Category Archives: Uncategorized

HSRP Active Active with VPC+ and Anycast HSRP

In this blog I will quickly demonstrate with two similar topologies how HSRP would work in a active active state for HSRP. First using VPC+ and secondly, using Anycast HSRP with multiple Spine switches.

The first requirement for both devices would be to use fabric path. I have Fabric path enabled on all ports connecting from leave to spine. Here is my topology for VPC+. For most of you out there wondering why we need VPC+ with fabric path we need it for the active active. Without it we would only have HSRP on on spine switch.

VPC+This

HSRP is simply running between spine switches I will use VLAN 2 for example.

Spine 1

interface Vlan2
no shutdown
no ip redirects
ip address 10.0.2.1/24
no ipv6 redirects
ip router eigrp 2
ip pim sparse-mode
hsrp version 2
hsrp 2
preempt
priority 110
ip 10.0.2.254

Spine 2
interface Vlan2
no shutdown
no ip redirects
ip address 10.0.2.2/24
no ipv6 redirects
ip router eigrp 2
ip pim sparse-mode
hsrp version 2
hsrp 2
preempt
priority 110
ip 10.0.2.254

vpc domain 1
peer-switch
role priority 100
system-priority 100
peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpcka
delay restore 25
peer-gateway
auto-recovery
delay restore interface-vlan 1
fabricpath switch-id 10
ip arp synchronize

IP ARP Table
Total number of entries: 1
Address Age MAC Address Interface
10.0.2.254 – 0000.0c9f.f002 Vlan2

Now lets check one of the Leaf Switches in the diagram to see how they would get to the mac address of 0000.0c9f.f002.

Keep in mind 1/29 and 1/30 are connected to each Spine switch.

VPC+forwarding

In the show commands you can see traffic going to the HSRP mac will be forwarded over both links through the emulated switch-id. Without the emulated switch-ID traffic would simply forward to one link and one link only. So the emulated switch-ID is sort of a hack on fabric path and VPC to allow this type of behavior.

Alrighty, so now that the easy part is over lets take a look at our new topology!

HSRPanycast

In this example we will use VLAN 4 on the 10.0.4.0/24 subnet. With a HSRP address of 10.0.4.254/24. The config on the HSRP is the same as VLAN 2 however there are some additional configuration items that are different than the normal HSRP config. This needs to be HSRPv2 version 1 will not work.

interface Vlan4
no shutdown
no ip redirects
ip address 10.0.4.2/24
no ipv6 redirects
ip router eigrp 2
hsrp version 2
hsrp 4
ip 10.0.4.254
!
hsrp anycast 4 both
switch-id 40
vlan 4
no shutdown
!
The hsrp mac in this situation is 0000.0c9f.f004. Lets see how the same Leaf switch would forward traffic to get to that mac if a server below it had to talk with its default gateway.

anycastroute

We can see the path can take the previous spine switchs on ports 29 and 30 and also the new one that was added in 17.

Some take aways to Anycast HSRP.

-Needs to be version 2 for HSRP
-This is implimented on the Spine where the L3 should be.
-Needs version 6.2.6 on a 7k and atleast version 7.0 on a 6ks
-I am unsure if this will work with a 55xx with a L3 module.

Advertisements

ASR9k with Nv Clustering Part 1.

Part 1 will explan the general purpose of Nv part 2 will explain the configuration. ASR9k comes with a new feature as of 4.2.1 called Nv which stands for Network Virtualization. This allows two ASR9ks to appear as one logical router. This technology can be referred to as a cross stack ether-channel as it has the same general concept as others ie VPC,VSS,3750 etc. The biggest difference in Nv is that it seperates both the control-plane and the data-plane traffic. Where in other cases like VPC it was highly recommended not to send traffic through the peer-link and with VSS data and control plane mechanisms where on the same 10Gig Interfaces. There are some requirements to running Nv.

1.) Has to be RSP440 CPU need at least one per router
2.) Needs to be newer 10g line cards Either Thor or Trident Enhanced.
3.) EoB RSP links need to be 1g only the only SFP I was able to get working was a GLC-SX-MMD the RSPs are very sensitive.
4.) Needs 4.2.1 or above. At this time of writing 4.3.2 is the latest release and has some Nv fixes.

