-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpract 3
442 lines (415 loc) · 18.5 KB
/
pract 3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
PRATICAL 3:Configuring IBGP and EBGP Sessions, LocalPreference, andMED
Topology
Objectives
1.For IBGP peers to correctly exchange routing information, use the next-hop-self command with the Local-Preference and MED attributes.
2.Ensure that the flat-rate, unlimited-use T1 link is used for sending and receiving data to and from the AS 200on ISP and that the metered T1 only be used in the event that the primary T1 link has failed.
Step 0: Suggested starting configurations.
a. Apply the following configuration to each router along with the appropriate hostname. The exec-timeout 0 0command should only be used in a lab environment.
Router(config)# no ip domain-lookup
Router(config)# line con 0
Router(config-line)# logging synchronous
Router(config-line)# exec-timeout 0 0
Step 1: Configure interface addresses.
a. Using the addressing scheme in the diagram, create the loopback interfaces and apply IPv4 addresses to these and the serial interfaces on ISP (R1), SanJose1 (R2), and SanJose2 (R3).
Router R1 (hostname ISP)
ISP(config)# interface Loopback0
ISP(config-if)# ip address 192.168.100.1 255.255.255.0
ISP(config-if)# exit
ISP(config)# interface Serial1/0
ISP(config-if)# ip address 192.168.1.5 255.255.255.252
ISP(config-if)# clock rate 128000
ISP(config-if)# no shutdown
ISP(config-if)# exit
ISP(config)# interface Serial1/1
ISP(config-if)# ip address 192.168.1.1 255.255.255.252
ISP(config-if)# no shutdown
ISP(config-if)# end
ISP#
Router R2 (hostname SanJose1)
SanJose1(config)# interface Loopback0
SanJose1(config-if)#ip address 172.16.64.1 255.255.255.0
SanJose1(config-if)# exit
SanJose1(config)# interface Serial1/0
SanJose1(config-if)#ip address 192.168.1.6 255.255.255.252
SanJose1(config-if)# no shutdown
SanJose1(config-if)# exit
SanJose1(config)# interface Serial1/1
SanJose1(config-if)#ip address 172.16.1.1 255.255.255.0
SanJose1(config-if)# clock rate 128000
SanJose1(config-if)# no shutdown
SanJose1(config-if)# end
SanJose1#
Router R3 (hostname SanJose2)
SanJose2(config)# interface Loopback0
SanJose2(config-if)#ip address 172.16.32.1 255.255.255.0
SanJose2(config-if)# exit
SanJose2(config)# interface Serial1/0
SanJose2(config-if)#ip address 192.168.1.2 255.255.255.252
SanJose2(config-if)# clock rate 128000
SanJose2(config-if)# no shutdown
SanJose2(config-if)# exit
SanJose2(config)# interface Serial1/1
SanJose2(config-if)#ip address 172.16.1.2 255.255.255.0
SanJose2(config-if)# no shutdown
SanJose2(config-if)# end
SanJose2#
b. Use ping to test the connectivity between the directly connected routers. Both SanJose routers should be able to pingeach other and their local ISP serial link IP address. The ISP router cannot reach the segment between SanJose1and SanJose2.
Step 2: Configure EIGRP.
Configure EIGRP between the SanJose1 and SanJose2 routers.
SanJose1(config)# router eigrp 1
SanJose1(config-router)# network 172.16.0.0
SanJose2(config)# router eigrp 1
SanJose2(config-router)# network 172.16.0.0
Step 3: Configure IBGP and verify BGP neighbors.
a. Configure IBGP between the SanJose1 and SanJose2 routers. On the SanJose1 router, enter the following configuration.
SanJose1(config)# router bgp 64512
SanJose1(config-router)#neighbor 172.16.32.1 remote-as 64512
SanJose1(config-router)#neighbor 172.16.32.1 update-source lo0
b. Complete the IBGP configuration on SanJose2 using the following commands.
SanJose2(config)# router bgp 64512
SanJose2(config-router)#neighbor 172.16.64.1 remote-as 64512
SanJose2(config-router)#neighbor 172.16.64.1 update-source lo0
c. Verify that SanJose1 and SanJose2 become BGP neighbors by issuing the show ipbgpneighbors command onSanJose1. View the following partial output. If the BGP state is not established, troubleshoot the connection.
