BGP FILTERING
--------------
BGP update filtering occues on per peer basis
with
neighbor "address" distribute-list
neighbor "address" filter-list
neighbor "addresss" prefix list
if we just done it like this like a neighbor was been filtered on distribute list,filterlist
and prefix list
we would not know whether the distribute list would go first and filter list next or would
the prefix list go first i.e the order of operation
A way to be sure would be use a route map
neighbor "address" route-map
you could say permit 10 a distribute-list
permit 20 would be filter-list
you would be sure of the order of operation
Another option which was used pre prefix list for matching prefix and subnet mask is a
extended access-list
access-list 100 deny ip host 150.28.4,0 host 255.255.255.0
access-list 100 permit ip any any
BGP Convergence
================
Hello and Keepalive timers
- lowest timer are negotiated during peering establishment (so the lowest configured
neighbor is inheret by the other neighbor)
-timers bgp
- neighbor timers
Link down detection
-bgp fast-external-failover - if a router interface goes down it will auto converge for
that router it will not waitif for missing the keepalives
BFD (BIDIRECTIONAL FORWARDING DETECTION is availible also on BGP)
UPdate Timers
- neighbor advertisement interval - how often will you advertise. LIke when you recieve
a prefix you will wait this advertise time before advertising
- bgp nexthop {trigger{delay "seconds/enable} | route-map "map-name"}- this how often
you look for changes in nest hop to ensure that the route recursion will work
- bgp scan time how often the bgp router will go through the router checkin attributes
like if you changed as path update if you did not do route refresh you would need to
wait the scan time for it to go through the bgp table checking attributes
- bgp update interval
BGP Default ROuting
--------------------
3 ways to originate default
- default-information originate + redistribute for use when you are redistributing a
default route from another protocol say you have default in eigrp when you redistribute
eigrp to bgp by default it will not redistribute the default route unless you specify
- network 0.0.0.0 mask 0.0.0.0
- neighbor default-originate
LAB
----
We will start the LAB by generating a few routes and filtering so BB1 will generate the
111.1.1.1 & 112.1.1.1
r4 will generate 44.1.1.1.1
s1 will generate 55.1.1.0
we will have a look on r5
r5#sh ip bgp
BGP table version is 6, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 44.1.1.0/24 3.3.3.3 0 300 100 i
* 1.1.1.1 0 100 i
*> 4.4.4.4 0 0 100 i
*> 55.1.1.0/24 3.3.3.3 0 300 i
* 1.1.1.1 0 100 300 i
* 4.4.4.4 0 100 300 i
* 111.1.1.0/24 3.3.3.3 0 300 100 54 i
* 4.4.4.4 0 100 54 i
*> 1.1.1.1 0 100 54 i
* 112.1.1.0/24 3.3.3.3 0 300 100 54 i
* 4.4.4.4 0 100 54 i
*> 1.1.1.1 0 100 54 i
r5#
we will create a as path filter list deny as 100
r5(config)#ip as-path access-list 2 deny _100_
r5(config)#ip as-path access-list 2 permit .*
r5(config)#router bgp 400
r5(config-router)#neighbor 3.3.3.3 filter-list 2 in
r5#sh ip bgp
BGP table version is 10, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 44.1.1.0/24 1.1.1.1 0 100 i
*> 4.4.4.4 0 0 100 i
*> 55.1.1.0/24 3.3.3.3 0 300 i
* 1.1.1.1 0 100 300 i
* 4.4.4.4 0 100 300 i
* 111.1.1.0/24 4.4.4.4 0 100 54 i
*> 1.1.1.1 0 100 54 i
* 112.1.1.0/24 4.4.4.4 0 100 54 i
*> 1.1.1.1 0 100 54 i
r5#
anything with AS 100 int the path from r3 has been filtered we are sti
the only route we recieved from r3 55.1.1.0 as the only route from r3 with 100 in as-path
Distribute-list
we will do an extended access-list to match route + mask so we filter the route
112.1.1.0 with mask 255.255.255.0
r5(config)#access-list 112 deny ip host 112.1.1.0 host 255.255.255.0
r5(config)#access-list 112 permit ip any any
