CertificationZone Page 1 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 Date of Issue: 06-01-2000 BGP II Lab Scenario: Cheese Sauce Rules by Howard Berkowitz Introduction Policy Level Correct Policies Configuration (without preferences) Cheese Sauce Router New Broccoli Configurations Broccoli East Router Broccoli West Router New Cabbage Configuration Introduction The work of the Cheese Sauce Research Network has met with wild success, and its growth has been phenomenal. It qualifies for address space (64.255.192.0/20) and an AS of its own (300). A special request was made for 300, in the spirit of Charles deGaulle's comment "Any country with three hundred cheeses is ungovernable." Because Broccoli still has funding for CSRN, CSRN will use Broccoli for its primary connectivity, with a backup link to Cabbage. CSRN is physically in the same building as Broccoli, but will use the LAN previously assigned to Broccoli CSRN applications as its access link to Broccoli. In the first part of this lab, you will set up the environment before CSRN has its own router and AS number. In the second part, you will convert to the new configuration. Figure Case 3 gives a high-level view: Address assignments in this lab are not the most efficient possible, because the focus of the lab is not justifying address space. What changes need to take place on Broccoli, CSRN, and Cabbage, starting from the Case 3 configuration and adding CSRN? Here are the current assignments of address blocks and AS numbers: Table 1. Vegetable Valley's Routers (only those relevant to this lab are shown) CertificationZone Page 2 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 Your starting point is the configuration in Figure Broccoli detail before separate CSRN AS. Your first goal is to create the configuration in Figure Broccoli detail after separate CSRN AS. Since the key element in any configuration is deciding what problem you are trying to solve, first consider the policy level. Router Loopback Address Interface to Upstream (in inter- AS network) Internal LANs Interface to Downstream or Peer AspEast 96.0.15.253/30 Not applicable Not applicable 96.0.2.5/30 to BrocWest AspWest 96.0.15.249/30 Not applicable Not applicable 96.0.2.5/30 to BrocWest BrocEast 192.0.2.253/30 96.0.2.6/30 to AspEast AS1-ALLOCATION 192.0.2.0/24 INTERNAL- ROUTES 192.0.2.0/25 BROC-CHEESE- LAN 192.0.2.128/25 192.0.2.2/23 e0 to West 192.0.2.130/30 e1 to CSRN BrocWest 192.0.2.249/30 96.0.2.10/30 to AspWest AS1-ALLOCATION 192.0.2.0/24 INTERNAL- ROUTES 192.0.2.0/25 BROC-CHEESE- LAN 192.0.2.128/25 192.0.2.1/23 e0 to East 192.0.2.134/30 e1 to CSRN 192.168.255.253/30 s1 to Cabbage Cabbage 222.111.111.253/30 222.111.112.254/30 to Zucchini AS2-ALLOCATION 222.111.111.0/24 CAB-CHEESE-LAN 222.111.111.128/28 222.111.111.129/30 to CSRN 192.168.255.254/30 s1 to Broccoli CSRN 64.254.192.253/30 192.2.0.129/30 to BrocEast 192.2.0.133/30 to BrocWest CSRN- ALLOCATION 64.255.192.0/20 222.111.111.130/28 to Cabbage CertificationZone Page 3 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 Policy Level Is this the correct set of new policies? Additions are in bold. aut-num: AS300 as-name: CheeseSauceResearchNetwork import: from AS1 accept ANY from AS3 accept ANY export: to AS1 announce ANY to AS3 announce ANY as-name: Cabbage import: from Broccoli accept BROC-CHEESE-LAN import: from AS2 accept ANY export: to AS3 announce INTERNAL-ROUTES export: to Broccoli announce CAB-CHEESE-LAN aut-num: AS1 as-name: Broccoli import: from AS3 accept ANY import: from AS4 accept ANY import: from AS300 accept CSRN-ALLOCATION import: from AS2 accept CAB-CHEESE-LAN export: to AS3 announce INTERNAL-ROUTES export: to AS2 announce BROC-CHEESE-LAN export: to AS3 announce AS1-ALLOCATION export: to AS4 announce AS1-ALLOCATION aut-num: AS3 as-name: Asparagus import: from AS1 accept AS1-ALLOCATION export: to AS1 announce ANY Correct Policies In the real world, you will want to implement egress and/or ingress route filtering as specified in RFC 2827. For simplicity, such filtering is not done in this lab. Check manually that you are implementing the correct import and output policies. CertificationZone Page 4 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 BROC-CHEESE-LAN and CAB-CHEESE-LAN no longer need to be advertised by a policy. BROC-CHEESE-LAN has become what is called an inter-AS network, which really doesn't need to be known beyond the routers that share it. In fact, the exchange points in the global Internet have registered address space that is not generally advertised, because it needs to be known only to the carriers that interconnect at the exchange point. AS3, Asparagus, needs to know about the CSRN-ALLOCATION, or AS3 will not necessarily advertise it to its upstreams. aut-num: AS300 as-name: CheeseSauceResearchNetwork import: from AS1 accept action pref=10 ANY from AS3 accept ANY export: to AS1 announce CSRN-ALLOCATION to AS3 announce CSRN-ALLOCATION as-name: Cabbage import: from Broccoli accept BROC-CHEESE-LAN import: from AS2 accept ANY export: to AS3 announce INTERNAL-ROUTES export: to Broccoli announce CAB-CHEESE-LAN aut-num: AS1 as-name: Broccoli import: from AS3 accept ANY import: from AS4 accept ANY import: from AS300 accept CSRN-ALLOCATION import: from AS2 accept CAB-CHEESE-LAN export: to AS3 announce INTERNAL-ROUTES export: to AS2 announce BROC-CHEESE-LAN export: to AS3 announce AS1-ALLOCATION export: to AS4 announce AS1-ALLOCATION aut-num: AS3 as-name: Asparagus import: from AS1 accept AS1-ALLOCATION import: from AS1 accept CSRN-ALLOCATION export: to AS1 announce ANY (upstreams not shown) Configuration (without preferences) Make your initial design as simple as possible, not using any preference factors at first. Begin with the CSRN router and peer it to Broccoli and Cabbage. Be sure you don't provide transit when the policy does not call for transit. Cabbage should not be able to get to Asparagus via Broccoli. CSRN should be able to get to Asparagus Table 2. Permissible ways to get to Asparagus Cheese Sauce Router hostname CSRN1 int loop0 ip addr CSRNLoop 255.255.255.252 int e0 descr in-building link to Broccoli, inter-AS network ip addr 192.0.2.130 255.255.255.240 Via CSRN Via Broccoli Via Cabbage CSRN N/A Yes Yes (but via Zucchini) Broccoli No N/A No Cabbage No No N/A CertificationZone Page 5 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 int s0 descr dedicated line to Cabbage ip addr 222.111.111.130 255.255.255.240 int e1 descr internal LAN ip addr 64.255.192.1 255.255.240.0 router bgp 300 network 64.255.192.0 mask 255.255.240.0 neighbor 192.0.2.263 remote-AS 1 neighbor 192.0.2.263 ebgp-multihop neighbor 192.0.2.263 update-source loop0 neighbor 192.0.2.249 remote-AS 1 neighbor 192.0.2.249 ebgp-multihop neighbor 192.0.2.249 update-source loop0 neighbor 222.111.111.253 remote-AS 2 neighbor 222.111.111.253 ebgp-multihop neighbor 222.111.111.253 update-source loop0 New Broccoli Configurations Broccoli has two routers. It uses Asparagus as its upstream, and connects to two separate Asparagus routers. Broccoli also will have private peerings to Cabbage and CSRN. Broccoli East Router hostname BrocEast int loop0 ip addr 192.0.2.263 255.255.255.252 int e0 descr internal LAN (includes iBGP) ip addr 192.0.2.2 255.255.255.128 int e1 descr in-building link to CSRN ip addr 192.0.2.130 255.255.255.128 int s0 descr link to AspEast ip addr 96.0.2.6 255.255.255.252 router bgp 1 network 192.0.2.0 mask 255.255.255.0 neighbor 96.0.15.253 remote-AS 3 neighbor 96.0.15.253 ebgp-multihop neighbor 96.0.15.253 update-source loop0 neighbor 192.0.2.249 remote-AS 1 neighbor 192.0.2.249 ebgp-multihop neighbor 192.0.2.249 update-source loop0 neighbor 222.111.111.253 remote-AS 2 neighbor 222.111.111.253 ebgp-multihop neighbor 222.111.111.253 update-source loop0 neighbor 65.254.192.253 remote-as 300 neighbor 65.254.192.253 ebgp-multihop neighbor 65.254.192.253 update-source loop0 Broccoli West Router hostname BrocWest int loop0 ip addr 192.0.2.249 255.255.255.252 int e0 descr internal LAN (includes iBGP) ip addr 192.0.2.1 255.255.255.128 int e1 descr in-building link to CSRN ip addr 192.0.2.129 255.255.255.128 CertificationZone Page 6 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 int s0 descr link to AspWest ip addr 96.0.2.10 255.255.255.252 int s1 descr link to Cabbage ip addr 192.168.255.253 255.255.255.252 router bgp 1 network 192.0.2.0 mask 255.255.255.0 neighbor 96.0.15.249 remote-AS 3 neighbor 96.0.15.249 ebgp-multihop neighbor 96.0.15.249 update-source loop0 neighbor 192.0.2.263 remote-AS 1 neighbor 192.0.2.263 ebgp-multihop neighbor 192.0.2.263 update-source loop0 neighbor 222.111.111.253 remote-AS 2 neighbor 222.111.111.253 ebgp-multihop neighbor 222.111.111.253 update-source loop0 neighbor 65.254.192.253 remote-as 300 neighbor 65.254.192.253 ebgp-multihop neighbor 65.254.192.253 update-source loop0 New Cabbage Configuration hostname Cabbage int loop0 ip addr 222.111.111.253 255.255.255.252 int e0 descr internal LAN ip addr 222.111.111.1 255.255.255.0 int s0 descr link to Zucchini ip addr 64.255.128.253 int s1 descr link to CSRN ip addr 222.111.111.130 255.255.255.128 int s2 descr link to BrocWest ip addr 192.168.255.254 255.255.255.252 router bgp 2 network 222.111.111.0 mask 255.255.255.0 neighbor 64.255.128.253 remote-AS 3 neighbor 64.255.128.253 ebgp-multihop neighbor 64.255.128.253 update-source loop0 neighbor 192.0.2.249 remote-AS 2 neighbor 192.0.2.249 ebgp-multihop neighbor 192.0.2.249 update-source loop0 neighbor 65.254.192.253 remote-as 300 neighbor 65.254.192.253 ebgp-multihop neighbor 65.254.192.253 update-source loop0 [IE-BGP2-LS1-F02] [2000-06-15-01] CertificationZone Page 7 of 7 http://www.certificationzone.com/studyguides /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 Copyright © 2000 Genium Publishing Corporation . /?Issue=14&IssueDate=06-01-2000&CP= 11/06/01 Date of Issue: 06-01-2000 BGP II Lab Scenario: Cheese Sauce Rules by Howard Berkowitz Introduction Policy. high-level view: Address assignments in this lab are not the most efficient possible, because the focus of the lab is not justifying address space. What