Options
Another BGP question (i know more this time!)
Ok so i went and hit the books and watched some CBT nuggets on BGP and i feel i have a much better understanding now. If anyone has been the new BSCI CBT nuggets on BGP i have configured a lab pretty much exactly the same as in their BGP implementation and tuning topics. Except i used EIGRP instead of OSPF for the IGP...
Anyway here is the network;
ok so all the routers in AS5500 are running EIGRP as their IGP and i have also configured iBGP so that they are all fully meshed.
here is the routing table on R1:
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [200/0] via 4.4.4.4, 00:33:31
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/3200000] via 10.1.13.2, 00:00:07, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/2297856] via 10.1.12.2, 00:32:25, Serial1/0
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/2809856] via 10.1.12.2, 00:00:07, Serial1/0
B 200.1.1.0/24 [200/0] via 4.4.4.4, 00:33:31
B 200.1.2.0/24 [200/0] via 4.4.4.4, 00:33:31
10.0.0.0/30 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial1/1
C 10.1.12.0 is directly connected, Serial1/0
D 10.1.24.0 [90/2681856] via 10.1.12.2, 00:00:24, Serial1/0
D 10.1.34.0 [90/3193856] via 10.1.12.2, 00:00:24, Serial1/0
R1#
and the BGP table:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 5500 36 37 61 0 0 00:33:31 0
3.3.3.3 4 5500 36 37 61 0 0 00:33:00 0
4.4.4.4 4 5500 120 105 61 0 0 00:34:30 3
the only issue i am having is that my pings are failing to the 200..... networks connected to R5. Im pretty sure that this is because R5 does not have any routes back to AS5500, here is R5s routing table:
C 200.1.4.0/24 is directly connected, Loopback4
50.0.0.0/24 is subnetted, 1 subnets
C 50.1.1.0 is directly connected, Loopback78
C 200.1.5.0/24 is directly connected, Loopback5
C 200.1.6.0/24 is directly connected, Loopback6
4.0.0.0/32 is subnetted, 1 subnets
S 4.4.4.4 [1/0] via 10.1.45.1
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback10
C 200.1.1.0/24 is directly connected, Loopback1
C 200.1.2.0/24 is directly connected, Loopback2
C 200.1.3.0/24 is directly connected, Loopback3
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.45.0 is directly connected, Serial1/2
BGP neighbour table on R5:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 31 30 28 0 0 00:25:58 0
So from what i have gathered is that its best not to advertise my private networks (as5500) into the internet (as6500) and also the other way round is true as well. So the only way i have got pings to flow from my routers in As5500 to the 200.... networks was just to stick a default route in R5 so that it routes everything top 10.1.45.1.
But i can't see that was being the best / only solution, especially if there was another AS on the other side of R5. I went back through the nuggets but he doesnt really show much config on R5... can anyone suggest a different solution to using a default route on R5?
here are some running configs for more info as well:
R4:
!
interface Loopback1
ip address 4.4.4.4 255.255.255.255
!
interface Serial1/0
ip address 10.1.34.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.24.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 10.1.45.1 255.255.255.252
serial restart-delay 0
!
router eigrp 10
network 4.4.4.4 0.0.0.0
network 10.1.24.2 0.0.0.0
network 10.1.34.2 0.0.0.0
no auto-summary
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor group peer-group
neighbor group remote-as 5500
neighbor group update-source Loopback1
neighbor group next-hop-self
neighbor 1.1.1.1 peer-group group
neighbor 2.2.2.2 peer-group group
neighbor 3.3.3.3 peer-group group
neighbor 5.5.5.5 remote-as 6500
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback1
no auto-summary
!
ip route 5.5.5.5 255.255.255.255 10.1.45.2
R5:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
interface Loopback1
ip address 200.1.1.1 255.255.255.0
!
interface Loopback2
ip address 200.1.2.1 255.255.255.0
!
interface Loopback3
ip address 200.1.3.1 255.255.255.0
!
interface Loopback4
ip address 200.1.4.1 255.255.255.0
!
interface Loopback5
ip address 200.1.5.1 255.255.255.0
!
interface Loopback6
ip address 200.1.6.1 255.255.255.0
!
interface Loopback10
ip address 5.5.5.5 255.255.255.255
!
interface Loopback78
ip address 50.1.1.1 255.255.255.0
!
!
interface Serial1/2
ip address 10.1.45.2 255.255.255.252
serial restart-delay 0
router eigrp 10
network 4.4.4.4 0.0.0.0
network 10.1.24.0 0.0.0.255
network 10.1.34.0 0.0.0.255
auto-summary
!
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 50.1.1.0 mask 255.255.255.0
network 200.1.1.0
network 200.1.2.0
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback10
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.1.45.1
ip route 4.4.4.4 255.255.255.255 10.1.45.1
R1:
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
bandwidth 1000
ip address 10.1.13.1 255.255.255.252
serial restart-delay 0
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.0.0.0
no auto-summary
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor group peer-group
neighbor group remote-as 5500
neighbor group update-source Loopback1
neighbor group next-hop-self
neighbor 2.2.2.2 peer-group group
neighbor 3.3.3.3 peer-group group
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 update-source Loopback1
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
end
wow lots of info there.... thanks for the help guys!
