not started within an AS full-mesh IBGP peering is ‘required within an AS for all the routers within the AS to learn about the BGP routes. AS 65001 Why have these restrictions? © Nomechanism to detect an UPDATE loop exists in iBGP. ‘+ What may be the consequences of not having a full iBGP mesh? Black holes and routing loops. UPDATE loops. Solution: 1, full mesh neighbor ship (means every router should be « neighbor of eaery other rower with in the AS.) 2. Use Route Reflector Note : IBGP neighbors need not fo be directly connected ( but they must be reachable fo each other } oP tab Horkbook by Sikandar Gouse Motnaddin CCIE (R&S, 58) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 15 Shane sate)#Router bgp 500 Ri (config-router)#Neighbor 2.2.2.2 remote-as 500 Riconfig-router}tend R2(configh Router bgp 500 R2¢config-router) #Neighbor 3.3.3.2 remote-ws 500 R2¢config-router)#tend R3(config)#Router bgp 500 R3(config-rouler}#Neighbor 1.1.1.1 remote-as 500 R3(config-router)#end Rd (config) #Router bgp 500 R4(config-router)#Neighbor 2.2.2.1 remote-as 500 RA(config-router)ttend R-Ltsh ip bgp summary Neighbor V_AS MsgRead MgSent_‘ThiVer InQ OutQ Up/Down Stute/PfeRed R3sh ip bgp summary Neighbor VAS MsgRcod MsgSent ThiVer InQ OutQ Up/Down State/PfRad 1LL1 4500 6 6 36 0 O000I48 4 2221 4 500 I 11 36 0 0000733 5 3332 4 500 1 1 36 0 0000705 3 R-1#sh ip route bgp B 2.0.0.0/8 (200/0] via 1.1.1.2, 00:16:19 B 3.0.0.0/8 |200/0} 00:00:51 B_ 20.0.0.0/8 |200/0} via 1.1.1.2, 00:16:19 B_ 40.0.0.0/8 |200/0} via 4.4.4.1, 00:16:05 R-24sh ip route bgp B_ 3.0.0.0/8 [20/0] via 00:16:42 B_4.0.0.0/8 [200/0) via 1.1.1.1, 00:16:48 B_ 10.0.0.0/8 {20/0} via 1.1.1.1, 00:16:48 11.0.0.0/24 is subnetted, 1 subnets B 11.0.9 [200/} vin 1.1.1.1, 00:16:48 B 30.0.0.0/8 (200/0} via 2.2.2.2, 00:16:42 R3#sh ip route bgp B_ 1.0.0.0/8 [200/0] via 1.1.1.1, 00:00:00 B_ 4.0.0.0/8 20070} via 1.1.1.1, 00:00:00 B_ 20,0,0.0/8 {20/0} via 2.2.2.1, 00:06:49 B__ 40,0.0.0/8 |200/0} via 3.3.3.2, 00:06:49 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 16 (enerRétsh ip route bgp B 1.0.0.0/8 |200/0} via 4.4.4.2, 00:07:04 B__2.0.0.0/8 |200/0} via 2.2.2.1, 00:00:01 B 10.0.0.0/8 [2000] via 4.4.4.2, 00:07:04 11.0.0.0/24 is submetted, 1 subnets B11.0.0.0 [200/0} via 4.4.4.2, 00:07:04 B 30.0.0.0/8 |200/0) via 3.3.3.1, 00:07:04 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 17 Shane sateLAB: IBGP Peering USING LOOPBACKS = ~ "Loopback |S a 12.0.0. 5 TASK: ‘© Remove the BGP configurations in the previous lab. © Configure IBGP AS 500 as per the diagram using directly Loopback Interfaces. + Make sure that IBGP neighbor relationship should not be affected by the physical status of the link + Make sure that all the routers should be able to see the routes from other routers in the BGP table OnR1, R2 R3R4 Rx(config)# No Router bgp 500 RL Ri (config) #router bgp 500 RI (config-router)#neighbor 12.0.0.1 remote-as 500 Ri (config-router neighbor 13.0.0.1 remote-as 500 Ri(config-router)ineighbor 14.0.0.1 remote-as 500 Ri(config-router#netzvork 10.0.0.0 Ri(config-router}#no auto-summary Ri(config-router}#no sync Ri (config-router)#exit WAN interfaces not preferably advertised in real networks ( It makes your BGP or routing table more big) R2config) router bgp 500 R2(config-router neighbor 1.0.0.1 remote-as 500 R2(config-router)#neighbor 13.0.0.1 remote-as 500 K2(config-router)#neighbor 14.0.0.1 remote-as 500 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 18 Shane sateK2(config-router)#network 20.0.0.0 R2(config-router)4ino auto-summary R2(config-router)¥no syne R2(config-router exit R3(config)#router bgp 500 R3(config-router)#neighbor 12. 1 remote-as 500 R3(config-router)#neighbor 11.0.0.1 remote-as 500 R3(config-router)¥neighbor 14.0.0.1 remote-as 500 R3(config- router) inetevork 30.0.0.0 R3(config-router)#no auto-summary R3(config-router}#no syne R3¢config-router)#exit R4(config) router bgp 500 Ra(config-router)#neighbor 12.0.0.1 remote-as 500 RA(config-router# neighbor 13.0.0.1 remote-as 500 Ra (config-router neighbor 11.04 Ra(config-router)#network 40.0.0.0 R4(config-router)#no auto-summary Ré(config-router)¥no syne Ré(config-router) exit R1ASh ip bgp summary Neighbor VAS MsgRcod MsgSent 12.001 450 0 0 00 13.0.0.1 50 0 0 00 4001 450 0 0 00 R3itsh ip bgp summary Neighbor V_AS MsgReod MsgSent 11001 450 0 0 00 12001 450 0 0 00 4001 450 0 0 00 R2#sh ip bgp summary Neighbor V_AS MsgRcod MsgSent 11001 450 0 0 00 13001 450 0 0 00 001 450 0 0 00 R4itsh ip bgp summary Neighbor VAS MsgRcod MsgSent 11001 4500 0 0 00 1200.1 4500 0 0 00 13.001 450 0 0 00 1 remote-as 500 1blVer Oneoer O never O never InQ OutQ Up/Down ThIVer InQ OutQ Up/Down O never O never Onever ThIVer InQ OutQ Up/Down O never Oneoer Onever ThlVer InQ OutQ O never O never O never Up/Down State/PfxRed State/PfcRea Slate/PfcReat State/PfxRed Active means its actively trying to establish the neighbor ship (still trying) BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 19 @ ETWGRBGP Active State Troubleshooting Active: The router has sent an open packet and is waiting for a response. The state may cycle between active and idle. The neighbor may not know how to get back to this router because of the following reasons: 1. Neighbor is peering with the wrong address. 2. Neighbor does not have a neighbor statement for this router 3. AS number is misconfiguration. 4 Neighbor does not huve a route to the source IP address of the BGP open packet generated by this router Sample output of AS number misconfiguration: At the router with the wrong remote AS number: To troubleshoot BGP neighborship First step: Make sure that there is a connectivity to neighbor R-1#ping 12.0.0.1 {ype escape sequence to abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds cos rate ORR (0/5) R-éping 13.0.0.1 Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds a Success rate RHE (0/5) Rel ping 14.0.0.1 Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 14.0.0.1, timeout is 2 seconds a Success rate SO ORRRHE (5) Relish ip route Galewoay of last resort is not set CC 1.0.0.0/8 is directly connected, Seriall/0 CC 4.0.0.0/8 is directly connected, Seriall/1 CC 10.0.0.0f8 is directly connected, Fast thernet0/0 11.0.0.0/24 is subneited, 4 subnets © 11.0.3.0 is directly connected, Loopback CC 11.0.2.0 is directly connected, Loopback? C 11.0.1.0 is directly connected, Loopback? C 11.0.0.0;s directly connected, Loopback BoP Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 (ener ALL contents are copyright 62014 — 2015 All rights reserved. Page 20No entry of the neighbor address (12.0.0.1, 13.0.0.1, 14.0.0.1) © Here the router R1 don’t know how to reach neighbor address (12.0.0.1 ,13.0.0.1,, 14.0.0.1 ) * Tolearn about those neighbors BGP relies on IGP protocol ( RIP/EIGRP/OSPF) running inside the AS Here isthe issue is with Routing. To fix it Configure RIP, OSPF, FIGRP ary one and make sure that you also adoertise Ri (config) router ospf1 Ri(config-router) net 10.0.0.0 0,255.255.255 area 0 Ri(config-router)tnet 1.0.0.0 0.255.255.255 area 0 R or g-router)#net 4.0.0.0 0.255.255.255 area 0 Ri(config-router) texit R2(config)#router ospf1 R2(config-router)netzvork 20.0.0.0 0,255.255.255 area 0 R2(config-router network 2.0.0.0 0.255.255.255 area 0 K2(config-router)#network 1.0.0.0 0.255.255.255 area 0 R2config-router) Hema R3(config)#router ospf 1 R3(config-router)#network 30.0.0.0 0.255.255.255 area 0 R3(config-router}# network 3.0.0.0 0.255.255.255 area 0 R3(config-router) network 2.0.0.0 0. R3¢config-router) ema 255.255 area 0 Ra(config)#router ospf'1 R4(config-router)#network 40.0.0.0 0.255.255.255 area 0 RA(config-router)#network 4.0.0.0 0.255.255.255 area 0 eco g-router)#network 3.0.0.0 0.255.255.255 area 0 Ra(config-router}#end Ri#tsh ip bgp summary Neighbor VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfcRed 12.001 4500 0 0 0 0 Onecer 13.0.0.1 4 500 0 0 0 0 Onecer 14.0.0.1 4 500 0 0 0 0 Onecer Active Make sure that there is connectivity between neighbors Reaping 12.0.0.1 Type escape sequence fo abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds am Ia ate OOP) orn rip mandaynan 328680 ne Re1¥ping 13.0041 Dor Tab Workbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer Bir concante are copystghe #2004 7 2015 All sights ‘reserved, rage 21 ENType escape sequence to abort Senuting 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds dnt Success rate is TORRE S/9), round-trip minfg/max R-L#ping 14.0.0.1 Type escape sequence to abort. Senuding 5, 100-byte ICMP Echos to 14.0.0.1, timeout is 2 seconds aa Success rate is TOOPRRERHE(S/5), round-trip minfoy/max = 48/71/112 ms 562/172 ms Step-2_ the other issue can be Problem with source address. BGP Issues with Source IP Address + When creating a BGP packet, the neighbor statement defines the destination IP address and the outhound interface defines the source IP adress + When a BGP packet is received for a new BGP session, the source udiress of the packet is compared to the list of neighbor statements + Ifa match is found, a relationship is established. + if no match is found, the packet is ignored. + Make sure that the source IP address matches the address that the other router has in its neighbor statement. Loopback 0 22.2.2 To establish the IBGP ses: router D, which neighbor addresses should be used? What IP address should router A. What IP address should router D use for peering with router D?_use for peering with router A? 10.4.4.4 40.1.1.4 10.2.2.4 10.3.3. 4444 qa + Update-source command allows the BGP process to use the IP address of a specified interface as the source IP address of all BGP updates to that neighbor. + A loopback interface is usually used, because it will be aoailable as long as the router is operational. + The IP aaldress used in the neighbor command on the other router will be the destination IP address of all BGP updates and should be the loopback interface of this router. + The neighbor update-source command is normally used only with IBGP neighbors + The address of an EBGP neighbor must be directly connected by default; the loopback of an EBGP neighbor is not directly connected. Example: BGP Using Loopback Addresses BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R6S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 22 Shane sateAS 65101 AS 65100 AS 65102 172 feightor W72.1e- es100 Reighbor 122 100.1.1 renoto-as 65102 Reightor 2.2.2: vpaate-mourse Loopback® Ri (configh#Router bgp 500 RI (config-router)#Neighbor 12.0.0.1 update-source loop 0 Ri(config-router}#Neighbor 13.0.0.1 update-source loop 0 Ri(config-router)#Neighbor 14.0.0.1 update-source loop 0 Ri(config-router)¥end K2(configh#Router bgp 500 K2(congig-router)#Neighbor 1.0.0.1 update-source loop 0 R2(config-router)#Neighbor 13.0.0.1 update-source loop 0 R2(config-router}#Neighbor 14.0.0.1 update-source loop 0 R3(config)#Router bgp 500 R3¢config-router)#Neighbor 12.0.0.1 update-source loop 0 R3(config-router)#Neighbor 11.0.0.1 update-source loop 0 R3(config-router)#Neighbor 14.0.0.1 update-source loop 0 R3(config-router) end Ra(config)#Router bgp 500 R4(config-router)#Neighbor 12.0.0.1 update-source loop 0 Ra (config-router}#Neighbor 13.0.0.1 update-source loop 0 RA (config-router)#Neighbor 11.0.0.1 update-source loop 0 Ré(config-router) end R-1#sh ip bgp summary Neighbor VAS MsgRcod MsgSent TblVer InQ. DutQ UpyDoron State/PfRod 12.001 4500 7 7 8 0 O00:02:04 13.001 4500 6 6 8 0 00001 140.01 4500 6 6 8 0 DON01:52 R2#sh ip bgp summary Neighbor VAS MsgReod MsgSent ThiVer InQ OutQ Up/Down State/PfiRed 110.01 4 500 5 6 8 0 9000021 13001 4500 5 5 8 0 000-0030 DOP tab Norkbock by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 23 Shane sate001 450 5 5 8 0 0000033 I R3ish ip bgp summary Neighbor VAS Msgtcod MsgSent ThlVer InQ QutQ Up/Down State/PfxRed 11001 4500 6 6 8 0 O0004? 1 12001 4500 6 6 8 0 0000143 1 14001 450 6 6 8 0 9000120 1 R4itsh ip bgp summary Neighbor V_ AS MsgRcod MsgSent ThlVer InQ QutQ Up/Down State/PfcRed 1.0.0.1 500-8 «8 8 0 O000%19 1 12001 4500 8 8 8 0 0000303 1 13.00.14 500 7 7 8 0 O000258 1 Rlish ip route ospf O- 2.0.0.0/8 {119/128} via 1.1.1.2, 00:14:46, Seriall/0 O 3.0.0.0/8 |110/128] via 4.4.4.1, 00:14:46, Seriall/1 O 40,0.0.0/8 [110/65] via 4.4.4.1, 00:14:46, Serial/1 12.0.0.0/32 is subnetted, 4 subnets O12.0.1.1 {119/65} via 1.1.1.2, 00:14:46, Seriall/0 QO 12.0.3.1 {119/65} via 1.1.1.2, 00:14:46, Seriall/0 O 12.0.2.1 [1109/65] via 1.1.1.2, 00:14:46, Serialt/0 13.0.0.0/32 is subnetted, 4 subnets 130.11 {110/129} via 4.4.4.1, 00:14:46, Serial /1 {110/129} via 1.1.1.2, 00:14:46, Seriall/0 © 13.0.2.1 {110/129} via 4.4.4.1, 00:14:46, Serial /1 {110/129} via 1.1.1.2, 00:14:46, Serial!/0 © 13.0.3.1 [10/1295 via 4.4.4.1, 00:14:46, Serial /1 [110/129] via 1.1.1.2, 00:14:46, Serial/0 14.0.0.0/32 is subnetted, 4 subnets 40.3.1 (119/65) via 4.4.4.1, 00:14:47, Seriall/1 14.0.2. [119/65 vin 4.4.4.1, 00:14:47, Seriall/L O 14.0.1.1 (119/65) vin 44.4.1, 00:14:47, Serial /L 14.00. (110/65) via 4.4.4.1, 00:14:47, Seriall/L O 30.0.0.0/8 1110/29} via 4.4.4.1, 00:14:47, SerialI/t [110/129] via 1.1.1.2, 00:14:47, Seriall/0 Ri(confightint si/0 Ri(config-ip shutdown Rash ip bgp summary Neighbor V_AS MsgRcod MsgSent_TblVer InQ OutQ Up/Down State/PfRed Rsk ip int brief Inerfce Address OK? Method Status Protocol Fast thernet0/0 1011.1 YESNVRAM up up DOP tab Norkbock by Sthundar Goose Notouddin CCIE {R5S, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage 24 EDSunassigned YES NVRAM administratively down dow Seriall/L 444.2 YESNVRAM up up Seriall/2 unassigned — YES NVRAM administratively down down Serial unassigned —YFSNVRAM administratively down docon LoopbackO 11.001 YPSNVRAM up up Loopback 110.11 YESNVRAM up up Loophack2 1.0.2.1 YESNVRAM up up Loopback 1103.1 YESNVRAM up up Ri ash ip route ospf O 2.0.0.0/8 [110/192] via 44.4.1, 00:12:27, Seriall/t O 3.0.0.0/8 [110/128] via 44.4.1, 00:12:27, Seriall/1 O 20.0.0.0/8 [110/193] via 4.4.4.1, 00:12:27, Seriall/t 0 40.0.0.0/8 [110/65 via 4.4.4.1, 00:12:27, Seriall/1 12.0.0.0/32 is subnetted, 4 subnets © 12.0.1.1 [110/193] via 4.4.4.1, 00:12:27, Seriall/1 OO 12.0.0.1 {110/193} via 4.4.4.1, 00:12:27, Seriali/1 O 12.0.3.1 [110/193] vie 4.4.4.1, 00:12:27, Seriall/1 OO 12.0.2.1 [119/193] via 4.4.4.1, 00:12:27, Seriali/1 13.0.0.0/32 is subnetted, 4 subnets © 13.0.0.1 {119/129} via 4.4.4.1, 00:12:27, Seriall/1 13.0.1. {119/129} via 4.4.4.1, 00:12:27, Seriall/1 O13,0.2.1 {119/129} via 4.4.4.1, 00:12:27, Seriali/1 O 13.0.3.1 [119/129] vin 4.4.4.1, 00:12:27, Seriali/1 14.0.0.0/32 is subnetted, 4 subnets O14.0.3.1 (119/65) via 4.4.4.1, 00:12:27, Serial /A O 14.0.2.1 (110/65) via 4.4.4.1, 00:12:27, Serial l/1 OO O.11 |1109/65) vi 4.4.4.1, 00:12:27, Seriall/1 O 14.0.0.1 [110/65] via 4.4.4.1, 00:12:27, SerialI/1 © 30.0.0.0/8 [110/129} via 4.4.4.1, 00:12:27, Seriall/L RI#sh ip bgp summary Neighbor VAS Ms 12.0.0.1 500 13.0.0.1 500 140.01 4 500 cod MsgSent ThiVer InQ OutQ Up/Down State/PfxRed 8 12 0 0ou0224 1 7 12 9 00:02:53 1 7 12 8 0000257 1 Ri (config)#int s1/0 RU (config-ip tno shutdown Configuring BGP Authentication on Cisco 10S: # Border Gateway Protocol (BGP) supports authentication mechanism using Message Digest 5 (MDS) ‘+ When authentication is enabled, any Transmission Control Protocol (CP) segment belonging to B between the peers is verified and accepted only if authentication fs success. For authentication to be successful, both the peers must be configured with the same password © authentication fails, the BGP neighbor relationship is not be established. rithm P exchanged Rowter(config-router)# neighbor lip-address | peer-group-name} oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 25 Shane sate10.64.0.2124 AS65500 AS 65000 10.64.0.1/24 TASK © Make sure that the authentication is established between all the peers and they should use password as cisco123. * The peering should establish only if both the routers runs BGP 04 Ri(config)# router bgp 500 Ri (config-router)# neighbor 12.0.0.1 password cisco123 Ri(config-router)# neighbor 13.0.0.1 password cisco123 Ri(config-router)# neighbor 14.0.0.1 password cisco123 Ri(config-router)# neighbor 12.0.0.1 version 4 Ri(config-router}# neighbor 13.0.0.1 version 4 Ri(config-router}# neighbor 14.0.0.1 version # Ri (config-router)# end R2(config)# router bgp 500 R2(config-router)# neighbor 1.0.0.1 password cisco123 R2(config-router# neighbor 13.0.0.1 password cisco123 R2(config-router# neighbor 14.0.0.1 password cisco123 neighbor 11.0.0.1 version 4 R2(config-router)# neighbor 13.0.0.1 version 4 R2(config-router)# neighbor 14.0.0.1. version 4 R2(config-router)# end R3(config)# router bgp 500 R3(config-router)# neighbor 12.0.0.1 password cisco123 R3(config-router}# neighbor 11.0.0.1 password cisco123 R3(config-router}# neighbor 14.0.0.1 password cisco123 R3(config-router)# neighbor 12.0.0.1 version 4 R3¢config-router)# neighbor 11.0.0.1 version Ri(config-rouler# neighbor 14.0.0.1 version 4 R3(config-router)# end Ré(config)# router bgp 500 Ré(config-router)# neighbor 12.0.0.1 password cisco123 RA(config-router}# neighbor 13.0.0. password cisco123 Ra(config-router)# neighbor 11.0.0.1 password cisco123 RA(config-router)# neighbor 12.0.0.1 version 4 RA(config-router)# neighbor 13.0.0.1 version 4 Ra(config-router}# neighbor 11.0.0.1 version 4 Ra(config-router)# end DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 26 Shane sateR-1iish ip bgp summary Neighbor V_AS MsgRcod MsgSent 12001 4 500 7 7 80 13001 4 500 6 6 80 14001 4500 6 6 80 R2MSh ip bgp summary Neighbor V_AS MsgRcod MsgSent 1001 450 5 6 80 130.01 4 500 5 5 80 14001 450 5 5 80 R3tsh ip bgp swommary Neighbor V_AS MsgRcod MsgSent 1.0.0.1 50 6 6 8 O 4 12001 4500 6 6 8 0 14001 450 6 6 80 R4ash ip bgp summary Neighbor VAS MsgRcod MsgSent 11001 450 8 8&8 80 12001 450 8 8& 80 001 450 7 7 80 ThlVer InQ OutQ Up/Down 0.00:02:04 000-01 0:00.01:52 ThIVer InQ OutQ Up/Down 0.00:00:21 0.00:00:40 00:00:33 ThlVer InQ OutQ Up/Down 00:01:21 00:01:31 00:01:20 1 ThlVer InQ OutQ Up/Down 00:03:19 1 00:03:03 1 00002581 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. State/PfRod State/PfxRed State/PfxRed State/PfxRed Page 27 (enerPeer groups © Peer groups are defined to efficiently apply same policies to multiple neighbors: © Peer groups are usefial when many neighbors have the same outbound policies © Members can have a different inbound policy, © Updates are generated once por peer group. © Configuration is simplified. Router(config-routeni# neighbor peer-group This command creates a peer group. Router(config-router)# neighbor < peer-group peer-group-name> © This command defines a template with p aranveters set for a group of meighbors instead of individually. Example: Using a Peer Group 192.168.24.1 192.168.25.1 AS 65101 192.168.26.1 192.168.27.1 AS 65100 Router C Without a Peer Group router bgp 65100 Router C Using a Peer Group Rolghbor 192°166.24.1 ronote-as 65100 Roignbor 192.168.2411 cpante=ecurse loopback 0 Rignboe 192\169.24.1 nowe-nopsselF router bgp 65100 neighbor 1921168.24.1 distribure-List 20 out neighbor peer-group neighbor 192168.25/1 renote-aa 65100 peighber 3 Femote-as 65100 neighbor 192.168.25.1 update-source Loopback 0 neighbor 3 update-source Loepback 0 neighbor 192.168.2511 next-hop-solf neighbor 4 next-hop- self “List 20 ont neighbor 4 Gistrsbute-list 20 out neighbor 192.168.26.1 renote-as 65100 Reighbor 192.168.24.1 peer-group internal neighbor 192,168.26 \ghbor 192,168.26 neighbor 192,168.26 update-source Loopback 0 neighbor 192.168.2511 peor-group internal next-hop-solt neighbor 192.168.26.1 pecr-group internal Sistribute-list 20 oat 1 1 neighbor 192,168.75. ditriba 2 1 Neighbors can be temporarily disabled with neighbor {<1P address> | J shutdown. BGP tab Workbook by Sikandar Gouse Moinuddin CCTR (R68, 5P) # 35012 (Wetwer ALL contents are copyright @2014 — 2015 all rights reserved. Page 28LAB - PEER GROUPS TASK: Configure peering betwveen RI R2 R3 R4 with the below configurations: + Peering to be established using the loop 0 ip address (X. 0.0.1) of every router # Make sure that the authentication is established between all the peers and they should use password as cisco123. + The peering should establish only if both the routers runs BGP v4 + Use minimum commands as possible (peer groups) + Configure IGP as OSPF area 0 to Provide reachability between loopbacks ‘Advertise only LAN network only in BGP Ri(config)#router ospf 1 Ri(config-router net 10.0.0.0 0.255.255.255 area 0 RU (config-router)#net 1.0.0.0 0.255.255.255 area 0 RI (config-router)#net 4.0.0.0 0.255.255.255 area 0 Ri (config-router)#exit