From: JM HotMail (norouterrip@hotmail.com)
Date: Thu Nov 23 2006 - 00:27:31 ART
Thank you! It is very much appreciated.
The topic is really interesting and BGP never stops being complex (certainly
its main charm), but a little bit scary from a lab perspective though...
Jean-Marc
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, November 22, 2006 5:54 PM
To: 'JM HotMail'; 'j buss'; ccielab@groupstudy.com
Subject: RE: BGP confederation
Some interesting notes..... (Kinda long)
I found different things in different IOS versions/platforms.
Lab:
R1------R4------R5
(R1-R4 = BGP65001) (R5=BGP65002) (ConfedID=109)
R1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 100.1.1.0 mask 255.255.255.0
network 100.1.2.0 mask 255.255.255.0
network 100.1.3.0 mask 255.255.255.0
network 100.1.4.0 mask 255.255.255.0
network 100.1.5.0 mask 255.255.255.0
network 100.1.6.0 mask 255.255.255.0
network 100.1.7.0 mask 255.255.255.0
network 100.1.8.0 mask 255.255.255.0
network 100.1.9.0 mask 255.255.255.0
network 100.1.10.0 mask 255.255.255.0
neighbor 4.4.4.4 remote-as 65001
neighbor 4.4.4.4 update-source Loopback100 no auto-summary !
R4:
router bgp 65001
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 109
bgp confederation peers 65002
network 100.4.1.0 mask 255.255.255.0
network 100.4.2.0 mask 255.255.255.0
network 100.4.3.0 mask 255.255.255.0
network 100.4.4.0 mask 255.255.255.0
network 100.4.5.0 mask 255.255.255.0
network 100.4.6.0 mask 255.255.255.0
network 100.4.7.0 mask 255.255.255.0
network 100.4.8.0 mask 255.255.255.0
network 100.4.9.0 mask 255.255.255.0
network 100.4.10.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65001
neighbor 1.1.1.1 update-source Loopback100 neighbor 11.11.11.5 remote-as
65002 no auto-summary !
R5:
router bgp 65002
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 109
bgp confederation peers 65001
network 200.5.1.0
network 200.5.2.0
network 200.5.3.0
network 200.5.4.0
network 200.5.5.0
network 200.5.6.0
network 200.5.7.0
network 200.5.8.0
network 200.5.9.0
network 200.5.10.0
neighbor 11.11.11.4 remote-as 65001
no auto-summary
!
emanon-R5#sh ip ro 1.1.1.1
% Network not in table
emanon-R5#sh ip ro 4.4.4.4
% Network not in table
emanon-R5#
So at this point, if next-hop didn't change between the peers, R5 would
reject all routes as unreachable since R1/R4 peer with their loopbacks.
emanon-R5#sh ip bgp
BGP table version is 21, local router ID is 200.5.10.1 Status codes: s
suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 100.1.1.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.2.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.3.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.4.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.5.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.6.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.7.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.8.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.9.0/24 11.11.11.4 0 100 0 (65001) i
* 100.1.10.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.1.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.2.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.3.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.4.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.5.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.6.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.7.0/24 11.11.11.4 0 100 0 (65001) i
Network Next Hop Metric LocPrf Weight Path
*> 100.4.8.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.9.0/24 11.11.11.4 0 100 0 (65001) i
*> 100.4.10.0/24 11.11.11.4 0 100 0 (65001) i
*> 200.5.1.0 0.0.0.0 0 32768 i
*> 200.5.2.0 0.0.0.0 0 32768 i
*> 200.5.3.0 0.0.0.0 0 32768 i
*> 200.5.4.0 0.0.0.0 0 32768 i
*> 200.5.5.0 0.0.0.0 0 32768 i
*> 200.5.6.0 0.0.0.0 0 32768 i
*> 200.5.7.0 0.0.0.0 0 32768 i
*> 200.5.8.0 0.0.0.0 0 32768 i
*> 200.5.9.0 0.0.0.0 0 32768 i
*> 200.5.10.0 0.0.0.0 0 32768 i
emanon-R5#
All routes see R4 as the next hop without an NHS statement.
