Section 4: EGP Protocols (17 Points)
Configure BGP as shown in Figure 1-14 with the following peering: R3R2, R8R2, R6R2, R6R8, R7R8, R6R5. Ensure that most suitable interfaces are used to maintain resilience for BGP peering (except for R2 and R3 that use 172.16.0.0/16 addresses for all peering to and from these routers).
You are required to configure the peering between the BGP autonomous systems as described. You should ensure that no synchronization is configured on all IBGP routers (R2, R3, R6, R7, and R8) as BGP in this scenario is not synchronized with the underlying IGP and, hence, it would not be able to advertise transit routes to external autonomous sytems. As requested, you should peer from your loopback interfaces where present to maintain resiliency except for R2 and R3. This requires BGP Multihop on all external BGP connections sourced from the loopbacks because, by default, a BGP speaker drops any UPDATE message from its EBGP peer, unless it is on the same connected network. By adding a number of hops to the command, you can ensure that the peering is achieved regardless of the traffic path taken (ebgp-multihop 5). Multihop should be used in conjunction with the update-source command to ensure that peering is maintained correctly by making the source IP address used for the BGP session the same as the remote BGP speakers neighbor statement address and not that of the connected interface. If you have configured this correctly as in Example 1-28 through Example 1-32, you have scored 3 points.
Example 1-28 R2 Initial BGP Peering Configuration
router bgp 10 no synchronization neighbor 10.6.6.6 remote-as 100 neighbor 10.6.6.6 ebgp-multihop 5 neighbor 10.6.6.6 update-source FastEthernet0/0 neighbor 10.8.8.8 remote-as 100 neighbor 10.8.8.8 ebgp-multihop 5 neighbor 10.8.8.8 update-source FastEthernet0/0 neighbor 172.16.0.2 remote-as 10
Example 1-29 R3 Initial BGP Peering Configuration
router bgp 10 no synchronization neighbor 172.16.0.1 remote-as 10
Example 1-30 R5 Initial BGP Peering Configuration
router bgp 1000 neighbor 10.6.6.6 remote-as 100 neighbor 10.6.6.6 ebgp-multihop 5 neighbor 10.6.6.6 update-source Loopback0
Example 1-31 R6 Initial BGP Peering Configuration
router bgp 100 no synchronization neighbor 10.8.8.8 remote-as 100 neighbor 10.8.8.8 update-source Loopback0 neighbor 10.5.5.5 remote-as 1000 neighbor 10.5.5.5 update-source Loopback0 neighbor 10.5.5.5 ebg-multihop 5 neighbor 172.16.0.1 remote-as 10 neighbor 172.16.0.1 ebgp-multihop 5 neighbor 172.16.0.1 update-source Loopback0
NOTE
There is no ebg-multihop required to peer to 10.8.8.8 in AS100 as this is internal BGP (IBGP) and not external BGP (EBGP).
Example 1-32 R7 Initial BGP Peering Configuration
router bgp 100 no synchronization neighbor 10.8.8.8 remote-as 100 neighbor 10.8.8.8 update-source Loopback0
NOTE
R8 initial BGP peering configuration is covered in the following question.
Ensure minimal configuration on R8.
R8 peers to three other routers, two of which belong to the same AS. You can, therefore, take advantage of BGP peer groups to reduce the required configuration for the policies to R6 and R7. You should be aware that full IBGP peering between R8-R7-R6 does not exist. Both R7 and R6 peer to R8 so, as well as running peer-groups, R8 should also be a route-reflector to overcome the IBGP peering problem. If you have configured this correctly as in Example 1-33, you have scored 1 point.
