BGP Advanced


Scenario:

You have been working for a service provider called “FreedomBits” for quite some time and you have been responsible for the operation of all IGP’s. Your BGP expert/colleague has won the X-factor competition and decided to start a singing career…it’s up to you to upgrade your skills and become the new BGP guru in town. You have heard alot about BGP and even did some basic configurations but never tried anything with confederations or route-reflectors…time for a change!

Goal:

All IP addresses have been preconfigured for you in the following order:

R1 – R2: 192.168.12.X
R1 – R3: 192.168.13.X
R3 – R4: 192.168.34.X

(Where X = Router number)

And so on…

Every router has a Loopback0 interface:
X.X.X.X

(Where X = Router number)

  • Configure each Autonomous System (AS) with a different IGP:
    AS100: RIP
    AS300: OSPF
    AS200: EIGRP
    AS400: OSPF
  • Do not configure the IGP on the interfaces connecting to another AS. For example; R3 should not send any RIP routing updates towards R4.
  • Make sure the loopbacks are advertised in the IGP’s.
  • Configure BGP on every router, make sure you have the right IBGP and EBGP configurations. AS300 has to be configured as a confederation.
  • R1 has to be configured as a route-reflector for R2 and R3.
  • Configure on all routers that BGP updates are sourced from the Loopback0 interface.
  • Configure BGP authentication between R7 and R11, use password VAULT
  • Make sure all BGP neighbor relationships are working before you continue with the next steps.
  • Advertise all physical and loopback interfaces in BGP, you are not allowed to use the “network” command to achieve this.
  • Achieve full connectivity, every IP address should be pingable. Use a TCLSH script to do this.
  • When R4 sends a ping to the loopback interface of R1 it should choose the path through R2. You are only allowed to make changes on R3.
  • Create another loopback interface on R1 with ip address 172.16.1.1 /24, advertise this in RIP.
  • When R4 sends a ping to the 172.16.1.1 address it should take the path through R3, you are only allowed to make changes on R4.
  • When R6 sends a ping towards the loopback interface on R11 it should go through AS300.
  • R7 should prefer the path through R11 for all external networks except for 172.16.1.1.
  • Configure AS300 so it is no longer a transit AS for AS200 to reach 172.16.1.1 in AS100. AS400 should not be influenced.

It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the routing protocols for CCNP.

Would you like to be a master of routing too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?

I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of routing.

You will learn all the secrets about OSPF, EIGRP, BGP and more.

Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

BGP Advanced

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by RenΓ© Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

RenΓ© - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

67 Comments

  1. I think the wrong .net file is in the BGPAdvanced.zip download. Unless I’ve done something silly the one in your file doesn’t match the one on this page. Wrong AS numbers and different layout.

  2. Looks like the configs are missing too. Can you post the correct zip file please.

    Great site by the way. Thanks.

    1. hi Rene,
      i can opened the BGPAdvanced.net diagram in GNS3, but when I turned the router on and console into it, I kept getting Localhost: The remote system refused the connection.

      Can you please tell me what I didn’t configure in GNS3?

      Many thanks,
      Jimmy.

      1. Jimmy,

        I run into the same thing all the time. I guess it’s just a GNS quirk

  3. okay, this lab seems interesting. would try next =)

    anyway, anyone tried telneting a real public route server with a real AS number? I just found out today by googling, and I tried to telnet to one of servers and was able to issue the command “sho ip bgp”. a good way to learn to get familiar with this table. like this.

    route-server>sho ip bgp
    BGP table version is 83797402, local router ID is 24.137.100.8
    Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
    r RIB-failure, S Stale
    Origin codes: i – IGP, e – EGP, ? – incomplete

