Agenda: lab-bgp-basic.txt

% Advanced Routing Workshop
% Basic BGP Lab

![Multi-homed Topology](ex2-1.png)

\pagebreak

# Introduction

The purpose of this exercise is to:

* Understand the routing implications of
  connecting to multiple external routing domains
* Learn to configure basic eBGP to exchange routing 
  information with multiple external peers and iBGP 
  to carry that information inside your network.

# Pre-requisites

This exercise builds upon the configurations implemented in
the OSPF + Static routing lab. You must be able to:

* Ping your neighbor router in the same AS using its 
  loopback address (both IPv4 and IPv6!). 
* Ping your neighbor routers in other ASs using their
  point-to-point link addresses.

*Note: Actually, if everyone configured their OSPF and static 
routes properly in the previous exercise, you should be able 
to ping every other router using their loopback address.*

# Address Space Allocation

## Regional REN (RREN)

We only need one:

RREN    IPv4            IPv6            ASN
-----   ------------    -------------   -------
1       10.100.0.0/16   fd00:100::/32   100

## National RENs (NRENs)

NREN    IPv4            IPv6            ASN
-----   ------------    -------------   -------
1       10.101.0.0/16   fd00:101::/32   101
2       10.102.0.0/16   fd00:102::/32   102

... and so on.

# iBGP Configuration

## Enable the BGP process

Before we set up iBGP, we need to do some basic preparation 
on the router. The IOS defaults are not optimized, so before 
we bring up BGP sessions, we should set the parameters that we 
require.
The default distance for eBGP is 20, the default distance for iBGP 
is 200, and the default distance for OSPF is 110. This means that 
there is a potential for a prefix learned by eBGP to override the 
identical prefix carried by OSPF. To protect against accidents, the 
eBGP distance is set to 200 also. 

The command to do this is the *distance bgp* subcommand:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
distance bgp <external-routes> <internal-routes> <local-routes>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We also want to:

* Enable logging of BGP neighbor state changes
* Disable the requirement that a route must be present in the IGP
  table before it can be advertised by BGP (synchronization).
* Disable auto-summarization of routes to classful network boundaries
* Disable the automatic exchange of IPv4 unicast routes on every 
  peering session.

This must be done in all future BGP configurations of this workshop:

On both R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 distance bgp 200 200 200
 bgp log-neighbor-changes
 no synchronization
 no auto-summary 
 no bgp default ipv4-unicast
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


## Configure iBGP neighbors

Again, make sure that you can ping the neighbor router
using its loopback address, otherwise the BGP session
will not come up!

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.10.255.2 remote-as 10
  neighbor 10.10.255.2 update-source loopback 0
  neighbor 10.10.255.2 description iBGP to R12
  neighbor 10.10.255.2 password N$RC
 address-family ipv6 
  neighbor fd00:10:ff::2 remote-as 10
  neighbor fd00:10:ff::2 update-source loopback 0
  neighbor fd00:10:ff::2 description iBGP to R12
  neighbor fd00:10:ff::2 password N$RC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.10.255.1 remote-as 10
  neighbor 10.10.255.1 update-source loopback 0
  neighbor 10.10.255.1 description iBGP to R11  
  neighbor 10.10.255.1 password N$RC
 address-family ipv6 
  neighbor fd00:10:ff::1 remote-as 10
  neighbor fd00:10:ff::1 update-source loopback 0
  neighbor fd00:10:ff::1 description iBGP to R11
  neighbor fd00:10:ff::1 password N$RC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Check that the BGP sessions are up on both sides.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show bgp ipv6 unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

## Advertise your network

1. Use the 'network' command to tell BGP which
prefixes you want to announce.

On R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  network 10.10.0.0 mask 255.255.0.0
 address-family ipv6
  network fd00:10::/32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Get the list of learned paths:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp
show bgp ipv6 unicast
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Q. Do you see any paths?

2. Create a static route for the prefix being
   announced on each router:

On R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip route 10.10.0.0 255.255.0.0 null0
ipv6 route fd00:10::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*These are called a "pull up routes"*

Get the list of learned paths again. You should see
both your prefix and the neighbor's.

Q. Why are these routes needed?

# Multihoming - eBGP Configuration

## Connect to the NREN

1. Configure your RX1 router to connect to the NREN
   with a a point-to-point link.

NRENs: Use configuration in Appendix.

