Scribd
Upload
12 views36 pages

BGP Patrice LAB

Uploaded by

arun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views36 pages

BGP Patrice LAB

Uploaded by

arun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

BGP PRACTICES LABS

CCNP ENCOR Exam

1 | Page
I. PHYSICAL TOPOLOGY
An organization requiring connectivity to the Internet must obtain an autonomous system number (ASN).
ASNs were originally 2 bytes (16-bit range), which made 65,535 ASNs possible. Due to exhaustion, RFC
4893 expanded the ASN field to accommodate 4 bytes (32-bit range). This allows for 4,294,967,295 unique
ASNs, providing quite an increase from
the original 65,535 ASNs.

Two blocks of private ASNs are available for any organization to use, as long as they are never exchanged
publicly on the Internet. ASNs 64,512–65,535 are private ASNs in the 16-bit ASN range, and
4,200,000,000–4,294,967,294 are private ASNs within the extended 32-bit range.

The Internet Assigned Numbers Authority (IANA) is responsible for assigning all public ASNs to ensure that
they are globally unique. IANA requires the following items when requesting a public ASN:

■ Proof of a publicly allocated network range


■ Proof that Internet connectivity is provided through multiple connections
■ Need for a unique routing policy from providers

In the event that an organization cannot provide this information, it should use the ASN provided by its
service provider.

2 | Page
II. LOGICAL TOPOLOGY LAB 1
A In this lab you will configure eBGP for IPv4.

Note: This lab is an exercise in developing, deploying, and verifying various path manipulation tools for BGP,
and does not reflect networking best practices.

Objectives

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing

Part 2: Configure and Verify eBGP for IPv4 on all Routers

Part 3: Configure and Verify Route Summarization and Atomic Aggregate

Part 4: Configure and Verify the Advertising of a Default Route

For more details about exterior BGP, see the Cisco CCNP ENCOR course.

3 | Page
III. IMPLEMENT eBGP FOR IPv4
When configuring BGP, it is best to think of the configuration from a modular perspective. BGP router
configuration requires the following components:

■ BGP session parameters: BGP session parameters provide settings that involve establishing
communication to the remote BGP neighbor. Session settings include the ASN of the BGP peer,
authentication, and keepalive timers.

■ Address family initialization: The address family is initialized under the BGP router configuration mode.
Network advertisement and summarization occur within the address family.

■ Activate the address family on the BGP peer: In order for a session to initiate, one address family for
a neighbor must be activated. The router’s IP address is added to the neighbor table, and BGP attempts to
establish a BGP session or accepts a BGP session initiated from the peer router

The following steps show how to configure BGP:

Step 1. Initialize the BGP routing process with the global command router bgp as-number.

Step 2. (Optional) Statically define the BGP router ID (RID). The dynamic RID allocation logic uses the
highest IP address of the any up loopback interfaces. If there is not an up loopback interface, then the highest
IP address of any active up interfaces becomes the RID when the BGP process initializes.

To ensure that the RID does not change, a static RID is assigned (typically representing an IPv4 address
that resides on the router, such as a loopback address). Any IPv4 address can be used, including IP
addresses not configured on the router. Statically configuring the BGP RID is a best practice and involves
using the command bgp router-id router-id. When the router ID changes, all BGP sessions reset and need
to be reestablished.

Step 3. Identify the BGP neighbor’s IP address and autonomous system number with the BGP router
configuration command neighbor ip-address remote-as as-number. It is important to understand the traffic
flow of BGP packets between peers.

The source IP address of the BGP packets still reflects the IP address of the outbound interface. When a
BGP packet is received, the router correlates the source IP address of the packet to the IP address
configured for that neighbor. If the
BGP packet source does not match an entry in the neighbor table, the packet cannot be associated to a
neighbor and is discarded.

Step 4. Initialize the address family with the BGP router configuration command address-family afi safi.
Examples of afi values are IPv4 and IPv6, and examples of safi values are unicast and multicast.

4 | Page
Step 5. Activate the address family for the BGP neighbor with the BGP address family configuration
command neighbor ip-address activate.

III.1 Build the Network and Configure Basic Device Settings and Interface Addressing

a. R1
Router(config)# hostname R1
R1(config)# no ip domain lookup

R1(config)# line con 0


R1(config-if)# logging sync
R1(config-if)# exec-time 3 60
R1(config-if)# exit

R1(config)# banner motd # This is R1, implement BGP for IPv4 Lab
#

R1(config)# int g0/0


R1(config-if)# ip add 10.1.2.1 255.255.255.0
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/1


R1(config-if)# ip address 10.1.3.1 255.255.255.128
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/2


R1(config-if)# ip address 10.1.3.129 255.255.255.128
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int lo0


R1(config-if)# ip address 192.168.1.1 255.255.255.224
R1(config-if)# exit

R1(config)# int lo1


R1(config-if)# ip address 192.168.1.65 255.255.255.192
R1(config-if)# exit

b. R2
Router(config)# hostname R2
R2(config)# no ip domain lookup

R2(config)# line con 0


R2(config-if)# logging sync
R2(config-if)# exec-time 3 60
R2(config-if)# exit

R2(config)# banner motd # This is R2, implement BGP for IPv4 Lab

5 | Page
R2(config)# int g0/0
R2(config-if)# ip add 10.1.2.2 255.255.255.0
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int g0/1


R2(config-if)# ip address 10.2.3.2 255.255.255.0
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int lo1


R2(config-if)# ip address 192.168.2.1 255.255.255.224
R2(config-if)# exit

R2(config)# int lo2


R2(config-if)# ip address 192.168.2.65 255.255.255.192
R2(config-if)# exit

c. R3
Router(config)# hostname R3
R3(config)# no ip domain lookup

R3(config)# line con 0


R3(config-if)# logging sync
R3(config-if)# exec-time 3 60
R3(config-if)# exit

R3(config)# banner motd # This is R3, implement BGP for IPv4 Lab
#

R3(config)# int g0/0


R3(config-if)# ip add 10.2.3.3 255.255.255.0
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/1


R3(config-if)# ip address 10.1.3.3 255.255.255.128
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/2


R3(config-if)# ip address 10.1.3.130 255.255.255.128
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int lo1


R3(config-if)# ip address 192.168.3.1 255.255.255.224
R3(config-if)# exit

R3(config)# int lo2


R3(config-if)# ip address 192.168.3.65 255.255.255.192
R3(config-if)# exit

6 | Page
III.2 Configure and Verify eBGP for IPv4 on all Routers

a. R1
R1(config)# router bgp 1000
R1(config-router)# bgp router-id 1.1.1.1
R1(config-router)# neighbor 10.1.2.2 remote-as 500
R1(config-router)# neighbor 10.1.3.3 remote-as 300
R1(config-router)# neighbor 10.1.3.130 remote-as 300
R1(config-router)#
R1(config-router)#

Advertise the IPv4 prefixes local to ASN 1000


b. R2
R2(config)# router bgp 500
R2(config-router)# bgp router-id 2.2.2.2
R2(config-router)# neighbor 10.1.2.1 remote-as 1000
R2(config-router)# neighbor 10.2.3.3 remote-as 300
R2(config-router)# network 192.168.2.0 mask 255.255.255.224
R2(config-router)# network 192.168.2.64 mask 255.255.255.192

c. R3
R3(config)# router bgp 300
R3(config-router)# bgp router-id 3.3.3.3

Routers R1 and R2 were configured using this default behavior. The bgp default ipv4-unicast command
enables the automatic exchange of IPv4 address family prefixes.

