Configuring Dual-Homing ISP Connections

Một phần của tài liệu CCNP practical studies routing (Trang 320 - 330)

In this scenario, you build upon the IBGP network in Figure 7-4 and configure EBGP on R1 and R2 and simulate a dual-homing ISP connection.

Because most CCNP candidates do not have two ISP connections to configure in a lab environment, you configure two routers and inject default routes along with a large IP routing table to simulate an ISP router.

Figure 7-6 displays the EBGP connections on R1 and R2 and the IP addressing.

Figure 7-6. EBGP Connections

Configure the routers ISP1 and ISP2 for EBGP and advertise a default route to the internal BGP network along with some routes that simulate an Internet environment.

Example 7-36 configures ISP1 for EBGP and allows a default route to be advertised to the EBGP peer to R1.

Example 7-36 EBGP on ISP1

router bgp 50001

neighbor 171.108.1.2 remote-as 333 neighbor 171.108.1.2 default-originate

Example 7-37 displays the EBGP configuration on ISP2. Remember that both Internet routers, ISP1 and ISP2, are providing default routes to R1 and R2, respectively.

Example 7-37 EBGP on ISP2

router bgp 4000

neighbor 160.100.1.2 remote-as 333 neighbor 160.100.1.2 default-originate

View the BGP tables on R1 and R2 and ensure that the BGP table contains a default route.

Example 7-38 displays R1's BGP table.

Example 7-38 R1's BGP table

R1#show ip bgp

BGP table version is 8, local router ID is 131.108.254.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 171.108.1.1 0 50001 i

* i 160.100.1.1 100 0 4000 i

*> 131.108.1.0/24 0.0.0.0 0 32768 i

* i 131.108.254.2 0 100 0 i

* i131.108.3.0/24 131.108.254.3 0 100 0 i

*>i 131.108.254.3 0 100 0 i

* i131.108.4.0/24 131.108.254.4 0 100 0 i

*>i 131.108.254.4 0 100 0 i

* i131.108.5.0/24 131.108.254.5 0 100 0 i

*>i 131.108.254.5 0 100 0 i R1, because it has a direct connection to the EBGP peer to ISP1, selects ISP1 for default-based traffic.

Example 7-39 displays R2's BGP table.

Example 7-39 R2's BGP table

R2#show ip bgp

BGP table version is 12, local router ID is 131.108.254.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i0.0.0.0 171.108.1.1 100 0 50001 i

*> 160.100.1.1 0 4000 i

* i131.108.1.0/24 131.108.254.1 0 100 0 i

*> 0.0.0.0 0 32768 i

* i131.108.3.0/24 131.108.254.3 0 100 0 i

*>i 131.108.254.3 0 100 0 i

* i131.108.4.0/24 131.108.254.4 0 100 0 i

*>i 131.108.254.4 0 100 0 i

* i131.108.5.0/24 131.108.254.5 0 100 0 i

*>i 131.108.254.5 0 100 0 i

Similarly, because R2 has a direct connection to the EBGP peer to ISP2, R2 selects ISP2 for all default-based traffic. This means that traffic is sent to different ISP routers for any traffic to the Internet. This traffic pattern is undesirable because IP packets might take different paths and not reach the destination in a timely manner, resulting in loss or slow user-data transfer, such as HTTP traffic.

Ideally, a dual-home connection is for redundancy purposes only. Configure R2 to send all default traffic through the connection on R1 to ISP1, unless R1 loses the connection to ISP1.

To accomplish this task, you modify the MED value on R2 to ensure that all default traffic is sent through R1. Lower MED values are preferred, and MED influences only EBGP connections.

Example 7-40 displays the MED configuration on R2. To demonstrate another method, an example using AS_Path manipulation follows.

Example 7-40 MED Modification on R2

R2(config)#router bgp 333

R2(config-router)#neighbor 131.108.254.1 route-map setmedr1 in R2(config-router)#neighbor 160.100.1.1 route-map setmedisp2 in R2(config)#route-map setmedr1

R2(config-route-map)#match ip address 1 R2(config-route-map)#set metric 100 R2(config-route-map)#exit

R2(config)#route-map setmedisp2

R2(config-route-map)#match ip address 1 R2(config-route-map)#set metric 200

After you clear the BGP sessions to R1 and ISP2 on R2, the BGP table on R2 is displayed, as shown in Example 7-41.

