Objectives
• Configure BGP to exchange routing information with two ISPs.
Step 1: Prepare the routers for the lab.
Step 2: Configure the hostname and interface addresses.
Step 3: Configure BGP on the ISP routers
Step 4: Configure BGP on the ITA boundary router.
Step 5: Verify BGP on the routers.
Q : What is the local router ID?
Ans : The local router ID is 192.168.1.1.
Q : Which table version is displayed?
Ans : The table version displayed is 5.
An asterisk (*) next to a route indicates that it is valid. An angle bracket (>) indicates that the route has been selected as the best route.
Q : From ISP1, what is the path to network 172.16.1.0/24?
Ans : The path is through AS 100 (ITA) and AS 300 (ISP2).
Q: Which table version is displayed? Why?
Ans : The table version displayed is an increment of the last one, which is 6 in the example. The shutdown command causes a routing table update, so the version should be one higher than the last.
Q : What happened to the route for network 10.1.1.0/24?
Ans : It is no longer in the BGP table because interface Lo0 on ISP1 is down.
Q : Based on the output of this command, what is the BGP state between this router and ISP2?
Ans : The BGP state is established.
Q : How long has this connection been up?
Ans : The connection has been up for 00:16:00.
Step 6: Configure route filters.
If ITA advertises a route belonging to ISP1, ISP2 installs that route in its table. ISP2 might then attempt to route transit traffic through the ITA. Configure the ITA router so that it advertises only ITA networks 192.168.0.0 and 192.168.1.0 to both providers.
Note: The clear ip bgp * command is disruptive because it completely resets all BGP adjacencies. This is acceptable in a lab environment but could be problematic in a production network. Instead, if only a change of inbound/outbound routing policies is to be performed, it is sufficient to issue the clear ip bgp * in or clear ip bgp * out commands. These commands perform only a new BGP database synchronization without the disruptive effects of a complete BGP adjacency reset. All current Cisco IOS versions support the route refresh capability that replaces the inbound soft reconfiguration feature that previously had to be configured on a per-neighbor basis.
Step 7: Configure primary and backup routes using floating static routes.
With bidirectional communication established with each ISP via BGP, configure the primary and backup routes. This can be done with floating static routes or BGP.
Step 8: Configure primary and backup routes using a default network and a static route.
Another method for configuring primary and backup routes is to use the ip default-network command instead of a 0.0.0.0/0 route.
Q : Should ISP1 and ISP2 be able to ping all networks in the topology?'
Ans : No. Router ITA has been configured with route filters and does not advertise the ISP1 networks to ISP2 and vice versa. The ITA router advertises only ITA networks 192.168.0.0 and 192.168.1.0 to both providers. Pings from ISP1 to any of the ISP2 172.16.x.x networks will fail. Pings from ISP2 to any of the ISP1 10.x.x.x networks will fail.
Note: Another option for setting up default routing is to inject a default route via BGP. The following example configures the ISP1 router to inject a default route to itself that can be used by the ITA router:
Run the following Tcl script on router ITA to verify connectivity.
ITA# tclsh
foreach address {
10.0.0.1
10.0.0.2
10.1.1.1
172.16.0.1
172.16.0.2
172.16.1.1
192.168.0.1
192.168.1.1
192.168.100.1
} {
ping $address }
Final Device Config :
ISP1#sh running-config
Building configuration...
Current configuration : 1272 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name lab.local
!
!
interface Loopback0
description ISP1 Internet Network
ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ISP1 -> ITA
ip address 10.0.0.1 255.255.255.252
clock rate 128000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
network 192.168.100.0
neighbor 10.0.0.2 remote-as 100
no auto-summary
!
ip classless
!
no ip http server
no ip http secure-server
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
=======================================================
ISP2#sh running-config
Building configuration...
Current configuration : 1196 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name lab.local
!
interface Loopback0
description ISP2 Internet Network
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ISP2 -> ITA
ip address 172.16.0.1 255.255.255.252
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router bgp 300
no synchronization
bgp log-neighbor-changes
network 172.16.1.0 mask 255.255.255.0
neighbor 172.16.0.2 remote-as 100
no auto-summary
!
ip classless
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
========================================================
ITA#sh running-config
Building configuration...
Current configuration : 1573 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ITA
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name lab.local
!
interface Loopback0
description Core router network link 1
ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
description Core router network link 2
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ITA -> ISP1
ip address 10.0.0.2 255.255.255.252
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ITA -> ISP2
ip address 172.16.0.2 255.255.255.252
clock rate 128000
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 192.168.0.0
network 192.168.1.0
neighbor 10.0.0.1 remote-as 200
neighbor 10.0.0.1 distribute-list 1 out
neighbor 172.16.0.1 remote-as 300
neighbor 172.16.0.1 distribute-list 1 out
no auto-summary
!
ip classless
ip default-network 192.168.100.0
ip route 0.0.0.0 0.0.0.0 172.16.0.1 220
!
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.0.0 0.0.1.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
=========================================================
No comments:
Post a Comment