BGP Advanced

I think the wrong .net file is in the BGPAdvanced.zip download. Unless I've done something silly the one in your file doesn't match the one on this page. Wrong AS numbers and different layout.

Looks like the configs are missing too. Can you post the correct zip file please.

Great site by the way. Thanks.

I just fixed the config...topology is now correct and the startup config has IP Addresses!

okay, this lab seems interesting. would try next =)

anyway, anyone tried telneting a real public route server with a real AS number? I just found out today by googling, and I tried to telnet to one of servers and was able to issue the command "sho ip bgp". a good way to learn to get familiar with this table. like this.

route-server>sho ip bgp
BGP table version is 83797402, local router ID is 24.137.100.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i1.9.0.0/16 4.79.2.89 0 100 0 3356 1273 4788 i
* i 77.67.70.77 80 100 0 3257 7018 4788 i
* i1.11.128.0/17 206.82.135.5 100 0 6453 2828 9318 3809
1 17839 i
*>i 4.79.2.89 0 100 0 3356 2914 9318 3809
1 17839 i
*>i1.12.0.0/24 77.67.70.77 778 100 0 3257 4837 4808 1743
1 18245 i
*>i1.12.0.0/14 77.67.70.77 778 100 0 3257 4134 4847 1824
5 i
*>i1.12.1.0/24 77.67.70.77 778 100 0 3257 4134 4847 1824
5 i
*>i1.21.0.0/16 4.79.2.89 0 100 0 3356 2516 2519 i
* i 206.82.135.5 100 0 6453 2914 2519 i
*>i1.22.0.0/23 206.82.135.5 100 0 6453 4755 45528 i
*>i1.22.16.0/23 206.82.135.5 100 0 6453 4755 45528 i
*>i1.22.24.0/23 4.79.2.89 0 100 0 3356 1273 37986 241
86 45528 i
--More--

these are real networks, not simulation. just i thought I'd share. cheers.

Those public routers are very interesting to take a look at. If you check the "BGP Regular Expressions" lab I've added a link to the "looking glass" routers (that's what they call them sometimes). Those routers are very nice to practice your regular expressions-skills on since they have plenty of AS'es

thanks for sharing!
Enjoy!

Hi Guys,

Where is the solution of this lab.

Regards
Mahir

Hi Mahir,

Don't have a final config or video on this one yet, where are you stuck? I'll help you.

Rene

Hi Rene

Up until now I haven't stuck anywhere, thanks for asking, I will definitely post whenever I stuck somewhere.

Regards
Mahir

I believe I've got this one. I just have a question about the final 2 steps. It says to shut down the interface between R7 and R11 and then configure AS300 so it is no longer a transit for AS200 to reach AS100. Looking at the topology there is no other way for AS200 to get to AS100 except through AS300. I am a little confused by this.

OK, I read it again and I think I misunderstood. Just to make sure I created a prefix list on R4 and permitted everything except the routes coming from AS200. I applied this outgoing to neighbors R2 and R3. I can now ping everything except the networks in AS100 from R6 and R7 and I can ping everything from all other devices.

I saved my configs if anyone is interested. I don't know how to paste them though.

Hi Captain Andy,

Being a transit AS is something that is not always desirable. Imagine AS300 is a company connected to two ISP's...AS100 and AS200. An unwanted side-effect of being connected "dual homed" is that you are now a transit AS.

The ISP in AS100 could send traffic meant for ISP in AS200 through your network, if you don't want this you can filter it.

Using a prefix-list is possible, you can also use a regular expression. If you never tried the regular expression before i'd suggest to try it since it's very powerful for BGP.

Rene

Hello Rene,

Thanks for the input. I have not played around with regular expressions up to now. I guess that is next on the list.

Thanks Again,

Andy

Hi Andy,

I have a lab for the regular expressions. Otherwise google for a "Looking Glass Server" which is a BGP router you can telnet into, you can use show ip bgp commands on a router which has a full (or partial) internet routing table. Great for regular expressions practice!

Rene

Understood that being a transit AS isn't desirable....
However, you never answered the question above. With the current setup, it's impossible for AS300 to *not* be a transit AS for traffic from 200. AS200 traffic still ultimately goes through 300 to get to 100. Maybe what you meant is to have AS200 traffic go through 400, but the interfaces between 7 and 11 are shut, again making this impossible. Please update the objectives to make this lab workable with all goals met.

Hi Jon,

I changed the lab a bit but it doesn't make much of a difference. If you shutdown the interface between R7 and R11 the only way for AS200 to get to AS100 is through AS300.

If you leave the link between R7 and R11 up you will still go through AS300 but first through AS400.

Anyway I changed it so you don't have to shutdown the interface, in real life you'll configure the transit AS to make sure AS200 doesn't know there's an AS100 behind AS300.

Take care!

Rene

Makes a little more sense
So is the goal of the last objective to prevent AS200 from reaching the lo1 address (172.16.1.1) of R1?

Whew, what a lab! I have realy enjoyed it. Thank you!

hello rene!!
tried using all loopbacks into bgp config (Ebgp as well) and didnt get full connectivity... can u help me ?
i have all CFG files

Sure but please make a post in the forum, might also be nice for others to read.

Did you see the video I created for this lab? That might also solve your problem.

Rene

This is what Ive been looking for , we want more, this really stretched me and my CPU !!!!

If you want some more big challenges like this one. Try the MPLS advanced lab or Expert Redistribution. They are not easy though ;D

Great lab, thanks loads!

Quick question on this part of the lab:

•When R4 sends a ping to the loopback interface of R1 it should choose the path through R2. You are only allowed to make changes on R3.

Is this not the case at this stage of the config anyway? The R2 RID is lower than R3 (and everything else is equal unless I have done something wrong!), so wouldn't R4 choose the path through R2 by default in this case?

Hello Whoolio,
there's a rule in the best path selection list, specifying that the oldest learned route is considered as preferred. So it also depends on the start up order of the routers, and on "clear ip bgp *" too.
Of course, somebody correct me if I'm wrong
Greets!

@Krastin,

knew I was missing something! Thanks for reminding me of that, guess I just got lucky during setting up the lab

If you want something to help you remember all the BGP attributes here it is:

We Love Oranges As Oranges Means Pure Refreshment

W Weight (Highest)
L Local_Pref (Highest)
O Originate (local originate)
AS As_Path (shortest)
O Origin Code (IGP < EGP < Incomplete)
M MED (lowest)
P Paths (External Paths preferred Over Internal)
R Router ID (lowest)

As you can see if everything is the same it boils down to the BGP Router ID. Since each router has a unique ID there will always be a winner.

Hi René,

In your video you explained that you were lazy ;D and that it was too much typing for you to source all updates from Lo0 and you said it did not matter.

However i did do every it on every router and i did need to set some neighbor next-hop-self commands in order to get full connectivity.

Am i correct here or did i do something wrong for which i needed the next-hop-self commands?

Hi Pim,

The issue you had is normal. If you source updates from loopbacks then you need to make sure some of your BGP routers know how to reach the next-hop IP address. You can use the next-hop-self command or you can advertise the correct networks in BGP.

Once you fix next-hop-issues its all good. Its just a bit more typing than using the physical interfaces for setting up neighbor peers.

Hello Rene. Between R7 and R11, why didn't you use neighbor statements with the addresses of loopback interfaces like you did on all the other routers? 7.7.7.7 and 11.11.11.11 ? I tried using that and then typing the authentication statement and one end does not seem to see the md5 hash. I can only do it by using the facing interfaces IP address in the neighbor statement?
Thanks.

Hello Alex,

R7 and R11 are EBGP routers and normally you use the directly connected IP addresses to setup a neighbor peering. For IBGP we prefer to use loopbacks because our IGP can take care of finding another route in case of link failure.

It's possible to setup EBGP by using loopback interfaces but you need to use the ebgp-multihop command to tell the routers you are not using the directly connected IP addresses.

Rene

Last bullet point, stopping AS 300 for acting as transit for AS 200 for network 172.16.76.1

I am having problems with the last bullet point.

As in your video, I have configured R4 and R5 to filter 172.16.1.0/24 from being advertised to R6.

However R6 then learns 172.16.1.1 from R7, who is learning it from AS 400 who is learning it from AS 300.

If I filter on R9, then AS 400 is effected.

What did you do that I missed to get AS 300 to stop acting as a transit for AS200 for network 172.16.1.0/24?

I have met all other objectives listed, this is the only one I am having problems with.

Thanks

Not sure what I did in the video anymore but you could try the "no-export" community. That'll tell an AS not to advertise certain prefixes through EBGP to another AS.

Hello Dear,

Thanks for posting this very interesting lab , i have a one query about this lab , when i use final config .. we found the drops coming when i am going to ping from R1 to R11

thank
vivek

Hi Vivek,

Did you check where the packets are being dropped and why? It's been awhile since I recorded this video

Rene

Hi Rene, after prepending as 400 twice on R11 (sent to R7), I fail to see the route in my bgp table on R6. When I prepend it only once, it's there. What is the reason R7 won't advertize it to R6?

R7#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 48
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
300 400, (received & used)
6.6.6.6 (metric 156160) from 6.6.6.6 (6.6.6.6)
Origin incomplete, metric 0, localpref 100, valid, internal, best
400 400 400, (received & used)
11.11.11.11 from 11.11.11.11 (11.11.11.11)
Origin incomplete, metric 0, localpref 100, valid, external

R6#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 161
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
300 400, (received & used)
4.4.4.4 from 4.4.4.4 (4.4.4.4)
Origin incomplete, localpref 100, valid, external
300 400, (received & used)
5.5.5.5 from 5.5.5.5 (5.5.5.5)
Origin incomplete, localpref 100, valid, external, best

I'm confused..