Example 7-41 show ip bgp on R2

R2#show ip bgp

BGP table version is 9, local router ID is 131.108.254.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 160.100.1.1 200 0 4000 i

* i 171.108.1.1 100 100 0 50001 i

* i131.108.1.0/24 131.108.254.1 100 100 0 i

*> 0.0.0.0 0 32768 i

*>i131.108.3.0/24 131.108.254.3 0 100 0 i

* i 131.108.254.3 100 100 0 i

*>i131.108.4.0/24 131.108.254.4 0 100 0 i

* i 131.108.254.4 100 100 0 i

* i131.108.5.0/24 131.108.254.5 100 100 0 i

*>i 131.108.254.5 0 100 0 i

As displayed in Example 7-41, the preferred path to the next hop 160.100.1.1, even though the MED is lower, is through ISP2. The MED attribute is compared only for paths from neighbors in the same AS.

R1 (in AS 333) and ISP2 (in AS 4000) are in different autonomous systems, so to enable BGP to compare MED in different autonomous systems, you must enable the bgp always-compare-med command. The bgp always-compare-med command allows the MED values to be compared, and BGP decisions are even though the two routers, R1 and R2, are in different autonomous systems.

Example 7-42 displays the configuration on R2 to allow MED to be compared between R1 and ISP2.

Example 7-42 bgp always-compare-med Command on R2

R2(config)#router bgp 333

R2(config-router)#bgp always-compare-med

After you clear the BGP sessions on R2, the BGP table on R2 displays the preferred default route 0.0.0.0/0 through R1.

Example 7-43 displays the BGP table on R2.

Example 7-43 show ip bgp on R2

R2#show ip bgp

BGP table version is 9, local router ID is 131.108.254.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 0.0.0.0 160.100.1.1 200 0 4000 i

*>i 171.108.1.1 100 100 0 50001 i

* i131.108.1.0/24 131.108.254.1 100 100 0 i

*> 0.0.0.0 0 32768 i

*>i131.108.3.0/24 131.108.254.3 0 100 0 i

* i 131.108.254.3 100 100 0 i

*>i131.108.4.0/24 131.108.254.4 0 100 0 i

* i 131.108.254.4 100 100 0 i

*>i131.108.5.0/24 131.108.254.5 0 100 0 i

* i 131.108.254.5 100 100 0 i

Example 7-43 shows that the new preferred path is through R1 because the MED is lower.

Before removing the configuration comparing MED on R2 and demonstrating how the AS_Path attribute can also be used to accomplish the task, Example 7-44 displays R2's full working configuration.

Example 7-44 R2's Full Working Configuration Using MED

hostname R2

!

enable password cisco

!

ip subnet-zero no ip domain-lookup

!

interface Loopback0

ip address 131.108.254.2 255.255.255.255 no ip directed-broadcast

!

interface Ethernet0/0

ip address 131.108.1.2 255.255.255.0

!

interface Serial1/3

ip address 160.100.1.2 255.255.255.252 clockrate 128000

!

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

!

router bgp 333 no synchronization bgp always-compare-med

network 131.108.1.0 mask 255.255.255.0 neighbor 131.108.254.1 remote-as 333

neighbor 131.108.254.1 update-source Loopback0 neighbor 131.108.254.1 route-map setmedr1 in neighbor 131.108.254.3 remote-as 333

neighbor 131.108.254.3 update-source Loopback0 neighbor 131.108.254.3 route-reflector-client neighbor 131.108.254.4 remote-as 333

neighbor 131.108.254.4 update-source Loopback0 neighbor 131.108.254.4 route-reflector-client neighbor 131.108.254.5 remote-as 333

neighbor 131.108.254.5 update-source Loopback0 neighbor 131.108.254.5 route-reflector-client neighbor 160.100.1.1 remote-as 4000

neighbor 160.100.1.1 route-map setmedisp2 in distance bgp 20 109 109

access-list 1 permit 0.0.0.0

!

route-map setmedr1 permit 10 match ip address 1

set metric 100

!

route-map setmedisp2 permit 10 match ip address 1

set metric 200

!

line con 0 line aux 0 line vty 0 4

! end

In Chapter 6, you learned the BGP routing decisions and one of the decisions are based on shortest AS_Path. Configure R2 to prepend AS_Paths (add AS_Paths) from ISP2 so that R1's connection to ISP1 is the preferred path for default routing.

