Basic BGP Lab

Download as pdf or txt
Download as pdf or txt
You are on page 1of 19

2016/01/17 04:05

1/19

Basic BGP Lab

Basic BGP Lab


Introduction
The purpose of this exercise is to:
Understand the routing implications of connecting to multiple external domains
Learn to congure basic eBGP to exchange routing information with multiple external peers and
iBGP to carry that information inside your network.

Pre-requisites
This exercise builds upon the congurations implemented in the IS-IS + Static routing lab. You must
be able to:
Ping your neighbour router in the same AS using its loopback address (both IPv4 and IPv6!).
Ping your neighbour routers in other ASs using their point-to-point link addresses.
Note: Actually, if everyone congured their IS-IS and static routes properly in the previous exercise,
you should be able to ping all other routers in the lab using their loopback address.

Address Space Allocation


Refer to the IP Address Plan document for information about the IP address plan for the network
infrastructure for these labs.

Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

iBGP Conguration
Enable the BGP process
Before we set up iBGP, we need to do some basic preparation on the router. The Cisco IOS defaults
are not optimised, so before we bring up BGP sessions, we should set the parameters that we require.
On Cisco routers, the default distance for eBGP is 20, the default distance for iBGP is 200, and the
default distance for IS-IS is 115. This means that there is a potential for a prex learned by eBGP to
override the identical prex carried by IS-IS. To protect against accidents, the eBGP distance is set to
200 also.
The command to do this is the distance bgp subcommand:
distance bgp <external-routes> <internal-routes> <local-routes>
We also want to:
Enable logging of BGP neighbour state changes
Congure deterministic calculations of MEDs
Disable the automatic exchange of IPv4 unicast routes on every peering session.
This must be done in all future BGP congurations of this workshop.
On BX1, BX2 and CX1:
router bgp X0
bgp log-neighbor-changes
bgp deterministic-med
no bgp default ipv4-unicast
!
address-family ipv4
distance bgp 200 200 200
!
address-family ipv6
distance bgp 200 200 200
!

Congure iBGP neighbours


As you will remember from the presentation, iBGP needs to be fully meshed. We have three routers in
our Group, so we need to set up iBGP between all three - which means that each router will have two
iBGP neighbours.
First, make sure that you can ping the other routers using their loopback addresses. If you cannot
ping them, there is no possibility that the BGP session will come up!
On BX1 peering with BX2:
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

3/19

Basic BGP Lab

router bgp X0
address-family ipv4
neighbor 100.68.X0.2 remote-as X0
neighbor 100.68.X0.2 update-source loopback 0
neighbor 100.68.X0.2 description iBGP with BX2
neighbor 100.68.X0.2 password NSRC-BGP
neighbor 100.68.X0.2 next-hop-self
neighbor 100.68.X0.2 send-community
neighbor 100.68.X0.2 activate
!
address-family ipv6
neighbor 2001:db8:X0::2 remote-as X0
neighbor 2001:db8:X0::2 update-source loopback 0
neighbor 2001:db8:X0::2 description iBGP with BX2
neighbor 2001:db8:X0::2 password NSRC-BGP
neighbor 2001:db8:X0::2 next-hop-self
neighbor 2001:db8:X0::2 send-community
neighbor 2001:db8:X0::2 activate
You need a similar conguration for BX1 peering with CX1. What needs to change from the above
conguration example?
On BX2:
router bgp X0
address-family ipv4
neighbor 100.68.X0.1 remote-as X0
neighbor 100.68.X0.1 update-source loopback 0
neighbor 100.68.X0.1 description iBGP with BX1
neighbor 100.68.X0.1 password NSRC-BGP
neighbor 100.68.X0.1 next-hop-self
neighbor 100.68.X0.1 send-community
neighbor 100.68.X0.1 activate
!
address-family ipv6
neighbor 2001:db8:X0::1 remote-as X0
neighbor 2001:db8:X0::1 update-source loopback 0
neighbor 2001:db8:X0::1 description iBGP with BX1
neighbor 2001:db8:X0::1 password NSRC-BGP
neighbor 2001:db8:X0::1 next-hop-self
neighbor 2001:db8:X0::1 send-community
neighbor 2001:db8:X0::1 activate
You need a similar conguration for BX2 peering with CX1. What needs to change from the above
conguration example?
Also, what do you think the conguration for CX2 would look like? Is it similar? What is dierent? The
instructors will discuss this in class during the exercise. There is a Cisco IOS conguration scaling
feature called a peer-group. Many network operators using Cisco IOS routers use peer-group to scale
their BGP congurations.

Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

Once the conguration has been entered, check the conguration as displayed by the router:
show run | begin router bgp
Notice how the router has rearranged the BGP conguration, separating the generic from the
address-family specic conguration.
Check that the BGP sessions are up on both sides.
show ip bgp summary
show bgp ipv6 unicast summary
Explaining some of the above commands we used for the BGP conguration:
update-source species the interface which should be used as the source of all BGP packets
originated by the router. The default is the outgoing interface.
next-hop-self tells iBGP to use the source address of the BGP update message as the value of the
next-hop attribute sent to the iBGP peer, rather than the default value which is the IP address of the
router that we heard the BGP update from.
send-community tells BGP to include the BGP community attribute when sending BGP updates to
neighbouring BGP speakers. Cisco IOS does not include the community attribute by default. It is
important to send BGP communities to all iBGP neighbours, but be very careful about sending
communities to external BGP neighbours, as we will see in the following BGP Policy Lab.
activate tells the router to activate this BGP peering inside this address family. At the time of writing,
Cisco IOS activates IPv4 peers automatically inside IPv4 address families, but does not activate IPv6
peers inside IPv6 address families. Safest just to include the conguration in all templates.

Advertise your network


Use the network command to tell BGP which prexes you want to announce. We will do this on all
routers in our group (although strictly it is sucient to do this on CX1 given that if the Core Router
goes down, the campus has no connectivity to the Internet at all).
On BX1, BX2 and CX1:
router bgp X0
address-family ipv4
network 100.68.X0.0 mask 255.255.255.0
address-family ipv6
network 2001:db8:X0::/48
Get the list of learned paths:
show ip bgp
show bgp ipv6 unicast
Do you see any paths? Why not?
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

5/19

Basic BGP Lab

Create a static route for the prex being announced on each router:
On BX1, BX2 and CX1:
ip route 100.68.X0.0 255.255.255.0 null0
ipv6 route 2001:db8:X0::/48 null0
These are called a pull up routes
Get the list of learned paths again. You should see both your prex and the neighbours.
Q. Why are these routes needed?
STOP - Checkpoint One
All groups must nish this part before continuing. Please do NOT continue until the instructor
says so.

Multihoming - eBGP Conguration


Connect to the NREN
Congure your BX1 router to connect to the NREN with a point-to-point link.
NRENs: Use the conguration in the Appendix.
On B11:
interface GigabitEthernet1/0
description P2P Link to NREN1
ip address 100.101.1.2 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:11:0:10::1/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
Make sure that it's up and that you can ping the other side:
B11# ping 100.101.1.1
B11# ping 2001:11:0:10::0
Do some traceroutes to other networks again:

Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

B11# traceroute 100.68.20.1


B11# traceroute 100.68.30.1
Has anything changed since the last exercise?
Notice that before we had only one connection to the Internet - via the ISP. Now we have two. But we
are still using a default route pointing to the ISP only!
We could add another default route pointing to the NREN, but that would not give us much exibility
in terms of trac policies. Keep going.

BGP-peer with the NREN and the ISP


Congure eBGP sessions to the ISP and the NREN
On B11:
router bgp 10
address-family ipv4
neighbor 100.101.1.1 remote-as 101
neighbor 100.101.1.1 description eBGP with NREN1
neighbor 100.101.1.1 password NSRC-BGP
neighbor 100.101.1.1 activate
!
address-family ipv6
neighbor 2001:11:0:10:: remote-as 101
neighbor 2001:11:0:10:: description eBGP with NREN1
neighbor 2001:11:0:10:: password NSRC-BGP
neighbor 2001:11:0:10:: activate
Notice that with eBGP we no longer use the loopback address as the endpoint of the BGP
session, as we did with iBGP. Why?
On B12:
router bgp 10
address-family ipv4
neighbor 100.121.1.1 remote-as 121
neighbor 100.121.1.1 description eBGP with ISP1
neighbor 100.121.1.1 password NSRC-BGP
neighbor 100.121.1.1 activate
!
address-family ipv6
neighbor 2001:18:0:10:: remote-as 121
neighbor 2001:18:0:10:: description eBGP with ISP1
neighbor 2001:18:0:10:: password NSRC-BGP
neighbor 2001:18:0:10:: activate
Check that the BGP sessions are up on both routers:
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

7/19

Basic BGP Lab

show ip bgp summary


show bgp ipv6 unicast summary
Once those are up, check if you are learning any prexes:
B11# show ip bgp neighbor 100.101.1.1 routes
B11# show bgp ipv6 uni neighbor 2001:11:0:10:: routes
Verify what you are advertising to the NREN:
B11# show ip bgp neighbor 100.101.1.1 advertised-routes
B11# show bgp ipv6 uni neighbor 2001:11:0:10:: advertised-routes
and to the ISP:
B12# show ip bgp neighbor 100.121.1.1 advertised-routes
B12# sh bgp ipv6 uni neigh 2001:18:0:10:: advertised
Are you perhaps announcing other prexes that don't originate in your AS? If so, can you remember
what serious negative implications this could have? Please stop and think about this. Ask the
instructor if you need clarication.

Filter what you send and receive


Create prex lists for your outbound lters. Outbound lters for BX1 and BX2 are the same:
ip prefix-list ASX0-out permit 100.68.X0.0/24
ipv6 prefix-list ASX0-v6-out permit 2001:db8:X0::/48
As you can see, we are only allowing our aggregate out to the Internet. Sending smaller prexes (if
we had any) serves no useful purpose at all.
Now create prex lists for your inbound lters. Notice the descriptive names for the prex lists.
On BX1:
ip prefix-list nren-in deny 100.68.X0.0/24 le 32
ip prefix-list nren-in permit 0.0.0.0/0 le 32
!
ipv6 prefix-list nren-v6-in deny 2001:db8:X0::/48 le 128
ipv6 prefix-list nren-v6-in permit ::/0 le 128
On BX2:
ip prefix-list isp-in deny 100.68.X0.0/24 le 32
ip prefix-list isp-in permit 0.0.0.0/0 le 32
!
ipv6 prefix-list isp-v6-in deny 2001:db8:X0::/48 le 128

Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

ipv6 prefix-list isp-v6-in permit ::/0 le 128


Notice how we are matching the aggregate as well as all possible subnets of our address blocks. This
protects against some other network announcing any of our prexes (whatever subnet size) to us.
Now apply these prex-lists to the BGP sessions with the ISP and the NREN.
On B11:
router bgp 10
address-family ipv4
neighbor 100.101.1.1 prefix-list nren-in in
neighbor 100.101.1.1 prefix-list AS10-out out
!
address-family ipv6
neighbor 2001:11:0:10:: prefix-list nren-v6-in in
neighbor 2001:11:0:10:: prefix-list AS10-v6-out out
On B12:
router bgp 10
address-family ipv4
neighbor 100.121.1.1 prefix-list isp-in in
neighbor 100.121.1.1 prefix-list AS10-out out
!
address-family ipv6
neighbor 2001:18:0:10:: prefix-list isp-v6-in in
neighbor 2001:18:0:10:: prefix-list AS10-v6-out out
Use the BGP route refresh capability to resend the information to the peer. Use the AS number of the
peer rather than the IP address (much less typing for IPv6) in the route refresh command:
B11# clear ip bgp 101 out
B11# clear bgp ipv6 unicast 101 out
B12# clear ip bgp 121 out
B12# clear bgp ipv6 unicast 121 out
You should now be advertising only your own address space. Check with the ISP and NREN
administrators to make sure that they are receiving your prex.

BGP between NRENs and RREN


The administrators of the NREN routers need to set up connectivity and BGP with the RREN router.
The administrators will either be the workshop instructors, or members of the workshop itself.
The suggested conguration for the RREN router is in Appendix A. A suggested conguration for the
NREN1 router is in Appendix B - the conguration for the NREN2 router will be very similar. These
congurations uses all the best practice ideas we have been using in the labs so far.
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

9/19

Basic BGP Lab

Bring up BGP between the NREN routers and the RREN and check that the prexes originated by
NREN1, NREN2 and the RREN are all visible in each other's BGP tables.

BGP between ISPs and RREN


The administrators of the ISP routers need to set up between each other and the RREN router as well.
The administrators will either be the workshop instructors, or members of the workshop itself.
A suggested conguration for the ISP1 router is in Appendix C - the conguration for the ISP2 router
will be very similar. These congurations uses all the best practice ideas we have been using in the
labs so far.
Bring up BGP between the RREN and the ISP routers across the Internet Exchange Point. Check that
the prexes originated by ISP1, ISP2 and the RREN are all visible in each other's BGP tables.

Remove static routes


The ISPs remove their static routes towards their customers
Now your ISP has learned a route to reach your network, correct? The ISPs can now safely remove the
static routes pointing to you and the other customers:
ISP1:
no
no
no
!
no
no
no

ip route 100.68.10.0 255.255.255.0 100.121.1.2


ip route 100.68.20.0 255.255.255.0 100.121.1.6
ip route 100.68.30.0 255.255.255.0 100.121.1.10
ipv6 route 2001:db8:10::/48 2001:18:0:10::1
ipv6 route 2001:db8:20::/48 2001:18:0:11::1
ipv6 route 2001:db8:30::/48 2001:18:0:12::1

ISP2:
no
no
no
!
no
no
no

ip route 100.68.40.0 255.255.255.0 100.122.1.2


ip route 100.68.50.0 255.255.255.0 100.122.1.6
ip route 100.68.60.0 255.255.255.0 100.122.1.10
ipv6 route 2001:db8:40::/48 2001:19:0:10::1
ipv6 route 2001:db8:50::/48 2001:19:0:11::1
ipv6 route 2001:db8:60::/48 2001:19:0:12::1

Remove your static default routes


In the previous exercise, we created default routes on both routers. But thanks to BGP, we should now
be receiving routes from our NREN and our ISP.
Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

Let's check rst (do this on both routers):


show
show
show
show

ip bgp
bgp ipv6 unicast
ip route
ipv6 route

You should be learning routes advertised by other groups, and also from the NRENs and the ISPs.
Remove your static default routes from routers BX2:
On B12:
no ip route 0.0.0.0 0.0.0.0 100.121.1.1
no ipv6 route ::/0 2001:18:0:10::
You should be able to ping any other router now. If you can't, wait for other groups to nish. If other
groups are nished, work them to work out what might be wrong. If you cannot see what is wrong,
ask the instructors.
Use traceroute to verify the paths that packets are following towards various destinations:
B11# traceroute 100.100.0.1
B11# traceroute 100.68.30.2
...
Repeat the same tests from the other router in your AS and compare. Use the diagram to help you
visualise it.

STOP - Checkpoint Two


All groups must nish this part before continuing. Please do NOT continue until the instructor
says so.

Trac Exchange (Peering)


Direct trac exchanges are usually established at no charge between two autonomous systems that
want to save costs. The savings are achieved by not having to carry that trac over expensive transit
links via commercial providers. Also, these direct exchanges have the added benet of reducing
latency because there are fewer hops.
Usually trac exchanges occur at public exchange points, also known as IXPs. The simplest kind of
exchange point is a Layer-2 switch. In this exercise, we will simply congure direct links between
routers, which is basically the same thing as connecting through a switch.

http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

11/19

Basic BGP Lab

Peering with your neighbouring AS


This section sets up peering between adjacent groups in the classroom network.
Congure a point-to-point link to your neighbour AS as shown in the diagram. Consult th address plan
used for the workshop to see which subnet addresses you should use.
For example, on B12:
interface GigabitEthernet3/0
description Link to B21
ip address 100.68.10.25 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:db8:10:12::/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
Congure prex lists for your inbound lters
On B12:
ip prefix-list AS20-in permit 100.68.20.0/24
ipv6 prefix-list AS20-v6-in permit 2001:db8:20::/48
The equivalent needs to be done on B21 (which connects directly to B12).
Prex lists for outbound lters should still exist from a previous step. You can verify like this:
Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

