Tải bản đầy đủ (.pdf) (16 trang)
  1. Trang chủ
    2. >>
  2. Cao đẳng - Đại học
    3. >>
  3. Công nghệ thông tin

CCNA Lab - Solution Rev1.0 Basic BGP I

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (236.12 KB, 16 trang )

ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

Task 8.1:
♦ Configure BB1 in AS57 and advertise all pre-configured
Loopback networks. Use minimum amount of CLI commands.
BB1
router bgp 57
no synchronization
bgp log-neighbor-changes
network 10.12.1.0 mask 255.255.255.0
redistribute connected metric 2
no auto-summary
BB1-RACK1#sho ip bgp
BGP table version is 21, local router ID is 209.112.70.1
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

*>
*>
*>
*>
*>
*>
*>
*>
*>


*>
*>
*>
*>
*>
*>
*>
*>
*>

Network
5.5.5.0/24
8.1.1.0/24
10.12.1.0/24
12.1.1.0/24
18.2.1.0/24
28.3.1.0/24
38.1.1.0/24
156.46.1.0/24
156.46.2.0/24
156.46.3.0/24
156.46.4.0/24
156.46.100.0/22
209.112.65.0
209.112.66.0
209.112.67.0
209.112.68.0
209.112.69.0
209.112.70.0


Next Hop
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0

Metric LocPrf Weight Path
2
32768 ?
2
32768 ?
0
32768 i
2
32768 ?
2

32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?
2
32768 ?

♦ Configure BB2 in AS1540 and advertise all pre-configured
Loopback networks. Use minimum amount of CLI commands.

BB2
router bgp 1540
no synchronization
bgp log-neighbor-changes
network 172.16.122.0 mask 255.255.255.0
redistribute connected metric 2

1

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

no auto-summary
BB2-RACK1#sho ip bgp
BGP table version is 58, local router ID is 210.112.70.1
Status codes: s suppressed, d damped, h history, * valid, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete

*>
*>
*>
*>
*>

*>
*
*>

Network
3.3.3.0/24
8.2.1.0/24
12.2.1.0/24
18.2.2.0/24
28.3.2.0/24
38.2.1.0/24
140.100.1.0/24

Next Hop
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
140.100.1.2
0.0.0.0

Metric LocPrf Weight Path
2
32768 ?
2
32768 ?
2
32768 ?

2
32768 ?
2
32768 ?
2
32768 ?
0
0 65001 i
2
32768 ?

♦ Configure AS65002 for SP1 and PE4 in AS 65002.
PE4

Loopback 4

44.44.44.44/24

PE4-RACK1(config)#interface loopback 4
PE4-RACK1(config-if)#ip address 44.44.44.44 255.255.255.0
PE4-RACK1(config-if)#router bgp 65002
PE4-RACK1(config-router)#network 44.44.44.0 mask 255.255.255.0
PE4-RACK1#sho ip bgp
Network
Next Hop
*> 44.44.44.0/24
0.0.0.0

Metric LocPrf Weight Path
0

32768 i

♦ Configure ASBR1 in AS 100
ASBR1

Loopback 100

101.101.101.101/24

ASBR1-RACK1(config)#int loopback 100
ASBR1-RACK1(config-if)#ip address 101.101.101.101 255.255.255.0
ASBR1-RACK1(config-if)#router bgp 100
ASBR1-RACK1(config-router)#network 101.101.101.0 mask 255.255.255.0
ASBR1-RACK1#sho ip bg
Network
Next Hop
*> 101.101.101.0/24 0.0.0.0

Metric LocPrf Weight Path
0
32768 i

♦ Configure ASBR2 in AS 200
ASBR2

2

Loopback 200

202.202.202.202/24


This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

ASBR2-RACK1(config)#int loopback 200
ASBR2-RACK1(config-if)#ip address 202.202.202.202 255.255.255.0
ASBR2-RACK1(config-router)#router bgp 200
ASBR2-RACK1(config-router)#network 202.202.202.0 mask 255.255.255.0
ASBR2-RACK1#sho ip bgp
Network
Next Hop
*> 202.202.202.0
0.0.0.0