The cabling is simplistic. The general thought is we are bridging our RSP440s together for control-plane traffic and for data-plane traffic we are bridging 2 10gig line cards from each router for data plane traffic. Each RSP has 2 ports for management. Each RSP needs at least one connection from the RSP on the same subnet. Here is a cabling diagram.

ASRcabling

The thought is simple. Each RSP is connected to each other.

Now the interesting part about Nv is that a RSP is always primary and a RSP is always backup and they live on two different routers. For example. if RSP0 is the active RSP on rack0. The backup will be on Rack1.

The general idea of the data plane is simple. If a packet ends up on rack 0 destined that should be destined for rack 1 it will use the data-plane links between each 9k. A ASR9k can use either equal cost load balancing via Layer 3 or a device can use the same LACP port hashing we know and love. So it is possible to have a packet land on rack 0 destined for rack 1 and use the 10gig links for what they are designed for. Here is a example.

Flowbased

In this example a packet enters the ASR9k with Nv like it is one router. The packet destined for 10.0.0.0/24 lands on the router towards the left but needs to make it to the router to the right. So it is routed over the IRL/10gig link between 9ks.

In Part two I will go over the Nv configuration.

How to create Cisco ACE virtual contexts.

A virtual Context within a Cisco ACE module is similar to what a hypervisor is in VMware or what a VDC is in within Nexus.  Virtual Contexts are nice for all aspects of load balancing since it gives the customer or department a logical seperation for a variety of reasons.  I am one who likes the ACE appliances and ACE blades.  This is for a 4710 appliance.  A blade is very similar where instead of doing your trunking to the port channel to the appliance one would simply have to create the svcgroups in the running config of a 6500.  Here is our very simple Diagram.

ACE1

I will use VLAN 5 for Management.  Every context will simply receive a management IP via VLAN 5.  VLANs 10,20,30 Will be production or Load balancing VLANs.  100,200,300 will be setup as whats called Fault Tolerance VLANs.  These VLANs simply work in the Context to sync the running config back and forth between each ace device.  These do not have to be routable so you can simply pick and layer 3 subnet that will run back and forth between your switches and ACEs. What is extremely nice about the ACE’s is that you can have a ACE completely tank and the other one will take every session without skipping a beat you can also have the ace track who the hsrp primary is for that vlan in its context to be the primary for the context… yes you can mix and match contexts.  So you can have vlan 10 be the primary for the ace context on the left and vlan 20 the primary for the ace on the right.  I like the ACE devices its a shame that they are going to be EOS here soon.

So the first thing you will want to do is trunk your vlans over from your switch via the port channel on lets say a 6500.  This has to be done on both switches.  Obviously each VLAN has to be allowed via the port channel between the 6500s as well.

interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,10,20,30,100,200,300,500
switchport mode trunk
no ip address
mls qos trust dscp
end

 

On Each ACE.

interface gigabitEthernet 1/1
channel-group 1
no shutdown
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
channel-group 1
no shutdown

There it is all of are VLANs are not trunked over.  Next when you first install your ACE you will be dropped into the ADMIN context.  This is where all the magic happens.  Where all the new contexts are created.  Now keep in mind that everything is blocked by default since the ACE shares a similar platform to the FWSM firewall.  So with your management VLAN you will have to tie in a class-map and policy map to allow management traffic.. telnet,ssh,icmp etc.

class-map type management match-any REMOTE_ACCESS_CLASS
2 match protocol icmp any
3 match protocol telnet any
4 match protocol ssh any
5 match protocol snmp any
policy-map type management first-match MGMT-POLICY
class REMOTE_ACCESS_CLASS
permit

interface vlan 5
description MANAGEMENT-VLAN
ip address 10.0.0.1 255.255.255.0
peer ip address 10.0.0.2 255.255.255.0 ( This is needed for FT)
service-policy input MGMT-POLICY
no shutdown

Now to the contexts!  I am going to simply create VLAN 10

Context VLAN10

allocate-interface 10

allocate-interface 5

allocate-interface 100

Now I should be able to see my contexts to switch to VLAN 10

TESTACE/Admin# changeto ?
Admin
VLAN10

Next for FT for my management VLAN in the ADMIN context.

ft interface vlan 500
ip address 192.168.1.1 255.255.255.0
peer ip address 192.168.1.2 255.255.255.0
no shutdown

Next for FT for my VLAN 10 contexts.

ft group 2
peer 1
priority 150
peer priority 110
associate-context VLAN10
inservice

Now if I wanted to create a FT group 3 for vlan 20 I could have mix and match priorities making the other the Primary ace.   After doing all the leg work on the primary ace once I put the FT interface and trunk all my VLANs over to the secondary Ace I should get the exact same configuration as well as contexts on the other 4710.