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet1/0
 description P2P Link to NREN1
 ip address 10.101.254.2 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:101:fe::1/127
 ipv6 nd ra suppress
 no shutdown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make sure that it's up and that you can ping the other
side:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ping 10.101.254.1
ping fd00:101:fe::0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Do some traceroutes to other networks again:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# traceroute 10.20.255.1
R11# traceroute 10.30.255.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Has anything changed since the last exercise?

Notice that before we had only one connection to
the Internet - via the ISP. Now we have two.
But we are still using a default route pointing
to the ISP only!

We could add another default route pointing to the
NREN, but that would not give us much flexibility 
in terms of traffic policies. Keep going.

## BGP-peer with the NREN and the ISP

1. Configure eBGP sessions to the ISP and the NREN

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.101.254.1 remote-as 101
  neighbor 10.101.254.1 description eBGP to NREN1
  neighbor 10.101.254.1 password N$RC
 address-family ipv6 
  neighbor fd00:101:fe:: remote-as 101
  neighbor fd00:101:fe:: description eBGP to NREN1
  neighbor fd00:101:fe:: password N$RC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Q. **Notice that with eBGP we no longer use the 
loopback address as the endpoint of the BGP session, 
as we did with iBGP**

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4 
  neighbor 10.201.254.1 remote-as 201
  neighbor 10.201.254.1 description eBGP to ISP1
  neighbor 10.201.254.1 password N$RC
 address-family ipv6 
  neighbor fd00:201:fe:: remote-as 201
  neighbor fd00:201:fe:: description eBGP to ISP1
  neighbor fd00:201:fe:: password N$RC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Check that the BGP sessions are up on both routers:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show bgp ipv6 unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once those are up, check if you are learning any prefixes:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# show ip bgp nei 10.101.254.1 routes
R11# sh bgp ipv6 uni neigh fd00:101:fe:: routes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Inject the point-to-point subnets that connect to
your upstreams into your IGP (OSPF), to make sure
that the external next hops are in the routing tables
of each iBGP peer.

On R11 and R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet1/0
 ip ospf 10 area 0
 ipv6 ospf 10 area 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Verify what you are advertising to the NREN:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# show ip bgp nei 10.101.254.1 advertised-routes
R11# sh bgp ipv6 uni neigh fd00:101:fe:: advertised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

... and to the ISP:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12# show ip bgp neighbor 10.201.254.1 advertised-routes
R12# sh bgp ipv6 uni neigh fd00:201:fe:: advertised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Are you perhaps announcing other prefixes that don't
originate in your AS? If so, can you remember what
serious negative implications this could have?
Please stop and think about this. Ask the instructors 
if you need clarification.

## Filter what you send and receive

1. Create prefix lists for your inbound/outbound
   filters.

On R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list out-peer permit 10.10.0.0/16 le 32
ip prefix-list nren-in-peer deny 10.10.0.0/16 le 32
ip prefix-list nren-in-peer permit 0.0.0.0/0 le 32
ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
ipv6 prefix-list ipv6-nren-in-peer deny fd00:10::/32 le 128
ipv6 prefix-list ipv6-nren-in-peer permit ::/0 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list out-peer permit 10.10.0.0/16 le 32
ip prefix-list isp-in-peer deny 10.10.0.0/16 le 32
ip prefix-list isp-in-peer permit 0.0.0.0/0 le 32
ipv6 prefix-list ipv6-out-peer permit fd00:10::/32 le 128
ipv6 prefix-list ipv6-isp-in-peer deny fd00:10::/32 le 128
ipv6 prefix-list ipv6-isp-in-peer permit ::/0 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Now create inbound/outbound filters using those
   prefix lists

R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10 
 address-family ipv4
  neighbor 10.101.254.1 prefix-list nren-in-peer in
  neighbor 10.101.254.1 prefix-list out-peer out
 address-family ipv6
  neighbor fd00:101:fe:: prefix-list ipv6-nren-in-peer in
  neighbor fd00:101:fe:: prefix-list ipv6-out-peer out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  neighbor 10.201.254.1 prefix-list isp-in-peer in
  neighbor 10.201.254.1 prefix-list out-peer out
 address-family ipv6
  neighbor fd00:201:fe:: prefix-list ipv6-isp-in-peer in
  neighbor fd00:201:fe:: prefix-list ipv6-out-peer out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use the *BGP refresh* capability to resend the 
information to the peer:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11#clear ip bgp 10.101.254.1 out
R11#clear bgp ipv6 unicast fd00:101:fe:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#clear ip bgp 10.201.254.1 out
R12#clear bgp ipv6 unicast fd00:201:fe:: out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should now be advertising only your own address space. 
Check with the ISP and  NREN administrators to make sure 
that they are receiving your prefix.