    Network Next Hop Metric LocPrf Weight Path
    *>i1.9.0.0/16 4.79.2.89 0 100 0 3356 1273 4788 i
    * i 77.67.70.77 80 100 0 3257 7018 4788 i
    * i1.11.128.0/17 206.82.135.5 100 0 6453 2828 9318 3809
    1 17839 i
    *>i 4.79.2.89 0 100 0 3356 2914 9318 3809
    1 17839 i
    *>i1.12.0.0/24 77.67.70.77 778 100 0 3257 4837 4808 1743
    1 18245 i
    *>i1.12.0.0/14 77.67.70.77 778 100 0 3257 4134 4847 1824
    5 i
    *>i1.12.1.0/24 77.67.70.77 778 100 0 3257 4134 4847 1824
    5 i
    *>i1.21.0.0/16 4.79.2.89 0 100 0 3356 2516 2519 i
    * i 206.82.135.5 100 0 6453 2914 2519 i
    *>i1.22.0.0/23 206.82.135.5 100 0 6453 4755 45528 i
    *>i1.22.16.0/23 206.82.135.5 100 0 6453 4755 45528 i
    *>i1.22.24.0/23 4.79.2.89 0 100 0 3356 1273 37986 241
    86 45528 i
    –More–

    these are real networks, not simulation. just i thought I’d share. cheers.

  4. Those public routers are very interesting to take a look at. If you check the “BGP Regular Expressions” lab I’ve added a link to the “looking glass” routers (that’s what they call them sometimes). Those routers are very nice to practice your regular expressions-skills on since they have plenty of AS’es πŸ˜‰

    thanks for sharing!
    Enjoy!

  5. Hi Rene

    Up until now I haven’t stuck anywhere, thanks for asking, I will definitely post whenever I stuck somewhere.

    Regards
    Mahir

  6. I believe I’ve got this one. I just have a question about the final 2 steps. It says to shut down the interface between R7 and R11 and then configure AS300 so it is no longer a transit for AS200 to reach AS100. Looking at the topology there is no other way for AS200 to get to AS100 except through AS300. I am a little confused by this.

  7. OK, I read it again and I think I misunderstood. Just to make sure I created a prefix list on R4 and permitted everything except the routes coming from AS200. I applied this outgoing to neighbors R2 and R3. I can now ping everything except the networks in AS100 from R6 and R7 and I can ping everything from all other devices.

  8. I saved my configs if anyone is interested. I don’t know how to paste them though.

  9. Hi Captain Andy,

    Being a transit AS is something that is not always desirable. Imagine AS300 is a company connected to two ISP’s…AS100 and AS200. An unwanted side-effect of being connected “dual homed” is that you are now a transit AS.

    The ISP in AS100 could send traffic meant for ISP in AS200 through your network, if you don’t want this you can filter it.

    Using a prefix-list is possible, you can also use a regular expression. If you never tried the regular expression before i’d suggest to try it since it’s very powerful for BGP.

    Rene

  10. Hello Rene,

    Thanks for the input. I have not played around with regular expressions up to now. I guess that is next on the list.

    Thanks Again,

    Andy

  11. Hi Andy,

    I have a lab for the regular expressions. Otherwise google for a “Looking Glass Server” which is a BGP router you can telnet into, you can use show ip bgp commands on a router which has a full (or partial) internet routing table. Great for regular expressions practice!

    Rene

  12. Understood that being a transit AS isn’t desirable….
    However, you never answered the question above. With the current setup, it’s impossible for AS300 to *not* be a transit AS for traffic from 200. AS200 traffic still ultimately goes through 300 to get to 100. Maybe what you meant is to have AS200 traffic go through 400, but the interfaces between 7 and 11 are shut, again making this impossible. Please update the objectives to make this lab workable with all goals met.

  13. Hi Jon,

    I changed the lab a bit but it doesn’t make much of a difference. If you shutdown the interface between R7 and R11 the only way for AS200 to get to AS100 is through AS300.

    If you leave the link between R7 and R11 up you will still go through AS300 but first through AS400.

    Anyway I changed it so you don’t have to shutdown the interface, in real life you’ll configure the transit AS to make sure AS200 doesn’t know there’s an AS100 behind AS300.

    Take care!

    Rene

  14. Makes a little more sense πŸ™‚
    So is the goal of the last objective to prevent AS200 from reaching the lo1 address (172.16.1.1) of R1?