 

 

 

Switchport Connections to Voice Vlans and Qos/Cos

*Because the sound quality of an IP phone call can deteriorate if the data is unevenly transmitted, the switch supports quality of service (QoS) based on IEEE 802.1P class of service (CoS)
*The Port Fast feature is automatically enabled when voice VLAN is configured
-Expansion on this, as soon as I enter in
Switchport access voice vlan 100 on fa0/1
if I
Sh run int Fa0/1
it will have spanning-tree portfast enabled.
*802.1p = CoS
*Voice Vlan is only supported on access ports and not on trunk ports..
but, you can do it.  I think the issue with this is that you used to be able to do this since you could set a trunk with another Cisco switch if it uses dot1q and start VLAN-hopping if all VLANS are allowed… this is why we use the switchport access vlan #
*Interesting thing about voice is spanning-tree, there are actually multiple instances of it ran if you have a Voice Vlan with the switchport Voice Vlan ID VVID, it will show up as a second instance.
*CDP has to be enabled on the interface connected to the voice port.  Reason why is if I put a computer or something on that interface, it will not work!!!  Phones will Tag their VLANs for Voice vlan 110 lets say and use CDP to enable it Security!!!!  If you are not using Cisco phones in this case then oh noeeessss!!!
*Most Cisco IP phones contain a 3 port switch internal
*Skinny – > When a IP phone picksup the phone to the CCM

Commands to setup voice
Switchport access voice vlan 110
Switchport access voice vlan dot1p
Switchport access voice vlan untagged
Switchport access voice ?

Configure how the Cisco IP Phone carries voice traffic:

•vlan-id—Configure the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an 802.1Q priority of 5. Valid VLAN IDs are from 1 to 4094.

•dot1p—Configure the Cisco IP Phone to use 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an 802.1p priority of 5.

•none—Allow the IP phone to use its own configuration to send untagged voice traffic.

•untagged—Configure the phone to send untagged voice traffic.

Commands to verify

Sh Vlan x
Sh int fa0/1 switchport
Sh Spanning-tree x

Wireless stuff

-QoS/Cos When it comes to Voice

-One thing to keep in mind with QoS and layer 2 switching is that since its layer 2 every frame is going to look the same to a switch, so adding any QoS in a enviornment is added a switch that switches that layer 2 frame will not put any kind of priority on it.  At Layer 2 at least.

That is why we use a pile of Junk Called CoS(Class of service)

CoS – Is used so there is no need for a QoS At layer 2, this works so that there are no opening of packets since it cannot… and reduces over head since there is no type of stateful inspection.

ToS – Is a Layer 3 type of Inspection where also reduces overhead since there does not have to be a statefull connection to open up the packet and look inside to view what exactly is it so it is tagged at a ToS Field.

Marking is Marking CoS or ToS as a certain #… Voice by default is a CoS #5. you can go 0-7.

*When CoS is applied within a Dot1q tag on a frame.  CoS Is normally added within that frame within Switch Boundries to make “like” QoS Decisions.

Delay – > Time Required to send a packet from A to B

Jitter – > The best way for me to remember this is if I was streaming internet radio, if half way through the packets drop, no mussicczzzz then start again.  Voice is very sensitive to jitter since a conversation cannot drop packets.

Loss – > Packets being congested and dropped without being Delivered.

QoS Can be delivered amoung three different Ways…

Best Effort – > This is not exactly QoS… when a network forwards packets amoung what order it came in on, this is more for as quick as possible rather than quality. So voice packets are the same quality as data packets which ever ones are first get switched first.

