Topology:
Use configuration from BGP task #2 as initial configuration for this task.
Requirements:
*You may need to remove or alter parts of configuration from the previous task.
1. Routers in AS12 should send traffic towards AS8 using link R3-R7 as primary option, R3-R6 as secondary option and R1-R5 as last resort.
2. AS67 should be able to signal to AS12 the preferred entry point (R7 or R6), for network 67.0/16. Use an optional nontransitive path attribute to complete this task.
3. AS67 and AS5 are the service-providers for AS12. AS67 and AS5 should not use AS12 to reach any networks, except networks owned by AS12.
4. AS5, AS8 and AS67 shall use link R3-R7 to reach AS12 as primary option. If this link is unavailable, use link R3-R6. Use link R1-R5 as last resort. Use a well-known mandatory path attribute to complete this requirement.
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of best-path selection using AS-PATH, Local-Preference & MED attributes. It also requires understanding of well-known communities.
Requirement #1 - change the inbound policy on R3 and R1 from the previous task, to only set local-preference for prefix 8.0/16.
Requirement #2 - routers R6 and R7 should set a MED attribute when advertising prefix 67.0/16 to AS12. Lower MED value is preferred.
Requirement #3 - to prevent the "client" autonomous-system from being used as a transit, service-providers should set a well-known "no-export" community to prefixes advertised to the client.
Requirement #4 - configure outbound policy on R1 and R3 to set as-path prepend on prefixes advertised to AS5 and AS67.
route-map LAST permit 100
set as-path prepend 12 12 12 12 12
bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 12
neighbor IBGP update-source Loopback0
neighbor IBGP send-community
neighbor 5.0.15.5 remote-as 5
neighbor 5.0.15.5 route-map LAST out
neighbor 12.0.2.2 peer-group IBGP
neighbor 12.0.3.3 peer-group IBGP
neighbor 12.0.4.4 peer-group IBGP
router bgp 12
bgp log-neighbor-changes
network 12.0.0.0 mask 255.255.0.0
neighbor IBGP peer-group
neighbor IBGP remote-as 12
neighbor IBGP update-source Loopback0
neighbor IBGP send-community
neighbor 12.0.1.1 peer-group IBGP
neighbor 12.0.3.3 peer-group IBGP
neighbor 12.0.4.4 peer-group IBGP
route-policy BGP_ALL
pass
end-policy
!
route-policy PRIMARY_IN
if destination in AS8 then
set local-preference 300
else
pass
endif
end-policy
!
route-policy SECONDARY_IN
if destination in AS8 then
set local-preference 200
else
pass
endif
end-policy
!
route-policy SECONDARY_OUT
prepend as-path 12 3
end-policy
!
!
neighbor-group IBGP
remote-as 12
update-source Loopback0
address-family ipv4 unicast
!
!
neighbor 12.0.1.1
use neighbor-group IBGP
!
neighbor 12.0.2.2
use neighbor-group IBGP
!
neighbor 12.0.4.4
use neighbor-group IBGP
!
neighbor 67.0.36.6
remote-as 67
address-family ipv4 unicast
route-policy SECONDARY_IN in
route-policy SECONDARY_OUT out
!
!
neighbor 67.0.37.7
remote-as 67
address-family ipv4 unicast
route-policy PRIMARY_IN in
route-policy BGP_ALL out
!
!
!
route-map NO_TRANSIT permit 10
match ip address prefix-list AS67
set metric 10000
set community no-export
route-map NO_TRANSIT permit 100
set community no-export
bgp log-neighbor-changes
network 67.0.0.0 mask 255.255.0.0
neighbor 8.0.68.8 remote-as 8
neighbor 67.0.36.3 remote-as 12
neighbor 67.0.36.3 send-community
neighbor 67.0.36.3 route-map NO_TRANSIT out
neighbor 67.0.67.7 remote-as 67
This task requires understanding of best-path selection using AS-PATH, Local-Preference & MED attributes. It also requires understanding of well-known communities.
Requirement #1 - change the inbound policy on R3 and R1 from the previous task, to only set local-preference for prefix 8.0/16.
Requirement #2 - routers R6 and R7 should set a MED attribute when advertising prefix 67.0/16 to AS12. Lower MED value is preferred.
Requirement #3 - to prevent the "client" autonomous-system from being used as a transit, service-providers should set a well-known "no-export" community to prefixes advertised to the client.
Requirement #4 - configure outbound policy on R1 and R3 to set as-path prepend on prefixes advertised to AS5 and AS67.
R1:
!route-map LAST permit 100
set as-path prepend 12 12 12 12 12
!
router bgp 12bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 12
neighbor IBGP update-source Loopback0
neighbor IBGP send-community
neighbor 5.0.15.5 remote-as 5
neighbor 5.0.15.5 route-map LAST out
neighbor 12.0.2.2 peer-group IBGP
neighbor 12.0.3.3 peer-group IBGP
neighbor 12.0.4.4 peer-group IBGP
!
R2:
!router bgp 12
bgp log-neighbor-changes
network 12.0.0.0 mask 255.255.0.0
neighbor IBGP peer-group
neighbor IBGP remote-as 12
neighbor IBGP update-source Loopback0
neighbor IBGP send-community
neighbor 12.0.1.1 peer-group IBGP
neighbor 12.0.3.3 peer-group IBGP
neighbor 12.0.4.4 peer-group IBGP
!