B12#show ip prefix-list AS10-out


B12#show ipv6 prefix-list AS10-v6-out
Now create the BGP sessions and apply those inbound/outbound lters:
On B12:
router bgp 10
address-family ipv4
neighbor 100.68.10.26 remote-as 20
neighbor 100.68.10.26 description eBGP with AS20
neighbor 100.68.10.26 password NSRC-BGP
neighbor 100.68.10.26 prefix-list AS10-out out
neighbor 100.68.10.26 prefix-list AS20-in in
neighbor 100.68.10.26 activate
!
address-family ipv6
neighbor 2001:db8:10:12::1 remote-as 20
neighbor 2001:db8:10:12::1 description eBGP with AS20
neighbor 2001:db8:10:12::1 password NSRC-BGP
neighbor 2001:db8:10:12::1 prefix-list AS10-v6-out out
neighbor 2001:db8:10:12::1 prefix-list AS20-v6-in in
neighbor 2001:db8:10:12::1 activate
The equivalent needs to be done for B21.
Verify that the sessions are up:
B12# show ip bgp summary
B12# show ipv6 bgp unicast summary
and that you are learning the prex directly from the neighbour:
B12# show ip bgp neighbor 100.68.10.22 routes
B12# show bgp ipv6 unicast neighbor 2001:db8:10:11::1 routes
Do some traceroutes towards your peer and make sure that the path is direct.
Remember to save your congurations.
You are done! You have congured BGP in a multihomed environment and BGP is selecting the paths
based on default values.

Peering between NREN and ISP


The BGP session between the NREN and the ISP will need to be set up as shown in the diagram.
First create the interface on the NREN router and on the ISP router using exactly the same best
practice congurations we used at the start of the workshop.
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

13/19

Basic BGP Lab

For NREN1:
interface GigabitEthernet2/0
description P2P Link to ISP1
ip address 100.101.2.1 255.255.255.252
no ip redirects
no ip proxy-arp
ipv6 address 2001:11:0:20::/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
Do the same for the ISP1, NREN2 and ISP2 routers. They will have a very similar conguration, just the
addresses will be dierent - refer to the address plan.
And then set up the external BGP session between the NREN and ISP routers. Here is a sample
conguration for the ISP1 router:
router bgp 121
address-family ipv4
neighbor 100.101.2.1 remote-as 101
neighbor 100.101.2.1 description eBGP with NREN1 (AS101)
neighbor 100.101.2.1 password NSRC-BGP
neighbor 100.101.2.1 activate
!
address-family ipv6
neighbor 2001:11:0:20:: remote-as 101
neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101)
neighbor 2001:11:0:20:: password NSRC-BGP
neighbor 2001:11:0:20:: activate
!
The conguration for NREN1, NREN2 and ISP2 routers will be very similar - again refer to the address
plan for the correct IP addresses to use.

Appendix A - RREN Conguration


The sample conguration for the RREN is below.
hostname RREN
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc-PW
enable secret nsrc-EN
service password-encryption
line vty 0 4
Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

transport preferred none


line console 0
transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ipv6 unicast-routing
ipv6 cef
no ip source-route
no ipv6 source-route
!
interface Loopback0
ip address 100.100.0.1 255.255.255.255
ipv6 address 2001:10::1/128
!
interface GigabitEthernet1/0
description P2P Link to NREN1
ip address 100.100.1.1 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:10:0:10::/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
interface GigabitEthernet2/0
description P2P Link to NREN2
ip address 100.100.1.5 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:10:0:11::/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
interface GigabitEthernet3/0
description Link to IXP
ip address 100.127.1.3 255.255.255.0
no ip redirects
no ip proxy-arp
ipv6 address 2001:DB8:FFFF:1::3/64
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
router bgp 100
bgp log-neighbor-changes
bgp deterministic-med
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

