1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu BGP III Lab Scenario pdf

9 422 1

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 9
Dung lượng 34,97 KB

Nội dung

CertificationZone Page 1 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 Date of Issue: 09-01-2000 BGP III Lab Scenario by Chuck Larrieu Setup Working Configurations Router 1 Configuration Router 2 Configuration Router 3 Configuration Router 4 Configuration A Look at the Routing Tables Reality Check A Look at the Regular Expressions Path Manipulation on Router 4 How Could You See the Regexp? Changing Policy Add the Access List to Router 4 Configuration. Huh? It Didn't Work Something Is Missing Setup Build a configuration that consists of four routers: R1 R2 R3 R4 | | | | Working Configurations Router 1 Configuration service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router_1 ! Router_1 Router_2 Router_3 Router_4 AS 1 2 3 4 Router ID 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 Ethernet 0 n/a n/a n/a n/a Loopback 0 192.168.64.1/24 192.168.32.1/24 192.168.8.1/24 192.168.0.1/24 Loopback 1 192.168.65.1/24 192.168.33.1/24 192.168.9.1/24 192.168.1.1/24 Loopback 2 192.168.66.1/24 192.168.34.1/24 192.168.10.1/24 192.168.2.1/24 Loopback 3 192.168.67.1/24 192.168.35.1/24 192.168.11.1/24 192.168.3.1/24 Serial 0 10.0.0.14/30 10.0.0.9/30 10.0.0.5/30 10.0.0.1/30 Serial 1 10.0.0.10/30 10.0.0.6/30 10.0.0.2/30 10.0.0.13/30 CertificationZone Page 2 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 ip subnet-zero ! cns event-service server ! interface Loopback0 ip address 192.168.64.1 255.255.255.0 ! interface Loopback1 ip address 192.168.65.1 255.255.255.0 ! interface Loopback2 ip address 192.168.66.1 255.255.255.0 ! interface Loopback3 ip address 192.168.67.1 255.255.255.0 ! interface Ethernet0 no ip address shutdown no cdp enable ! interface Serial0 ip address 10.0.0.14 255.255.255.252 ! interface Serial1 ip address 10.0.0.10 255.255.255.252 ! router ospf 1000 network 192.168.64.1 0.0.0.0 area 0 network 192.168.65.1 0.0.0.0 area 0 network 192.168.66.1 0.0.0.0 area 0 network 192.168.67.1 0.0.0.0 area 0 ! router bgp 1 bgp router-id 1.1.1.1 bgp cluster-id 3232187137 redistribute ospf 1000 neighbor 10.0.0.9 remote-as 2 neighbor 10.0.0.13 remote-as 4 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 privilege level 15 transport input none line aux 0 line vty 0 4 privilege level 0 password yahoudi login ! end Router 2 Configuration service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router_2 ! ip subnet-zero ! cns event-service server ! interface Loopback0 ip address 192.168.32.1 255.255.255.0 ! interface Loopback1 ip address 192.168.33.1 255.255.255.0 ! CertificationZone Page 3 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 interface Loopback2 ip address 192.168.34.1 255.255.255.0 ! interface Loopback3 ip address 192.168.35.1 255.255.255.0 ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10.0.0.9 255.255.255.252 no fair-queue ! interface Serial1 ip address 10.0.0.6 255.255.255.252 ! router bgp 2 bgp router-id 2.2.2.2 bgp cluster-id 3232178945 network 10.0.0.4 mask 255.255.255.252 network 192.168.32.0 network 192.168.33.0 network 192.168.34.0 network 192.168.35.0 aggregate-address 192.168.32.0 255.255.252.0 summary-only neighbor 10.0.0.5 remote-as 3 neighbor 10.0.0.10 remote-as 1 ! ip classless no ip http server ! line con 0 privilege level 15 transport input none line aux 0 line vty 0 4 privilege level 0 no login ! end Router 3 Configuration no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname Router_3 ! ip subnet-zero ! interface Loopback0 ip address 192.168.8.1 255.255.255.0 ! interface Loopback1 ip address 192.168.9.1 255.255.255.0 ! interface Loopback2 ip address 192.168.10.1 255.255.255.0 ! interface Loopback3 ip address 192.168.11.1 255.255.255.0 ! interface