Brian's Blog: Lab 2 – BGP aggregate addressing

This lab focuses on BGP aggregate addressing techniques and general use of the aggregate-address command.

Concepts tested:

Use of aggregate-address, as-set, summary-only, attribute-map
Preventing AS path loops with aggregate addressing
Aggregate address attribute property inheritance

Topology Used

Tasks:

Using the aggregate-address command to complete the following tasks:

Configure eBGP on all routers per the diagram
Advertise all loopback addresses on R3 and R4 into BGP
Summarize the loopbacks of R3 and R4 on R2
Modify the prefix 172.16.1.0/24 to include the no-export community when advertised to AS 200
R3 and R4 should only see their own BGP prefixes in their local BGP RIB table
R3 and R4 should not see the summary address in its local BGP RIB table
R1 should only be able to see the summary network in its local BG RIB table
Do not use prefix filtering to accomplish this
Any summarization should only contain R3 and R4 prefixes with no overlap with any other prefixes

GNS3 Topology link (requires IOS 15 for 7200 router): Link

Solution

1. Advertise loopbacks:

R3(config)#router bgp 300

R3(config-router)#network 172.16.0.0 mask 255.255.255.0

R3(config-router)#network 172.16.1.0 mask 255.255.255.0

R3(config-router)#network 172.16.2.0 mask 255.255.255.0

R3(config-router)#network 172.16.3.0 mask 255.255.255.0

R3(config)#router bgp 400

R3(config-router)#network 172.16.4.0 mask 255.255.255.0

R3(config-router)#network 172.16.5.0 mask 255.255.255.0

R3(config-router)#network 172.16.6.0 mask 255.255.255.0

R3(config-router)#network 172.16.7.0 mask 255.255.255.0

Verify:

R1#sh ip bgp

BGP table version is 9, local router ID is 192.168.12.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/24 192.168.12.2 0 200 300 i

*> 172.16.1.0/24 192.168.12.2 0 200 300 i

*> 172.16.2.0/24 192.168.12.2 0 200 300 i

*> 172.16.3.0/24 192.168.12.2 0 200 300 i

*> 172.16.4.0/24 192.168.12.2 0 200 400 i

*> 172.16.5.0/24 192.168.12.2 0 200 400 i

*> 172.16.6.0/24 192.168.12.2 0 200 400 i

*> 172.16.7.0/24 192.168.12.2 0 200 400 i

R2#sh ip bgp

BGP table version is 9, local router ID is 192.168.24.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/24 192.168.23.3 0 0 300 i

*> 172.16.1.0/24 192.168.23.3 0 0 300 i

*> 172.16.2.0/24 192.168.23.3 0 0 300 i

*> 172.16.3.0/24 192.168.23.3 0 0 300 i

*> 172.16.4.0/24 192.168.24.4 0 0 400 i

*> 172.16.5.0/24 192.168.24.4 0 0 400 i

*> 172.16.6.0/24 192.168.24.4 0 0 400 i

*> 172.16.7.0/24 192.168.24.4 0 0 400 i

R3#sh ip bgp

*Jul 1 06:18:30.223: %SYS-5-CONFIG_I: Configured from console by console

R3#sh ip bgp

BGP table version is 9, local router ID is 172.16.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/24 0.0.0.0 0 32768 i

*> 172.16.1.0/24 0.0.0.0 0 32768 i

*> 172.16.2.0/24 0.0.0.0 0 32768 i

*> 172.16.3.0/24 0.0.0.0 0 32768 i

*> 172.16.4.0/24 192.168.23.2 0 200 400 i

*> 172.16.5.0/24 192.168.23.2 0 200 400 i

*> 172.16.6.0/24 192.168.23.2 0 200 400 i

*> 172.16.7.0/24 192.168.23.2 0 200 400 i

R4#sh ip bgp

BGP table version is 9, local router ID is 172.16.7.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/24 192.168.24.2 0 200 300 i

*> 172.16.1.0/24 192.168.24.2 0 200 300 i

*> 172.16.2.0/24 192.168.24.2 0 200 300 i

*> 172.16.3.0/24 192.168.24.2 0 200 300 i

*> 172.16.4.0/24 0.0.0.0 0 32768 i

*> 172.16.5.0/24 0.0.0.0 0 32768 i

*> 172.16.6.0/24 0.0.0.0 0 32768 i

*> 172.16.7.0/24 0.0.0.0 0 32768 i

2. Create aggregate so only the summary is only seen on R1 and R3 and R4 only see each other's prefixes:

R2(config)#router bgp 200

R2(config-router)#aggregate-address 172.16.0.0 255.255.248.0 as-set summary-only

Verify:

R1#sh ip bgp

BGP table version is 18, local router ID is 192.168.12.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/21 192.168.12.2 0 0 200 {300,400} i

R3(config-router)#do sh ip bgp

BGP table version is 13, local router ID is 172.16.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0/24 0.0.0.0 0 32768 i

*> 172.16.1.0/24 0.0.0.0 0 32768 i

*> 172.16.2.0/24 0.0.0.0 0 32768 i

*> 172.16.3.0/24 0.0.0.0 0 32768 i

R3#debug ip bgp updates

<snip>

*Jul 1 06:23:23.223: BGP(0): 192.168.23.2 rcv UPDATE about 172.16.0.0/21 -- DENIED due to: AS-PATH contains our own AS;

R4#sh ip bgp

BGP table version is 13, local router ID is 172.16.7.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.4.0/24 0.0.0.0 0 32768 i

*> 172.16.5.0/24 0.0.0.0 0 32768 i

*> 172.16.6.0/24 0.0.0.0 0 32768 i

*> 172.16.7.0/24 0.0.0.0 0 32768 i

R4#debug ip bgp updates

*Jul 1 06:24:51.203: BGP(0): 192.168.24.2 rcv UPDATE about 172.16.0.0/21 -- DENIED due to: AS-PATH contains our own AS;

3. Modify prefix 172.16.1.0/24 to send no-export community and ensure R1 can still see aggregate address:

R3:

route-map SET_NO_EXPORT permit 10

match ip address 1

set community no-export

route-map SET_NO_EXPORT permit 999

router bgp 300

neighbor 192.168.23.2 send-community

neighbor 192.168.23.2 route-map SET_NO_EXPORT out

R2:

access-list 1 permit 172.16.1.0 0.0.0.255

route-map ATTRIBUTE_MAP permit 10

set community none

router bgp 200

aggregate-address 172.16.0.0 255.255.248.0 as-set summary-only attribute-map ATTRIBUTE_MAP

neighbor 192.168.12.1 send-community

Verify:

R2#sh ip bgp 172.16.1.0/24

BGP routing table entry for 172.16.1.0/24, version 19

Paths: (1 available, best #1, table default, not advertised to EBGP peer, Advertisements suppressed by an aggregate.)

Not advertised to any peer

300

192.168.23.3 from 192.168.23.3 (172.16.3.1)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: no-export

R2#sh ip bgp 172.16.0.0/21

BGP routing table entry for 172.16.0.0/21, version 20

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Not advertised to any peer

{300,400}, (aggregated by 200 192.168.24.2)

0.0.0.0 from 0.0.0.0 (192.168.24.2)

Origin IGP, localpref 100, weight 32768, valid, aggregated, local, best

Community: no-export

R1#sh ip bgp 172.16.0.0/21

BGP routing table entry for 172.16.0.0/21, version 20

Paths: (1 available, best #1, table default)

Not advertised to any peer

200 {300,400}, (aggregated by 200 192.168.24.2)

192.168.12.2 from 192.168.12.2 (192.168.24.2)

Origin IGP, metric 0, localpref 100, valid, external, best

Brian's Blog

Tabs

Sunday, July 6, 2014

Lab 2 – BGP aggregate addressing

No comments:

Post a Comment