  15. hello rene!!
    tried using all loopbacks into bgp config (Ebgp as well) and didnt get full connectivity… can u help me ?
    i have all CFG files

  16. Sure but please make a post in the forum, might also be nice for others to read.

    Did you see the video I created for this lab? That might also solve your problem.

    Rene

  17. If you want some more big challenges like this one. Try the MPLS advanced lab or Expert Redistribution. They are not easy though ;D

  18. Great lab, thanks loads!

    Quick question on this part of the lab:

    β€’When R4 sends a ping to the loopback interface of R1 it should choose the path through R2. You are only allowed to make changes on R3.

    Is this not the case at this stage of the config anyway? The R2 RID is lower than R3 (and everything else is equal unless I have done something wrong!), so wouldn’t R4 choose the path through R2 by default in this case?

  19. Hello Whoolio,
    there’s a rule in the best path selection list, specifying that the oldest learned route is considered as preferred. So it also depends on the start up order of the routers, and on “clear ip bgp *” too.
    Of course, somebody correct me if I’m wrong πŸ™‚
    Greets!

  20. @Krastin,

    knew I was missing something! Thanks for reminding me of that, guess I just got lucky during setting up the lab πŸ˜€

  21. If you want something to help you remember all the BGP attributes here it is:

    [b][i]We Love Oranges As Oranges Means Pure Refreshment[/i][/b]

    W Weight (Highest)
    L Local_Pref (Highest)
    O Originate (local originate)
    AS As_Path (shortest)
    O Origin Code (IGP < EGP < Incomplete) M MED (lowest) P Paths (External Paths preferred Over Internal) R Router ID (lowest) As you can see if everything is the same it boils down to the BGP Router ID. Since each router has a unique ID there will always be a winner.

  22. Hi RenΓ©,

    In your video you explained that you were lazy ;D and that it was too much typing for you to source all updates from Lo0 and you said it did not matter.

    However i did do every it on every router and i did need to set some neighbor next-hop-self commands in order to get full connectivity.

    Am i correct here or did i do something wrong for which i needed the next-hop-self commands?

  23. [quote]In your video you explained that you were lazy smilies/grin.gif and that it was too much typing for you to source all updates from Lo0 and you said it did not matter.

    However i did do every it on every router and i did need to set some neighbor next-hop-self commands in order to get full connectivity.

    Am i correct here or did i do something wrong for which i needed the next-hop-self commands?[/quote]

    Hi Pim,

    The issue you had is normal. If you source updates from loopbacks then you need to make sure some of your BGP routers know how to reach the next-hop IP address. You can use the next-hop-self command or you can advertise the correct networks in BGP.

    Once you fix next-hop-issues its all good. Its just a bit more typing than using the physical interfaces for setting up neighbor peers.

  24. Hello Rene. Between R7 and R11, why didn’t you use neighbor statements with the addresses of loopback interfaces like you did on all the other routers? 7.7.7.7 and 11.11.11.11 ? I tried using that and then typing the authentication statement and one end does not seem to see the md5 hash. I can only do it by using the facing interfaces IP address in the neighbor statement?
    Thanks.

  25. Hello Alex,

    R7 and R11 are EBGP routers and normally you use the directly connected IP addresses to setup a neighbor peering. For IBGP we prefer to use loopbacks because our IGP can take care of finding another route in case of link failure.

    It’s possible to setup EBGP by using loopback interfaces but you need to use the [b]ebgp-multihop command[/b] to tell the routers you are not using the directly connected IP addresses.

    Rene

  26. Last bullet point, stopping AS 300 for acting as transit for AS 200 for network 172.16.76.1

    I am having problems with the last bullet point.

    As in your video, I have configured R4 and R5 to filter 172.16.1.0/24 from being advertised to R6.

    However R6 then learns 172.16.1.1 from R7, who is learning it from AS 400 who is learning it from AS 300.

    If I filter on R9, then AS 400 is effected.

    What did you do that I missed to get AS 300 to stop acting as a transit for AS200 for network 172.16.1.0/24?