Metric LocPrf Weight Path
0
32768 i

Task 8.2:
BB1
router bgp 57
no synchronization
bgp log-neighbor-changes

network 10.12.1.0 mask 255.255.255.0
redistribute connected metric 2
neighbor 10.12.1.2 remote-as 65001
neighbor 10.12.1.2 description to AS65001-SP1-PE2
neighbor 10.12.1.2 password iementor
no auto-summary
PE2-RACK1(config)#router bgp 65001
PE2-RACK1(config-router)#bgp log-neighbor-changes
PE2-RACK1(config-router)#neighbor 10.12.1.1 remote-as 57
PE2-RACK1(config-router)#neighbor 10.12.1.1 password iementor
PE2-RACK1(config-router)#neighbor 10.12.1.1 description Peer to BB1-AS57
PE2-RACK1(config-router)#network 22.22.22.0 mask 255.255.255.0
PE2-RACK1(config)#int loopback 22
PE2-RACK1(config-if)#ip address 22.22.22.22 255.255.255.0
PE2-RACK1#sho ip bgp summary
Neighbor
V
AS MsgRcvd MsgSent
State/PfxRcd
10.12.1.1
4
57
7
6

TblVer
21

InQ OutQ Up/Down
0


0 00:01:38

BB1-RACK1#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
PE2-RACK1#sho ip bgp
BGP table version is 21, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

3

This product is individually licensed.
Copyright® 2005 ieMentor .

18


ieMentor CCIE™ Service Provider Workbook v1.0

*>
*>
r>
*>
*>
*>

*>
*>
*>
*>
*>
*>
*>
*>
*>
*>
*>
*>
*>

Network
5.5.5.0/24
8.1.1.0/24
10.12.1.0/24
12.1.1.0/24
18.2.1.0/24
22.22.22.0/24
28.3.1.0/24
38.1.1.0/24
156.46.1.0/24
156.46.2.0/24
156.46.3.0/24
156.46.4.0/24
156.46.100.0/22
209.112.65.0
209.112.66.0

209.112.67.0
209.112.68.0
209.112.69.0
209.112.70.0

Next Hop
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
0.0.0.0
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1
10.12.1.1

|

Lab8 Solutions: Basic BGP I


Metric LocPrf Weight Path
2
0 57 ?
2
0 57 ?
0
0 57 i
2
0 57 ?
2
0 57 ?
0
32768 i
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2

0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?
2
0 57 ?

Task 8.3:
Configure your eBGP peering to be secure
♦ CORRECTION!!! You should receive 8 routes from BB2
♦ Verify end-to-end connectivity with a ping
♦ BB1 should be able to ping 11.11.11.11 of PE1
PE1-RACK1(config)#interface Loopback11
PE1-RACK1(config-if)# description BGP Loopback
PE1-RACK1(config-if)# ip address 11.11.11.11 255.255.255.0
PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)# no synchronization
PE1-RACK1(config-router)# bgp log-neighbor-changes
PE1-RACK1(config-router)#network 11.11.11.0 mask 255.255.255.0
PE1-RACK1(config-router)# network 140.100.1.0 mask 255.255.255.0
PE1-RACK1(config-router)# neighbor 140.100.1.1 remote-as 1540
PE1-RACK1(config-router)# neighbor 140.100.1.1 password iementor
PE1-RACK1(config-router)# no auto-summary
PE1-RACK1#sho ip bgp
BGP table version is 25, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

4

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

*>
*>
*>
*>
*>
*>
*>
*
*>

Network
3.3.3.0/24
8.2.1.0/24
11.11.11.0/24
12.2.1.0/24
18.2.2.0/24
28.3.2.0/24
38.2.1.0/24
140.100.1.0/24


Next Hop
140.100.1.1
140.100.1.1
0.0.0.0
140.100.1.1
140.100.1.1
140.100.1.1
140.100.1.1
140.100.1.1
0.0.0.0

|

Lab8 Solutions: Basic BGP I

Metric LocPrf Weight Path
2
0 1540 ?
2
0 1540 ?
0
32768 i
2
0 1540 ?
2
0 1540 ?
2
0 1540 ?
2
0 1540 ?

