Monday, December 28, 2015

BGP task #2. Security, Tuning, Best-path selection

Topology:



Use configuration from BGP task #1 as initial configuration for this task.

Requirements: 

1. Configure authentication for eBGP session between R5 and R8. 
2. In AS12, reduce the number of configuration lines required for iBGP configuration. 
3. AS12 should be configured to prefer using link R3-R7 for any outgoing traffic when possible.             When this link is unavailable, link R3-R6 shall be used for all traffic. Link R1-R5 shall be used for      outgoing traffic as last resort option. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of BGP authentication, peer-groups and affecting best path selection using local-preference path attribute. 

Requirement #3 - In order to signal preferred exit point from the autonomous-system, use local-preference path-attribute. Higher values are preferred, default value is 100. 

R1:


!
router bgp 12
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 12
 neighbor IBGP update-source Loopback0
 neighbor 5.0.15.5 remote-as 5
 neighbor 12.0.2.2 peer-group IBGP
 neighbor 12.0.3.3 peer-group IBGP
 neighbor 12.0.4.4 peer-group IBGP
!

R2:


!
router bgp 12
 bgp log-neighbor-changes
 network 12.0.0.0 mask 255.255.0.0
 neighbor IBGP peer-group
 neighbor IBGP remote-as 12
 neighbor IBGP update-source Loopback0
 neighbor 12.0.1.1 peer-group IBGP
 neighbor 12.0.3.3 peer-group IBGP
 neighbor 12.0.4.4 peer-group IBGP
!

R3:


!
router bgp 12
 address-family ipv4 unicast
 !
 neighbor-group IBGP
  remote-as 12
  update-source Loopback0
  address-family ipv4 unicast
  !
 !
 neighbor 12.0.1.1
  use neighbor-group IBGP
 !
 neighbor 12.0.2.2
  use neighbor-group IBGP
 !
 neighbor 12.0.4.4
  use neighbor-group IBGP
 !
 neighbor 67.0.36.6
  remote-as 67
  address-family ipv4 unicast
   route-policy SECONDARY in
   route-policy BGP_ALL out
  !
 !
 neighbor 67.0.37.7
  remote-as 67
  address-family ipv4 unicast
   route-policy PRIMARY in
   route-policy BGP_ALL out
  !
 !
!
!
route-policy PRIMARY
  set local-preference 300
end-policy
!
route-policy SECONDARY
  set local-preference 200
end-policy
!


R4:


!
router bgp 12
 address-family ipv4 unicast
  network 12.0.0.0/16
 !
 neighbor-group IBGP
  remote-as 12
  update-source Loopback0
  address-family ipv4 unicast
  !
 !
 neighbor 12.0.1.1
  use neighbor-group IBGP
 !
 neighbor 12.0.2.2
  use neighbor-group IBGP
 !
 neighbor 12.0.3.3
  use neighbor-group IBGP
 !
!


R5:


!
router bgp 5
 bgp log-neighbor-changes
 network 5.0.0.0 mask 255.255.0.0
 neighbor 5.0.15.1 remote-as 12
 neighbor 8.0.58.8 remote-as 8
 neighbor 8.0.58.8 password STRONG
!

R8:


!
router bgp 8
 bgp log-neighbor-changes
 redistribute static route-map STATIC
 neighbor 8.0.58.5 remote-as 5
 neighbor 8.0.58.5 password STRONG
 neighbor 8.0.68.6 remote-as 67
 neighbor 8.0.78.7 remote-as 67
!


Verification:

RP/0/0/CPU0:R4#show bgp
Mon Dec 21 11:09:43.077 UTC
BGP router identifier 12.0.4.4, local AS number 12
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000   RD version: 8
BGP main routing table version 8
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
*>i5.0.0.0/16         67.0.37.7                     300      0 67 8 5 i
*>i8.0.0.0/16         67.0.37.7                     300      0 67 8 ?
*> 12.0.0.0/16        0.0.0.0                  0         32768 i
* i                   12.0.2.2                 0    100      0 i
*>i67.0.0.0/16        67.0.37.7                0    300      0 67 i

Processed 4 prefixes, 5 paths


No comments:

Post a Comment