When this command is disabled using no bgp default ipv4-unicast, bgp neighbors must be activated within
IPv4 address family (AF) configuration mode. BGP network commands must also be configured within IPv4
AF mode.
R3(config-router)# no bgp default ipv4-unicast
R3(config-router)# neighbor 10.2.3.2 remote-as 500
R3(config-router)# neighbor 10.1.3.1 remote-as 1000
R3(config-router)# neighbor 10.1.3.129 remote-as 1000

The interfaces on R3 need to be activated in IPv4 AF configuration mode. The neighbor activate command
in IPv4 AF configuration mode is required to enable the exchange of BGP information between neighbors.
This will enable R3 to form an established neighbor adjacency with both R1 and R2.
R3(config-router)# address-family ipv4
R3(config-router-af)# neighbor 10.1.3.1 activate
R3(config-router-af)# neighbor 10.1.3.129 activate
R3(config-router-af)# neighbor 10.2.3.2 activate
R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224
R3(config-router-af)# network 192.168.3.64 mask 255.255.255.192

7 | Page
III.3 Verifying BGP Table

a. R1

R1#show ip bgp
BGP table version is 7, local router ID is 1.1.1.1
[…]
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


*> 192.168.1.0/27 0.0.0.0 0 32768 i
*> 192.168.1.64/26 0.0.0.0 0 32768 i
* 192.168.2.0/27 10.1.3.130 0 300 500 i
* 10.1.3.3 0 300 500 i
*> 10.1.2.2 0 0 500 i
* 192.168.2.64/26 10.1.3.130 0 300 500 i
* 10.1.3.3 0 300 500 i
*> 10.1.2.2 0 0 500 i
* 192.168.3.0/27 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
R1#

b. R2

R2#show ip bgp
BGP table version is 7, local router ID is 2.2.2.2
[…]
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


* 192.168.1.0/27 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
* 192.168.1.64/26 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
*> 192.168.2.0/27 0.0.0.0 0 32768 i
*> 192.168.2.64/26 0.0.0.0 0 32768 i
* 192.168.3.0/27 10.1.2.1 0 1000 300 i
*> 10.2.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.1 0 1000 300 i
*> 10.2.3.3 0 0 300 i
R2#

8 | Page
c. R3

R3#show bgp ipv4 unicast


BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


*> 192.168.1.0/27 10.1.3.1 0 0 1000 i
* 10.2.3.2 0 500 1000 i
* 10.1.3.129 0 0 1000 i
*> 192.168.1.64/26 10.1.3.1 0 0 1000 i
* 10.2.3.2 0 500 1000 i
* 10.1.3.129 0 0 1000 i
* 192.168.2.0/27 10.1.3.1 0 1000 500 i
*> 10.2.3.2 0 0 500 i
* 10.1.3.129 0 1000 500 i
* 192.168.2.64/26 10.1.3.1 0 1000 500 i
*> 10.2.3.2 0 0 500 i
* 10.1.3.129 0 1000 500 i
*> 192.168.3.0/27 0.0.0.0 0 32768 i
*> 192.168.3.64/26 0.0.0.0 0 32768 i
R3#

III.4 Configure and Verify Route Summarization and Atomic Aggregate with BGP
Summarizing prefixes conserves router resources and accelerates best-path calculation by reducing the size
of the table. Summarization can be configured either for prefixes originated by the AS or prefixes received
from downstream providers. Summarization also provides the benefits of stability by hiding flapping routes
or having to install new prefixes when they are contained within a summary.

Although AS 1000 only has two prefixes 192.168.1.0/27 and 192.168.1.64/26, this customer has been
allocated the entire 192.168.1.0/24 prefix. R3 in AS 300 has two prefixes 192.168.3.0/27 and
192.168.3.64/26 but has been allocated the entire 192.168.3.0/24 prefix.

Configure R1 and R3 to advertise a summary or aggregate route using the aggregate-address command.
The summary-only option suppresses the specific prefixes that are summarized from also being advertised.
Notice that this command is configured in address-family ipv4 configuration mode on R3.

a. R1
R1(config)# router bgp 1000
R1(config-router)# aggregate-address 192.168.1.0 255.255.255.0 summary-only
R1(config-router)# end

9 | Page
b. R3
R3(config)# router bgp 300
R3(config-router)# address-family ipv4
R3(config-router-af)# aggregate-address 192.168.3.0 255.255.255.0 summary-only
R3(config-router-af)# end

III.5 Verify route summarization using atomic aggregate


Verify the route summarization in R1
a.

R1#show ip route bgp | begin Gateway


Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 5 subnets, 4 masks


B 192.168.1.0/24 [200/0], 00:01:45, Null0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.2.0/27 [20/0] via 10.1.2.2, 00:13:13
B 192.168.2.64/26 [20/0] via 10.1.2.2, 00:13:13
B 192.168.3.0/24 [20/0] via 10.1.3.3, 00:00:44
R1#

b. Verify the route summarization in R3

R3#show ip route bgp | begin Gateway


Gateway of last resort is not set

B 192.168.1.0/24 [20/0] via 10.1.3.1, 00:06:07


192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.2.0/27 [20/0] via 10.2.3.2, 00:15:27
B 192.168.2.64/26 [20/0] via 10.2.3.2, 00:15:27
192.168.3.0/24 is variably subnetted, 5 subnets, 4 masks
B 192.168.3.0/24 [200/0], 00:05:13, Null0
R3#

R1 and R3 are each receiving the summary route from the other router.

c. Verify the route summarization in R2

Examine the BGP table on router R2 to verify the route summarization. When a prefix has the default classful
mask, the subnet mask is not displayed. Both 192.168.1.0 and 192.168.3.0 prefixes have a /24 prefix length
which would be the default mask for a Class C address.

R2#show ip route bgp | begin Gateway


Gateway of last resort is not set

B 192.168.1.0/24 [20/0] via 10.1.2.1, 00:03:24


B 192.168.3.0/24 [20/0] via 10.2.3.3, 00:02:22
R2#

10 | P a g e
III.5 Configure and Verify the Advertising of a Default Route

Configure R2 to advertise a default router to R1. R2 does not necessarily have to have a default route of its
own. Core internet routers that have full internet routing tables and do not require a default route are referred
to as being in a default-free zone (DFZ).

a. R2
R2(config)# router bgp 500
R2(config-router)# neighbor 10.1.2.1 default-originate

b. Verify the BGP default route in R1

After a few minute you will see:

R1#show ip route bgp | begin Gateway


Gateway of last resort is 10.1.2.2 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 10.1.2.2, 00:00:01


192.168.1.0/24 is variably subnetted, 5 subnets, 4 masks
B 192.168.1.0/24 [200/0], 00:22:26, Null0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.2.0/27 [20/0] via 10.1.2.2, 00:33:54
B 192.168.2.64/26 [20/0] via 10.1.2.2, 00:33:54
B 192.168.3.0/24 [20/0] via 10.1.3.3, 00:21:25
R1#

11 | P a g e
IV. TOPOLOGY LAB II
In this lab, you will configure MP-BGP, BGP for IPv4 and IPv6 using address families.