Integrated Services Model – > I might have to come back to this but what it sounds like is QoS Will check every different path it will take if that is the following and check to see if it is okay congested or the fastest way to route / switch.

Differentiated services Model(DSCP) – > What this will do is put different services on different QoS Levels, allowing it to mark a certain number for the priority… everything else that is not QoS is simply at a best effort.

Classification – > How important a packet is to QoS Can be mapped back to a ACL,Protocol(TCP/UDP) Port number or in some cases stateful inspection)

Trust Boundry – > Something I might have to come back on, but usually where a network would connect its edge to end users on a Acces level switch.  This is sort of where the ToS and DSCP come into play. *KEEP IN MIND* a IP phone since it has a internal switch it is always considered part of the trusted network.

How to Enable QoS on a Interface for a Phone?

Switch(Config)#mls qos
When this is entered in all Switchports are untrusted untill further commands are entered on each individual interface.  This is what I view as turning on QoS on a Switch.

Switch(config-if)# mls qos trust {cos | ip-precedence | dscp}

This is clearly entered in on a Per interface line level.  for Incomming packets.

Switch(config-if)# mls qos trust device cisco-phone

This is just like using the VVID this will only trust the packets if a Phone is plugged in and acitvely sending CDP packets.

Switch(Config-if)# mls qos trust cos

Should in most cases be used on trunk ports.

Auto-QoS

Uses the best possible QoS Features, I would say this is the best bargain here….

Switch(config-if) auto qos voip {cisco-phone | cisco-softphone | trust}

In this case voip ciscophone/cisco softphone are pretty obvious, trust would be a router – > switch switch – > switch

Switch(config-if) auto qos voip

Is a Marco that will configure all the commands for you.

How to Check is QoS is functioning?

Sh run int Fa0/1
sh mls qos int Fa0/1
Sh int fa0/1 switchport – there is a trust field.
sh auto qos int fa0/1

BGP Notes

BGP

 

Numbers

Port 179 TCP ports

eBGP AD = 20

iBGP AD = 200

 

Attributes

Path Vector Protocol.

 

 

When an update it sent it sends an Ack, updates are incremental… only sends updates when something changes.

 

Incremental and triggered.

 

Slowest convergence time.

 

 

 

BGP styles

 

Default Route Only – > Edge router sends a static route from the edge router to BGP through 0.0.0.0

 

Possible to advertise your networks into Bgp from IGP

 

 

Partial Updates – >

 

Business–à BGP -> 2nd Business.

-à 2nd BGP ->>>> 3rd business.

 

Having routes only for certain sites..

 

So routes for only 1st bgp to first Edge router etc.

 

 

Full updates

 

Edge Router gets the entire Routing Table of the internet..

 

BGP table, BEST paths to routes on the internet.

 

Without Tuning BGp acts similar to RIP! – > so if not configured it will hop from autonomous system to autonomous system.

 

Single Honed BGP – > Having one connection from a Router out to BGP

Dual Hones BGP – > two options

a.)    one router connected to 2 links out to a BGP

b.)    2 routers connected to two different links out to the same BGP

 

This is setup for load balancing and for Redundancy

 

Multi-Honed

One router or multiple routers going out to different BGPs per router.

 

BGP Speaker – > Any router that Runs BGP

 

 

 

Tables

Neighbors

BGP table – > a list of all BGP routes.

Routing table – > list of best Routes.

 

Public and Private AS#’s

 

iBGP – > 2 routers in the Same AS

eBGP – > Neighbor relationship linking 2 different AS

 

Peering – > When two routers form a Neighbor relationship

 

iBGP relationships – > Do not have to be physically connected together…  Since it runs over other routers in that AS, the Data/packets for new routes flow through the routes through non IBGP’s.

 

 

Blackhole – > since the traffic goes over a IGP router out to BGP… if it cant find the destination since it doesn’t have it.. it take a look at the destination does not know what exactly to do with it and it possibly drops the packet.

 

BGP Configuration..

 

BGP Neighbors are manually configured.

 

Config t

Router bgp 6500(AS)

 

 

How to configure a Neighbor? EBGP

 

Neighbor 10.1.45.1 (interface that connects) remote-as 5500(as system externally in)

 

Neighbors can peer with other neighbors without sending any data first.