R2(configh router ospf1 R2(conrfig-router}tnetevork 20.0.0.0 0.255.255.255 area 0 R2(config-router}4network 2.0.0.0 0.255.255.255 area 0 R2¢config-router)#network 1.0.0.0 0.255.255.255 area 0 R2¢config-router#end R3¢configh#router ospf'1 R3(config-router) #network 30.0.0.0 0.255.255.255 area 0 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 29 (enerR3(config-router}# network 3.0.0.0 0.255.255.255 area 0 R3(config-router)#network 2.0.0.0 0.255.255.255 area 0 R3(config-router)#end Ra(config)#router ospf 1 RA(config-router)#network 0.0.0.0 0.255.255.255 area 0 R4(config-router) #network 4.0.0.0 0.255.255.255 area 0 Rate oa g-router) #meteork 3.0.0.0 0.255.255.255 area 0 Ré(config-router)#end Ri (configh#router bgp 500 RU (config-router)# neighbor CCLE peer-group RI(config-router)# neighbor CCIE, remote-as 500 Ri(congig-router)# neighbor CCIE. update-source loopback 0 Ri(config-router)# neighbor CCIE. version + Ri (config-router}# neighbor CCL password cisco123 Ri(config-router)# neighbor 12.0.0.1 peer-group CCIE Ri(config-router)# neighbor 13.0.0.1 peer-group CCIE Ri(config-router)# neighbor 14.0.0.1 peer-group CCIE Ri (config-routery# net 10.0.0.0 RI (config-router)#no auto-summary RU (config-router)# no synchronization R2¢config)#router bgp 500 R2(config-router}# neighbor CCIE peer-group R2(config-router)# neighbor CCIE remote-as 500 R2(config-router)#t neighbor CCIE update-source loopback 0 R2(config-router)# neighbor CCIF version 4 R2(config-router)# neighbor CCIE password cisco123 R2¢config-router)# R2(config-router}# neighbor 1.0.0.1 peer-group CCIE R2(config-router)# neighbor 13.0.0.1 peer-group CCIE R2(config-router}# neighbor 14.0.0.1 peer-group CCIE. R2(config-router met 20.0.0.0 R2(config-router}#no auto-summary R2(config-router}# no synchronization R2(config-router)# end R3(config)#router bgp 500 R3(config-router)# neighbor CCIE peer-group R3(config-router}# $500 R3(config-router}# neighbor CCIE update-source loopback 0 R3(config-router)# neighbor CCIE version 4 ig-router)# neighbor CCIE password cisco123 R3(config-router}# neighbor 12.0.0.1 peer-group CCIE BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 30 (enerR3(config-router)# neighbor 1.0.0.1 peer-group CCIE R3(config-router)#t neighbor 14.0.0.1 peer-group CCIE R3(config-router net 30.0.0.0 R3(config-router)¥ino auto-summary R3(config-router)# no synchronization R3(config-router}# end Ra (config) #router bgp 500 Ré(config-router)# Ra(config-router}# Ra(config-router)# Re(config-router}# RA(config-router)# Ra(config-router)# Ré(config-router)# Ré(config-router)# neighbor CCIE peer-group neighbor CCIF remote-as 500 neighbor CCIE update-source loopback 0 neighbor CCIE version 4 neighbor CCIE password cisco123 neighbor 12.0.0.1 peer-group CCIE neighbor 13.0.0.1 peer-group CCIE neighbor 11.0.0.1 peer-group CCIE Ra(config-router}# net 40.0.0.0 RA (config-router)#no auto-summary RA(config-router)# no synchronization Rosh ip bgp summary Neighor VAS Msgkcod MsgSentThIVer InQ OulQ Up/Down Slae/PARet Door 450 77) 8 0 OODUZOE 1001 450 6 6 8 0 00D 4001 4500 6 6 8 0 ooOI32 2A ip bgp summary Neighbor VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfxRed 11.0.0.1 4500 5 6 8 0 000:00:21 13001 4500 5 5 8 0 oaDvo-40 14001 450 5 5 8 0 odb0033 Sash ip bgp summary Neighbor V__ASMsgkcod MsgSent.ThIVer In OulQ Up/Down Slae/PRet 11.0.0.1 4500 6 6 8 0 000:01:42 1 D001 4500 6 6 8 0 OMNIS 1 14001 450 6 6 8 0 0w0I20 1 Raitsh ip bgp summary Neighbor VAS Msgicod MsgSentThIVer InQ OutQ Up/Down Slate/PpeRed Ha01 4500 8 8 8 0 OOD0R9 1 D001 450 8 & 8 0 om 1 1001 450 7 7 <8 0 omN258 1 RLAsh ip bgp Network Nest Hop Metric LocPrf Weight Path 10000 0000 0 327681 rein0000 12.001 0 100 Oi i000 13001 0 100 01 ig0000 14001 0 100 01 DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage 31 ENExample: show ip bgp rib-failure Command RouterA# chow ip bgp rib-failure Notwore ext. Hop RrB-failure RIB-NK Matches 172 '31-1.0/24 72. 314-3 figher admin distence ne Ya.siiio/ea | i7e.akaia Higher admin distance ae + Displays networks that are not installed it the RIB and the reason that they were not it BGP Tab Workbook by Sikandar Govse Moinuddin CCTF (R6S, SP) # 35012 (Wetwer Ail contents are copyright, €20i4. 2018 Ail cights resczved. Page 22 DeoreBGP SPLIT HORIZON RULE # An update send by one IBGP neighbor should not be send back to another IBGP neighbor * BGP split-horizon is necessary to ensure that routing loops are not started within an AS full-mesh IBGP peering is required within an AS for all the routers within the AS to learn about the BGP routes. AS 65001 Solution: 1. full mesh neighbor ship (means every router should be a neighbor of every other router with in the AS.) 2. Use Route Reflector Note: IBGP neighbors need not to be directly connected ( but they must be reachable fo each other ) iBGP Full Mesh Scalability Concerns Administration © Configuration management on increasingly large number of routers Number of TCP Sessions © Total number of sessions = n(n-T/2 #© Maintaining extreme numbers of TCP sessions creates «Extra overhead, BGP Table Size + Ahigher number of neighbors generally translate to a higher number of paths for each route. # | Memory consumption. ROUTE REFLECTOR © Allows a router (route reflector ~ RR) to advertise routes received from art iBGP peer to other iBGP ‘© peers. Between clients and from clients to non-clients, and vice versa. © Provides a scalable alternative to an iBGP full mesh. © The ORIGINATOR_ID anul CLUSTER_LIST attributes are used to perform loop detection, Route Reflector BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 33 Shane sate+ Client updates server. Server updates to all the remaining clients. + All Clients should establish neighbor with only servers + Clients will not establish neighor with any other clinet + Incase if you have 2 servers (server establish neighbor with other servers and clients ) LAB: ROUTE REFLECTOR TASK © Configure IBGP AS 500 as per the diagram + Make sure that all the routers should be able to see the routes from other routers in the routing table through BGP. Do not use full mesh peering Ri(config)#router bgp 500 Ri (config-router)# neighbor 1.1.1.2 remote-as 500 Ri(config-router)# network 10.0.0.0 Ri(config-router)# network 1.0.0.0 Ri(config-router)# no auto-swmnmary Ri(config-router)# no synchronization Ri (config-router)# exit R2(configh#router bgp 500 R2¢config-router)# neighbor 1.1.1.1 remote-as 500 R2(config-router)# neighbor 2.2.2.2 remote-as 500 R2(config-router)# network 20.0.0.0 R2¢config-router)® network 1.0.0.0 R(config-router)# network 2.0.0.0 R2(config-router)# no synchronization R2config-router)# no auto-swmmary R2(config-router)# end R3¢config)#router bgp 500 R3¢config-router)# neighbor 2.2.2.1 remote-as 500 R3(config-router)# network 30.0.0.0 R3(config-router)# network 2.0.0.0 ( BGP Zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (NETWSRI All contents are copyright #2014 — 2015 All rights reserved. Page 34 = Sane seR3(config-router)#® no auto-summary R3(config-router)# no synchronization R3(config-router)# end R2#sh ip bgp summary Neighbor V_AS we gSent_TblVer InQ OutQ Up/Down State/PfiRed R2ish ip bgp Network Next Hop Metric LocPrf Weight Path “1000 1441 0 100 01 S 0.0.0.0 0 327681 “2000 2 0 100. 0: > 0.0.00 0 327681 i10.000 1.1.4.1 0 100 9% 220.000 0.0.00 0 327684 *5130.0.0.0 2.2.2.2 0 100 01 Rash ip bgp Network Next Hop Metric LocPrf Weight Path “11000 1.1.12 0 100 04 > 0.9.00 0 327681 312.000 11.1.2 0 100 0: R3tsh ip bgp Network Next Hop Metric LocPrf Weight Path 11.00.00 2.2.2.1 0 100 oF *12.0.00 24 0 100 OF > 0.0.0.0 0 32768 "120.000 22.2.1 0 100 0% > 3000.0 0.0.00 0 327684 RI and R3 cannot see each other routes in their respective BGP table because of split ho In order to get the routes to be learned 10 have ttvo Solutions: 1. Full mesh neighborship (which the requirement says not to use here ) 2. Route reflector To Configure Reute-reflector © All Clients © Clients zoill not establish nefg ould establish neighbor with only servers with any other clinet © Incase if you have 2 servers ( server establish neighbor with other servers and clients ) R2(config)#Router bgp 500 R2Aconfig-router)# neighbor 1.1.1.1 route-reflector-client R2(config-router)# neighbor 2.2.2.2 route-reflector-client R2(config-router)# end Riitsh ip bgp Network Next Hop Metric LocPrf Weight Path é BGP Zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (NETWSRI All contents are copyright #2014 — 2015 All rights reserved. Page 35 Gane sae> 10000 0.0.00 0 327684 3120.00.00 1.1.1.2 0 100 0% R3itsh ip bgp work Next Hop Metric LocPrf Weight Path 120.000 22.21 0 100 0: 230000 00.00 0 327681 BGP tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, SP) # 35012 Getwer 211 contents ave copyright @2014 ~ 2015 All vights reserved, Page 36 Dene aeLAB: ROUTE REFLECTOR USINGLOOBACK TASK: © Configure BGP AS 500 as per the diagram using Loopnback Interfaces. # To provide Reachability configure RIP2 as IGP protacol inside AS 500 Ri(configh#router bgp 500 Ri (config-router) #neighbor 12.0.0.1 remote-as 500 Ri (config-router) #neighbor 12.0.0.1 update-source loopback 0 Ri (config-router) 8network 10.0.0.0 Ri (config-router)#no synchronization Ri(config-router)#no auto-summary Ri (config-router)texit R2(configh#router bgp 500 R2config-router)#neighbor 1.0.0.1 remote-as 500 R2config-router)#neighbor 1.0.0.1 update-source loopback 0 R2(config-router)#ueighbor 13.0.0.1 remote-as 500 R2config-router)#*neighbor 13.0.0.1 update-source loopback 0 R2(config-router)imetwork 20.0.0.0 R2(config-router)#no auto-summary R2(config-router)#no synchronization R2config-router) exit R3(configh#router bgp 500 R3(config-router) #neighbor 12.0.0.1 remote-as 500 R3(config-router)#neighbor 12.0.0. update-source loopback 0 R3(config-router) #network 30.0.0.0 R3¢config-router)#no auto-summary R3(config-router)#no synchronization R3(config-router) exit R2#sh ip bgp summary Neighbor VAS MsgRcod MsgSent ‘ThiVer InQ OutQ Up/Down State/PfeRed 11.001 4 500 6 6 6 0 OO00:0T-03 13.001 4500 8 8 6 0 0000332 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 37 Shane sateR1 show ip bgp summary Neighbor V_ AS MsgRcod MsgSent ‘ThlVer InQ OutQ Up/Down Stute/PfxRed 2001 4500 6 6 40 000055 R3#sh ip bgp summary Neighbor V_AS MsgRcod MsgSent_TblVer InQ OutQ Up/Down State/PfxRed Rl Ashow ip bgp Network iext a Metric sna Path RIDo Not Have R3 Routes (30.0.0.0) Because Of Split Horizon Rule R3itsh ip bgp Network Next Hop Metric LocPrf Weight Path 72120.0.0.0 — 12.0.0.1 0 100 i > 3000.0 0.0.00 0 32768; R3 do not have R1 routes (10.0.0.0) because of split Horizon rule TA: Configure R2 as RR Server and R1 and R3.as RR Clients R2(config)#router bgp 500 R2(config-router)#neighbor 1.0.0.1 route-reflector-client R2(config-router) #neighbor 13.0.0.1 route-reflector-client R2(config-router)tend Rl#show ip bgp Network Next Hop Metric LocPrf Weight Path > 1000.0 0.0.00 0 327685 7i20.00.0 12.0.0. 0 100 03 R3#sh ip bgp Network Next Hop. Metric LocPrf Weight Path 7>i10.00.0 —11.0.0.1 0 100 Oi 7>120.00.0 12.0.0. 0 100 05 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 38. Shane sateLAB: ROUTE REFLECTOR WITH TWO SERVERS FOR REDUNDANCY / oopback 0 oy ie RR Cleat \ wore : 500 fortis a, me %, “ey 2 Sem TASK: * Configure RIPo2 to provide Reachability between BGP peers © Configure R2/R4 as RR Server and RI/R3 as Clients Ri (config) router rip Ri(config-router}# version 2 RI (config-router)# network 1.0.0.0 RU (config-router)# network 4.0.0.0 Ri(config-router)# network 10.0.0.0 Ri (config. router) network 11.0.0.0 Ri(config-router)# no auto-summnary Ri(config-router)¥exit R2(config router rip R2(config-router)# version 2 R2(config-router)# network 1.0.0.0 R2(config-router)# network 2.0.0.0 R2(config-router}# network 20.0.0.0 R2(config-router}# network 12.0.0.0 R2(config-router}# no auto-summary R2(config-router)# R2(config-router eral R3(config) router rip R3(conrfig-router}# version 2 R3(config-router}# network 3.0.0.0 R3(config-router)# network 2.0.0.0 BGP zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright #2014 — 2015 All rights reserved. Page 39 (enerR3(config-router)# network 30.0.00 R3¢config-router)# network 13.0.0.0 R3(config-router)# no auto-summary R3¢config-router) end R3t RA (confightrouter rip RA (config-router)# cersion 2 RA (config-router)# netiwork 3.0.0.0 RA(config-router)# network 4.0.0.0 Ré(config-router)# netawork 40.0.0.0 Ra(config-router)# network 14.0.0.0 RA(config-router}# no auto-summary Ra (config-router}end Rat R4itsh ip route rip R 1.0.0.0/8 {120/1] via 44.4.2, 00:00:09, Seriall/1 R_ 2.0.0.0 [120/1] via 3.3.3.1, 00:00:09, Seriall/O R 20.00.08 [120 via 4.4.4.2, 00:00:09, SerialI/1 [1202] via 3.3.3.1, 00:00:09, Serial/0 R 10.0.0.0/8 {120/1) via 4.4.4.2, 00:00:09, SerialI/1 11.0.0.0/24 is subnetted, 4 subnets R11.03.0 [120/1 via 4.4.4.2, 00:00:09, Seriall/1 R_11.0.2.0 [120/1 via 4.4.4.2, 00:00:09, Seriall/t RK 11.0.1.0 [1201] via 4.4.4.2, 00:00:09, Seriall/1 R_11.0.0.0 [120] via 4.4.4.2, 00:00:09, Seriall/1 12.0.0.0/24 is subnetted, 4 subnets RK 12.0.0.0 [1202 via 4.4.4.2, 00:00:09, Serial l/1 [1202 via 3.3.3.1, 00:00:09, SeriatI/0 R 12.0.1.0 [120/2| via 4.4.4.2, 00:00:09, Seriall/1 11202] via 3.3.3.1, 00:00:09, Seriat/0 R 12.0.2.0 [120/2| via 4.4.4.2, 00:00:09, SerialI/1 (120/2} via 3.3.3.1, 00:00:09, Serial1/0 RK 12.0.3.0 [1202 via 4.4.4.2, 00:00:09, Serial /1 (1202 via 3.3.3.1, 00:00:11, Seriall/0 13.0.0.0/24 is subnetted, 4 subnets R13.0.1.0 [120/1] via 3.3.3.1, 00:00:11, Serial/0 R13.0.0.0 [120/1} via 33.3.1, 00:00:11, Serial/0 R130.3.0 {120/1} via 33.3.1, 00:00:11, Serial/0 RK 13.0.2.0 [120] via 33.3.1, 00:00:12, Serial /O R 30.00.08 [120/1} via 3.3.3.1, 00:00:12, Serial /0 RI(RR CLIENT) Ri(config)#router bgp 500 Ri (config-router) #neighbor 12.0.0.1 remote-as 500 Ri(config-router)#neighbor 12.0.0. update-source loopback 0 Ri (config- router) dneighbor 14.0.0.1 remote-as 500 Ri config-router)#neighbor 14.0.0.1 update-source loopback 0 Ri (config-router)#uetework 10.0.0.0 DOP tab Norkbock by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 40 Shane sateRi (config-router)#uo auto-summary Ri (config-router)#uo synchronization Ri (config-router)texit R3 (RR CLIENT) R3(config) router ngp 500 R3(config-router)#nsighhor 12.0.0.1 remote-as 500 R3(config-rowter)#neighbor 12.0.0.1 update-source loopback 0 R3(config-router) neighbor 14.0.0.1 remote-as 500 R3(config-router) neighbor 14.0.0.1 update-s loopback 0 R3(config-router) #network 30.0.0.0 R3¢config-router)##no auto summary R3(config-router) #no synchronization R3(config-router) exit R2 (RR SERVER) R2(confightrouter bgp 500 R2(config-router) #neighbor 1.0.0.1 remote-as 500 R2(config-router) #neighbor 11.0.0.1 update-source loopback 0 R2config-router)#neighbor 1.0.0.1 route-reflector-client R2(config-router)#neighbor 13 0.0.1 remote-as 500 R2(config-router)#neighbor 13.0.0.1 route-reflecto loopback 0 client R2(config-router) #neighbor 14.0.0.1 remote-as 500 R2(config-router)#ueighbor 14.0.0.1 update-source looplack 0 R2(config-router)#neighbor 14.0.0.1 route-reflector-client R2(config-router) #network 20.0.0.0 R2comfig-router) #no auto-summary R2(config-router) #no synchronization R2config-router)#exit R4 (RR server) RA(confightrouter hyp 500 RA (config-router)# neighbor 11.0.0.1 remote-as 500 RA (config-router)# neighbor 11.0.0.1 update-source looplaack 0 R2(config-router)#neighbor 11.0.0.1 route-reflector-client Ré(config-router)#ueighbor 12.0.0.1 remote-as 500 RA (config-router) #neighbor 12.0.0.1 update-source loopback 0 R2(config-router)#neighbor 12.0.0.1 route-reflector-client R4(config-router) #neighbor 13.0.0.1 remote-2s 500 R4(config-router)#neighbor 13.0.0.1 update-source li R2¢config-router)#ncighbor 13.0.0.1 route-reflector- oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 41 Shane sateRA (config-router)#network 40.0.0.0 R4(config-router) #no auto-summary R4(config-router)#no synchronization R4(config-router)#exit R2#sh ip bgp summary BGP router identifier 12.0.3.1, local AS number 500 BGP table oersion is 8, main routing table version 8 4 netavork entries using 468 bytes of memory 6 path entries using 312 bytes of memory 3/2. BGP patlyestpath attribute entries using 372 bytes of memory 2 BGP rrinfo entries using 48 bytes of memory O BGP route-map cache entries using 0 bytes of memory O BGP fitter-list cache entries using 0 bytes of memory BGP using 1200 total bytes of memory BGP activity 4/0 prefixes, 6/0 paths, scan interval 60 secs Neighbor AS MsgRead MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 1001 4500 5 8 8 0 O0ONISS 1 13.001 4 500 7 10 8 0 0000134 1 8 1400.1 4 500 8 8 0 0ON0008 3 Rash ip bgp summary BGP router ifentifer 14.0.3.1, local AS number 500 BGP table version is 8, nin routing table version 8 4 network entries using 468 bytes of memory 6 path entries using 312 bytes of memory J/2BGP path/hestpath attribute entries using 372 bytes of memory 2 BGP rrinfo entries using 48 Fytes of memory O BGP route-map cache entries using 0 bytes of memory O BGP filter-ist cache entries using 0 bytes of menory BGP using 1200 total bytes of memory BGP activity 4/0 prefixes, 7/1 paths, sean interval 60 secs Neighbor V_ AS MsgRcod MsgSent ThiVer InQ OutQ Up/Down State/PfxReat 001 £500 5 8 8 0 0000036 1 2001 4500 8 8 8 0 0000029 3 13001 4500 5 8 8 0 000005¢ 1 R1sh ip bgp summary BGP router identifier 1.0.3.1, local AS number 500 BGP table version is 8, main routing table version 8 4 netivork entries using 468 bytes of memory 7 path enlries using 364 bytes of memory 3/2 BGP pathbestpath attribute entries using 372 bytes of memory 4 BGP rrinfo entries using 96 bytes of memory O BGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1300 total bytes of memory BGP activity 4/0 prefixes, 7/0 paths, scan interval 60 secs BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 42 (enerNeighbor V_ AS MsgRcod MsgSentTbiVer InQ OutQ Up/Down State/PfxRed 1200.1 4500 9 6 8 0 0000227 3 4001 4500 8 5 8 0 0000047 3 Ri#sh ip bgp BGP table avrsion is 8, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-fuilure, S Stale Origin codes: ¢~ IGP, e- EGP, ? - incomplete Network Next Hop. Metric LocPef Weight Path 10.000 0.0.00 0 327685 120.000 12.0.0.1 0 100 Oi Pi 12.0.0.1 0 100 i 7130000 13.0.0.1 0 100 0: Pi 13.0.0.1 0 100 oi ri4000.0 14.0.0.1 0 100 Oi Pi 14.0.0.1 0 100 Oi BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 43 (enerRoute Reflector Clusters A group of redundant route reflectors and their clients form a cluster. Fach cluster must hace a unique cluster-ID. is reflected, the cluster-ID is added to the cluster-list BGP attribute. The route that already contains the local cluster-ID) in the cluster-list is not reflected. Each time a rou Originator-ID © Additional Route Reflector Loop-Prevention Mechanisms © Foery time a route is reflected, the router-ID of the originating IBGP router is stored in the originator ID BGP attribute, © A router receiving an IBGP route with originator-ID set to its own router-ID ignores that route. © The BGP path selection procedure is modified to take into account cluster-list and originator-D. Route reflector rules + Rote reflector rules divide a transit AS into smaller areas (called clusters). Fach cluster contains route reflectors and route reflector clients. © Routers that do not support route reflector functionality act as a ome-rouler cluster or as a route reflector client IBGP session rules All clients in a cluster must establish IBGP sessions with and only with all route reflectors in the cluster An IBGP full mesh betcvcen all route reflectors within the AS is required. © Routers that are not route reflectors can participate in the IBGP full mesh or he route reflector clients oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 44 Shane sateLAB : Route Reflector Clusters TASK * configure FIGRP 100 to provide reachablity with in the AS Ri(confightrouter eigrp 100 RU (config-router)#no auto-summary Ri (config-router)# network 10.0.0.0 RU (config-router)#network 1.0.0.0 RU (config-router)#network 4.0.0.0 Ri(congig-router)¥network 172.16.0.0 RU (config-router)# network 11.0.0.0 Ri (config-router)exit R2(confightrouter eigyp) 100 R2(config-router tno auto-summnary R2(config-router)#network 20.0.0.0 R2(config-router network 2.0.0.0 R2(config-router)#network 1.0.0.0 R2config-router)¥#netevork 2.0.0.0 R2(config-router)#netawork 12.0.0.0 R2¢config-router)exit R3(confightrouter eigrp 100 R3(config-router)ino auto-summnary BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 45 CenweryR3(config-router)#network 