Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • BGP Next Hop Self

    Încărcat de

    Nagendra Singh
    101 vizualizări9 pagini
    This document describes a GNS3 lab that demonstrates how to use BGP attributes like next-hop-self, community no-export, and send-community to control route advertisement between autonomous systems. The lab objectives are to: 1) configure EBGP and IBGP between routers in different ASes, 2) advertise a route from AS1 to AS4 making AS23 a transit AS, and 3) prevent AS23 from being a transit AS using community no-export. Key steps include configuring next-hop-self to resolve next hop issues and applying a route map with community no-export to block advertising a route to EBGP peers.

    Descriere originală:

    BGP Next Hop Self

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    This document describes a GNS3 lab that demonstrates how to use BGP attributes like next-hop-self, community no-export, and send-community to control route advertisement between autonomous systems. The lab objectives are to: 1) configure EBGP and IBGP between routers in different ASes, 2) advertise a route from AS1 to AS4 making AS23 a transit AS, and 3) prevent AS23 from being a transit AS using community no-export. Key steps include configuring next-hop-self to resolve next hop issues and applying a route map with community no-export to block advertising a route to EBGP peers.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    101 vizualizări9 pagini

    BGP Next Hop Self

    Încărcat de

    Nagendra Singh
    This document describes a GNS3 lab that demonstrates how to use BGP attributes like next-hop-self, community no-export, and send-community to control route advertisement between autonomous systems. The lab objectives are to: 1) configure EBGP and IBGP between routers in different ASes, 2) advertise a route from AS1 to AS4 making AS23 a transit AS, and 3) prevent AS23 from being a transit AS using community no-export. Key steps include configuring next-hop-self to resolve next hop issues and applying a route map with community no-export to block advertising a route to EBGP peers.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 9

    BGP next-hop-self, community no-export &

    send-community GNS3 Lab


    February 29th, 2012 in Basic Labs Go to comments
    In this GNS3 lab we will learn how to establish neighborship between routers running BGP and
    use BGP attributes to control how a route is advertised to its neighbors. In this lab I wish to show
    how to create a basic BGP network and explain about next-hop-self, community no-export &
    send-community features in BGP. Below is the topology of this lab:

    IOS used in this lab: c3640-jk9s-mz.124-16.bin


    Objectives of this lab:
    + Task 1: Configure EBGP on AS 1, AS 23, AS 4 and configure IBGP between R2 & R3 (AS23)
    + Task 2: Advertise loopback0 on R1 to R4 and make sure R4 can ping to that loopback interface
    (AS23 becomes a transit AS)
    + Task 3: Make AS 23 not a transit AS by using the feature community no-export
    First we will configure all IP addresses of this lab and turn on all the interfaces:
    Configure IP addresses on all interfaces

    R1(config)#interface f0/0
    R1(config-if)#ip address 12.12.12.1
    255.255.255.0
    R1(config-if)#no shutdown

    R3(config)#interface f0/0
    R3(config-if)#ip address 23.23.23.3
    255.255.255.0
    R3(config-if)#no shutdown
    R3(config)#interface f1/0
    R3(config-if)#ip address 34.34.34.3
    255.255.255.0

    R3(config-if)#no shutdown
    R2(config)#interface f0/0
    R2(config-if)#ip address 12.12.12.2
    255.255.255.0
    R2(config-if)#no shutdown
    R2(config)#interface f1/0
    R2(config-if)#ip address 23.23.23.2
    255.255.255.0
    R2(config-if)#no shutdown

    R4(config)#interface f0/0
    R4(config-if)#ip address 34.34.34.4
    255.255.255.0
    R4(config-if)#no shutdown

    Task 1: Configure EBGP & IBGP


    R3(config)#router bgp 23
    R1(config)#router bgp 1
    R3(config-router)#neighbor 23.23.23.3 remoteR1(config-router)#neighbor 12.12.12.2 remote- as 23
    as 23
    R3(config-router)#neighbor 34.34.34.4 remoteas 4
    R2(config)#router bgp 23
    R2(config-router)#neighbor 12.12.12.1 remote- R4(config)#router bgp 4
    as 1
    R4(config-router)#neighbor 34.34.34.3 remoteR2(config-router)#neighbor 23.23.23.3 remote- as 23
    as 23
    Now we should check to make sure each BGP speaker (router running BGP) learn about their
    neighbors with the show ip bgp summary command:

    Note: At this time, the show ip bgp commands on all routers show nothing and the show ip
    route commands only show directly connected networks. For example on R4:

    Task 2: Advertise loopback0 on R1 to R4 and make sure R4 can ping to that loopback
    interface
    First, create loopback 1.1.1.1/24 on R1 and advertise it
    R1(config)#interface loopback0
    R1(config-if)#ip address 1.1.1.1 255.255.255.0
    R1(config-if)#exit
    R1(config)#router bgp 1
    R1(config-router)#network 1.1.1.0 mask 255.255.255.0
    Now we can see that route in both the routing table and BGP routing table of R2.