    I have met all other objectives listed, this is the only one I am having problems with.

    Thanks

    1. Not sure what I did in the video anymore but you could try the "no-export" community. That’ll tell an AS not to advertise certain prefixes through EBGP to another AS.

  27. Hello Dear,

    Thanks for posting this very interesting lab , i have a one query about this lab , when i use final config .. we found the drops coming when i am going to ping from R1 to R11

    thank
    vivek

    1. Hi Vivek,

      Did you check where the packets are being dropped and why? It’s been awhile since I recorded this video πŸ˜‰

      Rene

  28. Hi Rene, after prepending as 400 twice on R11 (sent to R7), I fail to see the route in my bgp table on R6. When I prepend it only once, it’s there. What is the reason R7 won’t advertize it to R6?

    R7#show ip bgp 11.11.11.0
    BGP routing table entry for 11.11.11.0/24, version 48
    Paths: (2 available, best #1, table Default-IP-Routing-Table)
    Advertised to update-groups:
    1
    300 400, (received & used)
    6.6.6.6 (metric 156160) from 6.6.6.6 (6.6.6.6)
    Origin incomplete, metric 0, localpref 100, valid, internal, best
    400 400 400, (received & used)
    11.11.11.11 from 11.11.11.11 (11.11.11.11)
    Origin incomplete, metric 0, localpref 100, valid, external

    R6#show ip bgp 11.11.11.0
    BGP routing table entry for 11.11.11.0/24, version 161
    Paths: (2 available, best #2, table Default-IP-Routing-Table)
    Advertised to update-groups:
    1 2
    300 400, (received & used)
    4.4.4.4 from 4.4.4.4 (4.4.4.4)
    Origin incomplete, localpref 100, valid, external
    300 400, (received & used)
    5.5.5.5 from 5.5.5.5 (5.5.5.5)
    Origin incomplete, localpref 100, valid, external, best

    I’m confused..

    1. Hi Steven,

      Can you create a forum topic and drop your configs there? I’ll take a look.

      Rene

  29. @stevenjacobs… that is cause R6 is not connected directly to R11. you can influence routing decisons only to directly connected neighors and it is local to that neighbor for the as-path attribute..

    On another note, Rene, i wanted something tougher mate πŸ™‚
    good lab though…but something more deeper and intense.. soon maybe?

    cheers

    1. btw, is there anyway i could hide the as path numbers showing up when i do a traceroute?

      1. I’m not 100% sure but I believe you only see the AS number on the trace if you do this from a BGP router that knows about the prefixes/AS numbers. Try to do the same trace from a non-BGP router and check what you see then…

    2. I have more stuff in mind especially since I’ll work more towards my CCIE in a few weeks. I’m very busy with other work at the moment however πŸ˜›

  30. Greetings, thanks for the great lab. This is all really new to me so hopefully it’ll be amusing πŸ™‚

    I think I’ve completed everything up to the confederator so I thought I’d take a peak at the ospf and ibgp settings of the completed R11 and it confused me. I put R10 and R11 in their own area (400) apart from AS300’s area (0), and I didn’t configure any IGP between AS300 and AS400 because that’s how I interpreted the 2nd bullet.

    Where’d I go wrong?

    1. We only run an IGP (OSPF or EIGRP) within the AS. So if you need to use OSPF you can just use area 0 within each AS because there’s no neigbor adjacency between different AS’es.

