ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I Task 8.1: ♦ Configure BB1 in AS57 and advertise all pre-configured Loopback networks. Use minimum amount of CLI commands. BB1 router bgp 57 no synchronization bgp log-neighbor-changes network 10.12.1.0 mask 255.255.255.0 redistribute connected metric 2 no auto-summary BB1-RACK1#sho ip bgp BGP table version is 21, local router ID is 209.112.70.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> Network 5.5.5.0/24 8.1.1.0/24 10.12.1.0/24 12.1.1.0/24 18.2.1.0/24 28.3.1.0/24 38.1.1.0/24 156.46.1.0/24 156.46.2.0/24 156.46.3.0/24 156.46.4.0/24 156.46.100.0/22 209.112.65.0 209.112.66.0 209.112.67.0 209.112.68.0 209.112.69.0 209.112.70.0 Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Metric LocPrf Weight Path 2 32768 ? 2 32768 ? 0 32768 i 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? ♦ Configure BB2 in AS1540 and advertise all pre-configured Loopback networks. Use minimum amount of CLI commands. BB2 router bgp 1540 no synchronization bgp log-neighbor-changes network 172.16.122.0 mask 255.255.255.0 redistribute connected metric 2 1 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I no auto-summary BB2-RACK1#sho ip bgp BGP table version is 58, local router ID is 210.112.70.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete *> *> *> *> *> *> * *> Network 3.3.3.0/24 8.2.1.0/24 12.2.1.0/24 18.2.2.0/24 28.3.2.0/24 38.2.1.0/24 140.100.1.0/24 Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 140.100.1.2 0.0.0.0 Metric LocPrf Weight Path 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 2 32768 ? 0 0 65001 i 2 32768 ? ♦ Configure AS65002 for SP1 and PE4 in AS 65002. PE4 Loopback 4 44.44.44.44/24 PE4-RACK1(config)#interface loopback 4 PE4-RACK1(config-if)#ip address 44.44.44.44 255.255.255.0 PE4-RACK1(config-if)#router bgp 65002 PE4-RACK1(config-router)#network 44.44.44.0 mask 255.255.255.0 PE4-RACK1#sho ip bgp Network Next Hop *> 44.44.44.0/24 0.0.0.0 Metric LocPrf Weight Path 0 32768 i ♦ Configure ASBR1 in AS 100 ASBR1 Loopback 100 101.101.101.101/24 ASBR1-RACK1(config)#int loopback 100 ASBR1-RACK1(config-if)#ip address 101.101.101.101 255.255.255.0 ASBR1-RACK1(config-if)#router bgp 100 ASBR1-RACK1(config-router)#network 101.101.101.0 mask 255.255.255.0 ASBR1-RACK1#sho ip bg Network Next Hop *> 101.101.101.0/24 0.0.0.0 Metric LocPrf Weight Path 0 32768 i ♦ Configure ASBR2 in AS 200 ASBR2 2 Loopback 200 202.202.202.202/24 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ASBR2-RACK1(config)#int loopback 200 ASBR2-RACK1(config-if)#ip address 202.202.202.202 255.255.255.0 ASBR2-RACK1(config-router)#router bgp 200 ASBR2-RACK1(config-router)#network 202.202.202.0 mask 255.255.255.0 ASBR2-RACK1#sho ip bgp Network Next Hop *> 202.202.202.0 0.0.0.0 Metric LocPrf Weight Path 0 32768 i Task 8.2: BB1 router bgp 57 no synchronization bgp log-neighbor-changes network 10.12.1.0 mask 255.255.255.0 redistribute connected metric 2 neighbor 10.12.1.2 remote-as 65001 neighbor 10.12.1.2 description to AS65001-SP1-PE2 neighbor 10.12.1.2 password iementor no auto-summary PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)#bgp log-neighbor-changes PE2-RACK1(config-router)#neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router)#neighbor 10.12.1.1 password iementor PE2-RACK1(config-router)#neighbor 10.12.1.1 description Peer to BB1-AS57 PE2-RACK1(config-router)#network 22.22.22.0 mask 255.255.255.0 PE2-RACK1(config)#int loopback 22 PE2-RACK1(config-if)#ip address 22.22.22.22 255.255.255.0 PE2-RACK1#sho ip bgp summary Neighbor V AS MsgRcvd MsgSent State/PfxRcd 10.12.1.1 4 57 7 6 TblVer 21 InQ OutQ Up/Down 0 0 00:01:38 BB1-RACK1#ping 22.22.22.22 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms PE2-RACK1#sho ip bgp BGP table version is 21, local router ID is 22.22.22.22 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete 3 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. 18 ieMentor CCIE™ Service Provider Workbook v1.0 *> *> r> *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> *> Network 5.5.5.0/24 8.1.1.0/24 10.12.1.0/24 12.1.1.0/24 18.2.1.0/24 22.22.22.0/24 28.3.1.0/24 38.1.1.0/24 156.46.1.0/24 156.46.2.0/24 156.46.3.0/24 156.46.4.0/24 156.46.100.0/22 209.112.65.0 209.112.66.0 209.112.67.0 209.112.68.0 209.112.69.0 209.112.70.0 Next Hop 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 0.0.0.0 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 10.12.1.1 | Lab8 Solutions: Basic BGP I Metric LocPrf Weight Path 2 0 57 ? 2 0 57 ? 0 0 57 i 2 0 57 ? 2 0 57 ? 0 32768 i 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? 2 0 57 ? Task 8.3: Configure your eBGP peering to be secure ♦ CORRECTION!!! You should receive 8 routes from BB2 ♦ Verify end-to-end connectivity with a ping ♦ BB1 should be able to ping 11.11.11.11 of PE1 PE1-RACK1(config)#interface Loopback11 PE1-RACK1(config-if)# description BGP Loopback PE1-RACK1(config-if)# ip address 11.11.11.11 255.255.255.0 PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)#network 11.11.11.0 mask 255.255.255.0 PE1-RACK1(config-router)# network 140.100.1.0 mask 255.255.255.0 PE1-RACK1(config-router)# neighbor 140.100.1.1 remote-as 1540 PE1-RACK1(config-router)# neighbor 140.100.1.1 password iementor PE1-RACK1(config-router)# no auto-summary PE1-RACK1#sho ip bgp BGP table version is 25, local router ID is 11.11.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete 4 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 *> *> *> *> *> *> *> * *> Network 3.3.3.0/24 8.2.1.0/24 11.11.11.0/24 12.2.1.0/24 18.2.2.0/24 28.3.2.0/24 38.2.1.0/24 140.100.1.0/24 Next Hop 140.100.1.1 140.100.1.1 0.0.0.0 140.100.1.1 140.100.1.1 140.100.1.1 140.100.1.1 140.100.1.1 0.0.0.0 | Lab8 Solutions: Basic BGP I Metric LocPrf Weight Path 2 0 1540 ? 2 0 1540 ? 0 32768 i 2 0 1540 ? 2 0 1540 ? 2 0 1540 ? 2 0 1540 ? 2 0 1540 ? 0 32768 i BB2-RACK1(config)#router bgp 1540 BB2-RACK1(config-router)# no synchronization BB2-RACK1(config-router)# bgp log-neighbor-changes BB2-RACK1(config-router)# network 140.100.1.2 mask 255.255.255.0 BB2-RACK1(config-router)# redistribute connected metric 2 BB2-RACK1(config-router)# neighbor 140.100.1.2 remote-as 65001 BB2-RACK1(config-router)# neighbor 140.100.1.2 password iementor BB2-RACK1(config-router)# no auto-summary BB2-RACK1#sho ip route bg 11.0.0.0/24 is subnetted, 1 subnets B 11.11.11.0 [20/0] via 140.100.1.2, 00:02:01 BB2-RACK1#ping 11.11.11.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms Task 8.4: ♦ Verify connectivity before peering with ASBR1 ♦ Peer ASBR1 with PE1 and advertise ASBR1 BGP Loopback only ♦ CORRECTION!!! ASBR1 should be able to ping BB2 12.2.1.1. In this task you may experience a problem peering if you are using a Loopback as the source IP address with ASBR1. If you are using a physical IP address, the problem will not happen. So let’s observe the problem with using a Loopback as the source instead of the physical. Configure ASBR1 to peer with PE1 in the following manner: 5 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ASBR1-RACK1(config)#router bgp 100 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 description to PE1 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0 PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100 PE1-RACK1(config-router)# neighbor 10.1.1.100 description to ASBR1 PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0 Let’s verify the status of peering PE1-RACK1#sho ip bgp summary Neighbor V AS MsgRcvd MsgSent State/PfxRcd 10.1.1.100 4 100 5 6 140.100.1.1 4 1540 110 90 ASBR1-RACK1#sho ip bgp summary Neighbor V AS MsgRcvd MsgSent State/PfxRcd 10.1.1.1 4 65001 6 5 TblVer InQ OutQ Up/Down 0 11 0 0 TblVer 0 0 00:26:42 Idle 0 00:27:58 7 InQ OutQ Up/Down 0 0 00:27:15 Idle Notice “Idle” above; AS65001 will not peer with AS100. To solve this problem, start out by running the debug ip bgp and debug ip tcp transactions commands to see the TCP connection failing. Then configure BGP as follows: ASBR1-RACK1(config)#router bgp 100 ASBR1-RACK1(config-router)# no synchronization ASBR1-RACK1(config-router)# bgp router-id 10.1.1.100 ASBR1-RACK1(config-router)# bgp log-neighbor-changes ASBR1-RACK1(config-router)# network 101.101.101.0 mask 255.255.255.0 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 ebgp-multihop 2 Å Resolves this issue ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0 ASBR1-RACK1(config-router)# no auto-summary PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)# bgp router-id 10.1.1.1 PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)# network 11.11.11.0 mask 255.255.255.0 PE1-RACK1(config-router)# network 140.100.1.0 mask 255.255.255.0 PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100 PE1-RACK1(config-router)# neighbor 10.1.1.100 description to ASBR1 6 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I PE1-RACK1(config-router)# neighbor 10.1.1.100 ebgp-multihop 2 Å Resolves this issue PE1-RACK1(config-router)# PE1-RACK1(config-router)# PE1-RACK1(config-router)# PE1-RACK1(config-router)# PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0 neighbor 140.100.1.1 remote-as 1540 neighbor 140.100.1.1 description To BB2 neighbor 140.100.1.1 password iementor no auto-summary debug ip bgp and debug ip tcp transactions on ASBR1 *Mar *Mar *Mar *Mar 1 1 1 1 11:18:21.600: 11:18:21.600: 11:18:40.860: 11:18:40.860: BGP: BGP: BGP: BGP: 10.1.1.100 went 10.1.1.100 open Applying map to Applying map to from Idle to Active active, delay 26998ms find origin for 11.11.11.0/24 find origin for 140.100.1.0/24 PE1-RACK1#sho ip bgp summary Neighbor State/PfxRcd 10.1.1.100 140.100.1.1 V 4 4 AS MsgRcvd MsgSent 100 1540 5 118 TblVer 6 98 0 11 AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down 0 0 0 00:34:37 Active 0 00:35:53 7 PE1-RACK1#sho ip bgp summary Neighbor State/PfxRcd 10.1.1.100 140.100.1.1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 *Mar 1 )] *Mar 1 ] *Mar 1 36, MSS *Mar 1 *Mar 1 *Mar 1 *Mar 1 45 *Mar 1 26 *Mar 1 *Mar 1 *Mar 1 7 V 4 4 100 1540 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 11:18:48.600: 10 118 12 99 11 12 InQ OutQ Up/Down 0 0 0 00:00:00 0 00:35:55 1 7 BGP: 10.1.1.100 open active, local address 10.1.1.1 TCB83046FC8 created TCB83046FC8 setting property TCP_WINDOW_SIZE (0) 831105BC TCB83046FC8 setting property TCP_MD5KEY (5) 0 TCB83046FC8 setting property TCP_TOS (11) 831105A8 TCP: Random local port generated 47173 TCB83046FC8 bound to 10.1.1.1.47173 TCP: sending SYN, seq 886127879, ack 0 TCP0: Connection to 10.1.1.100:179, advertising MSS 536 TCP0: state was CLOSED -> SYNSENT [47173 -> 10.1.1.100(179 