Example 1-33 R8 Initial BGP Peering Configuration
router bgp 100 no synchronization neighbor cisco peer-group neighbor cisco remote-as 100 neighbor cisco update-source Loopback0 neighbor cisco route-reflector-client neighbor 10.6.6.6 peer-group cisco neighbor 10.7.7.7 peer-group cisco neighbor 172.16.0.1 remote-as 10 neighbor 172.16.0.1 ebgp-multihop 5 neighbor 172.16.0.1 update-source Loopback0
Inject the following networks into BGP via new loopback interfaces:
R3: 20.200.200.1/24 and 20.20.20.1/24 R5: 20.20.20.1/24 and 200.20.20.1/24 R7: 30.30.30.30/29
You should add the loopback interface and address as requested. The loopbacks are advertised into BGP simply with the network command. You should notice that both R3 and R5 will be advertising the same network (more of this later). If you have configured this correctly as in Example 1-34 through Example 1-36, you have scored 1 point.
Example 1-34 R3 Loopback and BGP Advertisement Configuration
interface Loopback1 ip address 20.20.20.1 255.255.255.0 ! interface Loopback2 ip address 20.200.200.1 255.255.255.0 ! router bgp 10 network 20.20.20.0 mask 255.255.255.0 network 20.200.200.0 mask 255.255.255.0
Example 1-35 R5 Loopback and BGP Advertisement Configuration
interface Loopback1 ip address 20.20.20.1 255.255.255.0 ! interface Loopback2 ip address 200.20.20.1 255.255.255.0 ! router bgp 1000 network 20.20.20.0 mask 255.255.255.0 network 200.20.20.0
NOTE
Network 200.20.20.0 on R5 does not require an explicit mask because of being a class C network. As such, it will automatically summarize on the classfull network boundary if the mask command is omitted.
Example 1-36 R7 Loopback and BGP Advertisement Configuration
interface Loopback1 ip address 30.30.30.30 255.255.255.248 ! router bgp 100 network 30.30.30.24 mask 255.255.255.248
Example 1-37 shows a snapshot of the BGP routing tables for all BGP routers at this point in time. You can use this as a quick check to ensure you see the advertised networks correctly on all routers and specifically on R6 before the complex BGP scenarios begin.
Example 1-37 show ip bgp Output from Each BGP Router
R2#sh ip bgp BGP table version is 24, local router ID is 172.16.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i20.20.20.0/24 172.16.0.2 0 100 0 i *>i20.200.200.0/24 172.16.0.2 0 100 0 i *> 30.30.30.24/29 10.6.6.6 0 100 i * 10.8.8.8 0 100 i * 200.20.20.0 10.8.8.8 0 100 1000 i *> 10.6.6.6 0 100 1000 i R3#sh ip bgp BGP table version is 20, local router ID is 20.200.200.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 0.0.0.0 0 32768 i *> 20.200.200.0/24 0.0.0.0 0 32768 i *>i30.30.30.24/29 10.6.6.6 100 0 100 i *>i200.20.20.0 10.6.6.6 100 0 100 1000 i R5#sh ip bgp BGP table version is 13, local router ID is 200.20.20.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 20.20.20.0/24 10.6.6.6 0 100 10 i *> 0.0.0.0 0 32768 i *> 20.200.200.0/24 10.6.6.6 0 100 10 i *> 30.30.30.24/29 10.6.6.6 0 100 i *> 200.20.20.0 0.0.0.0 0 32768 i R6#sh ip bgp BGP table version is 5, local router ID is 10.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 172.16.0.1 0 10 i * 10.5.5.5 0 0 1000 i * i 172.16.0.1 100 0 10 i *> 20.200.200.0/24 172.16.0.1 0 10 i * i 172.16.0.1 100 0 10 i *>i30.30.30.24/29 10.7.7.7 0 100 0 i *> 200.20.20.0 10.5.5.5 0 0 1000 i R7#sh ip bgp BGP table version is 18, local router ID is 30.30.30.30 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i20.20.20.0/24 172.16.0.1 100 0 10 i *>i20.200.200.0/24 172.16.0.1 100 0 10 i *> 30.30.30.24/29 0.0.0.0 0 32768 i *>i200.20.20.0 10.5.5.5 0 100 0 1000 i R8#sh ip bgp BGP table version is 18, local router ID is 10.8.8.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i20.20.20.0/24 172.16.0.1 100 0 10 i *> 172.16.0.1 0 10 i * i20.200.200.0/24 172.16.0.1 100 0 10 i *> 172.16.0.1 0 10 i *>i30.30.30.24/29 10.7.7.7 0 100 0 i *>i200.20.20.0 10.5.5.5 0 100 0 1000 i
Ensure that R6 BGP routing table prefers to use AS1000 for network 20.20.20.0/24; do not use BGP weight, BGP local preference, MED, neighbor metric related statements, metric manipulation, summarization, or prepending to achieve this. Perform configuration on R6 only.