13.0.0.0 R3(config-router network 30.0.0.0 R3(config-router) network 3.0.0.0 R3(config-router}network 2.0.0.0 R3(config-router)#netuwork 172.16.0.0 R3(config-router)#network 172.16.0.0 R3(config-router)exit RA(configh#router eigrp 100 RA (config-router)#no auto-summary Ra(config-router)# network 40.0.0.0 Ra(config-router) network 4.0.0.0 Ra(config-router network 4.0.0.0 Ré(config-router) network 1.0.0.0 R4(config-router)#no network 1.0.0.0 Ra(config-router network 3.0.0.0 Ra(config-router) network 14.0.0.0 Ra(config-router)texit R5(config)#router eigrp 100 R5(config-router)#no auto-summary R5(config-router) #netuvork 50.0.0.0 R5(config-router) network 172.16.0.0 :5(config-router) network 15.0.0.0 R5(config-router)exit Ro(config)#router eigrp 100 R6(config-router tno auto-summnary vfig-router) network 60.0.0.0 R6(congfig-router)¥network 16.0.0.0 RO (config-router) network 172.16.00 Ro(config-router}exit R1ish ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SKIT RIO Q Seg (sec) (ms) Cnt Num 2 172.16.15.5 Fa0/o 1100:00:50 68 408 0 3 1 4441 seit 11 00:02:32 125 750 0 13 0 1112 sel/o 12.00:03:39 136.816 0 20 Rash ip route eigrp 16,0.0.0/24 is subnetted, 1 subnets D_ 16.0.0.0 [90/2812416] via 4.4.4.1, 00:24:31, Serial /1 (90/2812416] via 1.1.1.2, 00:24:31, Serial /0 1D 50.0.0.0/8 [90/156160] via 172.16.15.5, 00:25:00, FastE-thermet0/0 DOP tab Norkbock by Sikandar Goose Notouddin CCIE (RES, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 46 Shane sate1D 2.0.0.088 [90/2681856] via 1.1.1.2, 00:32:10, Seriall/0 D 3.0.0.0/8 [90/2681856] via 4.4.4.1, 00:32:10, Serial/1 20.0.0. |90/2172416} via 1.1.1.2, 00:33:37, Seriall/0 172,16.0.0/24 is subnetted, 3 subnets D172.16.36.0 [90/2684416] via 4.4.4.1, 00:32:10, Seriall/L 190/2684416] via 1.1.1.2, 00:32:10, Seriall/O 1D 172,16.37.0 [90/3193856] via 4.4.4.1, 00:32:10, Seriall/1 (90/3193856} via 1.1.1.2, 00:32:10, Seriall/0 1D 40.0.0.0f8 [902172416} via 4.4.4.1, 00:32:30, Seriall/1 12.0.0.0/24 is subnetted, 4 subnets D 12.0.0. [90/2297856] via 1.1.1.2, 00:33:29, Seriall/0 1D 12.0.1.0 (902297856) via 1.1.1.2, 00:33:30, Seriall/0 D_—12.0.2.0 [90/2297856] via 1.1.1.2, 00:33:30, Seriall/0 D_12,0.3.0 (902297856) via 1.1.1.2, 00:33:34, Seriall/0 13.0.0.0f8 is variably submetted, 4 subnets, 2 mas D_13.0.1.0/24 [90/2809856} vin 4.4.4.1, 00:32:15, Seriati/L (90/2809856} via 1.1.1.2, 00:32:15, Seriall/0 1D 13.0.0.1/32 [90/2809856} via 4.4.4.1, 00:32:15, SerialI/I 190/2809856] via 1.1.1.2, 00:32:15, Seriat/0 D 13.0,3.0/24 [90/2809856] via 4.4.4.1, 00:32:15, SerialI/L {90/2809856] via 1.1.1.2, 00:32:15, Seriat/O D13.0.2.0/24 (90/2809856} via 4.4.4.1, 00:32:15, SerialI/L 190/2809856] via 1.1.1.2, 00:32:15, Seriall/O 14.0.0.0/24 is subnetted, 4 subnets 1D 14.0.2.0 (90/2297856} via 4.4.4.1, 00:32:06, Serial 1/1 1D 14.0.3.0 (90/2297856} via 4.4.4.1, 00:32:06, Serial l/l D 14.0.0.0 190/2297856} via 4.4.4.1, 00:32:06, Serial I/1 1D 14.0.1.0 (902297856) via 4.4.4.1, 00:32:06, SerialI/1 D_ 60.0.0.0/8 (90/2812416} via 4.4.4.1, 00:24:28, Seriall/L [90/2812416] via 1.1.1.2, 00:24:28, Seriall/O D 30.0.0.0/8 (99/2809856} via 4.4.4.1, 00:01:04, Seriall/ [90/2809856] via 1.1.1.2, 00:01:04, Seriall/O 15.0.0./24 is subnetted, 1 subnets 15.0.0. [90/156160) via 172.16.15.5, 00: 15, Fast thernet/O R3ttsh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRIT RTO Q Seq (eo) (mis) Cnt Num 2 17216366 = FeO 11.00.01:23 66 396 0 3 1 3332 sen 14 00:03:22 83.498 0.12 0 2.221 Sey 1400:04:15 94 564.0 19 R3#sh ip route eigrp 16.0.0.0/24 is subnetted, 1 subnets D 16.0.0.0 [90/156160] via 172.16.36.6, 00:26:20, Fast thernet0/0 Boe tab Workbook by Sikandar Gouse Modnuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 47 Shane sateD_ 1.0.0.0/8 [90/2681856] via 2.2.2.1, 00:33:59, Seriall/0 )50.0.0.0/8 (99/2812416] via 3.3.3.2, 00:26:49, Seriall/t (90/2812416} via 2.2.2.1, 00:26:49, Seriall/0 D_ 4.0.0.0/8 [90/2681856] via 3.3.3.2, 00:33:59, Seriall/1 D 20.0.0.0/8 190/2172416} via 2.2.2.1, 00:34:53, Seriall/0 172.16.0.0/24 is submetted, 3 subnets D172.16.15.0 [902684416] vis 3.3.3.2, 00:33:59, Serial /1 (90/2684416] via 2.2.2.1, 00:33:59, Seviall/O D 40,0,0.0/8 [992172416] via 3.3.3.2, 00:33:59, Seriall/I D_ 10.0.0.0/8 |90/2809856} via 3.3.3.2, 00:00:14, Seriall/L {90/2809856] via 2.2.2.1, 00:00:14, Seriall/0 11.0.0.0f8 is variably subneted, 4 subnets, 2 masks D 11,03.0/24 190/2809856] vin 3.3.3.2, 00:33:59, Serial /1 190/2809856] via 2.2.2.1, 00:33:59, Serial/0 D 11.02.04 [90/2809856} vin 3.3.3.2, 00:34:01, Seriali/L [90/2809856] via 2.2.2.1, 00:34:01, Serial /0 D —11.0.1.0/24 {90/2809856] via 3.3.3.2, 00:34:01, Seriall/1 190/2809856] via 2.2.2.1, 00:34:01, Serial/0 D_11.0.0.1/32 {90/2809856) via 3.3.3.2, 00:34:01, Serial/L [90/2809856] via 2.2.2.1, 00:34:01, Seriall/0 12.0.0.0/24 is subnetted, 4 subnets D — 12.0.0.0 90/22: i} via 2.2.2.1, 00:34:55 D_—— 12.0.1.0 [90/2297856] via 2.2.2.1, 00:34:55, Seriall/0 1D 120.20 902297856} via 2.2.2.1, 00:34:55, Serial l/O D_12,0.3.0 902297856} via 2.2.2.1, 00:34:55, Serial I/O 14.0.0.0/24 is subnetted, 4 subnets D — 14.0.2.0 [90/22 | via 3.3.3.2, 00:3. Seriall/1 D_ 14.0.30 [90/2297856} via 3.3.3.2, 00:33:52, Serial /1 D —— 14.0.0.0 [90/2297856} via 3.3.3.2, 00:33:52, Seriall/1 D_—— 14,0.1.0 [90/2297856] via 3.3.3.2, 00:33:52, Seriall/1 D 60.0.0.0/8 (90/156160} via 172.16.36.6, 00:26:14, Fast thernetO/0 15.0.0.0/24 is subnetted, 1 subnets D_15.0.0.0 {902812416} via 3.3.3.2, 00:27:00, Seriall/1 190/2812416] via 2.2.2.1, 00:27:00, Serial1/0 Seriall/0 TASK: Configure IBGP peering in AS 500 + IBGP peering should be established using loopback 0 interface # RI should be configured as RR server for clients R5 & R4 + R3 should be configured as RR server for clients R6 & R2 + IBGP peering should be established only between R1 & R3 to exchange BGP information between clusters + BGP router-id has to be loopback 0 Ip address. ‘+ advertise only LAN interface in BGP for verification. RU (config) router bgp 500 Ri(config-router)thgp router-id 1.0.0.1 oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 48 Shane sateRU (config-router)#neighbor 14.0.0.0.1 remot Ri(config-router)# neighbor 14.0.0.1 remote-as 500 RU (config-router)#neighbor 14.0.0.1 update-source loopback 0 Ri(config-router)neighbor 14.0.0.1 route-reflector-client RU (config-router)#neighbor 15.0.0.1 remote-as 500 Ri(config-router)#tneighbor 15.0.0.1 update-source loopback 0 R1(config-router neighbor 15.0.0.1 route-reflector-client RI (config-router)# network 10.0.0.0 Ri config-router)¥exit Ra(config)#router bgp 500 Ra(config-router)ttbgp router id 14.0.0.1 Ra(config-router}#neighbor 11.0.0.1 remote-as 500 Ré(config-router) neighbor 11.0.0.1 update-source loopback 0 R4(config-router)#network 40.0.0.0 Ra(config-router)¥exit R5(configh# router bgp 500 R5(config-router)bgp router-id 15.0.0.1 R5(config-router}## meighbor 11.0.0.1 remo R5(config-router)# neighbor 11.0.0.1 upd R5(config-router) #netarork 50.0.0.0 R5(config-router)tend 00 source loopback 0 Rl ash ip bgp summary BGP router identifier 11.0.0.1, local AS number 500 RGP table version is 11, main routing table version TT 2 neteoork entries using 234 bytes of memory 2 path entries using 104 bytes of memory 2/1 BGP pathybestpath attribute entries using 248 bytes of memory OBGP route-map cache entries using 0 bytes of memory ORGP filter-list cache entries using 0 bytes of memory BGP using 586 total bytes of memory AGP activity 5/3 prefixes, 6/4 paths, scan interval 60 secs Neighbor VAS MsgReod MsgSent ThiVer InQ OutQ Up/Down State/PfeRed 14001 4500 25 30 1 0 0000058 1 15.0.0.1 4 500 29 11 0 0000031 1 Risk ip bgp GP tuble version is 27, local router 1D is 1.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best,’ interna, rRIB-failure, § Stale Origin codes: i - 1G) ’,e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Patit BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 49 (ener> 1000.0 0.0.00 0 32768% r>i40.0.0.0 — 14.0.0.1 0 100 i v>i50.00.0 — 15.0.0.1 0 100 Oi R3(configh router bgp 500 R3(config-router bgp router-id 13,0.0.1 R3(config-router neighbor 12.0.0.1 remtote-as 500 R3(config-router)#neighbor 12.0.0.1 update-source loopback 0 R3(config-router)¥neighbor 12.0.0.1 route-reflector-client R3(config-router) neighbor 16.0.0.1 remote-as 500 R3(config-router)¥#neighbor 16.0.0.1 update-source loopback 0 R3(config-router neighbor 16.0.0.1 route-reflector client R3config-router)# network 30.0.0.0 R3(config-router)texit R2(config)#router bgp 500 R2(config-router)bgp router-id 12.0.0.1 R2config-router)¥necighbor 13.0.0.1 remot R2(config-router neighbor 13.0.0.1 remote-as 500 R2(conrfig-router)neighbor 13,0.0.1 update-source loopback 0 R2(config-router) network 20.0.0.0 R(config-router)texit Ro(config)# router bgp 500 R6(config-router)itbgp router-id 16.0.0.1 R6(config-router}# neighbor 13.0.0.1 remote-as 500 Ro(config-router}# neighbor 13.0.0.1 update-source loopback 0 R6(config-router) network 60.0.0.0 RO(config-router)#exit R3tsh ip bgp swanmary BGP router identifier 13,0.0.1, local AS number 500 BGP table version is 14, main routing table version 14 2 network entries using 234 bytes of memory 2 path entries using 104 bytes of memory 2/1 BGP path/bestpath attribute entries using 248 bytes of memory OBGP route-map cache entries using 0 bytes of memory ORGP filter-lst cache entries using 0 bytes of memory BGP using 586 total bytes of memory BGP activity 4/2 prefixes, 7/5 paths, scan interoal 60 secs Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Doron State/PfxRed 12.0.0.1 4500 24 29 14 0 0000088 1 16.001 4 500 20 26 14 0 0000128 1 R3tsh ip bgp Boe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 50 Shane sateBGP table version is 30, local router 1D is 13.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, rRiB-faclure, § Stale Origin codes: i- IGP, €- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Patit 13120000 12.001 0 100 0: > 3000.0 00.00 0 32768: 13160.0.00 16.001 0 100 Oi R3itsh ip bgp 60.0.0.0 AGP routing table entry for 60.00.08, version 9 Paths: (1 aonilable, hest #1, table Default-1P-Routing- Table, RIB failure(17)) Adivertised to update-groups 1 Local, (Received from a RR-client) 16.0.0.1 (metric 156160) from 16.0.0.1 (16.0.0.1) Origin IGP, metric 0, localpref 100, valid, internal, best R2Ash ip bgp 60.0.0.0 BGP routing table entry for 60.0.0.0/8, version 3 Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17)) Not advertised to any peer Local 16.0.0.1 (metric 2300416) from 13.0.0.1 (13.0.0.1) Origin IGP, metric 0, localpref 100, vali, internal, best Originator: 16.0.0.1, Cluster list: 13.0.01 R3(config)ttrouter bgp 500 ifig-router)#neighbor 11.0.0.1 remote-as 500 R3(config-router)#neighbor 11.0.0.1 update-source loopback 0 R3(config-router neighbor 11.0.0.1 route-reflector client R3(config-router}exit Ri (config) #router bgp 500 R1(config-router)neighbor 13.0.0.1 remtote-as 500 RU (config-router)#neighbor 13.0.0.1 update-source loopback 0 Ri(config-router)¥neighbor 13.0.0.1 route-reflector-client RU (config-router)#enal Rash ip bgp summary BGP router identifier T1.0.0.1, local AS number 500 BGP table version is 33, main routing table version 33, 6 network entries using 702 kytes of memory 6 path entries using 312 bytes of memory 3/2 BGP path testpath attribute entries using 372 bytes of memory 2 BGP rrinfo entries using 48 bytes of memory BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 51 (enerORGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1434 total bytes of memory BGP activity 12/6 prefixes, 15/9 paths, scan interval 60 s Neighbor AS MsgRend MsgSent ThiVer InQ OutQ Up/Down State/PfRed 13001 4 10 10 33 0 0000005 3 14001 4-500 45 61 33 0 0002021 1 150.01 4 500 44 59 33 0 DO0T954 7 Rlash ip bgp BGP table version is 33, local router 1D is 11.0.0 Status codes: s suppressed, d damped, h history, * valid, > best, (internal, TRIB-failure, § Stale Origin codes: i IGP, €- EGP, ?~ incomplete Network Next Hop letric LocPrf Weight Patit > 10.0.0.0 0.0.00 0 32768; ri20.0.090 12.0.0. 0 100 Oi 77130000 13.0.0.1 0 100 Oi 1140.0.0.0 — 14.0.0.1 0 100 Oi ri50.0.0.0 — 15.0.0.1 0 100 oi 1160.00.09 — 16.0.0.1 0 100 Oi Risk ip bgp 60.0.0.0 BGP routing table entry for 60.0.0.0/8, version 33 Paths: (I available, best #1, table Default-1P-Routin Flag: 0x820 Advertised to update-groups: 1 Local, (Receioed from a RR-client) 16.0.0.1 (metric 2812416) from 13.0.0.1 (13.0.0.1) Origin IGP, metric 0, lacalpref 100, valid, internal, best Originator: 16.0.0.1, Cluster list: 13.0.0.1 Table, RIB-failure(17)) R5ttsh ip bgp 60.0.0.0 BGP routing table entry for 60.0.0.0(8, version 27 Paths: (1 aoailable, best #1, table Default-1P-Routing-Table, RIB-failure(17)) Flag: 0x820 Not advertised to any peer Local 16.0.0.1 (metric 2814976) from 11.0.0.1 (11.0.0.1) Origin IGP, metric 0, lacalpref 100, valid, internal, best Originator: 16.0.0.1, Cluster list: 11.0.0, 13.0.0.1 TASK: © Configure R3 to change the cluser-id to 30.1.1.1 ALL contents are copyright 62014 — 2015 All rights reserved. Page 52 DOP Lab Norkbock by Sikandar Goose Notouddin CCIE RES, SP) # 35012 GetwerR3(config)trouter bgp 500 R3(config-router)#bgp cluster-id ? <1-4294967295> Route-Reflector Cluster-id as 32 bit quantity ABCD —— Route-Reflector Cluster-id in 1P address format R3(config-router)#bgp cluster-id 30.1.1.1 R3(config-router}#end R2ish ip bgp 60.0.0.0 AGP routing table entry for 60.00.08, version 31 Paths: (1 aonilable, hest #1, table Default-1P-Routing.- Table, RIB failure(17)) Flag: 0x800 Not advertised to any peer Local 16.0.0.1 (metric 2300416) from 13.0.0.1 (13.0.0.1) Origin IGP, metric 0, localpref 100, vali, internal, best Originator: 16.0.0.1, Cluster list: 30.1.1.1 Ssh ip bgp 60.0.0.0 BGP routing table entry for 60.0.0.0/8, version 28 Paths: (1 aowilable, best #1, table Defeult-IP-Routing-Table, RIB-failure(17)) Flag: 0x800 Not advertised to any peer oval 16.0.0.1 (metric 2814976) from 11.0.0.1 (11.0.0.1) Origin IGP, metric 0, localpref 100, valid, internal, best Originator: 16.0.0.1, Cluster list:11.0.01, 30.1.1.1 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 53 Shane sateBGP next hop behavior When FBGP —-sends an update to another EBGP neighbor changes the next hop When IBGP —sends an update to another IBGP neighbor ~ the next hop remains same (nol change) » Router A advertises network 172.16.0.0 to router Bin EBGP, with 172.20.0.0 172.20.10.4 172.20.10.2 a next hop of 10.10.10.3. AS 65000 10.10.10.1 * Router B advertises 172.16.0.0 in IBGP to router C, keeping 10.10.10.3 as the next-hop address. 10.10.10.3 Syed 172.16.0.0 iN AS 64520 + BGP is an AS-by-AS routing protacel, nat a router-hy-router routing protocol + In BGP, the next hop does not mean tite next router; it means the IP address to reach the next AS, + For EBGP, the defiult next hop is the LP address of the neighbor router that sent the upalate. + For IBGP, the BGP protocol states that the next hop advertised by EBGP should be carried into IBGP. BGP tab Workbook by Sikandar Gouse Moinuddin CCTR (R68, 5P) # 35012 (Wetwer ALL contents are copyright @2014 — 2015 all rights reserved. Page 54 = Gare sethLAB: Basic EBGP Configuration & Verify Next-hop Behavior TASK: © Configure IBGP and EBGP peering as per the diagram using connected interfaces # Advertise Directly connected interfaces LAN interfaces only Ri (config) #router bgp 500 Ri (config-router)# neighbor 1.1.1.2 remote-as 500 Ri(config-router# network 10.0.0.0 Ri(config-router)# no auto-summary Ri(config-router)# no synchronization Ri(config-router}# end c 500 R2¢config-router)# igh L114 rete 5 R2(config-router)# network 20.0.0.0 R2(config-router# no auto-summary R2(config-router}# no synchronization R2config-router)# end R3(config)Hrouter bgp 600 Ra(confe outer) NeghDOrZZ2T EERE aco raicyt tee R3(config-rouler)# no auto-summary R3(config-router)#® no s R3(config-router)# exit R2Ash ip bgp summary Neighbor VAS MsgRcod MsgSent ThLVer InQ QutQ Up/Down State/PfrRed 1111 4 500 14 17 10 0 0000908 1 2.2.22 4 600 13 15 10 0 0000851 1 R2Ash ip bgp Network Next Hop Metric LocPrf Weight Path ( BGP Zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (NETWSRI All contents are copyright #2014 — 2015 All rights reserved. Page 55 = Sane se110.000 11.11 0 100 05 > 2000.0 0.0.00 9 32768i 30000 2.2.22 a 0600 R2#sh ip route bgp B 10.0.0.0/8 {200 via 1.1.1.1, 00:01:00 B 30.0.0.0/8 [20/0] via 2.2.2.2, 00:00:50 Rash ip bgp Network Next Hop Metric LocPrf Weight Path > 10000 00.00 0 32768 "120000 1112 0 10003 Rl sh ip route bgp B 20.0.0.0/8 {200/0} via 1.1.1.2, 00:14:13 30.0.0.0 Network not present in the routing table as the next-hop 2.2.2.2 (due to default next-hop behavior of BGP) is unreachable To fix this issue 1. either advertise the wan interfaces 2. change the next-hop address fo next router address BGP next hop behavior © When EBGP —sends an update to another FBGP neighbor changes the next hop + When IBGP —sends ar update to another IBGP neighbor ——— the next hop remains same ( not change) To change this behavior manually you need to tell to change the next hop (done on the border routers. pointing to internal BGP neighbors ) Or © if using Route-Reflector with the AS in that case on server configure next-hop-self poiting to all clients Router (config-router)# neighbor lip-address | peer-group-name} next-hop-self wouter bap_ 66101 neighbor 3131313 update-source Loopbackd peignbor 3.3.3.3 news Fouter eigrp AS 65100, ~ 102.24 19.222 x — SE 5190 3.33.3 - —J + Forces all updates for this neighbor to be advertised with this router as the next hop. + The IP address used for the next-hop-self option will be the same as the source IP address of the BGP packet Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 (ener ALL contents are copyright 62014 — 2015 All rights reserved. Page 56 Shane sateOnR2 R2¢config) #router bgp 500 R2¢config-router)# neighbor 1.1.1.1 next-hop-self Ri#sh ip bgp Network Next Hop Metric LocPrf Weight Patit > 1000.0 0.0.00 0 327681 >i200.0.0 1.1.1.2 0 100 03 RI#sh ip route bgp B_20.0.0.0/8 {200 via 1.1 , OO:18:13 GP Lab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 38) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 57 Shane sateEBGP peering using Loopback Interfaces (using EBGP multihop): AS 65102 Loopback 0 2.2.2, 22.2299 468.1.17128 AS 65101 EBGP 492.168.1,33/28 492.168.1.18/28 192.168.1.34/28 Loopback 0 TAA froutar bop 65102 router Bop 65101 eighbor fot l.i remote-as 65101 eighbor 2.2.2.2 renote-as 65102 eignbor 111/111 upeste-rouren Loopback 0 |/nesgnbor 2121212 update-couros Loopback 0 Reighbor 1/1/111 ebgp-multinep 2 neighbor 2.2.2.2 ebgp-multinap 2 hip route 1.1.1.1 255.255.255.255 192.168.1.16]]ip route 2.2.2.2 255.255.255.255 192.168.1.17 Ab route 1121111 2851288 2551288 192126811 34||1p route 2.2.2.2 258 2851258 28 90 168.1133 LAB: EBGP NEIGHBOR USING LOOPBACKS 51/0 114.2/8 1/1 s1/1 2.2.2.1/8 2.2.2.2/8 TASK * Configure EBGP peeringbetween R1 and R2 as per the diagram. + Make sure that EBGP neighbor relationship should not be affected by the physical status of the link + Configure Static Routing to provide Reachability between Looback interfaces of RI & K2. Ri (config) router bgp 500 Ri(config-router)# neighbor 12.0.0.1 remote-as 600 Ri(config-router)# neighbor 12.0.0.1 update-source loopback 0 Ri(config-router}# neighbor 12.0.0.1 ebgp-multihop Ri (config-router)#metevork 10.0.0.0 RI (config-router)#no auto Ri(config-router)¥ino syne Ri(config-router)# end BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 58. Shane sateBGP neighbor ebgp-multihop Command This command increases the default of one hop for EBGP peers. It allows routes to the EBGP loopback address which will have a hop countt greater than 1). Ebgp-multihop tells to neighbor that the 12.0.0.1 is not directly connected and it is multiple hops away Increases the default TTL. value from 1 to 255 R2(config)#router bgp 600 R2(config- router) neighbor 11.0.0.1 remote-as 500 R2(config-router)# neighbor 11.0.0.1 update-source loopback 0 R2config-router)# neighbor 11.0.0.1 ebgp-multihop R2(config-router)#network 20.0.0.0 R2(config-router)4ino auto R2(config-router}¥#no syne R2(config-router)# end R-l4sh ip bgp summary Neighbor VAS MsgRcod MsgSent ThiVer InQ OutQ Up/Down State/PfRed BOOT 4 60 0) 0 0 0 Onever R-1 ping 12.0.0.1 Type escape sequence fo abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds Success rate is O percent (Of) From the above ping test we can confirm that there may be either Connectivity or Routing issue. Ri#ping 1.