Example 7-45 AS_Path Manipulation of R2

R2(config)#router bgp 333

R2(config-router)#no neighbor 160.100.1.1 route-map setmedisp2 in R2(config-router)#no neighbor 131.108.254.1 route-map setmedr1 in R2(config-router)#neighbor 160.100.1.1 route-map aspath in

R2(config)#route-map aspath R2(config-route-map)#set ?

as-path Prepend string for a BGP AS-path attribute automatic-tag Automatically compute TAG value

clns OSI summary address

comm-list set BGP community list (for deletion) community BGP community attribute

dampening Set BGP route flap dampening parameters default Set default information

interface Output interface

ip IP specific information level Where to import route

local-preference BGP local preference path attribute

metric Metric value for destination routing protocol metric-type Type of metric for destination routing protocol origin BGP origin code

tag Tag value for destination routing protocol weight BGP weight for routing table

R2(config-route-map)#set as-path ? prepend Prepend to the as-path

tag Set the tag as an AS-path attribute

R2(config-route-map)#set as-path prepend 4000 3999 3998

The? tool in Example 7-45 displays the options for prepending AS_Paths on R2.

Next, configure the AS_Path to 4000 3999 3998 on R2 for all incoming routes from ISP2. Example 7-46 displays the BGP table on R2.

Example 7-46 show ip bgp on R2

R2#show ip bgp

BGP table version is 7, local router ID is 131.108.254.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 0.0.0.0 160.100.1.1 0 4000 3999 3998 4000 i

*>i 171.108.1.1 100 0 50001 i

*> 131.108.1.0/24 0.0.0.0 0 32768 i

* i 131.108.254.1 0 100 0 i

* i131.108.3.0/24 131.108.254.3 0 100 0 i

*>i 131.108.254.3 0 100 0 i

* i131.108.4.0/24 131.108.254.4 0 100 0 i

*>i 131.108.254.4 0 100 0 i

* i131.108.5.0/24 131.108.254.5 0 100 0 i

*>i 131.108.254.5 0 100 0 i R2 now prefers the path through the next hop address 171.108.1.1 (R1's link to ISP1) because the AS_Path is only 50001 (one hop), or a lower hop count away compared to 4000 3999 3998 (three hops).

You have seen two methods used on R2 and discovered how powerful BGP can be in allowing the network administrator to manipulate BGP and achieve any routing path desired.

Some other common configurations completed on routers connected to the Internet include the following:

• Ensuring that only a default route is accepted

• Ensuring that you are not a transit path for any Internet traffic

Next, configure R1 and R2 to accept only a default route and ensure that the service providers, ISP1 and ISP2, do not use the network between R1 and R2 as a transit path.

Example 7-47 displays the configuration on R1 to allow only default routes and displays setting the no-export community to ISP1. You can use a filter list along with a route map to permit a default route.

Example 7-47 R1 Allowing Only Default Routes (Filter List) and Setting Community

R1(config)#router bgp 333

R1(config-router)#neighbor 171.108.1.1 filter

R1(config-router)#neighbor 171.108.1.1 filter-list 1 R1(config-router)#neighbor 171.108.1.1 filter-list 1 in R1(config-router)#neighbor 171.108.1.1 send-community

R1(config-router)#neighbor 171.108.1.1 route-map noexport ? R1(config-router)#neighbor 171.108.1.1 route-map noexport out R1(config)#route-map no-export

R1(config-route-map)#set community no-export R1(config)#access-list 1 permit 0.0.0.0

Example 7-47 displays the configuration on R2 to allow only default routes and setting the no export community to ISP1.

Example 7-48 also shows the use of a well-known community value: no-export. The no-export community attribute advises a BGP router carrying this attribute that the route advertised should not be advertised to any peers outside the AS.

Example 7-48 configures R2 (because R2 is also connected to an ISP router) using a route map to set the community and allowing only a default route using a filter list on inbound updates. In the next scenario, you use prefix lists to accomplish the same task.

Example 7-48 R2 Allowing Only Default Routes (Filter List) and Setting Community

R2(config)#router bgp 333

R2(config-router)#neighbor 160.100.1.1 route-map setcommuntiy out R2(config-router)#neighbor 160.100.1.1 send-community

R2(config-router)#neighbor 160.100.1.1 filter-list 1 in R2(config)#access 1 permit 0.0.0.0

R2(config)#route-map setcommuntiy

R2(config-route-map)#set community no-export

Before looking at how to use prefix lists to achieve complex routing filters, view the full working configurations of the four main routers in this scenario.

Example 7-49 displays ISP1's full working configuration.