Note: This lab is an exercise in developing, deploying, and verifying various path manipulation tools for BGP,
and does not reflect networking best practices.

For more details about MP-BGP, see the Cisco CCNP ENCOR course.

12 | P a g e
V. IMPLEMENT MP-BGP
Multiprotocol BGP (MP-BGP) enables BGP to carry NLRI for multiple protocols, such as IPv4, IPv6, and
Multiprotocol Label Switching (MPLS) Layer 3 virtual private networks (L3VPNs).

RFC 4760 defines the following new features:

■ A new address family identifier (AFI) model


■ New BGPv4 optional and nontransitive attributes:
■ Multiprotocol reachable NLRI
■ Multiprotocol unreachable NLRI

The new multiprotocol reachable NLRI attribute describes IPv6 route information, and the multiprotocol
unreachable NLRI attribute withdraws the IPv6 route from service. The attributes are optional and
nontransitive, so if an older router does not understand the attributes, the information can just be ignored.

All the same underlying IPv4 path vector routing protocol features and rules also apply to MP-BGP for IPv6.
MP-BGP for IPv6 continues to use the same well-known TCP port 179 for session peering as BGP uses for
IPv4. During the initial open message negotiation, the BGP peer routers exchange capabilities. The MP-
BGP extensions include an address family identifier (AFI) that describes the supported protocols, along with
subsequent address family identifier (SAFI) attribute fields that describe whether the prefix applies to the
unicast or multicast routing table:

■ IPv4 unicast: AFI: 1, SAFI: 1


■ IPv6 unicast: AFI: 2, SAFI: 1

V.1 Build the Network and Configure Basic Device Settings and Interface Addressing

a. R1
Router(config)# hostname R1
R1(config)# no ip domain lookup

R1(config)# line con 0


R1(config-if)# logging sync
R1(config-if)# exec-time 3 60
R1(config-if)# exit

R1(config)# banner motd # This is R1, implement MP-BGP Lab #

R1(config)# int g0/0


R1(config-if)# ip add 10.1.2.1 255.255.255.0
R1(config-if)# ipv6 address FE80::1:1 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1012::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/1


13 | P a g e
R1(config-if)# ip address 10.1.3.1 255.255.255.128
R1(config-if)# ipv6 address FE80::1:2 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1013::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/2


R1(config-if)# ip address 10.1.3.129 255.255.255.128
R1(config-if)# ipv6 address FE80::1:3 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1014::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int lo0


R1(config-if)# ip address 192.168.1.1 255.255.255.224
R1(config-if)# ipv6 address FE80::1:4 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1000::1/64
R1(config-if)# exit

R1(config)# int lo1


R1(config-if)# ip address 192.168.1.65 255.255.255.192
R1(config-if)# ipv6 address FE80::1:5 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1001::1/64
R1(config-if)# exit

b. R2
Router(config)# hostname R2
R2(config)# no ip domain lookup

R2(config)# line con 0


R2(config-if)# logging sync
R2(config-if)# exec-time 3 60
R2(config-if)# exit

R2(config)# banner motd # This is R2, implement MP-BGP Lab #


R2(config)# int g0/0
R2(config-if)# ip add 10.1.2.2 255.255.255.0
R2(config-if)# ipv6 address FE80::2:1 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:1012::2/64
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int g0/1


R2(config-if)# ip address 10.2.3.2 255.255.255.0
R2(config-if)# ipv6 address FE80::2:2 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:1023::2/64
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int lo0


R2(config-if)# ip address 192.168.2.1 255.255.255.224
R2(config-if)# ipv6 address FE80::2:3 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:2000::1/64
14 | P a g e
R2(config-if)# exit

R2(config)# int lo1


R2(config-if)# ip address 192.168.2.65 255.255.255.192
R2(config-if)# ipv6 address FE80::2:4 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:2001::1/64
R2(config-if)# exit

c. R3
Router(config)# hostname R3
R3(config)# no ip domain lookup

R3(config)# line con 0


R3(config-if)# logging sync
R3(config-if)# exec-time 3 60
R3(config-if)# exit

R3(config)# banner motd # This is R3, implement MP-BGP Lab #

R3(config)# int g0/0


R3(config-if)# ip add 10.2.3.3 255.255.255.0
R3(config-if)# ipv6 address FE80::3:1 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1023::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/1


R3(config-if)# ip address 10.1.3.3 255.255.255.128
R3(config-if)# ipv6 address FE80::3:2 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1013::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/2


R3(config-if)# ip address 10.1.3.130 255.255.255.128
R3(config-if)# ipv6 address FE80::3:3 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1014::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int lo0


R3(config-if)# ip address 192.168.3.1 255.255.255.224
R3(config-if)# ipv6 address FE80::3:4 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:3000::1/64
R3(config-if)# exit

R3(config)# int lo1


R3(config-if)# ip address 192.168.3.65 255.255.255.192
R3(config-if)# ipv6 address FE80::3:5 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:3001::1/64
R3(config-if)# exit

15 | P a g e
V.2 Configure MP-BGP on all Routers

a. R1
R1(config)# ipv6 unicast-routing
R1(config)# router bgp 1000
R1(config-router)# bgp router-id 1.1.1.1
R1(config-router)# neighbor 10.1.2.2 remote-as 500
R1(config-router)# neighbor 10.1.3.3 remote-as 300
R1(config-router)# neighbor 10.1.3.130 remote-as 300
R1(config-router)# neighbor 2001:db8:acad:1012::2 remote-as 500
R1(config-router)# neighbor 2001:db8:acad:1013::3 remote-as 300
R1(config-router)# neighbor 2001:db8:acad:1014::3 remote-as 300

R1(config-router)# address-family ipv4 unicast


R1(config-router-af)# neighbor 10.1.2.2 activate
R1(config-router-af)# neighbor 10.1.3.3 activate
R1(config-router-af)# neighbor 10.1.3.130 activate
R1(config-router-af)# network 192.168.1.0 mask 255.255.255.224
R1(config-router-af)# network 192.168.1.64 mask 255.255.255.192
R1(config-router-af)# exit

R1(config-router)# address-family ipv6 unicast


R1(config-router-af)# neighbor 2001:db8:acad:1012::2 activate
R1(config-router-af)# neighbor 2001:db8:acad:1013::3 activate
R1(config-router-af)# neighbor 2001:db8:acad:1014::3 activate
R1(config-router-af)# network 2001:db8:acad:1000::/64
R1(config-router-af)# network 2001:db8:acad:1001::/64
R1(config-router-af)# exit
R1(config-router)# exit

b. R2
R2(config)# ipv6 unicast-routing
R2(config)# router bgp 500
R2(config-router)# bgp router-id 2.2.2.2
R2(config-router)# neighbor 10.1.2.1 remote-as 1000
R2(config-router)# neighbor 10.2.3.3 remote-as 300
R2(config-router)# neighbor 2001:db8:acad:1012::1 remote-as 1000
R2(config-router)# neighbor 2001:db8:acad:1023::3 remote-as 300

