Tải bản đầy đủ (.pdf) (9 trang)
  1. Trang chủ
    2. >>
  2. Công Nghệ Thông Tin
    3. >>
  3. Quản trị mạng

Tài liệu BGP III Lab Scenario pdf

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (34.97 KB, 9 trang )

CertificationZone Page 1 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
Date of Issue: 09-01-2000
BGP III Lab Scenario
by Chuck Larrieu
Setup
Working Configurations
Router 1 Configuration
Router 2 Configuration
Router 3 Configuration
Router 4 Configuration
A Look at the Routing Tables
Reality Check
A Look at the Regular Expressions
Path Manipulation on Router 4
How Could You See the Regexp?
Changing Policy
Add the Access List to Router 4 Configuration.
Huh? It Didn't Work
Something Is Missing
Setup
Build a configuration that consists of four routers:
R1 R2 R3 R4
| |
| |


Working Configurations
Router 1 Configuration
service timestamps debug uptime
service timestamps log uptime


no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Router_1
!
Router_1 Router_2 Router_3 Router_4
AS
1 2 3 4
Router ID
1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4
Ethernet 0
n/a n/a n/a n/a
Loopback 0
192.168.64.1/24 192.168.32.1/24 192.168.8.1/24 192.168.0.1/24
Loopback 1
192.168.65.1/24 192.168.33.1/24 192.168.9.1/24 192.168.1.1/24
Loopback 2
192.168.66.1/24 192.168.34.1/24 192.168.10.1/24 192.168.2.1/24
Loopback 3
192.168.67.1/24 192.168.35.1/24 192.168.11.1/24 192.168.3.1/24
Serial 0
10.0.0.14/30 10.0.0.9/30 10.0.0.5/30 10.0.0.1/30
Serial 1
10.0.0.10/30 10.0.0.6/30 10.0.0.2/30 10.0.0.13/30
CertificationZone Page 2 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
ip subnet-zero
!
cns event-service server

!
interface Loopback0
ip address 192.168.64.1 255.255.255.0
!
interface Loopback1
ip address 192.168.65.1 255.255.255.0
!
interface Loopback2
ip address 192.168.66.1 255.255.255.0
!
interface Loopback3
ip address 192.168.67.1 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
no cdp enable
!
interface Serial0
ip address 10.0.0.14 255.255.255.252
!
interface Serial1
ip address 10.0.0.10 255.255.255.252
!
router ospf 1000
network 192.168.64.1 0.0.0.0 area 0
network 192.168.65.1 0.0.0.0 area 0
network 192.168.66.1 0.0.0.0 area 0
network 192.168.67.1 0.0.0.0 area 0
!

router bgp 1
bgp router-id 1.1.1.1
bgp cluster-id 3232187137
redistribute ospf 1000
neighbor 10.0.0.9 remote-as 2
neighbor 10.0.0.13 remote-as 4
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
privilege level 15
transport input none
line aux 0
line vty 0 4
privilege level 0
password yahoudi
login
!
end
Router 2 Configuration
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router_2
!
ip subnet-zero

!
cns event-service server
!
interface Loopback0
ip address 192.168.32.1 255.255.255.0
!
interface Loopback1
ip address 192.168.33.1 255.255.255.0
!
CertificationZone Page 3 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
interface Loopback2
ip address 192.168.34.1 255.255.255.0
!
interface Loopback3
ip address 192.168.35.1 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
ip address 10.0.0.9 255.255.255.252
no fair-queue
!
interface Serial1
ip address 10.0.0.6 255.255.255.252
!
router bgp 2
bgp router-id 2.2.2.2

bgp cluster-id 3232178945
network 10.0.0.4 mask 255.255.255.252
network 192.168.32.0
network 192.168.33.0
network 192.168.34.0
network 192.168.35.0
aggregate-address 192.168.32.0 255.255.252.0 summary-only
neighbor 10.0.0.5 remote-as 3
neighbor 10.0.0.10 remote-as 1
!
ip classless
no ip http server
!
line con 0
privilege level 15
transport input none
line aux 0
line vty 0 4
privilege level 0
no login
!
end
Router 3 Configuration
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router_3
!
ip subnet-zero

