CCNP - LAB BGP Route Reflectors and Route Filters

Topology

Objectives

Configure iBGP routers to use a route reflector and simple router filter.

Background

The International Travel Agency maintains a full-mesh iBGP network that has quickly scaled beyond 100 routers. The company wants to implement route reflectors to work around the full-mesh iBGP requirement. Configure a small cluster and observe how BGP operates in this configuration. Use IP prefi filters to control the updates between iBGP peers.

Step 1: Prepare the routers for the lab.

Cable the network as shoown in the topology diagram.

Erase the startup configuratio and reload each router to clear previous configurations.

Do not configure Loopback 0 on SanJose 3 at this time.

Step 2: Configure RIPv2.

1. Build and configure the network according to the diagram. Use RIPv2 as the IGP. Do not configure the 198.133.219.0 network under the RIP process.

2. issue the show ip route on the routers to verify each router has a complete routing table.

3. Run the following TCL script on all routers to verify connectivity.

foreach address {
10.2.2.1
192.168.1.5
192.168.1.6
172.24.1.17
172.24.1.18
} {
ping $address }

SanJose1(tcl)#foreach address {
+>10.2.2.1
+>192.168.1.5
+>192.168.1.6
+>172.24.1.17
+>172.24.1.18
+>} {
+>ping $address }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/34/64 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/46/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/29/48 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.24.1.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/25/44 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.24.1.18, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/41/56 ms

Step 3: Configure iBGP peers and route reflectors.

By default, a router that receives an eBGP route advertises it to its eBGP and iBGP peers. if it receives it through iBGP, it does not advertise it to its iBGP peers, as a loop prevention mechanism. To maintain loop prevention, a route reflector adds two optional, nontransitive BGP attributes to each reflected route, the ORIGINATOR_ID and CLUSTER_LIST. See http://tools.ietf.org/html/rfc4456 for more information.

However, because of this behavior, the only way for all iBGP routers to receive a route after it is originated into the AS is to have a full mesh of iBGP peers. This can get complex with a large number of peers. A route reflector allows a topology to get around the IBGP limitation of having to have a full mesh. To do this, a route reflector specifies some of its neighbors as route reflector clients. When a route reflector receives an update from a route reflector client, it can pass it on to its other clients. The route reflector would also pass that client-learned route on to its other non-client peers (both IBGP and EBGP peers). Similarly, a route learned from a non-client peer (again, from either an IBGP or EBGP peer) would be passed on to its client peers. This greatly simplifies configuration because only the route reflector needs to know all the other peers. The clients do not even know that they are clients. To them, it is just a normal IBGP peering relationship. You can even set up multiple route reflectors in a more advanced configuration for redundancy.

1. Configure the iBGP peers for BGP. Later, you will configure SanJose2 as the route reflector.

SanJose2(config)#router bgp 100

SanJose2(config-router)#neighbor 192.168.1.5 remote-as 100

SanJose2(config-router)#neighbor 172.24.1.18 remote-as 100

After SanJose2 is configured, configure the other two routers as route reflector clients. Remember that to set up clients simply, configure peering between the client and the server. IBGP does not need to be configured in a full mesh.

SanJose1(config)#router bgp 100

SanJose1(config-router)#neighbor 192.168.1.6 remot 100

SanJose3(config)#router bgp 100

SanJose3(config-router)#neighbor 172.24.1.17 remot 100

SanJose2#show ip bgp summary
BGP router identifier 10.2.2.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.24.1.18 4 100 7 7 1 0 0 00:04:20 0
192.168.1.5 4 100 7 7 1 0 0 00:04:32 0

Step 4: Inject a netwrok into BGP

1. To observe the full effect of using a route reflector, configure SanJose3 to inject external routing information into BGP

SanJose3(config)#interface loopback 0

SanJose3(config-if)#ip address 198.133.219.1 255.255.255.0

SanJose3(config)#router bgp 100

SanJose3(config-router)#network 198.133.219.0 mask 255.255.255.0

SanJose2#show ip route bgp
B 198.133.219.0/24 [200/0] via 172.24.1.18, 00:00:26

2. Check the routing table of SanJose1. There should not be a route to 198.133.219.0. Why?

3. Remember that SanJose1 is not configured to peer with SanJose3. To eliminate the need for a full iBGP mesh, SanJose2 must be configured as a route reflector.

SanJose2(config)#router bgp 100

SanJose2(config-router)#neighbor 192.168.1.5 route-reflector-client

SanJose2(config-router)#neighbor 172.24.1.18 route-reflector-client

*Mar 9 19:02:27.831: %BGP-5-ADJCHANGE: neighbor 192.168.1.5 Down RR client conf
ig change
*Mar 9 19:02:27.931: %BGP-5-ADJCHANGE: neighbor 172.24.1.18 Down RR client conf
ig change
*Mar 9 19:02:32.387: %BGP-5-ADJCHANGE: neighbor 172.24.1.18 Up
*Mar 9 19:02:37.507: %BGP-5-ADJCHANGE: neighbor 192.168.1.5 Up

4. Verify that an iBGP cluster was successful created by issuing the show ip protoocls on SanJose2.

SanJose2#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 23 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2
Serial1/1 2 2
Loopback0 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
172.24.0.0
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)

Routing Protocol is "bgp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Route Reflector for address family IPv4 Unicast, 2 clients
Route Reflector for address family IPv6 Unicast, 2 clients
Route Reflector for address family VPNv4 Unicast, 2 clients
Route Reflector for address family IPv4 Multicast, 2 clients
Route Reflector for address family IPv6 Multicast, 2 clients
Route Reflector for address family NSAP Unicast, 2 clients
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
172.24.1.18
192.168.1.5
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
172.24.1.18 200 00:01:41
Distance: external 20 internal 200 local 200

SanJose1#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 5 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial1/0 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
Routing Information Sources:
Gateway Distance Last Update
192.168.1.6 120 00:00:07
Distance: (default is 120)

Routing Protocol is "bgp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
192.168.1.6
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
192.168.1.6 200 00:02:30
Distance: external 20 internal 200 local 200

on SanJose1, the output of this command does not include informaiton about route reflectors. Remember that SanJose1 is a client and not a route reflector server, so it is unaware of route reflection.

SanJose1#show ip route bgp
B 198.133.219.0/24 [200/0] via 172.24.1.18, 00:04:21

Step 5: Inject a summary address into BGP.

1. For the purpose of this lab, configure SanJose3 to inject a summary address into BGP.

SanJose3(config)#router bgp 100

SanJose3(config-router)#aggregate-address 198.0.0.0 255.0.0.0

BGP should now send the supernet route 198.0.0.0/8 to SanJose2 with the attribute ATOMIC_AGGREGATE set.

Note: By default, BGP on Cisco routers advertises both aggregate routes and the individual component routes. if only the aggregate route is to be advertised, use the aggregate-address network mask summary-only command.

2. On SanJose2, issue the following command: show ip bgp 198.0.0.0

3. The International Travel Agency has decided to filter specific routes to the 198.0.0.0/8 address space.

Configure a route filter prevent SanJose 2 from sending the 198.133.21.0/24 route to its other clients, in this case to SanJose 1.

SanJose2(config)#ip prefix-list SUPERNETONLY permit 198.0.0.0/8

router bgp 100

neighbor 192.168.1.5 prefix-list SUPERNETONLY out

clear ip bgp* soft