The purpose of this lab is to multihome our autonomous system on to the two transit providers in our lab.
The lab topology has been modified to include a second link from the border router to the other transit router. Note carefully the interfaces used.
The lab instructors will have already configured the transit routers ready for each group’s second link. Please remember to discuss any problems with setting up BGP with the two Transit Operators. Don’t just assume that if eBGP doesn’t come up that the lab instructors will fix the problem for you in the background.
Follow the guidelines in the IP Address Plan document to configure the link to the second upstream. Make sure that you can ping the upstream’s router using both IPv4 and IPv6 - if it doesn’t work, investigate why not.
Here is an typical configuration sample - note that we are following the same good practices as we did when we set up the other router interfaces on our network:
interface Fastethernet 0/1
description Link to Transit Provider N
ip address <ipv4-ptp> 255.255.255.252
no ip directed-broadcast
no ip redirects
no ip proxy-arp
ipv6 address <ipv6-ptp>/127
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress all
no shutdown
!
Do not configure IS-IS towards the upstream provider! They are not part of your autonomous system.
We now configure eBGP with the second upstream. Again, the configuration on the two transit routers will have already been completed by the instructors, so once configured, the eBGP session should just come up and work.
Don’t forget to filter what you hear from the upstream, and what you send to them. As before, you should only accept a default route from them (they may send you more), and you should only send prefixes you originated!
We already should have the outbound community filters on the Border router from the earlier eBGP exercise. Check that they are still there.
And we still should have the inbound default route filters too; for IPv4:
ip prefix-list DEFAULT-ROUTE permit 0.0.0.0/0and for IPv6:
ipv6 prefix-list DEFAULT-v6ROUTE permit ::/0Then we can set up the eBGP configuration towards the second transit provider. Here is a configuration sample, first for IPv4:
router bgp X0
!
address-family ipv4
neighbor <ipv4-ptp> remote-as <N-ASN>
neighbor <ipv4-ptp> description eBGP with TRANSIT N
neighbor <ipv4-ptp> password cisco
neighbor <ipv4-ptp> route-map Transit-out out
neighbor <ipv4-ptp> prefix-list DEFAULT-ROUTE in
neighbor <ipv4-ptp> activate
!and then for IPv6:
router bgp X0
!
address-family ipv6
neighbor <ipv6-ptp> remote-as <N-ASN>
neighbor <ipv6-ptp> description eBGP with TRANSIT N
neighbor <ipv6-ptp> password cisco
neighbor <ipv6-ptp> route-map Transit-out out
neighbor <ipv6-ptp> prefix-list DEFAULT-v6ROUTE in
neighbor <ipv6-ptp> activate
!Once this has been configured, you should see a default route coming from the second upstream provider, and you should be able to see your aggregate being sent to them too.
If you see nothing from the upstream provider, check your filters first before asking the lab instructors. Check also with your lab instructors to make sure that they are seeing your IPv4 and IPv6 aggregates. Don’t just assume they will somehow look on your behalf.
The commands to see what you are receiving from the two Transit Providers are:
show ip bgp neighbor <ipv4-ptp> routes
show bgp ipv6 unicast neighbor <ipv6-ptp> routesand to show what you are sending to the two Transit Providers:
show ip bgp neighbor <ipv4-ptp> advertised-routes
show bgp ipv6 unicast neighbor <ipv6-ptp> advertised-routesNote that there are IPv4 versions of the IPv6 commands too, although they are a bit more to type than the versions given above:
show bgp ipv4 unicast neighbor <ipv4-ptp> routes
show bgp ipv4 unicast neighbor <ipv4-ptp> advertised-routes
Check on the Core, Access and Peering Routers what you now see in the BGP table. Are there differences from earlier now that you have two transit providers? Can you explain what is happening, and why?
To do this, as before, we need to add our “tag-default” route-map to the eBGP session with the second transit provider so that the default route from them is also not propagated by iBGP.
Confirm that the IPv4 and IPv6 route-maps are still there. Once confirmed, we then apply them to the peering with the second transit provider on the Border router. Here is a configuration sample for the Border router:
router bgp X0
address-family ipv4
neighbor <ipv4-ptp> route-map tag-default in
!
address-family ipv6
neighbor <ipv6-ptp> route-map tag-v6default in
!Once this is done, we need to refresh the iBGP session the Border router has with the Core router:
BX# clear ip bgp X0 out
BX# clear bgp ipv6 unicast X0 outTo confirm, has the default route now disappeared from the BGP table on the Core, Access and Peering routers? If not, check your configuration, check the route-refresh command you issued above.
