From: Chuck Larrieu (chuck@xxxxxxxxxxxxx)
Date: Sun Feb 11 2001 - 11:20:39 GMT-3
A couple of us got together and tried this - iBGP connectivity between our
pods across the net. Some comments:
1) It works. Really well. Especially when you use the right ip addresses in
your neighbor statements. ;->
2) Great lesson in troubleshooting.
Take a guess as to what the major stumbling block we found. Hint - only one
router was seeing all the routes it was supposed to see
MyDomain-------MyEdgeRouter--------NigelsDomain The answer is one of those
slap on the side of the head answers. Doh!
3) After solving the above mentioned problem, we tried an eBGP connection
across the net. That works too. Took a while for it to come up, but it did
come up and we saw all the routes we were supposed to see everywhere in both
domains. You have all read in Halabi and elsewhere that eBGP routers must be
on the same subnet. I believe the RFC states that as well, although it's
been a while. Our results indicated this is not necessarily true. I am
assuming the ebgp-multlihop command is part of bgp because of real world
requirements. Nigel and I were able to connect over a distance of 17 hops or
so. It does require a bit of patience. It seemed like a long time before the
debugs indicated that the two routers finally saw eachother. Once they did -
everything was happy.
This experiment leads to some interesting possibilities. I think this would
be worth trying again, if several of us could get together one evening. It
would be good practice for connectivity, filtering, route maps, all kinds of
things.
Tunneling is not required. We did try a tunnel at one point, and in the
course of fumbling around I discovered something interesting. BGP did not
like route maps wit statements that referred to interfaces. One more thing
to look at.
Any case, let me lay this out to the group. Now that Nigel and I have worked
out the bugs, how about we have a router party across the net next weekend?
Anyone who can connect their study pod to the net directly, lets see if we
can have some fun. It would be a chance to practice effectively with a whole
bunch more routers than normal. Route filtering, weights, local preferences,
all kinds of things.
I'm thinking next Sunday, Feb 18. Let me know off line. I'm in ASET next
week, so maybe this is a bit aggressive. But it would be fun!
Let me know off line if you 1) are interested and 2) can do this next week.
Requirements: at least one router connected to the internet ( public ip
address ), willingness to reveal that address and allow bgp connections,
ability to tolerate chaos. Communicating across a chat room with just three
people was interesting. More than that - wow!
Let me know off line.
Chuck
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chuck Larrieu
Sent: Friday, February 09, 2001 5:12 PM
To: CCIE_Lab Groupstudy List
Subject: Off Topic - BGP across the net - Lab?
I'm spending the weekend with BGP - want to know enough to be able to fake
it in the ASET lab next week.
Just pondering something. If iBGP routers do not need to be directly
connected, then is it reasonable to try to join up two labs across the
internet and see what we can see?
Me---------the internet-----------you
<-----------ibgp--------------->
my router
router bgp 65000
neighbor your_outside_ip_address
your router
router bgp 65000
neighbor my_outside_ ip_address
I don't think there would be any implications to the global internet routing
table. But if that is a concern, a simple GRE tunnel could alleviate that
issue.
Worth a shot? Any problems to the internet itself, if we use a private AS
number and the appropriate neighbor statements?
anyone interested in trying this tomorrow sometime after 5:00 p.m. pacific
( 8:00 p.m. eastern ) ?
If this is feasible, several of use could link up. Hell of a lot simpler
than trying IPSec / VPN tunnels
Chuck
A long shot at passing is better than no shot.
Right now that's all I got to get me through,
So I gotta believe!
( paraphrased from Kathy Baille / Baille and the Boys
a song from several years ago )
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:45 GMT-3