  31. well when i set it up like that, with R10 and R11 in ospf area 0 along with R4,5,8,9 I can ping from R4 to R11. And I thought that defeated the point of the lab (which is where I could be missing the point). Here’s some info off R4R4#traceroute 192.168.110.11

    Type escape sequence to abort.
    Tracing the route to 192.168.110.11

    1 192.168.45.5 8 msec 4 msec 4 msec
    2 192.168.58.8 4 msec 4 msec 12 msec
    3 192.168.89.9 8 msec 8 msec 12 msec
    4 192.168.109.10 20 msec 20 msec 16 msec
    5 192.168.110.11 36 msec 20 msec *
    R4#

    R4#show ip route

    O 192.168.89.0/24 [110/3] via 192.168.45.5, 00:09:45, FastEthernet2/0
    C 192.168.46.0/24 is directly connected, FastEthernet3/0
    C 192.168.45.0/24 is directly connected, FastEthernet2/0
    4.0.0.0/24 is subnetted, 1 subnets
    C 4.4.4.0 is directly connected, Loopback0
    O IA 192.168.110.0/24 [110/5] via 192.168.45.5, 00:09:45, FastEthernet2/0
    O 192.168.58.0/24 [110/2] via 192.168.45.5, 00:09:45, FastEthernet2/0
    C 192.168.24.0/24 is directly connected, FastEthernet0/0
    5.0.0.0/32 is subnetted, 1 subnets
    O 5.5.5.5 [110/2] via 192.168.45.5, 00:09:45, FastEthernet2/0
    O 192.168.56.0/24 [110/2] via 192.168.45.5, 00:09:45, FastEthernet2/0
    O 192.168.109.0/24 [110/4] via 192.168.45.5, 00:09:45, FastEthernet2/0
    8.0.0.0/32 is subnetted, 1 subnets
    O 8.8.8.8 [110/3] via 192.168.45.5, 00:09:50, FastEthernet2/0
    9.0.0.0/32 is subnetted, 1 subnets
    O 9.9.9.9 [110/4] via 192.168.45.5, 00:09:50, FastEthernet2/0
    10.0.0.0/32 is subnetted, 1 subnets
    O IA 10.10.10.10 [110/5] via 192.168.45.5, 00:09:50, FastEthernet2/0
    11.0.0.0/32 is subnetted, 1 subnets
    O IA 11.11.11.11 [110/6] via 192.168.45.5, 00:09:50, FastEthernet2/0
    C 192.168.34.0/24 is directly connected, FastEthernet1/0

    1. R4 has learned the networks in AS 400 through OSPF, that’s now how it is supposed to be…you should learn those through BGP.

      There should be no OSPF packets between different AS’es. If you want to enforce this…configure OSPF passive interface on the interfaces between the AS’es.

      You have to see the different AS’es as Internet providers, they don’t run OSPF between them, only BGP πŸ™‚

  32. I have put the final configs that I downloaded from here and still have a problems when I run the tclsh script. I cannot get a ping from R1 to R5,R8 and R9. Does anyone have any suggestions?

    Thanks!

    1. Never mind on my previous post. I made mistake and did not go far enough in the video. Thank goodness for the videos. What I was missing was to put in the statement:

      neighbor 5.5.5.5 next-hop-self

      in R4.

      What I don’t know how to do yet is how to troubleshoot this and really how to use this statement. What I found was the LO addresses from R1, R2 and R3 were not being advertised from R4 to R5. Can anyone suggest how to know the problem would be fixed but using the next-hop-self statement?

      Sorry to be so dumb but I am still trying to learn BGP.

  33. Well do a sh ip bgp, for those routes you don’t have in the routing table, ping the next hop, if you can’t reach the next hop it means the edge router has to "next-hop-self".

    Of course, check if the edge router can ping the prefix too, if not it may some other issue.

  34. for the following question————–>
    R7 should prefer the path through R11 for all external networks except for 172.16.1.1….

    .After increasing the local preference to 444, this solution affects
    the question above it which says ———–>
    When R6 sends a ping towards the loopback interface on R11 it should go through AS300….

    For getting to 11.11.11.11 R6 now chooses the path through R7 instead of through AS 300…..Why is it so???

  35. Hi Rene

    I would like to thank you for this website where I got the opportunity to play with all kinds labs.

    About the BGP Advanced Lab, I got a very disturbing line in R7 and R11 right after I typed the password VAULT. This is the disturbing line: “*Mar 1 00:20:39.571: %TCP-6-BADAUTH: Invalid MD5 digest from 192.168.117.11(48636) to 192.168.117.7(179)” .
    Please help me to get rid of it.

