Evil_TTL> show | s

BGP

Category:Cisco Systems -> Routing and Switching

BGP – Border Gateway Protocol is a routing protocol mainly used in the Internet.

Very often companies have to use this protocol to connect CP routers to PE routers. I’ll try to represent some common topology to achieve this task and briefly describe how to configure CP routers.

BGP-10.png

Starting January 2010 you can easily get 32-bit AS number like 197061. So that a router could interpret the number in the right way, its IOS must be updated if it’s too old.

To present 197061 number to the router you must follow the pattern x.y

1.0 = 65536

So to get 197061 we must muliply 3 by 65536 and add 453 to get 197061. Hence we get AS number 3.453

Annnounce AS:

router bgp 3.453
 network 194.22.35.0

// Announce AS.

ip prefix-list ISP-in seq 10 permit 0.0.0.0/0
ip prefix
-list ISP-out seq 10 permit 194.22.35.0/24 le 32

// ACL to filter inbound and outbound networks announcements.

router bgp 3.453
 neighbor 44.4.4.1 prefix
-list ISP-in in
 neighbor 44.4.4.1 prefix
-list ISP-out out
 neighbor 77.7.7.1 prefix
-list ISP-in in
 neighbor 77.7.7.1 prefix
-list ISP-out out

// Neighbour ACL.

router bgp 3.453
 neighbor 44.4.4.1 remote
-as 1000
 neighbor 77.7.7.1 remote
-as 2000

// Neighbour announcement. 

Check BGP status:

sh ip bgp summary
sh ip bgp 

We’ve just connected the router to both ISPs by using BGP routing protocol.

Next step is to tell CP routers about each other:

router bgp 3.453
 neighbor 172.16.1.2 remote
-as 3.453
 neighbor 172.16.1.2 update
-source Loopback1 

The second router would have similar stack of commands but for these ones:

router bgp 3.453
 neighbor 172.16.1.1 remote
-as 3.453
 neighbor 172.16.1.1 update
-source Loopback1 

Compiled config on the first router would look like this

int Loopback1
 ip address 172.16.1.1 255.255.255.255

ip prefix
-list ISP-in seq 10 permit 0.0.0.0/0
ip prefix
-list ISP-out seq 10 permit 194.22.35.0/24 le 32

router bgp 3.453
 no synchronization
 bgp log
-neighbor-changes
 network 194.22.35.0
 neighbor 44.4.4.1 remote
-as 1000
 neighbor 44.4.4.1 prefix
-list ISP-in in
 neighbor 44.4.4.1 prefix
-list ISP-out out
 neighbor 77.7.7.1 remote
-as 2000
 neighbor 77.7.7.1 prefix
-list ISP-in in
 neighbor 77.7.7.1 prefix
-list ISP-out out
 neighbor 172.16.1.2 remote
-as 3.453
 neighbor 172.16.1.2 update
-source Loopback1
 no auto
-summary 

If CP router is more than one hop from PE router use this command neighbor 77.7.7.1 ebgp-multihop 255. Where 255 – number of hops (choose appropriate number).

BGP with two default routes

Following is a working draft of the configuration for a single L3 device holding BGP connection with two ISPs.

router bgp 5xyz6
 no synchronization
 bgp log
-neighbor-changes
 network zzz
.zzz.zzz.0
 timers bgp 30 90
 neighbor XXX
.XXX.XXX.XXX remote-as 1xyz3
 neighbor XXX
.XXX.XXX.XXX transport path-mtu-discovery
 neighbor XXX
.XXX.XXX.XXX update-source Vlan1287
 neighbor XXX
.XXX.XXX.XXX advertisement-interval 15
 neighbor XXX
.XXX.XXX.XXX prefix-list ISP-in in
 neighbor XXX
.XXX.XXX.XXX prefix-list ISP-out out
 neighbor XXX
.XXX.XXX.XXX route-map LOCALPREF in
 neighbor YYY
.YYY.YYY.YYY remote-as 4xyz2
 neighbor YYY
.YYY.YYY.YYY transport path-mtu-discovery
 neighbor YYY
.YYY.YYY.YYY update-source FastEthernet1/0/32
 neighbor YYY
.YYY.YYY.YYY advertisement-interval 15
 neighbor YYY
.YYY.YYY.YYY prefix-list ISP-in in
 neighbor YYY
.YYY.YYY.YYY prefix-list ISP-out out
 neighbor YYY
.YYY.YYY.YYY route-map PREPEND out
 no auto
-summary
!
ip prefix-list ISP-in seq 10 permit 0.0.0.0/0
!
ip prefix-list ISP-out seq 10 permit zzz.zzz.zzz.0/24 le 32
!
route-map LOCALPREF permit 10
 set local
-preference 100 // The higher the value the more important it is
!
route-map PREPEND permit 10
 set 
as-path prepend 5xyz6 5xyz6 5xyz6 

Neighbor XXX.XXX.XXX.XXX is the main ISP connection. LOCALPREF route-map is used to prioritize outbound default route through it. PREPEND is used to advertize a longer path to our AS so that all incoming traffic would be prioritized through the other ISP with neighbor router XXX.XXX.XXX.XXX. You can use match ACL rules inside route-maps for granular IP address management.


AS-PATH

In multi-access environment you can filter only locally originated routes to be advertised by matching as-path with regular expression ^$. “^$” says to match the beginning of the string (“^”), and then immediately match the end of the string (“$”). This means that the string is null. Within the scope of BGP the only time that the AS-Path is null is when you are looking at a route within your own AS that you or one of your iBGP peers has originated. Hence this matches locally originated routes.

ip as-path access-list 10 permit ^$ // then match it in the outbound route-map 
By privilege15