 

BGP offers passive and active similar to EIGRP, Active is searching for a route

 

 

IBGP – > when configuring IBGP networks internally the best thing to do to neighbor then is to use loopbacks.. just incase the router that is attached to it goes down.

 

 

How to Configure a Neighbor?  IBGP?

Router bgp

neighbor 1.1.1.1 remote-as 5500

 

doing this the relationship will never form it will stay at active… this is only for internal

 

reason why is since they are attached via loop back address.  Since the router that see’s 1.1.1.1 as its neighbor will not have a interface that has a address of 1.1.1.1 being that it is a loop back.  So when it gets the neighbor packet from a lets say source 192.168.5.1 it is not going to form that neighbor relationship…. so on this router we have to do the following… this all has to do with the source address..

 

so we have to do the following..

 

neighbor 1.1.1.1 update-source lo1(the loopback interface on that neighbor)

 

this will move the neighbor relationship from active to passive/how many prefixes.

 

EBGP Multihop

 

neighbor 5.5.5.5 multi-hop 2(hops)

 

This is a bit confusing but, intstead of 1 hop to a loopback its 2… since you use a interface connected to a router + the loopback.

 

This command is really used for interfaces like a loopback that are not directly connected.

 

 

 

How to advertise networks

 

2 ways, Network command and Redistribution..

 

Using Network Command

 

Network 10.0.0.0 – > Will auto summarize this network into 10.0.0.0 like RIP

Every other BGP router will have 10.0.0.0 in its network..

Network 10.1.1.0 mask 255.255.255.0 – > this has to match the subnet mask for what I have set the interface for.

 

By default auto-summarazation is turned on.

 

So any redistributed route is Classful.

 

BGP Syncronization

 

Do not advertise a route learned via IBGP Until you learn from that route from the IGP……. So a route has to be learned via ospf eigrp etc etc until BGP will syncronize and send that route.

 

or…. you can turn off router syncronization..

 

Simply typing in

router bgp 6500

no sycnchronization

 

BGP next Hop process…

 

When configuring routes, keep in mind.

 

When IBGP forms routes it will keep the same Next hop this is bad.

When EBGP forms route it will change appropriately

 

So if I have routes to outside of my Own AS, my igrp will have that address instead of the router that is correctly adjacent to it which should not get the right IP.

 

Neighbor 1.1.1.1 next-hop-self – > tells that other router(1.1.1.1) For all its routing that the next hop will be itself….. so I telling my neighbor 1.1.1.1 I am the next hop.

 

BGP tuning and Attributes..

 

Manditory Attributes – > example is a next hop address..

 

Well known Attributes..

AS Path – > mandatory

Next Hop – > mandatory

Origin – > mandatory

 

 

Local Preference – > discretionary

Atomic Aggregate – > discretionary

 

Optional Attributes..

Aggregator

Multi-exit Discriminator(Med/Metric)

 

Goes from top down… Bold are the most important.

 

How BGP finds the best path / Metric.

Ignore routes with Inaccessible next hop address

Highest Weight

Highest Local_Pref

Prefer the path that was locally originated with Network commands

Shortest AS_Path

Path with lowest origin type

Lowest MED

eBGP over iBGP

Lowest IGP metric to the BGP next hop

Determine If multiple paths require installation for BGP Multipath

If both paths are external, prefer the path received first

Prefer the route that comes from BGP router lowest RID

If the originater Rid if the same for multiple path with the minimum cluster list length

Prefer the path tha comes from the lowest Neighbor address.

 

Weight / Local_pref, AS_Path etc etc are all set the same.. so they are all tied by default.. so they have to bet set.

 

Weight = Cisco Propriatary, Stays Local to a BGP router,

You can specificy a router to have higher weight from R1 over R2 , if you get a router that has multiple routes… it will say the weight of R1 is higher so take R1 instead of R2.

 

Weight is automatically set to 0

More Weight = the better

This is Local per Router.

 

Setting the weight..

R1(config –router)BGP 5500

Neighbor 10.1.15.5 weight 500(sets the weight for all the routes to that neighbor to 500)

So for neighbor 10.1.15.5 any routes I know that that neighbor has it will send it there opposed to the other weights if they were 0

 

 

 

 

 

 

If weight is tied we go to LOCAL_PREF

 

Local Pref – > Something that is advertised to other routers…

 

AS_path – > Highly unlike but it is Hop count from the original BGP router.

