Brian's Blog: Lab 4 - BGP Confederation

Today I present another post in a series of learning labs related to the CCIE lab exam. Today's blog is focused on basic confederation configuration with a little route reflection and iBGP/eBGP prefix advertisement thrown in…enjoy.

Concepts covered:

-BGP confederation

-BGP route reflection

-iBGP/eBGP prefix advertisement

Topoogy used

Tasks to complete this lab:

-Configure eBGP peering between R1-R3 and R11-R9

-Configure iBGP peering between R2-R3 and R2-R4

-Configure iBGP peering between R5-R6 and R5-R7

-Configure iBGP peering between R8-R9 and R8-R10

-Configure iBGP peering between R2-R5 and R2-R8 and R5-R8

-Configure R3-R2-R4 as sub-domain 65125

-Configure R6-R5-R7 as sub-domain 65126

-Configure R8-R9-R10 as sub-domain 65127

-Each sub-domain above should be seen as AS 300 to all external eBGP speakers.

-Advertise the loopbacks of all devices into BGP

-Ensure full reachability between all device loopbacks when when sourced from their loopback addresses

--Constraints

-Do not use static routes

-Do not modify the IGP configuration

Link to GNS3 files: Link

Solution

Begin by configuring BGP on each device. The BGP routing AS should be the sub-autonomous system number defined in the tasks

R2(config)#router bgp 65125

R2(config-router)#bgp confederation identifier 300

R2(config-router)#bgp confederation peers 65126 65127

R3(config)#router bgp 65125

R3(config-router)#bgp confederation identifier 300

R4(config)#router bgp 65125

R4(config-router)#bgp confederation identifier 300

R5(config)#router bgp 65126

R5(config-router)#bgp confederation identifier 300

R5(config-router)#bgp confederation peers 65126 65127

R6(config)#router bgp 65126

R6(config-router)#bgp confederation identifier 300

R7(config)#router bgp 65126

R7(config-router)#bgp confederation identifier 300

R8(config)#router bgp 65127

R8(config-router)#bgp confederation identifier 300

R8(config-router)#bgp confederation peers 65126 65127

R9(config)#router bgp 65127

R9(config-router)#bgp confederation identifier 300

R4(config)#router bgp 65127

R4(config-router)#bgp confederation identifier 300

Then configure the eBGP and iBGP sessions and advertise each devices loopback addresses.

R1(config)#router bgp 100

R1(config-router)#network 172.16.0.0 mask 255.255.255.0

R1(config-router)#network 172.16.1.0 mask 255.255.255.0

R1(config-router)#network 172.16.2.0 mask 255.255.255.0

R1(config-router)#network 172.16.3.0 mask 255.255.255.0

R1(config-router)#neighbor 192.168.12.3 remote-as 300

R2(config)#router bgp 65125

network 2.2.2.2 mask 255.255.255.255

neighbor 192.168.23.3 remote-as 65125

neighbor 192.168.23.3 route-reflector-client

neighbor 192.168.24.4 remote-as 65125

neighbor 192.168.24.4 route-reflector-client

neighbor 192.168.25.5 remote-as 65126

neighbor 192.168.28.8 remote-as 65127

R3(config)#router bgp 65125

network 3.3.3.3 mask 255.255.255.255

neighbor 192.168.12.1 remote-as 100

neighbor 192.168.23.2 remote-as 65125

neighbor 192.168.23.2 next-hop-self

R4#sh run | sec router bgp

R4(config)#router bgp 65125

no synchronization

bgp log-neighbor-changes

bgp confederation identifier 300

network 4.4.4.4 mask 255.255.255.255

neighbor 192.168.24.2 remote-as 65125

R5(config)#router bgp 65126

network 5.5.5.5 mask 255.255.255.255

neighbor 192.168.25.2 remote-as 65125

neighbor 192.168.56.6 remote-as 65126

neighbor 192.168.56.6 route-reflector-client

neighbor 192.168.57.7 remote-as 65126

neighbor 192.168.57.7 route-reflector-client

neighbor 192.168.58.8 remote-as 65127

R6(config)#router bgp 65126

network 6.6.6.6 mask 255.255.255.255

neighbor 192.168.56.5 remote-as 65126

R7(config)#router bgp 65126

network 7.7.7.7 mask 255.255.255.255

neighbor 192.168.57.5 remote-as 65126

R8(config)#router bgp 65127

network 8.8.8.8 mask 255.255.255.255

neighbor 192.168.28.2 remote-as 65125

neighbor 192.168.58.5 remote-as 65126

neighbor 192.168.81.10 remote-as 65127

neighbor 192.168.81.10 route-reflector-client

neighbor 192.168.89.9 remote-as 65127

neighbor 192.168.89.9 route-reflector-client

R9(config)#router bgp 65127

network 9.9.9.9 mask 255.255.255.255

neighbor 192.168.89.8 remote-as 65127

neighbor 192.168.89.8 next-hop-self

neighbor 192.168.118.11 remote-as 200

R10(config)#router bgp 65127

network 10.10.10.10 mask 255.255.255.255

neighbor 192.168.81.8 remote-as 65127

So at this point we should have eBGP and iBGP sessions established but we are still missing something. We are not seeing the routes from R1 and R11 across the entire AS 300. This is because our little sub-autonomous systems are not fully meshed, and iBGP requires a full messs because iBGP neighbors do not advertise routes learned from another iBGP neighbor unless you create a route-reflector. So let's do that.

R2#sh ip bgp

BGP table version is 24, local router ID is 2.2.2.2

<snip>

Network Next Hop Metric LocPrf Weight Path

<snip>

*>i172.16.0.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.1.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.2.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.3.0/24 192.168.23.3 0 100 0 100 I

R8#sh ip bgp

BGP table version is 19, local router ID is 8.8.8.8

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

<snip>

*>i172.16.4.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.5.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.6.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.7.0/24 192.168.89.9 0 100 0 200 i

R2(config)#router bgp 65125

neighbor 192.168.23.3 route-reflector-client

neighbor 192.168.24.4 route-reflector-client

R5(config)#router bgp 65126

neighbor 192.168.56.6 route-reflector-client

neighbor 192.168.57.7 route-reflector-client

R8(config)#router bgp 65127

neighbor 192.168.81.10 route-reflector-client

neighbor 192.168.89.9 route-reflector-client

Now we can see all our routes properly.

R2#sh ip bgp

<snip>

Network Next Hop Metric LocPrf Weight Path

*> 2.2.2.2/32 0.0.0.0 0 32768 i

*>i3.3.3.3/32 192.168.23.3 0 100 0 i

*>i4.4.4.4/32 192.168.24.4 0 100 0 i

* 5.5.5.5/32 192.168.58.5 0 100 0 (65127 65126) i

*> 192.168.25.5 0 100 0 (65126) i

*> 6.6.6.6/32 192.168.56.6 0 100 0 (65126) i

*> 7.7.7.7/32 192.168.57.7 0 100 0 (65126) i

* 8.8.8.8/32 192.168.58.8 0 100 0 (65126 65127) i

*> 192.168.28.8 0 100 0 (65127) i

*> 9.9.9.9/32 192.168.89.9 0 100 0 (65126 65127) i

* 192.168.89.9 0 100 0 (65127) i

*> 10.10.10.10/32 192.168.81.10 0 100 0 (65126 65127) i

* 192.168.81.10 0 100 0 (65127) i

*>i172.16.0.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.1.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.2.0/24 192.168.23.3 0 100 0 100 i

*>i172.16.3.0/24 192.168.23.3 0 100 0 100 i

*> 172.16.4.0/24 192.168.89.9 0 100 0 (65126 65127) 200 i

* 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.5.0/24 192.168.89.9 0 100 0 (65126 65127) 200 i

* 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.6.0/24 192.168.89.9 0 100 0 (65126 65127) 200 i

* 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.7.0/24 192.168.89.9 0 100 0 (65126 65127) 200 i

* 192.168.89.9 0 100 0 (65127) 200 i

R5#sh ip bgp

<snip>

Network Next Hop Metric LocPrf Weight Path

* 2.2.2.2/32 192.168.28.2 0 100 0 (65127 65125) i

*> 192.168.25.2 0 100 0 (65125) i

* 3.3.3.3/32 192.168.23.3 0 100 0 (65127 65125) i

*> 192.168.23.3 0 100 0 (65125) i

* 4.4.4.4/32 192.168.24.4 0 100 0 (65127 65125) i

*> 192.168.24.4 0 100 0 (65125) i

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*>i6.6.6.6/32 192.168.56.6 0 100 0 i