R2(config-router)# address-family ipv4 unicast


R2(config-router-af)# neighbor 10.1.2.1 activate
R2(config-router-af)# neighbor 10.2.3.3 activate
R2(config-router-af)# network 192.168.2.0 mask 255.255.255.224
R2(config-router-af)# network 192.168.2.64 mask 255.255.255.192
R2(config-router-af)# exit

R2(config-router)# address-family ipv6 unicast


R2(config-router-af)# neighbor 2001:db8:acad:1012::1 activate
R2(config-router-af)# neighbor 2001:db8:acad:1023::3 activate
R2(config-router-af)# network 2001:db8:acad:2000::/64
R2(config-router-af)# network 2001:db8:acad:2001::/64

16 | P a g e
c. R3
R3(config)# ipv6 unicast-routing
R3(config)# router bgp 300
R3(config-router)# bgp router-id 3.3.3.3
R3(config-router)# neighbor 10.2.3.2 remote-as 500
R3(config-router)# neighbor 10.1.3.1 remote-as 1000
R3(config-router)# neighbor 10.1.3.129 remote-as 1000
R3(config-router)# neighbor 2001:db8:acad:1023::2 remote-as 500
R3(config-router)# neighbor 2001:db8:acad:1013::1 remote-as 1000
R3(config-router)# neighbor 2001:db8:acad:1014::1 remote-as 1000

R3(config-router)# address-family ipv4 unicast


R3(config-router-af)# neighbor 10.1.3.1 activate
R3(config-router-af)# neighbor 10.1.3.129 activate
R3(config-router-af)# neighbor 10.2.3.2 activate
R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224
R3(config-router-af)# network 192.168.3.64 mask 255.255.255.192
R3(config-router-af)# exit

R3(config-router)# address-family ipv6 unicast


R3(config-router-af)# neighbor 2001:db8:acad:1023::2 activate
R3(config-router-af)# neighbor 2001:db8:acad:1013::1 activate
R3(config-router-af)# neighbor 2001:db8:acad:1014::1 activate
R3(config-router-af)# network 2001:db8:acad:3000::/64
R3(config-router-af)# network 2001:db8:acad:3001::/64
R3(config-router-af)# exit
R3(config-router)# exit

17 | P a g e
V.3 Verify MP-BGP

a. R2 : IPv4 neighbors
R2#show bgp ipv4 unicast summary
BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 7, main routing table version 7
6 network entries using 864 bytes of memory
10 path entries using 840 bytes of memory
5/3 BGP path/bestpath attribute entries using 800 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2600 total bytes of memory
BGP activity 12/0 prefixes, 18/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down


State/PfxRcd
10.1.2.1 4 1000 8 7 7 0 0 00:02:07 4
10.2.3.3 4 300 7 7 7 0 0 00:00:58 4
R2#

b. R2 : IPv6 neighbors

R2#show bgp ipv6 unicast summary


BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 7, main routing table version 7
6 network entries using 1008 bytes of memory
8 path entries using 864 bytes of memory
4/3 BGP path/bestpath attribute entries using 640 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2608 total bytes of memory
BGP activity 12/0 prefixes, 18/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down


State/PfxRcd
2001:DB8:ACAD:1012::1
4 1000 6 6 7 0 0 00:01:58 2
2001:DB8:ACAD:1023::3
4 300 7 9 7 0 0 00:00:45 4
R2#

18 | P a g e
V.4 Configure and Verify IPv6 Route Summarization

Summarizing prefixes conserves router resources and accelerates best-path calculation by reducing the size
of the table. Summarization can be configured either for prefixes originated by the AS or prefixes received
from downstream providers. Summarization also provides the benefits of stability by hiding flapping routes
or having to install new prefixes when they are contained within a summary.

Although AS 1000 only has two IPv6 prefixes - 2001:db8:acad:1000::/64 and 2001:db8:acad:1001::/64, this
customer has been allocated the entire 2001:db8:acad:1000::/52 prefix (2001:db8:acad:1xxx).

R1 is configured using the aggregate-address command in IPv6 AF mode to summarize its IPv6 prefixes.
This is known as a summary route or aggregate route. The summary-only option suppresses the more
specific prefixes from also being advertised.

a. R1
R1(config)# router bgp 1000
R1(config-router)# address-family ipv6 unicast
R1(config-router)# aggregate-address 2001:db8:acad:1000::/52 summary-only
R1(config-router)# end

V.5 Verify route summarization using atomic aggregate

a. Verify the route summarization in R3

R3#show ipv6 route bgp | section 2001


B 2001:DB8:ACAD:1000::/52 [20/0]
via FE80::2:2, GigabitEthernet0/0
B 2001:DB8:ACAD:1000::/64 [20/0]
via FE80::1:2, GigabitEthernet0/1
B 2001:DB8:ACAD:1001::/64 [20/0]
via FE80::1:2, GigabitEthernet0/1
B 2001:DB8:ACAD:2000::/64 [20/0]
via FE80::2:2, GigabitEthernet0/0
B 2001:DB8:ACAD:2001::/64 [20/0]
via FE80::2:2, GigabitEthernet0/0
R3#

a. Verify the route summarization in R1

R1#show ipv6 route bgp | section 2001


B 2001:DB8:ACAD:1000::/52 [20/0]
via FE80::2:1, GigabitEthernet0/0
B 2001:DB8:ACAD:2000::/64 [20/0]
via FE80::2:1, GigabitEthernet0/0
B 2001:DB8:ACAD:2001::/64 [20/0]
via FE80::2:1, GigabitEthernet0/0
B 2001:DB8:ACAD:3000::/64 [20/0]
via FE80::3:2, GigabitEthernet0/1
B 2001:DB8:ACAD:3001::/64 [20/0]
via FE80::3:2, GigabitEthernet0/1
R1#

19 | P a g e
V.6 Configure and Verify BGP Path Manipulation Settings on all Routers

V.6.1 Configure ACL-based route filtering

On R1, issue the command show bgp ipv4 unicast | i 300 to see what prefixes ASN300 is sharing via BGP.
Take note of those prefixes that do not originate in ASN300.

R1#show bgp ipv4 unicast | i 300


* 192.168.2.0/27 10.1.3.130 0 300 500 i
* 10.1.3.3 0 300 500 i
* 192.168.2.64/26 10.1.3.130 0 300 500 i
* 10.1.3.3 0 300 500 i
* 192.168.3.0/27 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
R1#

On R3, configure an access list designed to match the source address and mask of the networks belonging
to ASN300.
R3(config)# ip access-list extended ALLOWED_TO_R1
R3(config-ext-acl)# permit ip 192.168.3.0 0.0.0.0 255.255.255.224 0.0.0.0
R3(config-ext-acl)# permit ip 192.168.3.64 0.0.0.0 255.255.255.192 0.0.0.0
R3(config-ext-acl)# end

On R3, apply the ALLOWED_TO_R1 ACL as a distribute list to the IPv4 neighbor adjacencies with R1.