11:18:48.612: TCP0: state was SYNSENT -> ESTAB [47173 -> 10.1.1.100(179) 11:18:48.612: is 536 11:18:48.612: 11:18:48.616: 11:18:48.616: 11:18:48.616: TCP: tcb 83046FC8 connection to 10.1.1.100:179, peer MSS 5 TCB83046FC8 connected to 10.1.1.100.179 BGP: 10.1.1.100 went from Active to OpenSent BGP: 10.1.1.100 sending OPEN, version 4, my as: 65001 BGP: 10.1.1.100 send message type 1, length (incl. header) 11:18:48.628: BGP: 10.1.1.100 rcv message type 1, length (excl. header) 11:18:48.628: BGP: 10.1.1.100 rcv OPEN, version 4 11:18:48.628: BGP: 10.1.1.100 rcv OPEN w/ OPTION parameter len: 16 11:18:48.628: BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 pability) len 6 *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: pability) len 2 *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: all address-families *Mar 1 11:18:48.632: pability) len 2 *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: all address-families *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: *Mar 1 11:18:48.632: *Mar 1 11:18:53.837: *Mar 1 11:18:53.837: | Lab8 Solutions: Basic BGP I BGP: 10.1.1.100 OPEN has CAPABILITY code: 1, length 4 BGP: 10.1.1.100 OPEN has MP_EXT CAP for afi/safi: 1/1 BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca BGP: 10.1.1.100 OPEN has CAPABILITY code: 128, length 0 BGP: 10.1.1.100 OPEN has ROUTE-REFRESH capability(old) for BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca BGP: 10.1.1.100 OPEN has CAPABILITY code: 2, length 0 BGP: 10.1.1.100 OPEN has ROUTE-REFRESH capability(new) for BGP: 10.1.1.100 went from OpenSent to OpenConfirm BGP: 10.1.1.100 went from OpenConfirm to Established %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Up TCP: sending RST, seq 0, ack 1452704497 TCP: sent RST to 10.1.1.254:13346 from 10.1.1.1:179 PE1-RACK1#sho ip bgp summary Neighbor State/PfxRcd 10.1.1.100 140.100.1.1 V 4 4 AS MsgRcvd MsgSent 100 1540 11 120 13 101 TblVer 12 12 InQ OutQ Up/Down 0 0 0 00:01:34 0 00:37:29 PE1-RACK1#sho ip bgp BGP table version is 12, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i intern r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete *> *> *> *> *> *> *> *> * *> Network 3.3.3.0/24 8.2.1.0/24 11.11.11.0/24 12.2.1.0/24 18.2.2.0/24 28.3.2.0/24 38.2.1.0/24 101.101.101.0/24 140.100.1.0/24 Next Hop 140.100.1.1 140.100.1.1 0.0.0.0 140.100.1.1 140.100.1.1 140.100.1.1 140.100.1.1 10.1.1.100 140.100.1.1 0.0.0.0 Metric LocPrf Weight Path 2 0 1540 ? 2 0 1540 ? 0 32768 i 2 0 1540 ? 2 0 1540 ? 2 0 1540 ? 2 0 1540 ? 0 0 100 i 2 0 1540 ? 0 32768 i PE1-RACK1#sho ip route bg 18.0.0.0/24 is subnetted, 1 subnets B 18.2.2.0 [20/2] via 140.100.1.1, 00:37:27 3.0.0.0/24 is subnetted, 1 subnets B 3.3.3.0 [20/2] via 140.100.1.1, 00:37:27 101.0.0.0/24 is subnetted, 1 subnets B 101.101.101.0 [20/0] via 10.1.1.100, 00:01:58 38.0.0.0/24 is subnetted, 1 subnets B 38.2.1.0 [20/2] via 140.100.1.1, 00:37:27 8.0.0.0/24 is subnetted, 1 subnets 8 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. 1 7 ieMentor CCIE™ Service Provider Workbook v1.0 B B B | Lab8 Solutions: Basic BGP I 8.2.1.0 [20/2] via 140.100.1.1, 00:37:27 12.0.0.0/24 is subnetted, 1 subnets 12.2.1.0 [20/2] via 140.100.1.1, 00:37:27 28.0.0.0/24 is subnetted, 1 subnets 28.3.2.0 [20/2] via 140.100.1.1, 00:37:27 PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)#no auto-summary Å don’t forget to disable summary PE1-RACK1#ping 101.101.101.101 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 101.101.101.101, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms Now let’s ping the BB2 Loopback. ASBR1-RACK1#ping 12.2.