    Thanks

  36. Why can I log in and download the configuration files, but it says I need to “log in” to download all the topology files?

  37. Finally done with all the BGP labs..wew! Quite a list.

    SO glad auto-summary is disabled on the newer codes….spent way too long troubleshooting an issue in AS-200 as a result of not disabling it πŸ™‚

  38. this was fun.

    here’s my TCL script used to ping… modified it for quick glance readability.
    i ran it as a process from the TCL shell.
    you could also run it from router flash.

    proc PING {} {
    foreach X {
    1.1.1.1
    2.2.2.2
    3.3.3.3
    4.4.4.4
    5.5.5.5
    6.6.6.6
    7.7.7.7
    8.8.8.8
    9.9.9.9
    10.10.10.10
    11.11.11.11
    192.168.12.1
    192.168.12.2
    192.168.13.1
    192.168.13.3
    192.168.24.2
    192.168.24.4
    192.168.34.3
    192.168.34.4
    192.168.45.4
    192.168.45.5
    192.168.46.4
    192.168.46.6
    192.168.56.5
    192.168.56.6
    192.168.58.5
    192.168.58.8
    192.168.67.6
    192.168.67.7
    192.168.117.7
    192.168.117.11
    192.168.89.8
    192.168.89.9
    192.168.109.9
    192.168.109.10
    192.168.110.10
    192.168.110.11
    172.16.1.1 } {
    if { [ regexp {[!]+} [ exec ping $X ] ] } {
    puts “$X success”
    } else {
    puts “$X \*\* FAIL \*\*”
    }
    }
    }

    //

    THE RESULTANT OUTPUT LOOKS LIKE THIS:

    R10(tcl)#PING
    1.1.1.1 success
    2.2.2.2 success
    3.3.3.3 success
    4.4.4.4 success
    5.5.5.5 success
    6.6.6.6 ** FAIL **
    7.7.7.7 ** FAIL **
    8.8.8.8 success
    9.9.9.9 success
    10.10.10.10 success
    11.11.11.11 success
    192.168.12.1 success
    192.168.12.2 success
    192.168.13.1 success
    192.168.13.3 success
    192.168.24.2 success
    192.168.24.4 success
    192.168.34.3 success
    192.168.34.4 success
    192.168.45.4 success
    192.168.45.5 success
    192.168.46.4 success
    192.168.46.6 success
    192.168.56.5 success
    192.168.56.6 success
    192.168.58.5 success
    192.168.58.8 success
    192.168.67.6 ** FAIL **
    192.168.67.7 ** FAIL **
    192.168.117.7 success
    192.168.117.11 success
    192.168.89.8 success
    192.168.89.9 success
    192.168.109.9 success
    192.168.109.10 success
    192.168.110.10 success
    192.168.110.11 success

    R10(tcl)#

    //

  39. interesting issue…

    i reloaded this lab to poke around some more.
    when i did i was greeted by an interesting message on router 8 (R8):

    R8#
    %IPRT-3-RIB_LOOP: Resolution loop formed by routes in RIB

    R8#sh ip cef 6.6.6.6
    6.6.6.6/32
    unresolved via 6.6.6.0/24
    recursive-looped

    R8#sh ip cef 6.6.6.0/24
    6.6.6.0/24
    unresolved via 6.6.6.6
    recursive-looped

    at first, i could not understand why R8 thot there was a routing loop.
    the route table looked good to me (at first)…

    R8#sh ip bgp | i Net|>.*6.6.6.6
    Network Next Hop Metric LocPrf Weight Path
    *> 6.6.6.0/24 6.6.6.6 0 100 0 (10) 200 ?