R4, on the other hand has things different:
emanon-R4(config-router)#do sh ip bgp
BGP table version is 31, local router ID is 100.4.10.1 Status codes: s
suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i100.1.1.0/24 1.1.1.1 0 100 0 i
*>i100.1.2.0/24 1.1.1.1 0 100 0 i
*>i100.1.3.0/24 1.1.1.1 0 100 0 i
*>i100.1.4.0/24 1.1.1.1 0 100 0 i
*>i100.1.5.0/24 1.1.1.1 0 100 0 i
*>i100.1.6.0/24 1.1.1.1 0 100 0 i
*>i100.1.7.0/24 1.1.1.1 0 100 0 i
*>i100.1.8.0/24 1.1.1.1 0 100 0 i
*>i100.1.9.0/24 1.1.1.1 0 100 0 i
*>i100.1.10.0/24 1.1.1.1 0 100 0 i
*> 100.4.1.0/24 0.0.0.0 0 32768 i
*> 100.4.2.0/24 0.0.0.0 0 32768 i
*> 100.4.3.0/24 0.0.0.0 0 32768 i
*> 100.4.4.0/24 0.0.0.0 0 32768 i
*> 100.4.5.0/24 0.0.0.0 0 32768 i
*> 100.4.6.0/24 0.0.0.0 0 32768 i
*> 100.4.7.0/24 0.0.0.0 0 32768 i
Network Next Hop Metric LocPrf Weight Path
*> 100.4.8.0/24 0.0.0.0 0 32768 i
*> 100.4.9.0/24 0.0.0.0 0 32768 i
*> 100.4.10.0/24 0.0.0.0 0 32768 i
*> 200.5.1.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.2.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.3.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.4.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.5.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.6.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.7.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.8.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.9.0 11.11.11.5 0 100 0 (65002) i
*> 200.5.10.0 11.11.11.5 0 100 0 (65002) i
emanon-R4(config-router)#
But it can reach both sides, so no problems.
R1, on the other hand:
emanon-R1(config-router)#do sh ip bgp
BGP table version is 71, local router ID is 100.1.10.1 Status codes: s
suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.1.0/24 0.0.0.0 0 32768 i
*> 100.1.2.0/24 0.0.0.0 0 32768 i
*> 100.1.3.0/24 0.0.0.0 0 32768 i
*> 100.1.4.0/24 0.0.0.0 0 32768 i
*> 100.1.5.0/24 0.0.0.0 0 32768 i
*> 100.1.6.0/24 0.0.0.0 0 32768 i
*> 100.1.7.0/24 0.0.0.0 0 32768 i
*> 100.1.8.0/24 0.0.0.0 0 32768 i
*> 100.1.9.0/24 0.0.0.0 0 32768 i
*> 100.1.10.0/24 0.0.0.0 0 32768 i
*>i100.4.1.0/24 4.4.4.4 0 100 0 i
*>i100.4.2.0/24 4.4.4.4 0 100 0 i
*>i100.4.3.0/24 4.4.4.4 0 100 0 i
*>i100.4.4.0/24 4.4.4.4 0 100 0 i
*>i100.4.5.0/24 4.4.4.4 0 100 0 i
*>i100.4.6.0/24 4.4.4.4 0 100 0 i
*>i100.4.7.0/24 4.4.4.4 0 100 0 i
Network Next Hop Metric LocPrf Weight Path
*>i100.4.8.0/24 4.4.4.4 0 100 0 i
*>i100.4.9.0/24 4.4.4.4 0 100 0 i
*>i100.4.10.0/24 4.4.4.4 0 100 0 i
*>i200.5.1.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.2.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.3.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.4.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.5.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.6.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.7.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.8.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.9.0 11.11.11.5 0 100 0 (65002) i
*>i200.5.10.0 11.11.11.5 0 100 0 (65002) i
emanon-R1(config-router)#
emanon-R1(config-router)#do sh ip ro 11.11.11.5 % Network not in table
emanon-R1(config-router)# emanon-R1(config-router)#do ping 200.5.2.1 so lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.5.2.1, timeout is 2 seconds:
Packet sent with a source address of 100.1.1.1 .....