Hi Steven,

Can you create a forum topic and drop your configs there? I'll take a look.

Rene

@stevenjacobs... that is cause R6 is not connected directly to R11. you can influence routing decisons only to directly connected neighors and it is local to that neighbor for the as-path attribute..

On another note, Rene, i wanted something tougher mate
good lab though...but something more deeper and intense.. soon maybe?

cheers

btw, is there anyway i could hide the as path numbers showing up when i do a traceroute?

I'm not 100% sure but I believe you only see the AS number on the trace if you do this from a BGP router that knows about the prefixes/AS numbers. Try to do the same trace from a non-BGP router and check what you see then...

I have more stuff in mind especially since I'll work more towards my CCIE in a few weeks. I'm very busy with other work at the moment however

Greetings, thanks for the great lab. This is all really new to me so hopefully it'll be amusing

I think I've completed everything up to the confederator so I thought I'd take a peak at the ospf and ibgp settings of the completed R11 and it confused me. I put R10 and R11 in their own area (400) apart from AS300's area (0), and I didn't configure any IGP between AS300 and AS400 because that's how I interpreted the 2nd bullet.

Where'd I go wrong?

We only run an IGP (OSPF or EIGRP) within the AS. So if you need to use OSPF you can just use area 0 within each AS because there's no neigbor adjacency between different AS'es.

well when i set it up like that, with R10 and R11 in ospf area 0 along with R4,5,8,9 I can ping from R4 to R11. And I thought that defeated the point of the lab (which is where I could be missing the point). Here's some info off R4R4#traceroute 192.168.110.11

Type escape sequence to abort.
Tracing the route to 192.168.110.11

1 192.168.45.5 8 msec 4 msec 4 msec
2 192.168.58.8 4 msec 4 msec 12 msec
3 192.168.89.9 8 msec 8 msec 12 msec
4 192.168.109.10 20 msec 20 msec 16 msec
5 192.168.110.11 36 msec 20 msec *
R4#

R4#show ip route

O 192.168.89.0/24 [110/3] via 192.168.45.5, 009:45, FastEthernet2/0
C 192.168.46.0/24 is directly connected, FastEthernet3/0
C 192.168.45.0/24 is directly connected, FastEthernet2/0
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
O IA 192.168.110.0/24 [110/5] via 192.168.45.5, 009:45, FastEthernet2/0
O 192.168.58.0/24 [110/2] via 192.168.45.5, 009:45, FastEthernet2/0
C 192.168.24.0/24 is directly connected, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 192.168.45.5, 009:45, FastEthernet2/0
O 192.168.56.0/24 [110/2] via 192.168.45.5, 009:45, FastEthernet2/0
O 192.168.109.0/24 [110/4] via 192.168.45.5, 009:45, FastEthernet2/0
8.0.0.0/32 is subnetted, 1 subnets
O 8.8.8.8 [110/3] via 192.168.45.5, 009:50, FastEthernet2/0
9.0.0.0/32 is subnetted, 1 subnets
O 9.9.9.9 [110/4] via 192.168.45.5, 009:50, FastEthernet2/0
10.0.0.0/32 is subnetted, 1 subnets
O IA 10.10.10.10 [110/5] via 192.168.45.5, 009:50, FastEthernet2/0
11.0.0.0/32 is subnetted, 1 subnets
O IA 11.11.11.11 [110/6] via 192.168.45.5, 009:50, FastEthernet2/0
C 192.168.34.0/24 is directly connected, FastEthernet1/0

R4 has learned the networks in AS 400 through OSPF, that's now how it is supposed to be...you should learn those through BGP.

There should be no OSPF packets between different AS'es. If you want to enforce this...configure OSPF passive interface on the interfaces between the AS'es.

You have to see the different AS'es as Internet providers, they don't run OSPF between them, only BGP

I have put the final configs that I downloaded from here and still have a problems when I run the tclsh script. I cannot get a ping from R1 to R5,R8 and R9. Does anyone have any suggestions?

Thanks!

Never mind on my previous post. I made mistake and did not go far enough in the video. Thank goodness for the videos. What I was missing was to put in the statement:

neighbor 5.5.5.5 next-hop-self

in R4.

What I don't know how to do yet is how to troubleshoot this and really how to use this statement. What I found was the LO addresses from R1, R2 and R3 were not being advertised from R4 to R5. Can anyone suggest how to know the problem would be fixed but using the next-hop-self statement?

Sorry to be so dumb but I am still trying to learn BGP.

Well do a sh ip bgp, for those routes you don't have in the routing table, ping the next hop, if you can't reach the next hop it means the edge router has to "next-hop-self".

Of course, check if the edge router can ping the prefix too, if not it may some other issue.