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) This is the first sign that BB2 is not aware of the source network from ASBR1-to-PE1, which is 172.16.222.0. ASBR1-RACK1#traceroute 12.2.1.1 Type escape sequence to abort. Tracing the route to 12.2.1.1 1 172.16.222.1 4 msec 5 msec 0 msec 2 * * * Let’s look at the BGP database before going further. ASBR1-RACK1#sho ip bgp BGP table version is 42, local router ID is 10.1.1.100 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 3.3.3.0/24 *> 8.2.1.0/24 *> 11.11.11.0/24 9 Next Hop 10.1.1.1 10.1.1.1 10.1.1.1 Metric LocPrf Weight 0 0 0 0 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. Path 65001 1540 ? 65001 1540 ? 65001 i ieMentor CCIE™ Service Provider Workbook v1.0 *> *> *> *> *> *> 12.2.1.0/24 18.2.2.0/24 28.3.2.0/24 38.2.1.0/24 101.101.101.0/24 140.100.1.0/24 10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1 0.0.0.0 10.1.1.1 | Lab8 Solutions: Basic BGP I 0 0 0 0 0 0 32768 0 65001 65001 65001 65001 i 65001 1540 1540 1540 1540 ? ? ? ? i As you can see, 172.16.222.0 network is missing, and we need to advertise this network from ASBR1 with the network statement or redistribute connected. ASBR1-RACK1(config)#router bgp 100 ASBR1-RACK1(config-router)#network 172.16.222.0 mask 255.255.255.0 ASBR1-RACK1#sho ip bgp BGP table version is 43, local router ID is 10.1.1.100 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete *> *> *> *> *> *> *> *> *> *> Network 3.3.3.0/24 8.2.1.0/24 11.11.11.0/24 12.2.1.0/24 18.2.2.0/24 28.3.2.0/24 38.2.1.0/24 101.101.101.0/24 140.100.1.0/24 172.16.222.0/24 Next Hop 10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1 0.0.0.0 10.1.1.1 0.0.0.0 Metric LocPrf Weight 0 0 0 0 0 0 0 0 0 32768 0 0 0 32768 Path 65001 65001 65001 65001 65001 65001 65001 i 65001 i 1540 1540 i 1540 1540 1540 1540 ? ? ? ? ? ? i ASBR1-RACK1#ping 12.2.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms We realize that this is all basic, but we must ensure that you are comfortable with basic BGP so that you are not puzzled later in the advanced BGP section and MPLS VPN. In the advanced section we are not going to go into detail about basic components; we will be under assumption that you are familiar with BGP and are ready to move on. Task 8.5: Configure eBGP ASBR1-AS100 with eBGP ASBR2-AS200 10 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ♦ Peer ASBR1 to ASBR2 ♦ To verify, ensure you can ping the BB2 Loopback ASBR1 router bgp 100 no synchronization network 101.101.101.0 mask 255.255.255.0 network 172.16.222.0 mask 255.255.255.0 neighbor 10.1.1.1 remote-as 65001 neighbor 10.1.1.1 ebgp-multihop 2 neighbor 10.1.1.1 update-source Loopback0 neighbor 172.16.113.2 remote-as 200 ASBR2 router bgp 200 no synchronization bgp log-neighbor-changes network 172.16.113.0 mask 255.255.255.0 Å make sure include directly connected networks. neighbor 172.16.113.1 remote-as 100 no auto-summary ASBR2-RACK1# ping 12.2.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms Task 8.6: ♦ Configure SP1 to minimize iBGP sessions This means to try to reduce CLI complexity. In most cases, we are talking about multiple components: 1. Build a Route Reflector 2. Utilize peer groups 3. Avoid using fully meshed peers. 