Anyway here is the network;
ok so all the routers in AS5500 are running EIGRP as their IGP and i have also configured iBGP so that they are all fully meshed.
here is the routing table on R1:
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
50.0.0.0/24 is subnetted, 1 subnets
B 50.1.1.0 [200/0] via 4.4.4.4, 00:33:31
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/3200000] via 10.1.13.2, 00:00:07, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/2297856] via 10.1.12.2, 00:32:25, Serial1/0
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/2809856] via 10.1.12.2, 00:00:07, Serial1/0
B 200.1.1.0/24 [200/0] via 4.4.4.4, 00:33:31
B 200.1.2.0/24 [200/0] via 4.4.4.4, 00:33:31
10.0.0.0/30 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial1/1
C 10.1.12.0 is directly connected, Serial1/0
D 10.1.24.0 [90/2681856] via 10.1.12.2, 00:00:24, Serial1/0
D 10.1.34.0 [90/3193856] via 10.1.12.2, 00:00:24, Serial1/0
R1#
and the BGP table:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 5500 36 37 61 0 0 00:33:31 0
3.3.3.3 4 5500 36 37 61 0 0 00:33:00 0
4.4.4.4 4 5500 120 105 61 0 0 00:34:30 3
the only issue i am having is that my pings are failing to the 200..... networks connected to R5. Im pretty sure that this is because R5 does not have any routes back to AS5500, here is R5s routing table:
C 200.1.4.0/24 is directly connected, Loopback4
50.0.0.0/24 is subnetted, 1 subnets
C 50.1.1.0 is directly connected, Loopback78
C 200.1.5.0/24 is directly connected, Loopback5
C 200.1.6.0/24 is directly connected, Loopback6
4.0.0.0/32 is subnetted, 1 subnets
S 4.4.4.4 [1/0] via 10.1.45.1
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback10
C 200.1.1.0/24 is directly connected, Loopback1
C 200.1.2.0/24 is directly connected, Loopback2
C 200.1.3.0/24 is directly connected, Loopback3
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.45.0 is directly connected, Serial1/2
BGP neighbour table on R5:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 5500 31 30 28 0 0 00:25:58 0
So from what i have gathered is that its best not to advertise my private networks (as5500) into the internet (as6500) and also the other way round is true as well. So the only way i have got pings to flow from my routers in As5500 to the 200.... networks was just to stick a default route in R5 so that it routes everything top 10.1.45.1.
But i can't see that was being the best / only solution, especially if there was another AS on the other side of R5. I went back through the nuggets but he doesnt really show much config on R5... can anyone suggest a different solution to using a default route on R5?
here are some running configs for more info as well:
R4:
!
interface Loopback1
ip address 4.4.4.4 255.255.255.255
!
interface Serial1/0
ip address 10.1.34.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.24.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 10.1.45.1 255.255.255.252
serial restart-delay 0
!
router eigrp 10
network 4.4.4.4 0.0.0.0
network 10.1.24.2 0.0.0.0
network 10.1.34.2 0.0.0.0
no auto-summary
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor group peer-group
neighbor group remote-as 5500
neighbor group update-source Loopback1
neighbor group next-hop-self
neighbor 1.1.1.1 peer-group group
neighbor 2.2.2.2 peer-group group
neighbor 3.3.3.3 peer-group group
neighbor 5.5.5.5 remote-as 6500
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback1
no auto-summary
!
ip route 5.5.5.5 255.255.255.255 10.1.45.2
R5:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
interface Loopback1
ip address 200.1.1.1 255.255.255.0
!
interface Loopback2
ip address 200.1.2.1 255.255.255.0
!
interface Loopback3
ip address 200.1.3.1 255.255.255.0
!
interface Loopback4
ip address 200.1.4.1 255.255.255.0
!
interface Loopback5
ip address 200.1.5.1 255.255.255.0
!
interface Loopback6
ip address 200.1.6.1 255.255.255.0
!
interface Loopback10
ip address 5.5.5.5 255.255.255.255
!
interface Loopback78
ip address 50.1.1.1 255.255.255.0
!
!
interface Serial1/2
ip address 10.1.45.2 255.255.255.252
serial restart-delay 0
router eigrp 10
network 4.4.4.4 0.0.0.0
network 10.1.24.0 0.0.0.255
network 10.1.34.0 0.0.0.255
auto-summary
!
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 50.1.1.0 mask 255.255.255.0
network 200.1.1.0
network 200.1.2.0
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback10
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.1.45.1
ip route 4.4.4.4 255.255.255.255 10.1.45.1
R1:
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
bandwidth 1000
ip address 10.1.13.1 255.255.255.252
serial restart-delay 0
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.0.0.0
no auto-summary
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor group peer-group
neighbor group remote-as 5500
neighbor group update-source Loopback1
neighbor group next-hop-self
neighbor 2.2.2.2 peer-group group
neighbor 3.3.3.3 peer-group group
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 update-source Loopback1
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
end
wow lots of info there.... thanks for the help guys!
CCIE# 38186
showroute.net
showroute.net
Comments
-
Options
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Your AS 5500 is essentially a stub network with only one path to the Internet (as 6500). This is not a good case for using BGP on your network. Typically you would only use BGP in cases where you are "multihimed" through 2 or more providers and need to be able to select the optimum path. In your example you should use a default route to exit your AS to the provider and send your IP prefixes to the provider.So from what i have gathered is that its best not to advertise my private networks (as5500) into the internet (as6500) and also the other way round is true as well
I am gueessing the private networks would be your RFC 1918 (10.x.x.x, 172.16.x.x, and 192.168.x.x), but you should advertise the global addresses you have (assuming the provider is willing to carry them for you, and your CIDR block is large enough for other ISPs to carry it as well) In your example you used some 200.x.x.x addresses which would be suitable to advertise to the global Internet.The only easy day was yesterday!