Ethernet0 no ip address no keepalive shutdown ! interface Serial0 ip address 10.0.0.5 255.255.255.252 ! interface Serial1 ip address 10.0.0.2 255.255.255.252 CertificationZone Page 4 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 ! router ospf 1000 network 192.168.8.1 0.0.0.0 area 0 network 192.168.9.1 0.0.0.0 area 0 network 192.168.10.1 0.0.0.0 area 0 network 192.168.11.1 0.0.0.0 area 0 ! router bgp 3 bgp router-id 3.3.3.3 network 10.0.0.0 redistribute ospf 1000 neighbor 10.0.0.1 remote-as 4 neighbor 10.0.0.6 remote-as 2 ! ip classless ! line con 0 line aux 0 line vty 0 4 login ! end Router 4 Configuration service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname router_4 ! no logging console ! ip subnet-zero cns event-service server ! interface Loopback0 ip address 192.168.0.1 255.255.255.0 ! interface Loopback1 ip address 192.168.1.1 255.255.255.0 ! interface Loopback2 ip address 192.168.2.1 255.255.255.0 ! interface Loopback3 ip address 192.168.3.1 255.255.255.0 ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10.0.0.1 255.255.255.252 ! interface Serial1 ip address 10.0.0.13 255.255.255.252 ! router bgp 4 bgp router-id 4.4.4.4 bgp cluster-id 3232286465 network 10.0.0.0 mask 255.255.255.252 network 192.168.0.0 network 192.168.1.0 network 192.168.2.0 network 192.168.3.0 neighbor 10.0.0.2 remote-as 3 neighbor 10.0.0.14 remote-as 1 ! no ip http server ip as-path access-list 1 permit _3_ ! line con 0 exec-timeout 0 0 CertificationZone Page 5 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 privilege level 15 transport preferred none transport input none line aux 0 transport preferred none transport input all line vty 0 4 privilege level 0 transport preferred none ! end A Look at the Routing Tables Router_1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set B 192.168.8.0/24 [20/0] via 10.0.0.13, 00:05:56 B 192.168.9.0/24 [20/0] via 10.0.0.13, 00:05:56 B 192.168.10.0/24 [20/0] via 10.0.0.13, 00:05:56 B 192.168.11.0/24 [20/0] via 10.0.0.13, 00:05:56 B 10.0.0.0/8 [20/0] via 10.0.0.13, 00:05:57 B 10.0.0.0/30 [20/0] via 10.0.0.13, 00:05:57 B 10.0.0.4/30 [20/0] via 10.0.0.9, 00:05:57 B 192.168.0.0/24 [20/0] via 10.0.0.13, 00:05:58 B 192.168.1.0/24 [20/0] via 10.0.0.13, 00:05:58 B 192.168.2.0/24 [20/0] via 10.0.0.13, 00:05:58 B 192.168.3.0/24 [20/0] via 10.0.0.13, 00:05:58 B 192.168.32.0/22 [20/0] via 10.0.0.9, 00:05:58 Router_1# Observe that on router_1, networks advertised by router_4 appear via the interface connected to router_4 There are no secondary paths. Reality Check Routes advertised by router 3, which is two hops away (both through router 2 and router 4), appear as originating through router 4. Why? BGP is designed to ensure loop free routing. The BGP decision process is run on the Adj-RIB-in table upon the receipt of route notifications from neighbors. Router 1 would have received notification of routes originating from router 3 from two different sources (router 2 and router 4) One of those notifications would have arrived prior to the other. Upon receipt of the duplicate route, BGP would discard that update. One thing to try might be to shut down one of the serial interfaces, clear the BGP process (clear ip bgp *) and observe the installation of the route via the other interface. Router_1#sh ip bgp summary BGP router identifier 1.1.1.1, local AS number 1 BGP table version is 146, main routing table version 146 16 network entries and 23 paths using 2380 bytes of memory 10 BGP path attribute entries using 520 bytes of memory 5 BGP AS-PATH entries using 120 bytes of memory CertificationZone Page 6 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 59/116 prefixes, 156/129 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.9 4 2 1639 1650 146 0 0 1d00h 7 10.0.0.13 4 4 1674 1659 146 0 0 1d01h 12 Shows the BGP neighbors, current BGP table version, networks and paths, and memory usage. A Look at the Regular Expressions Information obtained through the use of show commands in conjunction with regular expressions can be useful in determining how BGP paths are installed into the BGP tables. The following is the result of the show ip bgp regexp .* command, which reveals all paths known to BGP on this router. Router_1#sh ip bgp regexp.* BGP table version is 146, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>10.0.0.0/30 10.0.0.13 0 0 4 i * 10.0.0.0 10.0.0.9 0 2 3 i *> 10.0.0.13 0 4 3 i * 10.0.0.4/30 10.0.0.13 0 4 3 2 i *> 10.0.0.9 0 0 2 i *>192.168.0.0 10.0.0.13 0 0 4 i *>192.168.1.0 10.0.0.13 0 0 4 i *>192.168.2.0 10.0.0.13 0 0 4 i *>192.168.3.0 10.0.0.13 0 0 4 i * 192.168.8.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.9.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.10.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.11.0 10.0.0.9 0 2 3 ? *> 10.0.0.13 0 4 3 ? * 192.168.32.0/22 10.0.0.13 0 4 3 2 i *> 10.0.0.9 0 2 i *>192.168.64.0 0.0.0.0 0 32768 ? *>192.168.65.0 0.0.0.0 0 32768 ? *>192.168.66.0 0.0.0.0 0 32768 ? *>192.168.67.0 0.0.0.0 0 32768 ? Observe this on all routers. In the case of router_1, the output of the show ip bgp .* shows, for example, that directly connected networks have a weight of 32768, and a path of "?" indicating that these networks are local to the router. If router_1 were to receive notification from another source of a path to one of these routes, it would know by comparison that there is a loop, and that these route notifications are unreliable, and should be dropped. Note the summary route 192.168.32.0/22, denoted by the * as reliable, and advertised by AS4 (router 4) but that the best path, indicated by > comes from AS2 (router 2). Again, router 1 has received notification of two paths to a particular network, but installs only one of them into its routing table. (Refer to the router_1 routing table, above.) Path Manipulation on Router 4 Observe the router_4 routing table ROUTER_4#sh ip route bgp B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:01:14 B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:01:14 B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:01:14 CertificationZone Page 7 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:01:14 B 192.168.64.0/24 [20/0] via 10.0.0.14, 00:01:18 B 192.168.65.0/24 [20/0] via 10.0.0.14, 00:01:18 B 192.168.66.0/24 [20/0] via 10.0.0.14, 00:01:18 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:01:14 B 10.0.0.4/30 [20/0] via 10.0.0.14, 00:01:18 B 192.168.67.0/24 [20/0] via 10.0.0.14, 00:01:18 B 192.168.32.0/22 [20/0] via 10.0.0.14, 00:01:18 ROUTER_4# Router 4 is receiving information that certain networks are best reached from AS1 (router_1). How Could You See the Regexp? A look at the regular expression confirms this: Network Next Hop Metric LocPrf Weight Path *>198.92.0.0 198.92.72.30 8896 32768 ? * 198.92.72.30 0 109 108 ? *>198.92.1.0 198.92.72.30 8796 32768 ? * 198.92.72.30 0 109 108 ? ROUTER_4#sh ip bgp regexp .* BGP table version is 22, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>10.0.0.0/30 0.0.0.0 32768 i *>10.0.0.0 10.0.0.2 0 3 i * 10.0.0.14 0 1 2 3 i * 10.0.0.4/30 10.0.0.2 0 3 2 i *> 10.0.0.14 0 1 2 i *>192.168.0.0 0.0.0.0 32768 i *>192.168.1.0 0.0.0.0 32768 i *>192.168.2.0 0.0.0.0 32768 i *>192.168.3.0 0.0.0.0 32768 i *>192.168.8.0 10.0.0.2 0 3 ? * 10.0.0.14 0 1 2 3 ? *>192.168.9.0 10.0.0.2 0 3 ? * 10.0.0.14 0 1 2 3 ? *>192.168.10.0 10.0.0.2 0 3 ? * 10.0.0.14 0 1 2 3 ? *>192.168.11.0 10.0.0.2 0 3 ? * 10.0.0.14 0 1 2 3 ? * 192.168.32.0/22 10.0.0.2 0 3 2 i *> 10.0.0.14 0 1 2 i * 192.168.64.0 10.0.0.2 0 3 2 1 ? *> 10.0.0.14 0 1 ? * 192.168.65.0 10.0.0.2 0 3 2 1 ? *> 10.0.0.14 0 1 ? * 192.168.66.0 10.0.0.2 0 3 2 1 ? *> 10.0.0.14 0 1 ? * 192.168.67.0 10.0.0.2 0 3 2 1 ? *> 10.0.0.14 0 1 ? ROUTER_4# Observe that while a number of routes are advertised as originating through both AS1 (router_1) and AS3 (router_3) all routes are assigned a best path status based upon the decision process. Changing Policy Suppose, though, that router_4 did not want to accept traffic from router_1 unless that traffic had passed through AS3. Suppose, for example, that the managers of AS4 determined that AS1 was abusing its peering privilege, and dumping far more traffic into AS4 than was permitted by agreement. Through the use of regular expressions in conjunction with an access-list, the management of AS4 can set a policy restricting traffic from AS1 entering AS4 directly. CertificationZone Page 8 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 Note that in the configuration for AS4, there is an access list ip as-path access-list 1 permit _3_ Note the "_3_ " portion. The regular expression _3_ denotes an exact match of AS3, preceded and followed by any other AS. Add the Access List to Router 4 Configuration. One more step is required. As with all Cisco access-lists, it is one thing to create them. They must still be applied. This is done with a filter list, applied under the routing process. So, in this case, on router_4, enter the following command: router bgp 4 neighbor 10.0.0.14 filter-list 1 in Huh? It Didn't Work Now observe the change in the routing table, or in the regexp output. There is no change! Why? Something Is Missing because the paths are already installed into the BGP tables. The BGP processes must be cleared so that, as updates are received, the new policy can be applied. This is done with the clear ip bgp * command. Now observe the routing table and the regexp output for router 4: ROUTER_4#sh ip route bgp B 192.168.8.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.9.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.10.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.11.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.64.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.65.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.66.0/24 [20/0] via 10.0.0.2, 00:00:15 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks B 10.0.0.0/8 [20/0] via 10.0.0.2, 00:00:15 B 10.0.0.4/30 [20/0] via 10.0.0.2, 00:00:15 B 192.168.67.0/24 [20/0] via 10.0.0.2, 00:00:15 B 192.168.32.0/22 [20/0] via 10.0.0.2, 00:00:15 ROUTER_4# All routes are originating through the connection to router 3 (AS3). ROUTER_4#sh ip bgp regexp .* BGP table version is 17, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/30 0.0.0.0 32768 i *> 10.0.0.0 10.0.0.2 0 3 i *> 10.0.0.4/30 10.0.0.2 0 3 2 i *> 192.168.0.0 0.0.0.0 32768 i *> 192.168.1.0 0.0.0.0 32768 i *> 192.168.2.0 0.0.0.0 32768 i *> 192.168.3.0 0.0.0.0 32768 i *> 192.168.8.0 10.0.0.2 0 3 ? Do not reset interfaces in production networks unless you know what the consequences will be. Wherever possible, use the newer soft refresh mechanisms. See the BGP3 Tutorial for a discussion of soft refresh. CertificationZone Page 9 of 9 http://www.certificationzone.com/studyguides /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 *> 192.168.9.0 10.0.0.2 0 3 ? *> 192.168.10.0 10.0.0.2 0 3 ? *> 192.168.11.0 10.0.0.2 0 3 ? *> 192.168.32.0/22 10.0.0.2 0 3 2 i *> 192.168.64.0 10.0.0.2 0 3 2 1 ? *> 192.168.65.0 10.0.0.2 0 3 2 1 ? *> 192.168.66.0 10.0.0.2 0 3 2 1 ? *> 192.168.67.0 10.0.0.2 0 3 2 1 ? [IE-BGP3-LS1-F03] [2000-08-30-01] Copyright © 2000 Genium Publishing Corporation . /?Issue=20&IssueDate=09-01-2000&CP= 11/06/01 Date of Issue: 09-01-2000 BGP III Lab Scenario by Chuck Larrieu Setup Working Configurations Router 1 Configuration . how BGP paths are installed into the BGP tables. The following is the result of the show ip bgp regexp .* command, which reveals all paths known to BGP

Ngày đăng: 24/01/2014, 19:20

TỪ KHÓA LIÊN QUAN