When you look at the BGP routing table on R6 as in Example 1-37, you can see that it has a best path to 20.20.20.0/24 from AS10 next hop 172.16.0.1 (R2 propagating the route from R3). It would be very straightforward to manipulate weight or local preference to ensure R6 prefers the same route received from AS1000 (R5), but the question is very strict. You can tell that both routes are EBGP and, hence, the distance to both routes is an Administrative Distance of 20, so why is the route to 172.16.0.1 preferred?
Example 1-37 also shows the routing table on R6. You can see that the IGP metric to neighbor (R2) 172.16.0.1 is 3 compared to that of 208384 to neighbor (R5) 10.5.5.5 and this is why the next hop to network 20.20.20.0/24 on R6 is 172.16.0.1. This is in accordance to Step 8 (prefer the path with the lowest IGP metric to the BGP next hop) in the 13 steps of Best Path Algorithm according to Cisco. You could reduce the IGP metric to R5 down to 0 on R6 by peering directly to the connected ATM interface (10.99.99.2) on R5 from R6 instead of the loopback on R5 from R6. This would ensure that R6 then prefers the route to network 20.20.20.0/24 from R5, but this would infringe how you have been asked to peer in the original BGP setup question. As you can not manipulate favored attributes such as weight, local preference, AS-Path, summarization, or metrics, you are only left with Step 5 (prefer the path with the lowest origin type: IGP is lower than EGP, and EGP is lower than INCOMPLETE). As can be seen in Example 1-38, all routes for network 20.20.20.0/24 have an origin of IGP. As you may only configure R6, you can place an inbound route-map for neighbor 172.16.0.1 and change the origin of the received route for network 20.20.20.0/24 on R6. The solution as shown in Example 1-39 changes the origin to "incomplete" but if you have configured it to "external," this is also acceptable. If you have configured this correctly with the resulting BGP routing table on R6 as shown in Example 1-40 and BGP show output for network 20.20.20.0/24 as shown in Example 1-41, you have scored 7 points.
Example 1-38 show ip route and show ip bgp Output
R6#sh ip route B 200.20.20.0/24 [20/0] via 10.5.5.5, 00:00:38 20.0.0.0/24 is subnetted, 2 subnets B 20.200.200.0 [20/0] via 172.16.0.1, 00:00:38 B 20.20.20.0 [20/0] via 172.16.0.1, 00:00:38 R 172.16.0.0/16 [120/3] via 10.100.100.1, 00:00:02, Serial5/0.103 10.0.0.0/8 is variably subnetted, 16 subnets, 5 masks D 10.8.8.8/32 [90/156160] via 10.80.80.3, 00:20:29, FastEthernet0/0 R 10.90.90.0/28 [120/2] via 10.100.100.1, 00:00:02, Serial5/0.103 R 10.1.1.0/28 [120/2] via 10.100.100.1, 00:00:03, Serial5/0.103 D 10.7.7.0/28 [90/156160] via 10.60.60.2, 00:20:30, FastEthernet4/0 R 10.40.40.0/28 [120/1] via 10.100.100.3, 00:00:03, Serial5/0.103 R 10.10.10.0/28 [120/1] via 10.100.100.3, 00:00:03, Serial5/0.103 R 10.4.4.0/29 [120/1] via 10.100.100.3, 00:00:03, Serial5/0.103 C 10.100.100.0/28 is directly connected, Serial5/0.103 