!
interface Loopback0
ip address 192.168.8.1 255.255.255.0
!
interface Loopback1
ip address 192.168.9.1 255.255.255.0
!
interface Loopback2
ip address 192.168.10.1 255.255.255.0
!
interface Loopback3
ip address 192.168.11.1 255.255.255.0
!
interface Ethernet0
no ip address
no keepalive
shutdown
!
interface Serial0
ip address 10.0.0.5 255.255.255.252
!
interface Serial1
ip address 10.0.0.2 255.255.255.252
CertificationZone Page 4 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
!
router ospf 1000
network 192.168.8.1 0.0.0.0 area 0
network 192.168.9.1 0.0.0.0 area 0
network 192.168.10.1 0.0.0.0 area 0

network 192.168.11.1 0.0.0.0 area 0
!
router bgp 3
bgp router-id 3.3.3.3
network 10.0.0.0
redistribute ospf 1000
neighbor 10.0.0.1 remote-as 4
neighbor 10.0.0.6 remote-as 2
!
ip classless
!
line con 0
line aux 0
line vty 0 4
login
!
end
Router 4 Configuration
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router_4
!
no logging console
!
ip subnet-zero
cns event-service server
!
interface Loopback0

ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
ip address 10.0.0.1 255.255.255.252
!
interface Serial1
ip address 10.0.0.13 255.255.255.252
!
router bgp 4
bgp router-id 4.4.4.4
bgp cluster-id 3232286465
network 10.0.0.0 mask 255.255.255.252
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
neighbor 10.0.0.2 remote-as 3

neighbor 10.0.0.14 remote-as 1
!
no ip http server
ip as-path access-list 1 permit _3_
!
line con 0
exec-timeout 0 0
CertificationZone Page 5 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
privilege level 15
transport preferred none
transport input none
line aux 0
transport preferred none
transport input all
line vty 0 4
privilege level 0
transport preferred none
!
end
A Look at the Routing Tables
Router_1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP,
M - mobile, B - BGP D - EIGRP, EX - EIGRP external,
O - OSPF, IA - OSPF inter area N1 - OSPF NSSA
external type 1, N2 - OSPF NSSA external type 2 E1 -
OSPF external type 1, E2 - OSPF external type 2, E -
EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS
level-2, ia - IS-IS inter area * - candidate
default, U - per-user static route, o - ODR P -

periodic downloaded static route
Gateway of last resort is not set
B 192.168.8.0/24 [20/0] via 10.0.0.13, 00:05:56
B 192.168.9.0/24 [20/0] via 10.0.0.13, 00:05:56
B 192.168.10.0/24 [20/0] via 10.0.0.13, 00:05:56
B 192.168.11.0/24 [20/0] via 10.0.0.13, 00:05:56
B 10.0.0.0/8 [20/0] via 10.0.0.13, 00:05:57
B 10.0.0.0/30 [20/0] via 10.0.0.13, 00:05:57
B 10.0.0.4/30 [20/0] via 10.0.0.9, 00:05:57
B 192.168.0.0/24 [20/0] via 10.0.0.13, 00:05:58
B 192.168.1.0/24 [20/0] via 10.0.0.13, 00:05:58
B 192.168.2.0/24 [20/0] via 10.0.0.13, 00:05:58
B 192.168.3.0/24 [20/0] via 10.0.0.13, 00:05:58
B 192.168.32.0/22 [20/0] via 10.0.0.9, 00:05:58
Router_1#
Observe that on router_1, networks advertised by router_4 appear via the interface connected to router_4
There are no secondary paths.
Reality Check
Routes advertised by router 3, which is two hops away (both through router 2 and router 4), appear as originating
through router 4. Why?
BGP is designed to ensure loop free routing. The BGP decision process is run on the Adj-RIB-in table upon the
receipt of route notifications from neighbors.
Router 1 would have received notification of routes originating from router 3 from two different sources (router 2 and
router 4) One of those notifications would have arrived prior to the other. Upon receipt of the duplicate route, BGP
would discard that update.
One thing to try might be to shut down one of the serial interfaces, clear the BGP process (clear ip bgp *) and
observe the installation of the route via the other interface.
Router_1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 146, main routing table version 146