r5(config)#router bgp 400
r5(config-router)#neighbor 1.1.1.1 distribute-list 112 in
r5#sh ip bgp
BGP table version is 12, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 44.1.1.0/24 1.1.1.1 0 100 i
*> 4.4.4.4 0 0 100 i
* 55.1.1.0/24 1.1.1.1 0 100 300 i
*> 3.3.3.3 0 300 i
* 4.4.4.4 0 100 300 i
* 111.1.1.0/24 1.1.1.1 0 100 54 i
*> 4.4.4.4 0 100 54 i
*> 112.1.1.0/24 4.4.4.4 0 100 54 i
r5#
notice 112.1.1.0 is filtered now from 1.1.1.1
Prefix-list
r5(config)#ip prefix-list R4 deny 111.1.1.0/24
r5(config)#ip prefix-list R4 permit 0.0.0.0/0 le 32
r5#sh ip bgp
BGP table version is 7, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 44.1.1.0/24 4.4.4.4 0 0 100 i
*> 1.1.1.1 0 100 i
* 55.1.1.0/24 4.4.4.4 0 100 300 i
*> 3.3.3.3 0 300 i
* 1.1.1.1 0 100 300 i
*> 111.1.1.0/24 1.1.1.1 0 100 54 i
*> 112.1.1.0/24 4.4.4.4 0 100 54 i
r5#
We look at default routing now
r5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 155.0.0.3 to network 0.0.0.0
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/2297856] via 155.0.0.1, 00:04:50, Serial0/0/0
2.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
D 2.2.2.2/32 [90/2809856] via 155.0.45.4, 00:04:50, Serial0/1/0
D 2.3.3.0/24 [90/2303232] via 155.0.45.4, 00:00:25, Serial0/1/0
[90/2303232] via 155.0.0.4, 00:00:25, Serial0/0/0
[90/2303232] via 155.0.0.1, 00:00:25, Serial0/0/0
D 2.1.1.1/32 [90/2302976] via 155.0.45.4, 00:00:25, Serial0/1/0
[90/2302976] via 155.0.0.4, 00:00:25, Serial0/0/0
[90/2302976] via 155.0.0.1, 00:00:25, Serial0/0/0
D 2.4.4.4/32 [90/158720] via 155.0.58.2, 00:04:50, FastEthernet0/0
155.0.0.0/24 is subnetted, 9 subnets
D 155.0.146.0 [90/2172416] via 155.0.45.4, 00:04:50, Serial0/1/0
[90/2172416] via 155.0.0.4, 00:04:50, Serial0/0/0
[90/2172416] via 155.0.0.1, 00:04:52, Serial0/0/0
D 155.0.23.0 [90/3193856] via 155.0.45.4, 00:04:52, Serial0/1/0
D 155.0.13.0 [90/2681856] via 155.0.0.1, 00:04:52, Serial0/0/0
C 155.0.0.0 is directly connected, Serial0/0/0
C 155.0.58.0 is directly connected, FastEthernet0/0
C 155.0.45.0 is directly connected, Serial0/1/0
D 155.0.79.0 [90/2175232] via 155.0.45.4, 00:00:27, Serial0/1/0
[90/2175232] via 155.0.0.4, 00:00:27, Serial0/0/0
[90/2175232] via 155.0.0.1, 00:00:27, Serial0/0/0
D 155.0.67.0 [90/2174976] via 155.0.45.4, 00:00:27, Serial0/1/0
[90/2174976] via 155.0.0.4, 00:00:27, Serial0/0/0
[90/2174976] via 155.0.0.1, 00:00:27, Serial0/0/0
D 155.0.108.0 [90/30720] via 155.0.58.2, 00:04:52, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/2297856] via 155.0.0.3, 00:04:52, Serial0/0/0
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/2297856] via 155.0.45.4, 00:00:27, Serial0/1/0
[90/2297856] via 155.0.0.4, 00:00:27, Serial0/0/0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
D 6.6.6.6 [90/2300416] via 155.0.45.4, 00:00:27, Serial0/1/0
[90/2300416] via 155.0.0.4, 00:00:27, Serial0/0/0
[90/2300416] via 155.0.0.1, 00:00:29, Serial0/0/0
22.0.0.0/24 is subnetted, 1 subnets
D 22.2.2.0 [90/156160] via 155.0.58.2, 00:04:55, FastEthernet0/0
12.0.0.0/32 is subnetted, 1 subnets
D 12.12.12.12 [90/2809856] via 155.0.45.4, 00:04:55, Serial0/1/0
S* 0.0.0.0/0 [120/0] via 155.0.0.3
r5(config)#router bgp 400
r5(config-router)#redistribute static
r5(config-router)#
we are getting no route
r5#sh ip bgp
r5#
r5(config)#router bgp 400
r5(config-router)#default-information origi
r5(config-router)#
this then allows a default route to be redistributed into the network
r5#sh ip bgp
BGP table version is 63, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.0.0.3 0 32768 ?
r5#
r5
===
r5(config)#router bgp 400
r5(config-router)#no redistribute static
r5(config-router)#neighbor 3.3.3.3 default-originate
r3
---
r3# sh ip bgp
BGP table version is 159, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 5.5.5.5 0 0 400 i
r3#
No comments:
Post a Comment