R3(config)# router bgp 300


R3(config-routerl)# address-family ipv4 unicast
R3(config-router-af)# neighbor 10.1.3.1 distribute-list ALLOWED_TO_R1 out
R3(config-router-af)# neighbor 10.1.3.129 distribute-list ALLOWED_TO_R1 out

Perform a soft reset of the IPv4 adjacency with R1 for the outbound traffic without tearing down the
session.
R3# clear bgp ipv4 unicast 1000 out

On R1, issue the command show bgp ipv4 unicast | i 300 to see what prefixes routes ASN300 is now
sharing via BGP. All of the prefixes should now originate in ASN300:

R1#show bgp ipv4 unicast | i 300


* 192.168.3.0/27 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
R1#

20 | P a g e
V.6.2 Configure prefix-list-based route filtering

On R1, issue the command show bgp ipv4 unicast | begin 192.168.3 to see what prefixes ASN500 is
sharing via BGP. Take note of those prefixes that do not originate in ASN500.

In this step, you will configure R1 so that it only accepts ASN500 networks from R2; it will not accept
information about ASN300 networks from R2.
R1#show bgp ipv4 unicast | begin 192.168.3
* 192.168.3.0/27 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.2 0 500 300 i
* 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
R1#

On R1, configure a prefix list designed to match the source address and mask of networks belonging to
ASN500.
R1(config)# ip prefix-list ALLOWED_FROM_R2 seq 5 permit 192.168.2.0/24 le 27

R1(config)# router bgp 1000


R1(config-routerl)# address-family ipv4 unicast
R1(config-router-af)# neighbor 10.1.2.2 prefix-list ALLOWED_FROM_R2 in
R1(config-router-af)# end

Perform a soft reset of the IPv4 adjacency with R1 for the outbound traffic without tearing down the
session.
R1# clear bgp ipv4 unicast 500 in

On R1, issue the command show bgp ipv4 unicast | i 500 to see what prefixes routes ASN500 is now
sharing via BGP. All of the prefixes should now originate in ASN500.

R1#show bgp ipv4 unicast | i 500


*> 192.168.2.0/27 10.1.2.2 0 0 500 i
*> 192.168.2.64/26 10.1.2.2 0 0 500 i

R1#show bgp ipv4 unicast | begin 192.168.3


* 192.168.3.0/27 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
* 192.168.3.64/26 10.1.3.130 0 0 300 i
*> 10.1.3.3 0 0 300 i
R1#

V.6.3 Configure prefix-list-based route filtering

On R2, issue the command show bgp ipv4 unicast | begin Network to see what prefixes ASN1000 is
sharing via BGP. Take note of those prefixes that do not originate in ASN6500. Advertising these routes
could set ASN1000 up as a transit AS, and that is not a desirable scenario.
21 | P a g e
In this step, you will configure R1 so that it only sends ASN1000 networks to R2; it will not forward information
about prefixes from any other ASN to ASN500.

R2#show bgp ipv4 unicast | begin Network


Network Next Hop Metric LocPrf Weight Path
* 192.168.1.0/27 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
* 192.168.1.64/26 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
*> 192.168.2.0/27 0.0.0.0 0 32768 i
*> 192.168.2.64/26 0.0.0.0 0 32768 i
* 192.168.3.0/27 10.1.2.1 0 1000 300 i
*> 10.2.3.3 0 0 300 i
* 192.168.3.64/26 10.1.2.1 0 1000 300 i
*> 10.2.3.3 0 0 300 i
R2#

On R1, configure AS-PATH ACL to match the routes from the local ASN.
R1(config)# ip as-path access-list 1 permit ^$

On R1, apply the AS-PATH ACL as a filter-list on the adjacency configured with R2.

R1(config)# router bgp 1000


R1(config-routerl)# address-family ipv4 unicast
R1(config-router-af)# neighbor 10.1.2.2 filter-list 1 out
R1(config-router-af)# end

On R1, perform a reset of the IPv4 adjacency with R2 for the outbound traffic without tearing down the
session.
R1# clear bgp ipv4 unicast 500 out

On R2, issue the command show bgp ipv4 unicast | i 1000 to see what prefixes routes ASN1000 is now
sharing via BGP. All of the prefixes should now originate in ASN1000.

R2#show bgp ipv4 unicast | i 1000


* 192.168.1.0/27 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
* 192.168.1.64/26 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i

R2#show bgp ipv4 unicast | begin Network


Network Next Hop Metric LocPrf Weight Path
* 192.168.1.0/27 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
* 192.168.1.64/26 10.2.3.3 0 300 1000 i
*> 10.1.2.1 0 0 1000 i
*> 192.168.2.0/27 0.0.0.0 0 32768 i
*> 192.168.2.64/26 0.0.0.0 0 32768 i
*> 192.168.3.0/27 10.2.3.3 0 0 300 i
*> 192.168.3.64/26 10.2.3.3 0 0 300 i

Any prefix with AS-Path 1000 300 i is no longer sent to R2.

22 | P a g e
V.6.4 Configure IPv6 prefix-list-based route filtering

In this step, you will configure R1 so that it only accepts ASN500 IPv6 networks from R2. It will not accept
information about ASN300 IPv6 networks from R2.

On R1, issue the command show bgp ipv6 unicast neighbors 2001:db8:acad:1012::2 routes to see what
IPv6 prefixes ASN500 is sharing via BGP. Take note of those IPv6 prefixes that do not originate in ASN500.
R1#show bgp ipv6 unicast neighbors 2001:db8:acad:1012::2 routes
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


*> 2001:DB8:ACAD:2000::/64
2001:DB8:ACAD:1012::2
0 0 500 i
*> 2001:DB8:ACAD:2001::/64
2001:DB8:ACAD:1012::2
0 0 500 i
* 2001:DB8:ACAD:3000::/64
2001:DB8:ACAD:1012::2
0 500 300 i
* 2001:DB8:ACAD:3001::/64
2001:DB8:ACAD:1012::2
0 500 300 i

Total number of prefixes 4


R1#

On R1, configure an IPv6 prefix list designed to match the source address and mask of networks
belonging to ASN500.
R1(config)# ipv6 prefix-list IPV6_ALLOWED_FROM_R2 seq 5 permit
2001:db8:acad:2000::/64

R1(config)# ipv6 prefix-list IPV6_ALLOWED_FROM_R2 seq 10 permit


2001:db8:acad:2001::/64

Apply the IPV6_ALLOWED_FROM_R2 prefix list to the IPv6 neighbor adjacencies for R2.

R1(config)# router bgp 1000


R1(config-routerl)# address-family ipv6 unicast
R1(config-router-af)# neighbor 2001:db8:acad:1012::2 prefix-list
IPV6_ALLOWED_FROM_R2 in
R1(config-router-af)# end

Perform a reset of the IPv6 adjacency with R2 for the inbound traffic without tearing down the session.
R1# clear bgp ipv6 unicast 500 in

23 | P a g e
On R1, issue the command show bgp ipv6 unicast neighbors 2001:db8:acad:1012::2 routes to see what
IPv6 prefixes routes ASN500 is now sharing via BGP. All of the IPv6 prefixes should now originate in ASN500.