### Remove static routes

1. The ISPs remove their static routes towards
   their customers.

Now your ISP has learned a route to reach your
network, correct? The ISPs can now safely remove
the static routes pointing to you and the other
customers:

ISP1: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 10.10.0.0 255.255.0.0 10.201.254.2
no ip route 10.20.0.0 255.255.0.0 10.201.254.6
no ip route 10.30.0.0 255.255.0.0 10.201.254.10
!
no ipv6 route fd00:10::/32 fd00:201:fe::1
no ipv6 route fd00:20::/32 fd00:201:fe::3
no ipv6 route fd00:30::/32 fd00:201:fe::5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ISP2:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 10.40.0.0 255.255.0.0 10.202.254.2
no ip route 10.50.0.0 255.255.0.0 10.202.254.6
no ip route 10.60.0.0 255.255.0.0 10.202.254.10
!
no ipv6 route fd00:40::/32 fd00:202:fe::1
no ipv6 route fd00:50::/32 fd00:202:fe::3
no ipv6 route fd00:60::/32 fd00:202:fe::5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Remove your static default routes 

In the previous exercise, we created default
routes on both routers. But thanks to BGP, we 
should now be receiving routes from our NREN and 
our ISP.

Let's check first (do this on both routers):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp
show bgp ipv6 unicast
show ip route
show ipv6 route
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should be learning routes advertised by other
groups, and also from the NRENs and the ISPs.

Remove your static default routes:

R11:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 0.0.0.0 0.0.0.0 10.10.254.2
no ipv6 route ::/0 fd00:10:fe::1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no ip route 0.0.0.0 0.0.0.0 10.201.254.1
no ipv6 route ::/0 fd00:201:fe::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You should be able to ping any other router now.
If you can't, wait for other groups to finish,
or ask the instructors.

Use traceroute to verify the paths that packets
are following towards various destinations:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R11# traceroute 10.100.255.1 
R11# traceroute 10.30.255.2
...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Repeat the same tests from the other router in
your AS and compare. Use the diagram to help you
visualize it.

# Traffic Exchange (Peering)

Direct traffic exchanges are usually established at no 
charge between two autonomous systems that want to save
costs. The savings are achieved by not having to carry 
that traffic over expensive transit links via commercial 
providers. Also, these direct exchanges have the added 
benefit of reducing latency because there are fewer hops.

Usually traffic exchanges occur at public exchange points,
also known as IXPs. The simplest kind of exchange point is
a Layer-2 switch. In this exercise, we will simply configure 
direct links between routers, which from the point of view of
BGP is equivalent to connecting through a switch. 

![Peering Topology](ex2-2.png)

## Connect to your neighbor AS

1. Configure a point-to-point link to your neighbor AS 
as shown in the diagram. You will have to agree with 
your peer on which address space to use. **Make sure to 
pick a point-to-point subnet that is not already used!**

The instructor will draw a map of the network at the front
of the class and will ask you to document the subnet
that was used for the peering session, so everybody can 
use that information when troubleshooting.

For example, on R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet3/0
 description Link to R21
 ip address 10.10.254.5 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:10:fe::2/127
 ipv6 nd ra suppress
 no shutdown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Don't forget to inject that subnet into OSPF. 

R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet3/0
 ip ospf 10 area 0
 ipv6 ospf 10 area 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Q. Remember why this is needed? If not, please ask.

