Brian's Blog: Lab 12 - Bestpath Selection

Today we will look at a more practical method to control traffic as it enters an autonomous system called AS-Path prepending. This is the third attribute in the list of attributes evaluated during the best path selection process and is more commonly used in production environment to control how traffic enters a network.

Tasks to complete

Tasks to complete this lab:

-Configure eBGP peering between R1 and ISP1

-Configure eBGP peering between R2 and ISP2

-Configure iBGP peering between R1 and R2

-advertise the loopback addresses on R1 and R2 such that traffic

enters AS 65101 via R2's fa 0/1 interface for R1's prefixes

-Advertise the loopback addresses on R2 such that traffic originating from ISP2 enters AS 65101 via R2's S1/0 interface for R2 loopback address and via R1s s1/0 interface for R1's loopback addresses

Topology

GNS3 files: Link

Solution

So as I always do with these labs, I begin by setting up the basics and in this case that would be our peering configuration.

R1(config)#router bgp 65101

R1(config-router)#neighbor 192.168.12.2 remote-as 65101

R1(config-router)# neighbor 192.168.13.11 remote-as 65102

R2(config)#router bgp 65101

R2(config-router)#neighbor 192.168.12.1 remote-as 65101

R2(config-router)#neighbor 192.168.23.11 remote-as 65102

R2(config-router)#neighbor 192.168.24.22 remote-as 65103

And let's advertise our loopbacks to our ISP's

R1(config)#router bgp 65101

R1(config-router)#network 10.10.0.0 mask 255.255.255.0

R1(config-router)#network 10.10.1.0 mask 255.255.255.0

R1(config-router)#network 10.10.2.0 mask 255.255.255.0

R1(config-router)#network 10.10.3.0 mask 255.255.255.0

R2(config)#router bgp 65101

R2(config-router)#network 10.10.4.0 mask 255.255.255.0

R2(config-router)#network 10.10.5.0 mask 255.255.255.0

R2(config-router)#network 10.10.6.0 mask 255.255.255.0

R2(config-router)#network 10.10.7.0 mask 255.255.255.0

Now let's see how things look from our ISP's perspective though normally you wouldn't really be able to do this.

ISP1#sh ip bgp | b Network

Network Next Hop Metric LocPrf Weight Path

* 10.10.0.0/24 99.1.1.22 0 65103 65101 i

* 192.168.23.2 0 65101 i

*> 192.168.13.1 0 0 65101 i

* 10.10.1.0/24 99.1.1.22 0 65103 65101 i

* 192.168.23.2 0 65101 i

*> 192.168.13.1 0 0 65101 i

* 10.10.2.0/24 99.1.1.22 0 65103 65101 i

* 192.168.13.1 0 0 65101 i

*> 192.168.23.2 0 65101 i

* 10.10.3.0/24 99.1.1.22 0 65103 65101 i

* 192.168.13.1 0 0 65101 i

*> 192.168.23.2 0 65101 i

* 10.10.4.0/24 99.1.1.22 0 65103 65101 i

* 192.168.13.1 0 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.5.0/24 192.168.13.1 0 65101 i

* 99.1.1.22 0 65103 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.6.0/24 99.1.1.22 0 65103 65101 i

* 192.168.13.1 0 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.7.0/24 99.1.1.22 0 65103 65101 i

Network Next Hop Metric LocPrf Weight Path

* 192.168.13.1 0 65101 i

*> 192.168.23.2 0 0 65101 i

ISP2#sh ip bgp | b Network

Network Next Hop Metric LocPrf Weight Path

*> 10.10.0.0/24 192.168.24.2 0 65101 i

* 99.1.1.11 0 65102 65101 i

* 10.10.1.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 65101 i

* 10.10.2.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 65101 i

* 10.10.3.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 65101 i

* 10.10.4.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 0 65101 i

* 10.10.5.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 0 65101 i

* 10.10.6.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 0 65101 i

* 10.10.7.0/24 99.1.1.11 0 65102 65101 i

*> 192.168.24.2 0 0 65101 i

OK, things look as if they have been advertise correctly. But we have some specific traffic engineering requirements that the lab has specified.

