NetworkTalk & BGP

B.5) summary: BGP setup of  ISP-A’s router RT-A. 

router bgp 1000
bgp log-neighbor-changes

//Ibgp session with RT-B
neighbor ibgp_client peer-group
neighbor ibgp_client remote-as 1000
neighbor ibgp_client description “Peering with iBGP Core Routers”
neighbor ibgp_client password 7 “…”
neighbor ibgp_client update-source Loopback1
neighbor ibgp_client version 4
neighbor 11.11.226.27 peer-group ibgp_client
neighbor 11.11.226.27 activate

//Ebgp session with Customer ZONE_C
neighbor 11.11.225.2 remote-as 2000
neighbor 11.11.225.2 description Customer-C-Ebgp-Session
neighbor 11.11.225.2 version 4

//Ebgp session with ISP-D-Link1
neighbor 40.40.40.1 remote-as 500
neighbor 40.40.40.1 description ISP-D-Link1-Ebgp-Session
neighbor 40.40.40.1 version 4

//Ebgp session with ISP-D-Link2
neighbor 40.40.40.5 remote-as 500
neighbor 40.40.40.5 description ISP-D-Link2-Ebgp-Session
neighbor 40.40.40.5 version 4
!
address-family ipv4
no synchronization

//advertisement of aggregated ip blocks, if RT-B is down, /20 and /19 networks are still advertised (pointed to Null0)
network 11.11.224.0 mask 255.255.224.0
network 10.10.192.0 mask 255.255.240.0

//advertisement of /24 ip blocks(Zone D_E)
network 11.11.229.0 mask 255.255.255.0
network 10.10.205.0 mask 255.255.255.0
network 10.10.206.0 mask 255.255.255.0
network 10.10.207.0 mask 255.255.255.0

//Ibgp setup with RT-B
neighbor ibgp_client send-community both
neighbor ibgp_client next-hop-self
neighbor ibgp_client route-map IBGP-Neighbor-IN in
neighbor ibgp_client route-map IBGP-Neighbor-OUT out

//Ebgp route-map with Customer-C, send only default-route, limit prefix entries advertised by customer
neighbor 11.11.225.2 activate
neighbor 11.11.225.2 send-community
neighbor 11.11.225.2 default-originate
neighbor 11.11.225.2 prefix-list DEFAULT out
neighbor 11.11.225.2 route-map AS-2000-INCOMING in

//Ebgp setup with ISP-D-Link1: receive BGP table (default localpref value set to 100) and advertises different Zones prefixes with different communities attributes.
neighbor 40.40.40.1 activate
neighbor 40.40.40.1 send-community both
neighbor 40.40.40.1 route-map AS-500-Link1-INCOMING in
neighbor 40.40.40.1 route-map AS-500-Link1-OUTGOING out

//Ebgp setup with ISP-D-Link : receive BGP table(will tag with LocalPref 90 later), advertises only ZONE_C
neighbor 40.40.40.5 activate
neighbor 40.40.40.5 send-community both
neighbor 40.40.40.5 route-map AS-500-Link2-INCOMING in
neighbor 40.40.40.5 route-map AS-500-Link2-OUTGOING out
no auto-summary
exit-address-family
!
//AS path access list for ISP-D, Customer-C and ISP-A as-number
ip as-path access-list 1 permit ^500_
ip as-path access-list 2 permit ^$
ip as-path access-list 3 permit ^2000_

//Aggregation routes if RT-B is down, IP blocks are still advertised
ip route 11.11.224.0 255.255.224.0 Null0 name IPBlock2-Redundancy-Aggregation
ip route 10.10.192.0 255.255.240.0 Null0 name IPBlock1-Redundancy-Aggregation

//ZONE_G and ZONE_B static routes, if RT-B is down
ip route 11.11.224.0 255.255.255.0 11.11.224.3 name DMZ-to-FW

ip route 11.11.230.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.231.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.232.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.233.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.234.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.235.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.236.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.237.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.238.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 11.11.239.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate

ip route 11.11.240.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.241.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.242.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.243.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.244.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.245.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.246.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.247.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.248.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.249.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.250.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.251.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.252.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.253.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.254.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate
ip route 11.11.255.0 255.255.255.0 11.11.226.241 name Customer-B-redundant-aggregate

ip route 10.10.192.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.193.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.194.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.195.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.196.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.197.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.198.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.199.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.200.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.201.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.202.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.203.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate
ip route 10.10.204.0 255.255.255.0 11.11.224.3 name Customer-G-redundant-aggregate

//Static routes for ZONE_D_E
ip route 11.11.229.0 255.255.255.0 11.11.230.250 name Customer-D-E-GW1
ip route 10.10.205.0 255.255.255.0 11.11.230.242 name Customer-D-E-GW2
ip route 10.10.206.0 255.255.255.0 11.11.230.246 name Customer-D-E-GW3
ip route 10.10.207.0 255.255.255.0 11.11.230.254 name Customer-D-E-GW4
!

//Send default-routes to customer of ZONE_C
ip prefix-list DEFAULT seq 10 permit 0.0.0.0/0
!

//Routes-rpefixes accepted from Customer of ZONE_C
ip prefix-list Zone-C-Network seq 10 permit 50.50.64.0/18
ip prefix-list Zone-C-Network seq 20 permit 50.50.64.0/24
ip prefix-list Zone-C-Network seq 30 permit 50.50.73.0/24
ip prefix-list Zone-C-Network seq 40 permit 50.50.74.0/24
ip prefix-list Zone-C-Network seq 50 permit 50.50.75.0/24
ip prefix-list Zone-C-Network seq 60 permit 50.50.76.0/24
ip prefix-list Zone-C-Network seq 70 permit 50.50.77.0/24
ip prefix-list Zone-C-Network seq 80 permit 50.50.78.0/24
ip prefix-list Zone-C-Network seq 90 permit 50.50.79.0/24
ip prefix-list Zone-C-Network seq 100 permit 50.50.89.0/24
ip prefix-list Zone-C-Network seq 110 permit 50.50.116.0/22
ip prefix-list Zone-C-Network seq 120 permit 50.50.120.0/22
ip prefix-list Zone-C-Network seq 130 permit 50.50.124.0/22
ip prefix-list Zone-C-Network seq 140 permit 50.50.96.0/24
ip prefix-list Zone-C-Network seq 150 permit 50.50.96.0/19
ip prefix-list Zone-C-Network seq 160 permit 50.50.72.0/22
!

//Zone_B prefix list which will be advertised to ISP-D-Link1 with community 500:70
ip prefix-list ZONE_B seq 120 permit 11.11.240.0/24
ip prefix-list ZONE_B seq 130 permit 11.11.241.0/24
ip prefix-list ZONE_B seq 140 permit 11.11.242.0/24
ip prefix-list ZONE_B seq 150 permit 11.11.243.0/24
ip prefix-list ZONE_B seq 160 permit 11.11.244.0/24
ip prefix-list ZONE_B seq 170 permit 11.11.245.0/24
ip prefix-list ZONE_B seq 180 permit 11.11.246.0/24
ip prefix-list ZONE_B seq 190 permit 11.11.247.0/24
ip prefix-list ZONE_B seq 200 permit 11.11.248.0/24
ip prefix-list ZONE_B seq 210 permit 11.11.249.0/24
ip prefix-list ZONE_B seq 220 permit 11.11.250.0/24
ip prefix-list ZONE_B seq 230 permit 11.11.251.0/24
ip prefix-list ZONE_B seq 240 permit 11.11.252.0/24
ip prefix-list ZONE_B seq 250 permit 11.11.253.0/24
ip prefix-list ZONE_B seq 260 permit 11.11.254.0/24
ip prefix-list ZONE_B seq 270 permit 11.11.255.0/24
!

//Zone_D_E prefix list which will be announced to ISP-D-Link1 with community 500:100
ip prefix-list ZONE_D_E seq 30 permit 10.10.205.0/24
ip prefix-list ZONE_D_E seq 40 permit 10.10.206.0/24
ip prefix-list ZONE_D_E seq 50 permit 10.10.207.0/24
ip prefix-list ZONE_D_E seq 60 permit 11.11.229.0/24
!

