BGP deals with large BGP peers by using many different scalable solutions, such as the community attribute and peer groups. In this scenario, you discover how BGP uses the community attribute along with a peer group to ensure that IBGP is scalable in a la rge network environment. A community is a group of routers sharing the same property. A peer group is a group of BGP neighbors sharing the same update
policies.
In this scenario, you configure a well-known BGP community and discover the advantages of peer groups.
NOTE
The community attribute is a number defined in the range 1 to 4,294,967,200. The IOS set community community-number [additive] command is used to define a value. Some well-known community attributes, such as no-export (do not advertise to EBGP peers) and no-advertise (do not advertise this route to any peer), can substitute for community-number.
The no export community attribute advises a BGP router carrying this attribute that the route advertised should not be advertised to any peers outside the AS.
The no advertise community attribute advises a BGP router carrying this attribute that the route advertised should not be advertised to any peers.
To apply the community attribute to a remote BGP neighbor, use the neighbor command:
neighbor {ip address | peer group} send-community
Figure 6-5 displays a simple four-router topology, including an Internet connection on R1 and R2. R1 peers to an EBGP peer with the IP address 141.199.1.1 (Remote AS 1001), and R2 peers to an EBGP peer with the IP address 151.100.1.1 (Remote AS 1002). Typically, large companies have more than one Internet connection, so to ensure that R1 and R2 are not the transit paths for any ISP-based traffic, you set the community attribute (well-known) no-export on R1 and R2.
Figure 6-5. IBGP
Example 6-61 displays the community attribute setting on R1.
Example 6-61 BGP Configuration on R1
R1(config)#router bgp 1
R1(config-router)#neighbor 141.199.1.1 remote-as 1001 R1(config-router)#neighbor 141.199.1.1 send-community
R1(config-router)#neighbor 141.199.1.1 route-map setcommunity ? in Apply map to incoming routes
out Apply map to outbound routes
R1(config-router)#neighbor 141.199.1.1 route-map setcommunity out R1 is configured for EBGP and IBGP. The EBGP connection to the remote peer address, 141.199.1.1, is the Internet gateway. Therefore, you must send the 6community to the remote peer and apply an outbound route map, so the Internet routers do not use R1 as a transit path. You have yet to apply the route map named setcommunity (arbitrary name). Example 6-62 displays the route map configuration on R1. Apply the well-known community no-export, which informs the neighboring router not to use R1 for any traffic not destined for the network 131.108.0.0/16.
Example 6-62 Route Map Configuration on R1
R1(config)#route-map setcommunity R1(config-route-map)#set community ? <1-4294967295> community number
aa:nn community number in aa:nn format additive Add to the existing community
local-AS Do not send outside local AS (well-known community) no-advertise Do not advertise to any peer (well-known community) no-export Do not export to next AS (well-known community) none No community attribute
<cr>
R1(config-route-map)#set community no-export
Notice that the ? tool displays all the community variations, including a community number and the two other well-known community values: local-AS and no-
advertise.
You must ensure that the ISP connected to R2 does not use R2 as a transit path.
Example 6-63 configures R2 to ensure that the ISP is not using the network of Routers R1 –R4 as a transit path.
Example 6-63 Community Configuration on R2
R2(config)#router bgp 1
R2(config-router)#neighbor 151.100.1.1 remote-as 1002 R2(config-router)#neighbor 151.100.1.1 remote-as 1002 R2(config-router)#neighbor 151.100.1.1 se
R2(config-router)#neighbor 151.100.1.1 send-community
R2(config-router)#neighbor 151.100.1.1 route-map setcommunity out R2(config-router)#exit
R2(config)#route-map setcommunity
R2(config-route-map)#set community no-export
The route map name is the same as the name used on R1 because route map names are locally significant on Cisco routers.
Next, configure the four routers, R1–R4, for IBGP, and set the same policies on all four routers. Assume the network designer has asked you to ensure that R1 does not receive any default routes from R2, R3, or R4. Also set the next-hop-self attribute on all IBGP peer sessions. Ensure that R1 sets the community to the value 2000.
For a small network such as this, the configuration on R1 can grow quite large. Take advantage of peer groups and configure one policy, and apply that policy on R1 to all three remote routers (R2, R3, and R4).
First, to demonstrate the power of peer groups, configure IBGP on R1.
Example 6-64 configures R1 for IBGP to R2 only, sets the next-hop-self attribute (no defaults routes permitted), sends the community value of 2000, and sets the weight to 1000.
Example 6-64 R1's IBGP Configuration to R2
R1(config-router)#neighbor 131.108.1.2 route-map setattributes in R1(config-router)#neighbor 131.108.1.2 next-hop-self
R1(config-router)#neighbor 131.108.1.2 distribute-list 1 in R1(config-router)#neighbor 131.108.1.2 send-community
R1(config-router)#neighbor 131.108.1.2 weight 1000 R1(config)#route-map setattributes
R1(config-route-map)#set community 2000 R1(config)#access-list 1 deny 0.0.0.0
To configure R1 to set the same attributes and conditions to R3 and R4, you need to complete the same set of IOS commands (seven IOS commands in total) and have different route maps and access lists. Clearly with a large network, this is not scalable.
To create a BGP peer group, use the neighbor peer-group command, beginning in router configuration mode. Example 6-65 creates a peer group on R1 named
internal; again, the name is an arbitrary name.
Example 6-65 Peer Group Command on R1
R1(config)#router bgp 1
R1(config-router)#neighbor internal peer-group
You must then assign the options, such as the weight and community value, to the peer groups. Example 6-66 displays all the available options you can assign to a peer group.
Example 6-66 Peer Groups Options
R1(config-router)#neighbor internal ?
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending EBGP routing updates
default-originate Originate default route to this neighbor description Neighbor specific description
distribute-list Filter updates to/from this neighbor ebgp-multihop Allow EBGP neighbors not on directly connected
networks
filter-list Establish BGP filters
maximum-prefix Maximum number of prefix accept from this peer
next-hop-self Disable the next hop calculation for this neighbor
password Set a password
peer-group Configure peer-group
prefix-list Filter updates to/from this neighbor remote-as Specify a BGP neighbor
remove-private-AS Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor shutdown Administratively shut down this neighbor soft-reconfiguration Per neighbor soft reconfiguration
timers BGP per neighbor timers
unsuppress-map Route-map to selectively unsuppress suppressed routes
The shaded sections in Example 6-66 contain the options you set. Example 6-67 displays the setting of a distribution list to stop a default route from being accepted on R1, advertising the next-hop-self attribute, setting the remote AS number to 1
(same on all IBGP peers), and ensuring that community 2000 is sent to R2, R3, and R4.
Example 6-67 Peer Group Definitions
R1(config-router)#neighbor internal distribute-list 1 in R1(config-router)#neighbor internal next-hop-self
R1(config-router)#neighbor internal remote-as 1
R1(config-router)#neighbor internal route-map setattributes in
Finally, apply these settings to all the remote peers. Example 6-68 shows how to make R2, R3, and R4 members of the peer group called internal.
Example 6-68 Making R2, R3, and R4 Members of the Peer Group Internal
router bgp 1
neighbor 131.108.1.2 peer-group internal neighbor 131.108.255.6 peer-group internal neighbor 131.108.255.14 peer-group internal
R1 has defined three remote IBGP peers with one statement that sets all the parameters defined by the peer group internal. You can configure BGP peers to override configuration options if required. The beauty of using peer groups is that you can add more BGP peers by using only one command. This scales much better than configuring a multitude of IOS commands on several routers. Chapter 7
describes two other main methods used in BGP networks to scale in large networks, namely route reflectors (you might notice this network is fully meshed, that is, every BGP routers has a peer to each other) and confederations.
Example 6-69 displays the full working configuration on R1. Take note of the shaded sections that configure R1 to set local-based policies to all three IBGP peers. Peer groups can also be applied to EBGP peers and are commonly used in large ISP networks in which many thousands of customers might have Internet connections.
Example 6-69 R1's Full Working Configuration
hostname R1
!
enable password cisco
!
interface Ethernet0/0
ip address 131.108.1.1 255.255.255.0
!
interface Serial1/0
ip address 131.108.255.5 255.255.255.252 clockrate 128000
!
interface Serial1/1
Description Link to Internet
ip address 141.199.2.1 255.255.255.252
!
interface Serial1/2
ip address 131.108.255.13 255.255.255.252 no ip directed-broadcast
!
router bgp 1
no synchronization
network 131.108.255.4 mask 255.255.255.252 network 131.108.255.12 mask 255.255.255.252 neighbor internal peer-group
neighbor internal remote-as 1
neighbor internal distribute-list 1 in
neighbor internal route-map setattributes in neighbor 131.108.1.2 peer-group internal neighbor 131.108.255.6 peer-group internal neighbor 131.108.255.14 peer-group internal neighbor 141.199.1.1 remote-as 1001
neighbor 141.199.1.1 send-community
neighbor 141.199.1.1 route-map setcommunity out access-list 1 deny 0.0.0.0
access-list 1 permit any
route-map setcommuntiy permit 10 set community no-export
!
route-map setattributes permit 10 match ip address 2
set weight 1000 set community 1000 line con 0
line aux 0 line vty 0 4 end
Example 6-70 displays the full working configuration on R2. Notice R2 is not configured for peer groups.
Example 6-70 R2's Full Working Configuration
hostname R2
!
enable password cisco
!
interface Ethernet0/0
ip address 131.108.1.2 255.255.255.0 interface Serial1/0
bandwidth 128
ip address 131.108.255.1 255.255.255.252 no ip directed-broadcast
no ip mroute-cache
!
interface Serial1/1
Description Link to Internet
ip address 151.100.2.1 255.255.255.252
!
interface Serial1/2
ip address 131.108.255.9 255.255.255.252 clockrate 128000
!
router bgp 1
no synchronization
network 131.108.255.0 mask 255.255.255.252 network 131.108.255.8 mask 255.255.255.252 neighbor 131.108.1.1 remote-as 1
neighbor 131.108.255.2 remote-as 1 neighbor 131.108.255.10 remote-as 1 neighbor 151.100.1.1 remote-as 1002 neighbor 151.100.1.1 send-community
neighbor 151.100.1.1 route-map setcommunity out
!
route-map setcommunity permit 10 set community no-export
!
line con 0 line aux 0 line vty 0 4
! end
Example 6-71 displays the full working configuration on R3. Notice R3 is not configured for peer groups.
Example 6-71 R3's Full Working Configuration
hostname R3
!
enable password cisco
!
interface Ethernet0
ip address 141.108.1.1 255.255.255.0
!
interface Serial0
ip address 131.108.255.6 255.255.255.252
!
interface Serial1
ip address 131.108.255.10 255.255.255.252
!
router bgp 1
no synchronization
network 141.108.1.0 mask 255.255.255.0 network 131.108.255.4 mask 255.255.255.252 network 131.108.255.8 mask 255.255.255.252 neighbor 131.108.255.5 remote-as 1
neighbor 131.108.255.9 remote-as 1
!
no ip classless
route-map setweight permit 10 match ip address 1
set weight 1
!
route-map setweight permit 20 match ip address 2
!
line con 0 line aux 0 line vty 0 4 end
Example 6-72 displays the full working configuration on R4. Notice R4 is not configured for peer groups.
Example 6-72 R4's Full Working Configuration
hostname R4
!
enable password cisco
!
interface Ethernet0
ip address 151.108.1.1 255.255.255.0
!
interface Serial0
ip address 131.108.255.2 255.255.255.252 clockrate 125000
!
interface Serial1
ip address 131.108.255.14 255.255.255.252 clockrate 125000
!
interface Serial3
ip address 131.108.255.10 255.255.255.252 clockrate 125000
!
router bgp 1
no synchronization
network 131.108.255.0 mask 255.255.255.252 network 131.108.255.12 mask 255.255.255.252 network 151.108.1.0 mask 255.255.255.0 neighbor 131.108.255.1 remote-as 1 neighbor 131.108.255.13 remote-as 1
!
line con 0 line aux 0 line vty 0 4 end