Example 7-49 ISP1's Full Working Configuration

hostname ISP1

!

enable password cisco

!

ip subnet-zero

!

interface Serial0

ip address 171.108.1.1 255.255.255.252 interface Serial1

shutdown

!

router bgp 50001

neighbor 171.108.1.2 remote-as 333 neighbor 171.108.1.2 default-originate

!

line con 0 line aux 0 line vty 0 4

! end

Example 7-50 displays ISP2's full working configuration.

Example 7-50 ISP2's Full Working Configuration

hostname ISP2

!

enable password cisco

!

ip subnet-zero no ip domain-lookup

!

interface Serial0

ip address 160.100.1.1 255.255.255.252

!

interface Serial1 shutdown

!

router bgp 4000

neighbor 160.100.1.2 remote-as 333 neighbor 160.100.1.2 default-originate line con 0

line aux 0 line vty 0 4

! end

Example 7-51 displays R1's full working configuration.

Example 7-51 R1's Full Working Configuration

hostname R1

!

enable password cisco

!

ip subnet-zero no ip domain-lookup

!

interface Loopback0

ip address 131.108.254.1 255.255.255.255 no ip directed-broadcast

!

interface Ethernet0/0

ip address 131.108.1.1 255.255.255.0 no ip directed-broadcast

!

interface Serial1/0

ip address 131.108.255.5 255.255.255.252 clockrate 128000

!

interface Serial1/1

ip address 131.108.255.1 255.255.255.252

!

interface Serial1/2

ip address 131.108.255.9 255.255.255.252 clockrate 128000

!

interface Serial1/3

ip address 171.108.1.2 255.255.255.252 clockrate 128000

!

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

!

router bgp 333 no synchronization

network 131.108.1.0 mask 255.255.255.0 neighbor 131.108.254.2 remote-as 333

neighbor 131.108.254.2 update-source Loopback0 neighbor 131.108.254.3 remote-as 333

neighbor 131.108.254.3 update-source Loopback0 neighbor 131.108.254.3 route-reflector-client neighbor 131.108.254.4 remote-as 333

neighbor 131.108.254.4 update-source Loopback0 neighbor 131.108.254.4 route-reflector-client neighbor 131.108.254.5 remote-as 333

neighbor 131.108.254.5 update-source Loopback0 neighbor 131.108.254.5 route-reflector-client neighbor 171.108.1.1 remote-as 50001

neighbor 171.108.1.1 send-community

neighbor 171.108.1.1 route-map noexport out neighbor 171.108.1.1 filter-list 1 in

distance bgp 20 109 109

!

route-map noexport permit 10 set community no-export

!

line con 0 line aux 0 line vty 0 4 end

Example 7-52 displays R2's full working configuration.

Example 7-52 R2's Full Working Configuration

hostname R2

!

enable password cisco

!

ip subnet-zero no ip domain-lookup interface Loopback0

ip address 131.108.254.2 255.255.255.255 no ip directed-broadcast

!

interface Ethernet0/0

ip address 131.108.1.2 255.255.255.0

!

interface Serial1/3

ip address 160.100.1.2 255.255.255.252 clockrate 128000

!

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

!

router bgp 333 no synchronization bgp always-compare-med

network 131.108.1.0 mask 255.255.255.0 neighbor 131.108.254.1 remote-as 333

neighbor 131.108.254.1 update-source Loopback0 neighbor 131.108.254.3 remote-as 333

neighbor 131.108.254.3 update-source Loopback0 neighbor 131.108.254.3 route-reflector-client neighbor 131.108.254.4 remote-as 333

neighbor 131.108.254.4 update-source Loopback0 neighbor 131.108.254.4 route-reflector-client neighbor 131.108.254.5 remote-as 333

neighbor 131.108.254.5 update-source Loopback0 neighbor 131.108.254.5 route-reflector-client neighbor 160.100.1.1 remote-as 4000

neighbor 160.100.1.1 send-community neighbor 160.100.1.1 route-map aspath in

neighbor 160.100.1.1 route-map setcommuntiy out neighbor 160.100.1.1 filter-list 1 in

distance bgp 20 109 109

!

access-list 1 permit 0.0.0.0 route-map setcommunity permit 10

set community no-export

!

route-map setcommuntiy permit 10 set community no-export

!

route-map aspath permit 10

set as-path prepend 4000 3999 3998

!

route-map setmedr1 permit 10 match ip address 1

set metric 100

!

route-map setmedisp2 permit 10 match ip address 1

set metric 200

!

line con 0 line aux 0 line vty 0 4

! end

Một phần của tài liệu CCNP practical studies routing (Trang 320 - 330)

Tải bản đầy đủ (PDF)

(498 trang)