A proposito dell'autore

Ventinove anni, è IT Specialist presso IBM a Bruxelles. In passato ha lavorato in T-Systems Italia dove era consulente di sistemi e reti Windows/Unix (AIX e Solaris) e saltuariamente anche Cisco. In seguito ha lavorato in una società di TLC specializzata in VoIP. E' certificato MCP, CCNA, CCNP e CCIP.

BGP Multiple AS

  1. This is the default BGP behavior. Just turn on BGP, configure it correctly and everything is ok. No really worries about this.
  2. Same for this point, this is the default BGP behavior.
  3. For the first part: this is the default BGP behavior. (hey this lab seems too easy!). For the second part: we don’t want AS4 to go to AS2 via AS1 unless link between AS4 and AS3 is down. We can reach this target using local preference. But anyway we also want to use the community attribute for simplify the policy for adding new customers. So let’s do this conf in RTC:
router bgp 1
network 192.68.11.0
neighbor 172.16.20.2 remote-as 4
neighbor 172.16.20.2 send-community
neighbor 172.16.20.2 route-map setcommunity out
neighbor 192.68.6.1 remote-as 2
no auto-summary
route-map setcommunity permit 10
set community 4:40


Let’s start with the route map setcommunity: we are just going to set a community, nothing more.
The same mirrored configuration should be applied to RTD.
Now let’s go to configure some actions if we are going to see this community coming to our AS4.
This is what we should do to into RTA:

router bgp 4
network 172.16.220.0 mask 255.255.255.0
neighbor 172.16.1.2 remote-as 3
neighbor 172.16.1.2 route-map CHECK_COMMUNITY in
neighbor 172.16.20.1 remote-as 1
neighbor 172.16.20.1 route-map CHECK_COMMUNITY in
no auto-summary
ip community-list 2 permit 4:40
ip community-list 3 permit 4:60
route-map CHECK_COMMUNITY permit 10
match community 2
set local-preference 40
route-map CHECK_COMMUNITY permit 20
match community 3
set local-preference 60
route-map CHECK_COMMUNITY permit 30
set local-preference 100

With the commands above we are just checking if from our neighbors in RTA we are receiving some routes with the community attributes. If so we do set:

  • a local preference of 40 if community is 4:40
  • a local preference of 60 if community is 4:60
  • a local preference of 100 by default

Then we will proceed setting up the RTF router:

router bgp 3
network 172.16.10.0 mask 255.255.255.0
network 172.16.65.0 mask 255.255.255.192
neighbor 172.16.1.1 remote-as 4
neighbor 172.16.1.1 send-community
neighbor 172.16.1.1 route-map setcommunity out
neighbor 192.68.5.2 remote-as 2
no auto-summary
route-map setcommunity permit 10
set community 4:60

In a nutshell all the routes from RTF are tagged with community 4:60 and they are going to have a preference of 60 in RTA.

Let’s check what is the result of this configuration:

RTA#sh ip bgp
BGP table version is 11, local router ID is 172.16.2.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 172.16.1.0/24 172.16.1.2 0 60 0 3 i
*> 0.0.0.0 0 32768 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
* 172.16.10.0/24 172.16.20.1 40 0 1 2 3 i
*> 172.16.1.2 0 60 0 3 i
* 172.16.20.0/24 172.16.20.1 0 40 0 1 i
*> 0.0.0.0 0 32768 i
* 172.16.65.0/24 172.16.20.1 40 0 1 2 3 i
*> 172.16.1.2 0 60 0 3 i
*> 172.16.220.0/24 0.0.0.0 0 32768 i
* 192.68.5.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 0 60 0 3 i
* 192.68.6.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
* 192.68.10.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
*> 192.68.11.0 172.16.1.2 60 0 3 2 1 i
Network Next Hop Metric LocPrf Weight Path
* 172.16.20.1 0 40 0 1 i

From this show ip bgp I can see:
172.16.10.0 and 172.16.10.65 with two paths and we don’t want this. We don’t want AS4 able to reach AS3 via AS1 and AS2. Anyway we can observe that one route has a preference of 40 and the other of 60.

Same for 192.68.10.0: one route has 60 and the other 40. The best path is through AS3 and we want this.

Next step is going to be work with path filtering.

4) AS AS4 should not be able to reach AS3 via AS1 and AS2.
For reaching this target we are going to use the ip as-path access lists:

ip as-path access-list 2 permit _2_
ip as-path access-list 10 permit ^$
ip as-path access-list 10 permit ^2$

Ther first one, the number 2, is going to match all the routes with 2 in the AS path.
The as-path access list 10 is going to match local routes and routes with 2 as per last AS in the path.

Then we have to apply a filter list that matches this conditions:

Router bgp 1
neighbor 172.16.20.2 filter-list 10 out

and then let’s go to apply the community 4:40 only for the matches in ip as-path access-list 2:

route-map setcommunity permit 10
match as-path 2
set community 4:40
route-map setcommunity permit 20

The same configuration, but mirrored, has to be applied on RTD.
After a clear ip bgp * we can see the final result:

RTA#sh ip bgp
BGP table version is 13, local router ID is 172.16.2.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.0/24 0.0.0.0 0 32768 i
* 172.16.1.2 0 60 0 3 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*> 172.16.10.0/24 172.16.1.2 0 60 0 3 i
* 172.16.20.0/24 172.16.20.1 0 100 0 1 i
*> 0.0.0.0 0 32768 i
*> 172.16.65.0/24 172.16.1.2 0 60 0 3 i
*> 172.16.220.0/24 0.0.0.0 0 32768 i
* 192.68.5.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 0 60 0 3 i
* 192.68.6.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
* 192.68.10.0 172.16.20.1 40 0 1 2 i
*> 172.16.1.2 60 0 3 2 i
*> 192.68.11.0 172.16.20.1 0 100 0 1 i

So:
172.16.10.0 and 172.16.65.0 are reachable only via RTF with a preference of 60
192.68.10.0 is reachable via two ways but with highest preference via AS3
AS4 cannot reach AS3 via customer’s ASs.

If you are doing this lab and you need some info don’t hesitate to leave a comment.

Net file for GNS3:
lab003 – BGP – Multiple ASs with Multiple Providers

Config files:
RTF RTA RTC RTD

Close
Entra in contatto con altri professionisti ICT, seguici su Facebook e Twitter: