Physical topology
Layer 3 topology
BGP topology
The objective of this lab is to manipulate the traffic path of R5 going to and from R6 and R7.
If the packet from R5 going to R6, it should go through R5>R4>R1>R6, R6>R1>R4>R5.
If the destination is to R7, R5 could take either R3 or R4, but for the return path, it should take the path R7>R2>R3>R5.
R1 Config
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 1.1.1.11 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.134.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.16.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map connected
network 1.1.1.1 0.0.0.0 area 0
network 192.168.134.1 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
network 1.1.1.11 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 1234
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 route-map lower-lp in
neighbor 4.4.4.4 remote-as 1234
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 route-map domestic out
neighbor 192.168.16.6 remote-as 6
no auto-summary
!
ip bgp-community new-format
ip community-list standard 1234:5 permit 1234:5
ip as-path access-list 1 deny ^$
ip as-path access-list 1 permit .*
ip as-path access-list 2 permit ^7_
!
route-map domestic permit 10
match as-path 2
!
route-map domestic deny 20
match as-path 1
!
route-map domestic permit 100
!
route-map lower-lp permit 10
match community 1234:5
set local-preference 200
!
route-map lower-lp permit 100
!
route-map testing permit 10
!
route-map connected permit 10
match interface FastEthernet0/1
R2 Config
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 2.2.2.21 255.255.255.255
!
interface FastEthernet1/0
ip address 192.168.27.2 255.255.255.0
!
interface FastEthernet4/1
switchport access vlan 134
!
interface FastEthernet4/3
switchport access vlan 134
!
interface FastEthernet4/4
switchport access vlan 134
!
interface FastEthernet4/5
switchport access vlan 45
!
interface Vlan134
ip address 192.168.134.2 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.134.2 0.0.0.0 area 0
default-information originate
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
network 2.2.2.21 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 1234
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 send-community
neighbor 3.3.3.3 remote-as 1234
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
neighbor 3.3.3.3 send-community
neighbor 192.168.27.7 remote-as 7
neighbor 192.168.27.7 route-map tag in
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip bgp-community new-format
!
route-map tag permit 10
set community 1234:7
R3 Config
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 3.3.3.31 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.134.3 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.35.3 255.255.255.0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map connected
network 3.3.3.3 0.0.0.0 area 0
network 192.168.134.3 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
network 3.3.3.31 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 1234
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 send-community
neighbor 192.168.35.5 remote-as 5
neighbor 192.168.35.5 route-map lp in
neighbor 192.168.35.5 route-map domestic+local out
no auto-summary
!
ip bgp-community new-format
ip community-list standard 1234:7 permit 1234:7
ip as-path access-list 1 permit ^$
!
route-map lp permit 10
set local-preference 400
set community 1234:5
!
route-map domestic+local permit 10
match community 1234:7
!
route-map domestic+local permit 20
match as-path 1
!
route-map connected permit 10
match interface FastEthernet0/1
R4 Config
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
ip address 4.4.4.41 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.45.4 255.255.255.0
!
interface FastEthernet1/0
ip address 192.168.134.4 255.255.255.0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map connected
network 4.4.4.4 0.0.0.0 area 0
network 192.168.134.4 0.0.0.0 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
network 4.4.4.41 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 1234
neighbor 1.1.1.1 update-source Loopback0
neighbor 192.168.45.5 remote-as 5
neighbor 192.168.45.5 default-originate
neighbor 192.168.45.5 route-map lp in
no auto-summary
!
route-map lp permit 10
set local-preference 300
!
route-map connected permit 10
match interface FastEthernet0/0
R5 Config
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.35.5 255.255.255.0
!
interface FastEthernet1/0
ip address 192.168.45.5 255.255.255.0
!
router bgp 5
no synchronization
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
neighbor 192.168.35.3 remote-as 1234
neighbor 192.168.45.4 remote-as 1234
no auto-summary
R6 Config
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.16.6 255.255.255.0
!
router bgp 6
no synchronization
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 192.168.16.1 remote-as 1234
no auto-summary
R7 Config
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet1/0
ip address 192.168.27.7 255.255.255.0
!
router bgp 7
no synchronization
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
neighbor 192.168.27.2 remote-as 1234
no auto-summary
Scenario 1:
Since R4 is not a powerful routing device, it should not have all the bgp updates except local and domestic bgp routes. R4 is the route-reflector-client of R1, by default R4 will receive all bgp updates.
So we need to control on R1 to filter unwanted bgp updates.