First we need to have any traffic originating in AS 65102 enter AS 65101 via R2's fa0/1 interface. Since BGP is a vector based protocol and a longer AS prefix is less desirable adding additional AS to the AS-Path set would make other paths more desirable. So let's begin by prepending a few more AS 65101's to the advertisement going out fa0/1. That way that vector will be less desirable.

R1(config)#route-map AS_PREPEND permit

R1(config-route-map)#set as-path prepend 65101 65101 65101

R1(config-route-map)#exit

R1(config)#router bgp 65101

R1(config-router)#neighbor 192.168.13.11 route-map AS_PREPEND out

R2(config)#route-map AS_PREPEND permit

R2(config-route-map)#set as-path prepend 65101 65101 65101

R2(config-route-map)#exit

R2(config)#router bgp 65101

R2(config-router)#neighbor 192.168.24.11 route-map AS_PREPEND out

In this solution I've elected to prepend all outbound advertised routes to the selected neighbor but it would be also possible to use an ACL, prefix-list, or as-path access list to filter which prefixes to prepend if that was required.

So let's look at the results…

ISP1#sh ip bgp | b Network

Network Next Hop Metric LocPrf Weight Path

*> 10.10.0.0/24 192.168.23.2 0 65101 i

* 192.168.13.1 0 0 65101 65101 65101 65101 i

*> 10.10.1.0/24 192.168.23.2 0 65101 i

* 192.168.13.1 0 0 65101 65101 65101 65101 i

* 10.10.2.0/24 192.168.13.1 0 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 65101 i

* 10.10.3.0/24 192.168.13.1 0 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 65101 i

* 10.10.4.0/24 192.168.13.1 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.5.0/24 192.168.13.1 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.6.0/24 192.168.13.1 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 0 65101 i

* 10.10.7.0/24 192.168.13.1 0 65101 65101 65101 65101 i

*> 192.168.23.2 0 0 65101 i

ISP2#sh ip bgp | b Network

Network Next Hop Metric LocPrf Weight Path

* 10.10.0.0/24 192.168.24.2 0 65101 65101 65101 65101 i

*> 99.1.1.11 0 65102 65101 i

*> 10.10.1.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 65101 65101 65101 65101 i

*> 10.10.2.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 65101 65101 65101 65101 i

*> 10.10.3.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 65101 65101 65101 65101 i

*> 10.10.4.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 0 65101 65101 65101 65101 i

*> 10.10.5.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 0 65101 65101 65101 65101 i

*> 10.10.6.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 0 65101 65101 65101 65101 i

*> 10.10.7.0/24 99.1.1.11 0 65102 65101 i

* 192.168.24.2 0 0 65101 65101 65101 65101 i

That looks correct, but let's confirm things

ISP1#traceroute 10.10.0.1 source loopback 10

Type escape sequence to abort.

Tracing the route to 10.10.0.1

1 192.168.23.2 20 msec 24 msec 28 msec

2 192.168.12.1 24 msec * 60 msec

ISP1#traceroute 10.10.4.1 source loopback 10

Type escape sequence to abort.

Tracing the route to 10.10.4.1

1 192.168.23.2 20 msec * 44 msec

ISP2#traceroute 10.10.0.1 source loopback 10

Type escape sequence to abort.

Tracing the route to 10.10.0.1

1 99.1.1.11 20 msec 24 msec 36 msec

2 192.168.23.2 24 msec 32 msec 36 msec

3 192.168.12.1 88 msec * 60 msec

ISP2#traceroute 10.10.4.1 source loopback 10

Type escape sequence to abort.

Tracing the route to 10.10.4.1

1 99.1.1.11 16 msec 32 msec 24 msec

2 192.168.23.2 24 msec * 56 msec

We are all done…

I welcome anyone's constructive input or thoughts on the above lab and its solution. Simply comment below...

Sources:

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

Brian's Blog

Tabs

Sunday, August 3, 2014

Lab 12 - Bestpath Selection - ASPATH Prepend

No comments:

Post a Comment