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds Success rate is 100 percent ), round-trip minfavg/max = 4/24/56 ms Raping 2.2.2.2 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minyavg/max = 1/17/52 ms Rl Ash ip route C 1.0.0.088 is directly connected, Serialt/0 C_ 2.0.0.0/8 is directly connected, Seriall/1 CC 10.0.0.028is directly connected, Fast thernet0/0 11.0.0.0/24 is subneited, 4 subnets C 11.0.3.0 is directly connected, Loopback C 11.0.2.0 is direetly connected, Loopback? C 11.0.1.0 is directly connected, Loopback C 11.0.0.0 is directly connected, LoophackO © RI do not have any route for 12.0.0.0 network to which itis peering © To provide reachability ether we can use any dynamic routing o static routing oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 59 Shane sate© In general we prefer to use static routing between different AS ( but dynamic also works in the lab) R-(config)ip route 12.0.0.0 255. RA(configitip route 12.0.0.0 255. 255.0 1.1.1.2 255.0 2.2.2.2 10 R-2(config) ip route 11.0.0.0 255.255,255.0 LLLL R-2(config) Hip route 1.0.0.0 25 55.02.2.2.1 10 R-1ping 12.0.001 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, tinwout is 2 seconds. ), round-trip min/ag/max = 32/46/64 ms Relfsh ip bgp summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor VAS Msgicod MsgSent Th1Ver InQ OutQ Up/Down State/PfxRed pion 400 4 4 1 0 0~umm R2itsh ip bgp summary Neighbor ee Mi ThVer InQ OutQ Up/Down State/PfcRed RI#sh ip bgp Network Next Hop Metric LocPrf Weight Pati R2#sh ip bgp Network Next Hop Metric LocPrf Weight Pati R2#sh i route i p DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 60 Shane sateSynchronization rule: © Domot use or advertise to an external neighbor a route learned by IBGP until a matching route has been learned from an IGP © Ensures consistency of information throughout the AS. Safe fo have it off only if all routers in the transit pati in the AS a + of by default in Cisco 10S software release 12.2(8)1 and later © BGP synchronization is often disabled for autonomous systems which lo not act asa transit AS. © Safe to hace it off only if all rowters in the transit path in the AS are running full-mesh IBGP; off by default in Cisco 10S softioare release 12.2(8)T and later Router (config-router)# no synchronization + The above command Disables BGP synchronization so that a router will advertise routes in BGP without learning thera in an IGP Router (config-router)#t_ synchronization + The Above Command enables BGP synchronization so that a router vill not aatoertise routes in BGP wat i learns them in-an IGP running full-mesh IBGP; Example: BGP Synchronization AS 65500 AS 64520 All routers in AS 65500 are running BGP; there are no “\172.16.0.0 + Ifsynchronization is on, then: + Routers A, C, and D would wot use or advertise the route to 172.16.0.0 until they receive the matching route via an IGP. + Router F-ewould not hear about 172.16.0.0. + If synchronization is off (the default), then: + Routers A, C, and D would use and advertise the route that they receive via IBGP; router E would hear about 172.16.00. + router F sends trafic for 172.16.0.0, routers A, C, ane D roll route the packets correctly to router B. oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 61 Shane sateLAB: Verify BGP Synchronization Rule TASK: # Configure BGP peering as per the diagram and advertise all the interfaces inside BGP * Disable Synchronization Rule on all the routers Ri (confightrouter bgp 500 Ri(config-router) #ncighbor 1.1.1.2 remote-1s 600 Ri (config-router) #network 1.0.0.0 Ri (config-router) #network 10.0.0.0 Ri (config-router) #no auto-summary Ri(config-router)#no synchronization Ri(config-router)#exit R2(confightrouter bgp 600 R2(config-router) neighbor 1.1.1.1 remote-ts 500 R2¢comfig-router) #neightbor 2.2.2.2 remote-1s 600 R2(config-router) #no auto-summary R2(config-router)#no synchronization R2config-router) #netwwork 20.0.0.0 R2¢config-router) network 2.0.0.0 R2config-router) network 1.0.0.0 R2(comfig-router) tend R3 (config) router hgp 600 R3(config-router) #neighbor 2.2.2.1 remote-as 600 R3(config-router)#no auto-summary R3(config-router)#no synchronization R3(config-router) #network 30.0.0.0 R3(config-router) #network 2.0.0.0 R3(comfig-router) tend R2#sh ip bgp summary BGP router identifier 12.0.3.1, local AS number 600 BGP tuble version is 6, muin routing table version 6 5 network entries using 585 bytes of memory 7 path entries using 364 bytes of memory BGP ab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 62 Shane sate4/3 BGP patlybestpath attribute entries using 496 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory O BGP route-map cache entries using 0 bytes of memory O BGP filter-list cache entries using 0 bykes of mentory BGP using 1469 total bytes of mentory BGP activity 5/0 prefixes, 7/0 paths, sean interval 60 secs Neighbor AS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfxRed 1LLI 4500 «5 6 6 0 O000I16 2 4600 4 5 6 0 0000056 2 R2¢sh ip bgp BGP table version is 6, local router 1D is 12.03.1 Status codes: s suppressed, d damped, lt history, * oalid, > best, i internal, TRIB-failure, S Stale Origin codes: i= IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path * 1000 1.1.1.1 0 0500 S 0.0.0.0 0 32768% “12000 2.2.2.2 a 100 0: ° 0.0.0.0 0 32768% 510.000 1.144 0 9.500% "> 2000.0 0.0.0.0 0 327685 R3itsh ip bgp BGP table version is 6, local router 1D i 13.03.1 Status codes: s suppressed, dl damped, l history, * valid, > best, i- internal, rRIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i000 2.2.2.1 a 100 0: “12000 © 22.2.1 a 100 0% ° 0.0.0.0 0 32768 "110,000 1.1.1.1 0 100 050i *3120.0.0.0 1 0 100 05 R3itsh ip route bgp B 1.0.0.0/8 (200/0} via 2.2.2.1, 00:00:56 B 20.0.0.0/8 [2000] via 2.2.2.1, 00:00:56 B 10.0.0.08 [2000] via 1.1.1.1, 00:00:51 TASK: Enable Synchronization on all the three routers for verification: Ri (config) router bgp 500 Ri(config-router)# synchronization Riconfig-router}#end DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 63 Shane sateRYR3 R2(config)trouter bgp 600 R2(config-router) #synchronization R2config-router)#exit R2#sh ip bgp BGP table version is 9, local rowter ID is 12.0.3.1 Status codes: s suppressed, d damped, lt history, * cali, > best, i internal, TRIB failure, S Stale Origin codes: i- IGP, e- EGP, ?- incomplete Network Next Hop. Metric LocPef Weight Path 1.00.0 0.0.0.0 0 327687 * LLLI 0 05003 22000 0.0.0.0 0 327681 “i 2.2.2.2 0 100 Oi 210000 1A1A.d 0 05005 "> 20.0.0.0 0.0.0.0 0 327685 R2#sh ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.0/8, version 0 Paths: (1 available, no best path) Not adtvertised to any peer Local 2.2.2.2 from 2.2.2.2 (13.0.3.1) Origin IGP, metric 0, ocalpref 100, valid, internal, HOESIHONPOAEE R2ish ip route bgp B 10.0.0.0/8 (20/0) via 1.1.1.1, 00:04:05 Riash ip bgp BGP table version is 12, local router ID is 11.03.1 Status codes: s suppressed, d damped, kt history, * 7 RIB-failure, § Stale Origin codes: i- IGP, EGP, ?- incomplete culid, > best, i internal, Network Next Hop. Metric LocPrf Weight Path +1000 1.1.42 0 0.6005 > 0.0.0.0 0 32768% 2000 1.1.1.2 0 0.6004 210000 0.0.00 0 32768% 220000 1112 0 0.6001 Risk og 3 + R3 advertises 30.0.0.0 to R2 © R2 will not use or advertise this network as synchorization rule is enabled, and as per the rule the same ‘matching route has to be learned from IGP inside AS 600 ‘+ TO fix it, Ensure that all the routes used in BGP has to be advertised in IGP running inside AS Or Disable Synchorization Rule oe tab Wortbock by Sikandar Goune Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 64 Shane sateTASK: * Configure OSPF area 0 inside AS 600 and advertise all the interafaces as per the Diagram R3 fe are ospft R3¢config-router) #netivork 2.0 R3¢config-router) exit R2config)trouter ospf1 R2config-router) #netework 20.0.0.0 0.255. R2(config R2(config R2(confight outer) network 2.0, ter)ftexit R2itsh ip ospf neighbor Neighbor ID. Pri 13.031 Sta R2#sh ip route ospf O- 30.0.0.0/8 (110/65) R2#sh ip bgp BGP table version is 11 Status codes: s suppres r RIB-failure, S Origin codes: ¢~ IGP, 0 FULIY (0.0 0,255.255.255 area 0 o 0.0 0,255,255.255 area 0 aie Dead Time Address 00:00:32 2.2.2.2 Interface Seriati/L via 2.2.2.2, 00:00:06, SerialI/L |, Loval router 1D is 12.0.3.1 a, d damped, h history, * valid, > best, i internal, Stale ~ EGP, ? incomplete Network Next Hop Metric LocPrf Weight Path 21.000 0.0.0.0 0 32768i * Ld 0 05003 2000 0.000 0 327685 ‘i 2.2.2.2 0 100 i 10000 1.111 0 i 220000 0.0.00 0 32768% P00 22.2.2 0 100 0: Ri#sh ip bgp BGP table version is 24, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, l history, * valid, > best, i internal, RIB failure, S Stale Origin codes: i= IGP, €- EGP, 2 - incomplete Network Next Hop Metric LocPef Weight Path * 1000 1.1.4.2 0 0.600% S 0.0.0.0 0 32768 2000 L112 0 0.6004 > 10.000 0.0.00 0 327681 2000.0 1.1.1.2 0 0.6005 RItsh ip route bgp B 2.0.0.0/8 [20/0] via 1.1.1.2, 00:02:28 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. (ener Page 65 Shane sateB_ 20.0.0.0/8 [20/0] via 1.1.1.2, 00:0 TASK: + Remove the OSPF configurations on R2/R3 + Disable Synchronization Rule on all three Routers (R1, R2, R3) RYR3 3 (config) # no router ospf1 RRS Rx(config)# router bgp 600 Re(config-router)#no synchronization Ra(comfig-router) end RI Ri(config)router bgp 500 Ri(config-router)#no synchronization Riconfig-router}#tend R2itclear ip bgp * R2#sh ip bgp BGP table oersion is 6, local router 1) is 12.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, S Stale Origin codes: i- IGP, e- EGP, 2 - incomplete Network Next Hop Metric LocPrf Weight Path “1000 1414 0 0.500 ° 0.0.0.0 0 32768 52000 0.0.00 0 32768 ‘i 2.2.2.2 0 100 i 10000 1.111 0 > 2000.0 0.0.0.0 0 R2#Sh ip bgp 3011.1 BGP routing table entry for 30.0.0.0/8, version 6 Paths: (I available, best #1, table Default-IP-Routing-Table) Flag: 02820 Advertised to update-groups 1 Local 2.2.2.2 fromt 2.2.2.2 (13. Origitt IGP, metric 0, 3) -alpref 100, valid, internal, best Rlitsh ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.0/8, version 17 Paths: (1 aoailable, best #1, table Default-1P-Routing-Table) Flag: 0x820 Not aidvertised to any peer 600 111.2 from 1.1.1.2 (12.0.3.1) DOP tab Norkbook by Sikandar Goose Motouddin CCIE RES, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 66 Shane sateOrigin IGP, localpref 100, valid, externa, best Rl#sh ip bgp BGP table version is 17, loval router ID is 11.0.3.1 Status codes: s suppressed, d damped, k history, r RIB-failure, S Stale valid, > best, i internal, Origin codes: i- IGP, ¢- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path +1000 1112 0 06007 > 0.0.00 0 327681 2000 1112 0 06001 > 10.000 0.0.00 0 327681 "> 200000 1.1.12 0 0600: Ri #sh ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.078, version 17 Pats: (1 available, best #1, table Defilt-IP-Rowting-Table) Flag: Ox820 Not advertised to any peer 600 111.2 from 1.1.1.2 (12.0.3.1) Origin IGP, localpref 100, valid, external, best RI sh ip route bgp B 2.0.0.0 [20/0] via 1.1.1.2, 00:00:36 8 20.0.0.088 [20/0] via 1.1.1.2, 00:00:36 8 30.0.0.088 (20/0) via 1.1.1.2, 00:00:36 R1#ping 301.11 Type escape sequence to abort. Sending 5, 100-hyte ICMP Echos fo 30.1.1.1, timeout is 2 see Success rate is 100 percent (5/5), round-trip minfuvg/max = 16/56/88 ms ls DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 67BGP PATH SELECTION © IGPs, such as FIGRP or OSPF, choose routes based on lowest metric. They attenapt to find the shortest, fastest zoay to get traffic fo its destination. . hhowecer, has a different zeny of route selection . igns carious attributes to each path; these attributes can be administratively manipulated to control the path that és selected It them examines the value of these attributes in an ordered fashion until it can narrow all the possible routes down to one path. BGP ATTRIBUTES BGP chooses a route to a network based on the attributes ofits puth, Four categories of attributes exist © Well-known mandatory: © Must be recognized by all BGP routers, present in all BGP updates, and passed on to other BGP routers. For example, AS path, origin, and next hop. + Well-known discretionary: © Must be recognized by all BGP routers and passed! on to other BGP routers but need not be present in ant update, for example, local preference. © Optional transitive: (© Might or might not be recognized by a BGP router but is passed on to other BGP routers © If not recognized, it is marked as partial, for example, aggregator, community, + Optional non-transitive: If the BGP process its peers © for example, Multi-Exit Discriminator (MED), originator 1D. follows: does not recognize the attribute then it can ignore the update and not advertise the path to AS Path + AS Path is Weil known, mandatory attribute List of AS through which updates has traversed. # Path with shortest AS path list is more desirable. BoP Tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, 3°) # 35012 (NETWSRI Ail contents are copyeighe €20i4 ~ 2016 all rights resceved. Page 68 oanNext Hop © The next-hop attribute is well-known, mandatory, © BGP is AS by AS routing Protocol © Next hop # next router © Next lop = IP to reach next AS AS 65000 172.20.0.0 9 172.16.0.0 AS 64520, ‘The IP address of the next AS to reach a given network: + Router A advertises network 172.16.0.0 to router B in EBGP, with a next hop of 10.10.10.3. + Router B advertises 172.16.0.0 in IBGP to router C, keeping 10.10.10.3 as the next-hop address, ORIGIN # Origin informs all AS in Internetzoork how network got intraduced into BGP. © IGP (i) advertised in BGP using network command 2 FGP@ Redistrituted from EGP © Incomplete (2) Redistributed in to BGP from IGP or static ‘ell-knocon, mandatory, and transitive. © The origin attribute i © “I is better then “E” and “e” is better then BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 69 ETWGR GenerNetwork Metric Loops! Wosght Path +> 10-1-0.0/24 ° ‘wares > 10.2.2.0/24 ° 32768 = 1011.20/24 0 100 OS #3°10197-97.0/24173.31.1.3 © é4g90 64997 te t0.254.0.0/24 17213111.5 ° © eaaee © we'v7a.s1.1.0/24 | 19231.13 ° ° ‘ a a2 33.3.3 © 100 =O sasan fyv2.a1.2.0/24 192.31.213 ° 9 eao8 Covtput omitted WEIGHT. AS 64520, Weight is Cisco’s attribute. Yells how to exit the AS Path with the highest weight is more desirable. Local to the router (not advertise to the other routers in the AS) Weight is partial attribute. Defiult weight = 0 for learned routes, 32,768 for locally injected routes) LOCAL PREFERENCE Local preference defines how data trafic should exit from an AS. Path with highest preference value is more desirable I is advertised only to IBGP neighbor within an AS. Default value is 100 Local preference is ell known, discretionary attribute AGP Lab Workbook by Sikandar Govse Moinuddin CCTR (R&S, SP) # 35012 ALL contents are copyright @2014 — 2015 all rights reserved. Page 70 (enerAS 65350 172.16.0.0 Needs to go to AS 65350 AS = bod 6" Pret «160 64520 MED (MULTI EXIT DISCRIMINATOR) ¢ MED define ho the data trac sould enter an AS. * MED is used to advertise to EBGP neighbor only. © Path with less MED is more desirable. © Default one 0 # MED ivcptional and non transite AS 65500 472.20.0.0 172.16.0.0 AS 65000 Atomic Aggregate: © Indicates that a summarized route has been send to the neighbor © Mis Well Known Discretionary attribute Optional Transitive attributes © Aggregator: indicates the AS # and IP address of the Router that performed the Aggregation, © Community: Indicates the community that the route belongs to, Helps in route-selection policy anu filtering traffic Community Attribute ¢ BGP Zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (NE ETWGRI All contents are copyright #2014 — 2015 All rights reserved. Page 71 = Sane se+ Community attribute is transitioe optional attribute + Community attribute is a way to group destinations in a certain community and apply routing decisions to those communities. + We can use route-maps to set the community attributes. NOTE: When a commaunity attribute is set, no matter what te community attribute specification is the update is sent to one hop (BGP default rule) and from there the community attribute is implemented. Predefined Well Known Communities + no-export : Do not advertise fo ebgp peers, keep this route within an AS only. + no-advertise : Do not advertise tis route fo any peer, internal or external. + Internet : Adoertise this route to the internet community, any router belongs fo this community + Tocal-as : use in confederation scenarios to prevent the transmit of packets outside the local AS, BGP Path Selection + ‘The BGP forwarding table usually has multiple paths from which to choose for each network + BGP is wot designed fo perform load balancing: + Paths are chosen because of policy. + Paths are not chosen based on bandwidth The BGP selection process eliminates any matiple paths through attrition until a single best path is left. + ‘That best puth is submitted to the rowting table manager process and evaluated against the methods of other routing protocols for reaching that network (using administratioe distance) The route from the source with the lowest administrative distance és installed in the routing table. Route Selection Decision Process Consider only (synchronized) routes with no AS loops ant a valid next hop, and then: 1. Prefer highest weight (local to router). 2. Prefer highest local preference (global within AS). 3. Prefer route originated by the local router (nex! hop = 0.0.0.0). 4, Profer shortest AS path. 5. Profer lowest origin code (IGP < EGP < incomplete) i> E>? 6. 8 Prefer lowest MED (exchanged between autonomous systems). Neighbor Type (Prefer eBGP over iBGP) IGP metric to NEX1_HOP (Smaller value preferred) 9. Profer oldest route for EBGP paths, 10. Prefer the path with the lowest neighbor BGP router ID. 11, Profer the path with the lowest neighbor IP address. N WLLA OMNI SHOW IP BGP OUTPUT In show ip bgp output, Networks are listed in numerical order, lower to higher. An (*) asterisk indicates i is valid rowle with proper next-hop. You cam see many options in front of route, Below are the meaning of options +3" for Suppressed : BGP knows about this network but this netevork is not advertised. Since it és part of summarized route + “d” for dampened: BGP can stop advertising a network that flaps too often until itis stable fora period of time. + 4h” for history: BGP knows about this network but this network but does not currently have a valid route. «© "P" for rib failure: ‘The route was advertised to BGP but it was not installed in IP routing table, Since itis learned by Some other routing protacol with better administrative distance, +S" for Stale: Used with nonstop forwarding to indicate that the route is stale and needs to be refreshed when the peer is re-established. Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 72 Shane sateThis symbol *> indicates that this route is valid with proper next hop and same time it is accessible + Next-hop indicates which router is advertising this route and to reach this metaork you have to reach this next hop router. 0.0.0.0 Indicates this route is originated locally «Metric indicates MED attribute, if MED value woas received with the route, you van see the med in metric column. Local Pref indicates Local preference which is associated with routes, It is locally significance. Weight, {V's a BGP attribute, Path: It will show you AS path associated with route. Reading this path left to right. Origin of route ~i ~ means ibgp and locally originated, e- external bgp and externally rec incomplete origin that means the routes are originated by redistribution. joed, ?