D 10.50.50.0/29 [90/82944] via 10.99.99.2, 00:21:08, ATM1/0.99 C 10.99.99.0/29 is directly connected, ATM1/0.99 C 10.6.6.0/29 is directly connected, Loopback0 C 10.60.60.0/29 is directly connected, FastEthernet4/0 C 10.80.80.0/28 is directly connected, FastEthernet0/0 C 10.80.80.0/24 is directly connected, FastEthernet0/0 R 10.90.90.1/32 [120/2] via 10.100.100.1, 00:00:04, Serial5/0.103 D 10.5.5.4/30 [90/208384] via 10.99.99.2, 00:21:08, ATM1/0.99 30.0.0.0/29 is subnetted, 1 subnets B 30.30.30.24 [200/0] via 10.7.7.7, 00:00:40 R6#sh ip bgp BGP table version is 7, local router ID is 10.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 172.16.0.1 0 10 i * 10.5.5.5 0 0 1000 i * i 172.16.0.1 100 0 10 i *> 20.200.200.0/24 172.16.0.1 0 10 i * i 172.16.0.1 100 0 10 i *>i30.30.30.24/29 10.7.7.7 0 100 0 i *> 200.20.20.0 10.5.5.5 0 0 1000 i
Example 1-39 R6 show ip bgp 20.20.20.0 Output
R6#sh ip bgp 20.20.20.0 BGP routing table entry for 20.20.20.0/24, version 6 Paths: (3 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 10.5.5.5 10.8.8.8 10 172.16.0.1 (metric 3) from 172.16.0.1 (172.16.0.1) Origin IGP, localpref 100, valid, external, best 1000 10.5.5.5 (metric 208384) from 10.5.5.5 (200.20.20.1) Origin IGP, metric 0, localpref 100, valid, external 10 172.16.0.1 (metric 3) from 10.8.8.8 (10.8.8.8) Origin IGP, localpref 100, valid, internal
Example 1-40 R6 Origin Configuration
router bgp 100 neighbor 172.16.0.1 route-map 20.20.20.0 in ! access-list 2 permit 20.20.20.0 route-map 20.20.20.0 permit 10 match ip address 2 set origin incomplete ! route-map 20.20.20.0 permit 10
Example 1-41 R6 show ip bgp Output
R6#sh ip bgp BGP table version is 5, local router ID is 10.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 10.5.5.5 0 0 1000 i * 172.16.0.1 0 10 ? * i 172.16.0.1 100 0 10 i *> 20.200.200.0/24 172.16.0.1 0 10 i * i 172.16.0.1 100 0 10 i *>i30.30.30.24/29 10.7.7.7 0 100 0 i *> 200.20.20.0 10.5.5.5 0 0 1000 i
Example 1-42 R6 show ip bgp 20.20.20.0 Output
R6#sh ip bgp 20.20.20.0 BGP routing table entry for 20.20.20.0/24, version 2 Paths: (3 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 10.8.8.8 172.16.0.1 1000 10.5.5.5 (metric 208384) from 10.5.5.5 (10.5.5.5) Origin IGP, metric 0, localpref 100, valid, external, best 10 172.16.0.1 (metric 3) from 172.16.0.1 (172.16.0.1) Origin incomplete, localpref 100, valid, external 10 172.16.0.1 (metric 3) from 10.8.8.8 (10.8.8.8) Origin IGP, localpref 100, valid, internal
All BGP speakers are to be able to communicate with all advertised BGP networks.
The BGP routes are in the BGP speakers routing tables so you should be able to ping the BGP networks, but can you? Without further configuration the answer is no. It should be painfully obvious that not all your routers are running BGP. You have not been requested to redistribute BGP into your IGP, so R1 and R4 will have no knowledge of any BGP networks. Example 1-43 shows what happens if you attempt to ping 30.30.30.30 from R2.
