Sunday, January 3, 2016

BGP task #5. BGP configuration tasks

Topology:



Use configuration from BGP task #4 as initial configuration for this task.

Requirements: 

1. Configure AS12, so it will only install BGP routes with AS-PATH shorter than 10. 
2  R5 should only advertise default-route to AS12, if R5 has reachability to prefix 67.0/16. 
3  AS12 should prefer using AS5 to reach prefix 1.0/16. You are only allowed to configure R5 to           achieve this requirement. 

Solution:

Highlight the text below to reveal the solution.

This task requires knowledge of BGP conditional advertisement and conditional injection features. 

Requirement #1 - in IOS, use "bgp maxas-limit" command.  in IOS-XR, configure route-policy to match on as-path length.

Requirement #2 - on R5, configure conditional advertisement, using advertise-map / exist-map.  Note feature does not seem to be supported in IOS-XR.

Requirement #3 - on R5, configure conditional route injection. Advertise to AS12 longer prefixes of aggregate 1.0/16. Note feature not supported on ASR9K.

Verification:


R1: 

!
router bgp 12
 bgp log-neighbor-changes
 bgp maxas-limit 10
 neighbor IBGP peer-group
 neighbor IBGP remote-as 12
 neighbor IBGP update-source Loopback0
 neighbor IBGP send-community
 neighbor 5.0.15.5 remote-as 5
 neighbor 5.0.15.5 route-map LAST out
 neighbor 12.0.2.2 peer-group IBGP
 neighbor 12.0.3.3 peer-group IBGP
 neighbor 12.0.4.4 peer-group IBGP
!

R3:

!
route-policy PRIMARY_IN
  if as-path length ge 10 then
    drop
  endif
  if destination in AS8 then
    set local-preference 300
  else
    pass
  endif
end-policy
!
route-policy SECONDARY_IN
  if as-path length ge 10 then
    drop
  endif
  if destination in AS8 then
    set local-preference 200
  else
    pass
  endif
end-policy
!
router bgp 12
 address-family ipv4 unicast
 !
 neighbor-group IBGP
  remote-as 12
  update-source Loopback0
  address-family ipv4 unicast
  !
 !
 neighbor 12.0.1.1
  use neighbor-group IBGP
 !
 neighbor 12.0.2.2
  use neighbor-group IBGP
 !
 neighbor 12.0.4.4
  use neighbor-group IBGP
 !
 neighbor 67.0.36.6
  remote-as 67
  address-family ipv4 unicast
   route-policy SECONDARY_IN in
   route-policy SECONDARY_OUT out
  !
 !
 neighbor 67.0.37.7
  remote-as 67
  address-family ipv4 unicast
   route-policy PRIMARY_IN in
   route-policy BGP_ALL out
  !
 !
!

R5:

!
ip prefix-list AGGREGATE seq 5 permit 1.0.0.0/16
!
ip prefix-list ORIGINATE seq 5 permit 1.0.0.0/17
ip prefix-list ORIGINATE seq 10 permit 1.0.128.0/17
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
!
ip prefix-list SOURCE seq 5 permit 8.0.58.8/32
!
route-map INJECT permit 100
 set ip address prefix-list ORIGINATE
!
route-map EXIST permit 100
 match ip address prefix-list AGGREGATE
 match ip route-source SOURCE
!
route-map ADVMAP permit 100
 match ip address prefix-list DEF
!
route-map NO_TRANSIT permit 100
 set community no-export
!
route-map NONEXIST permit 100
 match ip address prefix-list AS67
!
router bgp 5
 bgp log-neighbor-changes
 bgp inject-map INJECT exist-map EXIST copy-attributes
 network 5.0.0.0 mask 255.255.0.0
 neighbor 5.0.15.1 remote-as 12
 neighbor 5.0.15.1 send-community
 neighbor 5.0.15.1 route-map NO_TRANSIT out
 neighbor 5.0.15.1 advertise-map ADVMAP exist-map NONEXIST
 neighbor 8.0.58.8 remote-as 8
 neighbor 8.0.58.8 password STRONG
!

1 comment:

  1. Very good requirement #3. One of those "tricks" which I'm not happy to get on the exam, but unfortunately Cisco likes to include them :-(

    ReplyDelete