The purpose of this exercise is to:
Apply the concepts of BGP policy learned in class to achieve the desired traffic patterns, particularly in an academic environment.
Learn how to use default routing and other BGP operational commands.
This exercise builds upon the configurations implemented in the basic BGP routing lab. You must:
Verify that all your BGP sessions are up
Be able to see every lab prefix in your routing table
Be able to ping and traceroute successfully to any other router in the lab.
Remember, all the above applies to both IPv4 and IPv6.
The following diagram should serve as a visual reminder of the topology of the lab network and the address blocks assigned to each group, ISP, NREN, etc.
Research and Education Networks (RENs) are designed for high throughput and low latency. In many cases their links are also subsidised by governments and other organizations. Therefore, it is common in academic environments to want to apply routing policies that prefer these paths over the "commodity" (commercial) ones.
Another way to load-balance outbound traffic in our multihoming setup is to play with partial routing tables and default routes. The idea is that our routers will prefer the more specific R&E routes coming from the NREN, and the rest of the outgoing traffic will use the ISP. Only if the ISP fails, our non-R&E traffic will leave through the NREN. Similarly, if the NREN link fails, the ISP will route all our outbound traffic.
This has the advantage of reducing our routing table size, and therefore convergence time. The disadvantage is that we may not always follow the best paths, but it might be a good compromise.
We are going to ask the NREN to only send us R&E routes, plus the default route:
NREN1:
ip community-list 1 permit 100:99
ip community-list 1 permit 101:99
!
route-map send-RE-only permit 5
match community 1
!
router bgp 101
address-family ipv4
neighbor 100.101.1.2 route-map send-RE-only out
neighbor 100.101.1.2 default-originate
neighbor 100.101.1.6 route-map send-RE-only out
neighbor 100.101.1.6 default-originate
neighbor 100.101.1.10 route-map send-RE-only out
neighbor 100.101.1.10 default-originate
address-family ipv6
neighbor 2001:11:0:10::1 route-map send-RE-only out
neighbor 2001:11:0:10::1 default-originate
neighbor 2001:11:0:11::1 route-map send-RE-only out
neighbor 2001:11:0:11::1 default-originate
neighbor 2001:11:0:12::1 route-map send-RE-only out
neighbor 2001:11:0:12::1 default-originate
!
NREN2:
ip community-list 1 permit 100:99
ip community-list 1 permit 102:99
!
route-map send-RE-only permit 5
match community 1
!
router bgp 102
address-family ipv4
neighbor 100.102.1.2 route-map send-RE-only out
neighbor 100.102.1.2 default-originate
neighbor 100.102.1.6 route-map send-RE-only out
neighbor 100.102.1.6 default-originate
neighbor 100.102.1.10 route-map send-RE-only out
neighbor 100.102.1.10 default-originate
address-family ipv6
neighbor 2001:12:0:10::1 route-map send-RE-only out
neighbor 2001:12:0:10::1 default-originate
neighbor 2001:12:0:11::1 route-map send-RE-only out
neighbor 2001:12:0:11::1 default-originate
neighbor 2001:12:0:12::1 route-map send-RE-only out
neighbor 2001:12:0:12::1 default-originate
!Similarly, we will ask the ISP to only send us a default route:
ISP1:
ip prefix-list default permit 0.0.0.0/0
ipv6 prefix-list ipv6-default permit ::/0
!
router bgp 121
address-family ipv4
neighbor 100.121.1.2 default-originate
neighbor 100.121.1.2 prefix-list default out
neighbor 100.121.1.6 default-originate
neighbor 100.121.1.6 prefix-list default out
neighbor 100.121.1.10 default-originate
neighbor 100.121.1.10 prefix-list default out
address-family ipv6
neighbor 2001:18:0:10::1 default-originate
neighbor 2001:18:0:10::1 prefix-list ipv6-default out
neighbor 2001:18:0:11::1 default-originate
neighbor 2001:18:0:11::1 prefix-list ipv6-default out
neighbor 2001:18:0:12::1 default-originate
neighbor 2001:18:0:12::1 prefix-list ipv6-default out
!ISP2:
ip prefix-list default permit 0.0.0.0/0
ipv6 prefix-list ipv6-default permit ::/0
!
router bgp 122
address-family ipv4
neighbor 100.122.1.2 default-originate
neighbor 100.122.1.2 prefix-list default out
neighbor 100.122.1.6 default-originate
neighbor 100.122.1.6 prefix-list default out
neighbor 100.122.1.10 default-originate
neighbor 100.122.1.10 prefix-list default out
address-family ipv6
neighbor 2001:19:0:10::1 default-originate
neighbor 2001:19:0:10::1 prefix-list ipv6-default out
neighbor 2001:19:0:11::1 default-originate
neighbor 2001:19:0:11::1 prefix-list ipv6-default out
neighbor 2001:19:0:12::1 default-originate
neighbor 2001:19:0:12::1 prefix-list ipv6-default out
!Check what you are now receiving from your NREN and your ISP:
B11# show ip bgp neighbors 100.101.1.1 routes
B11# show bgp ipv6 uni neighbors 2001:11:0:10:: routes
B11# show ip route 0.0.0.0 0.0.0.0
B11# show ipv6 route ::/0B12# show ip bgp neighbors 100.121.1.1 routes
B12# show bgp ipv6 uni neighbors 2001:18:0:10:: routes
B12# show ip route 0.0.0.0 0.0.0.0
B12# show ipv6 route ::/0At this point you should see that each of your routers has a default route pointing to its upstream peer.
Check your default route on both routers:
show ip bgp 0.0.0.0 0.0.0.0
show ip route 0.0.0.0 0.0.0.0show bgp ipv6 uni ::/0
show ipv6 route ::/0Also, check your BGP routing table. Has it shrunk?
show ip bgp
show bgp ipv6 unicastConfirm that you now see a default route from your ISP, with local-preference 100. And you should also see a default-route from your NREN, with local-preference 70 (based on the communities set in the previous exercise).
What have we achieved here? We have connected our end-site to a local peer, an NREN and an ISP. The best path for for our local (bi-lateral) peer is over our peering link. The best path for all REN routes is via the NREN. The best path for all other routes is via the ISP.
Should the link to the ISP fail, we will get backup via the NREN to access the commodity networks.
Should the link to the NREN fail, we will get backup via the ISP to access R&E networks.
How did we achieve this?
We tagged all routes from our bi-lateral peer with local-preference of 200.
We looked for REN routes from our NREN tagged with the REN community and set local-preference of 150.
We heard the default route from our NREN, and tagged it with low local-preference of 70.
We heard the default route from our ISP, and left it with default local-preference of 100.
Discuss with the lab instructors about testing the failure modes of your group's network connectivity.
Included for completeness and to aid discussion, here is the BGP table as seen on C11 at the end of this lab exercise.
C11#sh ip bgp
BGP table version is 134, local router ID is 100.68.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 0.0.0.0 100.68.1.2 0 100 0 121 i
* i 100.68.1.0/24 100.68.1.1 0 100 0 i
* i 100.68.1.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 100.68.2.0/24 100.68.1.2 0 200 0 20 i
*>i 100.68.3.0/24 100.68.1.1 0 200 0 30 i
*>i 100.68.4.0/24 100.68.1.1 0 150 0 101 100 102 40 i
*>i 100.68.5.0/24 100.68.1.1 0 150 0 101 100 102 50 i
*>i 100.68.6.0/24 100.68.1.1 0 150 0 101 100 102 60 i
*>i 100.100.0.0/16 100.68.1.1 0 150 0 101 100 i
*>i 100.101.0.0/16 100.68.1.1 0 150 0 101 i
*>i 100.102.0.0/16 100.68.1.1 0 150 0 101 100 102 i