- means Somte other useful commands for verifying and troubleshooting BGP. # Show ip bgp summary # Show ip bgp neighbors address received-routes Most common issue If some tine, you can see the routes i row address und verify that the next hop is ac ig table but you can't ping the route. That time you can check the next hop ible by IGP. DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 73. Shane sateLAB: USING WEIGHT ATTRIBUTE TAS! Configure basic IBGP and EBGP peering using direcly connected interfaces + Advertise all the Networks as per the Diagram ‘© Make sure that the next-hop address should be the next router address Ri(config)#router bgp 500 Ri(config-router)# neighbor 1.1.1.2 remote-as 600 Ri(config-router# neighbor 4.4.4.1 remote-as 700 Ri (config-router)# net 10.0.0.0 RU (config-router)# net 1.0.0.0 Ri (config-router#t net 4.0.0.0 Ri(config-router)# no auto-summary Ri(config-router)# no syne Ri(config-routery# exit R2(config)#router bgp 600 R2¢config-router)# neighbor 1.1.1.1 remote-as 500 R2(config-router}#t neighbor 2.2.2.2 remote-as 600 R2(config-router)# network 20.0.0.0 R2(config-router)# network 2.0.0.0 R2(config-router}# network 1.0.0.0 R2(config-router)# no auto-summary R2(config-router)# no syne R3(config) router bgp 600 BGP Lab Workbook by Sikandar Coase Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 74 Shane sateR3(config-router)#neighbor 2.2.2.1 remote-us 600 R3(config-router) neighbor 3.3.3.2 remote-as 700 R3(config-router)#netavork 30.0.0.0 R3(config-router)neteork 3.0.0.0 R3(config-router)#netevork 2.0.0.0 R3(config-router}#no auto-summary R3(config-router)#no synchronization R3¢config-router)#emd Ra (config) router bgp 700 Ré(config-router)# neighbor 4.4.4.2 remote-as 500 Ra(config-router}# neighbor 3.3.3.1 remote-as 600 R4(config-router)# network 40.0.0.0 RA(config-router)# network 4.0.0.0 Ré(config-router}# network 3.0.0.0 Ré(config-router)# no autos Ra(config-router}#no syne RA(config-router exit R2#sh ip bgp summary Neighbor VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Docon State/PfcRed LIL 4500 17 17-10 0 OOn10I2 4 2.2.22 4 600 17 17 10 0 0000932 5 Rattsh ip bgp summary Neigh VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfrRed 3331 4 600 7 8 9 0 0000021 7 4442 4500 8 8 9 0 0000048 7 R4itsh ip bgp BGP table version is 9, local router ID is 14.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RiB-faclure, § Stale Origin codes: #~ IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Patit 1.00.0 33.3.1 0.600 > 4442 0 05001 2.000 33.3.1 0 0.6004 . 44.4.2 0.500 600i “3.000 © 44.4.2 0.500 600: . 3.3.31 0 0.6005 > 0.0.0.0 o 4.000 0.0.0.0 0 327681 - 4442 0 500i > 10000 33.3.1 0.600500 i > 4442 0 05001 2000.0 33.3.1 0.600% . 444.2 0.500 600i * 30.000 4.4.4.2 9.500 600i > 333.1 0 0.6001 > 40000 0.0.00 0 327681 Rae DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 75. Shane sateR3itsh ip bgp BGP table version is 10, local router 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, Stale Origin codes: 1 IGP, e- BGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 1000 33.32 0700 5001 Si 2221 0 100 Oi “12.000 2224 0 100 08 > 0.000 0 327681 * 3.000 33.3.2 o 0 700% > 0.0.00 0 327681 24000 33,32 o 07001 “i LLL 0 100 0500 10.000 33.3.2 0700 500 i Di LELT = 0 100 0.500: °>i20.0.00 2.2.2.1 0 100 01 30.000 0.0.00 0 327681 340000 33.3.2 0 07004 R3itsh ip route bgp B 1.0.0.0/8 {20/0} via 2.2.2.1, 00:23:23 Be 4.0.0.0/8 [20/0] via 3.3.3.2, 00:23:10 B 20,0.0.0/8 [20/0] via 2.2.2.1, 00:23:23 B 40.0.0.088 [20/0] via 3.3.3.2, 00:23:10 8 10.0.0.0/8 |200/0} via 1.1.1.1, 00:01:43 R2Ash ip bgp BGP table version is 9, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i- IGP, e -EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path “10000 1114 095007 > 0.0.00 0 32768 “12000 2222 0 100 0% > 0.0.00 0 327681 * 3000 111d 0500 7001 oi 2222 0 100 05 “i000 33.3.2 0 100 07001 > AAA 0 05001 310000 9 14.44 0 05005 > 20000 0.0.00 0 32768: 130000 2.222 0 100 05 * 4000.0 41114 0.500 700 i wi BBR2 1000700 R2#tsh ip route bgp B 3,0.0.0/8 |200/0] via 2.2.2.2, 00:22:13 B 4.0.0.0/8 [20/0] via 1.1.1.1, 00:23:11 DOP Lab Norkbock by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 76 Shane sate8 B B 40.0.0.0/8 |200/0} via 3.3.3.2, 00:00:18 10.0.0.0/8 [20/0] via 1.1.1.1, 00:23:11 30.0.0.0/8 [200/0} via 2.2.2.2, 00:22:13 To Change The Next Hop Behavior Of The BGP R2(confightrouter bgp 600 R2(config-router) #neighbor 2.2.2.2 next-hop-self R3(config)#router bgp 600 R3(config-router)#neighbor 2.2.2.1 next-hop-self R3itsh ip bgp BGP table version is 11, local router ID is 13.03.1 Status codes: s suppressed, d damped, history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i- IGP, ¢- EGP, ? incomplete Network Next Hop Metric LocPrf Weight Patt “1.000 33.32 0 700 500: >i 2221 0 100 05 “12.000 2.224 0 100 0% > 0.0.0.0 0 327681 3.000 33.3.2 o 0 700: > 0.0.00 0 327681 4000 3332 0 0 700i “i 2221 0 100 050i * 10.0.0.0 3.3.3.2 0700 500i 120.000 2.2.2.1 0 100 05 > 30.0.0.0 00.0.0 0 32768; > 4000.0 33.3.2 0 0700: R3itsh ip route bgp B 1.0.0.0/8 [200/0} via 2.2.2.1, 00:27:35 B_ 4.0.0.0/8 [20/0] via 3.3.3.2, 00:27:22 B 20,0.0.0/8 |200/0} via 2.2.2.1, 00:27:35 B 40,0.0.0/8 |20/0] via 3.3.3.2, 00:27:22 B 10.0.0.0/8 [200] via 2.2.2.1, 00:01:56 R2Ash ip bgp BGP table version is 10, local router ID is 12.03.1 Status codes: s suppressed, d damped, h history, * valid, > best,‘ internal, 7 RIB-failure, § Stale Origin codes: i IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 1000 14.1.1 0 0500 > 0.0.0.0 0 327681 712000 2.2.2.2 0 100 0% BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 77 (ener> 0.0.0.0 0 327681 i000 2.2.2.2 0 100 0% “i000 2.2.22 0 100 07001 > Wad 0 0500; 10000 1.441 0 05005 > 20.000 0.0.00 0 32768 130000 2222 0 100 Oi ~ 40000 14.11 pi 2.2.22 0 100 0700 ROMs ip route bgp B 3.0.0.9/8 [200/0) vin 2.2.2.2, 00:27:48 B 4.0.0.0/8 [20/0] via 1.1.1.1, 00:2 B 40,0,0.0/8 (200/0} via 2.2.2.2, 00:02:23 B 10.0.0.0/8 {20/0} via 1.1.1.1, 00:28:46 B 30.0.0.0/8 (200/0} via 2.2.2.2, 00:27:48 Rae TASK: Configure R1 to prefer exit path via R4 to reach all the Networks in AS 600. By default RI prefer via R2 (1.1.1.2) to reach 20.0.0./30.0.0.0 network as it has less number of AS path. R-1sh ip bgp Netevork lext Hop LocPrf Weight Path * 1.0.00 1142 0 600i > 0.000 32768 i “2.000 9 4441 700 600 i > TAD a 0 600i ~ 3.000 4.4.4.1 0 700i a TT 4000 4441 0 700i > 0.000 o > 1000.0 0.0.00 Et 4441 0-700 600 eee 1112 0 6010 700 Abd 00.700 R1Ash ip route bgp B 2.0.0.0/8 [0/0] via 1.1.1.2, 00:12:00 B__3.0.0.0/8 [20/0] via 1.1.1.2, 00:1 B_ 20.0.0.08 [2/0] via 1.1.1.2, 00:12:00 B40.0.0.0/8 {20/0} viu 4.4.4.1, 00:10:28 Ri#ping 20.1.1.1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds, BGP Lab Workbook by Sikandar Gouse Moineddin CCIE (R&S, SP) # 35012 Getwer 211 contents ave copyright @2014 ~ 2015 All vights reserved, Page 78 Gand aesSuccess rate is 100 percent (5/5), round-trip minfavy/max = 4/99/216 ms Ri#traceroute 20.1.1.1 Type escape sequence to abort Tracing the route to 20.1.1.1 msec * 92 msec To change the default preferred route (via R2) to via R4 (44.4.1) we need to apply higher weight to R4 Ri(config)#router bgp 500 Ri(config-router}# neighbor 4.4. Ri(config-routery#end 1 weight 40000 Rifclear ip bgp * soft to update the changes. R1#sh ip bgp 20.0.0.0 BGP routing fable entry for 20.0.00(8, version 28 Patis: (2 available, best #1, table Default-IP-Routing-Table) Fig: 03820 Advertised to upslate- groups: 1 700 600 FOAM (14.0.3.1) Origin IGP, localpref 100, (GHEBOOOONGAL, externa, BASE 600 1.1.2 from 1.1.1.2 (12.0.3.1) Origin IGP, metric 0, localpref 100, valid, external Rit Re14sh ip bgp Network Next Hop Metric LocPrf Weight Path 444.1 140000 700 600 : 11.12 0 ~~ 06001 2.000 44.4.1 120000 700 600 i : 1142 0 0600 33000 4444 0 #0000\7003 : 1112 0.6003 1441 0 WO000)700: 11.12 0 600 700 30000 9 44.41 “40000 700 600 i - LLL 0 600i 4000.0 444.1 8 40000 7004 . LL 0.600 700i Risk ip route bgp B_ 2.0.0.0/8 [20/0] via 4.4.4.1, 00:00:47 B 3.0.0.0/8 [20/0] vin 4.4.4.1, 00:00:47 B 20.0.0.0/8 |20/0] via 4.4.4.1, 00:00:47 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 79. (ener00:00:17 00:00:47 Ri#traceroute 20.1.1.1 Type escape sequence to abort Tracing the route to 2011.1 THEME 196 msee 252 msee 36 msec 23.3.3.1 [AS 700} 116 msec 112 msec 64 msec 3 2.2.2.1 [AS 600} 368 msec * 216 msec Note: = By default BGP applies weight to all the routes receiving from the specific neighbor to which it was = Toapply to specific routes we need to use the route-maps (check next ab) nfigured. Example: show ip bgp rib-failure Command RI Ash ip bgp rib-failure Network Next Hop RIB-fuilure RIB-NH Matches 1000 444.1 Higher admin distance n/a 4.00.0 444.1 Higher admin distance + Displays networks that are not installed in the RIB and the reason that they were not installed BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 80 Shane sateClearing the BGP Session + Whenever there is an administrative change inrouting policy, the BGP session must be reset before the new policy can take effect. + Yow must trigger an update to ensure that the policy is immediately applied to all af + Ways to trigger an update = Hard reset = Soft reset = Route refresh ed prefixes and paths. Hard Reset : + router# clear ip bgp * + Resets all BGP connections with this router. + Entire BGP forwarding table is discarded. + BGP session makes the transition from + everything must be relearned. + Processing the full Internet routing table can take a long time, Bandwidth , Resources tablished to idle; (re-establish the peering ) routert clear ip bgp [neighbor-address] + Resets only a single neighbor. + BGP session makes the transition from established to idle; everything from this neighbor must be relearned, + Less severe than clear ip bgp * BGP Soft Reconfiguration © Soft reconfiguration provides changes in new BGP routing policies without tearing docon the sessions, Outbound soft reconfiguration © More simple © router resends all BGP information to the neighbor without resetting the connection( BGP table) ©. This option is highly recommended when you are changing outbound policy Akoays enabled, not configurable © The soft out option does not help if you are changing inbound policy. Routert clear ip bgp (*|neighbor-address] [soft out] Inbound soft reconfiguration © More complicated stores the coniplete BGP table of your neighbor in router memory. © Router(config-router)# neighbor lip-address] soft-reconfiguration inbound Soft Reset Outbound Router# clear ip bgp [*|neighbor-address} [soft out] + Routes learned from this neighbor are not lost. + This router resends all BGP information to the neighbor without resetting the connection. + Ihe connection remains established. + This option is highly recommended when you are changing outbound policy + The soft out option does not help if you are changing inbound policy. Inbound Soft Reset Router(config-router)# neighbor lip-address] soft-reconfiguration inbound + This router stores all updates from this neighbor in case the inbound policy is changed. +The command is memory-intensiv. ( BGP Lab Horkbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 NETWRI ALL contents are copyright (2014 ~ 2015 All rights reserved. Page 81 Gus seeRoutertt clear ip bgp {* |neighbor-address} soft in + Uses the stored information to generate new inbound updates Route Refresh: Dynamic Inbound Soft Reset Routert clear ip bgp {*|neighbor-address} [soft in | in} + Routes auvertised to this neighbor are not withdrawn, + Does not store update information locally. + The connection remains established, + Introduced in Cisco IOS software release 12.02)S and 12.0(6)1 Traditional Filtering Limitations © All filters apply only to new incoming and oulgoing upadates © To change outbound routing policy, you have to resend BGP updates to your neighbors, © To change inbound routing policy, you have to force your neighbor to resend the updates to you. ‘© The traditional mechanism is to clear BGP sessions. clear ip bgp {* | ip-address | peer-group-name] © This command tears down the BGP session with all neighbors, a specific neighbor, or all neighbors in a peer group. © AILBGP routes are lost after the session is torn down; connectivity through © A new session is re-established within 30 to 60 seconds, BGP neighbor is lost © A full routing update is exchanged once the session is reestablished, resulting in enforcement of new routing policy. © Processing the full Internet routing table can take a long time, Bandwidth , Resources. BGP Soft Reconfiguration © Soft reconfiguration provides changes in new BGP routing pol s without fearing down the sessions, Outbound soft reconfiguration © More simple © Resending ofall routes in the lo © Always enabled, not configurable Inbound soft reconfiguration © More complicated (stores the complete BGP table of your neighbor in router memory. BGP table.the complete B oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 62 Shane sateLAB : WEIGHT ATTRIBUTE using Route-maps “\\R2 loopbacks 8% ~12.9.0.1/24 2% 12.01/24 2) 120.2:n24 Me 12.0.3.1/34. TASK: © Continue from the previous lab and remove the last task configs + Advertise the 12.0.0.0 of R2 loopbacks in bgp with exact mask Ri (configh#router bgp 500 Ri (config-router)#no neighbor 44.4.1 weight 40000 Ri (config-router)#do clear ip bgp * soft R2(config)#router bgp 600 R2(config-router)# network 12.0.0.0 mask 255.25 K2(config-router)# network 12.0.1.0 mask 255. R(config-router)# network 12.0.2.0 mask 255. R2(config-router)# netevork 12.0.3.0 mask 255,255.25 R2(config-router)# end Rl ash ip bgp BGP table version is 17, local router 1D is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, ¢- internal, Pr RIB-failure, $ Stale Origin codes: #- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 83 (ener> 1.000 0.0.0.0 0 327687 . 444.1 0-700 600i . LLL 0 0.600 2.000 44.4.1 (0-700 600i > LAL. 0 0.600 3.000 444.1 0 700% > LLL 8.600: 24.000 0.0.00 32768 i . 444.1 07005 > 1000.0 0.0.00 32768 i > L112 0.600 > 200.00 44.4.1 0-700 600 i > 1112 0.6004 * 30000 44.41 0700 600i > LLL 9.600% 240000 9 444.1 0700: * 1AL2 0.600 700i Here by default R1 prefers. via 1.1. Rash ip route bgp B 2.00.08 (20/0) via 1.1.1.2, 00:11:15 B 3.00.08 (20/0) via 1.1.1.2, 00:11:15 B 20.0.0.088 (20/0) via 1.1.1.2, 00:11:1 Be 40.0.0.0/8 (20/0) via 4.4.4.1, 00:11:1 12.0.0.024 is submetted. 4 subnets (R2) to reach the xxx Prefixes. B 30.0.0.0/8 [20/0] via 1.1.1.2, 00:11:15 TAS + Make sure that only OCORAILORG both networks should prefer via R4 where as the remaining should use the default route via R2 Ri (config) Haccess-list 12 permit 12.0.0.0 0.0.0. Ri(config)# access-list 12 permit 12.0.1.0 0.0.0.255 Ri(config)# route-map WEIGHT permit 10 RU (config-route-nup)# match ip address 12 Ri(config-route-map)# set weight 5000 Ri(config-route-map)# exit Ri(config)# route-map WEIGHT permit 20 Ri(config-route-map)tend Ri (config) router bgp 500 DOP Lab Norkbock by Sikandar Goose Notouddin CCIE (R5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 84 Shane sateRI (config-router)#neighbor 4.4.4.1 route-map ? WORD Name of route map Ri(config-router)¥neighbor 4.4.4.1 route-map WEIGHT ? in Apply map to incoming routes out Apply map to outbound routes RI (config-router)#neighbor 4.4.4.1 route-map WEIGHT in Ri(config-router)¥end Rlaclear ip bgp * The WEIGHT attribute is local to the router and does not get exchanged bet therefore itis only effective on inbound route maps IN Bound © In bound Route-ruap Changes the local Router Pathe selection process. © In Bound Route-maps apply changes to BGP updates recived from that specific Ne that specific N hor vent routers Out Bound outbound Route-mups influence some other Routers Decisio Out Bound Rowte-maps apply changes routes advertised to ‘© Applying inbound influence outb Rl fsh ip bgp BGP table version is 16, iocal router 1D is 1.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, TRIB.failure, § Stale Origin codes: i IGP, €- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path * 1000 4441 0 700 600: > 0.0.0.0 0 327681 . 1112 0 0.600 2000 4441 0700 600 > 1112 0 0.6001 3000 444.1 o 07001 > 1112 0.6001 40.00 4441 o 0 700% > 0.0.0.0 0 327681 > 10.0.0.0 0.0.0.0 032768: “120.2024 444.1 0700 600i > 112 0 06005 71203024 444.1 0700 600 > 1Ad2 0 0.6003 * 20000 4441 0 700 600i > 1112 0 0.600 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 85 und Traffic | * Applying outbound influence inbound Traffic (ener* 300.00 44.4.1 0700 600i > LLL. 9.600% 40000 © 44.4.1 a 07003 * LAD (0.600 700i RI sh ip bgp 12.0.0.0 BGP routing table entry for 12.0.0.024, version 48 Pathe: (2 aowilable, best #2, table Defaalt-1P-Routing-Table) Flag: Ox820 Advertised to update group 1 609 LL.2 from 1.1.1.2 (12.0.3.1) Origin IGP, metric 0, localpref 100, valid, external 700 600 444.1 from 4.4.4.1 (14.0.3.1) Origin IGP, localpref 100, BESO, valid external, BEE RI sh ip bgp 12.0.1.0 AGP routing table entry for 12.0.1.0/24, version 47, Paths: (2 available, best #1, table Defiut-LP-Routing-Table) Adeertised to update-groups 1 700 600 44.4.1 from 4.4.4.1 (14.0.3.1) Origitt IGP, localpref 100, FBGHESOOD, valid, external, ESR 600 11.1.2 from 1.1.1.2 (12.03.1) Origin IGP, metric 0, localpref 100, valid, external RI sh ip bgp 12.0.2.0 BGP routing table entry for 12.02.0224, version 44 Paths: (2 available, best #2, table Default-1P-Rowting-Table) Advertised to update-groups: 2 700 600 444.1 from 4.4.4.1 (140.3.1) Origin IGP, localpref 100, valid, external 600 L112 from 1.1.1.2 12.03.) Origin IGP, metric 0, localpref 100, valid, external, BBR Riiish ip bgp 20.1.1.1 BGP routing table entry for 20.0.0.08, version 39 Paths: (2 available, best #2, table Defaull-IP-Routing-Table) Adeertised to upalate-groups: 700 600 44.4.1 from 4.4.4.1 (14.0.3.1) Origin IGP, localpref 100, valid, external 600 11.1.2 from 1.1.1.2 (12.0.3.1) Origitt IGP, metric 0, localpref 100, valid, external, best BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 86 (enerRash ip route bgp B 2.0.0.0/8 [20/0] via 1.1.1.2, 00:00:20 B 3.0.0.0/8 [20/0] via 1.1.1.2, 00:00:20 B 20.0.0.0)8 [20/0} via 1.1.1.2, 00:00:20 Be 40.0.0.0/8 [20/0] via 4.4.4.1, 00:00:20 12.0.0.924 is subnetted, 4 subnets 12.0.2.0 [20/0) via 1.1.1.2, 00:00:20 B12.0,3.0 [20/0] via 1.1.1.2, 00:00:20 B_ 30,0.0.0/8 {20/0} via 1.1.1.2, 00:00:20 R1#traceroute 1.0.0.1 Type escape sequence to abort Tracing the route to 12.0.0.1 ABA 68 msec 40 mse 156 mse 23.3.3.1 {AS 600] 120 msec 24 msec 8 msec 3.2.2.2.1 [AS 600] 72 msec * 116 msec RU traceroute 12.0.1.1 Type escape sequence to abort. Tracing the route to 12.0.1.1 80 msec 28 msec 2.3.3.3.1 [AS 600] 20 msec 52 msee 36 msec 32.2.2.1 JAS 600] 24 msec * 152 m Ri traceroute 120.21 Type escape sequence to abort. ee decuieieazt TALS 14 msec Ri#traceroute 12.0.3.1 Type escape sequence to abort iene hevolnie oat TDS 14 se BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 87 (enerLAB: USING LOCAL PREFERENCE Continue the same previous lab just remove the last step of configurations applied so that it uses the default path selection process without any attributes applied RU (config-router)#NO_ neighbor 4.4.4.1 route-map WLIGHT in R1(config-router)#do clear ip bgp * OR + Ifyou start this diagram + Verify neighbors and Ensure that it uses the default path selection without any attributes applied © Ensure that you change the next hop to next Router ab without any BGP configuration then configure basic IBGP and EBGP as per the Ri(config)#router bgp 500 RI (config-router)# neighbor 1.1.1.2 remote-as 600 Ri(config-router}#t neighbor 4.4.4.1 remote-as 700 Ri(congig-router)# net 10.0.0.0 Ri(config-router}# net 1.0.0.0 Ri(config-router}# met 4.0.0.0 Ri(config-router}# no auto-summary RI (config-router)# no sync RU (config-router)# exit R2(config)#router bgp 600 R2(config-router)# neighbor 1.1.1.1 remote-as 500 R2(config-router}# neighbor 2.2.2.2 remote-as 600 R2(config-router)# network 20.0.0.0 ( BGP Zab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 (NETWSRI All contents are copyright #2014 — 2015 All rights reserved. Page 88 = Sane seK2(config-router)# network 2.0.0.0 R2(config-router}t network 1.0.0.0 R2(config-router)# network 12.0.0.0 mask 255.255.255.0 R2(config-router)# network 12.0.1.0 mask 255.255,255.0 R2(config-router)# network 12.0.2.0 mask 255.255,255.0 R2(config-router}# network 12.0.3.0 mask 255.255.255.0 K(config-router)# no auto-summary R2¢config-router)# no syne R3(config) router bgp 600 R3(config-router neighbor 2.2.2.1 remote-as 600 R3(config-router)neighbor 3.3.3.2 remote-as 700 R3(config-router)#network 30.0.0.0 R3(config-router) #network 3.0.0.0 R3(config-router) network 2.0.0.0 R3(config-router)ino auto-summary R3(config-router}#no synchronization R3(config-routerytend Ré(configh router bgp 700 Ré(config-router}# neighbor 4.4.4.2 remote-as 500 RA(config-router}# neighbor 3.3.3.1 remote-as 600 Ré(config-router)# network 40.0.0.0 network 4.0.0.0 RA(config-router)# network 3.0.0.0 RA(config-router)# no auto-summary R4(config-router)#no syne Ré(config-router) exit R2#sh ip bgp summary Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfxRed LLLI 4500 17 «17-10 O 000012 4 2222 4 600 17 17 10 0 0000932 5 R4itsh ip bgp summary Neighbor VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfxRed 3331 4 600 7 8 9 0 O0U0021 7 4442 4500 8 $8 9 0 0000048 7 To Change The Next Hop Behavior Of The BGP R2config) router bgp 600 R2config-router)#neighbor 2. next-hop-self R3(configh#router bgp 600 R3(config-router) #neighbor 2.2.2.1 next-hop-self * lll the routes going from AS 600 to reach as -700 ( 40.0.0.0) by default prefers out via R3 © Make sure that R2 and R3 (all the routers in the as 600) should prefer use path via R2/RI/R4 using local preference. oasHip bgp Dor Lab Norkbook by Sikandar Goose Notouddin CCIE (R55, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 89 Shane sateBGP table version is 32, local router 1D is 1203.1 Status codes: s suppressed, d damped, h history, * valid, > best, ¢- internal, RIB-failure, $ Stale Origin codes: i IGP, e- EGP, ? - incomplete Network Next Hop (tric LocPrf Weight Path 1000 9 LLL 0 0500: > 0.0.0.0 0 32768: “1200.0 2.2.22 0 100 0% > 0.0.0.0 0 32768: "1300.0 2.2.2.2 0 100 0: 4000 © 1141 0 0.500% “i 2.2.2.2 0 100 0700: 1000.0 111 0 05004 1200024 0.0.00 0 327681 120.1024 0.0.0.0 0 32768i > 12.0.2.024 0.0.0.0 0 327681 > 12.03.024 0.0.0.0 0 327681 > 2000.0 0.0.9.0 0 32768; 130.000 2.22.2 0 100 03 R3itsh ip bgp BGP table version is local router ID is 13.0.3.1 Stutus codes: s suppressed, d damped, h history, * valid, > best, internal, 1 RIB-faure, § Stale Origin codes: i- IGP, -EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path 1100.0 2.2.2.1 0 100 0% *i200.0 2.2.24 0 100 0: > 0.0.0.0 0 327681 3.000 33.3.2 0 0 700% > 0.0.0.0 0 327681 “14000 111A 0 100 050i > 3.3.3.2 0 07001 * 100.00 3.3.3.2 0700500 i Si 11d 0 100 0500: >i12.0.0.9/24 0 100 0: “>i12.0.1.024 0 100 Oi i12.0.2.0)24 0 100 0: i1203.024 2. 