11 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ♦ With the requirement that any live traffic will never be in datapath-forwarding of iBGP, select and configure the router best suited to this requirement. This sub-task requires understanding of the topology first. You must select a router that is not in data path forwarding. If you look carefully at the main topology, you will notice that router RR is not in data path forwarding for any CEs. This means there will never be traffic floating through or to that router. It is best practice to avoid using Route Reflector also as your data path forwarding router. This can impact the CPU and router performance which can have a huge impact on all peers that are using this router as the route reflector. For our topology the best selection is RR router. ♦ Configure iBGP such that if any physical interface fails on any PE, the devices would remain connected without losing the iBGP session. Provide stability for peering between the PEs in the condition of failure. The best way to approach this is to utilize the Loopbacks that have been advertised through the IGP and use them as the source for peering similar to what we did with ASBR1 and PE1. The example of this will be provided bellow. ♦ Configure SP1 using the router best suited for a peer-group. Again, this question is referring back to RR because that is the best choice for this network. Also, this will take care of reducing the complexity of CLI with peer-groups. ♦ Configure all BGP topology changes sent to logging console. This requires enabling BGP log changes under router bgp xxx which we will provide in our example. PE1-AS65001 Loopback 11 11.11.11.11/24 PE2-AS65001 Loopback 22 22.22.22.22/24 PE3-AS65001 Loopback 33 33.33.33.33/24 RR1-AS65001 Loopback 55 55.55.55.55/24 RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)# no synchronization RR1-RACK1(config-router)# bgp log-neighbor-changes RR1-RACK1(config-router)# neighbor ibgp peer-group 12 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# | Lab8 Solutions: Basic BGP I neighbor ibgp remote-as 65001 neighbor ibgp update-source Loopback0 neighbor 10.1.1.1 peer-group ibgp neighbor 10.1.1.2 peer-group ibgp neighbor 10.1.1.3 peer-group ibgp no auto-summary PE1-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# no synchronization PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# no synchronization PE3-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 Task 8.7: Advertise the Loopback into iBGP on RR1. Inject 55.55.55.55 into iBGP without using the network statement. Only 55.55.55.55 should be injected, avoid any other directly connected networks. RR1-RACK1(config)#interface Loopback55 RR1-RACK1(config-if)# ip address 55.55.55.55 255.255.255.0 RR1-RACK1(config)#access-list 55 permit 55.55.55.0 0.0.0.255 log RR1-RACK1(config-if)#route-map allow55 permit 10 RR1-RACK1(config-route-map)# match ip address 55 RR1-RACK1(config-route-map)#router bgp 65001 RR1-RACK1(config-router)# no synchronization RR1-RACK1(config-router)# bgp log-neighbor-changes RR1-RACK1(config-router)# redistribute connected metric 2 route-map allow55 RR1-RACK1(config-router)# neighbor ibgp peer-group RR1-RACK1(config-router)# neighbor ibgp remote-as 65001 RR1-RACK1(config-router)# neighbor ibgp update-source Loopback0 RR1-RACK1(config-router)# neighbor 10.1.1.1 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.2 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.3 peer-group ibgp RR1-RACK1(config-router)# no auto-summary RR1-RACK1#sho ip bgp BGP table version is 37, local router ID is 55.55.55.55 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network 13 Next Hop Metric LocPrf Weight Path This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I *>i3.3.3.0/24 140.100.1.1 2 100 0 *>i5.5.5.0/24 10.1.1.2 2 100 0 *>i8.1.1.0/24 10.1.1.2 2 100 0 *>i8.2.1.0/24 140.100.1.1 2 100 0 *>i10.12.1.0/24 10.1.1.2 0 100 0 *>i11.11.11.0/24 10.1.1.1 0 100 0 *>i12.1.1.0/24 10.1.1.2 2 100 0 *>i12.2.1.0/24 140.100.1.1 2 100 0 *>i18.2.1.0/24 10.1.1.2 2 100 0 *>i18.2.2.0/24 140.100.1.1 2 100 0 *>i22.22.22.0/24 10.1.1.2 0 100 0 *>i28.3.1.0/24 10.1.1.2 2 100 0 *>i28.3.2.0/24 140.100.1.1 2 100 0 *>i33.33.33.0/24 10.1.1.3 0 100 0 *>i38.1.1.0/24 10.1.1.2 2 100 0 *>i38.2.1.0/24 140.100.1.1 2 100 0 *> 55.55.55.0/24 0.0.0.0 2 32768 *>i101.101.101.0/24 10.1.1.100 0 100 0 *>i140.100.1.0/24 10.1.1.1 0 100 0 *>i156.46.1.0/24 10.1.1.2 2 100 0 *>i156.46.2.0/24 10.1.1.2 2 100 0 *>i156.46.3.0/24 10.1.1.2 2 100 0 *>i156.46.4.0/24 10.1.1.2 2 100 0 *>i156.46.100.0/22 10.1.1.2 2 100 0 *>i172.16.113.0/24 10.1.1.100 0 100 0 *>i209.112.65.0 10.1.1.2 2 100 0 *>i209.112.66.0 10.1.1.2 2 100 0 *>i209.112.67.0 10.1.1.2 2 100 0 *>i209.112.68.0 10.1.1.2 2 100 0 *>i209.112.69.0 10.1.1.2 2 100 0 *>i209.112.70.0 10.1.1.2 2 100 0 *Mar 4 01:50:02.796: %SEC-6-IPACCESSLOGS: list 55 permitted 16 packets 1540 ? 57 ? 57 ? 1540 ? 57 i i 57 ? 1540 ? 57 ? 1540 ? i 57 ? 1540 ? i 57 ? 1540 ? ? 100 i i 57 ? 57 ? 57 ? 57 ? 57 ? 100 200 i 57 ? 57 ? 57 ? 57 ? 57 ? 57 ? 55.55.55.0 Task 8.8: Configure iBGP and eBGP connectivity. After establishing iBGP with PE1, PE2, PE3 and RR1, ASBR1 should be able to communicate with BB1 Loopbacks as well as the rest of the BGP core Loopbacks. RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)#no synchronization RR1-RACK1(config-router)#bgp log-neighbor-changes RR1-RACK1(config-router)#neighbor ibgp peer-group RR1-RACK1(config-router)#neighbor ibgp remote-as 65001 RR1-RACK1(config-router)#neighbor ibgp update-source Loopback0 RR1-RACK1(config-router)#neighbor 10.1.1.1 peer-group ibgp RR1-RACK1(config-router)#neighbor 10.1.1.2 peer-group ibgp RR1-RACK1(config-router)#neighbor 10.1.1.3 peer-group ibgp PE1-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)#no synchronization PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 14 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)#no synchronization PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)#no synchronization PE3-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 RR1-RACK1#sho ip bgp summary Neighbor V AS MsgRcvd MsgSent State/PfxRcd 10.1.1.1 4 65001 617 583 10.1.1.2 4 65001 629 599 10.1.1.3 4 65001 575 576 RR1-RACK1#ping 5.5.5.5 TblVer 75 75 75 InQ OutQ Up/Down 0 0 0 0 00:12:32 0 00:02:32 0 00:11:58 Å BB1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) RR1-RACK1#sho ip bgp | include 5.5.5 * i5.5.5.0/24 10.12.1.1 2 100 0 57 ? RR1-RACK1#sho ip route | include 5.5.5.5 PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)#neighbor 10.1.1.254 next-hop-self RR1-RACK1#sho ip route | include 5.5.5 B 5.5.5.0 [200/2] via 10.1.1.2, 00:00:17 RR1-RACK1#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) PE2-RACK1(config-router)#network 10.12.1.0 mask 255.255.255.0 RR1-RACK1#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 15 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. 10 19 1 ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ASBR1-RACK1#ping 5.5.5.5 .... Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: RR1-RACK1(config-router)#neighbor ibgp route-reflector-client RR1-RACK1#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms RR1-RACK1#ping 3.3.3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms 16 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. [...]... RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# RR1-RACK1(config-router)# | Lab8 Solutions: Basic BGP I neighbor ibgp remote-as 65001 neighbor ibgp update-source Loopback0 neighbor 10.1.1.1 peer-group ibgp neighbor 10.1.1.2 peer-group ibgp neighbor 10.1.1.3 peer-group ibgp no auto-summary PE1-RACK1(config-router)#neighbor 10.1.1.254... RR1-RACK1(config-router)# neighbor ibgp remote-as 65001 RR1-RACK1(config-router)# neighbor ibgp update-source Loopback0 RR1-RACK1(config-router)# neighbor 10.1.1.1 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.2 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.3 peer-group ibgp RR1-RACK1(config-router)# no auto-summary RR1-RACK1#sho ip bgp BGP table version is 37, local router ID is 55.55.55.55... permit 55.55.55.0 0.0.0.255 log RR1-RACK1(config-if)#route-map allow55 permit 10 RR1-RACK1(config-route-map)# match ip address 55 RR1-RACK1(config-route-map)#router bgp 65001 RR1-RACK1(config-router)# no synchronization RR1-RACK1(config-router)# bgp log-neighbor-changes RR1-RACK1(config-router)# redistribute connected metric 2 route-map allow55 RR1-RACK1(config-router)# neighbor ibgp peer-group RR1-RACK1(config-router)#... RR1-RACK1(config-router)#neighbor ibgp update-source Loopback0 RR1-RACK1(config-router)#neighbor 10.1.1.1 peer-group ibgp RR1-RACK1(config-router)#neighbor 10.1.1.2 peer-group ibgp RR1-RACK1(config-router)#neighbor 10.1.1.3 peer-group ibgp PE1-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)#no synchronization PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback... damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network 13 Next Hop Metric LocPrf Weight Path This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I * >i3 .3.3.0/24 140.100.1.1 2 100 0 * >i5 .5.5.0/24 10.1.1.2 2 100 0 * >i8 .1.1.0/24... connectivity After establishing iBGP with PE1, PE2, PE3 and RR1, ASBR1 should be able to communicate with BB1 Loopbacks as well as the rest of the BGP core Loopbacks RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)#no synchronization RR1-RACK1(config-router) #bgp log-neighbor-changes RR1-RACK1(config-router)#neighbor ibgp peer-group RR1-RACK1(config-router)#neighbor ibgp remote-as 65001 RR1-RACK1(config-router)#neighbor... Configure SP1 to minimize iBGP sessions This means to try to reduce CLI complexity In most cases, we are talking about multiple components: 1 Build a Route Reflector 2 Utilize peer groups 3 Avoid using fully meshed peers 11 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ♦ With the requirement... 0 14 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)#no synchronization PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001... PE3-AS65001 Loopback 33 33.33.33.33/24 RR1-AS65001 Loopback 55 55.55.55.55/24 RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)# no synchronization RR1-RACK1(config-router)# bgp log-neighbor-changes RR1-RACK1(config-router)# neighbor ibgp peer-group 12 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 RR1-RACK1(config-router)#... remote-as 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# no synchronization PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0 PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# no synchronization ... damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com... damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com... peers 11 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab8 Solutions: Basic BGP I ♦ With the requirement