2. Configure prefix lists for your inbound filters

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list AS20-in-peer permit 10.20.0.0/16 le 32
ipv6 prefix-list ipv6-AS20-in-peer permit fd00:20::/32 le 128
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*The equivalent needs to be done in R21.*

3. Configure prefix lists for your outbound filters

You should have these from a previous step. You can verify
like this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#show ip prefix-list out-peer
R12#show ipv6 prefix-list ipv6-out-peer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Now create the BGP sessions and apply those 
   inbound/outbound filters:

On R12:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
router bgp 10
 address-family ipv4
  neighbor 10.10.254.6 remote-as 20
  neighbor 10.10.254.6 description eBGP to AS20
  neighbor 10.10.254.6 password N$RC
  neighbor 10.10.254.6 prefix-list out-peer out
  neighbor 10.10.254.6 prefix-list AS20-in-peer in
 address-family ipv6
  neighbor fd00:10:fe::3 remote-as 20
  neighbor fd00:10:fe::3 description eBGP to AS20
  neighbor fd00:10:fe::3 password N$RC
  neighbor fd00:10:fe::3 prefix-list ipv6-out-peer out
  neighbor fd00:10:fe::3 prefix-list ipv6-AS20-in-peer in
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The equivalent needs to be done in R21.

Verify that the sessions are up:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
show ip bgp summary
show ipv6 bgp unicast summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

..and that you are learning the prefix directly 
from the neighbor:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R12#show ip bgp neighbor 10.10.254.6 routes 
R12#show bgp ipv6 unicast neighbors fd00:10:fe::3 routes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. Do some traceroutes towards your peer and 
   make sure that the path is direct. 

Remember to save your configurations.

You are done! You have configured BGP in a multihomed
environment and BGP is selecting the paths based on
default values.


\pagebreak

# Appendix A - RREN Configuration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostname RREN
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc
enable secret nsrc
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ip subnet-zero
ip classless
no ip source-route
ipv6 unicast-routing
!
interface Loopback0
 ip address 10.100.255.1 255.255.255.255
 ipv6 address fd00:100:ff::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN1
 ip address 10.100.254.1 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:100:fe::/127
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to RREN2
 ip address 10.100.254.5 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:100:fe::2/127
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet3/0
 description Link to IXP
 ip address 10.251.1.3 255.255.255.0
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:251:1::3/64
 ipv6 nd ra supress
 no shutdown
!
router bgp 100
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.100.0.0 mask 255.255.0.0
  neighbor 10.100.254.2 remote-as 101
  neighbor 10.100.254.2 description eBGP to AS101
  neighbor 10.100.254.2 password N$RC
  neighbor 10.100.254.6 remote-as 102
  neighbor 10.100.254.6 description eBGP to AS102
  neighbor 10.100.254.6 password N$RC
  neighbor 10.251.1.1 remote-as 201
  neighbor 10.251.1.1 description eBGP to AS201
  neighbor 10.251.1.1 password N$RC
  neighbor 10.251.1.2 remote-as 202
  neighbor 10.251.1.2 description eBGP to AS202
  neighbor 10.251.1.2 password N$RC address-family ipv6
  network fd00:100::/32
  neighbor fd00:100:fe::1 remote-as 101
  neighbor fd00:100:fe::1 description eBGP to AS101
  neighbor fd00:100:fe::1 password N$RC
  neighbor fd00:100:fe::3 remote-as 102
  neighbor fd00:100:fe::3 description eBGP to AS102
  neighbor fd00:100:fe::3 password N$RC
  neighbor fd00:251:1::1 remote-as 201
  neighbor fd00:251:1::1 description eBGP to AS201
  neighbor fd00:251:1::1 password N$RC
  neighbor fd00:251:1::2 remote-as 202
  neighbor fd00:251:1::2 description eBGP to AS202
  neighbor fd00:251:1::2 password N$RC
!
ip route 10.100.0.0 255.255.0.0 null0
ipv6 route fd00:100::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