2
0 1540 ?
0
32768 i

BB2-RACK1(config)#router bgp 1540
BB2-RACK1(config-router)# no synchronization
BB2-RACK1(config-router)# bgp log-neighbor-changes
BB2-RACK1(config-router)# network 140.100.1.2 mask 255.255.255.0
BB2-RACK1(config-router)# redistribute connected metric 2
BB2-RACK1(config-router)# neighbor 140.100.1.2 remote-as 65001
BB2-RACK1(config-router)# neighbor 140.100.1.2 password iementor
BB2-RACK1(config-router)# no auto-summary
BB2-RACK1#sho ip route bg
11.0.0.0/24 is subnetted, 1 subnets
B
11.11.11.0 [20/0] via 140.100.1.2, 00:02:01
BB2-RACK1#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Task 8.4:
♦ Verify connectivity before peering with ASBR1
♦ Peer ASBR1 with PE1 and advertise ASBR1 BGP Loopback only
♦ CORRECTION!!! ASBR1 should be able to ping BB2 12.2.1.1.

In this task you may experience a problem peering if you are using
a Loopback as the source IP address with ASBR1. If you are using a

physical IP address, the problem will not happen.
So let’s observe the problem with using a Loopback as the source
instead of the physical.
Configure ASBR1 to peer with PE1 in the following manner:

5

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

ASBR1-RACK1(config)#router bgp 100
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 description to PE1
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0
PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100
PE1-RACK1(config-router)# neighbor 10.1.1.100 description to ASBR1
PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0

Let’s verify the status of peering
PE1-RACK1#sho ip bgp summary
Neighbor
V

AS MsgRcvd MsgSent
State/PfxRcd
10.1.1.100
4
100
5
6
140.100.1.1
4 1540
110
90

ASBR1-RACK1#sho ip bgp summary
Neighbor
V
AS MsgRcvd MsgSent
State/PfxRcd
10.1.1.1
4 65001
6
5

TblVer

InQ OutQ Up/Down

0
11

0

0

TblVer
0

0 00:26:42 Idle
0 00:27:58

7

InQ OutQ Up/Down
0

0 00:27:15 Idle

Notice “Idle” above; AS65001 will not peer with AS100.
To solve this problem, start out by running the debug ip bgp and
debug ip tcp transactions commands to see the TCP connection
failing. Then configure BGP as follows:
ASBR1-RACK1(config)#router bgp 100
ASBR1-RACK1(config-router)# no synchronization
ASBR1-RACK1(config-router)# bgp router-id 10.1.1.100
ASBR1-RACK1(config-router)# bgp log-neighbor-changes
ASBR1-RACK1(config-router)# network 101.101.101.0 mask 255.255.255.0
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 ebgp-multihop 2

Å

Resolves this issue

ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0
ASBR1-RACK1(config-router)# no auto-summary
PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)# no synchronization
PE1-RACK1(config-router)# bgp router-id 10.1.1.1
PE1-RACK1(config-router)# bgp log-neighbor-changes
PE1-RACK1(config-router)# network 11.11.11.0 mask 255.255.255.0
PE1-RACK1(config-router)# network 140.100.1.0 mask 255.255.255.0
PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100
PE1-RACK1(config-router)# neighbor 10.1.1.100 description to ASBR1

6

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

PE1-RACK1(config-router)# neighbor 10.1.1.100 ebgp-multihop 2

Å

Resolves this issue
PE1-RACK1(config-router)#
PE1-RACK1(config-router)#

PE1-RACK1(config-router)#
PE1-RACK1(config-router)#
PE1-RACK1(config-router)#

neighbor 10.1.1.100 update-source Loopback0
neighbor 140.100.1.1 remote-as 1540
neighbor 140.100.1.1 description To BB2
neighbor 140.100.1.1 password iementor
no auto-summary

debug ip bgp and debug ip tcp transactions on ASBR1
*Mar
*Mar
*Mar
*Mar

1
1
1
1

11:18:21.600:
11:18:21.600:
11:18:40.860:
11:18:40.860:

BGP:
BGP:
BGP:
BGP:


10.1.1.100 went
10.1.1.100 open
Applying map to
Applying map to

from Idle to Active
active, delay 26998ms
find origin for 11.11.11.0/24
find origin for 140.100.1.0/24

PE1-RACK1#sho ip bgp summary
Neighbor
State/PfxRcd
10.1.1.100
140.100.1.1

V
4
4

AS MsgRcvd MsgSent
100
1540

5
118

TblVer


6
98

0
11

AS MsgRcvd MsgSent

TblVer

InQ OutQ Up/Down
0
0

0 00:34:37 Active
0 00:35:53
7

PE1-RACK1#sho ip bgp summary
Neighbor
State/PfxRcd
10.1.1.100
140.100.1.1

*Mar 1
*Mar 1
*Mar 1
*Mar 1
*Mar 1
*Mar 1

*Mar 1
*Mar 1
*Mar 1
*Mar 1
)]
*Mar 1
]
*Mar 1
36, MSS
*Mar 1
*Mar 1
*Mar 1
*Mar 1
45
*Mar 1
26
*Mar 1
*Mar 1
*Mar 1

7

V
4
4

100
1540

11:18:48.600:

11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:
11:18:48.600:

10
118

12
99

11
12

InQ OutQ Up/Down
0
0

0 00:00:00
0 00:35:55

1
7

BGP: 10.1.1.100 open active, local address 10.1.1.1

TCB83046FC8 created
TCB83046FC8 setting property TCP_WINDOW_SIZE (0) 831105BC
TCB83046FC8 setting property TCP_MD5KEY (5) 0
TCB83046FC8 setting property TCP_TOS (11) 831105A8
TCP: Random local port generated 47173
TCB83046FC8 bound to 10.1.1.1.47173
TCP: sending SYN, seq 886127879, ack 0
TCP0: Connection to 10.1.1.100:179, advertising MSS 536
TCP0: state was CLOSED -> SYNSENT [47173 -> 10.1.1.100(179

11:18:48.612: TCP0: state was SYNSENT -> ESTAB [47173 -> 10.1.1.100(179)
11:18:48.612:
is 536
11:18:48.612:
11:18:48.616:
11:18:48.616:
11:18:48.616:

TCP: tcb 83046FC8 connection to 10.1.1.100:179, peer MSS 5
TCB83046FC8 connected to 10.1.1.100.179
BGP: 10.1.1.100 went from Active to OpenSent
BGP: 10.1.1.100 sending OPEN, version 4, my as: 65001
BGP: 10.1.1.100 send message type 1, length (incl. header)

11:18:48.628: BGP: 10.1.1.100 rcv message type 1, length (excl. header)
11:18:48.628: BGP: 10.1.1.100 rcv OPEN, version 4
11:18:48.628: BGP: 10.1.1.100 rcv OPEN w/ OPTION parameter len: 16
11:18:48.628: BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca

This product is individually licensed.

Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

pability) len 6
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
pability) len 2
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
all address-families
*Mar 1 11:18:48.632:
pability) len 2
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
all address-families
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
*Mar 1 11:18:48.632:
*Mar 1 11:18:53.837:
*Mar 1 11:18:53.837:

|

Lab8 Solutions: Basic BGP I

BGP: 10.1.1.100 OPEN has CAPABILITY code: 1, length 4
BGP: 10.1.1.100 OPEN has MP_EXT CAP for afi/safi: 1/1

BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca
BGP: 10.1.1.100 OPEN has CAPABILITY code: 128, length 0
BGP: 10.1.1.100 OPEN has ROUTE-REFRESH capability(old) for
BGP: 10.1.1.100 rcvd OPEN w/ optional parameter type 2 (Ca
BGP: 10.1.1.100 OPEN has CAPABILITY code: 2, length 0
BGP: 10.1.1.100 OPEN has ROUTE-REFRESH capability(new) for
BGP: 10.1.1.100 went from OpenSent to OpenConfirm
BGP: 10.1.1.100 went from OpenConfirm to Established
%BGP-5-ADJCHANGE: neighbor 10.1.1.100 Up
TCP: sending RST, seq 0, ack 1452704497
TCP: sent RST to 10.1.1.254:13346 from 10.1.1.1:179