R1#show bgp ipv6 unicast neighbors 2001:db8:acad:1012::2 routes


BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


*> 2001:DB8:ACAD:2000::/64
2001:DB8:ACAD:1012::2
0 0 500 i
*> 2001:DB8:ACAD:2001::/64
2001:DB8:ACAD:1012::2
0 0 500 i

Total number of prefixes 2


R1#

V.6.4 Configure IPv6 prefix-list-based route filtering

In this step, you will configure R1 so that it prefers the next-hop address of 192.168.3.130 over 192.168.3.3,
which would normally be the preferred path to ASN300 networks. You will do this by using a prefix list to
identify the destination networks and then use a route map to match the prefix list and set the matched
networks to have a local preference of 250.
R1#show bgp ipv4 unicast 192.168.3.0
BGP routing table entry for 192.168.3.0/27, version 6
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 2
300
10.1.3.130 from 10.1.3.130 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
300
10.1.3.3 from 10.1.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R1#

On R1, configure a prefix list designed to match the source address and mask of networks belonging to
ASN300.
R1(config)# ip prefix-list PREFERRED_IPV4_PATH seq 5 permit 192.168.3.0/24
le 27

Create a route-map named USE_THIS_PATH_FOR_IPV4 that matches on the prefix list you just created
and sets the local preference to 250.
24 | P a g e
R1(config)# route-map USE_THIS_PATH_FOR_IPV4 permit 10
R1(config)# match ip address prefix-list PERFERRED_IPV4_PATH
R1(config)# set local-preference 250

Next, apply this route map to the BGP neighbor 10.1.3.130.


R1(config)# router bgp 1000
R1(config-router)# address-family ipv4 unicast
R1(config-router-af)# neighbor 10.1.3.130 route-map USE_THIS_PATH_FOR_IPV4
in

Perform a reset of the IPv4 adjacency with R3 for the inbound traffic without tearing down the session.

R1# clear bgp ipv4 unicast 300 in

On R1, issue the command show ip route bgp and take note of the next hop addresses for the
192.168.3.0/27 and 192.168.3.64/26 networks; it should be 10.1.3.130 for both. Issue the command show
bgp ipv4 unicast and you should see the local preference value in the appropriate column.
R1#show ip route bgp | begin Gateway
Gateway of last resort is not set

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks


B 192.168.2.0/27 [20/0] via 10.1.2.2, 00:05:59
B 192.168.2.64/26 [20/0] via 10.1.2.2, 00:05:59
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.3.0/27 [20/0] via 10.1.3.130, 00:02:35
B 192.168.3.64/26 [20/0] via 10.1.3.130, 00:02:35
R1#

R1#show bgp ipv4 unicast 192.168.3.0


BGP routing table entry for 192.168.3.0/27, version 8
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 2
300
10.1.3.130 from 10.1.3.130 (3.3.3.3)
Origin IGP, metric 0, localpref 250, valid, external, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 2
300
10.1.3.3 from 10.1.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external
rx pathid: 0, tx pathid: 0

R1#show bgp ipv4 unicast | begin Network


Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0/27 0.0.0.0 0 32768 i
*> 192.168.1.64/26 0.0.0.0 0 32768 i
*> 192.168.2.0/27 10.1.2.2 0 0 500 i
*> 192.168.2.64/26 10.1.2.2 0 0 500 i
*> 192.168.3.0/27 10.1.3.130 0 250 0 300 i
* 10.1.3.3 0 0 300 i
*> 192.168.3.64/26 10.1.3.130 0 250 0 300 i
* 10.1.3.3 0 0 300 i
R1#

25 | P a g e
VI. TOPOLOGY LAB III
As you saw in the previous lab, standard path manipulation tools generally require a lot of configuration.
Imagine if the last lab was implemented in a large and complex routing environment. Using BGP communities
gives you an option for tagging and controlling routing information in a less labor-intensive manner. In this
lab you will configure Multi-Protocol BGP and implement BGP community configurations for both IPv4 and
IPv6.
Objectives:

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
Part 3: Configure and Verify BGP Communities on all Routers

Note: This lab is an exercise in developing, deploying, and verifying BGP communities, and does not reflect
networking best practices.

For more details about MP-BGP, see the Cisco CCNP ENCOR course.

26 | P a g e
VII. IMPLEMENT BGP COMMUNITIES
Multiprotocol BGP (MP-BGP) enables BGP to carry NLRI for multiple protocols, such as IPv4, IPv6, and
Multiprotocol Label Switching (MPLS) Layer 3 virtual private networks (L3VPNs).

RFC 4760 defines the following new features:

■ A new address family identifier (AFI) model


■ New BGPv4 optional and nontransitive attributes:
■ Multiprotocol reachable NLRI
■ Multiprotocol unreachable NLRI

The new multiprotocol reachable NLRI attribute describes IPv6 route information, and the multiprotocol
unreachable NLRI attribute withdraws the IPv6 route from service. The attributes are optional and
nontransitive, so if an older router does not understand the attributes, the information can just be ignored.

All the same underlying IPv4 path vector routing protocol features and rules also apply to MP-BGP for IPv6.
MP-BGP for IPv6 continues to use the same well-known TCP port 179 for session peering as BGP uses for
IPv4. During the initial open message negotiation, the BGP peer routers exchange capabilities. The MP-
BGP extensions include an address family identifier (AFI) that describes the supported protocols, along with
subsequent address family identifier (SAFI) attribute fields that describe whether the prefix applies to the
unicast or multicast routing table:

■ IPv4 unicast: AFI: 1, SAFI: 1


■ IPv6 unicast: AFI: 2, SAFI: 1

V.1 Build the Network and Configure Basic Device Settings and Interface Addressing

a. R1
Router(config)# hostname R1
R1(config)# no ip domain lookup

R1(config)# line con 0


R1(config-if)# logging sync
R1(config-if)# exec-time 3 60
R1(config-if)# exit

R1(config)# banner motd # This is R1, implement MP-BGP Lab #

R1(config)# int g0/0


R1(config-if)# ip add 10.1.2.1 255.255.255.0
R1(config-if)# ipv6 address FE80::1:1 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1012::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/1


27 | P a g e
R1(config-if)# ip address 10.1.3.1 255.255.255.128
R1(config-if)# ipv6 address FE80::1:2 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1013::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int g0/2


R1(config-if)# ip address 10.1.3.129 255.255.255.128
R1(config-if)# ipv6 address FE80::1:3 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1014::1/64
R1(config-if)# no shut
R1(config-if)# exit

R1(config)# int lo0


R1(config-if)# ip address 192.168.1.1 255.255.255.224
R1(config-if)# ipv6 address FE80::1:4 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1000::1/64
R1(config-if)# exit

R1(config)# int lo1


R1(config-if)# ip address 192.168.1.65 255.255.255.192
R1(config-if)# ipv6 address FE80::1:5 link-local
R1(config-if)# ipv6 address 2001:DB8:ACAD:1001::1/64
R1(config-if)# exit

b. R2
Router(config)# hostname R2
R2(config)# no ip domain lookup

R2(config)# line con 0


R2(config-if)# logging sync
R2(config-if)# exec-time 3 60
R2(config-if)# exit

R2(config)# banner motd # This is R2, implement MP-BGP Lab #


R2(config)# int g0/0
R2(config-if)# ip add 10.1.2.2 255.255.255.0
R2(config-if)# ipv6 address FE80::2:1 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:1012::2/64
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int g0/1