R3:
!route-policy BGP_ALL
pass
end-policy
!
route-policy PRIMARY_IN
if destination in AS8 then
set local-preference 300
else
pass
endif
end-policy
!
route-policy SECONDARY_IN
if destination in AS8 then
set local-preference 200
else
pass
endif
end-policy
!
route-policy SECONDARY_OUT
prepend as-path 12 3
end-policy
!
router bgp 12
address-family ipv4 unicast!
neighbor-group IBGP
remote-as 12
update-source Loopback0
address-family ipv4 unicast
!
!
neighbor 12.0.1.1
use neighbor-group IBGP
!
neighbor 12.0.2.2
use neighbor-group IBGP
!
neighbor 12.0.4.4
use neighbor-group IBGP
!
neighbor 67.0.36.6
remote-as 67
address-family ipv4 unicast
route-policy SECONDARY_IN in
route-policy SECONDARY_OUT out
!
!
neighbor 67.0.37.7
remote-as 67
address-family ipv4 unicast
route-policy PRIMARY_IN in
route-policy BGP_ALL out
!
!
!
R6:
!route-map NO_TRANSIT permit 10
match ip address prefix-list AS67
set metric 10000
set community no-export
route-map NO_TRANSIT permit 100
set community no-export
!
router bgp 67bgp log-neighbor-changes
network 67.0.0.0 mask 255.255.0.0
neighbor 8.0.68.8 remote-as 8
neighbor 67.0.36.3 remote-as 12
neighbor 67.0.36.3 send-community
neighbor 67.0.36.3 route-map NO_TRANSIT out
neighbor 67.0.67.7 remote-as 67
!
R7:
!
route-map NO_TRANSIT permit 10
match ip address prefix-list AS67
set metric 1000
set community no-export
route-map NO_TRANSIT permit 100
set community no-export
!
router bgp 67
bgp log-neighbor-changes
network 67.0.0.0 mask 255.255.0.0
neighbor 8.0.78.8 remote-as 8
neighbor 67.0.37.3 remote-as 12
neighbor 67.0.37.3 send-community
neighbor 67.0.37.3 route-map NO_TRANSIT out
neighbor 67.0.67.6 remote-as 67
!
Verification:
RP/0/0/CPU0:R3#show bgp
Mon Dec 21 12:46:08.600 UTC
BGP router identifier 12.0.3.3, local AS number 12
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 46
BGP main routing table version 46
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i5.0.0.0/16 5.0.15.5 0 100 0 5 i
* 67.0.36.6 0 67 8 5 i
* 67.0.37.7 0 67 8 5 i
* 8.0.0.0/16 67.0.36.6 200 0 67 8 ?
*> 67.0.37.7 300 0 67 8 ?
*>i12.0.0.0/16 12.0.2.2 0 100 0 i
* i 12.0.4.4 0 100 0 i
* 67.0.0.0/16 67.0.36.6 10000 0 67 i
*> 67.0.37.7 1000 0 67 i
R1#show bgp
BGP table version is 25, local router ID is 12.0.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.0.0.0/16 5.0.15.5 0 0 5 i
*>i 8.0.0.0/16 67.0.37.7 300 0 67 8 ?
* 5.0.15.5 0 5 8 ?
*>i 12.0.0.0/16 12.0.2.2 0 100 0 i
* i 12.0.4.4 0 100 0 i
*>i 67.0.0.0/16 67.0.37.7 1000 100 0 67 i
* 5.0.15.5 0 5 8 67 i
R5#sho
R5#show bgp
BGP table version is 7, local router ID is 5.0.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.0.0.0/16 0.0.0.0 0 32768 i
*> 8.0.0.0/16 8.0.58.8 0 0 8 ?
* 12.0.0.0/16 5.0.15.1 0 12 12 12 12 12 12 i
*> 8.0.58.8 0 8 67 12 i
*> 67.0.0.0/16 8.0.58.8 0 8 67 i
R6#show bgp
BGP table version is 5, local router ID is 67.0.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 5.0.0.0/16 8.0.78.8 0 100 0 8 5 i
*> 8.0.68.8 0 8 5 i
* i 8.0.0.0/16 8.0.78.8 0 100 0 8 ?
*> 8.0.68.8 0 0 8 ?
* 12.0.0.0/16 67.0.36.3 0 12 12 12 12 i
*>i 67.0.37.3 0 100 0 12 i
*> 67.0.0.0/16 0.0.0.0 0 32768 i
* i 67.0.67.7 0 100 0 i
R7#show bgp
BGP table version is 10, local router ID is 67.0.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 5.0.0.0/16 8.0.68.8 0 100 0 8 5 i
*> 8.0.78.8 0 8 5 i
* i 8.0.0.0/16 8.0.68.8 0 100 0 8 ?
*> 8.0.78.8 0 0 8 ?
*> 12.0.0.0/16 67.0.37.3 0 12 i
* i 67.0.0.0/16 67.0.67.6 0 100 0 i
*> 0.0.0.0 0 32768 i
R8# show bgp
BGP table version is 7, local router ID is 8.0.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.0.0.0/16 8.0.58.5 0 0 5 i
*> 8.0.0.0/16 0.0.0.0 0 32768 ?
* 12.0.0.0/16 8.0.68.6 0 67 12 i
*> 8.0.78.7 0 67 12 i
* 67.0.0.0/16 8.0.68.6 0 0 67 i
*> 8.0.78.7 0 0 67 i