    By the way, lets have a look of the output of the show ip bgp command on R3 at this time

    Please notice the Next Hop field from the output above. We can see that although the
    loopback0 of R1 is learned from R2 (so the next hop field should be the fa1/0 interface of R2)
    but here the Next Hop field here is an interface on R1 (12.12.12.1). The reason is:
    For EBGP, the next hop is always the IP address of the neighbor specified in the neighbor
    command. For IBGP, the protocol states that the next hop advertised by EBGP should be
    carried into IBGP. In this case, the next hop of EBGP (R1 on AS 1) will be installed into BGP
    of R3.
    Therefore R3 needs an IGP (like OSPF, EIGRP) to reach that EBGP router, if not it will drop
    all packets destined for network 1.1.1.0/24. In this case no IGP has been configured so a ping to
    1.1.1.1 from R3 will surely fail because R3 doesnt know how to reach 12.12.12.1.
    Also, we can see that R3 cant reach 1.1.1.0/24 with the show ip bgp 1.1.1.0/24 command

    This route is inaccessible so R3 will not advertise this route to R4 -> no network 1.1.1.0/24 is
    installed in the BGP routing table of R4

    To overcome this problem, we can declare the next-hop-self on the edge router (R2). With this
    command, R2 will send its own IP address as the next hop instead of sending the EBGP next
    hop.
    R2(config-router)#neighbor 23.23.23.3 next-hop-self
    Now the Next Hop field will be an interface on R2 (23.23.23.2):

    And network 1.1.1.0/24 is also installed in the BGP routing table of R4 because the route is now
    accessible and R3 advertises it to R4

    Notice that although the network 1.1.1.0/24 exists in the BGP routing table but R4 still cant ping
    to it

    Check the BGP routing table of R1 we will see that R1 does not know how to reach 34.34.34.0
    network -> R1 does not know how to send the ping reply (ICMP response) to R4.

    To make a successful ping from R4, we must advertise network 34.34.34.0 on R4.
    R4(config-router)#network 34.34.34.0 mask 255.255.255.0
    Now R1 has learned about network 34.34.34.0/24

    Maybe we can now ping from R4 to loopback0? The answer is still no! Although the ping can
    reach loopback0 but the reply packets cant reach R4 because there is a mistake on the BGP
    routing table of R2

    As you can guess, the same problem next hop advertised by EBGP should be carried into
    IBGP occurs so we need to use the command:
    R3(config-router)#neighbor 23.23.23.2 next-hop-self

    Now we can ping from R4 to loopback0 on R1

    Task 3: Make AS 23 not a transit AS


    This is an important problem in real life. Suppose your company (with R2 & R3 routers) wants
    the connection to the Internet must be available in any time so your administrators hired two
    internet lines from two separate ISPs (R1 & R4). But improper configuration can make traffic
    flow from R1 -> R2 -> R3 -> R4 and your company becomes a transit AS. Surely your company
    does not want to receive this traffic as it takes much bandwidth of the company. We need to filter
    out this type of traffic.
    The purpose of this task is opposite to task 2. We will make AS 23 not a transit AS by not
    advertising network 1.1.1.0 to R4. To do this, we will create a route-map for 1.1.1.0/24 and set
    the no-export attribute to this route:
    R3(config)#access-list 1 permit 1.1.1.0 0.0.0.255
    R3(config)#route-map NOEXPORT permit 10
    R3(config-route-map)#match ip address 1
    R3(config-route-map)#set community no-export
    R3(config)#router bgp 23
    R3(config-router)#neighbor 23.23.23.2 route-map NOEXPORT in
    The no-export means do not advertise this route to any EBGP peers and this attribute is set
    to network 1.1.1.0/24 before entering R3 (because we apply this route-map on inbound direction

    to R3). Therefore R3 will understand do not advertise 1.1.1.0/24 to any EBGP neighbor, in this
    case EBGP neighbor is R4.

    Also on R4 the 1.1.1.0/24 network disappears.

    Another way to achieve the same result as above is configuring a route-map and apply it on the
    outbound direction of R2 (to R3):
    R2(config)#access-list 1 permit 1.1.1.0 0.0.0.255
    R2(config)#route-map NOEXPORT permit 10
    R2(config-route-map)#match ip address 1
    R2(config-route-map)#set community no-export
    R2(config)#router bgp 23
    R2(config-router)#neighbor 23.23.23.3 route-map NOEXPORT out
    For your information, we can use the community no-export on R1 on outbound direction to
    achieve the same result but notice you have to add the send-community feature so that the
    community attribute on R1 is sent to R2 because even if you set the community attribute on R1,
    this attribute does not transmit to BGP neighbors by default.
    R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
    R1(config)#route-map NOEXPORT permit 10
    R1(config-route-map)#match ip address 1
    R1(config-route-map)#set community no-export
    R1(config)#router bgp 1
    R1(config-router)#neighbor 12.12.12.2 route-map NOEXPORT out
    R1(config-router)#neighbor 12.12.12.2 send-community

    Now on R2 you will see

    Also add neighbor send-community command on R2 to propagate community attribute to


    R3
    R2(config)#router bgp 23
    R2(config-router)#neighbor 23.23.23.3 send-community
    Now both R2 & R3 receive community attribute on R1

    R3 knows network 1.1.1.0/24 is not allowed to advertise to R4 (R4 is an EBGP) so R4 does not
    have this route in its BGP routing table (note: we dont need to set the send-community on R3
    because R3 understands this route should not be advertised to any peer).

    This is the end of this lab. I dont upload the configuration files because I wish you to do it by
    yourself (I am sorry).

    S-ar putea să vă placă și