PE1-RACK1#sho ip bgp summary
Neighbor
State/PfxRcd
10.1.1.100
140.100.1.1

V
4
4

AS MsgRcvd MsgSent
100
1540

11
120

13

101

TblVer
12
12

InQ OutQ Up/Down
0
0

0 00:01:34
0 00:37:29

PE1-RACK1#sho ip bgp
BGP table version is 12, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i intern
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

*>
*>
*>
*>
*>
*>
*>
*>
*
*>


Network
3.3.3.0/24
8.2.1.0/24
11.11.11.0/24
12.2.1.0/24
18.2.2.0/24
28.3.2.0/24
38.2.1.0/24
101.101.101.0/24
140.100.1.0/24

Next Hop
140.100.1.1
140.100.1.1
0.0.0.0
140.100.1.1
140.100.1.1
140.100.1.1
140.100.1.1
10.1.1.100
140.100.1.1
0.0.0.0

Metric LocPrf Weight Path
2
0 1540 ?
2
0 1540 ?
0
32768 i

2
0 1540 ?
2
0 1540 ?
2
0 1540 ?
2
0 1540 ?
0
0 100 i
2
0 1540 ?
0
32768 i

PE1-RACK1#sho ip route bg
18.0.0.0/24 is subnetted, 1 subnets
B
18.2.2.0 [20/2] via 140.100.1.1, 00:37:27
3.0.0.0/24 is subnetted, 1 subnets
B
3.3.3.0 [20/2] via 140.100.1.1, 00:37:27
101.0.0.0/24 is subnetted, 1 subnets
B
101.101.101.0 [20/0] via 10.1.1.100, 00:01:58
38.0.0.0/24 is subnetted, 1 subnets
B
38.2.1.0 [20/2] via 140.100.1.1, 00:37:27
8.0.0.0/24 is subnetted, 1 subnets


8

This product is individually licensed.
Copyright® 2005 ieMentor .

1
7


ieMentor CCIE™ Service Provider Workbook v1.0

B
B
B

|

Lab8 Solutions: Basic BGP I

8.2.1.0 [20/2] via 140.100.1.1, 00:37:27
12.0.0.0/24 is subnetted, 1 subnets
12.2.1.0 [20/2] via 140.100.1.1, 00:37:27
28.0.0.0/24 is subnetted, 1 subnets
28.3.2.0 [20/2] via 140.100.1.1, 00:37:27

PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)#no auto-summary

Å don’t forget to disable


summary
PE1-RACK1#ping 101.101.101.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 101.101.101.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

Now let’s ping the BB2 Loopback.
ASBR1-RACK1#ping 12.2.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

This is the first sign that BB2 is not aware of the source network
from ASBR1-to-PE1, which is 172.16.222.0.
ASBR1-RACK1#traceroute 12.2.1.1
Type escape sequence to abort.
Tracing the route to 12.2.1.1
1 172.16.222.1 4 msec 5 msec 0 msec
2 * * *

Let’s look at the BGP database before going further.
ASBR1-RACK1#sho ip bgp
BGP table version is 42, local router ID is 10.1.1.100
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
*> 3.3.3.0/24

*> 8.2.1.0/24
*> 11.11.11.0/24

9

Next Hop
10.1.1.1
10.1.1.1
10.1.1.1

Metric LocPrf Weight
0
0
0
0

This product is individually licensed.
Copyright® 2005 ieMentor .