0 100 0: "120.000 2.2.2.1 0 100 03 > 30.0.0.0 0.0.00 0 327681 R2#sh ip route bgp B 3.0.0.0/8 [200/0} via 2.2.2.2, 00:00:21 B_ 4.0.0.0/8 |20/0} via 1.1.1.1, 00:00:21 B_ 10,0.0.0/8 {20/0} via 1.1.1.1, 00:00:21 B 30,0.0.0/8 |200/0} via 2.2.2.2, 00:00:21 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 90 (NETWGRIR3itsh ip route bgp B_ 1.0.0.0/8 [200/0} via 2.2.2.1, 00:00:45 B_ 4.0.0.0/8 [20/0] via 3.3.3.2, 00:01:19 B_20.0.0.0/8 |200/0} via 2.2.2.1, 00:00: B 40.0.0.0/8 [20/0] via 3.3.3.2, 00:01:19 B 10.0.0.0/8 [200] via 2.2.2.1, 00:00:45 12.0.0.0/24 is submetted, 4 subnets B 12.0.0.0 [200/0} via 2.2.2.1, 00:00:45 B12.0.1.0 {2009/0} via 2.2.2.1, 00:00:45 Be 12.0.2.0 [200/0} via 2.2.2.1, 00:00:45 B 12.0.3.0 [200/0} vis 2.2.2.1, 00:00:45 R2#traceroute 40.1.1.1 Type escape sequence to abort Tracing the route to 40.1.1.1 ‘msec * 60 msec R3ittraceroute 40.1.1.1 Type escape sequence to abort Tracing the route to 40.1.1.1 misee * 168 msec In order to make sure that all the routers exit AS 600 via R2 we need to than defrult nge the local-preference value of R2 higher R2(config)#router bgp 600 R2(config-router) #bgp default local-preference 400 R2(config-router)#do clear ip bgp * soft Risk ip bgp GP table version is 17, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, I history, * valid, > best, i internal, RIB failure, § Stale Origin codes: i- IGP, €- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Patit > 0.0.0.0 O 327681 + 2222 0 100 0: 73000 LET 500 700 “i 2.2.2.2 0100 0: 4000 114d 0 0500 10.000 1.1.11 0 0500 1200024 0.0.00 0 327681 21201024 0.0.0.0 0 327684 1202.24 0.0.0.0 0 327684 12.03.0246 0.0.0.0 0 327681 20000 0.0.00 0 32768: "130.000 2.2.2.2 0 100 03 DOP tab Norkbock by Sikandar Goose Notaeddin CCIE (RES, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 91 Shane sateR2ish ip bgp 40.0.0.0 BGP routing table entry for 40.0.0.028, version 35 Paths: (1 available, best #1, table Default-1P-Routing-Table) Flag: 0x820 ‘Adivertised to update-groups 2 500 700 LLL from 1.1.14 (1.0.3.1) Origin IGP, Ralpref00, aid, externa BSE R3#SH ip bgp 40.0.0.0 BGP routing table entry for 40.0.0.0/8, version 37 Paths: (2.aoailable, best #1, table Default-IP-Roting-Table) Flag: 0x820 Advertised to update- groups. 2 500 700 2.2.2.1 from 2.2.2.1 (12.0.3.1) Origin IGP, metric 0, GG PFAOO) valid, interrclER 700 3.3.3.2 from 3.3.3.2 (14.0.3.1) Origin IGP, metric 0, lcalpref 100, valid, external R3ash ip bgp BGP table version is 43, local router 1D is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 7 RIB-failure, § Stale Origin codes: i IGP, €- EGP, ?~ incomp te Network Next Hop Metric LocPrf Weight Patit *>i1.00.0 2.2.2.1 0 400 OF ~ 3 0 700500 i * 2.0.0.0 0 400 0: > 0.0.0.0 0 327681 *13.00.0 — 22.21 0 400 0500 700i . 3.3.3.2 0 0.7005 > 0.0.0.0 0 327681 *>i4.0.0.0 2.21 0 400 05004 - 33.3.2 0 07004 *>i10.0.0.0 2.2.2.1 0 400 05001 . 3.3.3.2 0-700 500 i Pi1200.9724 2.2.2.1 0 400 0: Pi12.0.1.924 2.2.2.1 0 400 0: ">112.0.2.924 2.2.2.1 0 400 Oi Pi12.03.024 2.2.2.1 0 400 0: 120000 2221 0 400 05 > 3000.0 0.0.00 0 327681 Network iext Hop LocPrf Weight Patit * 3.3.3.2 0 07005 R2Hsh ip route bgp BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 92 (ener1B 3.0.0.0/8 [20/0] vin 1.1.1.1, 00:01:34 B_ 4.0.0.0/8 |20/0) vin 1.1.1.1, 00:01:34 B_ 10,0,0.0/8 [20/0] via 1.1.1.1, 00:01:34 B_ 30.0.0.0/8 |200/0} via 2.2.2.2, 00:01:35 R3tsh ip route bgp B 1.0.0.0/8 [200/0} via 2.2.2.1, 00:02:11 B 4.0.0.0/8 [200/0} via 2.2.2.1, 00:02:15 B_20.0.0.088 (200/0} via 2.2.2.1, 00:02:11 B 10.0.0.0/8 |200/0} via 2.2.2.1, 00:02:15 12.0.0.0/24 is swbnetted, 4 subnets B12.0.0.0 [200/0} vin 2.2.2.1, 00:02:11 B12.0.1.0 [200/0} vin 2.2.2.1, 00:02:11 B12.0.2.0 [200/0} via 2.2.2.1, 00:02:11 B 12.0,3.0 [200/0} via 2.2.2.1, 00:02:11 R3#traceroute 40,1.1.1 Type escape sequence fo abort Tracing the route to 40.1.1.1 116 msec 60 msec 64 msec ssec 128 msve 156 msec 344.4. [AS 500] 180 msec * 104 misec R2#traceroute 40.1.1.1 Type escape sequence to abort Tracing the route to 40.1.1.1 TLL 128 msec 84 msec 76 msec 24.4.4.1 {AS 500] 220 msec * 132 msec BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 93 (enerTASK: © Remove the local preference value on R2 # Advertise the 14.0.0.0 of R4 loopbacks in bgp with exact mask topes o/s so aoha/as a 120. : a.a/as \ Taoalt/ae 10 as 700 tao. 7 _ R2(config)¥ router bgp 600 R2(config-router)# no bgp default local-preference 400 R2(config-router)# do clear ip bgp * 4(config) router bgp 700 4(config-router)# network 14.0.0.0 mask 255,255.25 R4(confg-router)# network 14.0.1.0 mask 255.255. Ra(conig-router)# netework 14.0.2.0 mask 255.25 Ré(config-router)# network 140.3.0 mask 255.255.255.0 a(config-router)#end R2#sh ip bgp Network Next Hop Metric LocPf Weight Path 1009 00.00 0 327681 . LLL 0 0500 2000 0000 0 327681 “i 2.222 0 100 9% +3000 "111d 0.300 700 >i 2222 0 100 05 54009 9 11d4 0 05008 ‘i 2.2.22 0 100 0 700i 10000) 1.1.1.1 0 05001 > 1200024 00.00 0 327681 > R019A4 00.00 0 327681 BGP Lab Workbook by Sikandar Gouse Moineddin CCIE (R&S, SP) # 35012 Getwer 211 contents ave copyright @2014 ~ 2015 All vights reserved, Page 94 Gand aes> 12.02024 0.0.00 32768 i 12.03.0245 0.0.0.0 32768 i > 2000.0 0.0.00 0 32768% °>130.000 22.2.2 0 100 05 * 40.000 11.11 0.500 700i ical 2 0 100 0700 R2itsh ip route bgp B_ 3.0.0.0/8 |200/0} via 2.2.2.2, 00:04:38 B_ 4.0.0.0/8 [20/0] via 1.1.1.1, 00:04:38 B 40,0.0.0/8 |200/0] via 2.2.2.2, 00:04:38 B 10.0.0.0/8 |20/0] via 1.1.1.1, 00:04:38 14.0.0.0/24 is subwetted, 4 subnets B 30.0.0.0/8 |200/0} via 2.2.2.2, 00:04:38 R3itsh ip bgp Network Next Hop Metric LocPrf Weight Path 1100.0 2.2.2.1 0 100 0 . 3.3.3.2 0.700500 i 12.000 2.2.21 0 100 05 S 0.0.0.0 0 327681 3.000 33.3.2 0 07001 > 0.0.0.0 0 32768: “14.000 22.2.1 0 100 95004 ° 3.3.3.2 0 07003 *>i10.00.0 22.24 0 100 0500: - 3.2 0 700500 i “>i12.00024 2.2.2.1 0 100 Oi “1201024 2.2.2.1 0 100 i 1120.2.924 >i12.03.0/24 21 0 100 0: 21 0 100 i "120.000 22.2.1 0 100 0: > 30.0.0.0 0.0.0.0 0 4000.0 3.33.2 0 97003 3th ip route bgp BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 95 Shane sateB 1.0.0.0/8 [200/0) via 2.2.2.1, 00:04:50 4.0.0.0/8 |20/0} via 3.3.3.2, 00:05:24 20.0.0.0/8 {200/0} via 2.2.2.1, 00:04:50 40,0.0.0/8 [20/0] via 3.3.3.2, 00:05:24 10.0.0.0/8 {200/0} via 2.2.2.1, 00:04:50 12.0.0.0/24 is swbnetted, 4 subnets B12.0.0.0 [200/0} vin 2.2.2.1, 00:04:50 B12.0.1.0 [200/0} vin 2.2.2.1, 00:04:50 B 12.0.2.0 [200/0} via 2.2.2.1, 00:04:50 B12.0,3.0 {200/0} via 2.2.2.1, 00:04:50 14.0.0.0/24 is subnetted, 4 subnets pea Here by default both R2 and R3 exit the AS from R3 to reach al R4 14.x.x.% Prefixes TASK: * Configure AS 600 such that only routes (14.0.0.0 and 14.0.1.0) both networks prefer via R2 to exit the AS # All the remaining networks should use the default exit ( via R3) R2 R2(config)#access-list 14 permit 14.0.0.0 0.0.0.255 R2(config# access-list 14 permit 14.0.1.0 0.0.0.255 K2(configi#t route-map LOCAL permit 10 R2(config-route-map}# match ip add 14 R2(config-route-map)# set local-preference 2000 R2(config-route-map)# exit R2(configh# route-map LOCAL permit 20 R2¢config-route-smup)# exit R2(config)# router bgp 600 R2(config-router)# neighbor 1.1.1.1 route-map LOCAL in R2¢config-router)#end R2iclear ip bgp * soft R2ash ip bgp BGP table version is 26, ical router 1D is 12.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i~ internal, TF RIB-failure, § Stale Origin codes: i IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 21000 0.0.0.0 0 327687 . WLI 0 0.500; >2000 0.0.00 0 32768; i 2.2.22 0 100 0: 3.000 9 LLLI 0.500 700 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 96 (ener>i 2.2.2.2 0 100 oi 4.000 1L1T 0 0.500% “i 2.2.2.2 0 100 0700: 10000 LAI a 05005 > 12.00.024 0.0.00 0 327684 > 1201.024 0.0.0.0 0 327681 > 12.0.2.024 0.0.0.0 0 > 12.03.0724 0.0.0.0 o 140.2024 VALI 0.500 700i i 2.2.2.2 0 100 0700: * 14.03.0204 1.1.1.1 0.500 700i i 2 0 100 0700: > 2000.0 0.0.00 0 32768: i300.0.0 2, 0 100 0: 60.000 1111 0.500 700i Si 2.2.2.2 0 100 0700: In bound Route-map Changes the local Router Path selection process In Boundl Route-maps apply changes to BGP updates recived from that specific Neighbor Applying inbound influence outbound Traffic © Once we configure Local preference on R2 (preferred exit router of AS) for neighbor 1.1.1.1 (R1) rth direction in (apply to receiving routes) © Routes defined in the Rowte-maps recieving from that neighbor 1.1.1.1 (R1) will be applied with local preference value of 2000 © Routes with local preference value applied will also get advertised to all other routers (R3) inside the AS 600, R2ish ip route bgp B_ 3.0.0.0/8 |200/0} via 00:10:02 B 4.0.0.0/8 (2090) via 1.1.1.1, 00:10:02 B 40.0.0.0/8 |200/0} via 2.2.2.2, 00:10:02 B_ 10.0.0.0/8 [20/0] via 1.1.1.1, 00:10:02 14.0.0.0/24 is subnelted, 4 subnets 14.0.2.0 [20/0] via 2.2.2.2, 00-1002 14.0.3.0 [20/0] via 2.2. 00:10:02 so B 30.0.0.0/8 |200/0} via 2.2.2.2, 00:10:02 R3tsh ip bgp RGP table version is 80, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 7 RIB-failure, § Stale Origin codes: i IGP, e€- EGP, ?- incomplete Network Next Hop Metric LocPif Weight Path 110.00 24 0 100i - 3332 0 700.3004 “2009 2.221 0 100. 01 BGP ab Workbook by Sikandar Coase Moinuddin CCIE (R6S, SP) # 35012 Getwer Ail contents are copyeighe €20i4 ~ 2016 all rights resceved. Page 97 oan> 0.0.0.0 0 327681 3.000 33.3.2 0 0.700% > 0.0.0.0 0 32768: “1400.0 2.2.24 0 100 05004 > 33.3.2 0 07001 7110000 2221 0 100 0.500% > 33.3.2 0700300 i Si1200N24 2221 0 100 0: iIZO1Y24 2.2.21 0 100 0: >i12.0.2.9724 2.2.2.1 0 100 0: “i12.03.94 2.22.1 0 100 0: 140.2024 3.3.3.2 0 07004 > 14.03.0724 3.3.3.2 0 07004 120000 222.1 0 100 0: > 30.0.0.0 0.0.00 0 32768 40.000 33.32 a 07005 R3Wsh ip route bgp B 1.0.0.0/8 {20/0} via 2.2.2.1, 00:10:07 B 4.0.0.98 [200] vin 3.3.3.2, 02:50:52 B 20.0.0.08 200/0] via 2.2.2.1, 00:10:07 B 40,0.0.078 [20/0] via 3.3.3.2, 02:50:52 B_ 10.0.0.0/8 [200/0] via 2.2.2.1, 00:10:29 12.0.0.0/24 is subnetted, 4 subnets B 12.0.0.0 [200/0) via 2.2.2.1, 00:10:07 12.0.1.0 [2000 wi 2.2.2.1, 00:10:07 12.0.2.0[200/0} vi 2.2.2.1, 00:10:07 12.0.3.0 [20070] vin 2.2.2.1, 00:10:07 14.0.0.07 is subnetted, 4 subnets B 14.0.2.0 [20/0] via 3.3.3.2, 00:18:36 B 14.0.3.0 [20/0] via 3.3.3.2, 00:18:06 R2#traceroute 14.0.0.1 Type escape sequence fo abort. Tracing the route to 14.0.0.10 2s 1 1.1.1.1 80 msee 84 msee 120 msec 2.4.4.4.1 JAS 500] 92 msec 124 msec 172 msec R2#traceroute 140.11 {ype escape sequence to abort Tracing the route to 14.0.1.1 1 1.1.1.1 88 msec 84 msec 44 msec 24.4.4.1 {AS 500] 124 msec * 112 msec R2#traceroute 14.0.2.1 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 98. (enerType escape sequence to abort Tracing the route to 14.0.2.1 1.2.2.2.2 164 msve 44 msec 84 msec 23.3.3.2 140 msec * 224 msvc R2#traceroule 14.031 Type escape sequence to abort Tracing the route to 14.0.3.1 12.2.2.2 132 msec j3f44 msec 64 msec 23.3.3.2 188 msve * 164 msec R3ittraceroule 14.0.0.1 Type escape sequence to abort Tracing the route to 14.0.0.1 12.2.2.1 144 msec 80 msec 44 msec 21.1.1.1 80 msec 32 msec 28 mse 3444.1 JAS 700] 76 msec * 132 msec R3#traceroute 14.0.1.1 Type escape sequence to abort Tracing the route to 14,0.1.1 1.2.2.2.1 64 msee TOS msec 84 msec 21.1.1.1 40 msce 48 msec 36 mse 3.4.4.4.1 [AS 700] 144 msec * 168 msec R3#ttraceroute 14.0.2.1 Type escape sequence to abort. Tracing the route to 14.0.2.1 13.33.2268 msec * 148 msec R3#ttraceroute 14.0.3.1 Type escape sequence to abort Tracing the route to 14.0.3.1 13.3.3.2 112 msec * 80 msec BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 99 Shane sateAS Path © List of AS through which updates has. traversed. © Path with shortest AS path list is more desirable AS Path is Well known, mandatory and transitioe attribute, AS path : 200, 2007 11.0.0.0/8 42.0.0.0/8 120.008 _, 200 ——z__as2003 AS-Path Prepending anual manipulation of AS-path length is call © The AS path sh AS-path prepending. ld be extended with multiple copies of the AS number of the sender. AS-puth prepending is sed to 1. Ensure proper return path selection 2. Distribute the return traffic load for multihomed customers Results of AS-path prepending can be observed om the receiving router. BGP tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, SP) # 35012 Getwer 211 contents ave copyright @2014 ~ 2015 All vights reserved, Page 100 Dene aeLAB; AS-path Prepend TASK: + Configure IBGP & EBGP Peering as per the diagram using directly connected interfaces Ri(configh#router bgp 500 Ri(config-router)#tneighbor 1.1.1.2 remote-as 600 RI (config-router)#neighbor 4.4.4.1 remote-as 500 RI (congig-router)#network 10.0.0.0 RI (config-router)#network 1.0.0.0 Ri (config: router)netevork 4.0.0.0 Ri(config-router)tiend R2¢configh#trouter bgp 600 K2(config-router)#neighbor LLL.1 remote-as 500 K2(config-router)#neighbor 2.2.2.2 remote-as 700 R2(config- router netevork 20.0.0.0 R2(config-router)¥netzvork 2.0.0.0 R2¢config-router)¥network 1.0.0.0 R2(config-router)tend R3(config)trouter bgp 700 R3(config-router) neighbor 2.2.2.1 remote-as 600 R3(config- router) neighbor 3.3.3.2 remote-as 500 R3¢config-rowter)#netzwork 30.0.0.0 R3¢config-router)#netework 3.0.0. BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 101 GenerR3(config-router)#network 2.0.0.0 Ra(config-router) Hema Ré(config)#trouter bgp 500 Ra(config-router neighbor 3.3.3.1 remote-as 700 Ra(config-router)tneighbor 4.4.4.2 remote-as 500 Ra (config-router)#network 40.0.0.0 R4(config-router)#network 4.0.0.0 Ra(config-router}netevork 3.0.0.0 Ré(config- router exit Risk ip bgp summary BGP router identifier 1.0.3.1, local AS number 500 AGP table version is 9, main routing table version 9 8 network entries using 936 kytes of memory 12 path entries using 624 bytes of memory 6/4 BGP pathy/bestpath attribute entries using 744 bytes of memory 3 BGP AS-PATH entries using 72 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-lst cache entries using O bytes of memory BGP using 2376 total bytes of memory BGP activity 8/0 prefixes, 12/0 paths, scan interoal 60 secs Neighbor V_AS Msgcod MsgSent_ ThlVer InQ QutQ Up/Down State/PfxRed 1112 4 600 16 14 9 9 000084 4 4441 4 500 13 139 0 OO00708 5 Risk ip bgp BGP table version is 9, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, ht history, * valid, > best, intern 1 RIB-failure, § Stale Origin codes: i~ IGP, ¢- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Patit “1000 11.2 0 9.600: > 0.0.0.0 0 327681 712000 3331 0 100 070i > 1112 0 0.6001 "13000 4.4.4.1 0 100 0: 714000 4441 0 100 0% > 0.0.0.0 0 327681 > 10000 00.00 0 32768: > 2000.0 1.1.1.2 0 06005 "140.000 9 444.1 0 100 Oi R3sh ip bgp summary BGP router identifier 13.0.3.1, local AS number 700 BGP table version is 14, nuain routing table version 14 8 network entries using 936 bytes of memory 16 path entries using 832 bytes of memory 7/8 BGP path/bestpath attribute entries using 868 bytes of memory BGP ab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright #2014 — 2015 All rights reserved. Page 102 (ener4. BGP AS-PATH entries using 96 bytes of memory BGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using O bytes of memory BGP using 2732 total bytes of memory BGP activity 8/0 prefixes, 27/11 paths, scan interval 60 sees Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfcRed 2221 4 000 1 10 14 0 0000128 7 3332 4500 13 M4 1 0 0000532 6 R3ash ip bgp BGP table version is 14, local router 1D is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, RIB-failure, § Stale Origin codes: i IGP, e- EGP, ? ~ incomplete Network Next Hop Metric LocPrf Weight Path 1000 22.2.1 0 0.6001 > 000i * 2.0.0.0 0 0.600% > 0 327681 * 3.0.0.0 0.600.500: > 0.0.0.0 0 32768: * 3.3.3.2 0 0.500: = 40.00 2.2.21 0.600.500: > 3.3, 0 05001 > 20000 2.2.2.1 a 0.600 . 3.3.3.2 0.500 600 i 3000.0 0.0.00 0 32768; * $0,000 2.2.24 0.600 500 i > 33.3.2 0 0.5004 TASK: By default AS-500 exit via R4/R3 to reach AS 700 route (30.0.0.0) because of shortest AS-path © Configure AS-500 to ensure that all routers in AS 500 should exit R1 to reach AS 700 (30.0.0.0) RIash ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.0/8, version 12 Paties: (2 aoailable, best #1, table Default-1P-Routing- Table) Flag: 0x820 Not advertised to any peer 700 33.3.1 from 4.4.4.1 (1403.1) Origin IGP, metric 0, lacalpref 100, valid, internal, best 600 700 111.2 from 1.1.1.2 (1203.1) Origin IGP, localpref 100, valid, external RIA traceroute 301.1.1 Type escape sequence to abort Pracing the route t0 30.111 BGP tab Workbook by Sikandar Coase Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 103 Shane sate14.4.4.1 84 msec 40 msec 12 msec 23.3.3.1 84 msec * 96 mse Ri(confighaccess-List 1 permit 30.0.0.0 0.255.255.255 Ri (config)#route-map CCIERI permit 10 RU (config-route-muup}# match ip address 1 RI (config-route-mup)# set local-preference 250 Ri (config-route-map)ttroute-map CCIERI permit 20 Ri(config-route-mapyitexit Ri (config-route-rup)ttrouter bgp 500 Ri(config-router)# neighbor 1.1.1.2 route-map CCIER1 in Ri(config-router)#emal Ri#clear ip bgp * soft Ri Ash ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.0/8, version 13 Paths: (1 available, best #1, table Defiult-IP-Rowting-Table) Flag: 0820 Advertised to upddate-groups: 600 700 11.1.2 from 1.1.1.2 (12.0.3.1) Origin IGPGHR250, valid, external, best Ritraceroute 30.1.1.1 Tipe escape sequence to abort Tracing the route to 30.1.1.1 msec 76 msec 24 msec TASK: + Configure AS 500 to ensure that the traffic from 30.0.0.0 to 10.0.0.0 ( return traffic) should use the same path as forwarding traffic (R1-R2-R3) R3tsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.98, version 21 Paths: (2 available, best #2, table Default-IP-Rowting-Table) Advertised to update-groups: 1 600 500 2.2.2.1 from 2.22.1 (1203.1) Origin IGP, localpref 100, valid, external 500 3.3.3.2 from 3.3.3.2 (14.0.3.1) Origitt IGP, localpref 100, valid, external, best R3#traceroute 101141 DOP Lab Norkbock by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 104 Shane sateType escape sequence to abort Tracing the route to 10.1.1.1 13.3.3.2 92 mise 76 msec 24 msec 2.4.4.4.2 [AS 500] 80 msec * 56 mse: R4(configh#access-list 1 permit 10.0.0.0 0.255.255.255 .R4(config)#route-map CCIE permit 10 Ra(config-route-musp)# match ip address 1 é(confg-route-map)# set as-path prepend $001S00'S001500 Ra(config-route-map) #route-map CCIE permit 20 Ra (config-route-rup) exit Ré(config)trouter bgp 500 R4(congig-router)¥neighbor 3.3.3.1 route-map CCIE out R4(config-router)#end © When you are manually manipulating AS paths, the only valid AS number that you can prepend is the AS mumber of the sender. © Prepending any other AS number will cause problems. Raitclear ip bgp * soft R3tsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 22 Paths: (2 aoailable, best #1, table Default-1P-Routing-Table) Advertised to update-groups 1 600 500 2.2.2.1 from 2.2.2.1 (1203.1) Origin IGP, localpref 100, valid, external, best 3.3.3.2 from 3.3.3.2 (14.0.3.1) Origin IGP, localpref 100, valid, external R3# traceroute 10.111 Type escape sequence to abort Tracing the route to 1.1.1.1 1.2.2.2.1 80 msec 80 msec 24 msec 21.1.1.1 [AS 600] 96 msec * 92 msec BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 105 Shane sateMED (MULTIEXIT DISCRIMINATOR) © MED define how the data traffic should enter an AS, + MED is used to advertise to EBGP neighbor only, The default oalue of the MED atiribute is 0. +The MED is called the “metric” in Cisco 10S software. © The MED isa © A lower MED vatue means more 7 + MED is optional and non transitive. ‘+ The MED is not propagated outside of a receiving AS. woeak” metric ferned. AS 65500 172.20.0.0 172.16.0.0 AS 65000 Multi-Exit Discriminator © You can use the MED to influence path selection in neighbor autonomous systems An AS can specify its preferred entry point using the MED in outgoing EBGP updates. BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 106 Shane sateLAB; MULT-EXIT DISCRIMINATOR (METRIC) TASK: * Configure basic IBGP and EBGP peering using direcly connected interfaces © Advertise all the Networks as per the Diagram + Make sure that the next-hop address should be the next router address Ri (configh#router bgp 500 Ri(config-router)# Ri (config-router)# Ri(config-router)# Ri (config-router)# R1(config-routeryt RI (config-router) Ri config- router) Ri(config-router}# neighbor 1.1.1. remote-as 600 neighbor 4.4.4.1 remote-as 700 net 10.0.0.0 net 1.0.0.0 net 4.0.0.0 no auto-summnary no syne exit R2(config)#router bgp 600 R2config-router)# R2(config-router)# R2¢config-router)# R2(config-router)# R2(config-router)# R2(conrfig-router}# neighbor 1.1.1.1 remote-as 500 neighbor 2.2.2.2 remote-as 600 network 20.0.0.0 network 2.0.0.0 network 1.0.0.0 no auto-summnary R2config-router# no syne R3(config) router bgp 600 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 107 GenerR3(config-router)#neighbor 2.2.2.1 remote-us 600 R3(config-router) neighbor 3.3.3.2 remote-as 700 R3(config-router)#netavork 30.0.0.0 R3(config-router)neteork 3.0.0.0 R3(config-router)#netevork 2.0.0.0 R3(config-router}#no auto-summary R3(config-router)#no synchronization R3¢config-router)#emd Ra (config) router bgp 700 Ré(config-router)# neighbor 4.4.4.2 remote-as 500 Ra(config-router}# neighbor 3.3.3.1 remote-as 600 R4(config-router)# network 40.0.0.0 RA(config-router)# network 4.0.0.0 Ré(config-router}# network 3.0.0.0 Ré(config-router)# no autos Ra(config-router}#no syne RA(config-router exit R2#sh ip bgp summary Neighbor VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Docon State/PfcRed LIL 4500 17 17-10 0 OOn10I2 4 2.2.22 4 600 17 17 10 0 0000932 5 Rattsh ip bgp summary Neigh VAS MsgRcod MsgSent ThlVer InQ OutQ Up/Down State/PfcRed 3331 4 600 7 8 9 0 0000021 7 4442 4500 8 8 9 0 0000048 7 R4itsh ip bgp BGP table version is 9, local router ID is 14.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RiB-faclure, § Stale Origin codes: #~ IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Patit 1.00.0 33.3.1 0.600 > 4442 0 05001 2.000 33.3.1 0 0.6004 . 44.4.2 0.500 600i “3.000 © 44.4.2 0.500 600: . 3.3.31 0 0.6005 > 0.0.0.0 o 4.000 0.0.0.0 0 327681 - 4442 0 500i > 10000 33.3.1 0.600500 i > 4442 0 05001 2000.0 33.3.1 0.600% . 444.2 0.500 600i * 30.000 4.4.4.2 9.500 600i > 333.1 0 0.6001 > 40000 0.0.00 0 327681 Rae DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 108 Shane sateR3itsh ip bgp BGP table version is 10, local router 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, Stale Origin codes: 1 IGP, e- BGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 1000 33.32 0700 5001 Si 2221 0 100 Oi “12.000 2224 0 100 08 > 0.000 0 327681 * 3.000 33.3.2 o 0 700% > 0.0.00 0 327681 24000 33,32 o 07001 “i LLL 0 100 0500 10.000 33.3.2 0700 500 i Di LELT = 0 100 0.500: °>i20.0.00 2.2.2.1 0 100 01 30.000 0.0.00 0 327681 340000 33.3.2 0 07004 R3itsh ip route bgp B B B B B R2#sh ip bgp 1.0.0.0/8 {200/0} via 2.2.2.1, 00:23:23, 4.0.0.0/8 [20/0] via 3.3.3.2, 00:23:10 20.0.0.08 [20/0] via 2.2.2.1, 00:23:23 40.0.0.0/8 [20/0] via 3.3.3.2, 00:23:10 10.0.0.0/8 {200/0} via 1.1.1.1, 00:01:43 BGP table version is 9, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i- IGP, e -EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path “10000 1114 095007 > 0.0.00 0 32768 “12000 2222 0 100 0% > 0.0.00 0 327681 * 3000 111d 0500 7001 oi 2222 0 100 05 “i000 33.3.2 0 100 07001 > AAA 0 05001 310000 9 14.44 0 05005 > 20000 0.0.00 0 32768: 130000 2.222 0 100 05 * 40000 111d 0 500 700% >i B32 0 100 070 R2#tsh ip route bgp B B BGP Lab Workbook lL contents are 3.0.0.0/8 |200/0] via 2.2.2.2, 00:22:13 4.0.0.0/8 {20/0} via 1.1.1.1, 00:23:11 by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 copyright #2014 — 2015 all rights reserved. Page 109 (NETWGRI8B 40.0.0.08 [200/0] via 3.3.3.2, 00:00:18 B 10.0.0.0(8 (20/0) via 1.1.1.1, 00:23:11 B 30.0.0.0/8 [200/0] via 2.2.2.2, 00:22:13, To Change The Next Hop Behavior Of The BGP R2(confightrouter bgp 600 R2(config-router) #neighbor 2.2.2.2 next-hop-self R3(config)#router bgp 600 R3(config-router)ttneighbor 2.2.2.1 next-hop-self R3tsh ip bgp RGP table version is 11, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, RIB failure, § Stale Origin coves: i= IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path 1000 33. 0-700 5001 3 2221 0 100° 0: “12000 2224 0 100 0% > 0000 0 32768 * 3.0.0.0 0 700i > 32768 i > 4000 0 0700 i 0 100 050i * 100.00 0 700.500 i 3 0 100 0500 i20.0.00 0 100 03 > 3000.0 00.0.0 0 327681 40000 33.3.2 0 0700; R3tsh ip route bgp B 1.0.0.0/8 [200/0} via 2.2.2.1, 00:27:35 B 4.0.0.988 |200} via 3.3.5.2, 00:27 B 20.0.0.0/8 [2000] via 2.2.2.1, 00:2 B 40.0.0.088 [29/0] via 3.3.3.2, 00:27:22 B 10.0.0.0/8 {200/0} via 2.2.2.1, 00:01:56 R2Ash ip bgp BGP table version is 10, local router 1D is 12.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, S Stale Origin codes: i- IGP, e- BGP, ? - incomplete Network Next Hop ric LocPrf Weight Patit “i000 1tit 05007 > 0000 0 327681 sinoao 2222 0 100. 04 > ooo0 032768 DOP Lab Norkbook by Sikandar Goose Notouddin CCIE 5S, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage 1x0 __ CNET1300.0 2.2.2.2 0 100 0% “1400.0 2.2.22 0 100 070i > LLL 0 05001 10000 1AA1 a 05005 > 2000.0 0.0.0.0 0 32768; 7130000 2.22.2 0 100 05 * $00.00 LALI 0.500 700i Si 0 100 0700: R2itsh ip route bgp B_ 3.0.0.0/8 |200/0} via 2.2.2.2, 00:27:48 B_ 4.0.0.0/8 [20/0] via 1.1.1.1, 00:28:46 B 40,0.0.0/8 |200/0] via 2.2.2.2, 00:02:23 B 10.0.0.0/8 {20/0 via 1.1.1.1, 00:28:46 B_ 30.0.0.0/8 |200/) via 2.2.2.2, 00:27:48 TASK: Configure AS 500 to exit via R1- R4( AS 700) to reach AS 600 R1Ash ip bgp GP table version is 15, local router 1D is 11.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i~ internal, TRIB.failure, § Stale Origin codes: i IGP, e- EGP, 2 - incomplete Network Next Hop Metric LocPrf Weight Path >1000 0.0.00 0 32768; . 444.1 0-700 600: . LLL 0 0.6005 “2000 4441 0 700 600 i > LAL 0 0.6001 “3000 4441 0 0.700% > 111.2 06003 >4000 0.0.00 0 32768 . 44.4.1 0 0700: 1000.0 0.0.00 O 32768: 300.00 44.4.1 0-700 600 i > 111.2 06003 40.000 444.1 a 0 700i . 112 0.600 700% Riitsh ip bgp 20.0.0.0 BGP routing table entry for 20.0.0.98, version 6 Paths: (2 available, best #2, table Default-IP-Routing-Tabl Flag: 0x820 Advertised to update-groups 1 700 600 44.4.1 from 4.4.4.1 (14.0.3.1) Origitt IGP, localpref 100, valid, external on DOP tab Norkbock by Sikandar Goose Notouddin CCIE (R55, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage rr_ (NETOrigin IGP, metric 0, lculpref 10, valid, SPR Rittsh ip bgp 30.0.0.0 BGP routing table entry for 30.0.0.0/8, version 7 Paths: (2 available, best #2, table Default-IP-Rowting-Table) Flag: Ox820 Advertised to upadate-groups: 1 700 600 444.1 from 4.4.4.1 (14.0.3.1) Origin IGP, localpref 100, valid, external 1.1.1.2 (12.0.3.1) Origin IGP, localpref 100, valid, EPA Ri#traceroute 20.1.1 Type escape sequence to abort Tracing the route to 20.1.1.1 Ri#traceroute 301.11 Type escape sequence to abort Tracing the route to 30.1.1.1 56 msec 11.1.1.2 48 msev 40 msec 24 msec 22.2.2.2 [AS 600] 56 msec * 56 msec Ri (config) #router bgp 500 Ri (config-router)#neighbor 4.4.4.1 weight 4000 Ri (config-router)do clear ip bgp * soft Ri (config-rowter) end Ritsh ip bgp BGP table version is 20, local router 1D is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, rRIB-failure, § Stale Origin codes: i IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path > 1000 0.0.00 0 32768: . 4441 4000 700 6004 . 1AA2 0 0.600 i > 2.000 4.4.4.1 4000 700 600 4 - 1142 0 0.600 3.000 4.4.4.1 04000 7004 . 1142 0600: 68 i 4000 | aa00 0 : saat 0” ono 04 > i000 009 $2768 S200 4.4. TNE NNADOD 70 600 + ; 1? E00: Ss0000 | tat fo 700 600 DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (R58, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 112 Shane sate. LLL. 06003 40000 444.1 9 4000 700% . LLL 0.600 700i Ritsh ip bgp 30.0.0.0 BGP routing fable entry for 30.0.0.08, version 19 Paths: (2 available, best #1, table Default-1P-Routi Flag: 0x820 Advertised to upulate-groups: 1 700 600 4.4.4.1 from 44.4.1 (14.031) Origin IGP, localpr 100, EBEBOOOS at, AAS ooo 1.1.1.2 from 1.1.1.2 (12.0.3.1) Origin IGP, tocalpref 100, raid, external Table) RIAsh ip bgp 40.0.0.0 BGP routing table entry for 40.0.0.0/8, version 16 Paths: (2 available, best #1, table Default-IP-Routing-Tabl Flag: Ox820 Advertised to upuate-groups 1 700 Baro 4.4.4.1 1403.1) metric 0, loculpref 100, HEGRELOOOR aid, external, BL 111.2 from 1.1.1.2 (12.0.3.1) Origin IGP, localpref 100, valid, external Configure AS 500 to ensure that the return traffic from A\ as exit. ‘+ Path selection from AS-600 ( return traffic) should not be done based on AS-path (instead use MED) © Do not use local preference or weight in AS 600 -600 also should use the same path (R2-R3-R4) R24sh ip bgp BGP table version is 20, local router 1D is 12.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 7 RIB-failure, § Stale Origin codes: i IGP, e- EGP, 2 ~ incomplete Network Next Hop Metric LocPr- Weight Pati - 1000 1111 0 5001 > oa00 0 327681 32000 0000 0 327681 4 2222 0 10 08 “3000 T1414 0500 7001 si 2222 0 10 01 S 4000 1111 005001 “i 0 100 070i 320000 0000 0 32768 DOP tab Workbook by Sikandar Goose Notouddsn CCIE (R5S, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage rs _ QNETW130.000 2.22.2 0 100 0: 400.00 114. 9.500 7007 °I 2.2.2.2 0 100 0700: R2#traceroute 10.1.1.1 ‘Type escape sequence to abort Pracing the route t0 10.111 1 1.1.1.1 84 msec * 56 msec R3#sh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 28 Paths: (2 available, best #2, table Default-1P-Routing-Table) Advertised to update-groups: 2 700.500 3.3.3.2 from 3.3.3.2 (1403.1) Origin IGP, localpref 100, valid, external 500 3.1) Origin IGP, metric 0, lacalpref 100, valid, HERDER R3iftraceroute 10.1.1.1 Type escape sequence to abort racing the route to 10.1.1.1 12.2.2.1 104 msec 36 msec 2111.1 48 msec * 96 msec 24 msec ‘AS 600 is exiting via R2 as per the based on default AS path ( shortest AS- path) to reach AS 500 (10.0.0.0) + Inorder to ensure that we can ask AS 600 to configure local preference higher on R3( exit router) to prefer. Possible solutions : 1. Using local preference in AS 600 ( But here we cannot use local preference or weight inside AS 600 as per the requirement). 2. Modify AS-path ( Alternate solution will be, on AS 500 we can modify the AS-path and increase the AS-path while advertising to R2.( AS 600). 3. Using MED (here our requirment is modify the return traffic based on Metric and not based on AS- path) possible solutions using MED 1. ensure that both sides AS-path same ( preprend on R1-R2) and compare MED for external routes 2. tell AS-600 to ignore AS-path and use always MED( metric) for external routes R3itsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.088, version 28 Paths: (2 aowilable, best #2, table Default-IP-Routing-Table) Advertised to upidate-groups: 333.2 from 33.3.2 (403.1) ‘oP tab Worthook by Sikandar Gouse Moinuddén COIR (R&S, 3b) # 35022 é 2i1_contonte.ave_copyrignt, 2014 72015 ail rights reserved, page 114Origin IGP, localpref 100, valid, external 2.2.2.1 from 2.2.2.1 (12.0.3.1) Origin IGP, metric 0, localpref 100, ETHAN R3H Ri config) #route-map CCIE permit 10 Ri(config-route-map)# set metric 120 Rd config-route-map)# set as-path prepend 500 Ri (config-route- map) exit Ri (config) #router bgp 500 Ri (config-router)#neighbor 1.1.12 route-map CCIE out Ri (config-router) tend Rittelear ip bgp * soft R2#sh ip bgp BGP table version is 22, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, ht history, * valid, > best, 7 RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete internal, Network Next Hop Metric LocPrf Weight Patit *1000 9 LL1A 120 0.500.500; > 0.0.0.0 0 327681 >2000 0.0.00 0 327684 ti 2.2.22 0 100 0: “3000 111 120 (0.500.500 700i °i 2.2.2.2 0 100 4000 14.11 120 0.500.500 >i 2.2.2.2 0 100 0700: >20.0.0.0 0.0.0.0 0 32768: 130000 2, 0 100 0: * 0.000 1441 120 0.500.500 700i >i 2.2.2.2 0 100 0700: R2itsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.78, version 21 Paths: (2 aoailable, hest #2, table Default-1P-Routing- Table) Tag: 0x820 Advertised to upalate-groups: 700.500 2.2.2.2 from 2.2.2.2 (13.0.3.1) Origin IGP, metric 0, localpref 100, valid, GER TAA1 from VAL (1.0.3.1) Origin IGP, metric 120, localpre 100, valid, GINO DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 115 Shane sateR2 is still prefering from R1 to exit AS.. BGP best path is calculated based on EBGP prefered over IBGP( not using MED) learend routes not for EBGP by default MEd BGP always compare MED MED value even though applied but it is ignored the reason is MED value is compared only for IBGP In order to compare MED values for EBGP learned routes we need to add comand BGP always compare * You should use the MED in the route selection process only if both (all) paths come from the same A’ Use the bgp always-compare-med command to force the router to compare the MED even if the paths come ‘from differentautonomous systems. * You need to enable this option in the entire AS; otherwise, routing loops can occur. R3#sh ip bgp 100.0.0 BGP routing table eniry for 10.0.0.0/8, version 29 Paths: (2 available, best #1, table Default-IP-Rout ‘Advertised to update groups 7 001500 3.3.3.2 from 3.3.32 (14031) Origin IGP, focalpref 100, vat, SEAAINEESE 500 500 (2.2.2.1 from 2.2.2.1 (12.0.3.1) Origin IGP, metric 120, loelpref 100, cal, internal Fable) RYR3 Re(config) #rowter bgp 600 Rx(config-router) #bgp always-compare-med Re(config-router) exit R3#tsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 29 Paths: (2 available, best #1, lable Default-IP-Rowting-Table) Advertised to update-groups 1 700 500 3.3.3.2 from 3.3.3.2 (14.0.3.1) Origin IGP, localpref 100, valid, extermal, BSE 500 500 2.2211 from 2.2.2.1 (12.0.3.1) Origin IGP, metric 120, localpref 100, valid, internal R2#sh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 23 Paths: (2 available, best #1, table Default-1P-Routing-Table) Tag: 0x820 Not advertised to any peer 2.2.2.2 from 2.2.2.2 (13.0.3.1) Origin ICP, ED, ocaref 100, ed, EES 500 500 BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 116 (enerLALLA from LLL (1.0.3.1) Origin IGP, metric 120, locaipref 100, valid, external R2#traceroute 10.1.1.1 Type escape sequence to abort Tracing the route to 10.1.1.1 12.2.2.2 44 msce 88 msec 40 msec 23.3.3.2 44 msec 48 msec 48 msec 3.4.4.4.2 [AS 700] 80 msec * 96 misec R3#traceroute 10.1.1.1 Type escape sequence to abort. Tracing the route to 10.1.1.1 13.3.3.2 36 misee 100 msec 32 msec 2.4.4.4.2 [AS 700} 64 msec * 24 mse TASK: J+ Modify the same requirment without using prepending AS-path Risk run | s route-map neigithor 1.1.1.2 route-map CCIE out route-map CCIE permit 10 set metric 120 Ri(config)#route-map CCIE permit 10 Ri(config-route-map)#no set as-path prepend 500 Ri(config-route-map)texit R#clear ip bgp * soft R2Ash ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 24 Patits: (1 available, best #1, table Default-1P-Routing-Table) Advertised to updlate-groups: 2 500 LATA from 1.1.1.1 (1.03.1) Origin IGP, metric 120, localpref 100, valid, external, best Roe R3Hsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 30 Paths: (2 aoailable, best #1, table Default-1P-Routing-Table) Advertised to update-groups 500 2.2.2.1 fromt 2.2.2.1 (12.0.3.1) DOP tab Nonkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 117 Shane sateOrigin IGP, metric 120, localpref 100, valid, internal, best 700500 3.3.3.2 from 3.3.3.2 (1403.1) Origin IGP, localpref 100, valid, external + AS-path is compared for BGP path selection and shortest AS-path is prefered in order to ensure that path selection process to be done based on MED( metric) and not based on AS-patl ‘= we can Configure AS 600 routers to ignore AS-path and compare MED value © we are assuming that there is no local preference or weight used in AS 600 (incase if weight or localpreference used in AS 600 then it will not use MED) + MED is weaker metric than Localpreference or weight RYR3 Rx(config)#router bgp 600 Re(config-router)# bgp bestpath as-path ignore Rx(config-router)# bgp always-compare-med router)# exit Ruitclear ip bgp * soft R3itsh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.98, version 31 Paths: (1 aoailable, best #1, table Defuult-LP-Routing-Table) Flag: 0820 Advertised to update-groups 1 700 500 | 3:3:3.2 from 3.3.3.2 (14.0.3.1) Origin IGP, localpref 100, valid, external R2#sh ip bgp 10.0.0.0 BGP routing table entry for 10.0.0.0/8, version 25 Paths: (2 available, best #1, table Default-1P-Routing-Table) Tag: 0x820 Auvertised to updtate-groups: 1 700 500 2.2.2.2 from 2.2.2.2 (13.0.3.1) Origin IGP, metric 0, lacalpref 100, valid, internal, best 500 LATA from 1.1.1.1 (1.03.1) Origin IGP, mietric 120, lacalpref 100, valid, external oe tab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, 5?) # 38012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 116 Shane sateBGP Summarization (Aggregation): > It reduces the size of routing table > It minimize the rumber of routing updates. > More complex than IGP protocols > In order fo summarize atleast one subnet must be in the BGP table (Ht sh ip bgp) > Syntax R3(comfigh router hyp R3(config-router #aggregate-address

