CTs take on BGP.

cisco_trooper

kryolla wrote:

dtlokee wrote:

What was the issue? .

Was it BGP adjacencies or routes from EBGP not going into the routing table

Basically in my original topology I had iBGP peers set on loopback addresses. When I set the next-hop-self option on BGP1 and BGP2, all the correct routes appeared in the routing table with a next hop address of the lo0 interface. This was fine, looked good. I decided to ping from IGP1 to BGP3 to test connectivity across the ASs. Ping failed, I ASSumed this was incorrect and then began changing the iBGP peers to physical interfaces. Got it all done, had routes in the routing table. Ping failed again from IGP1 to BGP3.

I'm going to let you think about it for a second, but it is rather stupid and rather easy. The original loopback peers probably worked, but I was not paying attention to what was going on when I gave the ping command. Let me know when you give up.

dtlokee

cisco_trooper wrote:

I'm going to let you think about it for a second, but it is rather stupid and rather easy. The original loopback peers probably worked, but I was not paying attention to what was going on when I gave the ping command. Let me know when you give up.

I'm gonna guess operator error, BGP is too dumb to do anything other than what you told it to do

cisco_trooper

dtlokee wrote:

cisco_trooper wrote:

I'm going to let you think about it for a second, but it is rather stupid and rather easy. The original loopback peers probably worked, but I was not paying attention to what was going on when I gave the ping command. Let me know when you give up.

I'm gonna guess operator error, BGP is too dumb to do anything other than what you told it to do

You might say that. The ping was technically coming from in interface that was not in the BGP routing domain. That being said, BGP3 didn't know what to do with it. BLACK HOLE.

After I adjusted to source address of the ping it worked fine. I'm done chasing this ghost fellas. Time to get back on track with forming the peers between AS300 and AS400 and see if I can break something for real.

cisco_trooper

Full configs and drawing can be found at

http://www.ipnetworksllc.com/routerconfigs

cisco_trooper

Configs have been updated with distribute-lists so that each AS is only advertising addresses within it. So, as of now, no AS should be able to become a transit AS between the other two AS's. Next on the list is route-maps to improve route selection for the multi-homed AS's.

These configs can be found at http://www.ipnetworksllc.com/routerconfigs

Hopefully someone finds these useful.

cisco_trooper

Anyone have any experience using extended access-lists with route-maps? My question is, how are the source and destination ip addresses of the access-list used in route map matching?

for example
access-list 102 remark Example
access-list 102 permit ip 192.168.255.32 0.0.0.7 192.168.255.40 0.0.0.7

route-map Example permit 10
match ip address 102
set local-preference 200

does the match ip address 102 command match both source and destination IP addresses?

Not having much luck here. Trying to do something that I'm beginning to think I cannot do.

dtlokee

When applying an extended ACL in BGP the "source" will specify what prefix to match and the "destination" will specify what the length of the subnet mask is. This is similar to the prefix-list concept where you match the prefix and the length of the mask.

for example:

access-list 101 permit ip 10.1.0.0 0.0.255.255 255.255.0.0 0.0.255.255 will match 10.1.x.x with a mask between /16 - /32

cisco_trooper

dtlokee wrote:

When applying an extended ACL in BGP the "source" will specify what prefix to match and the "destination" will specify what the length of the subnet mask is. This is similar to the prefix-list concept where you match the prefix and the length of the mask.

for example:

access-list 101 permit ip 10.1.0.0 0.0.255.255 255.255.0.0 0.0.255.255 will match 10.1.x.x with a mask between /16 - /32

Thanks DT. That answers my question.


another question since I'm not yet convinced this can't be done.


I Have BGP4 in AS400.
I Have BGP3 in AS300 with two directly connected networks 192.168.255.32/30 and 192.168.255.36/30
I Have IGP3 in AS300 with two directly connected networks 192.168.255.48/30 and 192.168.255.52/30.

BGP4 has direct connections to both BGP3 and IGP3. I want BGP4 to use the direct connection to BGP3 for networks 192.168.255.32 and .36, and want BGP4 to use the direct connection to IGP3 for networks 192.168.255.48 and .52.

I'm sure this can be done but I keep striking out....Any suggestions?



EDIT: Forgot to mention BGP3 and IGP3 are directly connected also.

cisco_trooper

Nevermind. Im retarded.

dtlokee

Well since they are in the same AS you can use MED (metric) or AS path prepending on the BGP 3 and IGP 3 routers, or you can use something like weight or local preference on the BGP 4 router. This is if I understand your description of the network correctly.