Path
65001 1540 ?
65001 1540 ?
65001 i


ieMentor CCIE™ Service Provider Workbook v1.0

*>
*>
*>

*>
*>
*>

12.2.1.0/24
18.2.2.0/24
28.3.2.0/24
38.2.1.0/24
101.101.101.0/24
140.100.1.0/24

10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
0.0.0.0
10.1.1.1

|

Lab8 Solutions: Basic BGP I

0
0

0
0
0
0
32768

0

65001
65001
65001
65001
i
65001

1540
1540
1540
1540

?
?
?
?

i

As you can see, 172.16.222.0 network is missing, and we need to
advertise this network from ASBR1 with the network statement or
redistribute connected.
ASBR1-RACK1(config)#router bgp 100
ASBR1-RACK1(config-router)#network 172.16.222.0 mask 255.255.255.0
ASBR1-RACK1#sho ip bgp
BGP table version is 43, local router ID is 10.1.1.100
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

*>
*>
*>
*>
*>
*>
*>
*>
*>
*>

Network
3.3.3.0/24
8.2.1.0/24
11.11.11.0/24
12.2.1.0/24
18.2.2.0/24
28.3.2.0/24
38.2.1.0/24
101.101.101.0/24
140.100.1.0/24
172.16.222.0/24

Next Hop
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1

10.1.1.1
10.1.1.1
10.1.1.1
0.0.0.0
10.1.1.1
0.0.0.0

Metric LocPrf Weight
0
0
0
0
0
0
0
0
0
32768
0
0
0
32768

Path
65001
65001
65001
65001
65001
65001

65001
i
65001
i

1540
1540
i
1540
1540
1540
1540

?
?
?
?
?
?

i

ASBR1-RACK1#ping 12.2.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

We realize that this is all basic, but we must ensure that you are
comfortable with basic BGP so that you are not puzzled later in the

advanced BGP section and MPLS VPN. In the advanced section we
are not going to go into detail about basic components; we will be
under assumption that you are familiar with BGP and are ready to
move on.

Task 8.5: Configure eBGP ASBR1-AS100 with eBGP ASBR2-AS200

10

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

♦ Peer ASBR1 to ASBR2
♦ To verify, ensure you can ping the BB2 Loopback
ASBR1
router bgp 100
no synchronization
network 101.101.101.0 mask 255.255.255.0
network 172.16.222.0 mask 255.255.255.0
neighbor 10.1.1.1 remote-as 65001
neighbor 10.1.1.1 ebgp-multihop 2
neighbor 10.1.1.1 update-source Loopback0
neighbor 172.16.113.2 remote-as 200


ASBR2
router bgp 200
no synchronization
bgp log-neighbor-changes
network 172.16.113.0 mask 255.255.255.0

Å make sure include directly

connected networks.
neighbor 172.16.113.1 remote-as 100
no auto-summary
ASBR2-RACK1# ping 12.2.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.2.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Task 8.6:
♦ Configure SP1 to minimize iBGP sessions

This means to try to reduce CLI complexity. In most cases, we are
talking about multiple components:
1. Build a Route Reflector
2. Utilize peer groups
3. Avoid using fully meshed peers.

11

This product is individually licensed.

Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

♦ With the requirement that any live traffic will never be in datapath-forwarding of iBGP, select and configure the router best suited
to this requirement.
This sub-task requires understanding of the topology first. You
must select a router that is not in data path forwarding. If you look
carefully at the main topology, you will notice that router RR is not
in data path forwarding for any CEs. This means there will never be
traffic floating through or to that router. It is best practice to avoid
using Route Reflector also as your data path forwarding router.
This can impact the CPU and router performance which can have a
huge impact on all peers that are using this router as the route
reflector. For our topology the best selection is RR router.
♦ Configure iBGP such that if any physical interface fails on any
PE, the devices would remain connected without losing the iBGP
session.
Provide stability for peering between the PEs in the condition of
failure. The best way to approach this is to utilize the Loopbacks
that have been advertised through the IGP and use them as the
source for peering similar to what we did with ASBR1 and PE1. The
example of this will be provided bellow.
♦ Configure SP1 using the router best suited for a peer-group.
Again, this question is referring back to RR because that is the best

choice for this network. Also, this will take care of reducing the
complexity of CLI with peer-groups.
♦ Configure all BGP topology changes sent to logging console.
This requires enabling BGP log changes under router bgp xxx
which we will provide in our example.

