Introduction

The purpose of this exercise is to:

 

Pre-requisites

This exercise builds upon the configurations implemented in the previous BGP Lab. You must:

Remember, all the above applies to both IPv4 and IPv6.

 

Lab Network Topology and Address Assignments

The following diagram should serve as a visual reminder of the topology of the lab network and the address blocks assigned to each group, ISP, NREN, etc.

 

Routing Policy in academic networks

Research and Education Networks (RENs) are designed for high throughput and low latency. In many cases their links are also subsidised by governments and other organizations. Therefore, it is common in academic environments to want to apply routing policies that prefer these paths over the "commodity" (commercial) ones.

 

AS-Path Prepending

At this point we have influenced outbound traffic only using local preference. Now we want to influence the traffic COMING IN to our AS. We want traffic to come to us via the R&E networks as much as possible.

In the case of this lab, every other group is already preferring the NREN link for their outgoing traffic. For groups connected to your same NREN, the traffic towards you will NOT go via the commodity (commercial) Internet. However, this is not the case for groups connected to other NRENs.

To see this, check your paths towards groups NOT connected to your NREN, starting from your core router (normally the campus core L3 switch) - aim for another core router. For example, from AS10 using both IPv4 and IPv6:

C11# show ip bgp 100.68.4.0
C11# traceroute 100.68.4.3
C11# show bgp ipv6 unicast 2001:db8:4::/48
C11# traceroute 2001:db8:4::3

Notice that the traffic leaves via the R&E networks, but then enters AS40 through their commercial ISP.

The same happens with traffic coming back to you from other NRENs. How might you influence another ASes best path selection so that traffic towards you enters via your NREN (say)?

We will now use a technique called AS path prepending, which consists of adding extra “fake” hops to a path using our ASN multiple times.

AS Path Prepending to ISP

On your border router facing your ISP (BX2), set up an outbound route-map which will prepend your AS number twice in the path announced to your ISP.

On B12:

ip prefix-list AS10-prefix permit 100.68.1.0/24
!
route-map set-prepend permit 10
 description 2x prepend on our prefix block
 match ip address prefix-list AS10-prefix
 set as-path prepend 10 10
route-map set-prepend permit 20
!
ipv6 prefix-list AS10-v6-prefix permit 2001:db8:10::/48
!
route-map set-v6-prepend permit 10
 description 2x prepend on our prefix block
 match ipv6 address prefix-list AS10-v6-prefix
 set as-path prepend 10 10
route-map set-v6-prepend permit 20
!
router bgp 10
 address-family ipv4
  neighbor 100.121.1.1 route-map set-prepend out
 address-family ipv6
  neighbor 2001:18:0:10:: route-map set-v6-prepend out
!

Use BGP refresh to re-announce your prefix to the ISP:

clear ip bgp external out
clear bgp ipv6 unicast external out

Ask remote groups (connected to the other NRENs), to verify that their paths towards you do not traverse the commercial ISPs.

 

Appendix - BGP Table @ ISP1

Included for completeness and to aid discussion, here is the BGP table as seen on ISP1 at the end of this lab exercise.

What do you think about the path from ISP1 to AS40, AS50 and AS60? Why is the best path via ISP2, rather than via the peering with the RREN?

ISP1#sh ip bgp
BGP table version is 15, local router ID is 100.121.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *   100.68.1.0/24    100.127.1.2                            0 122 100 101 10 i
 *                    100.127.1.3                            0 100 101 10 i
 *>                   100.101.2.1                            0 101 10 i
 *                    100.121.1.2              0             0 10 10 10 i
 *>  100.68.2.0/24    100.101.2.1                            0 101 20 i
 *                    100.121.1.6              0             0 20 20 20 i
 *>  100.68.3.0/24    100.101.2.1                            0 101 30 i
 *                    100.121.1.10             0             0 30 30 30 i
 *>  100.68.4.0/24    100.127.1.2                            0 122 102 40 i
 *>  100.68.5.0/24    100.127.1.2                            0 122 102 50 i
 *>  100.68.6.0/24    100.127.1.2                            0 122 102 60 i
 *   100.100.0.0/16   100.101.2.1                            0 101 100 i
 *                    100.127.1.2                            0 122 100 i
 *>                   100.127.1.3              0             0 100 i
 *   100.101.0.0/16   100.127.1.2                            0 122 100 101 i
 *                    100.127.1.3                            0 100 101 i
 *>                   100.101.2.1              0             0 101 i
 *   100.102.0.0/16   100.101.2.1                            0 101 100 102 i
 *                    100.127.1.3                            0 100 102 i
 *>                   100.127.1.2                            0 122 102 i
 *>  100.121.0.0/16   0.0.0.0                  0         32768 i
 *   100.122.0.0/16   100.101.2.1                            0 101 100 122 i
 *                    100.127.1.3                            0 100 122 i
 *>                   100.127.1.2              0             0 122 i