AS1234 is using OSPF as IGP to peer IBGP neighbors only. No other users subnets are advertised into IGP.
BGP policy mandates the smallest prefix announce to internet is /23 and the prefixes should be as less numbers as possible.
R3 and R4 are the routes generation routers.
For the redundancy purpose, R3 and R4 are generating supernets 203.81.0.0/22 into BGP.
So supernet generation is done on R3 first and then on R4.
R1 Config
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.13.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.15.1 255.255.255.0
!
interface FastEthernet1/0
ip address 192.168.12.1 255.255.255.0
!
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 192.168.12.1 0.0.0.0 area 0
network 192.168.13.1 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
neighbor ibgp peer-group
neighbor ibgp remote-as 1234
neighbor ibgp update-source Loopback0
neighbor ibgp next-hop-self
neighbor 2.2.2.2 peer-group ibgp
neighbor 3.3.3.3 peer-group ibgp
neighbor 4.4.4.4 peer-group ibgp
neighbor 192.168.15.5 remote-as 5
no auto-summary
R2 Config
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.24.2 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.26.2 255.255.255.0
!
interface FastEthernet1/0
ip address 192.168.12.2 255.255.255.0
!
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 192.168.12.2 0.0.0.0 area 0
network 192.168.24.2 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
neighbor ibgp peer-group
neighbor ibgp remote-as 1234
neighbor ibgp update-source Loopback0
neighbor ibgp next-hop-self
neighbor 1.1.1.1 peer-group ibgp
neighbor 3.3.3.3 peer-group ibgp
neighbor 4.4.4.4 peer-group ibgp
neighbor 192.168.26.6 remote-as 6
no auto-summary
R3 Config
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 203.81.1.3 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.13.3 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.34.3 255.255.255.0
!
router ospf 1
network 3.3.3.3 0.0.0.0 area 0
network 192.168.13.3 0.0.0.0 area 0
network 192.168.34.3 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
redistribute static route-map redistribute-supernet
neighbor ibgp peer-group
neighbor ibgp remote-as 1234
neighbor ibgp update-source Loopback0
neighbor ibgp next-hop-self
neighbor 1.1.1.1 peer-group ibgp
neighbor 2.2.2.2 peer-group ibgp
neighbor 4.4.4.4 peer-group ibgp
no auto-summary
!
ip prefix-list supernet seq 5 permit 203.81.0.0/22
!
route-map redistribute-supernet permit 10
match ip address prefix-list supernet
R4 Config
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
ip address 203.81.2.4 255.255.254.0
!
interface FastEthernet0/0
ip address 192.168.24.4 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.34.4 255.255.255.0
!
router ospf 1
network 4.4.4.4 0.0.0.0 area 0
network 192.168.24.4 0.0.0.0 area 0
network 192.168.34.4 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
redistribute connected route-map redistribute-user
redistribute static route-map redistribute-supernet
neighbor ibgp peer-group
neighbor ibgp remote-as 1234
neighbor ibgp update-source Loopback0
neighbor ibgp next-hop-self
neighbor 1.1.1.1 peer-group ibgp
neighbor 2.2.2.2 peer-group ibgp
neighbor 3.3.3.3 peer-group ibgp
no auto-summary
!
ip route 203.81.0.0 255.255.252.0 Null0 254
!
ip prefix-list supernet seq 5 permit 203.81.0.0/22
!
ip prefix-list user seq 5 permit 203.81.2.0/23
!
route-map redistribute-supernet permit 10
match ip address prefix-list supernet
!
route-map redistribute-user permit 10
match ip address prefix-list user
R5 Config
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.15.5 255.255.255.0
!
router bgp 5
no synchronization
bgp log-neighbor-changes
network 5.5.5.0 mask 255.255.255.0
neighbor 192.168.15.1 remote-as 1234
no auto-summary
R6 Config
interface Loopback0
ip address 6.6.6.6 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.26.6 255.255.255.0
!
router bgp 6
no synchronization
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 192.168.26.2 remote-as 1234
no auto-summary
Verification
R5#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.0/24 0.0.0.0 0 32768 i
*> 6.6.6.0/24 192.168.15.1 0 1234 6 i
*> 203.81.0.0/22 192.168.15.1 0 1234 ?
*> 203.81.2.0/23 192.168.15.1 0 1234 ?
R3#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i5.5.5.0/24 1.1.1.1 0 100 0 5 i
*>i6.6.6.0/24 2.2.2.2 0 100 0 6 i
*> 203.81.0.0/22 0.0.0.0 0 32768 ?
*>i203.81.2.0/23 4.4.4.4 0 100 0 ?
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i5.5.5.0/24 1.1.1.1 0 100 0 5 i
*>i6.6.6.0/24 2.2.2.2 0 100 0 6 i
*>i203.81.0.0/22 3.3.3.3 0 100 0 ?
*> 203.81.2.0/23 0.0.0.0 0 32768 ?
-Note that 203.81.0.0/22 is originated from R3 and R4 doesn't have a chance to originate its own supernet using the Null 0 static route as a placeholder. Because IBGP administrative distance 200 versus null static AD 254.
What if R3(HANTHARWADDY) fiber links connecting to R1 and R4(HLAING) is failed for 30 seconds and then comes back online.
For the labbing purpose, I shut and unshut the fa0/0 and fa0/1 on R3.
R1#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.0/24 192.168.15.5 0 0 5 i
*>i6.6.6.0/24 2.2.2.2 0 100 0 6 i
* i203.81.0.0/22 4.4.4.4 0 100 0 ?
*>i 3.3.3.3 0 100 0 ?
*>i203.81.2.0/23 4.4.4.4 0 100 0 ?
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i5.5.5.0/24 1.1.1.1 0 100 0 5 i
*> 6.6.6.0/24 192.168.26.6 0 0 6 i
*>i203.81.0.0/22 4.4.4.4 0 100 0 ?
* i 3.3.3.3 0 100 0 ?
*>i203.81.2.0/23 4.4.4.4 0 100 0 ?
-Now R3 and R4 are generating the supernet at the same time.
From R1 and R2 perspective, they are now receiving 203.81.0.0/22 from both R3 and R4.
Each preferring from the nearest neighbor, R1 prefer from R3 and R2 prefer from R4.
As a result, when the packets source from 203.81.1.0/24 destined to R6, the packets drop at R4 on its way back.
Forward path R3>R1>R2>R6 is sucessful
Return path R6>R2>R4(drop here) and is unsucessful due to R4 doesn't have 203.81.1/0/24 info and dropping to Null interface.
R4#show ip route
O 192.168.12.0/24 [110/11] via 192.168.24.2, 00:11:03, FastEthernet0/0
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/12] via 192.168.24.2, 00:11:03, FastEthernet0/0
O 192.168.13.0/24 [110/20] via 192.168.34.3, 00:11:03, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 192.168.24.2, 00:11:03, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 192.168.34.3, 00:11:03, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
C 192.168.24.0/24 is directly connected, FastEthernet0/0
5.0.0.0/24 is subnetted, 1 subnets
B 5.5.5.0 [200/0] via 1.1.1.1, 00:23:47
6.0.0.0/24 is subnetted, 1 subnets
B 6.6.6.0 [200/0] via 2.2.2.2, 00:23:24
C 192.168.34.0/24 is directly connected, FastEthernet0/1
C 203.81.2.0/23 is directly connected, Loopback1
S 203.81.0.0/22 is directly connected, Null0
R3#ping 5.5.5.5 source loo 1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/48 ms
R3#ping 6.6.6.6 sou
R3#ping 6.6.6.6 source loo 1
.....
Success rate is 0 percent (0/5)
Sweet!!! Imagine in the real network, what if DNS servers are sitting on the segment 203.81.1.0/24.
The reason which makes more painful to troubleshoot this kind of scenario is 203.81.1.0/24 doesn't loose connectivity the whole internet.
No comments:
Post a Comment