PE1-AS65001

Loopback 11

11.11.11.11/24

PE2-AS65001

Loopback 22

22.22.22.22/24

PE3-AS65001

Loopback 33

33.33.33.33/24

RR1-AS65001

Loopback 55

55.55.55.55/24


RR1-RACK1(config)#router bgp 65001
RR1-RACK1(config-router)# no synchronization
RR1-RACK1(config-router)# bgp log-neighbor-changes
RR1-RACK1(config-router)# neighbor ibgp peer-group

12

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

RR1-RACK1(config-router)#
RR1-RACK1(config-router)#
RR1-RACK1(config-router)#
RR1-RACK1(config-router)#
RR1-RACK1(config-router)#
RR1-RACK1(config-router)#

|

Lab8 Solutions: Basic BGP I

neighbor ibgp remote-as 65001
neighbor ibgp update-source Loopback0
neighbor 10.1.1.1 peer-group ibgp
neighbor 10.1.1.2 peer-group ibgp
neighbor 10.1.1.3 peer-group ibgp
no auto-summary


PE1-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE1-RACK1(config-router)# no synchronization
PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0
PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE2-RACK1(config-router)# no synchronization
PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0
PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE3-RACK1(config-router)# no synchronization
PE3-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0

Task 8.7: Advertise the Loopback into iBGP on RR1. Inject
55.55.55.55 into iBGP without using the network statement. Only
55.55.55.55 should be injected, avoid any other directly connected
networks.
RR1-RACK1(config)#interface Loopback55
RR1-RACK1(config-if)# ip address 55.55.55.55 255.255.255.0
RR1-RACK1(config)#access-list 55 permit 55.55.55.0 0.0.0.255 log
RR1-RACK1(config-if)#route-map allow55 permit 10
RR1-RACK1(config-route-map)# match ip address 55
RR1-RACK1(config-route-map)#router bgp 65001
RR1-RACK1(config-router)# no synchronization
RR1-RACK1(config-router)# bgp log-neighbor-changes
RR1-RACK1(config-router)# redistribute connected metric 2 route-map
allow55
RR1-RACK1(config-router)# neighbor ibgp peer-group
RR1-RACK1(config-router)# neighbor ibgp remote-as 65001
RR1-RACK1(config-router)# neighbor ibgp update-source Loopback0
RR1-RACK1(config-router)# neighbor 10.1.1.1 peer-group ibgp
RR1-RACK1(config-router)# neighbor 10.1.1.2 peer-group ibgp

RR1-RACK1(config-router)# neighbor 10.1.1.3 peer-group ibgp
RR1-RACK1(config-router)# no auto-summary

RR1-RACK1#sho ip bgp
BGP table version is 37, local router ID is 55.55.55.55
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network

13

Next Hop

Metric LocPrf Weight Path

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab8 Solutions: Basic BGP I

*>i3.3.3.0/24
140.100.1.1
2
100

0
*>i5.5.5.0/24
10.1.1.2
2
100
0
*>i8.1.1.0/24
10.1.1.2
2
100
0
*>i8.2.1.0/24
140.100.1.1
2
100
0
*>i10.12.1.0/24
10.1.1.2
0
100
0
*>i11.11.11.0/24
10.1.1.1
0
100
0
*>i12.1.1.0/24
10.1.1.2
2
100

0
*>i12.2.1.0/24
140.100.1.1
2
100
0
*>i18.2.1.0/24
10.1.1.2
2
100
0
*>i18.2.2.0/24
140.100.1.1
2
100
0
*>i22.22.22.0/24
10.1.1.2
0
100
0
*>i28.3.1.0/24
10.1.1.2
2
100
0
*>i28.3.2.0/24
140.100.1.1
2
100

0
*>i33.33.33.0/24
10.1.1.3
0
100
0
*>i38.1.1.0/24
10.1.1.2
2
100
0
*>i38.2.1.0/24
140.100.1.1
2
100
0
*> 55.55.55.0/24
0.0.0.0
2
32768
*>i101.101.101.0/24 10.1.1.100
0
100
0
*>i140.100.1.0/24
10.1.1.1
0
100
0
*>i156.46.1.0/24

10.1.1.2
2
100
0
*>i156.46.2.0/24
10.1.1.2
2
100
0
*>i156.46.3.0/24
10.1.1.2
2
100
0
*>i156.46.4.0/24
10.1.1.2
2
100
0
*>i156.46.100.0/22 10.1.1.2
2
100
0
*>i172.16.113.0/24 10.1.1.100
0
100
0
*>i209.112.65.0
10.1.1.2
2

100
0
*>i209.112.66.0
10.1.1.2
2
100
0
*>i209.112.67.0
10.1.1.2
2
100
0
*>i209.112.68.0
10.1.1.2
2
100
0
*>i209.112.69.0
10.1.1.2
2
100
0
*>i209.112.70.0
10.1.1.2
2
100
0
*Mar 4 01:50:02.796: %SEC-6-IPACCESSLOGS: list 55 permitted
16 packets


1540 ?
57 ?
57 ?
1540 ?
57 i
i
57 ?
1540 ?
57 ?
1540 ?
i
57 ?
1540 ?
i
57 ?
1540 ?
?
100 i
i
57 ?
57 ?
57 ?
57 ?
57 ?
100 200 i
57 ?
57 ?
57 ?
57 ?
57 ?

57 ?
55.55.55.0

Task 8.8: Configure iBGP and eBGP connectivity. After
establishing iBGP with PE1, PE2, PE3 and RR1, ASBR1 should be
able to communicate with BB1 Loopbacks as well as the rest of the
BGP core Loopbacks.
RR1-RACK1(config)#router bgp 65001
RR1-RACK1(config-router)#no synchronization
RR1-RACK1(config-router)#bgp log-neighbor-changes
RR1-RACK1(config-router)#neighbor ibgp peer-group
RR1-RACK1(config-router)#neighbor ibgp remote-as 65001
RR1-RACK1(config-router)#neighbor ibgp update-source Loopback0
RR1-RACK1(config-router)#neighbor 10.1.1.1 peer-group ibgp
RR1-RACK1(config-router)#neighbor 10.1.1.2 peer-group ibgp
RR1-RACK1(config-router)#neighbor 10.1.1.3 peer-group ibgp
PE1-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE1-RACK1(config-router)#no synchronization
PE1-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0

14

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|


Lab8 Solutions: Basic BGP I

PE2-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE2-RACK1(config-router)#no synchronization
PE2-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0
PE3-RACK1(config-router)#neighbor 10.1.1.254 remote-as 65001
PE3-RACK1(config-router)#no synchronization
PE3-RACK1(config-router)#neighbor 10.1.1.254 update-source loopback 0
RR1-RACK1#sho ip bgp summary
Neighbor
V
AS MsgRcvd MsgSent
State/PfxRcd
10.1.1.1
4 65001
617
583
10.1.1.2
4 65001
629
599
10.1.1.3
4 65001
575
576

RR1-RACK1#ping 5.5.5.5

TblVer
75

75
75

InQ OutQ Up/Down
0
0
0

0 00:12:32
0 00:02:32
0 00:11:58

Å BB1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RR1-RACK1#sho ip bgp | include 5.5.5
* i5.5.5.0/24
10.12.1.1

2

100

0 57 ?

RR1-RACK1#sho ip route | include 5.5.5.5
PE2-RACK1(config)#router bgp 65001

PE2-RACK1(config-router)#neighbor 10.1.1.254 next-hop-self
RR1-RACK1#sho ip route | include 5.5.5
B
5.5.5.0 [200/2] via 10.1.1.2, 00:00:17
RR1-RACK1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PE2-RACK1(config-router)#network 10.12.1.0 mask 255.255.255.0
RR1-RACK1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

15

This product is individually licensed.
Copyright® 2005 ieMentor .

10
19
1


ieMentor CCIE™ Service Provider Workbook v1.0

|


Lab8 Solutions: Basic BGP I

ASBR1-RACK1#ping 5.5.5.5
....
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
RR1-RACK1(config-router)#neighbor ibgp route-reflector-client
RR1-RACK1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
RR1-RACK1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

16

This product is individually licensed.
Copyright® 2005 ieMentor .



Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×