R1 configuration
route-map domestic permit 10
match as-path 2
!
route-map domestic deny 20
match as-path 1
!
route-map domestic permit 100
!
ip as-path access-list 1 deny ^$
ip as-path access-list 1 permit .*
ip as-path access-list 2 permit ^7_
Verification
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.11/32 1.1.1.1 0 100 0 i
*>i2.2.2.21/32 2.2.2.2 0 100 0 i
*>i3.3.3.31/32 3.3.3.3 0 100 0 i
*> 4.4.4.41/32 0.0.0.0 0 32768 i
*> 5.5.5.5/32 192.168.45.5 0 300 0 5 i
*>i7.7.7.7/32 192.168.27.7 0 100 0 7 i
Scenario 2:
In order for R4 to reach R6 prefix, R2 will inject default default in OSPF.
R2 configuration
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
router ospf 1
default-information originate
Verification
R4#show ip route
Gateway of last resort is 192.168.134.2 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.134.2, 02:55:26, FastEthernet1/0
Scenarion 3:
R5 should use only R4 if destination is going to International.
So R3 need to filter international routes bgp updates to R5.
Whatever bgp updates received from R7, R2 will tag community tag of 1234:7, so that later on R3 can match that community tag and filter the advertisement to R5 based on the community tag.
R2 configuration
router bgp 1234
neighbor 3.3.3.3 send-community
neighbor 192.168.27.7 route-map tag in
!
route-map tag permit 10
set community 1234:7
R3 configuration
router bgp 1234
neighbor 192.168.35.5 route-map domestic+local out
!
route-map domestic+local permit 10
match community 1234:7
!
route-map domestic+local permit 20
match as-path 1
!
ip community-list standard 1234:7 permit 1234:7
ip as-path access-list 1 permit ^$
*Note: In order to use bgp new community format, we neet to use the command #ip bgp new-format
R3#show ip bgp neighbors 192.168.35.5 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.11/32 1.1.1.1 0 100 0 i
*>i2.2.2.21/32 2.2.2.2 0 100 0 i
*> 3.3.3.31/32 0.0.0.0 0 32768 i
*>i4.4.4.41/32 4.4.4.4 0 100 0 i
*>i7.7.7.7/32 192.168.27.7 0 100 0 7 i
Scenario 4:
For the return packet from R7 to R5 to use the path R7>R2>R3>R5, bgp updates of R5 received from R3 should always be the best on R2. In this case, local-preference of 400 from R3 versus 300 from R4.
R3 configuration
router bgp 1234
neighbor 192.168.35.5 route-map lp in
!
route-map lp permit 10
set local-preference 400
R4 configuration
router bgp 1234
neighbor 192.168.45.5 route-map lp in
!
route-map lp permit 10
set local-preference 400
Verification
R2#show ip bgp 5.5.5.5
BGP routing table entry for 5.5.5.5/32, version 5
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 3
5
192.168.45.5 (metric 20) from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 300, valid, internal
Originator: 4.4.4.4, Cluster list: 1.1.1.1
5, (Received from a RR-client)
192.168.35.5 (metric 20) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 400, valid, internal, best
Community: 1234:5
Scenarion 4:
Up to this point, R1 also use R3 as the prefer exit if the pacet is coming from R6 towards R5 due to the higher local preference of 400 from R3 compared to 300 from R4.
We need a way to configure not to prefer R3 as the prefer exit in order to fulfill the requirement of taking the path R7>R1>R4>R5.
So whatever routes R3 learns from R5, we will tag the community 1234:5 to the bgp updates, so that when the updates reach R1, R1 will match those bgp updates based on community tag 1234:5 and lower the original local-preference value to 200 becoming not a better value comparing with 300 from R4.
R3 configuration
router bgp 1234
neighbor 2.2.2.2 send-community
neighbor 192.168.35.5 route-map lp in
!
route-map lp permit 10
set local-preference 400
set community 1234:5
R2 configuration
router bgp 1234
neighbor 1.1.1.1 send-community
R1 configuration
router bgp 1234
neighbor 2.2.2.2 route-map lower-lp in
!
route-map lower-lp permit 10
match community 1234:5
set local-preference 200
!
route-map lower-lp permit 100
!
ip community-list standard 1234:5 permit 1234:5
Verification
R1#show ip bgp 5.5.5.5
BGP routing table entry for 5.5.5.5/32, version 32
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
5
192.168.35.5 (metric 20) from 2.2.2.2 (2.2.2.21)
Origin IGP, metric 0, localpref 200, valid, internal
Community: 1234:5
Originator: 3.3.3.3, Cluster list: 2.2.2.21
5, (Received from a RR-client)
192.168.45.5 (metric 20) from 4.4.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 300, valid, internal, best