Introduction

The purpose of this exercise is to:

 

Pre-requisites

This exercise builds upon the configurations implemented in the basic BGP routing lab. You must:

Remember, all the above applies to both IPv4 and IPv6.

 

Lab Network Topology and Address Assignments

The following diagram should serve as a visual reminder of the topology of the lab network and the address blocks assigned to each group, ISP, NREN, etc.

 

Routing Policy in academic networks

Research and Education Networks (RENs) are designed for high throughput and low latency. In many cases their links are also subsidised by governments and other organizations. Therefore, it is common in academic environments to want to apply routing policies that prefer these paths over the "commodity" (commercial) ones.

 

Local Preference

Our first goal is to configure our routers to prefer the paths via the NREN for outgoing traffic to ALL destinations.

Preferring NREN routes

Use the Local Preference attribute to prefer all routes learned via the NREN:

B11 (to NREN):

route-map set-lpref-nren permit 10
 description Set High Local Pref on everything
 set local-preference 150
!
router bgp 10
 address-family ipv4
  neighbor 100.101.1.1 route-map set-lpref-nren in
 address-family ipv6
  neighbor 2001:11:0:10:: route-map set-lpref-nren in

B12 (to ISP):

route-map set-lpref-isp permit 10
 description Set Low Local Pref on everything
 set local-preference 50
!
router bgp 10
 address-family ipv4
  neighbor 100.121.1.1 route-map set-lpref-isp in
 address-family ipv6
  neighbor 2001:18:0:10:: route-map set-lpref-isp in

What is the default local preference in Cisco IOS?

Notice that we are setting a higher preference on the NREN side, and a lower preference on the ISP side. Explain why this would be useful.

Check your BGP routes. The next hop in B11 should be the address of your NREN's router (except for your own prefix). In B12, the next hop should be B11's loopback address. Remember the 'next-hop-self' parameter?

show ip bgp
show bgp ipv6 unicast

All good now, right?

Wait!... What about the prefixes of ASs with whom you are peering directly? Remember the path selection algorithm? What comes first, highest local preference or shortest AS path?

 

Increasing local preference for direct peers

We will now modify the route map to apply a higher local preference to prefixes originated by your direct peers. So we want high preference on prefixes originated by the NREN and by the ISP. We also want high preference on prefixes transited to us by the NREN (as they will be from other NREN customers or the RREN).

Notice the AS Path access list below. How does it work?

What we have done, rather than listing all the ASNs above, we have said that anything originated by any neighbouring AS should be matched, and in the route-map we will set a local-preference even higher than that for the regular routes heard from the neighbours.

On B11:

ip as-path access-list 1 permit ^[0-9]+$
!
no route-map set-lpref-nren
!
route-map set-lpref-nren permit 10
 description Set High Local Pref for adjacent ASNs
 match as-path 1
 set local-preference 200
route-map set-lpref-nren permit 20
 description Set Local Pref for rest of NREN routes
 set local-preference 150
!
router bgp 10
 address-family ipv4
  neighbor 100.101.1.1 route-map set-lpref-nren in
 address-family ipv6
  neighbor 2001:11:0:10:: route-map set-lpref-nren in
!

On B12:

ip as-path access-list 1 permit ^[0-9]+$
!
no route-map set-lpref-isp
!
route-map set-lpref-isp permit 10
 description Set High Local Pref for adjacent ASNs
 match as-path 1
 set local-preference 200
route-map set-lpref-isp permit 20
 description Set Low Local Pref for rest of ISP routes
 set local-preference 50
!
router bgp 10
 address-family ipv4
  neighbor 100.121.1.1 route-map set-lpref-isp in
 address-family ipv6
  neighbour 2001:18:0:10:: route-map set-lpref-isp in
!

Use BGP route refresh to make sure that the policies are applied:

clear ip bgp external in
clear bgp ipv6 unicast external in

The use of external in the command means to refresh the External BGP (eBGP) sessions only - the Internal BGP (iBGP) sessions are not touched in this case.

Check your BGP routes again. What is the next hop towards your direct peers' prefixes? Can you explain what is happening now?

 

Preferring Local Peers over upstreams

In the previous step we saw that traffic from our immediate neighbouring groups went via our NREN provider rather than via the direct peering. For example AS10 traffic to AS20 and AS30 is going via the NREN, not over the direct peering links. We need to fix this now.

We need to create a new route-map for the bi-lateral peerings we have with the other groups.

B11 peering with B32

ip as-path access-list 1 permit ^[0-9]+$
!
route-map set-lpref-peer permit 10
 description Set High Local Pref for adjacent ASNs
 match as-path 1
 set local-preference 200
!
router bgp 10
 address-family ipv4
  neighbor 100.68.3.25 route-map set-lpref-peer in
 address-family ipv6
  neighbor 2001:db8:3:12::0 route-map set-lpref-peer in
!

The other router groups should come up with a similar configuration for B12 through B62. The route-map will be the same, just allowing prefixes from the neighbouring AS into the network, and setting the local preference high. Once this is applied, all prefixes from immediately adjacent ASes will be local preference 200.

Note that the route-map set-lpref-peer does not have a line 20 which makes it an implicit filter. (Cisco IOS route-maps drop prefixes by default unless there is a matching condition.) Not including a following line ensures that any prefix a peer sends to the local AS must only be originated by the adjacent AS, and not be transited from anywhere else.

Explain why this might be a good idea.

Use BGP route refresh to make sure that the policies are applied:

clear ip bgp external in
clear bgp ipv6 unicast external in

Check your BGP routes again. What is the next hop towards your direct peers' prefixes? (Hint: the path should be direct now!)

 

Before we move on to the next BGP policy section, the instructors will display the BGP table from one of the groups routers on the overhead screen. Take a look at your BGP table now be ready to explain what the best paths are from your router, your AS, to the ISPs, to the NRENs and to the RREN. Do the paths seem reasonable to you?

What about in your day to day situation? If you are an NREN operator, would you want the paths you see now? Or if you are a campus network administrator, what would your opinion be? Discuss.

 

Appendix - BGP Table

Included for completeness and to aid discussion, here is the BGP table as seen on C61 at the end of this lab exercise.

C61#sh ip bgp
BGP table version is 17, local router ID is 100.68.6.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 100.68.1.0/24    100.68.6.1               0    150      0 102 122 121 10 i
 *>i 100.68.2.0/24    100.68.6.1               0    150      0 102 122 121 20 i
 *>i 100.68.3.0/24    100.68.6.1               0    150      0 102 122 121 30 i
 *>i 100.68.4.0/24    100.68.6.2               0    200      0 40 i
 *>i 100.68.5.0/24    100.68.6.1               0    200      0 50 i
 * i 100.68.6.0/24    100.68.6.2               0    100      0 i
 * i                  100.68.6.1               0    100      0 i
 *>                   0.0.0.0                  0         32768 i
 *>i 100.100.0.0/16   100.68.6.1               0    150      0 102 100 i
 *>i 100.101.0.0/16   100.68.6.1               0    150      0 102 100 101 i
 *>i 100.102.0.0/16   100.68.6.1               0    200      0 102 i
 *>i 100.121.0.0/16   100.68.6.1               0    150      0 102 100 121 i
 *>i 100.122.0.0/16   100.68.6.2               0    200      0 122 i