Category:Cisco Systems -> Routing and Switching
BGP – Border Gateway Protocol is a routing protocol mainly used in the Internet.
Very often companies have to use this protocol to connect CP routers to PE routers. I’ll try to represent some common topology to achieve this task and briefly describe how to configure CP routers.
Starting January 2010 you can easily get 32-bit AS number like 197061. So that a router could interpret the number in the right way, its IOS must be updated if it’s too old.
To present 197061 number to the router you must follow the pattern x.y
1.0 = 65536
So to get 197061 we must muliply 3 by 65536 and add 453 to get 197061. Hence we get AS number 3.453
Annnounce AS:
router bgp 3.453
network 194.22.35.0
// Announce AS.
ip prefix-list ISP-in seq 10 permit 0.0.0.0/0
ip prefix-list ISP-out seq 10 permit 194.22.35.0/24 le 32
// ACL to filter inbound and outbound networks announcements.
router bgp 3.453
neighbor 44.4.4.1 prefix-list ISP-in in
neighbor 44.4.4.1 prefix-list ISP-out out
neighbor 77.7.7.1 prefix-list ISP-in in
neighbor 77.7.7.1 prefix-list ISP-out out
// Neighbour ACL.
router bgp 3.453
neighbor 44.4.4.1 remote-as 1000
neighbor 77.7.7.1 remote-as 2000
// Neighbour announcement.
Check BGP status:
sh ip bgp summary
sh ip bgp
We’ve just connected the router to both ISPs by using BGP routing protocol.
Next step is to tell CP routers about each other:
router bgp 3.453
neighbor 172.16.1.2 remote-as 3.453
neighbor 172.16.1.2 update-source Loopback1
The second router would have similar stack of commands but for these ones:
router bgp 3.453
neighbor 172.16.1.1 remote-as 3.453
neighbor 172.16.1.1 update-source Loopback1
Compiled config on the first router would look like this
int Loopback1
ip address 172.16.1.1 255.255.255.255
ip prefix-list ISP-in seq 10 permit 0.0.0.0/0
ip prefix-list ISP-out seq 10 permit 194.22.35.0/24 le 32
router bgp 3.453
no synchronization
bgp log-neighbor-changes
network 194.22.35.0
neighbor 44.4.4.1 remote-as 1000
neighbor 44.4.4.1 prefix-list ISP-in in
neighbor 44.4.4.1 prefix-list ISP-out out
neighbor 77.7.7.1 remote-as 2000
neighbor 77.7.7.1 prefix-list ISP-in in
neighbor 77.7.7.1 prefix-list ISP-out out
neighbor 172.16.1.2 remote-as 3.453
neighbor 172.16.1.2 update-source Loopback1
no auto-summary
If CP router is more than one hop from PE router use this command neighbor 77.7.7.1 ebgp-multihop 255. Where 255 – number of hops (choose appropriate number).
BGP with two default routes
Following is a working draft of the configuration for a single L3 device holding BGP connection with two ISPs.
router bgp 5xyz6
no synchronization
bgp log-neighbor-changes
network zzz.zzz.zzz.0
timers bgp 30 90
neighbor XXX.XXX.XXX.XXX remote-as 1xyz3
neighbor XXX.XXX.XXX.XXX transport path-mtu-discovery
neighbor XXX.XXX.XXX.XXX update-source Vlan1287
neighbor XXX.XXX.XXX.XXX advertisement-interval 15
neighbor XXX.XXX.XXX.XXX prefix-list ISP-in in
neighbor XXX.XXX.XXX.XXX prefix-list ISP-out out
neighbor XXX.XXX.XXX.XXX route-map LOCALPREF in
neighbor YYY.YYY.YYY.YYY remote-as 4xyz2
neighbor YYY.YYY.YYY.YYY transport path-mtu-discovery
neighbor YYY.YYY.YYY.YYY update-source FastEthernet1/0/32
neighbor YYY.YYY.YYY.YYY advertisement-interval 15
neighbor YYY.YYY.YYY.YYY prefix-list ISP-in in
neighbor YYY.YYY.YYY.YYY prefix-list ISP-out out
neighbor YYY.YYY.YYY.YYY route-map PREPEND out
no auto-summary
!
ip prefix-list ISP-in seq 10 permit 0.0.0.0/0
!
ip prefix-list ISP-out seq 10 permit zzz.zzz.zzz.0/24 le 32
!
route-map LOCALPREF permit 10
set local-preference 100 // The higher the value the more important it is
!
route-map PREPEND permit 10
set as-path prepend 5xyz6 5xyz6 5xyz6
Neighbor XXX.XXX.XXX.XXX is the main ISP connection. LOCALPREF route-map is used to prioritize outbound default route through it. PREPEND is used to advertize a longer path to our AS so that all incoming traffic would be prioritized through the other ISP with neighbor router XXX.XXX.XXX.XXX. You can use match ACL rules inside route-maps for granular IP address management.
AS-PATH
In multi-access environment you can filter only locally originated routes to be advertised by matching as-path with regular expression ^$. “^$” says to match the beginning of the string (“^”), and then immediately match the end of the string (“$”). This means that the string is null. Within the scope of BGP the only time that the AS-Path is null is when you are looking at a route within your own AS that you or one of your iBGP peers has originated. Hence this matches locally originated routes.
ip as-path access-list 10 permit ^$ // then match it in the outbound route-map
MORE ON AS-PATH FILTERING
route-map TEST-IN permit 10
match as-path 3
set local-preference 105
set weight 500
ip as-path access-list 3 permit _1001$ // Networks originated in AS 1001
ip as-path access-list 3 permit _1001_2002$ // Networks that originated in 2002 and transit through 1001