\pagebreak

# Appendix B - NREN1 Configuration Example

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostname NREN1
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret nsrc
enable secret nsrc
service password-encryption
line vty 0 4
 transport preferred none
line console 0
 transport preferred none
no logging console
logging buffered 8192 debugging
no ip domain-lookup
ip subnet-zero
ip classless
no ip source-route
ipv6 unicast-routing
!
interface Loopback0
 ip address 10.101.255.1 255.255.255.255
 ipv6 address fd00:101:ff::1/128
!
interface GigabitEthernet1/0
 description P2P Link to RREN
 ip address 10.100.254.2 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:100:fe::1/127
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet2/0
 description P2P Link to ISP1
 ip address 10.101.254.13 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:101:fe::6/127
 ipv6 nd ra suppress
 no shutdown
!
interface GigabitEthernet3/0
 description P2P Link to R11
 ip address 10.101.254.1 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:101:fe::0/127
 ipv6 nd ra suppress
 no shutdown
!
ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
!
router bgp 101
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 distance bgp 200 200 200
 address-family ipv4
  network 10.101.0.0 mask 255.255.0.0
  neighbor 10.101.254.2 remote-as 10
  neighbor 10.101.254.2 description eBGP to AS10
  neighbor 10.101.254.2 password N$RC
  neighbor 10.101.254.2 prefix-list AS10-in-peer in
  neighbor 10.101.254.14 remote-as 201
  neighbor 10.101.254.14 description eBGP to AS201
  neighbor 10.101.254.14 password N$RC
  neighbor 10.100.254.1 remote-as 100
  neighbor 10.100.254.1 description eBGP to AS100
  neighbor 10.100.254.1 password N$RC
 address-family ipv6
  network fd00:101::/32
  neighbor fd00:101:fe::1 remote-as 10
  neighbor fd00:101:fe::1 description eBGP to AS10
  neighbor fd00:101:fe::1 password N$RC
  neighbor fd00:101:fe::1 prefix-list ipv6-AS10-in-peer in
  neighbor fd00:101:fe::7 remote-as 201
  neighbor fd00:101:fe::7 description eBGP to AS201
  neighbor fd00:101:fe::7 password N$RC
  neighbor fd00:100:fe:: remote-as 100
  neighbor fd00:100:fe:: description eBGP to AS100
  neighbor fd00:100:fe:: password N$RC
!

ip route 10.101.0.0 255.255.0.0 null0
ipv6 route fd00:101::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

\pagebreak

# Appendix C - ISP1 Configuration Example

Note: *This is in addition to what was configured 
in the previous exercise*.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
interface GigabitEthernet2/0
 description P2P Link to NREN1
 ip address 10.101.254.14 255.255.255.252
 no ip directed-broadcast
 no ip redirects
 no ip proxy-arp
 ipv6 address fd00:101:fe::7/127
 ipv6 nd ra suppress
 no shutdown
!
ip prefix-list AS10-in-peer permit 10.10.0.0/16 le 32
ipv6 prefix-list ipv6-AS10-in-peer permit fd00:10::/32 le 128
!

router bgp 201
 bgp log-neighbor-changes
 no synchronization
 no auto-summary
 no bgp default ipv4-unicast
 bgp deterministic-med 
 distance bgp 200 200 200
 address-family ipv4
  network 10.201.0.0 mask 255.255.0.0
  neighbor 10.201.254.2 remote-as 10
  neighbor 10.201.254.2 description eBGP to AS10
  neighbor 10.201.254.2 password N$RC
  neighbor 10.201.254.2 prefix-list AS10-in-peer in
  neighbor 10.101.254.13 remote-as 101
  neighbor 10.101.254.13 description eBGP to AS101
  neighbor 10.101.254.13 password N$RC
  neighbor 10.251.1.2 remote-as 202
  neighbor 10.251.1.2 description eBGP to AS202
  neighbor 10.251.1.2 password N$RC
  neighbor 10.251.1.3 remote-as 100
  neighbor 10.251.1.3 description eBGP to AS100
  neighbor 10.251.1.3 password N$RC
 address-family ipv6
  network fd00:201::/32
  neighbor fd00:201:fe::1 remote-as 10
  neighbor fd00:201:fe::1 description eBGP to AS10
  neighbor fd00:201:fe::1 password N$RC
  neighbor fd00:201:fe::1 prefix-list AS10-in-peer in
  neighbor fd00:101:fe::6 remote-as 101
  neighbor fd00:101:fe::6 description eBGP to AS101
  neighbor fd00:101:fe::6 password N$RC
  neighbor fd00:251:1::2 remote-as 202
  neighbor fd00:251:1::2 description eBGP to AS202
  neighbor fd00:251:1::2 password N$RC
  neighbor fd00:251:1::3 remote-as 100
  neighbor fd00:251:1::3 description eBGP to AS100
  neighbor fd00:251:1::3 password N$RC
!

ip route 10.201.0.0 255.255.0.0 null0
ipv6 route fd00:201::/32 null0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~