    R8#sh ip route 6.6.6.6
    Routing entry for 6.6.6.0/24
    Known via “bgp 20”, distance 200, metric 0
    Tag 10, type internal
    Last update from 6.6.6.6 00:00:28 ago
    Routing Descriptor Blocks:
    * 6.6.6.6, from 5.5.5.5, 00:00:28 ago
    Route metric is 0, traffic share count is 1
    AS Hops 1
    Route tag 10
    MPLS label: none

    R8#sh ip route 5.5.5.5
    Routing entry for 5.5.5.5/32
    Known via “ospf 1”, distance 110, metric 2, type intra area
    Last update from 192.168.58.5 on FastEthernet0/1, 00:31:28 ago
    Routing Descriptor Blocks:
    * 192.168.58.5, from 5.5.5.5, 00:31:28 ago, via FastEthernet0/1
    Route metric is 2, traffic share count is 1

    it turns out i could not see the forest for the trees.
    found a Cisco forum post referencing a command i had not seen before… “show ip route loops”.

    the output brought me back into focus πŸ˜‰

    R8#sh ip route loop
    ->default:ipv4:base 6.6.6.0/24 -> base 6.6.6.6 bgp 00:02:34 N

    a recursive loop was formed when R8 tried to resolve 6.6.6.0/24 back to 6.6.6.6 – infinite loop.

    long story short… i forgot to save my GNS3 config on R8 before shutting down GNS3.
    when i reloaded the topology, R5 was missing a BGP “next-hop-self” for neighbor R8.

    LOL πŸ™‚

    good stuff

    1. doing an iPexpert bootcamp today and came across this issue again.
      couldn’t remember what caused it, and i forgot all about this post.
      this post was 6th in the Google search… hooray !

      i helped my future self from the past to solve a lab problem… i hope this doesn’t cause a rupture in the space-time continuum !! πŸ™‚

  40. You should this part of the instructions:
    Configure on all routers that BGP updates are sourced from the Loopback0 interface.

    To state this only applies to iBGP. The only way to do this for eBGP as well is to use a static route to point the peer’s loopback address to the peer’s interface address. Otherwise, the local router will not know how to get to the peer’s loopback address.

    In the iBGP AS’s though, since you had us use dynamic routing protocols, all the routers in the iBGP know each other’s loopback, and are therefore able to source BGP updates from the loopbacks.

    I checked against your answers, and you indeed are not using the loopback for eBGP:

    From R11 Answers:
    router bgp 400
    neighbor 10.10.10.10 remote-as 400
    neighbor 10.10.10.10 update-source Loopback0
    neighbor 192.168.117.7 remote-as 200

  41. Hi Rene,

    Need your help. I am trying to practice this lab on gns3 but the idle PC value is not getting set for this IOS, What can I do to set the Idle PC value?

    1. Right click a router, select idlepc, and select a new value. Test new values until your computer CPU drops.

  42. i’m not able to ping 8.8.8.8 from 11.11.11.11 and 6.6.6.6 from 10.10.10.10. i have tried many times but its not working.

    R11#sh ip bgp
    BGP table version is 1294, local router ID is 11.11.11.11
    Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
    r RIB-failure, S Stale
    Origin codes: i – IGP, e – EGP, ? – incomplete

