Apr 16

This is the default BGP behavior. Just turn on BGP, configure it correctly and everything is OK. No really worries about this.
Same for this point, this is the default BGP behavior.
For the first part: This is the default BGP behavior. For the second part: we do not want to go to AS4 via AS2 AS1 AS3 and AS4 between the unless link is down. We can reach this target using local preference. But anyway also we want to use the community attribute to simplify the policy for adding new customers. So let’s do this conf RTC:

router bgp 1
network 192.68.11.0
neighbor 172.16.20.2 remote-as 4
neighbor 172.16.20.2 send-community
neighbor 172.16.20.2 route-map out setcommunity
neighbor 192.68.6.1 remote-as 2
no auto-summary
route-map permit 10 setcommunity
community in September 4:40

Let’s start with the route map setcommunity: we are just going to set to the community, nothing more.
The Same mirrored configuration should be applied to RTD.
Now let’s go to configure some actions if we are going to see this community coming to Our AS4.
This is what we should do to RTA into:

router bgp 4 network 172.16.220.0 mask 255.255.255.0 neighbor 172.16.1.2 remote-as 3 neighbor 172.16.1.2 route-map in CHECK_COMMUNITY neighbor 172.16.20.1 remote-as 1 neighbor 172.16.20.1 route-map CHECK_COMMUNITY in no auto-summary ip community-list 2 permit ip community-list 3 4:40 4:60 permit route-map permit 10 match community CHECK_COMMUNITY September 2 local-preference 40 route-map permit 20 match community CHECK_COMMUNITY September 3 local-preference 60 route-map permit CHECK_COMMUNITY September 30 local-preference 100

With the above commands if we are just checking in from our neighbors we are receiving RTA some routes with the community attributes. Know if we do set:

  • to local preference of 40 if community is 4:40
  • to local preference of community is if 60 4:60
  • to local preference of 100 by default

Then we will proceed setting up the router RTF:

router bgp 3
network 172.16.10.0 mask 255.255.255.0
network 172.16.65.0 mask 255,255,255,192
neighbor 172.16.1.1 remote-as 4
neighbor 172.16.1.1 send-community
neighbor 172.16.1.1 route-map out setcommunity
neighbor 192.68.5.2 remote-as 2
no auto-summary
setcommunity route-map permit 10
community in September 4:60

In a nutshell all the routes from 4:60 RTF are tagged with community and They Are Going To Have a preference of 60 in RTA.

Let’s check what is the result of this Configuration:

RTA # sh ip bgp BGP table version is 11, local router ID is 172.16.2.254 Status codes: s suppressed, d damped, h history, * valid,> best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP,? - Incomplete

Network Next Hop Metric LocPrf Weight Path
* 172.16.1.0/24 172.16.1.2 0 60 0 3 i
*> 0.0.0.0 0 32768 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
* 172.16.10.0/24 172.16.20.1 40 0 1 2 3 i
*> 172.16.1.2 0 60 0 3 i
* 172.16.20.0/24 172.16.20.1 0 40 0 1 i
*> 0.0.0.0 0 32768 i
* 172.16.65.0/24 172.16.20.1 40 0 1 2 3 i
*> 172.16.1.2 0 60 0 3 i
*> 172.16.220.0/24 0.0.0.0 0 32768 the
* 192.68.5.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 0 60 0 3 i
* 192.68.6.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
* 192.68.10.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
*> 192.68.11.0 172.16.1.2 60 0 3 2 1 i
Network Next Hop Metric LocPrf Weight Path
* 172.16.20.1 0 40 0 1 i

Show ip bgp from this you can see:
And 172.16.10.0 172.16.10.65 with two paths and we do want this. We Do not Want Able to reach AS3 via AS4 AS1 and AS2. Anyway We Can Observe That one route has a preference and the other of 40 of 60.

Same for 192.68.10.0: one route has 60 and the other 40. The best path is through AS3 and we want this.

Next step is going to work well with path filtering.

As AS4 should not be able to reach AS3 and AS1 via AS2.
Reaching this target for we are going to use the ip as-path access lists:

ip as-path access-list 2 permit _2_ ip as-path access-list 10 permit ^ $ ip as-path access-list 10 permit ^ $ 2

There first one, the number 2, is going to match all the routes with 2 in the AS path.
The AS-path access list 10 is going to match local routes and routes with 2 as at the last AS in the path.

Then we have to apply to list that matches this filter conditions:

Router bgp 1
neighbor 172.16.20.2 filter-list 10 out

and then let’s go to apply the community only 4:40 for the matches in ip as-path access-list 2:

route-map permit 10 setcommunity
match as-path 2
community in September 4:40
route-map permit 20 setcommunity

The Same configuration, mirrored but, has to be applied on RTD.
After a clear ip bgp * we can see the final result:

RTA # sh ip bgp
BGP table version is 13, local router ID is 172.16.2.254
Status codes: s suppressed, d damped, h history, * valid,> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP,? - Incomplete

Network Next Hop Metric Weight LocPrf Path
*> 172.16.1.0/24 0.0.0.0 0 32768 i
* 172.16.1.2 0 60 0 3 i
*> 172.16.2.0/24 0.0.0.0 0 32768 the
*> 172.16.10.0/24 172.16.1.2 0 60 0 3 i
* 172.16.20.0/24 172.16.20.1 0 100 0 1 i
*> 0.0.0.0 0 32768 i
*> 172.16.65.0/24 172.16.1.2 0 60 0 3 i
*> 172.16.220.0/24 0.0.0.0 0 32768 i
* 192.68.5.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 0 60 0 3 i
* 192.68.6.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
* 192.68.10.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
*> 192.68.11.0 172.16.20.1 0 100 0 1 i

So:
172.16.10.0 and 172.16.65.0 are reachable only via RTF with a preference of 60.
192.68.10.0 is reachable via two ways but with preference highest via AS3.
AS3 via AS4 can not reach customer’s ass.

Posted in Lab |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Designed By :Xperwebbuilder.com  All Right Reserved