//Zone_G prefix list which will be advertised to ISP-D-Link1 with community 500:80
ip prefix-list ZONE_G seq 60 permit 11.11.232.0/24
ip prefix-list ZONE_G seq 70 permit 11.11.233.0/24
ip prefix-list ZONE_G seq 80 permit 11.11.234.0/24
ip prefix-list ZONE_G seq 90 permit 11.11.235.0/24
ip prefix-list ZONE_G seq 100 permit 11.11.236.0/24
ip prefix-list ZONE_G seq 110 permit 11.11.237.0/24
ip prefix-list ZONE_G seq 120 permit 11.11.238.0/24
ip prefix-list ZONE_G seq 130 permit 11.11.239.0/24

ip prefix-list ZONE_G seq 200 permit 10.10.192.0/24
ip prefix-list ZONE_G seq 210 permit 10.10.193.0/24
ip prefix-list ZONE_G seq 220 permit 10.10.194.0/24
ip prefix-list ZONE_G seq 230 permit 10.10.195.0/24
ip prefix-list ZONE_G seq 240 permit 10.10.196.0/24
ip prefix-list ZONE_G seq 250 permit 10.10.197.0/24
ip prefix-list ZONE_G seq 260 permit 10.10.198.0/24
ip prefix-list ZONE_G seq 270 permit 10.10.199.0/24
ip prefix-list ZONE_G seq 280 permit 10.10.200.0/24
ip prefix-list ZONE_G seq 290 permit 10.10.201.0/24
ip prefix-list ZONE_G seq 300 permit 10.10.202.0/24
ip prefix-list ZONE_G seq 310 permit 10.10.203.0/24
ip prefix-list ZONE_G seq 320 permit 10.10.204.0/24
!

//Route-map to receive full routing table from ISP-D-Link1 (localpref 100)
route-map AS-500-Link1-INCOMING permit 10
match as-path 1
!

//Route-map to advertise ZONE_C on ISP-D-Link1 as 2nd ingress backup link
route-map AS-500-Link1-OUTGOING permit 10
match as-path 3
set community 500:90
!

//Route-map to advertise ZONE_D_E on ISP-D-Link1 as 1st ingress link
route-map AS-500-Link1-OUTGOING permit 20
match ip address prefix-list ZONE_D_E
!

//Route-map to advertise ZONE_G on ISP-D-Link1 as 2nd backup ingress link
route-map AS-500-Link1-OUTGOING permit 30
match ip address prefix-list ZONE_G
set community 500:80
!

//Route-map to advertise ZONE_B and other networks from ISP-A (aggregated block, etc.) on ISP-D-Link1 as last backup ingress link
route-map AS-500- Link1-OUTGOING permit 40
match as-path 2
set community 500:70
!

//Route-map to receive only these networks from Customer of ZONE_C
route-map AS-2000-INCOMING permit 10
match ip address prefix-list Zone-C-Network
!
//Route-map to tag bgp table from RT-B with localpref 90
route-map IBGP-Neighbor-IN permit 10
set local-preference 90
!
//Route-map to send FIB (including prefixes of, ZONE_D_E and ZONE_C) to RT-B
route-map IBGP-Neighbor-OUT permit 20
!

//Route-map to receive full routing table from ISP-D-link2 and tag 90
route-map AS-500-Link2-INCOMING permit 10
match as-path 1
set local-preference 90
!

//Route-map to advertise ZONE_C on ISP-D-link2 as 1st ingress link, we do not advertise other zones at all
route-map AS-500-Link2-OUTGOING permit 10
match as-path 3

//Ip access-list and Route-map to force upload/outbound traffic of Zone_C to leave through Ebgp speaker ISP-D-link2
ip access-list extended ZONE-C-UPLOAD
permit ip 50.50.64.0 0.0.63.255 any

route-map ZONE_C_UPLOAD permit 10
match ip address ZONE-C-UPLOAD
set ip next-hop recursive 40.40.40.5

interface POS1/1/0
description “STM16-ISP-D-Link2 AS500”
ip address 40.40.40.6 255.255.255.252

!
interface POS1/1/1
description “Customer-ZONE-C_C AS2000”
ip address 11.11.225.1 255.255.255.252
ip policy route-map ZONE_C_UPLOAD

top

Come back to Tutorial Index”