R2(config-if)# ip address 10.2.3.2 255.255.255.0
R2(config-if)# ipv6 address FE80::2:2 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:1023::2/64
R2(config-if)# no shut
R2(config-if)# exit

R2(config)# int lo0


R2(config-if)# ip address 192.168.2.1 255.255.255.224
R2(config-if)# ipv6 address FE80::2:3 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:2000::1/64
28 | P a g e
R2(config-if)# exit

R2(config)# int lo1


R2(config-if)# ip address 192.168.2.65 255.255.255.192
R2(config-if)# ipv6 address FE80::2:4 link-local
R2(config-if)# ipv6 address 2001:DB8:ACAD:2001::1/64
R2(config-if)# exit

c. R3
Router(config)# hostname R3
R3(config)# no ip domain lookup

R3(config)# line con 0


R3(config-if)# logging sync
R3(config-if)# exec-time 3 60
R3(config-if)# exit

R3(config)# banner motd # This is R3, implement MP-BGP Lab #

R3(config)# int g0/0


R3(config-if)# ip add 10.2.3.3 255.255.255.0
R3(config-if)# ipv6 address FE80::3:1 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1023::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/1


R3(config-if)# ip address 10.1.3.3 255.255.255.128
R3(config-if)# ipv6 address FE80::3:2 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1013::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int g0/2


R3(config-if)# ip address 10.1.3.130 255.255.255.128
R3(config-if)# ipv6 address FE80::3:3 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:1014::3/64
R3(config-if)# no shut
R3(config-if)# exit

R3(config)# int lo0


R3(config-if)# ip address 192.168.3.1 255.255.255.224
R3(config-if)# ipv6 address FE80::3:4 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:3000::1/64
R3(config-if)# exit

R3(config)# int lo1


R3(config-if)# ip address 192.168.3.65 255.255.255.192
R3(config-if)# ipv6 address FE80::3:5 link-local
R3(config-if)# ipv6 address 2001:DB8:ACAD:3001::1/64
R3(config-if)# exit

29 | P a g e
VI.2 Configure MP-BGP on all Routers

a. R1
R1(config)# ipv6 unicast-routing
R1(config)# router bgp 1000
R1(config-router)# bgp router-id 1.1.1.1
R1(config-router)# neighbor 10.1.2.2 remote-as 500
R1(config-router)# neighbor 10.1.3.3 remote-as 300
R1(config-router)# neighbor 10.1.3.130 remote-as 300
R1(config-router)# neighbor 2001:db8:acad:1012::2 remote-as 500
R1(config-router)# neighbor 2001:db8:acad:1013::3 remote-as 300
R1(config-router)# neighbor 2001:db8:acad:1014::3 remote-as 300

R1(config-router)# address-family ipv4 unicast


R1(config-router-af)# neighbor 10.1.2.2 activate
R1(config-router-af)# neighbor 10.1.3.3 activate
R1(config-router-af)# neighbor 10.1.3.130 activate
R1(config-router-af)# network 192.168.1.0 mask 255.255.255.224
R1(config-router-af)# network 192.168.1.64 mask 255.255.255.192
R1(config-router-af)# exit

R1(config-router)# address-family ipv6 unicast


R1(config-router-af)# neighbor 2001:db8:acad:1012::2 activate
R1(config-router-af)# neighbor 2001:db8:acad:1013::3 activate
R1(config-router-af)# neighbor 2001:db8:acad:1014::3 activate
R1(config-router-af)# network 2001:db8:acad:1000::/64
R1(config-router-af)# network 2001:db8:acad:1001::/64
R1(config-router-af)# exit
R1(config-router)# exit

b. R2
R2(config)# ipv6 unicast-routing
R2(config)# router bgp 500
R2(config-router)# bgp router-id 2.2.2.2
R2(config-router)# neighbor 10.1.2.1 remote-as 1000
R2(config-router)# neighbor 10.2.3.3 remote-as 300
R2(config-router)# neighbor 2001:db8:acad:1012::1 remote-as 1000
R2(config-router)# neighbor 2001:db8:acad:1023::3 remote-as 300

R2(config-router)# address-family ipv4 unicast


R2(config-router-af)# neighbor 10.1.2.1 activate
R2(config-router-af)# neighbor 10.2.3.3 activate
R2(config-router-af)# network 192.168.2.0 mask 255.255.255.224
R2(config-router-af)# network 192.168.2.64 mask 255.255.255.192
R2(config-router-af)# exit

R2(config-router)# address-family ipv6 unicast


R2(config-router-af)# neighbor 2001:db8:acad:1012::1 activate
R2(config-router-af)# neighbor 2001:db8:acad:1023::3 activate
R2(config-router-af)# network 2001:db8:acad:2000::/64
R2(config-router-af)# network 2001:db8:acad:2001::/64

30 | P a g e
c. R3
R3(config)# ipv6 unicast-routing
R3(config)# router bgp 300
R3(config-router)# bgp router-id 3.3.3.3
R3(config-router)# neighbor 10.2.3.2 remote-as 500
R3(config-router)# neighbor 10.1.3.1 remote-as 1000
R3(config-router)# neighbor 10.1.3.129 remote-as 1000
R3(config-router)# neighbor 2001:db8:acad:1023::2 remote-as 500
R3(config-router)# neighbor 2001:db8:acad:1013::1 remote-as 1000
R3(config-router)# neighbor 2001:db8:acad:1014::1 remote-as 1000

R3(config-router)# address-family ipv4 unicast


R3(config-router-af)# neighbor 10.1.3.1 activate
R3(config-router-af)# neighbor 10.1.3.129 activate
R3(config-router-af)# neighbor 10.2.3.2 activate
R3(config-router-af)# network 192.168.3.0 mask 255.255.255.224
R3(config-router-af)# network 192.168.3.64 mask 255.255.255.192
R3(config-router-af)# exit

R3(config-router)# address-family ipv6 unicast


R3(config-router-af)# neighbor 2001:db8:acad:1023::2 activate
R3(config-router-af)# neighbor 2001:db8:acad:1013::1 activate
R3(config-router-af)# neighbor 2001:db8:acad:1014::1 activate
R3(config-router-af)# network 2001:db8:acad:3000::/64
R3(config-router-af)# network 2001:db8:acad:3001::/64
R3(config-router-af)# exit
R3(config-router)# exit

31 | P a g e
VI.3 Verify MP-BGP

a. R2 : IPv4 neighbors
R2#show bgp ipv4 unicast summary
BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 7, main routing table version 7
6 network entries using 864 bytes of memory
10 path entries using 840 bytes of memory
5/3 BGP path/bestpath attribute entries using 800 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2600 total bytes of memory
BGP activity 12/0 prefixes, 18/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down


State/PfxRcd
10.1.2.1 4 1000 8 7 7 0 0 00:02:07 4
10.2.3.3 4 300 7 7 7 0 0 00:00:58 4
R2#

b. R2 : IPv6 neighbors

R2#show bgp ipv6 unicast summary


BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 7, main routing table version 7
6 network entries using 1008 bytes of memory
8 path entries using 864 bytes of memory
4/3 BGP path/bestpath attribute entries using 640 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2608 total bytes of memory
BGP activity 12/0 prefixes, 18/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down


State/PfxRcd
2001:DB8:ACAD:1012::1
4 1000 6 6 7 0 0 00:01:58 2
2001:DB8:ACAD:1023::3
4 300 7 9 7 0 0 00:00:45 4
R2#

32 | P a g e
VI.4 Configure and Verify BGP Communities on all Routers

You will configure BGP communities and various community attributes to see their effect on routing decisions.
The way these tools are being used is not meant to represent best practice, but to assess your ability to
complete the required configurations.