16 network entries and 23 paths using 2380 bytes of memory
10 BGP path attribute entries using 520 bytes of memory
5 BGP AS-PATH entries using 120 bytes of memory
CertificationZone Page 6 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP activity 59/116 prefixes, 156/129 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.9 4 2 1639 1650 146 0 0 1d00h 7
10.0.0.13 4 4 1674 1659 146 0 0 1d01h 12
Shows the BGP neighbors, current BGP table version, networks and paths, and memory usage.
A Look at the Regular Expressions
Information obtained through the use of show commands in conjunction with regular expressions can be useful in
determining how BGP paths are installed into the BGP tables.
The following is the result of the show ip bgp regexp .* command, which reveals all paths known to BGP on this
router.
Router_1#sh ip bgp regexp.*
BGP table version is 146, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history,
* valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>10.0.0.0/30 10.0.0.13 0 0 4 i
* 10.0.0.0 10.0.0.9 0 2 3 i
*> 10.0.0.13 0 4 3 i
* 10.0.0.4/30 10.0.0.13 0 4 3 2 i
*> 10.0.0.9 0 0 2 i
*>192.168.0.0 10.0.0.13 0 0 4 i
*>192.168.1.0 10.0.0.13 0 0 4 i

*>192.168.2.0 10.0.0.13 0 0 4 i
*>192.168.3.0 10.0.0.13 0 0 4 i
* 192.168.8.0 10.0.0.9 0 2 3 ?
*> 10.0.0.13 0 4 3 ?
* 192.168.9.0 10.0.0.9 0 2 3 ?
*> 10.0.0.13 0 4 3 ?
* 192.168.10.0 10.0.0.9 0 2 3 ?
*> 10.0.0.13 0 4 3 ?
* 192.168.11.0 10.0.0.9 0 2 3 ?
*> 10.0.0.13 0 4 3 ?
* 192.168.32.0/22 10.0.0.13 0 4 3 2 i
*> 10.0.0.9 0 2 i
*>192.168.64.0 0.0.0.0 0 32768 ?
*>192.168.65.0 0.0.0.0 0 32768 ?
*>192.168.66.0 0.0.0.0 0 32768 ?
*>192.168.67.0 0.0.0.0 0 32768 ?
Observe this on all routers.
In the case of router_1, the output of the show ip bgp .* shows, for example, that directly connected networks have a
weight of 32768, and a path of "?" indicating that these networks are local to the router. If router_1 were to receive
notification from another source of a path to one of these routes, it would know by comparison that there is a loop,
and that these route notifications are unreliable, and should be dropped.
Note the summary route 192.168.32.0/22, denoted by the * as reliable, and advertised by AS4 (router 4) but that the
best path, indicated by > comes from AS2 (router 2). Again, router 1 has received notification of two paths to a
particular network, but installs only one of them into its routing table. (Refer to the router_1 routing table, above.)
Path Manipulation on Router 4
Observe the router_4 routing table
ROUTER_4#sh ip route bgp
B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:01:14
B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:01:14
B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:01:14

CertificationZone Page 7 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:01:14
B 192.168.64.0/24 [20/0] via 10.0.0.14, 00:01:18
B 192.168.65.0/24 [20/0] via 10.0.0.14, 00:01:18
B 192.168.66.0/24 [20/0] via 10.0.0.14, 00:01:18
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:01:14
B 10.0.0.4/30 [20/0] via 10.0.0.14, 00:01:18
B 192.168.67.0/24 [20/0] via 10.0.0.14, 00:01:18
B 192.168.32.0/22 [20/0] via 10.0.0.14, 00:01:18
ROUTER_4#
Router 4 is receiving information that certain networks are best reached from AS1 (router_1).
How Could You See the Regexp?
A look at the regular expression confirms this:
Network Next Hop Metric LocPrf Weight Path
*>198.92.0.0 198.92.72.30 8896 32768 ?
* 198.92.72.30 0 109 108 ?
*>198.92.1.0 198.92.72.30 8796 32768 ?
* 198.92.72.30 0 109 108 ?
ROUTER_4#sh ip bgp regexp .*
BGP table version is 22, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history,
* valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>10.0.0.0/30 0.0.0.0 32768 i
*>10.0.0.0 10.0.0.2 0 3 i
* 10.0.0.14 0 1 2 3 i
* 10.0.0.4/30 10.0.0.2 0 3 2 i