 

More attribute Information…

 

Weight

AS-Path

Next Hop Address

Origin

Local Preference

Metric

 

Things that would not allow a BGP route to be in the IP Route table..

1st.) Syncronization

2.) Remember to look at the next hop address.. remember that EBGP will change the Hop to the next hop AS.  Next Hop Self would work.

 

 

Clear ip BGP *

 

 

Neighbor 10.1.15.2 shutdown  – > shuts down that neighbor but, it will keep all the attributes……….. so to add that neighbor again it will come back up with all the attribute settings.

 

 

Origin Attribute – > Where the route came from…. Typically its from a network command if it says i… if it is denoted at ? it is normally redistributed into bgp.

 

 

Local_pref – > Path with Highest local preference. The difference between the Local preference and weight is that Local Preference will advertise to the entire AS, does not get advertised outside of the AS.

 

Default = 100

 

Using local to make a BGP Router in a AS..

 

Bgp default local-preference 600

So every single route it advertises to other routes it will mark as 600, keep in mind if the weight is different that will break the ties.

 

 

Metric attribute…

 

0 is default

Tries to influence other AS

Works between AS

Different than a IGP Lower = Better.

 

<Config-router>Default-metric 200

 

Or you can do a route map.

 

Config-route-map#set metric 200

 

 

 

Neighbor command more than likely just tells the packet where to go to what destination…

 

 

 

 

 

 

 

 

 

 

 

BGP Configuration Part Deux

BGP configuration part 2

Advertising networks.

Now since I have been working only with IGP’s normally the network command in a IGP would do two things

Form a neighbor relationship and advertise the routes for that network.

With BGP Neighbors are statically defined, so by typing in the neighbor x.x.x.x remote-as will statically define a neighbor.

To send out a network advertisement it must be done like this.

With Debugging on.

r2(config)#router bgp 6400

r2(config-router)#network 100.2.2.0 mask 255.255.255.0

r2(config-router)#

*Mar  1 08:31:13.029: BGP: Applying map to find origin for 100.2.2.0/24

*Mar  1 08:31:13.037: BGP: Applying map to find origin for 100.2.2.0/24

*Mar  1 08:31:13.041: BGP: Applying map to find origin for 100.2.2.0/24

View from R3

r4#sh ip bgp

BGP table version is 7, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path

*> 100.2.2.0/24     2.2.2.2                  0             0 6400 i

A view from R3

r3#sh ip bgp

BGP table version is 1, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path

* i100.2.2.0/24     2.2.2.2                  0    100      0 6400 i

r3#ping 10.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:

…..

Success rate is 0 percent (0/5)

This will not Ping?????

Since Eigrp Router does not Have BGP running it will NOT route that packet since it has no idea where 10.2.2.1 is.

BGP Synchronization is turned on by default on most IOS versions.

Synchronization – > Do not use or advertise a route learned with IBGP until the same route has been learned from IGP

Also judging by the next hop address which is the Loopback interface of 2.2.2.2

With Ebgp it will change the next hop address from where it originated from.  So what I will have to do is tell R3 to use R4 as the next hop…. The way I will do that is the following….

r4(config-router)#neighbor 3.3.3.3 next-hop-self

moving to R3

r3#sh ip bgp

BGP table version is 2, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale

Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path

*>i100.2.2.0/24     4.4.4.4                  0    100      0 6400 i

> Indicating it is the best route and will be installed on the routing table.