Success rate is 0 percent (0/5)
emanon-R1(config-router)#
No reachability there.
R4:
Router bgp 65001
neighbor 1.1.1.1 next-hop-self
emanon-R4(config-router)#do clear ip bgp * soft emanon-R4(config-router)#
emanon-R1(config-router)#do sh ip bgp
BGP table version is 81, local router ID is 100.1.10.1 Status codes: s
suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.1.0/24 0.0.0.0 0 32768 i
*> 100.1.2.0/24 0.0.0.0 0 32768 i
*> 100.1.3.0/24 0.0.0.0 0 32768 i
*> 100.1.4.0/24 0.0.0.0 0 32768 i
*> 100.1.5.0/24 0.0.0.0 0 32768 i
*> 100.1.6.0/24 0.0.0.0 0 32768 i
*> 100.1.7.0/24 0.0.0.0 0 32768 i
*> 100.1.8.0/24 0.0.0.0 0 32768 i
*> 100.1.9.0/24 0.0.0.0 0 32768 i
*> 100.1.10.0/24 0.0.0.0 0 32768 i
*>i100.4.1.0/24 4.4.4.4 0 100 0 i
*>i100.4.2.0/24 4.4.4.4 0 100 0 i
*>i100.4.3.0/24 4.4.4.4 0 100 0 i
*>i100.4.4.0/24 4.4.4.4 0 100 0 i
*>i100.4.5.0/24 4.4.4.4 0 100 0 i
*>i100.4.6.0/24 4.4.4.4 0 100 0 i
*>i100.4.7.0/24 4.4.4.4 0 100 0 i
Network Next Hop Metric LocPrf Weight Path
*>i100.4.8.0/24 4.4.4.4 0 100 0 i
*>i100.4.9.0/24 4.4.4.4 0 100 0 i
*>i100.4.10.0/24 4.4.4.4 0 100 0 i
*>i200.5.1.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.2.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.3.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.4.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.5.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.6.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.7.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.8.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.9.0 4.4.4.4 0 100 0 (65002) i
*>i200.5.10.0 4.4.4.4 0 100 0 (65002) i
emanon-R1(config-router)#do ping 200.5.2.1 so lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.5.2.1, timeout is 2 seconds:
Packet sent with a source address of 100.1.1.1 !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
emanon-R1(config-router)#
So I guess the moral to the story is to make sure and check your tables and
MAKE SURE that you not only have routes, but that they are actually
reachable among your confederation peers. Otherwise you may be sending out
routes that you can't get to.
All in good fun though!
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of JM
HotMail
Sent: Wednesday, November 22, 2006 7:02 PM
To: 'Scott Morris'; 'j buss'; ccielab@groupstudy.com
Subject: RE: BGP confederation
I think J Buss is referring to a partially meshed NBMA or ethernet
situation. I had a hard time with it. The only document I could find on the
topic was the next-hop attribute part in the BGP case study:
http://www.cisco.com/warp/public/459/bgp-toc.html#bgpnexthop
Jean-Marc
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, November 22, 2006 9:17 AM
To: 'j buss'; ccielab@groupstudy.com
Subject: RE: BGP confederation
If your "router bgp xxxx" is different from the other guy, whether you are a
confederation or not, you are technically still an ebgp connection. So
next-hop-self would be redundant to actually type in.
Other normal rules apply (multihop, etc.).
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of j
buss
Sent: Wednesday, November 22, 2006 7:25 AM
To: ccielab@groupstudy.com
Subject: BGP confederation
Hi there,
If i have a bgp confederation. How do you peer with you confederation ebgp
peers, do you peer on loopback addresses, and leave you IGP running between
them, or do you use "next-hop-self" and peer on interface addresses just
like a normal ebgp peering.
What's the common practice?
thanks..
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART