Scenario:
Sugar Cane company is a international company that is growing at a rapid rate. To connect all the different sites BGP is used, the security officer however doesn’t want all the sites to have full connectivity and wants you to create some filters based on AS paths.
Goal:
- All IP addresses have been preconfigured for you.
- Configure EBGP between all routers.
- You are only allowed to use AS Path Access-Lists to complete the following tasks.
- Advertise the loopback0 and loopback1 interface on all routers in BGP.
- Ensure AS1 does not become a transit AS.
- Configure router Bakers so it doesn’t advertise any prefixes from AS 2 towards AS 4.
- Configure AS4 so it doesn’t accept any prefixes originated by AS 1.
It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the protocols for CCNP.
Would you like to be a master of networking too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?
I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of CCNP.
You will learn all the secrets about BGP, external BGP, Transit AS and more.
Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE!
IOS:
c3640-jk9s-mz.124-16.bin
Topology:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Kindly upload the final configuration.
Thankyou
my solution 🙂
Coarse#
AS path access list 1
deny _1$
permit .*
!
neighbor 192.168.14.1 filter-list 1 in
Barbados#sh ip as-path-access-list
AS path access list 23
permit ^$
neighbor 192.168.14.4 filter-list 23 out
neighbor 192.168.12.2 filter-list 23 out
Bakers#sh ip as-path-access-list
AS path access list 1
deny ^2_
permit .*
neighbor 192.168.34.4 filter-list 1 out
Hello Rene:
Please fix the following error on your config file:
— Barbados Router: change loopback 0 and loopback 1 to be respectively 4.4.4.4 and 44.44.44.44
— Right now, both Coarse and Barbados Routers are using the same addresses for lo0 and lo1.
– Consequence: at start-up, they will both use the same router-Id as BGP identifier and will never be able to form adjacency.
– A cpature done on interface connecting both routers will show "BGP bad identifier" as a NOTIFICATION messgae to an OPEN sent by any of the peers.
Thanks i’ll fix it!
Soory Rene, lo0 on barbados should be 1.1.1.1 and lo1 should be 11.11.11.11 as Coarse is already using 4.4.4.4 and 44.44.44.44.
thanks.
Thanks i’ll fix it!
I actually like the little issues on the lab, it tends to tune your trouble shooting skills while covering the other objectives.
If you do manage to fix it you’ll learn even more 🙂
Completely agree. I find it much more pleasant to solve these labs when there’s need for troubleshoot.
kindly upload the video my command doesn’t work
ip as-path access-list 1 permit _1$
when i give this in gns3 i cant get the proper output
I actually did not notice that both routers have the same lo0 and lo1 ip address the same till after I fixed the error. I fixed the error by issuing the "bgp router-id 1.1.1.1" in router Barbados and "bgp router-id 4.4.4.4" in Coarse. That fixed the issue, then I noticed the IP address and changed it.
Here is my homework 😉
Barbados:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 filter-list 2 out
neighbor 192.168.14.4 remote-as 4
neighbor 192.168.14.4 filter-list 2 out
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
ip as-path access-list 2 permit ^$
*********************************************
Castor
router bgp 2
no synchronization
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
network 22.22.22.0 mask 255.255.255.0
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 3
no auto-summary
!
****************************************************
Bakers
router bgp 3
no synchronization
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
network 33.33.33.0 mask 255.255.255.0
neighbor 192.168.23.2 remote-as 2
neighbor 192.168.34.4 remote-as 4
neighbor 192.168.34.4 filter-list 1 out
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
ip as-path access-list 1 deny ^2_
ip as-path access-list 1 permit .*
!
************************************************
Coarse
router bgp 4
no synchronization
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
network 44.44.44.0 mask 255.255.255.0
neighbor 192.168.14.1 remote-as 1
neighbor 192.168.14.1 filter-list 1 in
neighbor 192.168.34.3 remote-as 3
neighbor 192.168.34.3 filter-list 1 in
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
ip as-path access-list 1 deny _1$
ip as-path access-list 1 permit .*
Memorising These Regular Expressions would be very helpful for this lab by INE.
+——————————————————+
| CHAR | USAGE |
+——————————————————|
| ^ | Start of string |
|——|———————————————–|
| $ | End of string |
|——|———————————————–|
| [] | Range of characters |
|——|———————————————–|
| – | Used to specify range ( i.e. [0-9] ) |
|——|———————————————–|
| ( ) | Logical grouping |
|——|———————————————–|
| . | Any single character |
|——|———————————————–|
| * | Zero or more instances |
|——|———————————————–|
| + | One or more instance |
|——|———————————————–|
| ? | Zero or one instance |
|——|———————————————–|
| _ | Comma, open or close brace, open or close |
| | parentheses, start or end of string, or space |
+——————————————————+
+————-+—————————+
| Expression | Meaning |
|————-+—————————|
| .* | Anything |
|————-+—————————|
| ^$ | Locally originated routes |
|————-+—————————|
| ^100_ | Learned from AS 100 |
|————-+—————————|
| _100$ | Originated in AS 100 |
|————-+—————————|
| _100_ | Any instance of AS 100 |
|————-+—————————|
| ^[0-9]+$ | Directly connected ASes |
+————-+—————————+
Thanks was so helpful thanks for your effort…
Hello Guys,
Below my solution:
******Castor******
router bgp 2
no synchronization
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
network 22.22.22.0 mask 255.255.255.0
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 3
no auto-summary
*******Barbados*******
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 route-map FILTER_4 out
neighbor 192.168.14.4 remote-as 4
neighbor 192.168.14.4 route-map FILTER_2 out
no auto-summary
!
ip as-path access-list 22 deny _4_
ip as-path access-list 22 permit .*
ip as-path access-list 44 deny _2_
ip as-path access-list 44 permit .*
!
route-map FILTER_4 permit 10
match as-path 22
!
route-map FILTER_2 permit 10
match as-path 44
*********Bakers*********
router bgp 3
no synchronization
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
network 33.33.33.0 mask 255.255.255.0
neighbor 192.168.23.2 remote-as 2
neighbor 192.168.34.4 remote-as 4
neighbor 192.168.34.4 route-map FILTER_2 out
no auto-summary
!
ip as-path access-list 44 deny _2_
ip as-path access-list 44 permit .*
!
route-map FILTER_2 permit 10
match as-path 44
*******Coarse***********
router bgp 4
no synchronization
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
network 44.44.44.0 mask 255.255.255.0
neighbor 192.168.14.1 remote-as 1
neighbor 192.168.14.1 route-map FILTER_1 in
neighbor 192.168.34.3 remote-as 3
no auto-summary
!
ip as-path access-list 11 permit ^V^_
ip as-path access-list 11 deny _1$
ip as-path access-list 11 permit .*
!
!
route-map FILTER_1 permit 10
match as-path 11
*********************************************
Regards,
Pit.
Hi Rene,
Hope you’re doing good!
I’m unable to console into the routers after loading the topology into my GNS3 v1.3.1. On the console i get an error message:
Connected to Dynamips VM “Coarse” (ID 4, type c3600) – Console port
Press ENTER to get the prompt.
Nothing happens after that, i have tried deleting the IOS image and readding it several times. I don’t get it.. Can you please suggest?
Appreciated!
HI Rene,
I’m unable to perform the last task i.e.,
Configure AS4 so it doesn’t accept any prefixes originated by AS 1.
Please see my below config
router bgp 4
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
network 44.44.44.44 mask 255.255.255.255
neighbor 192.168.14.1 remote-as 1
neighbor 192.168.14.1 filter-list 1 in
neighbor 192.168.34.3 remote-as 3
no auto-summary
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
ip as-path access-list 1 deny _1$
ip as-path access-list 1 permit .*
!
R4#sh ip bgp
BGP table version is 13, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.14.1 0 0 1 i
*> 3.3.3.3/32 192.168.34.3 0 0 3 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 192.168.14.1 0 0 1 i
*> 33.33.33.33/32 192.168.34.3 0 0 3 i
*> 44.44.44.44/32 0.0.0.0 0 32768 i
I’m still seeing routes originated from R1 i.e., Barbados
Please advise
Sagar
Great lab but i couldn’t have done it without reading some of the comments here. I have never used regular expressions before and pretty sure i could never remember them for an exam situation!