*> 10.0.0.14 0 1 2 i
*>192.168.0.0 0.0.0.0 32768 i
*>192.168.1.0 0.0.0.0 32768 i
*>192.168.2.0 0.0.0.0 32768 i
*>192.168.3.0 0.0.0.0 32768 i
*>192.168.8.0 10.0.0.2 0 3 ?
* 10.0.0.14 0 1 2 3 ?
*>192.168.9.0 10.0.0.2 0 3 ?
* 10.0.0.14 0 1 2 3 ?
*>192.168.10.0 10.0.0.2 0 3 ?
* 10.0.0.14 0 1 2 3 ?
*>192.168.11.0 10.0.0.2 0 3 ?
* 10.0.0.14 0 1 2 3 ?
* 192.168.32.0/22 10.0.0.2 0 3 2 i
*> 10.0.0.14 0 1 2 i
* 192.168.64.0 10.0.0.2 0 3 2 1 ?
*> 10.0.0.14 0 1 ?
* 192.168.65.0 10.0.0.2 0 3 2 1 ?
*> 10.0.0.14 0 1 ?
* 192.168.66.0 10.0.0.2 0 3 2 1 ?
*> 10.0.0.14 0 1 ?
* 192.168.67.0 10.0.0.2 0 3 2 1 ?
*> 10.0.0.14 0 1 ?
ROUTER_4#
Observe that while a number of routes are advertised as originating through both AS1 (router_1) and AS3 (router_3)
all routes are assigned a best path status based upon the decision process.
Changing Policy
Suppose, though, that router_4 did not want to accept traffic from router_1 unless that traffic had passed through
AS3. Suppose, for example, that the managers of AS4 determined that AS1 was abusing its peering privilege, and
dumping far more traffic into AS4 than was permitted by agreement.

Through the use of regular expressions in conjunction with an access-list, the management of AS4 can set a policy
restricting traffic from AS1 entering AS4 directly.
CertificationZone Page 8 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
Note that in the configuration for AS4, there is an access list
ip as-path access-list 1 permit _3_
Note the "_3_ " portion. The regular expression _3_ denotes an exact match of AS3, preceded and followed by any
other AS.
Add the Access List to Router 4 Configuration.
One more step is required. As with all Cisco access-lists, it is one thing to create them. They must still be applied.
This is done with a filter list, applied under the routing process.
So, in this case, on router_4, enter the following command:
router bgp 4
neighbor 10.0.0.14 filter-list 1 in
Huh? It Didn't Work
Now observe the change in the routing table, or in the regexp output. There is no change! Why?
Something Is Missing
because the paths are already installed into the BGP tables.
The BGP processes must be cleared so that, as updates are
received, the new policy can be applied. This is done with the clear
ip bgp * command.
Now observe the routing table and the regexp output for router 4:
ROUTER_4#sh ip route bgp
B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.64.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.65.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.66.0/24 [20/0] via 10.0.0.2, 00:00:15

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:00:15
B 10.0.0.4/30 [20/0] via 10.0.0.2, 00:00:15
B 192.168.67.0/24 [20/0] via 10.0.0.2, 00:00:15
B 192.168.32.0/22 [20/0] via 10.0.0.2, 00:00:15
ROUTER_4#
All routes are originating through the connection to router 3 (AS3).
ROUTER_4#sh ip bgp regexp .*
BGP table version is 17, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history
* valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/30 0.0.0.0 32768 i
*> 10.0.0.0 10.0.0.2 0 3 i
*> 10.0.0.4/30 10.0.0.2 0 3 2 i
*> 192.168.0.0 0.0.0.0 32768 i
*> 192.168.1.0 0.0.0.0 32768 i
*> 192.168.2.0 0.0.0.0 32768 i
*> 192.168.3.0 0.0.0.0 32768 i
*> 192.168.8.0 10.0.0.2 0 3 ?
Do not reset interfaces in production networks
unless you know what the consequences will
be. Wherever possible, use the newer soft
refresh mechanisms. See the BGP3 Tutorial
for a discussion of soft refresh.
CertificationZone Page 9 of 9
/?Issue=20&IssueDate=09-01-2000&CP= 11/06/01
*> 192.168.9.0 10.0.0.2 0 3 ?
*> 192.168.10.0 10.0.0.2 0 3 ?

*> 192.168.11.0 10.0.0.2 0 3 ?
*> 192.168.32.0/22 10.0.0.2 0 3 2 i
*> 192.168.64.0 10.0.0.2 0 3 2 1 ?
*> 192.168.65.0 10.0.0.2 0 3 2 1 ?
*> 192.168.66.0 10.0.0.2 0 3 2 1 ?
*> 192.168.67.0 10.0.0.2 0 3 2 1 ?
[IE-BGP3-LS1-F03]
[2000-08-30-01]
Copyright © 2000 Genium Publishing Corporation

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×