BGP Configuration IBGP/EBGP

Basic BGP topology First connecting Neighbors(IBGP)

 

R1 Interfaces

Lo1-1.1.1.1/32

F0/1 – 192.168.2.1/30

F0/0 – 192.168.1.1/30

 

R3 Interfaces

Lo3-3.3.3.3/32

F0/0-192.168.2.2/30

 

R4 Interfaces

Lo4- 4.4.4.4/32

F0/0 – 192.168.1.1/30

F0/1 – 192.168.3.1

 

R2 Interfaces

Lo2 – 2.2.2.2/32

F0/0 – 192.168.3.2

 

 

 

From R1

 

Router BGP 6500

Neighbor 192.168.1.2 remote-as 6500

Neighbor 192.168.2.2 remote-as 6500

 

From R4

Router BGP 6500

Neighbor 192.168.1.1 remote-as 6500

Neighbor 192.168.2.2 remote-as 6500

 

From R3

Router BGP 6500

Neighbor 192.168.2.1 remote-as 6500

Neighbor 192.168.1.2 remote-as 6500

 

 

 

 

 

Using Loopbacks as Destination addresses

 

R1

r1(config)#

r1(config)#router eigrp 1

r1(config-router)#network 1.1.1.1 0.0.0.0

r1(config-router)#network 192.168.0.0 0.0.255.255

 

R3

r3(config)#router eigrp 1

r3(config-router)#network 3.3.3.3 0.0.0.0

r3(config-router)#network 192.168.0.0 0.0.255.255

 

R4

r4(config)#router eigrp 1

r4(config-router)#network 4.4.4.4 0.0.0.0

r4(config-router)#network 192.168.0.0 0.0.255.255

 

Now, for the BGP Setting.  Now we will configure R4 and R3 as bgp neighbors.  They do not have to be directly connected as long as they are reachable on the network.  We will not use the interface ip address of R3 or R4 we will simply use the loop back addresses.  We only have one connection to each routers but if we had redundant connections loop back addresses are a much better idea…. But the problem here is they have to be reachable via the IGP in this case EIGRP.

 

 

 

From R4

 

r4#ping 3.3.3.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 120/209/316 ms

r4#

 

r4(config)#router bgp 6500

r4(config-router)#neighbor 3.3.3.3 remote-as 6500

r4(config-router)#neighbor 3.3.3.3 update-source lo4

 

 

From R3

r4(config)#router bgp 6500

r4(config-router)#neighbor 3.3.3.3 remote-as 6500

r4(config-router)#neighbor 3.3.3.3 update-source lo4

r4(config-router)#

*Mar  1 04:53:53.706: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 Up

 

 

r4#sh ip bgp sum

BGP router identifier 4.4.4.4, local AS number 6500

BGP table version is 1, main routing table version 1

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

3.3.3.3         4  6500       5       5        1    0    0 00:02:08        0

 

We have to use the Update-source loopback command.

 

The reason why is when BGP peers with a neighbor it expects the update to come from that source address.

 

When 4.4.4.4 sends out an update to 3.3.3.3 this is what it will show in the packet

Source 192.168.1.2

Destination 3.3.3.3

 

BGP will discard that packet since it did not come from 4.4.4.4

 

By updating source it can come out of any interface we would like it to it will have a source of 4.4.4.4

 

Also keep in mind it has to be reachable, through static,eigrp,ospf etc etc if it is reachable it can become a IBGP neighbor.

 

 

 

 

 

Configuring EBGP

 

 

From R4

 

r4(config-router)#neighbor 2.2.2.2 remote-as 6400

r4(config-router)#neighbor 2.2.2.2 update-source lo4

r4(config-router)#neighbor 2.2.2.2 ebgp-multihop 5

r4(config-router)#

*Mar  1 06:15:04.866: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up

 

 

From R2

 

 

r2(config-router)#neighbor 4.4.4.4 remote-as 6500

r2(config-router)#neighbor 4.4.4.4 update-source l02

r2(config-router)#neighbor 4.4.4.4 ebgp-multihop 5

r2(config-router)#

 

 

 

The same has to be done here with the Update-source since it will come from each interface.  The other command we are using here since it Is EBGP It HAS TO BE DIRECTLY CONNECTED!  With EBGP even if a destination is reachable it has to be connected directly.  In my case I simply did static routes to each.. we could use a IGP but its pointless.  But they have to be directly connect.

 

At that point since we are using Loopbacks in case of redundancy.  I have only 1 outgoing interface but in some cases ISP’s / CE routers might have 2 or 3 connections if they are all static routes they will all load balance.  Also this is where a loop back is good to use if one of the directly connected routes would go down.

 

Any time we peer with Loopbacks we must use the EBGP-Multihop command the #5 used in my command is simply the amount of hops to use.