    Network Next Hop Metric LocPrf Weight Path
    *>i1.1.1.0/24 10.10.10.10 0 100 0 300 100 ?
    *>i2.2.2.0/24 10.10.10.10 0 100 0 300 100 ?
    *>i3.3.3.0/24 10.10.10.10 0 100 0 300 100 ?
    *>i4.4.4.0/24 10.10.10.10 0 100 0 300 ?
    *>i5.5.5.0/24 10.10.10.10 0 100 0 300 ?
    * 6.6.6.0/24 192.168.117.7 0 200 ?
    *> 7.7.7.7 0 200 ?
    r 7.7.7.0/24 192.168.117.7 0 0 200 ?
    r> 7.7.7.7 0 0 200 ?
    *>i8.8.8.0/24 10.10.10.10 0 100 0 300 ?
    *>i9.9.9.0/24 10.10.10.10 0 100 0 300 ?
    *>i10.10.10.0/24 10.10.10.10 0 100 0 ?
    *> 11.11.11.0/24 0.0.0.0 0 32768 ?
    * 172.16.1.0/24 192.168.117.7 0 200 300 100 ?
    *>i 10.10.10.10 0 100 0 300 100 ?
    * 7.7.7.7 0 200 300 100 ?
    *>i192.168.12.0 10.10.10.10 0 100 0 300 100 ?
    Network Next Hop Metric LocPrf Weight Path
    *>i192.168.13.0 10.10.10.10 0 100 0 300 100 ?
    *>i192.168.24.0 10.10.10.10 0 100 0 300 ?
    *>i192.168.34.0 10.10.10.10 0 100 0 300 ?
    *>i192.168.45.0 10.10.10.10 0 100 0 300 ?
    * 192.168.46.0 192.168.117.7 0 200 ?
    *> 7.7.7.7 0 200 ?
    * i 10.10.10.10 0 100 0 300 ?
    * 192.168.56.0 192.168.117.7 0 200 ?
    *> 7.7.7.7 0 200 ?
    * i 10.10.10.10 0 100 0 300 ?
    *>i192.168.58.0 10.10.10.10 0 100 0 300 ?
    * 192.168.67.0 192.168.117.7 0 0 200 ?
    *> 7.7.7.7 0 0 200 ?
    *>i192.168.89.0 10.10.10.10 0 100 0 300 ?
    *>i192.168.109.0 10.10.10.10 0 100 0 ?
    *> 192.168.110.0 0.0.0.0 0 32768 ?
    * i 10.10.10.10 0 100 0 ?
    * 192.168.117.0 192.168.117.7 0 0 200 ?
    *> 0.0.0.0 0 32768 ?
    * 7.7.7.7 0 0 200 ?

  43. Hi Rene

    For me, even though 172.16.1.0 is not entering into R6, however i am learning this route via R7 (which learns via R11). I had used distribute list (with ACL) on R4,R5 to stop advertise 172.16.1.0 to R6. Any clue, how can i stop it.

    In the previous step to prefer 172.16.1.0 through R6 but rest of the traffic via R11, i had used Weight on R7 for 172.16.1.0 via R6. And Local Preference of 50 for rest of the route via R6.

    router bgp 200
    no synchronization
    bgp log-neighbor-changes
    redistribute eigrp 200
    neighbor 6.6.6.6 remote-as 200
    neighbor 6.6.6.6 update-source Loopback0
    neighbor 6.6.6.6 next-hop-self
    neighbor 6.6.6.6 route-map VIA_R11 in
    neighbor 11.11.11.11 remote-as 400
    neighbor 11.11.11.11 password VAULT
    neighbor 11.11.11.11 ebgp-multihop 2
    neighbor 11.11.11.11 update-source Loopback0
    no auto-summary

    R7#show route-map VIA_R11
    route-map VIA_R11, permit, sequence 10
    Match clauses:
    ip address (access-lists): 1
    Set clauses:
    weight 100
    Policy routing matches: 0 packets, 0 bytes
    route-map VIA_R11, permit, sequence 20
    Match clauses:
    Set clauses:
    local-preference 50
    Policy routing matches: 0 packets, 0 bytes

    R7#show ip bgp 172.16.1.0
    BGP routing table entry for 172.16.1.0/24, version 2045
    Paths: (1 available, best #1, table Default-IP-Routing-Table)
    Advertised to update-groups:
    1
    400 300 100
    11.11.11.11 from 11.11.11.11 (11.11.11.11)
    Origin incomplete, localpref 100, valid, external, best

    Thanks

  44. Hi Rene,

    Another Great Lab from you once again Cheers Mate !!

    For any one interested in a Ping scrip to to test multiple loop back interfaces here is an example.

    tclsh
    foreach LANADDRESSES {
    1.1.1.1
    2.2.2.2
    3.3.3.3
    4.4.4.4
    5.5.5.5
    6.6.6.6
    7.7.7.7
    8.8.8.8
    9.9.9.9
    10.10.10.10
    11.11.11.11
    } { ping $LANADDRESSES repeat 5 size 256 source lo0}

    I hope you enjoy it do customize it as required…

Comments are closed.