Run some traceroutes to other groups. Which way does your outbound traffic go? Does it go via Transit Provider 1 or Transit Provider 2? Are you able to explain, by referring to the BGP Path Selection Process, why you see the chosen path?
Check for both IPv4 and for IPv6 routes.
This appendix shows the completed configuration used for the TR1 router in this lab supporting the connections to all 6 groups. The TR2 router has a very similar configuration.
interface FastEthernet0/0
description Link to AS10
ip address 100.121.1.1 255.255.255.252
ipv6 address 2001:18:0:10::/127
!
interface FastEthernet0/1
description Link to AS20
ip address 100.121.1.5 255.255.255.252
ipv6 address 2001:18:0:11::/127
!
interface FastEthernet1/0
description Link to AS30
ip address 100.121.1.9 255.255.255.252
ipv6 address 2001:18:0:12::/127
!
interface FastEthernet1/1
description Link to AS40
ip address 100.121.1.13 255.255.255.252
ipv6 address 2001:18:0:13::/127
!
interface GigabitEthernet2/0
description Link to TR2 (and to the world)
ip address 100.121.0.1 255.255.255.252 secondary
ip address 10.10.0.235 255.255.255.0
ipv6 address 2001:18::/127
!
interface FastEthernet3/0
description Link to AS50
ip address 100.121.1.17 255.255.255.252
ipv6 address 2001:18:0:14::/127
!
interface FastEthernet3/1
description Link to AS60
ip address 100.121.1.21 255.255.255.252
ipv6 address 2001:18:0:15::/127
!
router bgp 121
bgp log-neighbor-changes
bgp deterministic-med
no bgp default ipv4-unicast
neighbor 2001:18::1 remote-as 122
neighbor 2001:18::1 description eBGP with TR2
neighbor 2001:18::1 password cisco
neighbor 2001:18:0:10::1 remote-as 10
neighbor 2001:18:0:10::1 password cisco
neighbor 2001:18:0:11::1 remote-as 20
neighbor 2001:18:0:11::1 password cisco
neighbor 2001:18:0:12::1 remote-as 30
neighbor 2001:18:0:12::1 password cisco
neighbor 2001:18:0:13::1 remote-as 40
neighbor 2001:18:0:13::1 password cisco
neighbor 2001:18:0:14::1 remote-as 50
neighbor 2001:18:0:14::1 password cisco
neighbor 2001:18:0:15::1 remote-as 60
neighbor 2001:18:0:15::1 password cisco
neighbor 100.121.0.2 remote-as 122
neighbor 100.121.0.2 description eBGP with TR2
neighbor 100.121.0.2 password cisco
neighbor 100.121.1.2 remote-as 10
neighbor 100.121.1.2 password cisco
neighbor 100.121.1.6 remote-as 20
neighbor 100.121.1.6 password cisco
neighbor 100.121.1.10 remote-as 30
neighbor 100.121.1.10 password cisco
neighbor 100.121.1.14 remote-as 40
neighbor 100.121.1.14 password cisco
neighbor 100.121.1.18 remote-as 50
neighbor 100.121.1.18 password cisco
neighbor 100.121.1.22 remote-as 60
neighbor 100.121.1.22 password cisco
!
address-family ipv4
network 100.121.0.0 mask 255.255.0.0
neighbor 100.121.0.2 activate
neighbor 100.121.1.2 activate
neighbor 100.121.1.2 default-originate
neighbor 100.121.1.6 activate
neighbor 100.121.1.6 default-originate
neighbor 100.121.1.10 activate
neighbor 100.121.1.10 default-originate
neighbor 100.121.1.14 activate
neighbor 100.121.1.14 default-originate
neighbor 100.121.1.18 activate
neighbor 100.121.1.18 default-originate
neighbor 100.121.1.22 activate
neighbor 100.121.1.22 default-originate
distance bgp 200 200 200
exit-address-family
!
address-family ipv6
network 2001:18::/32
neighbor 2001:18::1 activate
neighbor 2001:18:0:10::1 activate
neighbor 2001:18:0:10::1 default-originate
neighbor 2001:18:0:11::1 activate
neighbor 2001:18:0:11::1 default-originate
neighbor 2001:18:0:12::1 activate
neighbor 2001:18:0:12::1 default-originate
neighbor 2001:18:0:13::1 activate
neighbor 2001:18:0:13::1 default-originate
neighbor 2001:18:0:14::1 activate
neighbor 2001:18:0:14::1 default-originate
neighbor 2001:18:0:15::1 activate
neighbor 2001:18:0:15::1 default-originate
distance bgp 200 200 200
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.10.0.254
ip route 100.121.0.0 255.255.0.0 Null0
!
ipv6 route 2001:18::/32 Null0
!