VI.4.1 Configure all routers to send community information

In this step, you will configure all of the routers to support the new-format for exchanging community
information and enable sending community information to all neighbors on all routers. A BGP community is
a 32-bit number that can be included as a flag or tag in a route.

The BGP community can be configured and displayed as two 16 bit numbers AA:NN commonly referred to
as new-format. To configure and display using the AA:NN, issue the ip bgp-community new-format command.
The first part of the AA:NN represents the AS number and the second part represents a 2-byte number.

Issue the global configuration command that enables configuration and display of community information
using the AA:NN format.

a. R1
R1(config)# ip bgp-community new-format

R1(config)# router bgp 1000


R1(config-router)# address-family ipv6 unicast
R1(config-router-af)# neighbor 10.1.2.2 send-community
R1(config-router-af)# neighbor 10.1.3.3 send-community
R1(config-router-af)# neighbor 10.1.3.130 send-community
R1(config-router-af)# end

R1(config-router)# address-family ipv6 unicast


R1(config-router-af)# a neighbor 2001:db8:acad:1012::2 send-community
R1(config-router-af)# neighbor 2001:db8:acad:1013::3 send-community
R1(config-router-af)# neighbor 2001:db8:acad:1014::3 send-community
R1(config-router)# end

b. R2
R2(config)# ip bgp-community new-format

R2(config)# router bgp 500


R2(config-router)# address-family ipv6 unicast
R2(config-router-af)# neighbor 10.1.2.1 send-community
R2(config-router-af)# neighbor 10.2.3.3 send-community
R2(config-router-af)# end

R2(config-router)# address-family ipv6 unicast


R2(config-router-af)# a neighbor 2001:db8:acad:1012::1 send-community
R2(config-router-af)# neighbor 2001:db8:acad:1023::3 send-community
R2(config-router)# end
33 | P a g e
c. R3
R2(config)# ip bgp-community new-format

R2(config)# router bgp 300


R2(config-router)# address-family ipv6 unicast
R2(config-router-af)# neighbor 10.1.3.1 send-community
R2(config-router-af)# neighbor 10.2.3.2 send-community
R2(config-router-af)# neighbor 10.1.3.129 send-community
R2(config-router-af)# exit

R2(config-router)# address-family ipv6 unicast


R2(config-router-af)# neighbor 2001:db8:acad:1013::1 send-community
R2(config-router-af)# neighbor 2001:db8:acad:1014::1 send-community
R2(config-router-af)# neighbor 2001:db8:acad:1023::2 send-community
R2(config-router)# end

VI.5 Configure and verify the effect of the no-export community

In this step, you will configure R3 so that it sets the well-known no-export community value on the updates
describing its local networks that are being sent to R1. The effect of this is that R1 will not pass along
information about these paths to other eBGP neighbors.

On R2, issue the command show bgp ipv4 unicast 192.168.3.0/27 to see to the available BGP paths to
192.168.3.0/27 from R2.

a. Verify the route summarization in R3

R2#show bgp ipv4 unicast 192.168.3.0/27


BGP routing table entry for 192.168.3.0/27, version 6
Paths: (2 available, best #2, table default)
Advertised to update-groups:
2
Refresh Epoch 1
1000 300
10.1.2.1 from 10.1.2.1 (1.1.1.1)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
300
10.2.3.3 from 10.2.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R2#

In this case, note that there are two paths, one directly from R3/ASN300 and the other from R1/ASN6500.
This might not be desirable, because it sets ASN6500 up as a transit network. To fix this issue, a prefix list
on R3 can be created to match the source address and mask of networks belonging to ASN300.

R3(config)# ip prefix-list LOCAL_NETWORK_COMMSET seq 5 permit 192.168.3.0/24


le 27

34 | P a g e
R3(config)# ip prefix-list LOCAL_NETWORK_COMMSET seq 5 permit 192.168.3.0/24
le 27

R3(config)# ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 5 permit


2001:db8:acad:3000::/64

R3(config)# ipv6 prefix-list LOCAL_6_NETWORK_COMMSET seq 10 permit


2001:db8:acad:3001::/64

Next, build a route map for IPv4 and IPv6 on R3 that uses the prefix list to set the no-export additive
community on networks matching the prefix list, and the internet additive community on networks that do not
match the prefix list. By default, when setting a community, any existing communities are over-written, but
can be preserved using the optional additive keyword.

R3(config)# route-map COMMSET permit 10


R3(config-route-map)# match ip address prefix-list LOCAL_NETWORK_COMMSET
R3(config-route-map)# exit
R3(config)# route-map COMMSET permit 20
R3(config-route-map)# set community internet additive
R3(config)# route-map COMMSET permit 10
R3(config-route-map)# match ipv6 address prefix-list LOCAL_6_NETWORK_COMMSET
R3(config-route-map)# set community no-export additive
R3(config)# route-map COMMSET_6 permit 20
R3(config-route-map)# set community internet additive

Next, apply these route maps to the neighbor statements associated with R1.

R3(config)# router bgp 300


R3(config-router)# address-family ipv4 unicast
R3(config-router-af)# neighbor 10.1.3.1 route-map COMMSET out
R3(config-router-af)# neighbor 10.1.3.129 route-map COMMSET out
R3(config-router-af)# address-family ipv6 unicast
R3(config-router-af)# neighbor 2001:db8:acad:1013::1 route-map COMMSET_6 out
R3(config-router-af)# neighbor 2001:db8:acad:1014::1 route-map COMMSET_6 out

Perform a reset of the adjacencies with the outbound traffic to R1 without tearing down the session.

R3# clear bgp ipv4 unicast 1000 out


R3# clear bgp ipv6 unicast 1000 out

On R2, issue the command show bgp ipv4 unicast 192.168.3.0/27 to see to the available BGP paths to
192.168.3.0/27 from R2. This time, you should not see a path to 192.168.3.0/27 via the next-hop 10.1.2.1.
If you use the command show bgp ipv6 unicast 2001:db8:acad:3000::/64, you will see only one next-hop
address, and that is 2001:db8:acad:1023::3

35 | P a g e
R2#show bgp ipv4 unicast 192.168.3.0/27
BGP routing table entry for 192.168.3.0/27, version 6
Paths: (1 available, best #1, table default)
Advertised to update-groups:
2
Refresh Epoch 1
300
10.2.3.3 from 10.2.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R2#

R2#show bgp ipv6 unicast 2001:db8:acad:3000::/64


BGP routing table entry for 2001:DB8:ACAD:3000::/64, version 6
Paths: (1 available, best #1, table default)
Flag: 0x100
Advertised to update-groups:
2
Refresh Epoch 2
300
2001:DB8:ACAD:1023::3 (FE80::3:1) from 2001:DB8:ACAD:1023::3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R2#

36 | P a g e

You might also like