SanJose2# show ipbgpneighbors
BGP neighbor is 172.16.64.1, remote AS 64512, internal link
BGP version 4, remote router ID 172.16.64.1
BGP state = Established, up for 00:00:22
Last read 00:00:22, last write 00:00:22, hold time is 180, keepalive interval is
60 seconds
Step 4: Configure EBGP and verify BGP neighbors.
a. Configure ISP to run EBGP with SanJose1 and SanJose2. Enter the following commands on ISP.
ISP(config)# router bgp 200
ISP(config-router)# neighbor 192.168.1.6 remote-as 64512
ISP(config-router)# neighbor 192.168.1.2 remote-as 64512
ISP(config-router)# network 192.168.100.0
b. Configure a discard static route for the 172.16.0.0/16 network. Any packets that do not have a more specific match(longer match) for a 172.16.0.0 subnet will be dropped instead of sent to the ISP. Later in this lab we will configure adefault route to the ISP.
SanJose1(config)# ip route 172.16.0.0 255.255.0.0 null0
c. Configure SanJose1 as an EBGP peer to ISP.
SanJose1(config)# router bgp 64512
SanJose1(config-router)#neighbor 192.168.1.5 remote-as 200
SanJose1(config-router)# network 172.16.0.0
d. Use the show ipbgpneighbors command to verify that SanJose1 and ISP have reached the established state. Troubleshoot if necessary.
SanJose1# show ipbgpneighbors
e. Configure a discard static route for 172.16.0.0/16 on SanJose2 and as an EBGP peer to ISP.
SanJose2(config)# ip route 172.16.0.0 255.255.0.0 null0
SanJose2(config)# router bgp 64512
SanJose2(config-router)#neighbor 192.168.1.1 remote-as 200
SanJose2(config-router)# network 172.16.0.0
Step 5: View BGP summary output.
In Step 4, the show ipbgpneighbors command was used to verify that SanJose1 and ISP had reached theestablished state.
A useful alternative command is show ipbgp summary. The output should be similar to thefollowing.
SanJose2# show ipbgp summary
BGP router identifier 172.16.32.1, local AS number 64512
BGP table version is 6, main routing table version 6
2 network entries using 288 bytes of memory
4 path entries using 320 bytes of memory
4/2 BGP path/bestpath attribute entries using 640 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1272 total bytes of memory
BGP activity 2/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvdMsgSentTblVerInQOutQ Up/Down
State/PfxRcd
172.16.64.1 4 64512 27 26 6 0 0 00:18:15 2
192.168.1.1 4 200 10 7 6 0 0 00:01:42 1
Step 6: Verify which path the traffic takes.
a. Clear the IP BGP conversation with the clear ipbgp * command on ISP. Wait for the conversations to reestablish
with each SanJose router.
ISP# clear ipbgp *
b. Test whether ISP can ping the loopback 0 address of 172.16.64.1 on SanJose1 and the serial link between SanJose1and SanJose2, 172.16.1.1.
ISP# ping 172.16.64.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.64.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ISP#
ISP# ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ISP#
c. Now ping from ISP to the loopback 0 address of 172.16.32.1 on SanJose2 and the serial link between SanJose1 andSanJose2, 172.16.1.2.
ISP# ping 172.16.32.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.32.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
ISP# ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
ISP#
d. Issue the show ipbgp command on ISP to verify BGP routes and metrics.
ISP# show ipbgp
e. At this point, the ISP router should be able to get to each network connected to SanJose1 and SanJose2 from the loopback address 192.168.100.1. Use the extended ping command and specify the source address of ISP Lo0 to test.
ISP# ping 172.16.1.1 source 192.168.100.1
ISP# ping 172.16.32.1 source 192.168.100.1
ISP# ping 172.16.1.2 source 192.168.100.1
ISP# ping 172.16.64.1 source 192.168.100.1
ISP# ping
Protocol [ip]:
Target IP address: 172.16.64.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.64.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms
Step 7: Configure the BGP next-hop-self feature.
a. Issue the following commands on the ISP router.
ISP(config)# router bgp 200
ISP(config-router)# network 192.168.1.0 mask 255.255.255.252
ISP(config-router)# network 192.168.1.4 mask 255.255.255.252
b. Issue the show ipbgp command to verify that the ISP is correctly injecting its own WAN links into BGP.
ISP# show ipbgp
c. Verify on SanJose1 and SanJose2 that the opposite WAN link is included in the routing table.
SanJose2# show ip route
d. To better understand the next-hop-self command we will remove ISP advertising its two WAN links and shutdown the WAN link between ISP and SanJose2. The only possible path from SanJose2 to ISP’s 192.168.100.0/24 is through SanJose1.
ISP(config)# router bgp 200
ISP(config-router)# no network 192.168.1.0 mask 255.255.255.252
ISP(config-router)# no network 192.168.1.4 mask 255.255.255.252
ISP(config-router)# exit
ISP(config)# interface serial 0/0/1
ISP(config-if)# shutdown
ISP(config-if)#
e. Display SanJose2’s BGP table using the show ipbgp command and the IPv4 routing table with show ip route.
SanJose2# show ipbgp
Network Next Hop Metric LocPrf Weight Path
* i 172.16.0.0 172.16.64.1 0 100 0 i
* i 192.168.100.0 192.168.1.5 0 100 0 200 i
SanJose2# show ip route
f. Issue the next-hop-self command on SanJose1 and SanJose2 to advertise themselves as the next hop to their IBGP peer.
SanJose1(config)# router bgp 64512
SanJose1(config-router)#neighbor 172.16.32.1 next-hop-self
SanJose2(config)# router bgp 64512
SanJose2(config-router)#neighbor 172.16.64.1 next-hop-self
g. Reset BGP operation on either router with the clear ipbgp * command.
SanJose1# clear ipbgp *
SanJose2# clear ipbgp *
h. After the routers have returned to established BGP speakers, issue the show ipbgp command on SanJose2 and notice that the next hop is now SanJose1 instead of ISP.
SanJose2# show ipbgp
i. The show ip route command on SanJose2 now displays the 192.168.100.0/24 network because SanJose1 is thenext hop, 172.16.64.1, which is reachable from SanJose2.
SanJose2# show ip route
D 172.16.64.0/24 [90/2297856] via 172.16.1.1, 04:27:19, Serial0/0/1
B 192.168.100.0/24 [200/0] via 172.16.64.1, 00:00:46
j. Before configuring the next BGP attribute, restore the WAN link between ISP and SanJose3. This will change the BGP table and routing table on both routers. For example, SanJose2’s routing table shows 192.168.100.0/24 will now have a better path through ISP.
ISP(config)# interface serial 1/1
ISP(config-if)# no shutdown
ISP(config-if)#
SanJose2# show ip route
B 192.168.100.0/24 [20/0] via 192.168.1.1, 00:01:35
Step 8: Set BGP local preference.
a. Because the local preference value is shared between IBGP neighbors, configure a simple route map that references the local preference value on SanJose1 and SanJose2. This policy adjusts outbound traffic to prefer the link off the SanJose1 router instead of the metered T1 off SanJose2.
SanJose1(config)# route-map PRIMARY_T1_IN permit 10
SanJose1(config-route-map)# set local-preference 150
SanJose1(config-route-map)# exit
SanJose1(config)# router bgp 64512
SanJose1(config-router)#neighbor 192.168.1.5 route-map PRIMARY_T1_IN in
SanJose2(config)# route-map SECONDARY_T1_IN permit 10
SanJose2(config-route-map)# set local-preference 125
SanJose1(config-route-map)# exit
SanJose2(config)# router bgp 64512
SanJose2(config-router)#neighbor 192.168.1.1 route-map SECONDARY_T1_IN in
b. Use the clear ipbgp * soft command after configuring this new policy. When the conversations have been reestablished, issue the show ipbgp command on SanJose1 and SanJose2.
SanJose1# clear ipbgp * soft
SanJose2# clear ipbgp * soft
SanJose1# show ipbgp
SanJose2# show ipbgp
Step 9: Set BGP MED.
a. Examine what the return path ISP takes to reach AS 64512. Notice that the return path is different from the original path.
ISP# show ipbgp
ISP# show ip route\
B 172.16.0.0/16 [20/0] via 192.168.1.2, 00:12:45
b. Use an extended ping command to verify this situation. Specify the record option and compare your output to thenfollowing. Notice the return path using the exit interface 192.168.1.1 to SanJose2.