*>i7.7.7.7/32 192.168.57.7 0 100 0 i

* 8.8.8.8/32 192.168.28.8 0 100 0 (65125 65127) i

*> 192.168.58.8 0 100 0 (65127) i

*> 9.9.9.9/32 192.168.89.9 0 100 0 (65127) i

*> 10.10.10.10/32 192.168.81.10 0 100 0 (65127) i

* 172.16.0.0/24 192.168.23.3 0 100 0 (65127 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.1.0/24 192.168.23.3 0 100 0 (65127 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.2.0/24 192.168.23.3 0 100 0 (65127 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.3.0/24 192.168.23.3 0 100 0 (65127 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

*> 172.16.4.0/24 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.5.0/24 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.6.0/24 192.168.89.9 0 100 0 (65127) 200 i

*> 172.16.7.0/24 192.168.89.9 0 100 0 (65127) 200 i

R8#sh ip bgp

<snip>

Network Next Hop Metric LocPrf Weight Path

* 2.2.2.2/32 192.168.25.2 0 100 0 (65126 65125) i

*> 192.168.28.2 0 100 0 (65125) i

* 3.3.3.3/32 192.168.23.3 0 100 0 (65126 65125) i

*> 192.168.23.3 0 100 0 (65125) i

* 4.4.4.4/32 192.168.24.4 0 100 0 (65126 65125) i

*> 192.168.24.4 0 100 0 (65125) i

* 5.5.5.5/32 192.168.25.5 0 100 0 (65125 65126) i

*> 192.168.58.5 0 100 0 (65126) i

*> 6.6.6.6/32 192.168.56.6 0 100 0 (65125 65126) i

* 192.168.56.6 0 100 0 (65126) i

*> 7.7.7.7/32 192.168.57.7 0 100 0 (65125 65126) i

* 192.168.57.7 0 100 0 (65126) i

*> 8.8.8.8/32 0.0.0.0 0 32768 i

*>i9.9.9.9/32 192.168.89.9 0 100 0 i

*>i10.10.10.10/32 192.168.81.10 0 100 0 i

* 172.16.0.0/24 192.168.23.3 0 100 0 (65126 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.1.0/24 192.168.23.3 0 100 0 (65126 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.2.0/24 192.168.23.3 0 100 0 (65126 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

* 172.16.3.0/24 192.168.23.3 0 100 0 (65126 65125) 100 i

*> 192.168.23.3 0 100 0 (65125) 100 i

*>i172.16.4.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.5.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.6.0/24 192.168.89.9 0 100 0 200 i

*>i172.16.7.0/24 192.168.89.9 0 100 0 200 i

And we can ping successfully.

R6#ping 172.16.1.1 source loopback 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

Packet sent with a source address of 6.6.6.6

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/83/92 ms

R6#

R4#ping 172.16.4.1 source loopback 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:

Packet sent with a source address of 4.4.4.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/84/96 ms

R4#

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/84/96 ms

Then remaining tests are left out but all devices can now ping all loopback address successfully.

-----

One interesting thing to notable about the results of this design the configuration that I would like to explore further. But since this is about learning I will ask it in the form of a question for viewers to answer in the comments. I'll respond to any answers, and post the solution another time.

So here is the question. Why are only some of the routes showing redundant or two paths while others are not. For instance look at the show IP BGP output of R5 and R2. Notice that routes to prefixes behind R8 have two paths, a best path and an alternative. But routes to prefixes behind R5 do not from R2's perspective . So prefixes 9.9.9.9 and 10.10.10.10 have two paths but 6.6.6.6 and 7.7.7.7 do not. Same is true from R5's perspective, the routes to 2.2.2.2 and 3.3.3.3 are not redundant but 9.9.9.9 and 10.10.10.10 are. So tell me why that is? I'll post the answer in a subsequent post.

Brian's Blog

Tabs

Sunday, July 13, 2014

Lab 4 - BGP Confederation

No comments:

Post a Comment