By using confederation we can stop the full mesh requirement of IBGP.
Basically confederation are breaking the main AS into sub as
- inside sub as full mesh is required or route reflector
devices outside the confederation do not know about the confederation or sub as
SUB as are stripped from the advertisement via TRUE ebgp relationships
-We typical use private as number for the sub as (64512-65535) although not a
technical requirent we do this as the potential of sub as not accepting a update from
the rule ebgp as so say we use sub as 100 and a route from ebgp comes in with sub as
100 in the path we could end potential denying the route
LAB
------
OK we will start on r6
r6
---
r6(config-router)#router bgp 64514
r6(config-router)#bgp confederation id 100
r6(config-router)#
we need to start the process the confed as then we specify in the confed id
we need tell r6 the AS we directly peer with in the confederation. in this case 64513
r6(config-router)#bgp confederation peers 64513
r6(config-router)#neighbor 10.229.254.2 remote-as 54
next we configure our ebgp relationship with bb2 as this is not our AS and is not in
the bgp confederation peers it knows that this is a true/real ebgp relationship thus
it open will be sent with the real AS of 100
OK we will configure on r6 our ibgp relationship r6 will peer with sw1 and r1 in AS
64514 and r4 in 64513
We will specify r4 a neighbor it is a ibgp relationship but in a different sub as
r6(config-router)#neighbor 4.4.4.4 remote-as 64513
r6(config-router)#neighbor 4.4.4.4 update-source lo0
r6(config-router)#neighbor 4.4.4.4 next-hop-self
r6(config-router)#
next i am going configure a peer group IBGP for the other 2 neighbors i could not put
r4 in the peer group as it had different parameter i.e the remote-as
r6(config-router)#neighbor IBGP peer-group
r6(config-router)#neighbor IBGP remote-as 64514
r6(config-router)#neighbor IBGP update-source lo0
r6(config-router)#neighbor IBGP next-hop-self
r6(config-router)#neighbor 2.1.1.1 peer-group IBGP
r6(config-router)#neighbor 1.1.1.1 peer-group IBGP
r6(config-router)#neighbor 3.3.3.3 peer-group IBGP
ok lets do r1 config
r1(config)#router bgp 64514
r1(config-router)#bgp confederation id 100
r1(config-router)#neighbor IBGP peer-group
r1(config-router)#neighbor IBGP remote-as 64514
r1(config-router)#neighbor IBGP update-source lo0
r1(config-router)#neighbor 6.6.6.6 peer-group IBGP
r1(config-router)#neighbor 4.4.4.4 peer-group IBGP
r1(config-router)#neighbor 3.3.3.3 peer-group IBGP
s1
---
s1(config)#router bgp 64514
s1(config-router)#bgp confederation id 100
s1(config-router)#neighbor IBGP peer-group
s1(config-router)#neighbor IBGP remote-as 64514
s1(config-router)#neighbor IBGP update-source lo0
s1(config-router)#neighbor 6.6.6.6 peer-group IBGP
s1(config-router)#neighbor 3.3.3.3 peer-group IBGP
s1(config-router)#neighbor 2.3.3.3 peer-group IBGP
s1(config-router)#neighbor 1.1.1.1 peer-group IBGP
r3
---
r3(config-router)#bgp confederation id 100
r3(config-router)#router bgp 64514
r3(config-router)#bgp confederation id 100
r3(config-router)#neighbor IBGP peer-group
r3(config-router)#neighbor IBGP remote-as 64514
r3(config-router)#neighbor IBGP update-source lo0
r3(config-router)#neighbor 6.6.6.6 peer-group IBGP
r3(config-router)#neighbor 2.1.1.1 peer-group IBGP
r3(config-router)#neighbor 1.1.1.1 peer-group IBGP
s3
--
s3(config)#router bgp 64514
s3(config-router)#bgp confederation id 100
s3(config-router)#neighbor IBGP peer-group
s3(config-router)#neighbor IBGP remote-as 64514
s3(config-router)#neighbor IBGP update-source lo0
s3(config-router)#neighbor 2.1.1.1 peer-group IBGP
s3(config-router)#
01:15:59: %BGP-5-ADJCHANGE: neighbor 2.1.1.1 Up
s3#sh ip bgp
s3#
s3 is not getting any routes the reason is that it is not full meshed within the sub
as we need to be full meshed or use route reflector for these example i will set sw1
as route reflector for s3
1(config)#router bgp 64514
s1(config-router)#no neighbor 2.3.3.3 peer-group IBGP
s1(config-router)#neighb
01:18:36: %BGP-5-ADJCHANGE: neighbor 2.3.3.3 Down Neighbor d
s1(config-router)#neighbor 2.3.3.3 remote-as 64514
s1(config-router)#neighbor 2.3.3.3 update-source lo0
s1(config-router)#neighbor 2.3.3.3 route-reflector-client
s1(config-router)#
As it will have different config i will take it out of the peer group
s3#sh ip bgp
BGP table version is 4, local router ID is 2.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i22.22.22.22/32 6.6.6.6 0 100 0 54 i