15/19

Basic BGP Lab

no bgp default ipv4-unicast


address-family ipv4
distance bgp 200 200 200
network 100.100.0.0 mask 255.255.0.0
neighbor 100.100.1.2 remote-as 101
neighbor 100.100.1.2 description eBGP with NREN1 (AS101)
neighbor 100.100.1.2 password NSRC-BGP
neighbor 100.100.1.2 activate
neighbor 100.100.1.6 remote-as 102
neighbor 100.100.1.6 description eBGP with NREN2 (AS102)
neighbor 100.100.1.6 password NSRC-BGP
neighbor 100.100.1.6 activate
neighbor 100.127.1.1 remote-as 121
neighbor 100.127.1.1 description eBGP with ISP1 (AS121)
neighbor 100.127.1.1 password NSRC-BGP
neighbor 100.127.1.1 activate
neighbor 100.127.1.2 remote-as 122
neighbor 100.127.1.2 description eBGP with ISP2 (AS122)
neighbor 100.127.1.2 password NSRC-BGP
neighbor 100.127.1.2 activate
!
address-family ipv6
distance bgp 200 200 200
network 2001:10::/32
neighbor 2001:10:0:10::1 remote-as 101
neighbor 2001:10:0:10::1 description eBGP with NREN1 (AS101)
neighbor 2001:10:0:10::1 password NSRC-BGP
neighbor 2001:10:0:10::1 activate
neighbor 2001:10:0:11::1 remote-as 102
neighbor 2001:10:0:11::1 description eBGP with NREN2 (AS102)
neighbor 2001:10:0:11::1 password NSRC-BGP
neighbor 2001:10:0:11::1 activate
neighbor 2001:DB8:FFFF:1::1 remote-as 121
neighbor 2001:DB8:FFFF:1::1 description eBGP with ISP1 (AS121)
neighbor 2001:DB8:FFFF:1::1 password NSRC-BGP
neighbor 2001:DB8:FFFF:1::1 activate
neighbor 2001:DB8:FFFF:1::2 remote-as 122
neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122)
neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP
neighbor 2001:DB8:FFFF:1::2 activate
!
ip route 100.100.0.0 255.255.0.0 null0
ipv6 route 2001:10::/32 null0

Appendix B - NREN1 Sample Conguration


The sample conguration for NREN1 is below. NREN2's conguration will be very similar, so modify
accordingly.

Workshops - http://workshops.nsrc.org/dokuwiki/

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

hostname NREN1
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc-PW
enable secret nsrc-EN
service password-encryption
line vty 0 4
transport preferred none
line console 0
transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ipv6 unicast-routing
ipv6 cef
no ip source-route
no ipv6 source-route
!
interface Loopback0
ip address 100.101.0.1 255.255.255.255
ipv6 address 2001:11::1/128
!
interface GigabitEthernet1/0
description P2P Link to RREN
ip address 100.100.1.2 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:10:0:10::1/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
! (repeat for Group 2 and Group 3 using Gig4/0 and 5/0)
interface GigabitEthernet3/0
description P2P Link to R11
ip address 100.101.1.1 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address 2001:11:0:10::/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no shutdown
!
! inbound filter for AS10 - repeat for AS20 and AS30
ip prefix-list AS10-in permit 100.68.10.0/24
ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48
!
http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

17/19

router bgp 101


bgp log-neighbor-changes
bgp deterministic-med
no bgp default ipv4-unicast
address-family ipv4
distance bgp 200 200 200
network 100.101.0.0 mask 255.255.0.0
neighbor 100.101.1.2 remote-as 10
neighbor 100.101.1.2 description eBGP with AS10
neighbor 100.101.1.2 password NSRC-BGP
neighbor 100.101.1.2 prefix-list AS10-in in
neighbor 100.101.1.2 activate
(repeat for AS20 and AS30)
neighbor 100.100.1.1 remote-as 100
neighbor 100.100.1.1 description eBGP with RREN (AS100)
neighbor 100.100.1.1 password NSRC-BGP
neighbor 100.100.1.1 activate
!
address-family ipv6
distance bgp 200 200 200
network 2001:11::/32
neighbor 2001:11:0:10::1 remote-as 10
neighbor 2001:11:0:10::1 description eBGP with AS10
neighbor 2001:11:0:10::1 password NSRC-BGP
neighbor 2001:11:0:10::1 prefix-list AS10-v6-in in
neighbor 2001:11:0:10::1 activate
(repeat for AS20 and AS30)
neighbor 2001:10:0:10:: remote-as 100
neighbor 2001:10:0:10:: description eBGP with RREN (AS100)
neighbor 2001:10:0:10:: password NSRC-BGP
neighbor 2001:10:0:10:: activate
!
ip route 100.101.0.0 255.255.0.0 null0
ipv6 route 2001:11::/32 null0

Appendix C - ISP1 Sample Conguration


Note: This is in addition to what was congured in the previous exercise.
! (filters for Group 1 - repeat for Group 2 and 3)
ip prefix-list AS10-in permit 100.68.10.0/24
ipv6 prefix-list AS10-v6-in permit 2001:db8:10::/48
!
router bgp 121
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp deterministic-med
address-family ipv4
distance bgp 200 200 200
Workshops - http://workshops.nsrc.org/dokuwiki/

Basic BGP Lab

Last update:
2016/01/17 03:36

2016:preginet-bgp:2-lab-bgp-basic http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic

network 100.121.0.0 mask 255.255.0.0


neighbor 100.101.2.1 remote-as 101
neighbor 100.101.2.1 description eBGP with NREN1 (AS101)
neighbor 100.101.2.1 password NSRC-BGP
neighbor 100.101.2.1 activate
neighbor 100.121.1.2 remote-as 10
neighbor 100.121.1.2 description eBGP with AS10
neighbor 100.121.1.2 password NSRC-BGP
neighbor 100.121.1.2 prefix-list AS10-in in
neighbor 100.121.1.2 activate
(repeat for AS20 and AS30)
neighbor 100.127.1.2 remote-as 122
neighbor 100.127.1.2 description eBGP with ISP2 (AS122)
neighbor 100.127.1.2 password NSRC-BGP
neighbor 100.127.1.3 activate
neighbor 100.127.1.3 remote-as 100
neighbor 100.127.1.3 description eBGP with RREN (AS100)
neighbor 100.127.1.3 password NSRC-BGP
neighbor 100.127.1.3 activate
!
address-family ipv6
distance bgp 200 200 200
network 2001:18::/32
neighbor 2001:11:0:20:: remote-as 101
neighbor 2001:11:0:20:: description eBGP with NREN1 (AS101)
neighbor 2001:11:0:20:: password NSRC-BGP
neighbor 2001:11:0:20:: activate
neighbor 2001:18:0:10::1 remote-as 10
neighbor 2001:18:0:10::1 description eBGP with AS10
neighbor 2001:18:0:10::1 password NSRC-BGP
neighbor 2001:18:0:10::1 prefix-list AS10-v6-in in
neighbor 2001:18:0:10::1 activate
(repeat for AS20 and AS30)
neighbor 2001:DB8:FFFF:1::2 remote-as 122
neighbor 2001:DB8:FFFF:1::2 description eBGP with ISP2 (AS122)
neighbor 2001:DB8:FFFF:1::2 password NSRC-BGP
neighbor 2001:DB8:FFFF:1::2 activate
neighbor 2001:DB8:FFFF:1::3 remote-as 100
neighbor 2001:DB8:FFFF:1::3 description eBGP with RREN (AS100)
neighbor 2001:DB8:FFFF:1::3 password NSRC-BGP
neighbor 2001:DB8:FFFF:1::3 activate
!
ip route 100.121.0.0 255.255.0.0 null0
ipv6 route 2001:18::/32 null0

Appendix D - Complete Lab Diagram & Address Plan

http://workshops.nsrc.org/dokuwiki/

Printed on 2016/01/17 04:05

2016/01/17 04:05

19/19

From:
http://workshops.nsrc.org/dokuwiki/ - Workshops
Permanent link:
http://workshops.nsrc.org/dokuwiki/doku.php?id=2016:preginet-bgp:2-lab-bgp-basic
Last update: 2016/01/17 03:36

Workshops - http://workshops.nsrc.org/dokuwiki/

Basic BGP Lab

You might also like