Tuesday, July 29, 2014

Lab 9 - BGP Peer Groups


This small lab focuses on the use of Peer Groups to simplify BGP configuration

Complete the following tasks:
-Configure iBGP peerings between R2-R3, R2-R4, and R2-R1
-Configure R3,R4, and R1 and route reflector clients of R2
-Configure the iBGP peering using the peer group name PEER_iBGP
-Advertise the loopback addresses of R3 and R4 and ensure R1 can reach
the loopback addresses when packets are sourced from its loopback 0
address
-All BGP peers should authenticate with the password CISCO1

Topology
  

Concepts tested:
-Peer groups
-Prefix advertisement
-route reflectors

GNS3 files: Link


Solution

Let's begin with configuring our iBGP peering.

R1(config)#router bgp 100
R1(config-router)#neighbor 192.168.12.2 remote-as 100
R1(config-router)#neighbor 192.168.12.2 password CISCO1

Below we use the peer-group option to create a single configuration profile that we can then apply to multiple peers. In this case R1, R3, and R4.

R2(config)#router bgp 100
R2(config-router)#neighbor PEER_IBGP peer-group
R2(config-router)#neighbor PEER_IBGP remote-as 100
R2(config-router)#neighbor PEER_IBGP route-reflector-client
R2(config-router)#neighbor PEER_IBGP next-hop-self
R2(config-router)#neighbor PEER_IBGP password CISCO1
R2(config-router)#neighbor 192.168.23.3 peer-group PEER_IBGP
R2(config-router)#neighbor 192.168.12.1 peer-group PEER_IBGP
R2(config-router)#neighbor 192.168.24.4 peer-group PEER_IBGP

Also, we use the password option on the neighbor command to configure MD5 authentication between our peers.

R3(config)#router bgp 100
R3(config-router)#neighbor 192.168.23.2 remote-as 100
R3(config-router)#neighbor 192.168.23.2 password CISCO1

R4(config)#router bgp 100
R4(config-router)#neighbor 192.168.24.2 remote-as 100
R4(config-router)#neighbor 192.168.24.2 password CISCO1

Now let's advertise our loopback addresses

R1(config-if)#router bgp 100
R1(config-router)#network 1.1.1.0 mask 255.255.255.0

R3(config)#router bgp 100
R3(config-router)#network 172.16.0.0 mask 255.255.255.0
R3(config-router)#network 172.16.1.0 mask 255.255.255.0
R3(config-router)#network 172.16.2.0 mask 255.255.255.0
R3(config-router)#network 172.16.3.0 mask 255.255.255.0

R4(config)#router bgp 100
R4(config-router)#network 172.16.4.0 mask 255.255.255.0
R4(config-router)#network 172.16.5.0 mask 255.255.255.0
R4(config-router)#network 172.16.6.0 mask 255.255.255.0
R4(config-router)#network 172.16.7.0 mask 255.255.255.0

Now we should just have to advertise our loopback address on R1 and we should be good to go.

R1(config)#int lo 0
R1(config-if)#ip add 1.1.1.1 255.255.255.0


R1#ping 172.16.1.1 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/46/68 ms




Posted by on
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)