Example 1-43 R2 Show IP Route Output and Connectivity Testing
R2#sh ip route 30.30.30.30 Routing entry for 30.30.30.24/29 Known via "bgp 10", distance 20, metric 0 Tag 100, type external Last update from 10.6.6.6 00:28:44 ago Routing Descriptor Blocks: * 10.6.6.6, from 10.6.6.6, 00:28:44 ago Route metric is 0, traffic share count is 1 AS Hops 1 R2#ping 30.30.30.30 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5)
As you can see in Example 1-43, R2 obviously has a route to the destination address 30.30.30.30 but R2 is receiving ICMP unreachable messages from R1 as R1 does not have visibility of network 30.30.30.24/29 and, hence, is dropping the packets and informing R2. Example 1-44 shows R1 and R4 have no visibility of the BGP networks.
Example 1-44 R1 and R4 IGP out of Sync show output and R2 Traceroute
R1#sh ip route 30.30.30.30 % Network not in table R4#sh ip route 30.30.30.30 % Network not in table R2#traceroute 30.30.30.30 Type escape sequence to abort. Tracing the route to 30.30.30.30 1 10.90.90.2 4 msec 4 msec 4 msec 2 10.90.90.2 !H * !H
You, therefore, need to policy route at R1 and R4 for the specific BGP routes at these routers as shown in Example 1-45 and Example 1-46.
Example 1-45 R1 Required Policy-Routing Configuration
interface Serial0/0 ip policy route-map as100-1000 ! interface Serial0/1.101 point-to-point ip policy route-map as10 ! route-map as100-1000 permit 10 match ip address 102 set ip next-hop 10.100.100.2 ! route-map as10 permit 10 match ip address 101 set ip next-hop 10.90.90.1 ! access-list 101 permit ip any 20.200.200.0 0.0.0.255 access-list 102 permit ip any 30.30.30.24 0.0.0.7 access-list 102 permit ip any 200.20.20.0 0.0.0.255
NOTE
Two separate route-maps are shown in Example 1-45 for traffic flowing towards network 20.200.200.0, which should be forwarded onto R2 and traffic flowing toward 30.30.30.0 and 200.20.20.0, which should be forwarded onto R6. No requirement exists to policy route traffic across the BRI on R1 or R4 as ISDN should only be used for the requirements stated in the questions.
No requirement exists to policy route traffic destined for network 20.20.20.0/24 on R1 as traffic will stay local to AS10 between R2 and R3 and never attempt to flow through R1. Similarly, R1 will never receive traffic destined for network 20.20.20.0/24 from AS100 as the preferred route will be to AS1000 R5 via R6.
Example 1-46 R4 Required Policy-Routing Configuration
interface Serial0/0.1 multipoint ip policy route-map as10 ! route-map as10 permit 10 match ip address 101 set ip next-hop 10.100.100.1 ! route-map as10 permit 20 match ip address 102 set ip next-hop 10.100.100.2 ! access-list 101 permit ip any 20.200.200.0 0.0.0.255 access-list 102 permit ip any 200.20.20.0 0.0.0.255 access-list 102 permit ip any 30.30.30.24 0.0.0.7
NOTE
Example 1-46 shows two separate route-map sequences for traffic flowing toward network 20.200.200.0, which should be forwarded onto R2, and traffic flowing toward 30.30.30.0 and 200.20.20.0, which should be forwarded onto R6.
No requirement exists to policy route traffic destined for network 20.20.20.0/24 on R4 as R6 will never send traffic to R4 destined for this network as it has a more preferable route to R5.
You should notice that both R7 and R8 show the next hop to 20.20.20.0/24 as 172.16.0.1. Traffic would egress R7 and R8 toward R2 172.16.0.1 and flow through R6 en route to R2, R6 would then send this to R5 as it is its own preferred route to 20.20.20.0/24. You therefore could consider policy routing at R6 for traffic sourced from R7 and R8 toward network 20.20.20.0/24. If you have configured this, it was a prudent action but the question did not ask you to accomplish this so no extra points or more, importantly, none deducted. You should seek advice from the proctor if an issue like this arises in your real exam, though. If you have configured this correctly as in Example 1-45 and Example 1-46, you have scored 5 points.