SanJose2# ping
Protocol [ip]:
Target IP address: 192.168.100.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.32.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: record
Number of hops [ 9 ]:
Loose, Strict, Record, Timestamp, Verbose[RV]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.32.1
Packet has IP options: Total option bytes= 39, padded length=40
Reply to request 4 (20 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms
SanJose2#
c. Create a new policy to force the ISP router to return all traffic via SanJose1. Create a second route map utilizing the MED (metric) that is shared between EBGP neighbors.
SanJose1(config)#route-map PRIMARY_T1_MED_OUT permit 10
SanJose1(config-route-map)#set Metric 50
SanJose1(config-route-map)#exit
SanJose1(config)#router bgp 64512
SanJose1(config-router)#neighbor 192.168.1.5 route-map PRIMARY_T1_MED_OUT out
SanJose2(config)#route-map SECONDARY_T1_MED_OUT permit 10
SanJose2(config-route-map)#set Metric 75
SanJose2(config-route-map)#exit
SanJose2(config)#router bgp 64512
SanJose2(config-router)#neighbor 192.168.1.1 route-map SECONDARY_T1_MED_OUT out
d. Use the clear ipbgp * soft command after issuing this new policy. Issuing the show ipbgp command as follows onSanJose1 or SanJose2 does not indicate anything about this newly defined policy.
SanJose1# clear ipbgp * soft
SanJose2# clear ipbgp * soft
SanJose1# show ipbgp
SanJose2# show ipbgp
e. Reissue an extended ping command with the record command. Notice the change in return path using the exit interface 192.168.1.5 to SanJose1.
SanJose2# ping
Protocol [ip]:
Target IP address: 192.168.100.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.32.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: record
Number of hops [ 9 ]:
Loose, Strict, Record, Timestamp, Verbose[RV]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.32.1
Packet has IP options: Total option bytes= 39, padded length=40
Record route: <*>
(0.0.0.0)
(0.0.0.0) (0.0.0.0)
(0.0.0.0)
Reply to request 0 (28 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.5)
(172.16.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 1 (28 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.5)
(172.16.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 2 (28 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.5)
(172.16.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 3 (28 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.5)
(172.16.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Reply to request 4 (28 ms). Received packet has options
Total option bytes= 40, padded length=40
Record route:
(172.16.1.2)
(192.168.1.6)
(192.168.100.1)
(192.168.1.5)
(172.16.1.1)
(172.16.32.1) <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
End of list
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
SanJose2#
ISP# show ipbgp
Step 10: Establish a default route.
a. Configure ISP to inject a default route to both SanJose1 and SanJose2 using BGP using the default-originate command. This command does not require the presence of 0.0.0.0 in the ISP router. Configure the 10.0.0.0/8 network which will not be advertised using BGP. This network will be used to test the default route on SanJose1 and SanJose2.
ISP(config)# router bgp 200
ISP(config-router)# neighbor 192.168.1.6 default-originate
ISP(config-router)# neighbor 192.168.1.2 default-originate
ISP(config-router)# exit
ISP(config)# interface loopback 10
ISP(config-if)# ip address 10.0.0.1 255.255.255.0
ISP(config-if)#
c. The preferred default route is by way of SanJose1 because of the higher local preference attribute configured on SanJose1 earlier.
SanJose2# show ipbgp
d. Using the traceroute command verify that packets to 10.0.0.1 is using the default route through SanJose1.
SanJose2# traceroute 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.1.1 8 msec 4 msec 8 msec
2 192.168.1.5 [AS 200] 12 msec * 12 msec
e. Next, test how BGP adapts to using a different default route when the path between SanJose1 and ISP goes down.
ISP(config)# interface serial 1/0
ISP(config-if)# shutdown
ISP(config-if)#
f. Verify that both routers have received the default route by examining the routing tables on SanJose1 and SanJose2. Notice that both routers prefer the route between SanJose1 and ISP.
SanJose1# show ip route
B* 0.0.0.0/0 [20/0] via 192.168.1.5, 00:00:36
SanJose2# show ip route
B* 0.0.0.0/0 [200/0] via 172.16.64.1, 00:00:45
g. Verify the new path using the traceroute command to 10.0.0.1 from SanJose1. Notice the default route is now through SanJose2.
SanJose1# trace 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.1.2 8 msec 8 msec 8 msec
2 192.168.1.1 [AS 200] 12 msec * 12 msec
SanJose1#