TASK: * configure BGP on RUR2/R3 as per the diagram + Advertise the loopback interfaces of K3 in BGP using Network command Ri (config)#router bgp 100 Ri(config-router)#no auto-summary Ri (config-router)#no synchronization Ri (config-router)#neighbor 1.1.1.2 remote-as 200 Ri (config-router)#network 10.0.0.0 Ri (config-router)#netework 1.0.0.0 RU (config-router) texit R2(config)#router bgp 200 R2(config-router)#neighbor 1.1.1.1 remote-as 100 R2(config-router)#neighbor 2.2.2.2 remote-as 300 R2¢config-router)#no auto-summary R2(config-router)#no synchronization R2(config-router) #network 20.0.0.0 R2¢config-router)#network 2.0.0.0 R2(config-router)#network 1.0.0.0 R2(config-router tend R3(config)#router bgp 300 R3(config-router)#no auto-summary R3¢config-router)#no synchronization R3(config-router)#neighbor 2.2.2.1 remote-as 200 BGP tab Workbook by Sikandar Gouse Moimuddin CCIE (R6S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 119 Shane sateR3(config-router)#network 2.0.0.0 R3(comfig-router) #network 30.0.0.0 R3¢config-router)#network 13.0.1.0 mask 255. R3(config-router)#network 13.0.2.0 mask 255. R3(config-router)#network 13.0.3.0 mask 255. R3(config-router)#end R2#sh ip bgp summary BGP router identifier 12.0,3.1, local AS number 200 BGP table ersion is 20, min rowling table version 20 9 network entries using 1053 bytes of memory 10 path entries using 520 bytes of memory 4/3 BGP puth/testpath attribute entries using 496 bytes of memory 2 BGP AS-PATH entries using 48 bytes of memory O BGP route-map cache entries using 0 bytes of memory ORGP filter-list cache entries using 0 byles of mentory BGP using 2117 total bytes of memory BGP activity 14/5 prefixes, 15/5 paths, scan interval 60 sees Neighbor VAS MsgReoud MsgSent TeiVer InQ OutQ Up/Dawm State/PfRedt 1LLL 4100 «6 9 15 0 OODOR38 2 2222 4 300 13 14 15 0 00000: 6 R2#sh ip bgp BGP table version is 20, local router 1D is 12.0.3.1 Status codes: s suppressed, d dampe RIB failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete history, * valid, > best, i- internal, Network Next Hep Metric LocPrf Weight Path * 71000 1141 0 01001 0.0.00 0 327681 2000 2.2.2.2 0 03004 > 0.0.00 0 327681 310000 111d 0 0100 > 20000 0. 0.0.0 0 327681 > 30.000 2.2. 2.2 0 03001 Rash ip bgp BGP table version is 10, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, I history, * valid, > best, i- internal, T RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path "1000 1412 0 02004 S 0.0.0.0 0 327687 2.000 11.12 0 0200: DOP tab Norkbook by Sikandar Goose Notauddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 120 Shane sate> 10.0.0.0 > 13.00.0724 > 13.0.1.0724 > 13.0.2.0724 "> 13.03.0724 > 2000.0 > 3000.0 0.0.0.0 LAI 112 112 1Ld2 11.1.2 LLL 0 327681 0.200.300; 0.200 300i 0.200.300 i 0.200.300 i 0 0.2004 200 300i TASK: © Configure R3 to summarize loopback routes as 13.0.0.0/22 R2#sh ip bgp | in 13 > 1300024 22.2.2 0 03003 > 1301024 22.2.2 0 030i 130.2024 2.2.22 o 03003 13.03.0245 2.2.2.2 0 03003 R3(config)#router bgp 300 R3(config-router)#aggregate-address 13.0.0.0 255.255,252.0 R3(config-router) tend R3itsh ip bgp BGP iable version is 12, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, lt history, * 1 RIB-failure, S Stale Origin codes: i IGP, e- EGP, ? - incomplete valid, > best, i internal, Network Next Hop Metric LocPrf Weight Path 21000 2.2.21 0 0200 “2000 24 0 02001 * 0.0.00 0 327681 "10000 2.2.2.1 0200 10; "20.000 2.2.2.1 0 02001 > 30.000 0.0.00 0 327684 R2ish ip bgp | in 13 13.00.0724 2.2.2.2 0 0300: "> 13.0,1.024 0 0300 > 130.2024 0 0300 "> 13.03.04 0 0300: © Aggregate-address command advertises the aggregate route along with the individual prefixes. © if we want to suppress(remove) those individual prefixes and advertise only the summary address we use summary-only command R3(confightrouter bgp 300 R3(config-router)#aggregate-address 13.0.0.0 255.255.252.0 2 BGP ab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 All contents are copyright #2014 — 2015 All rights reserved. (ener Page 121 Shane sateaddvertise-map Set condition to advertise attribute asset Generate AS set path information attribute-map Set attributes of aggregate nlri iri aggregate applies to route-map Set parameters of aggregate ippre map Conatitionaily filter more specific routes from updates R3(config-router)taggregate-address 13.0.0.0 255.255.252.0 SiiiiitarIPORL, R3¥SH ip bgp 13.0.0.022 BGP routing table entry for 13.0.0.0/22, version 12 Paths: (1 aoailable, best #1, table Default-IP-Routing-Table) Adeertised to update-groups 1 0.0.0.0 front 0.0.0.0 (13.0.3-1) Origin IGP, localpref 100, weight 32768, valid, aggregated, local, MUOMHCMRGFERALE, best + If you didn't specify any additional options to the command, it will create a new prefix in the BGP table, with an empty AS_ PATH. It would look like the new prefix was originated in the local AS. + The new prefix will automatically have the weight value of 32768 and get a special attribute called ATOMIC AGGREGATE assigned. ‘+ The ATOMIC AGGREGATE attribute is informational, and tells the other BGP speakers that this prefix is a result of route aggregation and some information (like AS PATH or other attributes) from the original prefixes may be missing. © BGP attaches another attribute called AGGREGATOR to the summarized prefix. This attribute specifies the AS number and the BGP router-ID of the aggregating router. + Just like the ATOMIC AGGREGATE, the new attribute is also informational. R3ash ip bgp | in 13 BGP table ersion i 16, local router 1D is 13.0.3.4 Bia0007s 0000 0 32768: “> 13.0.0.0/22 0.0.0.0 32768 i 13.0.1.024 0.0.0.0 oO 32768 i 13.0.2.0/24 0.0.0.0 oO 32768 i 13.0.3.0/24 0.0.0.0 oO 32768 i R2#sh ip bgp | in 13 "> 1300022 2.2. 0 03003 R2ish ip bgp 13.0.0.722 BGP routing table entry for 13.0.0.0/22, version 21 Paths: (1 available, best #1, table Default-1P-Routing-Table) Adoerlised to update-groups: 1 2.2.2.2 from 2.2.2.2 (13.0.3.1) Origin IGP, metric 0, lcalpref 100, valid, external, OADCERIB, BGP tab Workbook by Sikandar couse Motauddin CCIE (RES, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 122 Shane sateR2itsh ip bgp BGP table version és 25, local rowter 1D is 12.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, TRIB failure, $ Stale Origin codes: i IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path “1000 1111 0 0100: > 0.0.00 0 327681 2.000 2.2.22 0 0300 > 0.0.00 0327681 > 200.00 0.0.0.0 0 327681 > 30000 2.2.2.2 o 0300 ‘option * Aggregation hides information previous found in the specific prefixes. This includes all attributes, such as NEXT_HOP, AS PATH and so on. + The new prefix appears to be originated from within the local AS. + This causes no problems if all specific prefixes belong to the local AS. © However, when you summarize prefixes learned from other ASes, information hiding may result in the following 1. Suboptimal routing, due to the loss of path information, such as AS PATH, MED and so on. 2. Routing loops, as removal of AS_PATH attribute and replacement it with an empty list will prevent BGP loop-detection mechanism from working properly. * To overcome it, it is possible to insert a special new member into the AS PATH of the newly created summary prefix. + This can be done with an option called AS SET = Once we configure AS SET the AS numbers found in all AS_PATHs of the specific prefixes. This list of AS numbers is unordered, unlike the regular AS_ SEQUENCE element. It’s only use is for routing loop prevention mechanism. + when BGP receives a prefix it scans the AS PATH attribute. If the local AS number is found in any of the AS SET or AS SEQUENCE elements, the prefix is. dropped. By default, the aggregated address in BGP will not include the AS-Set information. © Inorder to force the use of this information, specify the as-set option © (Config-router)# aggregate-address as-set. TASK: © Continue with same configs and add R4 to existing topology + Configure R4 in AS 400 and advertise loopbacks of R4 in BGP Bop Lab Workbook by Sikandar Gouse Moinuddin CCIE (RES, sb) # 35012 (ener ALL contents are copyright 62014 — 2015 All rights reserved. Page 123a 3 loopback (ey 13.0.01/28 ». 2y7013.0.1.1/24 @ 13.0.2.1/24 140.0:1/28 31/28 1021/24 RA(confightrouter bgp 400 RA(config-router) #no auto-summary R4(config-router) #no synchronization R4(config-router) #neighbor 3.3.3.1 remote-as 300 R4(config-router) #netework 40.0.0. R4(config-router) network 14.0.0.0 mask 255,255.255.0 R4(config-router) #nctwwork 14.0.1.0 mask 255,255.2: RA (config-router)#network 14.0.2.0 mask 255. RA (comfig-router) #network 14.0.3.0 mask 255.255.255.0 Ré(config-router) end R3(configh#router bgp 300 R3(config-router)nzighbor 3.3.3.2 remote-ts 400 R3(comfig-router) tend R3itsh ip bgp summary BGP router identifier 13.0.3.1, local AS number 300 BGP table version is 21, mains routing table version 21 15 netcoork entries using 1755 bytes of memory 15 path entries using 780 bytes of memory 6/> BGP path/bestpath attribute entries using 744 bytes of memory 3 BGP AS-PATH entries using 72 bytes of memory O BGP route-map cache entries using 0 bytes of memory ORGP filter-list cache entries using 0 byles of mentory BGP using 3351 total bytes of memory BGP activity 15/0 prefixes, 15/0 paths, scan interval 60 secs BoP tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, 3®) # 35012 (NETWSRI Ail contents are copyeighe €20i4 ~ 2016 all rights resceved. Page 124 oanNeighbor VAS MsgRcod MsgSent ThiVer InQ OutQ Up/Down State/PfsRet 2221 4 200 20 18 16 0 OOOII27 4 R3tsh ip bgp BGP table version is 21, local router ID is 13.0.3.1 Status codes: suppressed, d damped, it history, * cali, > best i internal, TRIB failure, S Stale Origin codes: i- IGP, e- EGP, ?- incomplete Network Next Hop. Metric LocPef Weight Path 100.0 2.2.2.1 0 02001 * 20.00 21 0 0200: > 0.0.0.0 0 32768% 210000 2.2.21 0.200 100; © 13.00.04 0.0.0.0 0 32768% 13.00.02 0.0.0.0 32768 i Ss? 13.0.1.024 0.0.0.0 0 32768 > 13.0.2.024 0.0.0.0 0 32768 > 13.03.024 0.0.0.0 0 327681 20000 2.2.2.1 0 02001 3000.0 0.0.0.0 0 327684 > 0.00.0 33.32 0 04001 TAS Configure R2 to Summarize the Loopbacks of RA (14.0.0.0) R2#sh ip bgp | in 14 "> 14.00.024 2.2.2.2 0.300 $00 i PMOLO2S 2.222 0.300 400i 02024 2.2.22 0.300 400i F14.03.024 2.2.2.2 0.300 400i R2(config)#router bgp 200 R2(config-router) #aggregate-address 14.0.0.0 255.255.252.0 summary-only R2(config-router)#end R2itsh ip bgp | in 14 > 14.0.0024 2.2.22 0.300 400 i > 14.0,1.024 0.300 400i s> 14.0,2.024 0.300 400 1 > 403.024 (0.300 400i R2ish ip bgp 14.0.0./22 BGP routing table entry for 14.0.0.0/22, version 31 Paths: (1 available, best #1, table Defalt-1P-Rowting-Table) Flag: 0x820 Advertised to update-groups DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (R55, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 125 Shane sate0.0.0.0 front 0.0.0.0 (12.0.3.1) Origin IGP, localpref 100, weight 52768, valid, aggregated, local, AESRTEEABGRERIT, best R2#sh ip bgp BGP table version is 25, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, t history, * cali, > best, i internal, TRIB failure, S Stale Origin codes: i- IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path * 1000 144d 0 0100: > 0.0.00 0 327681 “2000 2.2.22 o 0.300 > 0.0.00 0 327681 210000 114.1 0 01001 5 13.0002 2.2.2.2 0 0300; 1400024 2222 = 03004001 "> 14.00.02 0.0.0.0 32768 i 2000.0 0.0.0.0 0 32768; > 30.000 2.2.2.2 0 001 40.000 2.2.2.2 0.300.400 + The Atomic Aggregate is simply a Well-Known Optional attribute * it indicates that the prefix has been aggregated. + that specifies that this is an aggregated route that might or might-not be originated from the advertising AS, Rlitsh ip bgp BGP table version is 35, local router 1D is 1.0.3.1 Status codes: s suppressed, d damped, h history, * lid, > best, i ~ internal, RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPyf Weight Path 1000 1112 0 02001 > 0.0.00 0 327681 22000 1112 0 02004 10000 0.0.00 0 327687 > 13.00.22 1.1.1.2 0200 300 20000 1112 0 02001 330000 © 11.12 0200 300% 340000 11.12 0200 300 400 i R3#sh ip bgp | in 14 > 14.0.0.024 — 3.3.3.2 oO 04003 S14010At 3332 004001 DOP tab Norkbook by Sikandar Goose Notoddin CCIE (Res, SP) # 35012 Getwer Bir coneante are copysighe #2004 7 2015 All cighta ‘reserved, rage 126 EDS> M02024 3332 0 04003 SM03024 3332 0 04003 Raitsh ip gp | in 14 BGP table version is 13, local rowter ID is 14.03.1 > 14.00.024 0.0.0.0 0 32768 > 140.L024 0.0.00 0 32768 21402024 0.0.00 0 32768% 2 14.03.024 0.0.0.0 0 327681 TASK: © Configure R2 to preserve the AS path information along with agregate address R2sh ip bgp 14.0.0.722 AGP routing table entry for 14.0.0.02, version 37 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: Ox820 Advertised to update-groups: 1 0.0.0.0 front 0.0.0.0 (12.0.3.1) Origin IGP, localpref 100, weight 32768, valid, aggregated, ERTS REGRERAT, best R2# sh ip bgp BGP table version is 37, local router ID is 12.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, TRIB failure, S Stale Origin codes: i= IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPr{ Weight Path * 1000 14414 0 0100: > 00.0.0 0 327681 2000 0.000 0 327684 310000 11.11 0 01001 13.00022 2222 9 0300 s> 140.0024 2.2.2.2 0.300 400 i 1400022 0000 = 32768: S014 22.2 0.300 400 i 1402024 2222 0300 4005 S 14.03.024 2.2.2.2 0 300 400i > 20000 0.0.0.0 0 327681 30.000 2.2.2.2 0 03007 40.000 © 2.222 0300 400i ate gp | in 4, R2(config)ttrouter bgp 200 R2(config- router) Haggregate-address 14.0.0.0 255.255.2 advertise map. Set condition to advertise attribute DOP Lab Norkbook by Sikandar Goose Motoeddin CCIE (RES, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 127 Shane sateattribute-map Set attributes of aggregate route-map Set parameters of aggregate summary-only Filter more specific routes from updates suppress-map Conditionally filter more spec ic routes from updates R2(config-router)#aggregate-uaddres $ 14.0.0.0 255.255.252.0 summmary-only as-set R2¢comfig-router)#end R2itsh ip bgp 14.0.0.022 BGP routing table entry for 14.0.0.0/22, version 38 Paths: (I aoaitabl, best #1, table Defaull-IP-Routing-Table) Flag: 0x820 Audvertised to update-groups: 1 0.0.0.0 front 0.0.0.0 (12.0.3.1) Origin IGP, localpref 100, wwvight 32768, valid, aggregated, local, best R1#sh ip bgp | in 14. 1400022 L112 0 0.200.300.4004 TASK: verify AS-set with other example © Connect R5 to R1 and configure BGP as per the diagram BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) # 35012 ALL contents are copyright 62014 — 2015 All rights reserved. Page 128 (ener2 loopbeciN, 32008/36 feo" s, Ssrvericta m4 ieptems Mostar mois ye ages owas} Stes enue / 3 Ratu eis 3 1s 400 2 Ri (config) #router bgp 100 Ri(config-router)¥neighbor 10.1.1.5 remote-as 500 Ri config-router}exit (config) Hrouter bgp 500 R5(config-router)#ncighhor 10.1.1.1 remote-as 100 R5(config-router) network 10.0.0.0 R5(config-router)#no auto-summnary R5(config-router}no synchronization R5(config-router}end TASK: * Advertise the loopback interfaces of R2 (12.0.0.1/24, 12.0.1.1/24, 12.0.2.1/24, 12.0,3.1/24) in BGP + Add lopback interfaces on R4 as given and adveritsed them in BGP on R& © (12.0,10.1/24, 12.0.11.1/24, 12.0.12.1/24, 12.0.103.1/24) R2(config) router bgp 200 R2(config-router)# network 12.0.0.0 mask 255.255,255.0 R2(config-router)# network 12.0.1.0 mask 255,255,255.0 R2(config-router)¥# network 12.0.2.0 mask 255,255,.255.0 R2(config-router)# network 12.0.3.0 mask 255,255.255.0 R2(config-router exit BGP ab Workbook by Sikandar Gouse Moimuddin CCIE (R&S, SP) # 35012 NETWORI All contents are copyright #2014 — 2015 All rights reserved. Page 129 Gane saeRa(configh#int loop 10 RA(configei# ip address 12.0.10.1 Ré(config-i# int loop TL Ré(config-i)# ip address 12.0.11.1 255.255.255.0 RA(configeiN# int loop 12 RA(config-ip ip address 12.0.12.1 259.255,255.0 R4(config-i# int loop 13 RA(config-iN# ip address 12.0.13.1 255.255.255.0 RA(config-ip exit 255.255.0 Ra(config)ttrouter bgp 400 Ra(config-router}#network 12.0. 10.0 mask 255.255,255.0, Ra(config-router}#network 12.0.11.0 mask 255.255,255.0 Ra (conrfig-router network 12.0.12.0 mask 2 0 RA (congig-router)#netarork 12.0.13.0 mask 255.255,.255.0 Ré(config- router ena TASK: + Configure R1 to summarize the 12. Networks (in to one summary address) before it advertises to other routers (R5) Rosh ip bgp | in 12 GP table version is 34, focal router 1D is 12.03.1 > 12.00.0724 0.0.00 0 32768: “120.1024 0.0.00 0 327681 1202024 0.0.0.0 0 327681 1203.24 0.0.0.0 0 327681 > 12010024 2.222 0.300 400 1201124 2.2.2.2 0.300 400i > 120.1204 2.2.22 0.300 4001 > 12.013.024 2.2.2.2 0300 400 Rl #sh ip bgp | in 12 1200024 1.1.1.2 0 02001 1201024 1112 0 020i 1202024 11.2 0 02003 > 12.03.0724 11.1.2 0 02003 °> 12010024 11.1.2 0200 300 400 i 12011024 11.12 (0.200 300 400 i > 12012.024 1.1.1.2 200 300 400 P12013.024 11.12 0200 300 400 i Ri (config)trouter bgp 100 Ri (config-router)aggregate-address 12.0.0.0 255.255.240.0 summary-only Ri (config-router)#end Ri#sh ip bgp | in 12 s> 12.0.0.0/24 1.1.1.2 0 02007 > 1200.020 0.000 = 32768i 1201024 1112 002001 s> 12.0.2.024 1.1.1.2 oO 0.200% s* 12.03.04 1.1.1.2 oO 02001 s> 12.0.10.024 1.1.1.2 0 200 300 400 i BGP Lab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer Ail contents are copyeighe €20i4 ~ 2016 all rights resceved. Page 130 oans> 12011024 1.1.1.2 0.200 300 400 s> 12.0.12.024 1.1.1.2 0.200 300 400 i > 12.0.13.024 11.1.2 0.200.300 400 i R5itsh ip bgp GP table version is 10, local router ID is 10.1.1.5 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 7 RIB-failure, § Stale Origin codes: i IGP, e- EGP, ? ~ incomplete Network Next Hop Metric LocPrf Weight Path 21000 © 10.141 a 01003 2000 10.111 0.100 200i * 100.00 10.1.1.1 0 01001 > 0.0.0.0 0 32768: > 12.0.0.920 1.1.1.1 0 01003 > 13.0.0.022 10.1.1.1 0.100 200 300 i "> 14.00.0722 10.1.1. 0.100 200 300 400 i °>20.0.0.0 — 10.1.1.1 0100 200 i 3000.0 101.11 0 100 200 300 ¢ 4000.0 10.1.1.1 0100 200 300 400 i R5ish ip bgp | in 12 > 12.00.020 10.1.1.1 0 01008 TASK: Confiure R1 to preserver the AS path information when summarizing 12. Networks Rlitsh ip bgp | in 12 S> 1200024 1.1.1.2 2003 > 12.00.020 0.0.00 32768: 2 DOLOPS 14.1.2 i 0.200: 1202024 11.12 0 02003 1203024 1.1.1.2 0 0200: 12010024 11.12 0200 300 400 i S1201LO24 11.12 0200 300 400 i 12012024 1112 0200 300 400 i 212018024 11.1.2 0200 300 400 i Ri (configh#router bgp 100 Ri(config-routerytaggregate-address 12.0.0.0 255.255.240.0 summa RU (config-router)#end Ri ash ip bgp | in 12 Of4 111. oO 0200 > 12.00.0720 0.0.00 100 32768 {200,300,400} 1 s>12.0.1.0/24 1.1.1.2 oO 0.200% s> 12.02.04 1.1.12 oO 0.200% s>12.0.3.0/24 1.1.1.2 oO 02007 Sarge 1112 0200 300 400 © otgps 1112 200 300 400 1 © 12012024 1112 0200 300 400i s> 12.0.13.0/24 1.1.1.2 0 200 300 400i DOP tab Norkbook by Sikandar Goose Notouddin CCIE (R59, SP) # 35012 Getwer Bir coneante are copystghe #2004 7 2015 All ighta ‘reserved, rage 1x _ CNETRl iish ip bgp 12.0.0.920 BGP routing table entry for 12.0.0.0/20, version 48 Paths: (1 available, best #1, table Default-1P-Routing-Table) Advertised to update-groups 1 200,300,400}, (aggregated by 100 11.0.3.1) (0.0.0.0 from 0.0.0.0 (1.0.3.1) Origin IGP, localpref 100, weight 32768, valid, aggregated, loca, best R5ftsh ip bgp | in 12 "> 1200020 10.1.1.1 0 0100 {200,300,400} SUPPRESS-MAP: © When you specify the summary-only keyword, all specific prefixes are suppressed. * [tis possible to suppress prefixes selectively, using a route-map associated via the parameter suppress- map. + The prefixes permitted by this route-map are suppressed; prefixes denied by this route-map are NOT suppressed when performing summarization. TASK: BGP Aggreation using Suppress-map + Adverise the 11. Loopback interfaces through redistribution in to BGP + Configure R1 to advertise the summary address (11.0.0.0/22) along with two speciifife prefixes( 11.0.0.1/24, 11.01.1724) Use BGP Aggregation with suppress map DOP Lab Norkbook by Sikandar Goose Notouddin CCIE (5S, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 132 Shane sate% a0. 4/e aoailae yoo 4 : ew. nae Se iaais 3 map eszum | nats ae om . Sate nerves Teosvae’ ia0ie/st Metuas igeiaat ious iaelzi/ae Bienes Beanies 7 ores Ri(config) #route-map CONNECTED permit 10 Ri (config-route-mup) #match interface loopback 0 RI (config-route-nup)#match interface loopback 1 Ri(config-route-mup)#match interface loopback 2 R1(config-route-map)#match interface loopback 3 Ri(config-route-ruap)#texit Ri(confightrouter bgp 100 couter)#redistribute connected route-map CONNECTED couter)Hend RU (config Rlash ip bgp | in 1 BGP table version is 52, local router ID is 1.0.3.1 > 11.00.0724 0.0.0.0 0 32768? 110.1024 0.0.0.0 0 32768? 110.2024 0.0.0.0 0 32768? > 11.03.024 0.0.0.0 0 32768? SOILS 1.1.1.2 0.200 300 400 i Ri(config) access-list 11 permit 11.0.2.0 0.0.0.255 Ri (configh#access-list 11 permit 11.0.3.0 0.0.0.255 OR RI (configh# access-list 11 deny 1.0.1.0 0.0.0.255 Ri(configi# access-list 11 deny 1.0.0.0 0.0.0.255 Riconfigh# access-list 11 permit any BoP Tab Workbook by Sikandar Gouse Moinaddin CCIE (R&S, 3°) # 35012 (NETWSRI Ail contents are copyeighe €20i4 ~ 2016 all rights resceved. Page 133 oanRi (config)#route-map SUP permit 10 Ri(config-route-map)#match ip address 11 Ri(config-route-map) texit Ri(config)#router bgp 100 Ri (config-router)#aggregate-address 1.0.0.0 255.255,252.0 suppress RU (config-router)# end map SUP summary-only Rsk ip bgp | in 11 BGP table version is 69, local router ID is 11.0.3.1 11.02.0248 0.0.0.0 32768 ? 03.024 0.0.0.0 0 32768? S 120124 1.1.1.2 0200 300 400 i R2Ash ip bgp | in T1 21100024 1111 0 0100? 1100.22 1111 0 010% 1101024 1111 0 0100? > 1201124 2.2.22 0.300 4001 RStsh ip bgp | in 1 > 1100024 10.111 0 0100? > 1100.022 101.11 0 0100% 1101024 10111 o 0100? UNSUPPRESS-MAP Local networks are advertised into BGP and aggregated by the border BGP speakers. + Itis often desirable to load-balancing traffic ingress to the local AS, so that traffic to some subnets enters via one BGP peer and the other peer is used as the entry point for other subnets. * Tto accomplish this, you need to advertise all specific prefixes on both uplinks and use AS_PATH prepending to modify prefixes preference. + This scheme implements load balancing and provides backup in case of any uplink failures + To implement this technique, you may use the unsuppress-mapBGP feature. This feature could be only configured on the router that performs prefix aggregation using the command aggregate-address .. summary-only. + The feature uses a special route-map that matches and permits the prefixes need to be unsuppressed. The feature is applied only on per-neighbor basis TASK: # Remove the Aggregation done on the R1 in the previous task. © Confiure R1 to advertise 11.0.0.0/24, 11.0.1.0/24 (unsuppress) when it adveritse only to R2 along with summary Route. + The other neighbors should receive only summary routes and should not recieve the above two routes mentioned. RA (config) #no access-list 11 BGP ab Workbook by Sikandar Gouse Moinuddin CCIE (R68, SP) # 35012 Getwer ALL contents are copyright 62014 — 2015 All rights reserved. Page 134 Shane sate