BTW your naming scheme could use some improvement

cisco_trooper

dtlokee wrote:

Well since they are in the same AS you can use MED (metric) or AS path prepending on the BGP 3 and IGP 3 routers, or you can use something like weight or local preference on the BGP 4 router. This is if I understand your description of the network correctly.

BTW your naming scheme could use some improvement

I know it, but if I change it now then the rest of the thread becomes gibberish. and there is a drawing out there too....

i think i keep doing my route-map bass ackwards. just now i set local pref on incoming routes and worked fine. that's another thing. i though local pref could only be set on internal routes, but i had no problem doing it just now.

dtlokee

cisco_trooper wrote:

dtlokee wrote:

Well since they are in the same AS you can use MED (metric) or AS path prepending on the BGP 3 and IGP 3 routers, or you can use something like weight or local preference on the BGP 4 router. This is if I understand your description of the network correctly.

BTW your naming scheme could use some improvement

I know it, but if I change it now then the rest of the thread becomes gibberish. and there is a drawing out there too....

i think i keep doing my route-map bass ackwards. just now i set local pref on incoming routes and worked fine. that's another thing. i though local pref could only be set on internal routes, but i had no problem doing it just now.

You can set local pref on any route it will only be propigated within the AS you set it, it won't be sent to other autonomous systems.

Also if you use MED remember that a route without a med will be assigned the value of zero so anything you set it to will be higher (and less preferred). Now you can use the "bgp bestpath misssing-as-worst" command to tell the router to set the missing MED to 4294967294 (which is the highest vlaue) to fix the problem (in fact this is how the RFC's say it should be done but Cisco does not do it this way by default.)

cisco_trooper

Alright, I think I have this ironed out. Uploaded configs have been updated. Anyone willing to critique, please do. You can't hurt my feelings, but if you try I would appreciate it.

Thanks guys.

http://www.ipnetworksllc.com/routerconfigs/BGP.zip

cisco_trooper

Alright, so I guess no one wants to take cheap shots based on my configurations. I guess I'm closing this book and moving on to multicasting and IPv6. The end is near fellas.

cisco_trooper

Ok. Anyone have any experience with the neighbor x.x.x.x remove-private-AS command?

I have a private BGP AS 65000 being advertised into ASes 209 and 7132.

I have tried the command on all peers and the AS number is still propagated in the AS Path to AS 209 and AS 7132....

Not a big deal but it has officially piqued my curiosity....

Mrock4

...nevermind....

mikej412

Are you getting caught by any of the conditions?

Removing Private Autonomous System Numbers in BGP

The following conditions apply:

* You can only use this solution with external BGP (eBGP) peers.

* If the update has only private AS numbers in the AS_PATH, BGP removes these numbers.

* If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.

* If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.

* If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.

Which AS is pretending to be the ISP for that private AS? Where did you configure the command?

When a private AS number is allocated to the customer network, the BGP updates from the customer network to ISP will have the private AS number in its AS_PATH list. When the ISP propagates its network information to the global BGP table (Internet), it should not propagate the AS_PATH with the private AS number of the customer to the Internet. To help the ISP remove the private AS number from its AS_PATH list, use the Cisco IOS remove-private-as command.

cisco_trooper

We have a winner!!

* If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number

Thanks mike, always knew you would be good for something one day...

Mrock4

CT Don't pretend you're actually studying....

cisco_trooper

Ok BGP Regex experts. I'm trying to create a regex to filter routes based on the AS_Path attributes.

What I am TRYING to do is filter on ONLY the last AS value in the AS_Path, and I don't know if it is possible.

Let me use AS number 31932 as an example.

I want the regex to match Paths like 111 222 31932 and 11 22 33 31932 but I DON'T want a match on things like 111 31932 222. I only want a match when the AS is the last in the path.

Can this be done? I keep striking out here.

cisco_trooper

I think I got it. I was thinking too hard about this...I walked away and it came right to me....

ip as-path access-list 1 permit ^.*31932$

kryolla

use sh ip bgp regexp to test it out before apply it to as-path access list

cisco_trooper

kryolla wrote:

use sh ip bgp regexp to test it out before apply it to as-path access list

awesome command. i didn't know that was there.

while i'm here, this might be an even more effective regex...

ip as-path access-list 1 permit ^.*(31932)$