*>i122.122.122.122/32
6.6.6.6 0 100 0 54 i
*>i222.222.222.222/32
6.6.6.6 0 100 0 54 i
s3#
We have not really seen the advantage of confed yet but as we move further into the
topoloy we will
typically in normal ibgp for the sub as 64513 and 64512 if we just peered with r4
from r6 no routes would be recieved on r5 or s2
Lets configure r4
r4
---
r4(config)#router bgp 64513
r4(config-router)#bgp confederatio id 100
r4(config-router)#neighbor 6.6.6.6 remote-as 64514
r4(config-router)#neighbor 5.5.5.5 remote-as 64512
r4(config-router)#neighbor 5.5.5.5 update-source lo0
r4(config-router)#neighbor 6.6.6.6 update-source lo0
the neighbor relationship is not coming up as we have not specfied a peer list at the
moment it is send r6 an open with the real AS of 100
r4(config-router)#bgp confederation peers 64512 64514
this was still not coming up for a while the issue was on both sides i need to add
neighbor "ip" disable-connected
it was doing the connected check which will not allow ebgp neighbor form relationship
unless they are C route in the routing table
r4#u all
All possible debugging has been turned off
r4#sh ip bgp
BGP table version is 4, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 22.22.22.22/32 6.6.6.6 0 100 0 (64514) 54 i
*> 122.122.122.122/32
6.6.6.6 0 100 0 (64514) 54 i
*> 222.222.222.222/32
6.6.6.6 0 100 0 (64514) 54 i
r4#
i am getting routes as expected on R4
r5(config)#router bgp 64512
r5(config-router)#bgp confederation id 100
r5(config-router)#bgp confederation peers 64513
r5(config-router)#neighbor 4.4.4.4 remote-as 64513
r5(config-router)#neighbor 4.4.4.4 update-source lo0
r5(config-router)#neighbor 4.4.4.4 disable-connected
r5(config-router)#
now on r5
we are getting bgp routes which in normal circumstances we would not
r5#sh ip bgp
BGP table version is 4, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 22.22.22.22/32 6.6.6.6 0 100 0 (64513 64514) 54 i
*> 122.122.122.122/32
6.6.6.6 0 100 0 (64513 64514) 54 i
*> 222.222.222.222/32
6.6.6.6 0 100 0 (64513 64514) 54 i
Notice the AS path
s2(config)#no router bgp 100
s2(config)#router b
02:13:28: %BGP-5-ADJCHANGE: neighbor 2.4.4.4 Down BGP protocol initia
s2(config)#router bgp 64512
s2(config-router)#bgp confederation id 100
s2(config-router)#neighbor 5.5.5.5 remote-as 64512
s2(config-router)#neighbor 5.5.5.5 update-source
s2#sh ip bgp
BGP table version is 4, local router ID is 22.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i22.22.22.22/32 6.6.6.6 0 100 0 (64513 64514) 54 i
*>i122.122.122.122/32
6.6.6.6 0 100 0 (64513 64514) 54 i
*>i222.222.222.222/32
6.6.6.6 0 100 0 (64513 64514) 54 i
s2#
ok so in the path (64513 64514) are the sub as this update has gone to if we tried to
advertise this route to r4 it will not access as it AS is in the path so we are using
ebgp loop prevention
notice the next hop does not change it remains at 6.6.6.6 so ibgp behaviour do remain
lets originate a route on s2
s2(config)#int lo2
s2(config-if)#ip address
02:18:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed
s2(config-if)#ip address 55.55.55.55 255.255.255.255
s2(config-if)#router bgp 64512
s2(config-router)#network 55.55.55.55 mask 255.255.255.255
we originated 55.55.55.55/32
lets see this route on r4 first of all
r4#sh ip bgp 55.55.55.55
BGP routing table entry for 55.55.55.55/32, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
(64512)
22.2.2.2 (metric 2300416) from 5.5.5.5 (5.5.5.5)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
r4#
ok so we are recieving the route it is originating from as (sub as) 64512
lets look r6
r6#sh ip bgp 55.55.55.55
BGP routing table entry for 55.55.55.55/32, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 3
(64513 64512)
22.2.2.2 (metric 2302976) from 4.4.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
so we are getting on r6 it originated in 64512 and has gone through 64513
Lets now look at bb2 ebgp peer
bb2#sh ip bgp 55.55.55.55
BGP routing table entry for 55.55.55.55/32, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
100
10.229.254.6 from 10.229.254.6 (6.6.6.6)
Origin IGP, localpref 100, valid, external, best
bb2#
we can see the subas are removed from the as path simple replaced with the real as
number of 100 so r6 strips the as path before sending it out to bb2
to search a prefix regexp for subas is a little bit different
sh ip bgp regexp \(,*\x)
No comments:
Post a Comment